Update all locales with the latest Transifex translations

Bump @floating-ui/dom from 1.6.7 to 1.6.8

.env

@@ -10,10 +10,10 @@ TIMEZONE="Melbourne"
 DEFAULT_COUNTRY_CODE="AU"
 
 # Locale for translation.
-LOCALE="en"
+LOCALE="en_AU"
 
 # For multilingual - ENV doesn't have array so pass it as string with commas
-AVAILABLE_LOCALES="en,es"
+AVAILABLE_LOCALES="en_AU,es"
 
 # Spree zone.
 CHECKOUT_ZONE="Australia"

.env.development

@@ -5,6 +5,11 @@
 #
 #     cp .env.development .env.local
 
+# Locale for translation. Using a locale other than `en` tests the
+# successful fallback to `en`. You will also see up-to-date text used
+# in production
+LOCALE="en_AU"
+
 VERBOSE_QUERY_LOGS=true
 
 SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

.env.test

@@ -1,6 +1,9 @@
 # ENV vars for the test environment
 # Override locally with `.env.test.local`
 
+# Locale for translation.
+LOCALE="en_TEST"
+
 OFN_REDIS_JOBS_URL="redis://localhost:6379/2"
 
 SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

.github/workflows/auto-author-assign.yml

@@ -0,0 +1,14 @@
+name: Auto Author Assign
+
+on:
+  pull_request_target:
+    types: [opened, reopened]
+
+permissions:
+  pull-requests: write
+
+jobs:
+  assign-author:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: toshimaru/auto-author-assign@v2.1.0

.github/workflows/build.yml

@@ -59,6 +59,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version-file: .node-version
+          cache: yarn
 
       - name: Install JS dependencies
         run: yarn install --frozen-lockfile
@@ -185,6 +186,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version-file: .node-version
+          cache: yarn
 
       - name: Install JS dependencies
         run: yarn install --frozen-lockfile
@@ -262,6 +264,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version-file: .node-version
+          cache: yarn
 
       - name: Install JS dependencies
         run: yarn install --frozen-lockfile
@@ -340,6 +343,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version-file: .node-version
+          cache: yarn
 
       - name: Install JS dependencies
         run: yarn install --frozen-lockfile
@@ -418,6 +422,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version-file: .node-version
+          cache: yarn
 
       - name: Install JS dependencies
         run: yarn install --frozen-lockfile
@@ -470,6 +475,7 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version-file: .node-version
+          cache: yarn
 
       - name: Install JS dependencies
         run: yarn install --frozen-lockfile

.rubocop_styleguide.yml

@@ -115,6 +115,11 @@ Rails/OutputSafety:
   Exclude:
     - spec/**/*
 
+Rails/RedundantActiveRecordAllMethod:
+  AllowedReceivers:
+    - ActionMailer::Preview
+    - ActiveSupport::TimeZone
+
 Rails/SkipsModelValidations:
   AllowedMethods:
     - touch
@@ -124,6 +129,13 @@ Rails/SkipsModelValidations:
     - update_column
     - update_columns
 
+Rails/UnknownEnv:
+  Environments:
+    - development
+    - production
+    - staging
+    - test
+
 Rails/WhereExists:
   EnforcedStyle: where # Cf. conversion https://github.com/openfoodfoundation/openfoodnetwork/pull/12363
 

.rubocop_todo.yml

@@ -1,11 +1,33 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --exclude-limit 1400 --no-auto-gen-timestamp`
-# using RuboCop version 1.62.1.
+# using RuboCop version 1.64.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+Layout/EmptyLines:
+  Exclude:
+    - 'app/services/products_renderer.rb'
+
+# Offense count: 6
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, IndentationWidth.
+# SupportedStyles: aligned, indented, indented_relative_to_receiver
+Layout/MultilineMethodCallIndentation:
+  Exclude:
+    - 'app/services/products_renderer.rb'
+
+# Offense count: 2
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, IndentationWidth.
+# SupportedStyles: aligned, indented
+Layout/MultilineOperationIndentation:
+  Exclude:
+    - 'app/services/products_renderer.rb'
+
 # Offense count: 16
 # Configuration parameters: AllowComments, AllowEmptyLambdas.
 Lint/EmptyBlock:
@@ -22,11 +44,10 @@ Lint/EmptyBlock:
     - 'spec/jobs/subscription_placement_job_spec.rb'
     - 'spec/models/product_import/entry_validator_spec.rb'
 
-# Offense count: 6
+# Offense count: 4
 # Configuration parameters: AllowComments.
 Lint/EmptyClass:
   Exclude:
-    - 'spec/controllers/spree/admin/base_controller_spec.rb'
     - 'spec/lib/reports/report_loader_spec.rb'
 
 # Offense count: 1
@@ -80,7 +101,7 @@ Lint/UselessMethodDefinition:
   Exclude:
     - 'app/models/spree/gateway.rb'
 
-# Offense count: 26
+# Offense count: 23
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes, Max.
 Metrics/AbcSize:
   Exclude:
@@ -93,7 +114,6 @@ Metrics/AbcSize:
     - 'app/helpers/spree/admin/navigation_helper.rb'
     - 'app/models/enterprise_group.rb'
     - 'app/models/enterprise_relationship.rb'
-    - 'app/models/product_import/entry_processor.rb'
     - 'app/models/spree/ability.rb'
     - 'app/models/spree/address.rb'
     - 'app/models/spree/order/checkout.rb'
@@ -102,7 +122,6 @@ Metrics/AbcSize:
     - 'lib/open_food_network/order_cycle_form_applicator.rb'
     - 'lib/open_food_network/order_cycle_permissions.rb'
     - 'lib/spree/core/controller_helpers/order.rb'
-    - 'lib/tasks/enterprises.rake'
     - 'spec/services/orders/checkout_restart_service_spec.rb'
 
 # Offense count: 9
@@ -123,7 +142,7 @@ Metrics/BlockNesting:
   Exclude:
     - 'app/models/spree/payment/processing.rb'
 
-# Offense count: 46
+# Offense count: 47
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ClassLength:
   Exclude:
@@ -175,7 +194,7 @@ Metrics/ClassLength:
     - 'lib/reporting/reports/enterprise_fee_summary/scope.rb'
     - 'lib/reporting/reports/xero_invoices/base.rb'
 
-# Offense count: 34
+# Offense count: 32
 # Configuration parameters: AllowedMethods, AllowedPatterns, Max.
 Metrics/CyclomaticComplexity:
   Exclude:
@@ -185,7 +204,6 @@ Metrics/CyclomaticComplexity:
     - 'app/helpers/checkout_helper.rb'
     - 'app/helpers/order_cycles_helper.rb'
     - 'app/helpers/spree/admin/navigation_helper.rb'
-    - 'app/models/enterprise.rb'
     - 'app/models/enterprise_relationship.rb'
     - 'app/models/product_import/entry_validator.rb'
     - 'app/models/spree/ability.rb'
@@ -206,7 +224,7 @@ Metrics/CyclomaticComplexity:
     - 'lib/spree/localized_number.rb'
     - 'spec/models/product_importer_spec.rb'
 
-# Offense count: 25
+# Offense count: 24
 # Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns.
 Metrics/MethodLength:
   Exclude:
@@ -227,7 +245,7 @@ Metrics/MethodLength:
     - 'lib/spree/localized_number.rb'
     - 'lib/tasks/sample_data/product_factory.rb'
 
-# Offense count: 48
+# Offense count: 49
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ModuleLength:
   Exclude:
@@ -257,6 +275,7 @@ Metrics/ModuleLength:
     - 'spec/controllers/payment_gateways/stripe_controller_spec.rb'
     - 'spec/controllers/spree/admin/adjustments_controller_spec.rb'
     - 'spec/controllers/spree/admin/payment_methods_controller_spec.rb'
+    - 'spec/controllers/spree/admin/variants_controller_spec.rb'
     - 'spec/lib/open_food_network/address_finder_spec.rb'
     - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
     - 'spec/lib/open_food_network/order_cycle_form_applicator_spec.rb'
@@ -391,7 +410,6 @@ RSpecRails/HaveHttpStatus:
     - 'spec/controllers/user_registrations_controller_spec.rb'
     - 'spec/requests/admin/images_spec.rb'
     - 'spec/requests/api/routes_spec.rb'
-    - 'spec/requests/checkout/failed_checkout_spec.rb'
     - 'spec/requests/checkout/stripe_sca_spec.rb'
     - 'spec/requests/home_controller_spec.rb'
     - 'spec/requests/omniauth_callbacks_controller_spec.rb'
@@ -407,7 +425,7 @@ RSpecRails/HttpStatus:
     - 'spec/controllers/spree/admin/products_controller_spec.rb'
     - 'spec/requests/api/orders_spec.rb'
 
-# Offense count: 146
+# Offense count: 144
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Inferences.
 RSpecRails/InferredSpecType:
@@ -511,7 +529,6 @@ RSpecRails/InferredSpecType:
     - 'spec/helpers/navigation_helper_spec.rb'
     - 'spec/helpers/order_cycles_helper_spec.rb'
     - 'spec/helpers/serializer_helper_spec.rb'
-    - 'spec/helpers/shared_helper_spec.rb'
     - 'spec/helpers/shop_helper_spec.rb'
     - 'spec/helpers/spree/admin/base_helper_spec.rb'
     - 'spec/helpers/spree/admin/general_settings_helper_spec.rb'
@@ -545,7 +562,6 @@ RSpecRails/InferredSpecType:
     - 'spec/requests/api/routes_spec.rb'
     - 'spec/requests/api/v1/customers_spec.rb'
     - 'spec/requests/api_docs_spec.rb'
-    - 'spec/requests/checkout/failed_checkout_spec.rb'
     - 'spec/requests/checkout/paypal_spec.rb'
     - 'spec/requests/checkout/routes_spec.rb'
     - 'spec/requests/checkout/stripe_sca_spec.rb'
@@ -602,59 +618,6 @@ Rails/LexicallyScopedActionFilter:
     - 'app/controllers/spree/admin/zones_controller.rb'
     - 'app/controllers/spree/users_controller.rb'
 
-# Offense count: 32
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Rails/Pluck:
-  Exclude:
-    - 'app/controllers/admin/variant_overrides_controller.rb'
-    - 'app/services/cart_service.rb'
-    - 'lib/reporting/report_headers_builder.rb'
-    - 'spec/controllers/admin/bulk_line_items_controller_spec.rb'
-    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
-    - 'spec/controllers/api/v0/order_cycles_controller_spec.rb'
-    - 'spec/controllers/api/v0/orders_controller_spec.rb'
-    - 'spec/controllers/api/v0/products_controller_spec.rb'
-    - 'spec/controllers/api/v0/shops_controller_spec.rb'
-    - 'spec/controllers/api/v0/states_controller_spec.rb'
-    - 'spec/controllers/api/v0/taxons_controller_spec.rb'
-    - 'spec/helpers/spree/admin/orders_helper_spec.rb'
-    - 'spec/lib/reports/lettuce_share_report_spec.rb'
-    - 'spec/lib/reports/users_and_enterprises_report_spec.rb'
-    - 'spec/serializers/api/admin/for_order_cycle/supplied_product_serializer_spec.rb'
-    - 'spec/support/api_helper.rb'
-
-# Offense count: 1
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: conservative, aggressive
-Rails/PluckInWhere:
-  Exclude:
-    - 'app/models/spree/variant.rb'
-
-# Offense count: 4
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: AllowedReceivers.
-# AllowedReceivers: ActionMailer::Preview, ActiveSupport::TimeZone
-Rails/RedundantActiveRecordAllMethod:
-  Exclude:
-    - 'app/models/spree/tax_rate.rb'
-    - 'app/models/spree/user.rb'
-    - 'app/models/spree/variant.rb'
-    - 'spec/system/admin/product_import_spec.rb'
-
-# Offense count: 4
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Rails/RedundantPresenceValidationOnBelongsTo:
-  Exclude:
-    - 'app/models/spree/line_item.rb'
-    - 'app/models/spree/order.rb'
-
-# Offense count: 1
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Rails/RelativeDateConstant:
-  Exclude:
-    - 'lib/tasks/data/remove_transient_data.rb'
-
 # Offense count: 56
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Include.
@@ -681,20 +644,6 @@ Rails/RootPathnameMethods:
   Exclude:
     - 'spec/lib/reports/orders_and_fulfillment/order_cycle_customer_totals_report_spec.rb'
 
-# Offense count: 1
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Rails/SelectMap:
-  Exclude:
-    - 'app/models/enterprise.rb'
-
-# Offense count: 4
-# Configuration parameters: ForbiddenMethods, AllowedMethods.
-# ForbiddenMethods: decrement!, decrement_counter, increment!, increment_counter, insert, insert!, insert_all, insert_all!, toggle!, touch, touch_all, update_all, update_attribute, update_column, update_columns, update_counters, upsert, upsert_all
-Rails/SkipsModelValidations:
-  Exclude:
-    - 'app/models/variant_override.rb'
-    - 'spec/models/spree/line_item_spec.rb'
-
 # Offense count: 7
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
@@ -723,24 +672,6 @@ Rails/UniqueValidationWithoutIndex:
     - 'app/models/spree/tax_category.rb'
     - 'app/models/spree/zone.rb'
 
-# Offense count: 1
-# Configuration parameters: Severity, Environments.
-# Environments: development, test, production
-Rails/UnknownEnv:
-  Exclude:
-    - 'app/models/spree/app_configuration.rb'
-
-# Offense count: 7
-# Configuration parameters: Severity.
-Rails/UnusedRenderContent:
-  Exclude:
-    - 'app/controllers/admin/bulk_line_items_controller.rb'
-    - 'app/controllers/admin/tag_rules_controller.rb'
-    - 'app/controllers/api/v0/enterprise_fees_controller.rb'
-    - 'app/controllers/api/v0/products_controller.rb'
-    - 'app/controllers/api/v0/taxons_controller.rb'
-    - 'app/controllers/api/v0/variants_controller.rb'
-
 # Offense count: 1
 Security/Open:
   Exclude:
@@ -765,7 +696,7 @@ Style/CaseEquality:
   Exclude:
     - 'spec/models/spree/payment_spec.rb'
 
-# Offense count: 25
+# Offense count: 23
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: nested, compact
@@ -792,10 +723,9 @@ Style/ClassAndModuleChildren:
     - 'app/serializers/api/taxon_serializer.rb'
     - 'app/serializers/api/variant_serializer.rb'
     - 'lib/open_food_network/locking.rb'
-    - 'spec/controllers/spree/admin/base_controller_spec.rb'
     - 'spec/models/spree/payment_method_spec.rb'
 
-# Offense count: 1
+# Offense count: 2
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: always, always_true, never
@@ -845,12 +775,6 @@ Style/HashEachMethods:
     - 'spec/models/product_importer_spec.rb'
     - 'spec/support/cancan_helper.rb'
 
-# Offense count: 1
-# Configuration parameters: MinBranchesCount.
-Style/HashLikeCase:
-  Exclude:
-    - 'app/models/enterprise.rb'
-
 # Offense count: 4
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/MapToHash:
@@ -939,19 +863,6 @@ Style/RedundantInitialize:
   Exclude:
     - 'spec/models/spree/gateway_spec.rb'
 
-# Offense count: 2
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Style/RedundantInterpolation:
-  Exclude:
-    - 'lib/tasks/karma.rake'
-    - 'spec/base_spec_helper.rb'
-
-# Offense count: 8
-# This cop supports safe autocorrection (--autocorrect).
-Style/RedundantLineContinuation:
-  Exclude:
-    - 'lib/reporting/reports/enterprise_fee_summary/scope.rb'
-
 # Offense count: 19
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: AllowedMethods, AllowedPatterns.
@@ -961,67 +872,10 @@ Style/ReturnNilInPredicateMethodDefinition:
     - 'app/serializers/api/admin/customer_serializer.rb'
     - 'engines/order_management/app/services/order_management/subscriptions/validator.rb'
 
-# Offense count: 204
-Style/Send:
-  Exclude:
-    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
-    - 'spec/controllers/payment_gateways/paypal_controller_spec.rb'
-    - 'spec/controllers/spree/admin/base_controller_spec.rb'
-    - 'spec/controllers/spree/orders_controller_spec.rb'
-    - 'spec/helpers/order_cycles_helper_spec.rb'
-    - 'spec/jobs/subscription_confirm_job_spec.rb'
-    - 'spec/jobs/subscription_placement_job_spec.rb'
-    - 'spec/lib/open_food_network/address_finder_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_fee_applicator_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_form_applicator_spec.rb'
-    - 'spec/lib/open_food_network/permissions_spec.rb'
-    - 'spec/lib/open_food_network/tag_rule_applicator_spec.rb'
-    - 'spec/lib/reports/xero_invoices_report_spec.rb'
-    - 'spec/lib/stripe/webhook_handler_spec.rb'
-    - 'spec/models/calculator/weight_spec.rb'
-    - 'spec/models/enterprise_spec.rb'
-    - 'spec/models/exchange_spec.rb'
-    - 'spec/models/spree/order_inventory_spec.rb'
-    - 'spec/models/spree/payment_spec.rb'
-    - 'spec/models/spree/return_authorization_spec.rb'
-    - 'spec/models/tag_rule/filter_order_cycles_spec.rb'
-    - 'spec/models/tag_rule/filter_payment_methods_spec.rb'
-    - 'spec/models/tag_rule/filter_products_spec.rb'
-    - 'spec/models/tag_rule/filter_shipping_methods_spec.rb'
-    - 'spec/services/cart_service_spec.rb'
-    - 'spec/services/products_renderer_spec.rb'
-    - 'spec/services/variant_units/option_value_namer_spec.rb'
-    - 'spec/support/localized_number_helper.rb'
-
-# Offense count: 4
+# Offense count: 3
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SlicingWithRange:
   Exclude:
     - 'app/helpers/spree/admin/navigation_helper.rb'
     - 'app/services/embedded_page_service.rb'
     - 'engines/order_management/app/services/order_management/subscriptions/validator.rb'
-
-# Offense count: 25
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: Mode.
-Style/StringConcatenation:
-  Exclude:
-    - 'app/controllers/admin/stripe_connect_settings_controller.rb'
-    - 'app/helpers/enterprises_helper.rb'
-    - 'app/helpers/spree/admin/base_helper.rb'
-    - 'app/mailers/spree/user_mailer.rb'
-    - 'app/models/enterprise.rb'
-    - 'app/models/spree/credit_card.rb'
-    - 'app/models/spree/payment_method.rb'
-    - 'app/serializers/api/cached_enterprise_serializer.rb'
-    - 'app/serializers/api/enterprise_shopfront_list_serializer.rb'
-    - 'app/services/embedded_page_service.rb'
-    - 'app/services/products_renderer.rb'
-    - 'lib/spree/api/controller_setup.rb'
-    - 'lib/spree/core/environment_extension.rb'
-    - 'spec/models/spree/line_item_spec.rb'
-    - 'spec/models/spree/product_spec.rb'
-    - 'spec/services/embedded_page_service_spec.rb'
-    - 'spec/support/features/datepicker_helper.rb'
-    - 'spec/system/admin/products_spec.rb'

Gemfile.lock

@@ -230,7 +230,7 @@ GEM
     combine_pdf (1.0.26)
       matrix
       ruby-rc4 (>= 0.1.5)
-    concurrent-ruby (1.2.3)
+    concurrent-ruby (1.3.1)
     connection_pool (2.4.1)
     crack (1.0.0)
       bigdecimal
@@ -263,7 +263,7 @@ GEM
       warden (~> 1.2.3)
     devise-encryptable (0.2.0)
       devise (>= 2.1.0)
-    devise-i18n (1.12.0)
+    devise-i18n (1.12.1)
       devise (>= 4.9.0)
     devise-token_authenticatable (1.1.0)
       devise (>= 4.0.0, < 5.0.0)
@@ -494,7 +494,7 @@ GEM
     parallel (1.24.0)
     paranoia (2.6.3)
       activerecord (>= 5.1, < 7.2)
-    parser (3.3.1.0)
+    parser (3.3.2.0)
       ast (~> 2.4.1)
       racc
     paypal-sdk-core (0.3.4)
@@ -522,7 +522,7 @@ GEM
       activerecord (>= 4.2)
       railties (>= 4.2)
     raabro (1.4.0)
-    racc (1.7.3)
+    racc (1.8.0)
     rack (2.2.9)
     rack-mini-profiler (2.3.4)
       rack (>= 1.2.0)
@@ -543,7 +543,7 @@ GEM
       rack (< 3)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rack-timeout (0.6.3)
+    rack-timeout (0.7.0)
     rails (7.0.8)
       actioncable (= 7.0.8)
       actionmailbox (= 7.0.8)
@@ -604,7 +604,7 @@ GEM
       redis-client (>= 0.22.0)
     redis-client (0.22.1)
       connection_pool
-    regexp_parser (2.9.0)
+    regexp_parser (2.9.2)
     reline (0.5.0)
       io-console (~> 0.5)
     request_store (1.5.1)
@@ -667,7 +667,7 @@ GEM
     rswag-ui (2.13.0)
       actionpack (>= 3.1, < 7.2)
       railties (>= 3.1, < 7.2)
-    rubocop (1.63.5)
+    rubocop (1.64.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
@@ -843,7 +843,7 @@ GEM
     xml-simple (1.1.8)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.6.14)
+    zeitwerk (2.6.15)
 
 PLATFORMS
   ruby

app/assets/javascripts/admin/bulk_product_update.js.coffee

@@ -47,7 +47,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
     removeClearedValues()
     params = {
       'q[name_cont]': $scope.q.query,
-      'q[supplier_id_eq]': $scope.q.producerFilter,
+      'q[variants_supplier_id_eq]': $scope.q.producerFilter,
       'q[variants_primary_taxon_id_eq]': $scope.q.categoryFilter,
       'q[s]': $scope.sorting,
       import_date: $scope.q.importDateFilter,
@@ -126,8 +126,11 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
     DisplayProperties.setShowVariants 0, showVariants
 
   $scope.addVariant = (product) ->
+    # Set new variant category to same as last product variant category to keep compactibility with deleted variant callback to set new variant category
+    newVariantId = $scope.nextVariantId();
+    newVariantCategoryId = product.variants[product.variants.length - 1]?.category_id
     product.variants.push
-      id: $scope.nextVariantId()
+      id: newVariantId
       unit_value: null
       unit_description: null
       on_demand: false
@@ -136,8 +139,9 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
       on_hand: null
       price: null
       tax_category_id: null
-      category_id: null
+      category_id: newVariantCategoryId
     DisplayProperties.setShowVariants product.id, true
+    DirtyProducts.addVariantProperty(product.id, newVariantId, 'category_id', newVariantCategoryId)
 
 
   $scope.nextVariantId = ->
@@ -217,7 +221,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
         products: productsToSubmit
         filters:
           'q[name_cont]': $scope.q.query
-          'q[supplier_id_eq]': $scope.q.producerFilter
+          'q[variants_supplier_id_eq]': $scope.q.producerFilter
           'q[variants_primary_taxon_id_eq]': $scope.q.categoryFilter
           'q[s]': $scope.sorting
           import_date: $scope.q.importDateFilter
@@ -314,9 +318,6 @@ filterSubmitProducts = (productsToFilter) ->
         if product.hasOwnProperty("name")
           filteredProduct.name = product.name
           hasUpdatableProperty = true
-        if product.hasOwnProperty("producer_id")
-          filteredProduct.supplier_id = product.producer_id
-          hasUpdatableProperty = true
         if product.hasOwnProperty("price")
           filteredProduct.price = product.price
           hasUpdatableProperty = true
@@ -379,6 +380,9 @@ filterSubmitVariant = (variant) ->
     if variant.hasOwnProperty("display_as")
       filteredVariant.display_as = variant.display_as
       hasUpdatableProperty = true
+    if variant.hasOwnProperty("producer_id")
+      filteredVariant.supplier_id = variant.producer_id
+      hasUpdatableProperty = true
   {filteredVariant: filteredVariant, hasUpdatableProperty: hasUpdatableProperty}
 
 

app/assets/javascripts/admin/index_utils/filters/attr_filter.js.coffee

@@ -1,12 +1,16 @@
 # Used like a regular angular filter where an object is passed
 # Adds the additional special case that a value of 0 for the filter
 # acts as a bypass for that particular attribute
+
+# NOTE the name doesn't reflect what the filter does, it only fiters on the variant.producer_id
 angular.module("admin.indexUtils").filter "attrFilter", ($filter) ->
   return (objects, filters) ->
-    Object.keys(filters).reduce (filtered, attr) ->
-      filter = filters[attr]
-      return filtered if !filter? || filter == 0
-      return $filter('filter')(filtered, (object) ->
-        object[attr] == filter
-      )
-    , objects
+    filter = filters["producer_id"]
+
+    return objects if !filter? || filter == 0
+
+    return $filter('filter')(objects, (product) ->
+      for variant in product.variants
+        return true if variant["producer_id"] == filter
+      false
+    , true)

app/assets/javascripts/admin/index_utils/services/columns.js.coffee

@@ -31,7 +31,7 @@ angular.module("admin.indexUtils").factory 'Columns', ($rootScope, $http, $injec
     savePreferences: (action_name) =>
       $http
         method: "PUT"
-        url: "/admin/column_preferences/bulk_update"
+        url: "/admin/column_preferences/bulk_update.json"
         data:
           action_name: action_name
           column_preferences: (preference for column_name, preference of @columns)

app/assets/javascripts/admin/line_items/controllers/line_items_controller.js.coffee

@@ -27,7 +27,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
     "order_bill_address_full_name_reversed",
     "order_bill_address_full_name_with_comma",
     "order_bill_address_full_name_with_comma_reversed",
-    "variant_product_supplier_name",
+    "variant_supplier_name",
     "order_email",
     "order_number",
     "product_name"].join("_or_") + "_cont"
@@ -81,7 +81,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
       "q[order_shipment_state_not_eq]": "shipped",
       "q[order_completed_at_not_null]": "true",
       "q[order_distributor_id_eq]": $scope.distributorFilter,
-      "q[variant_product_supplier_id_eq]": $scope.supplierFilter,
+      "q[variant_supplier_id_eq]": $scope.supplierFilter,
       "q[order_order_cycle_id_eq]": $scope.orderCycleFilter,
       "q[order_completed_at_gteq]": if formattedStartDate then formattedStartDate else undefined,
       "q[order_completed_at_lt]": if formattedEndDate then formattedEndDate else undefined,
@@ -105,7 +105,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
       Dereferencer.dereferenceAttr $scope.line_items, "supplier", Enterprises.byID
       $scope.loadOrders()
       RequestMonitor.load $q.all([$scope.orders.$promise]).then ->
-        Dereferencer.dereferenceAttr $scope.line_items, "order", Orders.byID  
+        Dereferencer.dereferenceAttr $scope.line_items, "order", Orders.byID
         Dereferencer.dereferenceAttr $scope.orders, "distributor", Enterprises.byID
         Dereferencer.dereferenceAttr $scope.orders, "order_cycle", OrderCycles.byID
         $scope.bulk_order_form.$setPristine()
@@ -133,7 +133,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
     return $http(
       method: 'GET'
       url: "/admin/orders/#{order.number}/fire?e=cancel&send_cancellation_email=#{sendEmailCancellation}&restock_items=#{restock_items}")
-  
+
   $scope.deleteLineItem = (lineItem) ->
     if lineItem.order.item_count == 1
       ofnCancelOrderAlert((confirm, sendEmailCancellation, restock_items) ->
@@ -167,7 +167,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
               $scope.cancelOrder(order, sendEmailCancellation, restock_items).then(-> $scope.refreshData())
             else
               Promise.all(LineItems.delete(item) for item in items).then(-> $scope.refreshData())
-      , "js.admin.deleting_item_will_cancel_order")   
+      , "js.admin.deleting_item_will_cancel_order")
     else
       ofnDeleteLineItemsAlert(() ->
         Promise.all(LineItems.delete(item) for item in lineItemsToDelete).then(-> $scope.refreshData())
@@ -199,7 +199,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
     $scope.refreshData()
 
   $scope.getLineItemScale = (lineItem) ->
-    if lineItem.units_product && lineItem.units_variant && (lineItem.units_product.variant_unit == "weight" || lineItem.units_product.variant_unit == "volume") 
+    if lineItem.units_product && lineItem.units_variant && (lineItem.units_product.variant_unit == "weight" || lineItem.units_product.variant_unit == "volume")
       lineItem.units_product.variant_unit_scale
     else
       1
@@ -252,7 +252,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
     scale = $scope.getScale(unitsProduct, unitsVariant)
     if scale
       $scope.getFormattedValueWithUnitName(value, unitsProduct, unitsVariant, scale)
-    else 
+    else
       ''
 
   $scope.fulfilled = (sumOfUnitValues) ->

app/assets/javascripts/admin/order_cycles/controllers/edit.js.coffee

@@ -3,6 +3,7 @@ angular.module('admin.orderCycles')
     $controller('AdminOrderCycleBasicCtrl', {$scope: $scope, ocInstance: ocInstance})
 
     order_cycle_id = $location.absUrl().match(/\/admin\/order_cycles\/(\d+)/)[1]
+    $scope.order_cycle_id = order_cycle_id
     $scope.order_cycle = OrderCycle.load(order_cycle_id)
     $scope.enterprises = Enterprise.index(order_cycle_id: order_cycle_id)
     $scope.enterprise_fees = EnterpriseFee.index(order_cycle_id: order_cycle_id)
@@ -25,4 +26,4 @@ angular.module('admin.orderCycles')
       if $scope.order_cycle_form?.$dirty
         t('admin.unsaved_confirm_leave')
 
-    NavigationCheck.register(warnAboutUnsavedChanges)
+    NavigationCheck.register(warnAboutUnsavedChanges)

app/assets/javascripts/admin/order_cycles/controllers/incoming_controller.js.coffee

@@ -1,8 +1,9 @@
-angular.module('admin.orderCycles').controller 'AdminOrderCycleIncomingCtrl', ($scope, $rootScope, $controller, $location, Enterprise, OrderCycle, ExchangeProduct, ocInstance) ->
+angular.module('admin.orderCycles').controller 'AdminOrderCycleIncomingCtrl', ($scope, $rootScope, $controller, $location, Enterprise, EnterpriseFee, OrderCycle, ExchangeProduct, ocInstance) ->
   $controller('AdminOrderCycleExchangesCtrl', {$scope: $scope, ocInstance: ocInstance, $location: $location})
 
   $scope.view = 'incoming'
-
+  # NB: weirdly at this next line $scope.order_cycle.id comes out undefined so we use $scope.order_cycle_id instead
+  $scope.enterprise_fees = EnterpriseFee.index(order_cycle_id: $scope.order_cycle_id, per_item: true)
   $scope.exchangeTotalVariants = (exchange) ->
     return unless $scope.enterprises? && $scope.enterprises[exchange.enterprise_id]?
 

app/assets/javascripts/admin/order_cycles/services/enterprise_fee.js.coffee

@@ -6,6 +6,8 @@ angular.module('admin.orderCycles').factory('EnterpriseFee', ($resource) ->
       params:
         order_cycle_id: '@order_cycle_id'
         coordinator_id: '@coordinator_id'
+        per_item: '@per_item'
+        per_order: '@per_order'
   })
 
   {

app/assets/javascripts/admin/variant_overrides/directives/track_inheritance.js.coffee

@@ -2,10 +2,10 @@ angular.module("admin.variantOverrides").directive "trackInheritance", (VariantO
   require: "ngModel"
   link: (scope, element, attrs, ngModel) ->
     # This is a bit hacky, but it allows us to load the inherit property on the VO, but then not submit it
-    scope.inherit = angular.equals scope.variantOverrides[scope.hub_id][scope.variant.id], VariantOverrides.newFor scope.hub_id, scope.variant.id
+    scope.inherit = angular.equals scope.variantOverrides[scope.hub_id][scope.variant.id], VariantOverrides.newFor scope.hub_id, scope.variant
 
     ngModel.$parsers.push (viewValue) ->
       if ngModel.$dirty && viewValue
-        DirtyVariantOverrides.inherit scope.hub_id, scope.variant.id, scope.variantOverrides[scope.hub_id][scope.variant.id].id
+        DirtyVariantOverrides.inherit scope.hub_id, scope.variant, scope.variantOverrides[scope.hub_id][scope.variant.id].id
         scope.displayDirty()
       viewValue

app/assets/javascripts/admin/variant_overrides/filters/hub_permissions_filter.js.coffee

@@ -2,4 +2,8 @@ angular.module("admin.variantOverrides").filter "hubPermissions", ($filter) ->
   return (products, hubPermissions, hub_id) ->
     return [] if !hub_id
     return [] if !hubPermissions[hub_id]
-    return $filter('filter')(products, ((product) -> hubPermissions[hub_id].indexOf(product.producer_id) > -1), true)
+
+    return $filter('filter')(products, ((product) ->
+      for variant in product.variants
+        return hubPermissions[hub_id].indexOf(variant.producer_id) > -1
+     ), true)

app/assets/javascripts/admin/variant_overrides/services/dirty_variant_overrides.js.coffee

@@ -12,11 +12,11 @@ angular.module("admin.variantOverrides").factory "DirtyVariantOverrides", ($http
         @add(hub_id, variant_id, vo_id)
         @dirtyVariantOverrides[hub_id][variant_id][attr] = value
 
-    inherit: (hub_id, variant_id, vo_id) ->
-      @add(hub_id, variant_id, vo_id)
-      blankVo = angular.copy(VariantOverrides.inherit(hub_id, variant_id))
+    inherit: (hub_id, variant, vo_id) ->
+      @add(hub_id, variant.id, vo_id)
+      blankVo = angular.copy(VariantOverrides.inherit(hub_id, variant))
       delete blankVo[attr] for attr, value of blankVo when attr not in @requiredAttrs()
-      @dirtyVariantOverrides[hub_id][variant_id] = blankVo
+      @dirtyVariantOverrides[hub_id][variant.id] = blankVo
 
     count: ->
       count = 0

app/assets/javascripts/admin/variant_overrides/services/variant_overrides.js.coffee

@@ -13,17 +13,18 @@ angular.module("admin.variantOverrides").factory "VariantOverrides", (variantOve
         @variantOverrides[hub.id] ||= {}
         for product in products
           for variant in product.variants
-            @inherit(hub.id, variant.id) unless @variantOverrides[hub.id][variant.id]
+            @inherit(hub.id, variant) unless @variantOverrides[hub.id][variant.id]
 
-    inherit: (hub_id, variant_id) ->
+    inherit: (hub_id, variant) ->
       # This method is called from the trackInheritance directive, to reinstate inheritance
-      @variantOverrides[hub_id][variant_id] ||= {}
-      angular.extend @variantOverrides[hub_id][variant_id], @newFor hub_id, variant_id
+      @variantOverrides[hub_id][variant.id] ||= {}
+      angular.extend @variantOverrides[hub_id][variant.id], @newFor(hub_id, variant)
 
-    newFor: (hub_id, variant_id) ->
+    newFor: (hub_id, variant) ->
       # These properties need to match those checked in VariantOverrideSet.deletable?
       hub_id: hub_id
-      variant_id: variant_id
+      variant_id: variant.id
+      producer_id: variant.producer_id
       sku: null
       price: null
       count_on_hand: null

app/assets/javascripts/darkswarm/controllers/products_controller.js.coffee

@@ -4,15 +4,18 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
   $scope.query = ""
   $scope.taxonSelectors = FilterSelectorsService.createSelectors()
   $scope.propertySelectors = FilterSelectorsService.createSelectors()
+  $scope.producerPropertySelectors = FilterSelectorsService.createSelectors()
   $scope.filtersActive = true
   $scope.page = 1
   $scope.per_page = 10
   $scope.order_cycle = OrderCycle.order_cycle
   $scope.supplied_taxons = null
   $scope.supplied_properties = null
+  $scope.supplied_producer_properties = null
   $scope.showFilterSidebar = false
   $scope.activeTaxons = []
   $scope.activeProperties = []
+  $scope.activeProducerProperties = []
 
   # Update filters after initial load of shop tab
   $timeout =>
@@ -45,6 +48,12 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
         $scope.supplied_properties[property.id] = Properties.properties_by_id[property.id]
       )
 
+    OrderCycleResource.producerProperties params, (data)=>
+      $scope.supplied_producer_properties = {}
+      data.map( (property) ->
+        $scope.supplied_producer_properties[property.id] = Properties.properties_by_id[property.id]
+      )
+
   $scope.loadMore = ->
     if ($scope.page * $scope.per_page) <= Products.products.length
       $scope.loadMoreProducts()
@@ -52,6 +61,7 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
   $scope.$watch 'query', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue
   $scope.$watchCollection 'activeTaxons', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue
   $scope.$watchCollection 'activeProperties', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue
+  $scope.$watchCollection 'activeProducerProperties', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue
 
   $scope.loadProducts = ->
     $scope.page = 1
@@ -66,8 +76,9 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
       id: $scope.order_cycle.order_cycle_id,
       page: page || $scope.page,
       per_page: $scope.per_page,
-      'q[name_or_meta_keywords_or_variants_display_as_or_variants_display_name_or_supplier_name_cont]': $scope.query,
+      'q[name_or_meta_keywords_or_variants_display_as_or_variants_display_name_or_variants_supplier_name_cont]': $scope.query,
       'q[with_properties][]': $scope.activeProperties,
+      'q[with_variants_supplier_properties][]': $scope.activeProducerProperties,
       'q[variants_primary_taxon_id_in_any][]': $scope.activeTaxons
     }
 
@@ -86,6 +97,12 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
       Properties.properties_by_id[property_id].name
     ).join($scope.filtersJoinWord()) if $scope.activeProperties?
 
+  $scope.appliedProducerPropertiesList = ->
+    $scope.activeProducerProperties.map( (property_id) ->
+      Properties.properties_by_id[property_id].name
+    ).join($scope.filtersJoinWord()) if $scope.activeProducerProperties?
+
+
   $scope.filtersJoinWord = ->
     $sce.trustAsHtml(" <span class='join-word'>#{t('products_or')}</span> ")
 
@@ -99,6 +116,7 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
   $scope.clearFilters = ->
     $scope.taxonSelectors.clearAll()
     $scope.propertySelectors.clearAll()
+    $scope.producerPropertySelectors.clearAll()
 
   $scope.refreshStaleData = ->
     # If the products template has already been loaded but the controller is being initialized
@@ -109,7 +127,7 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
       $scope.loadProducts()
 
   $scope.filtersCount = () ->
-    $scope.taxonSelectors.totalActive() + $scope.propertySelectors.totalActive()
+    $scope.taxonSelectors.totalActive() + $scope.propertySelectors.totalActive() + $scope.producerPropertySelectors.totalActive()
 
   $scope.toggleFilterSidebar = ->
     $scope.showFilterSidebar = !$scope.showFilterSidebar

app/assets/javascripts/darkswarm/controllers/registration/registration_controller.js.coffee

@@ -42,8 +42,17 @@ angular.module('Darkswarm').controller "RegistrationCtrl", ($scope, Registration
   $scope.toggleAddressConfirmed = ->
     $scope.addressConfirmed = !$scope.addressConfirmed
     if $scope.addressConfirmed
+      $scope.setLatLongIfUsingOpenStreetMap()
       $scope.enterprise.address.latitude = $scope.latLong.latitude
       $scope.enterprise.address.longitude = $scope.latLong.longitude
     else
       $scope.enterprise.address.latitude = null
       $scope.enterprise.address.longitude = null
+
+  # When OpenStreetMaps is enabled the latitude and longitude are calculated via a Stimulus
+  # controller, so they need to be read from data properties to be accessible here.
+  $scope.setLatLongIfUsingOpenStreetMap = ->
+    openStreetMap = document.getElementById("open-street-map")
+    if !$scope.latLong && openStreetMap && openStreetMap.dataset.latitude && openStreetMap.dataset.longitude
+      $scope.latLong = { latitude: openStreetMap.dataset.latitude, longitude: openStreetMap.dataset.longitude }
+

app/assets/javascripts/darkswarm/services/order_cycle_resource.js.coffee

@@ -18,4 +18,11 @@ angular.module('Darkswarm').factory 'OrderCycleResource', ($resource) ->
       url: '/api/v0/order_cycles/:id/properties.json'
       params:
         id: '@id'
+    'producerProperties':
+      method: 'GET'
+      isArray: true
+      url: '/api/v0/order_cycles/:id/producer_properties.json'
+      params:
+        id: '@id'
+
   })

app/assets/javascripts/darkswarm/services/products.js.coffee

@@ -39,7 +39,7 @@ angular.module('Darkswarm').factory 'Products', (OrderCycleResource, OrderCycle,
 
     dereference: ->
       for product in @fetched_products
-        product.supplier = Shopfront.producers_by_id[product.supplier.id]
+        product.supplier = Shopfront.producers_by_id[product.variants[0].supplier.id]
         Dereferencer.dereference product.taxons, Taxons.taxons_by_id
 
         product.properties = angular.copy(product.properties_with_values)

app/assets/javascripts/templates/admin/columns_dropdown.html.haml

@@ -5,8 +5,9 @@
   %div.menu{ 'ng-show' => "expanded" }
     .menu_items
       .menu_item{ "ng-repeat": "column in columns", "ng-click": "toggle(column);" }
-        %input.redesigned-input{ type: "checkbox", "ng-checked": "column.visible" }
-        {{ column.name }}
+        %input{ type: "checkbox", "ng-checked": "column.visible" }
+        %span
+          {{ column.name }}
       %hr
       %div.menu_item.text-center
         %input.fullwidth.orange{ type: "button", "ng-value": "saved() ? 'Saved': 'Saving'", "ng-show": "saved() || saving", "ng-disabled": "saved()" }

app/components/help_modal_component.rb

@@ -2,6 +2,6 @@
 
 class HelpModalComponent < ModalComponent
   def initialize(id:, close_button: true)
-    super(id:, close_button:)
+    super
   end
 end

app/components/multiple_checked_select_component/multiple_checked_select_component.html.haml

@@ -9,5 +9,5 @@
     %div.menu_items
       - @options.each do |option|
         %label.menu_item{ "data-multiple-checked-select-target": "option", "data-value": option[1], "data-label": option[0] }
-          %input.redesigned-input{ type: "checkbox", checked: @selected.include?(option[1]), name: "#{@name}[]", value: option[1] }
-          = option[0]
+          %input{ type: "checkbox", checked: @selected.include?(option[1]), name: "#{@name}[]", value: option[1] }
+          %span= option[0]

app/controllers/admin/bulk_line_items_controller.rb

@@ -35,7 +35,7 @@ module Admin
       order.with_lock do
         if order.contents.update_item(@line_item, line_item_params)
           # No Content, does not trigger ng resource auto-update
-          render body: nil, status: :no_content
+          head :no_content
         else
           render json: { errors: @line_item.errors }, status: :precondition_failed
         end
@@ -49,7 +49,7 @@ module Admin
       authorize! :update, order
 
       order.contents.remove(@line_item.variant)
-      render body: nil, status: :no_content # No Content, does not trigger ng resource auto-update
+      head :no_content # No Content, does not trigger ng resource auto-update
     end
 
     private

app/controllers/admin/column_preferences_controller.rb

@@ -4,17 +4,25 @@ module Admin
   class ColumnPreferencesController < Admin::ResourceController
     before_action :load_collection, only: [:bulk_update]
 
-    respond_to :json
-
     def bulk_update
       @cp_set.collection.each { |cp| authorize! :bulk_update, cp }
 
-      if @cp_set.save
-        render json: @cp_set.collection, each_serializer: Api::Admin::ColumnPreferenceSerializer
-      elsif @cp_set.errors.present?
-        render json: { errors: @cp_set.errors }, status: :bad_request
-      else
-        render body: nil, status: :internal_server_error
+      respond_to do |format|
+        if @cp_set.save
+          format.json {
+            render json: @cp_set.collection, each_serializer: Api::Admin::ColumnPreferenceSerializer
+          }
+          format.turbo_stream {
+            flash.now[:success] = t('.success')
+            render :bulk_update, locals: { action: permitted_params[:action_name] }
+          }
+        else
+          format.json { render json: { errors: @cp_set.errors }, status: :bad_request }
+          format.turbo_stream {
+            flash.now[:error] = @cp_set.errors.full_messages.to_sentence
+            render :bulk_update, locals: { action: permitted_params[:action_name] }
+          }
+        end
       end
     end
 
@@ -28,11 +36,26 @@ module Admin
     end
 
     def load_collection
-      collection_hash = Hash[permitted_params[:column_preferences].
-        each_with_index.map { |cp, i| [i, cp] }]
-      collection_hash.select!{ |_i, cp| cp[:action_name] == permitted_params[:action_name] }
-      @cp_set = Sets::ColumnPreferenceSet.new(@column_preferences,
-                                              collection_attributes: collection_hash)
+      collection_attributes = nil
+
+      respond_to do |format|
+        format.json do
+          collection_attributes = Hash[permitted_params[:column_preferences].
+            each_with_index.map { |cp, i| [i, cp] }]
+          collection_attributes.select!{ |_i, cp|
+            cp[:action_name] == permitted_params[:action_name]
+          }
+        end
+        format.all do
+          # Inject action name and user ID for each column_preference
+          collection_attributes = permitted_params[:column_preferences].to_h.each_value { |cp|
+            cp[:action_name] = permitted_params[:action_name]
+            cp[:user_id] = spree_current_user.id
+          }
+        end
+      end
+
+      @cp_set = Sets::ColumnPreferenceSet.new(@column_preferences, collection_attributes:)
     end
 
     def collection

app/controllers/admin/connected_apps_controller.rb

@@ -5,12 +5,12 @@ module Admin
     def create
       authorize! :admin, enterprise
 
-      app = ConnectedApp.create!(enterprise_id: enterprise.id)
+      attributes = {}
+      attributes[:type] = connected_app_params[:type] if connected_app_params[:type]
 
-      ConnectAppJob.perform_later(
-        app, spree_current_user.spree_api_key,
-        channel: SessionChannel.for_request(request),
-      )
+      app = ConnectedApp.create!(enterprise_id: enterprise.id, **attributes)
+      app.connect(api_key: spree_current_user.spree_api_key,
+                  channel: SessionChannel.for_request(request))
 
       render_panel
     end
@@ -18,15 +18,9 @@ module Admin
     def destroy
       authorize! :admin, enterprise
 
-      app = enterprise.connected_apps.first
+      app = enterprise.connected_apps.find(params.require(:id))
       app.destroy
 
-      WebhookDeliveryJob.perform_later(
-        app.data["destroy"],
-        "disconnect-app",
-        nil
-      )
-
       render_panel
     end
 
@@ -39,5 +33,9 @@ module Admin
     def render_panel
       redirect_to "#{edit_admin_enterprise_path(enterprise)}#/connected_apps_panel"
     end
+
+    def connected_app_params
+      params.permit(:type)
+    end
   end
 end

app/controllers/admin/dfc_product_imports_controller.rb

@@ -20,7 +20,7 @@ module Admin
 
       catalog_url = params.require(:catalog_url)
 
-      json_catalog = DfcRequest.new(spree_current_user).get(catalog_url)
+      json_catalog = fetch_catalog(catalog_url)
       graph = DfcIo.import(json_catalog)
 
       # * First step: import all products for given enterprise.
@@ -34,6 +34,16 @@ module Admin
 
     private
 
+    def fetch_catalog(url)
+      if url =~ /food-data-collaboration/
+        fdc_json = FdcRequest.new(spree_current_user).call(url)
+        fdc_message = JSON.parse(fdc_json)
+        fdc_message["products"]
+      else
+        DfcRequest.new(spree_current_user).call(url)
+      end
+    end
+
     # Most of this code is the same as in the DfcProvider::SuppliedProductsController.
     def import_product(subject, enterprise)
       return unless subject.is_a? DataFoodConsortium::Connector::SuppliedProduct

app/controllers/admin/enterprise_fees_controller.rb

@@ -65,7 +65,9 @@ module Admin
         order_cycle ||= OrderCycle.new(coordinator:) if coordinator.present?
         enterprises = OpenFoodNetwork::OrderCyclePermissions.new(spree_current_user,
                                                                  order_cycle).visible_enterprises
-        EnterpriseFee.for_enterprises(enterprises).order('enterprise_id', 'fee_type', 'name')
+
+        fees = EnterpriseFee.for_enterprises(enterprises).order('enterprise_id', 'fee_type', 'name')
+        filter_fees(fees)
       else
         collection = EnterpriseFee.managed_by(spree_current_user).order('enterprise_id',
                                                                         'fee_type', 'name')
@@ -74,6 +76,12 @@ module Admin
       end
     end
 
+    def filter_fees(fees)
+      fees = fees.per_item if params[:per_item]
+      fees = fees.per_order if params[:per_order]
+      fees
+    end
+
     def collection_actions
       [:index, :for_order_cycle, :bulk_update]
     end

app/controllers/admin/enterprises_controller.rb

@@ -189,10 +189,7 @@ module Admin
           .visible_enterprises
 
         if enterprises.present?
-          enterprises.includes(
-            supplied_products:
-              [:supplier, :variants, :image]
-          )
+          enterprises.includes(supplied_products: [:variants, :image])
         end
       when :index
         if spree_current_user.admin?

app/controllers/admin/product_import_controller.rb

@@ -4,6 +4,8 @@ require 'roo'
 
 module Admin
   class ProductImportController < Spree::Admin::BaseController
+    TMPDIR_PREFIX = "product_import-"
+
     before_action :validate_upload_presence, except: %i[index guide validate_data]
 
     def index
@@ -101,8 +103,7 @@ module Admin
 
     def save_uploaded_file(upload)
       extension = File.extname(upload.original_filename)
-      directory = Dir.mktmpdir 'product_import'
-      File.open(File.join(directory, "import#{extension}"), 'wb') do |f|
+      File.open(File.join(mktmpdir, "import#{extension}"), 'wb') do |f|
         data = UploadSanitizer.new(upload.read).call
         f.write(data)
         f.path
@@ -126,6 +127,14 @@ module Admin
       ProductImport::ProductImporter
     end
 
+    def mktmpdir
+      Dir::Tmpname.create(TMPDIR_PREFIX, Rails.root.join('tmp') ) { |tmpname| Dir.mkdir(tmpname) }
+    end
+
+    def tmpdir_base
+      Rails.root.join('tmp', TMPDIR_PREFIX).to_s
+    end
+
     def file_path
       @file_path ||= validate_file_path(sanitize_file_path(params[:filepath]))
     end
@@ -134,8 +143,9 @@ module Admin
       FilePathSanitizer.new.sanitize(file_path, on_error: method(:raise_invalid_file_path))
     end
 
+    # Ensure file is under the safe tmp directory
     def validate_file_path(file_path)
-      return file_path if file_path.to_s.match?(TEMP_FILE_PATH_REGEX)
+      return file_path if file_path.to_s.match?(%r{^#{tmpdir_base}[A-Za-z0-9-]*/import\.csv$})
 
       raise_invalid_file_path
     end
@@ -145,6 +155,5 @@ module Admin
                   notice: I18n.t(:product_import_no_data_in_spreadsheet_notice)
       raise 'Invalid File Path'
     end
-    TEMP_FILE_PATH_REGEX = %r{^/tmp/product_import[A-Za-z0-9-]*/import\.csv$}
   end
 end

app/controllers/admin/products_v3_controller.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+# rubocop:disable Metrics/ClassLength
 module Admin
   class ProductsV3Controller < Spree::Admin::BaseController
     helper ProductsHelper
@@ -31,6 +32,67 @@ module Admin
       end
     end
 
+    def destroy
+      @record = ProductScopeQuery.new(
+        spree_current_user,
+        { id: params[:id] }
+      ).find_product
+
+      @record.destroyed_by = spree_current_user
+      status = :ok
+
+      if @record.destroy
+        flash.now[:success] = t('.delete_product.success')
+      else
+        flash.now[:error] = t('.delete_product.error')
+        status = :internal_server_error
+      end
+
+      respond_with do |format|
+        format.turbo_stream { render :destroy_product_variant, status: }
+      end
+    end
+
+    def destroy_variant
+      @record = Spree::Variant.active.find(params[:id])
+      authorize! :delete, @record
+
+      status = :ok
+      if VariantDeleter.new.delete(@record)
+        flash.now[:success] = t('.delete_variant.success')
+      else
+        flash.now[:error] = t('.delete_variant.error')
+        status = :internal_server_error
+      end
+
+      respond_with do |format|
+        format.turbo_stream { render :destroy_product_variant, status: }
+      end
+    end
+
+    def clone
+      @product = Spree::Product.find(params[:id])
+      status = :ok
+
+      begin
+        @cloned_product = @product.duplicate
+        flash.now[:success] = t('.success')
+
+        @product_index = "-#{@cloned_product.id}"
+        @producer_options = producers
+        @category_options = categories
+        @tax_category_options = tax_category_options
+      rescue ActiveRecord::ActiveRecordError => _e
+        flash.now[:error] = t('.error')
+        status = :unprocessable_entity
+        @product_index = "-1" # Create a unique enough index
+      end
+
+      respond_with do |format|
+        format.turbo_stream { render :clone, status: }
+      end
+    end
+
     def index_url(params)
       "/admin/products?#{params.to_query}" # todo: fix routing so this can be automaticly generated
     end
@@ -87,7 +149,7 @@ module Admin
 
     def ransack_query
       query = {}
-      query.merge!(supplier_id_in: @producer_id) if @producer_id.present?
+      query.merge!(variants_supplier_id_in: @producer_id) if @producer_id.present?
       if @search_term.present?
         query.merge!(Spree::Variant::SEARCH_KEY => @search_term)
       end
@@ -101,13 +163,13 @@ module Admin
     def product_query_includes
       [
         :image,
-        :supplier,
         { variants: [
           :default_price,
           :primary_taxon,
           :product,
           :stock_items,
           :tax_category,
+          :supplier,
         ] },
       ]
     end
@@ -147,3 +209,4 @@ module Admin
     end
   end
 end
+# rubocop:enable Metrics/ClassLength

app/controllers/admin/reports_controller.rb

@@ -61,6 +61,9 @@ module Admin
     def render_in_background
       cable_ready[ScopedChannel.for_id(params[:uuid])]
         .inner_html(
+          selector: "#report-go",
+          html: helpers.button(t(:go), "report__submit-btn", "submit", disabled: true)
+        ).inner_html(
           selector: "#report-table",
           html: render_to_string(partial: "admin/reports/loading")
         ).scroll_into_view(

app/controllers/admin/resource_controller.rb

@@ -146,7 +146,7 @@ module Admin
       return nil if parent_data.blank?
 
       @parent ||= parent_data[:model_class].
-        public_send("find_by", parent_data[:find_by] => params["#{model_name}_id"])
+        find_by(parent_data[:find_by] => params["#{model_name}_id"])
       instance_variable_set("@#{model_name}", @parent)
     end
 

app/controllers/admin/stripe_connect_settings_controller.rb

@@ -37,7 +37,7 @@ module Admin
 
     def obfuscated_secret_key
       key = Stripe.api_key
-      key.first(8) + "****" + key.last(4)
+      "#{key.first(8)}****#{key.last(4)}"
     end
 
     def settings_params

app/controllers/admin/tag_rules_controller.rb

@@ -5,7 +5,7 @@ module Admin
     respond_to :json
 
     respond_override destroy: { json: {
-      success: lambda { render body: nil, status: :no_content }
+      success: lambda { head :no_content }
     } }
 
     def map_by_tag

app/controllers/admin/variant_overrides_controller.rb

@@ -88,7 +88,7 @@ module Admin
     end
 
     def modified_variant_overrides_ids
-      variant_overrides_params.map { |vo| vo[:id] }
+      variant_overrides_params.pluck(:id)
     end
 
     def collection_actions

app/controllers/api/v0/enterprise_fees_controller.rb

@@ -9,7 +9,7 @@ module Api
         authorize! :destroy, enterprise_fee
 
         if enterprise_fee.destroy
-          render plain: I18n.t(:successfully_removed), status: :no_content
+          head :no_content
         else
           render plain: enterprise_fee.errors.full_messages.first, status: :forbidden
         end

app/controllers/api/v0/order_cycles_controller.rb

@@ -7,9 +7,11 @@ module Api
       include ApiActionCaching
 
       skip_authorization_check
-      skip_before_action :authenticate_user, :ensure_api_key, only: [:taxons, :properties]
+      skip_before_action :authenticate_user, :ensure_api_key, only: [
+        :taxons, :properties, :producer_properties
+      ]
 
-      caches_action :taxons, :properties,
+      caches_action :taxons, :properties, :producer_properties,
                     expires_in: CacheService::FILTERS_EXPIRY,
                     cache_path: proc { |controller| controller.request.url }
 
@@ -41,7 +43,13 @@ module Api
 
       def properties
         render plain: ActiveModel::ArraySerializer.new(
-          product_properties | producer_properties, each_serializer: Api::PropertySerializer
+          product_properties, each_serializer: Api::PropertySerializer
+        ).to_json
+      end
+
+      def producer_properties
+        render plain: ActiveModel::ArraySerializer.new(
+          load_producer_properties, each_serializer: Api::PropertySerializer
         ).to_json
       end
 
@@ -58,7 +66,7 @@ module Api
           select('DISTINCT spree_properties.*')
       end
 
-      def producer_properties
+      def load_producer_properties
         producers = Enterprise.
           joins(:supplied_products).
           where(spree_products: { id: distributed_products })
@@ -86,8 +94,9 @@ module Api
       end
 
       def distributed_products
-        OrderCycles::DistributedProductsService.new(distributor, order_cycle,
-                                                    customer).products_relation
+        OrderCycles::DistributedProductsService.new(
+          distributor, order_cycle, customer
+        ).products_relation.pluck(:id)
       end
     end
   end

app/controllers/api/v0/products_controller.rb

@@ -44,7 +44,7 @@ module Api
         authorize! :delete, @product
         @product.destroyed_by = current_api_user
         @product.destroy
-        render json: @product, serializer: Api::Admin::ProductSerializer, status: :no_content
+        head :no_content
       end
 
       def bulk_products
@@ -54,7 +54,7 @@ module Api
       end
 
       def overridable
-        @products = product_finder.paged_products_for_producers
+        @products = product_finder.products_for_producers
 
         render_paged_products @products, ::Api::Admin::ProductSimpleSerializer
       end

app/controllers/api/v0/taxons_controller.rb

@@ -55,7 +55,7 @@ module Api
       def destroy
         authorize! :delete, Spree::Taxon
         taxon.destroy
-        render json: taxon, serializer: Api::TaxonSerializer, status: :no_content
+        head :no_content
       end
 
       private

app/controllers/api/v0/variants_controller.rb

@@ -44,7 +44,7 @@ module Api
         authorize! :delete, @variant
 
         VariantDeleter.new.delete(@variant)
-        render json: @variant, serializer: Api::VariantSerializer, status: :no_content
+        head :no_content
       end
 
       private

app/controllers/application_controller.rb

@@ -60,7 +60,7 @@ class ApplicationController < ActionController::Base
     rescue StandardError
       'unknown'
     end}")
-    super(options, response_status)
+    super
   end
 
   def set_checkout_redirect

app/controllers/spree/admin/images_controller.rb

@@ -37,13 +37,14 @@ module Spree
 
         if @object.save
           flash[:success] = flash_message_for(@object, :successfully_created)
-          redirect_to location_after_save
+
+          respond_to do |format|
+            format.html { redirect_to location_after_save }
+            format.turbo_stream { render :update }
+          end
         else
-          respond_with(@object)
+          respond_with_error(@object.errors)
         end
-      rescue ActiveStorage::IntegrityError
-        @object.errors.add :attachment, :integrity_error
-        respond_with(@object)
       end
 
       def update
@@ -53,16 +54,13 @@ module Spree
         if @object.update(permitted_resource_params)
           flash[:success] = flash_message_for(@object, :successfully_updated)
 
-          respond_with do |format|
+          respond_to do |format|
             format.html { redirect_to location_after_save }
             format.turbo_stream
           end
         else
-          respond_with(@object)
+          respond_with_error(@object.errors)
         end
-      rescue ActiveStorage::IntegrityError
-        @object.errors.add :attachment, :integrity_error
-        respond_with(@object)
       end
 
       def destroy
@@ -112,6 +110,14 @@ module Spree
           :attachment, :viewable_id, :alt
         )
       end
+
+      def respond_with_error(errors)
+        @errors = errors.map(&:full_message)
+        respond_to do |format|
+          format.html { respond_with(@object) }
+          format.turbo_stream { render :edit }
+        end
+      end
     end
   end
 end

app/controllers/spree/admin/invoices_controller.rb

@@ -15,6 +15,8 @@ module Spree
         invoice_pdf = filepath(invoice_id)
 
         send_file(invoice_pdf, type: 'application/pdf', disposition: :inline)
+      rescue ActionController::MissingFile
+        render "errors/not_found", status: :not_found, formats: :html
       end
 
       def generate

app/controllers/spree/admin/product_properties_controller.rb

@@ -8,6 +8,7 @@ module Spree
       before_action :setup_property, only: [:index]
 
       def index
+        @supplier = @product.variants.first.supplier
         @url_filters = ::ProductFilters.new.extract(request.query_parameters)
       end
 

app/controllers/spree/admin/products_controller.rb

@@ -12,6 +12,7 @@ module Spree
       include EnterprisesHelper
 
       before_action :load_data
+      before_action :load_producers, only: [:index, :new]
       before_action :load_form_data, only: [:index, :new, :create, :edit, :update]
       before_action :load_spree_api_key, only: [:index, :variant_overrides]
       before_action :strip_new_properties, only: [:create, :update]
@@ -41,6 +42,7 @@ module Spree
             flash[:success] = flash_message_for(@object, :successfully_created)
             redirect_after_save
           else
+            load_producers
             # Re-fill the form with deleted params on product
             @on_hand = request.params[:product][:on_hand]
             @on_demand = request.params[:product][:on_demand]
@@ -52,14 +54,9 @@ module Spree
       def update
         @url_filters = ::ProductFilters.new.extract(request.query_parameters)
 
-        original_supplier_id = @product.supplier_id
         delete_stock_params_and_set_after do
           params[:product] ||= {} if params[:clear_product_properties]
           if @object.update(permitted_resource_params)
-            if original_supplier_id != @product.supplier_id
-              ExchangeVariantDeleter.new.delete(@product)
-            end
-
             flash[:success] = flash_message_for(@object, :successfully_updated)
           end
           redirect_to spree.edit_admin_product_url(@object, @url_filters)
@@ -157,12 +154,15 @@ module Spree
       end
 
       def load_form_data
-        @producers = OpenFoodNetwork::Permissions.new(spree_current_user).
-          managed_product_enterprises.is_primary_producer.by_name
         @taxons = Spree::Taxon.order(:name)
         @import_dates = product_import_dates.uniq.to_json
       end
 
+      def load_producers
+        @producers = OpenFoodNetwork::Permissions.new(spree_current_user).
+          managed_product_enterprises.is_primary_producer.by_name
+      end
+
       def product_import_dates
         options = [{ id: '0', name: '' }]
         product_import_dates_query.collect(&:import_date).
@@ -173,12 +173,10 @@ module Spree
 
       def product_import_dates_query
         Spree::Variant.
-          select('DISTINCT spree_variants.import_date').
-          joins(:product).
-          where(spree_products: { supplier_id: editable_enterprises.collect(&:id) }).
+          select('import_date').distinct.
+          where(supplier_id: editable_enterprises.collect(&:id)).
           where.not(spree_variants: { import_date: nil }).
-          where(spree_variants: { deleted_at: nil }).
-          order('spree_variants.import_date DESC')
+          order('import_date DESC')
       end
 
       def strip_new_properties

app/controllers/spree/admin/variants_controller.rb

@@ -46,7 +46,13 @@ module Spree
       def update
         @url_filters = ::ProductFilters.new.extract(request.query_parameters)
 
+        original_supplier_id = @object.supplier_id
+
         if @object.update(permitted_resource_params)
+          if original_supplier_id != @object.supplier_id
+            ExchangeVariantDeleter.new.delete(@object)
+          end
+
           flash[:success] = flash_message_for(@object, :successfully_updated)
           redirect_to spree.admin_product_variants_url(params[:product_id], @url_filters)
         else
@@ -113,6 +119,8 @@ module Spree
       private
 
       def load_data
+        @producers = OpenFoodNetwork::Permissions.new(spree_current_user).
+          managed_product_enterprises.is_primary_producer.by_name
         @tax_categories = TaxCategory.order(:name)
         @shipping_categories = ShippingCategory.order(:name)
       end

app/controllers/spree/users_controller.rb

@@ -47,14 +47,8 @@ module Spree
       @user = Spree::User.new(user_params)
 
       if @user.save
-        render cable_ready: cable_car.inner_html(
-          "#signup-feedback",
-          partial("layouts/alert",
-                  locals: {
-                    type: "success",
-                    message: t('devise.user_registrations.spree_user.signed_up_but_unconfirmed')
-                  })
-        )
+        flash[:success] = t('devise.user_registrations.spree_user.signed_up_but_unconfirmed')
+        render cable_ready: cable_car.redirect_to(url: main_app.root_path)
       else
         render status: :unprocessable_entity, cable_ready: cable_car.morph(
           "#signup-tab",

app/helpers/admin/enterprises_helper.rb

@@ -14,6 +14,10 @@ module Admin
       producers.size == 1 ? producers.first.id : nil
     end
 
+    def managed_by_user?(enterprise)
+      enterprise.in?(spree_current_user.enterprises)
+    end
+
     def enterprise_side_menu_items(enterprise)
       is_shop = enterprise.sells != "none"
       show_properties = !!enterprise.is_primary_producer
@@ -62,8 +66,8 @@ module Admin
         { name: 'inventory_settings', icon_class: "icon-list-ol", show: is_shop },
         { name: 'tag_rules', icon_class: "icon-random", show: is_shop },
         { name: 'shop_preferences', icon_class: "icon-shopping-cart", show: is_shop },
-        { name: 'users', icon_class: "icon-user", show: true },
         { name: 'white_label', icon_class: "icon-leaf", show: true },
+        { name: 'users', icon_class: "icon-user", show: true },
         { name: 'connected_apps', icon_class: "icon-puzzle-piece", show: show_connected_apps },
       ]
     end

app/helpers/admin/orders_helper.rb

@@ -11,9 +11,25 @@ module Admin
     def order_adjustments_for_display(order)
       order.adjustments +
         voucher_included_tax_representations(order) +
+        additional_tax_total_representation(order) +
         order.all_adjustments.payment_fee.eligible
     end
 
+    def additional_tax_total_representation(order)
+      adjustment = Spree::Adjustment.additional.tax.where(
+        order_id: order.id, adjustable_type: 'Spree::Adjustment'
+      ).sum(:amount)
+
+      return [] unless adjustment != 0
+
+      [
+        AdjustmentData.new(
+          I18n.t("admin.orders.edit.tax_on_fees"),
+          adjustment
+        )
+      ]
+    end
+
     def voucher_included_tax_representations(order)
       return [] unless VoucherAdjustmentsService.new(order).voucher_included_tax.negative?
 

app/helpers/admin/products_helper.rb

@@ -9,5 +9,23 @@ module Admin
         new_admin_product_image_path(product.id)
       end
     end
+
+    def prepare_new_variant(product)
+      product.variants.build do |variant|
+        variant.unit_value = 1.0 * (product.variant_unit_scale || 1)
+        variant.unit_presentation = VariantUnits::OptionValueNamer.new(variant).name
+      end
+    end
+
+    def unit_value_with_description(variant)
+      scaled_unit_value = variant.unit_value / (variant.product.variant_unit_scale || 1)
+      precised_unit_value = number_with_precision(
+        scaled_unit_value,
+        precision: nil,
+        strip_insignificant_zeros: true
+      )
+
+      [precised_unit_value, variant.unit_description].compact_blank.join(" ")
+    end
   end
 end

app/helpers/bulk_form_builder.rb

@@ -8,6 +8,6 @@ class BulkFormBuilder < ActionView::Helpers::FormBuilder
       opts[:class] = "#{opts[:class]} changed".strip
     end
 
-    super(field, **opts)
+    super
   end
 end

app/helpers/enterprises_helper.rb

@@ -31,7 +31,7 @@ module EnterprisesHelper
 
   def enterprises_options(enterprises)
     enterprises.map { |enterprise|
-      [enterprise.name + ": " + enterprise.address.address1 + ", " + enterprise.address.city,
+      ["#{enterprise.name}: #{enterprise.address.address1}, #{enterprise.address.city}",
        enterprise.id.to_i]
     }
   end

app/helpers/i18n_helper.rb

@@ -2,7 +2,7 @@
 
 module I18nHelper
   def locale_options
-    OpenFoodNetwork::I18nConfig.available_locales.map do |locale|
+    OpenFoodNetwork::I18nConfig.selectable_locales.map do |locale|
       [t('language_name', locale:), locale]
     end
   end

app/helpers/mailer_helper.rb

@@ -10,4 +10,8 @@ module MailerHelper
       link_to ofn, "https://www.openfoodnetwork.org"
     end
   end
+
+  def order_reply_email(order)
+    order.distributor.email_address.presence || order.distributor.contact.email
+  end
 end

app/helpers/map_helper.rb

@@ -2,7 +2,9 @@
 
 module MapHelper
   def using_google_maps?
-    ENV["GOOGLE_MAPS_API_KEY"].present? || google_maps_configured_with_geocoder_api_key?
+    !ContentConfig.open_street_map_enabled && (
+      ENV["GOOGLE_MAPS_API_KEY"].present? || google_maps_configured_with_geocoder_api_key?
+    )
   end
 
   private

app/helpers/spree/admin/base_helper.rb

@@ -108,7 +108,7 @@ module Spree
 
         object.preferences.keys.map { |key|
           preference_label = form.label("preferred_#{key}",
-                                        Spree.t(key.to_s.gsub("_from_list", "")) + ": ")
+                                        "#{Spree.t(key.to_s.gsub('_from_list', ''))}: ")
           preference_field = preference_field_for(
             form,
             "preferred_#{key}",
@@ -120,7 +120,7 @@ module Spree
 
       def link_to_add_fields(name, target, options = {})
         name = '' if options[:no_text]
-        css_classes = options[:class] ? options[:class] + " spree_add_fields" : "spree_add_fields"
+        css_classes = options[:class] ? "#{options[:class]} spree_add_fields" : "spree_add_fields"
         link_to_with_icon('icon-plus',
                           name,
                           'javascript:',

app/jobs/connect_app_job.rb

@@ -17,10 +17,10 @@ class ConnectAppJob < ApplicationJob
 
     return unless channel
 
-    selector = "#edit_enterprise_#{enterprise.id} #connected-app-discover-regen"
+    selector = "#connected-app-discover-regen.enterprise_#{enterprise.id}"
     html = ApplicationController.render(
-      partial: "admin/enterprises/form/connected_apps",
-      locals: { enterprise: },
+      partial: "admin/enterprises/form/connected_apps/discover_regen",
+      locals: { enterprise:, connected_app: enterprise.connected_apps.discover_regen.first },
     )
 
     cable_ready[channel].morph(selector:, html:).broadcast

app/jobs/report_job.rb

@@ -39,10 +39,14 @@ class ReportJob < ApplicationJob
   end
 
   def broadcast_result(channel, format, blob)
-    cable_ready[channel].inner_html(
-      selector: "#report-table",
-      html: actioncable_content(format, blob)
-    ).broadcast
+    cable_ready[channel]
+      .inner_html(
+        selector: "#report-go",
+        html: Spree::Admin::BaseController.helpers.button(I18n.t(:go), "report__submit-btn")
+      ).inner_html(
+        selector: "#report-table",
+        html: actioncable_content(format, blob)
+      ).broadcast
   end
 
   def broadcast_error(channel)
@@ -53,7 +57,14 @@ class ReportJob < ApplicationJob
   end
 
   def actioncable_content(format, blob)
-    return blob.result if format.to_sym == :html
+    if format.to_sym == :html
+      return blob.result if blob.byte_size < 10**6 # 1 MB
+
+      return render(
+        partial: "admin/reports/display",
+        locals: { file_url: blob.expiring_service_url }
+      )
+    end
 
     render(partial: "admin/reports/download", locals: { file_url: blob.expiring_service_url })
   end

app/mailers/producer_mailer.rb

@@ -60,11 +60,12 @@ class ProducerMailer < ApplicationMailer
 
   def line_items_from(order_cycle, producer)
     @line_items ||= Spree::LineItem.
-      includes(variant: [:product]).
+      includes(variant: :product).
+      joins(variant: :product).
       from_order_cycle(order_cycle).
-      sorted_by_name_and_unit_value.
-      merge(Spree::Product.with_deleted.in_supplier(producer)).
-      merge(Spree::Order.by_state(["complete", "resumed"]))
+      merge(Spree::Variant.with_deleted.where(supplier: producer)).
+      merge(Spree::Order.by_state(["complete", "resumed"])).
+      sorted_by_name_and_unit_value
   end
 
   def total_from_line_items(line_items)
@@ -81,7 +82,7 @@ class ProducerMailer < ApplicationMailer
     line_items.map do |line_item|
       {
         sku: line_item.variant.sku,
-        supplier_name: line_item.product.supplier.name,
+        supplier_name: line_item.variant.supplier.name,
         product_and_full_name: line_item.product_and_full_name,
         quantity: line_item.quantity,
         first_name: line_item.order.billing_address.first_name,

app/mailers/spree/user_mailer.rb

@@ -25,7 +25,7 @@ module Spree
       @user = user
       I18n.with_locale valid_locale(@user) do
         mail(to: user.email,
-             subject: t(:welcome_to) + ' ' + Spree::Config[:site_name])
+             subject: "#{t(:welcome_to)} #{Spree::Config[:site_name]}")
       end
     end
 

app/models/concerns/file_preferences.rb

@@ -22,7 +22,7 @@ module FilePreferences
     if has_preference?("#{key}_blob_id")
       :file
     else
-      super(key)
+      super
     end
   end
 

app/models/concerns/line_item_stock_changes.rb

@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-# Rails 5 introduced some breaking changes to these built-in methods, and the new versions
-# no longer work correctly in relation to decrementing stock with LineItems / VariantOverrides.
-# The following methods re-instate the pre-Rails-5 versions, which work as expected.
-# https://apidock.com/rails/v4.2.9/ActiveRecord/Persistence/increment%21
-# https://apidock.com/rails/v4.2.9/ActiveRecord/Persistence/decrement%21
-
-module LineItemStockChanges
-  extend ActiveSupport::Concern
-
-  def increment!(attribute, by = 1)
-    increment(attribute, by).update_attribute(attribute, self[attribute])
-  end
-
-  def decrement!(attribute, by = 1)
-    decrement(attribute, by).update_attribute(attribute, self[attribute])
-  end
-end

app/models/concerns/log_destroy_performer.rb

@@ -10,9 +10,12 @@ module LogDestroyPerformer
     after_destroy :log_who_destroyed
 
     def log_who_destroyed
-      return if destroyed_by.nil?
-
-      Rails.logger.info "#{self.class} #{id} deleted by #{destroyed_by.id}"
+      message = if destroyed_by.nil?
+                  "#{self.class} #{id} deleted"
+                else
+                  "#{self.class} #{id} deleted by #{destroyed_by.id} <#{destroyed_by.email}>"
+                end
+      Rails.logger.info message
     end
   end
 end

app/models/connected_app.rb

@@ -5,7 +5,31 @@
 # Here we store keys and links to access the app.
 class ConnectedApp < ApplicationRecord
   belongs_to :enterprise
+  after_destroy :disconnect
+
+  scope :discover_regen, -> { where(type: "ConnectedApp") }
+  scope :affiliate_sales_data, -> { where(type: "ConnectedApps::AffiliateSalesData") }
 
   scope :connecting, -> { where(data: nil) }
   scope :ready, -> { where.not(data: nil) }
+
+  def connecting?
+    data.nil?
+  end
+
+  def ready?
+    !connecting?
+  end
+
+  def connect(api_key:, channel:)
+    ConnectAppJob.perform_later(self, api_key, channel:)
+  end
+
+  def disconnect
+    WebhookDeliveryJob.perform_later(
+      data["destroy"],
+      "disconnect-app",
+      nil
+    )
+  end
 end

app/models/connected_apps/affiliate_sales_data.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+# An enterprise can opt-in for their data to be included in the affiliate_sales_data endpoint
+#
+module ConnectedApps
+  class AffiliateSalesData < ConnectedApp
+    def connect(_opts)
+      update! data: true # not-nil value indicates it is ready
+    end
+
+    def disconnect; end
+  end
+end

app/models/custom_tab.rb

@@ -4,4 +4,14 @@ class CustomTab < ApplicationRecord
   belongs_to :enterprise
 
   validates :title, presence: true, length: { maximum: 20 }
+
+  # Remove any unsupported HTML.
+  def content
+    HtmlSanitizer.sanitize(super)
+  end
+
+  # Remove any unsupported HTML.
+  def content=(html)
+    super(HtmlSanitizer.sanitize(html))
+  end
 end

app/models/enterprise.rb

@@ -39,13 +39,13 @@ class Enterprise < ApplicationRecord
                                    class_name: 'EnterpriseGroup'
   has_many :producer_properties, foreign_key: 'producer_id', dependent: :destroy
   has_many :properties, through: :producer_properties
-  has_many :supplied_products, class_name: 'Spree::Product',
-                               foreign_key: 'supplier_id',
-                               dependent: :destroy
-  has_many :supplied_variants, through: :supplied_products, source: :variants
+  has_many :supplied_variants,
+           class_name: 'Spree::Variant', foreign_key: 'supplier_id', dependent: :destroy
+  has_many :supplied_products, through: :supplied_variants, source: :product
   has_many :distributed_orders, class_name: 'Spree::Order',
                                 foreign_key: 'distributor_id',
                                 dependent: :restrict_with_exception
+
   belongs_to :address, class_name: 'Spree::Address'
   belongs_to :business_address, optional: true, class_name: 'Spree::Address', dependent: :destroy
   has_many :enterprise_fees, dependent: :restrict_with_exception
@@ -167,7 +167,7 @@ class Enterprise < ApplicationRecord
   scope :is_distributor, -> { where.not(sells: 'none') }
   scope :is_hub, -> { where(sells: 'any') }
   scope :supplying_variant_in, lambda { |variants|
-    joins(supplied_products: :variants).
+    joins(:supplied_variants).
       where(spree_variants: { id: variants }).
       select('DISTINCT enterprises.*')
   }
@@ -205,14 +205,14 @@ class Enterprise < ApplicationRecord
       select('DISTINCT enterprises.*')
   }
 
-  scope :distributing_products, lambda { |product_ids|
+  scope :distributing_variants, lambda { |variants_ids|
     exchanges = joins("
         INNER JOIN exchanges
-          ON (exchanges.receiver_id = enterprises.id AND exchanges.incoming = 'f')
+          ON (exchanges.receiver_id = enterprises.id AND exchanges.incoming = false)
       ").
       joins('INNER JOIN exchange_variants ON (exchange_variants.exchange_id = exchanges.id)').
       joins('INNER JOIN spree_variants ON (spree_variants.id = exchange_variants.variant_id)').
-      where(spree_variants: { product_id: product_ids }).select('DISTINCT enterprises.id')
+      where(spree_variants: { id: variants_ids }).select('DISTINCT enterprises.id')
 
     where(id: exchanges)
   }
@@ -376,7 +376,7 @@ class Enterprise < ApplicationRecord
   def category
     # Make this crazy logic human readable so we can argue about it sanely.
     cat = is_primary_producer ? "producer_" : "non_producer_"
-    cat << ("sells_" + sells)
+    cat << ("sells_#{sells}")
 
     # Map backend cases to front end cases.
     case cat
@@ -427,10 +427,9 @@ class Enterprise < ApplicationRecord
     test_permalink = UrlGenerator.to_url(test_permalink)
     test_permalink = "my-enterprise" if test_permalink.blank?
     existing = Enterprise.
-      select(:permalink).
       order(:permalink).
       where("permalink LIKE ?", "#{test_permalink}%").
-      map(&:permalink)
+      pluck(:permalink)
 
     if existing.include?(test_permalink)
       used_indices = existing.map do |p|
@@ -510,7 +509,7 @@ class Enterprise < ApplicationRecord
   end
 
   def correct_whatsapp_url(phone_number)
-    phone_number && ("https://wa.me/" + phone_number.tr('+ ', ''))
+    phone_number && "https://wa.me/#{phone_number.tr('+ ', '')}"
   end
 
   def correct_instagram_url(url)
@@ -598,7 +597,7 @@ class Enterprise < ApplicationRecord
   # Touch distributors without them touching their distributors.
   # We avoid an infinite loop and don't need to touch the whole distributor tree.
   def touch_distributors
-    Enterprise.distributing_products(supplied_products.select(:id)).
+    Enterprise.distributing_variants(supplied_variants.select(:id)).
       where.not(enterprises: { id: }).
       update_all(updated_at: Time.zone.now)
   end

app/models/enterprise_group.rb

@@ -74,6 +74,16 @@ class EnterpriseGroup < ApplicationRecord
     permalink
   end
 
+  # Remove any unsupported HTML.
+  def long_description
+    HtmlSanitizer.sanitize(super)
+  end
+
+  # Remove any unsupported HTML.
+  def long_description=(html)
+    super(HtmlSanitizer.sanitize(html))
+  end
+
   private
 
   def sanitize_permalink

app/models/enterprise_relationship.rb

@@ -108,6 +108,6 @@ class EnterpriseRelationship < ApplicationRecord
 
   def child_variant_overrides
     VariantOverride.unscoped.for_hubs(child)
-      .joins(variant: :product).where(spree_products: { supplier_id: parent })
+      .joins(:variant).where(spree_variants: { supplier_id: parent } )
   end
 end

app/models/product_import/entry_processor.rb

@@ -54,10 +54,7 @@ module ProductImport
           if settings.importing_into_inventory?
             VariantOverride.for_hubs([enterprise_id]).count
           else
-            Spree::Variant.
-              joins(:product).
-              where(spree_products: { supplier_id: enterprise_id }).
-              count
+            Spree::Variant.where(supplier_id: enterprise_id).count
           end
 
         @enterprise_products[enterprise_id] = products_count
@@ -169,7 +166,6 @@ module ProductImport
       product.assign_attributes(
         entry.assignable_attributes.except('id', 'on_hand', 'on_demand', 'display_name')
       )
-      product.supplier_id = entry.producer_id
 
       if product.save
         ensure_variant_updated(product, entry)
@@ -228,10 +224,13 @@ module ProductImport
       # Ensure attributes are correctly copied to a new product's variant
       variant = product.variants.first
       variant.display_name = entry.display_name if entry.display_name
+      variant.import_date = @import_time
+      variant.supplier_id = entry.producer_id
+      variant.save
+
+      # on_demand and on_hand require a stock level, which is created after the variant is created
       variant.on_demand = entry.on_demand if entry.on_demand
       variant.on_hand = entry.on_hand if entry.on_hand
-      variant.import_date = @import_time
-      variant.save
     end
   end
 end

app/models/product_import/entry_validator.rb

@@ -73,6 +73,7 @@ module ProductImport
       # Variant needs a product. Product needs to be assigned first in order for
       # delegate to work. name= will fail otherwise.
       new_variant = Spree::Variant.new(product_id:, **variant_attributes)
+      new_variant.supplier_id = entry.producer_id
 
       new_variant.save
       if new_variant.persisted?
@@ -287,9 +288,7 @@ module ProductImport
     end
 
     def inventory_validation(entry)
-      products = Spree::Product.where(supplier_id: entry.producer_id,
-                                      name: entry.name,
-                                      deleted_at: nil)
+      products = Spree::Product.in_supplier(entry.producer_id).where(name: entry.name)
 
       if products.empty?
         mark_as_invalid(entry, attribute: 'name',
@@ -358,9 +357,7 @@ module ProductImport
     end
 
     def product_validation(entry)
-      products = Spree::Product.where(supplier_id: entry.enterprise_id,
-                                      name: entry.name,
-                                      deleted_at: nil)
+      products = Spree::Product.in_supplier(entry.enterprise_id).where(name: entry.name)
 
       if products.empty?
         mark_as_new_product(entry)
@@ -384,7 +381,6 @@ module ProductImport
       new_product.assign_attributes(
         entry.assignable_attributes.except('id', 'on_hand', 'on_demand', 'display_name')
       )
-      new_product.supplier_id = entry.producer_id
       entry.on_hand = 0 if entry.on_hand.nil?
 
       if new_product.valid?

app/models/product_import/product_importer.rb

@@ -287,8 +287,6 @@ module ProductImport
     end
 
     def delete_uploaded_file
-      return unless @file.path == Rails.root.join("tmp/product_import").to_s
-
       File.delete(@file)
     end
 

app/models/spree/ability.rb

@@ -189,20 +189,22 @@ module Spree
            :seo, :group_buy_options,
            :bulk_update, :clone, :delete,
            :destroy], Spree::Product do |product|
-        OpenFoodNetwork::Permissions.new(user).managed_product_enterprises.include? product.supplier
+        OpenFoodNetwork::Permissions.new(user).managed_product_enterprises.include?(
+          product.variants.first.supplier
+        )
       end
 
-      can [:admin, :index, :bulk_update], :products_v3
+      can [:admin, :index, :bulk_update, :destroy, :destroy_variant, :clone], :products_v3
 
       can [:create], Spree::Variant
       can [:admin, :index, :read, :edit,
            :update, :search, :delete, :destroy], Spree::Variant do |variant|
         OpenFoodNetwork::Permissions.new(user).
-          managed_product_enterprises.include? variant.product.supplier
+          managed_product_enterprises.include? variant.supplier
       end
 
       can [:admin, :index, :read, :update, :bulk_update, :bulk_reset], VariantOverride do |vo|
-        next false unless vo.hub.present? && vo.variant&.product&.supplier.present?
+        next false unless vo.hub.present? && vo.variant&.supplier.present?
 
         hub_auth = OpenFoodNetwork::Permissions.new(user).
           variant_override_hubs.
@@ -210,14 +212,14 @@ module Spree
 
         producer_auth = OpenFoodNetwork::Permissions.new(user).
           variant_override_producers.
-          include? vo.variant.product.supplier
+          include? vo.variant.supplier
 
         hub_auth && producer_auth
       end
 
       can [:admin, :create, :update], InventoryItem do |ii|
         next false unless ii.enterprise.present? &&
-                          ii.variant&.product&.supplier.present?
+                          ii.variant&.supplier.present?
 
         hub_auth = OpenFoodNetwork::Permissions.new(user).
           variant_override_hubs.
@@ -225,7 +227,7 @@ module Spree
 
         producer_auth = OpenFoodNetwork::Permissions.new(user).
           variant_override_producers.
-          include? ii.variant.product.supplier
+          include? ii.variant.supplier
 
         hub_auth && producer_auth
       end

app/models/spree/credit_card.rb

@@ -30,7 +30,7 @@ module Spree
 
     def expiry=(expiry)
       self[:month], self[:year] = expiry.split(" / ")
-      self[:year] = "20" + self[:year]
+      self[:year] = "20#{self[:year]}"
     end
 
     def number=(num)

app/models/spree/line_item.rb

@@ -5,9 +5,6 @@ require 'open_food_network/scope_variant_to_hub'
 module Spree
   class LineItem < ApplicationRecord
     include VariantUnits::VariantAndLineItemNaming
-    include LineItemStockChanges
-
-    self.belongs_to_required_by_default = false
 
     searchable_attributes :price, :quantity, :order_id, :variant_id, :tax_category_id
     searchable_associations :order, :order_cycle, :variant, :product, :supplier, :tax_category
@@ -18,8 +15,8 @@ module Spree
 
     belongs_to :variant, -> { with_deleted }, class_name: "Spree::Variant"
     has_one :product, through: :variant
-    has_one :supplier, through: :product
-    belongs_to :tax_category, class_name: "Spree::TaxCategory"
+    has_one :supplier, through: :variant
+    belongs_to :tax_category, class_name: "Spree::TaxCategory", optional: true
 
     has_many :adjustments, as: :adjustable, dependent: :destroy
 
@@ -28,7 +25,6 @@ module Spree
     before_validation :copy_tax_category
     before_validation :copy_dimensions
 
-    validates :variant, presence: true
     validates :quantity, numericality: {
       only_integer: true,
       greater_than: -1,
@@ -88,13 +84,11 @@ module Spree
         where(order_cycles: { id: order_cycle })
     }
 
-    # Here we are simply joining the line item to its variant and product
-    # We dont use joins here to avoid the default scopes,
-    #   and with that, include deleted variants and deleted products
+    # Here we are simply joining the line item to its variant
+    # We dont use joins here to avoid the default scopes, and with that, include deleted variants
     scope :supplied_by_any, lambda { |enterprises|
-      product_ids = Spree::Product.unscoped.where(supplier_id: enterprises).select(:id)
-      variant_ids = Spree::Variant.unscoped.where(product_id: product_ids).select(:id)
-      where(spree_line_items: { variant_id: variant_ids })
+      variant_ids = Spree::Variant.unscoped.where(supplier: enterprises).select(:id)
+      where(variant_id: variant_ids)
     }
 
     scope :with_tax, -> {

app/models/spree/order.rb

@@ -8,8 +8,6 @@ module Spree
     include Balance
     include SetUnusedAddressFields
 
-    self.belongs_to_required_by_default = false
-
     searchable_attributes :number, :state, :shipment_state, :payment_state, :distributor_id,
                           :order_cycle_id, :email, :total, :customer_id
     searchable_associations :shipping_method, :bill_address, :distributor
@@ -33,13 +31,13 @@ module Spree
 
     token_resource
 
-    belongs_to :user, class_name: "Spree::User"
-    belongs_to :created_by, class_name: "Spree::User"
+    belongs_to :user, class_name: "Spree::User", optional: true
+    belongs_to :created_by, class_name: "Spree::User", optional: true
 
-    belongs_to :bill_address, class_name: 'Spree::Address'
+    belongs_to :bill_address, class_name: 'Spree::Address', optional: true
     alias_attribute :billing_address, :bill_address
 
-    belongs_to :ship_address, class_name: 'Spree::Address'
+    belongs_to :ship_address, class_name: 'Spree::Address', optional: true
     alias_attribute :shipping_address, :ship_address
 
     has_many :state_changes, as: :stateful, dependent: :destroy
@@ -70,9 +68,9 @@ module Spree
              dependent: :destroy
     has_many :invoices, dependent: :restrict_with_exception
 
-    belongs_to :order_cycle
-    belongs_to :distributor, class_name: 'Enterprise'
-    belongs_to :customer
+    belongs_to :order_cycle, optional: true
+    belongs_to :distributor, class_name: 'Enterprise', optional: true
+    belongs_to :customer, optional: true
     has_one :proxy_order, dependent: :destroy
     has_one :subscription, through: :proxy_order
 

app/models/spree/payment.rb

@@ -155,6 +155,7 @@ module Spree
       if adjustment
         adjustment.originator = payment_method
         adjustment.label = adjustment_label
+        adjustment.amount = payment_method.compute_amount(self)
         adjustment.save
       elsif !processing_refund? && payment_method.present?
         payment_method.create_adjustment(adjustment_label, self, true)

app/models/spree/payment_method.rb

@@ -118,7 +118,7 @@ module Spree
     end
 
     def self.clean_name
-      i18n_key = "spree.admin.payment_methods.providers." + name.demodulize.downcase
+      i18n_key = "spree.admin.payment_methods.providers.#{name.demodulize.downcase}"
       I18n.t(i18n_key)
     end
 

app/models/spree/price.rb

@@ -24,10 +24,6 @@ module Spree
       amount
     end
 
-    def price_changed?
-      amount_changed?
-    end
-
     def price=(price)
       self[:amount] = parse_price(price)
     end

app/models/spree/product.rb

@@ -5,19 +5,15 @@ require 'open_food_network/property_merge'
 # PRODUCTS
 # Products represent an entity for sale in a store.
 # Products can have variations, called variants
-# Products properties include description, permalink, availability,
-#   shipping category, etc. that do not change by variant.
-#
-# MASTER VARIANT
-# Every product has one master variant, which stores master price and sku, size and weight, etc.
-# Price, SKU, size, weight, etc. are all delegated to the master variant.
-# Contains on_hand inventory levels only when there are no variants for the product.
+# Products properties include description, meta_keywork, etc. that do not change by variant.
 #
 # VARIANTS
-# All variants can access the product properties directly (via reverse delegation).
+# Every product has at least one variant (standard variant), which stores price and  availability,
+# shipping category, sku, size and weight, etc.
+# All variants can access the product name, description, and meta_keyword directly (via reverse
+# delegation).
 # Inventory units are tied to Variant.
-# The master variant can have inventory units, but not option values.
-# All other variants have option values and may have inventory units.
+# All variants have option values and may have inventory units.
 # Sum of on_hand each variant's inventory level determine "on_hand" level for the product.
 #
 module Spree
@@ -26,15 +22,14 @@ module Spree
     include LogDestroyPerformer
 
     self.belongs_to_required_by_default = false
+    self.ignored_columns += [:supplier_id]
 
     acts_as_paranoid
 
-    searchable_attributes :supplier_id, :meta_keywords, :sku
-    searchable_associations :supplier, :properties, :variants
+    searchable_attributes :meta_keywords, :sku
+    searchable_associations :properties, :variants
     searchable_scopes :active, :with_properties
 
-    belongs_to :supplier, class_name: 'Enterprise', optional: false, touch: true
-
     has_one :image, class_name: "Spree::Image", as: :viewable, dependent: :destroy
 
     has_many :product_properties, dependent: :destroy
@@ -45,7 +40,6 @@ module Spree
     has_many :prices, -> { order('spree_variants.id, currency') }, through: :variants
 
     has_many :stock_items, through: :variants
-    has_many :supplier_properties, through: :supplier, source: :properties
     has_many :variant_images, -> { order(:position) }, source: :images,
                                                        through: :variants
 
@@ -68,28 +62,27 @@ module Spree
     accepts_nested_attributes_for :image
     accepts_nested_attributes_for :product_properties,
                                   allow_destroy: true,
-                                  reject_if: lambda { |pp| pp[:property_name].blank? }
+                                  reject_if: ->(pp) { pp[:property_name].blank? }
 
     # Transient attributes used temporarily when creating a new product,
     # these values are persisted on the product's variant
     attr_accessor :price, :display_as, :unit_value, :unit_description, :tax_category_id,
-                  :shipping_category_id, :primary_taxon_id
+                  :shipping_category_id, :primary_taxon_id, :supplier_id
 
     after_create :ensure_standard_variant
+    after_update :touch_supplier, if: :saved_change_to_primary_taxon_id?
     around_destroy :destruction
     after_save :update_units
+    after_touch :touch_supplier
 
+    # -- Scopes
     scope :with_properties, ->(*property_ids) {
       left_outer_joins(:product_properties).
-        left_outer_joins(:supplier_properties).
         where(inherits_properties: true).
-        where(producer_properties: { property_id: property_ids }).
-        or(
-          where(spree_product_properties: { property_id: property_ids })
-        )
+        where(spree_product_properties: { property_id: property_ids })
     }
 
-    scope :with_order_cycles_outer, -> {
+    scope :with_order_cycles_outer, lambda {
       joins("
         LEFT OUTER JOIN spree_variants AS o_spree_variants
           ON (o_spree_variants.product_id = spree_products.id)").
@@ -111,9 +104,7 @@ module Spree
         where(import_date: import_date.all_day))
     }
 
-    scope :with_order_cycles_inner, -> {
-      joins(variants: { exchanges: :order_cycle })
-    }
+    scope :with_order_cycles_inner, -> { joins(variants: { exchanges: :order_cycle }) }
 
     scope :visible_for, lambda { |enterprise|
       joins('
@@ -126,8 +117,9 @@ module Spree
         distinct
     }
 
-    # -- Scopes
-    scope :in_supplier, lambda { |supplier| where(supplier_id: supplier) }
+    scope :in_supplier, lambda { |supplier|
+      distinct.joins(:variants).where(spree_variants: { supplier: })
+    }
 
     # Products distributed via the given distributor through an OC
     scope :in_distributor, lambda { |distributor|
@@ -144,18 +136,6 @@ module Spree
         distinct
     }
 
-    # Products supplied by a given enterprise or distributed via that enterprise through an OC
-    scope :in_supplier_or_distributor, lambda { |enterprise|
-      enterprise = enterprise.respond_to?(:id) ? enterprise.id : enterprise.to_i
-
-      with_order_cycles_outer.
-        where("
-          spree_products.supplier_id = ?
-          OR (o_exchanges.incoming = ? AND o_exchanges.receiver_id = ?)
-        ", enterprise, false, enterprise).
-        select('distinct spree_products.*')
-    }
-
     # Products distributed by the given order cycle
     scope :in_order_cycle, lambda { |order_cycle|
       with_order_cycles_inner.
@@ -170,27 +150,17 @@ module Spree
         where.not(order_cycles: { id: nil })
     }
 
-    scope :by_producer, -> { joins(:supplier).order('enterprises.name') }
-    scope :by_name, -> { order('name') }
+    scope :by_producer, -> { joins(variants: :supplier).order('enterprises.name') }
+    scope :by_name, -> { order('spree_products.name') }
 
     scope :managed_by, lambda { |user|
       if user.has_spree_role?('admin')
         where(nil)
       else
-        where(supplier_id: user.enterprises.select("enterprises.id"))
+        in_supplier(user.enterprises)
       end
     }
 
-    scope :stockable_by, lambda { |enterprise|
-      return where('1=0') if enterprise.blank?
-
-      permitted_producer_ids = EnterpriseRelationship.joins(:parent).permitting(enterprise.id)
-        .with_permission(:add_to_order_cycle)
-        .where(enterprises: { is_primary_producer: true })
-        .pluck(:parent_id)
-      where(spree_products: { supplier_id: [enterprise.id] | permitted_producer_ids })
-    }
-
     scope :active, lambda { where(spree_products: { deleted_at: nil }) }
 
     def self.group_by_products_id
@@ -236,7 +206,10 @@ module Spree
       ps = product_properties.all
 
       if inherits_properties
-        ps = OpenFoodNetwork::PropertyMerge.merge(ps, supplier.producer_properties)
+        # NOTE: Set the supplier as the first variant supplier. If variants have different supplier,
+        # result might not be correct
+        supplier = variants.first.supplier
+        ps = OpenFoodNetwork::PropertyMerge.merge(ps, supplier&.producer_properties || [])
       end
 
       ps.
@@ -263,8 +236,6 @@ module Spree
 
     def destruction
       transaction do
-        touch_distributors
-
         ExchangeVariant.
           where(exchange_variants: { variant_id: variants.with_deleted.
           select(:id) }).destroy_all
@@ -285,6 +256,7 @@ module Spree
       variant.tax_category_id = tax_category_id
       variant.shipping_category_id = shipping_category_id
       variant.primary_taxon_id = primary_taxon_id
+      variant.supplier_id = supplier_id
       variants << variant
     end
 
@@ -292,6 +264,7 @@ module Spree
     def variant_unit_with_scale
       scale_clean = ActiveSupport::NumberHelper.number_to_rounded(variant_unit_scale,
                                                                   precision: nil,
+                                                                  significant: false,
                                                                   strip_insignificant_zeros: true)
       [variant_unit, scale_clean].compact_blank.join("_")
     end
@@ -304,16 +277,41 @@ module Spree
       )
     end
 
+    # Remove any unsupported HTML.
+    def description
+      HtmlSanitizer.sanitize(super)
+    end
+
+    # Remove any unsupported HTML.
+    def description=(html)
+      super(HtmlSanitizer.sanitize(html))
+    end
+
     private
 
     def update_units
       return unless saved_change_to_variant_unit? || saved_change_to_variant_unit_name?
 
-      variants.each(&:update_units)
+      variants.each do |v|
+        if v.persisted?
+          v.update_units
+        else
+          v.assign_units
+        end
+      end
     end
 
-    def touch_distributors
-      Enterprise.distributing_products(id).each(&:touch)
+    def touch_supplier
+      return if variants.empty?
+
+      # Assume the product supplier is the supplier of the first variant
+      # Will breack if product has mutiple variants with different supplier
+      first_variant = variants.first
+
+      # The variant is invalid if no supplier is present, but this method can be triggered when
+      # importing product. In this scenario the variant has not been updated with the supplier yet
+      # hence the check.
+      first_variant.supplier.touch if first_variant.supplier.present?
     end
 
     def validate_image

app/models/spree/property.rb

@@ -6,6 +6,8 @@ module Spree
     has_many :products, through: :product_properties
     has_many :producer_properties, dependent: :destroy
 
+    after_touch :touch_producer_properties
+
     validates :name, :presentation, presence: true
 
     scope :sorted, -> { order(:name) }
@@ -13,5 +15,11 @@ module Spree
     def property
       self
     end
+
+    private
+
+    def touch_producer_properties
+      producer_properties.each(&:touch)
+    end
   end
 end

app/models/spree/tax_rate.rb

@@ -31,7 +31,7 @@ module Spree
       return [] if order.distributor && !order.distributor.charges_sales_tax
       return [] unless order.tax_zone
 
-      all.includes(zone: { zone_members: :zoneable }).load.select do |rate|
+      includes(zone: { zone_members: :zoneable }).load.select do |rate|
         rate.potentially_applicable?(order.tax_zone)
       end
     end

app/models/spree/taxon.rb

@@ -57,7 +57,7 @@ module Spree
       taxons = {}
 
       Spree::Taxon.
-        joins(products: :supplier).
+        joins(variants: :supplier).
         select('spree_taxons.*, enterprises.id AS enterprise_id').
         each do |t|
           taxons[t.enterprise_id.to_i] ||= Set.new

app/models/spree/user.rb

@@ -96,7 +96,7 @@ module Spree
     end
 
     def build_enterprise_roles
-      Enterprise.all.find_each do |enterprise|
+      Enterprise.find_each do |enterprise|
         unless enterprise_roles.find_by enterprise_id: enterprise.id
           enterprise_roles.build(enterprise:)
         end
@@ -156,6 +156,12 @@ module Spree
       self.disabled_at = value == '1' ? Time.zone.now : nil
     end
 
+    def affiliate_enterprises
+      return [] unless Flipper.enabled?(:affiliate_sales_data, self)
+
+      Enterprise.joins(:connected_apps).merge(ConnectedApps::AffiliateSalesData.ready)
+    end
+
     protected
 
     def password_required?

app/models/spree/variant.rb

@@ -13,8 +13,8 @@ module Spree
 
     acts_as_paranoid
 
-    searchable_attributes :sku, :display_as, :display_name, :primary_taxon_id
-    searchable_associations :product, :default_price, :primary_taxon
+    searchable_attributes :sku, :display_as, :display_name, :primary_taxon_id, :supplier_id
+    searchable_associations :product, :default_price, :primary_taxon, :supplier
     searchable_scopes :active, :deleted
 
     NAME_FIELDS = ["display_name", "display_as", "weight", "unit_value", "unit_description"].freeze
@@ -23,12 +23,15 @@ module Spree
                        meta_keywords
                        variants_display_as
                        variants_display_name
-                       supplier_name).join('_or_')}_cont".freeze
+                       variants_supplier_name).join('_or_')}_cont".freeze
 
-    belongs_to :product, -> { with_deleted }, touch: true, class_name: 'Spree::Product'
+    belongs_to :product, -> {
+                           with_deleted
+                         }, touch: true, class_name: 'Spree::Product', optional: false
     belongs_to :tax_category, class_name: 'Spree::TaxCategory'
     belongs_to :shipping_category, class_name: 'Spree::ShippingCategory', optional: false
     belongs_to :primary_taxon, class_name: 'Spree::Taxon', touch: true, optional: false
+    belongs_to :supplier, class_name: 'Enterprise', optional: false, touch: true
 
     delegate :name, :name=, :description, :description=, :meta_keywords, to: :product
 
@@ -49,7 +52,7 @@ module Spree
     has_many :prices,
              class_name: 'Spree::Price',
              dependent: :destroy
-    delegate :display_price, :display_amount, :price, :price_changed?, :price=,
+    delegate :display_price, :display_amount, :price, :price=,
              :currency, :currency=,
              to: :find_or_build_default_price
 
@@ -58,6 +61,7 @@ module Spree
     has_many :variant_overrides, dependent: :destroy
     has_many :inventory_items, dependent: :destroy
     has_many :semantic_links, dependent: :delete_all
+    has_many :supplier_properties, through: :supplier, source: :properties
 
     localize_number :price, :weight
 
@@ -65,7 +69,7 @@ module Spree
     validate :check_currency
     validates :price, numericality: { greater_than_or_equal_to: 0 }, presence: true
     validates :tax_category, presence: true,
-                             if: proc { Spree::Config[:products_require_tax_category] }
+                             if: proc { Spree::Config.products_require_tax_category }
 
     validates :unit_value, presence: true, if: ->(variant) {
       %w(weight volume).include?(variant.product&.variant_unit)
@@ -83,7 +87,6 @@ module Spree
     before_validation :ensure_unit_value
     before_validation :update_weight_from_unit_value, if: ->(v) { v.product.present? }
     before_validation :convert_variant_weight_to_decimal
-    before_validation :assign_related_taxon, if: ->(v) { v.primary_taxon.blank? }
 
     before_save :assign_units, if: ->(variant) {
       variant.new_record? || variant.changed_attributes.keys.intersection(NAME_FIELDS).any?
@@ -94,7 +97,7 @@ module Spree
     after_save :save_default_price
 
     # default variant scope only lists non-deleted variants
-    scope :deleted, lambda { where.not(deleted_at: nil) }
+    scope :deleted, -> { where.not(deleted_at: nil) }
 
     scope :with_order_cycles_inner, -> { joins(exchanges: :order_cycle) }
 
@@ -139,11 +142,9 @@ module Spree
         .where("o_inventory_items.id IS NULL OR o_inventory_items.visible = (?)", true)
     }
 
-    scope :stockable_by, lambda { |enterprise|
-      return where("1=0") if enterprise.blank?
-
-      joins(:product).
-        where(spree_products: { id: Spree::Product.stockable_by(enterprise).pluck(:id) })
+    scope :with_properties, lambda { |property_ids|
+      left_outer_joins(:supplier_properties).
+        where(producer_properties: { property_id: property_ids })
     }
 
     # Define sope as class method to allow chaining with other scopes filtering id.
@@ -199,6 +200,11 @@ module Spree
       price_in(currency).try(:amount)
     end
 
+    def changed?
+      # We consider the variant changed if associated price is changed (it is saved after_save)
+      super || default_price.changed?
+    end
+
     # can_supply? is implemented in VariantStock
     def in_stock?(quantity = 1)
       can_supply?(quantity)
@@ -210,10 +216,6 @@ module Spree
 
     private
 
-    def assign_related_taxon
-      self.primary_taxon ||= product.variants.last&.primary_taxon
-    end
-
     def check_currency
       return unless currency.nil?
 
@@ -233,7 +235,7 @@ module Spree
     end
 
     def create_stock_items
-      StockLocation.all.find_each do |stock_location|
+      StockLocation.find_each do |stock_location|
         stock_location.propagate_variant(self)
       end
     end
@@ -245,8 +247,16 @@ module Spree
     end
 
     def destruction
-      exchange_variants.reload.destroy_all
-      yield
+      transaction do
+        # Even tough Enterprise will touch associated variant distributors when touched,
+        # the variant will be removed from the exchange by the time it's triggered,
+        # so it won't be able to find the deleted variant's distributors.
+        # This why we do it here
+        touch_distributors
+
+        exchange_variants.reload.destroy_all
+        yield
+      end
     end
 
     def ensure_unit_value
@@ -263,5 +273,9 @@ module Spree
     def convert_variant_weight_to_decimal
       self.weight = weight.to_d
     end
+
+    def touch_distributors
+      Enterprise.distributing_variants(id).each(&:touch)
+    end
   end
 end

app/models/variant_override.rb

@@ -52,11 +52,14 @@ class VariantOverride < ApplicationRecord
       return
     end
 
+    # rubocop:disable Rails/SkipsModelValidations
+    # Cf. conversation https://github.com/openfoodfoundation/openfoodnetwork/pull/12647
     if quantity > 0
       increment! :count_on_hand, quantity
     elsif quantity < 0
       decrement! :count_on_hand, -quantity
     end
+    # rubocop:enable Rails/SkipsModelValidations
   end
 
   def default_stock?

app/queries/product_scope_query.rb

@@ -31,16 +31,18 @@ class ProductScopeQuery
     product_scope.find(@params[:product_id])
   end
 
-  def paged_products_for_producers
+  def products_for_producers
     producer_ids = OpenFoodNetwork::Permissions.new(@user).
       variant_override_producers.by_name.select('enterprises.id')
 
+    # Use `order("enterprises.name")` instead of `by_producer scope`, the scope adds a join
+    # on variants which messes our query
     Spree::Product.where(nil).
       merge(product_scope).
-      includes(variants: [:product, :default_price, :stock_items]).
-      where(supplier_id: producer_ids).
-      by_producer.by_name.
-      ransack(@params[:q]).result
+      includes(variants: [:product, :default_price, :stock_items, :supplier]).
+      where(variants: { supplier_id: producer_ids }).
+      order("enterprises.name, spree_products.name").
+      ransack(@params[:q]).result(distinct: true)
   end
 
   def product_scope

app/reflexes/admin/orders_reflex.rb

@@ -33,23 +33,16 @@ module Admin
     end
 
     def bulk_invoice(params)
-      visible_orders = editable_orders.invoiceable.where(id: params[:bulk_ids])
+      visible_orders = bulk_load_orders(params)
 
-      if Spree::Config.enterprise_number_required_on_invoices?
-        distributors_without_abn = Enterprise.where(
-          id: visible_orders.select(:distributor_id),
-          abn: nil,
-        )
+      return if notify_if_abn_related_issue(visible_orders)
 
-        if distributors_without_abn.exists?
-          render_business_number_required_error(distributors_without_abn)
-          return
-        end
-      end
+      file_id = "#{Time.zone.now.to_i}-#{SecureRandom.hex(2)}"
 
       cable_ready.append(
         selector: "#orders-index",
-        html: render(partial: "spree/admin/orders/bulk/invoice_modal")
+        html: render(partial: "spree/admin/orders/bulk/invoice_modal",
+                     locals: { invoice_url: "/admin/orders/invoices/#{file_id}" })
       ).broadcast
 
       # Preserve order of bulk_ids.
@@ -59,7 +52,7 @@ module Admin
 
       BulkInvoiceJob.perform_later(
         visible_order_ids,
-        "tmp/invoices/#{Time.zone.now.to_i}-#{SecureRandom.hex(2)}.pdf",
+        "tmp/invoices/#{file_id}.pdf",
         channel: SessionChannel.for_request(request),
         current_user_id: current_user.id
       )
@@ -134,5 +127,35 @@ module Admin
                              enterprise_name: distributor_names.join(", "))
       morph_admin_flashes
     end
+
+    def bulk_load_orders(params)
+      editable_orders.invoiceable.where(id: params[:bulk_ids])
+    end
+
+    def notify_if_abn_related_issue(orders)
+      return false unless abn_required?
+
+      distributors = distributors_without_abn(orders)
+      return false if distributors.empty?
+
+      render_business_number_required_error(distributors)
+      true
+    end
+
+    def abn_required?
+      Spree::Config.enterprise_number_required_on_invoices?
+    end
+
+    def distributors_without_abn(orders)
+      abn = if OpenFoodNetwork::FeatureToggle.enabled?(:invoices)
+              [nil, ""]
+            else
+              [nil]
+            end
+      Enterprise.where(
+        id: orders.select(:distributor_id),
+        abn:,
+      )
+    end
   end
 end

app/reflexes/products_reflex.rb

@@ -1,213 +0,0 @@
-# frozen_string_literal: true
-
-class ProductsReflex < ApplicationReflex
-  include Pagy::Backend
-
-  before_reflex :init_filters_params, :init_pagination_params
-
-  def change_per_page
-    @per_page = element.value.to_i
-    @page = 1
-
-    fetch_and_render_products_with_flash
-  end
-
-  def clear_search
-    @search_term = nil
-    @producer_id = nil
-    @category_id = nil
-    @page = 1
-
-    fetch_and_render_products_with_flash
-  end
-
-  def delete_product
-    id = current_id_from_element(element)
-    product = product_finder(id).find_product
-    authorize! :delete, product
-
-    if product.destroy
-      flash[:success] = I18n.t('admin.products_v3.delete_product.success')
-    else
-      flash[:error] = I18n.t('admin.products_v3.delete_product.error')
-    end
-
-    fetch_and_render_products_with_flash
-  end
-
-  def delete_variant
-    id = current_id_from_element(element)
-    variant = Spree::Variant.active.find(id)
-    authorize! :delete, variant
-
-    if VariantDeleter.new.delete(variant)
-      flash[:success] = I18n.t('admin.products_v3.delete_variant.success')
-    else
-      flash[:error] = I18n.t('admin.products_v3.delete_variant.error')
-    end
-
-    fetch_and_render_products_with_flash
-  end
-
-  private
-
-  def init_filters_params
-    # params comes from the form
-    # _params comes from the url
-    # priority is given to params from the form (if present) over url params
-    @search_term = params[:search_term] || params[:_search_term]
-    @producer_id = params[:producer_id] || params[:_producer_id]
-    @category_id = params[:category_id] || params[:_category_id]
-  end
-
-  def init_pagination_params
-    # prority is given to element dataset (if present) over url params
-    @page = element.dataset.page || params[:_page] || 1
-    @per_page = element.dataset.perpage || params[:_per_page] || 15
-  end
-
-  def fetch_and_render_products_with_flash
-    fetch_products
-    render_products
-  end
-
-  def render_products
-    cable_ready.replace(
-      selector: "#products-content",
-      html: render(partial: "admin/products_v3/content",
-                   locals: { products: @products, pagy: @pagy, search_term: @search_term,
-                             producer_options: producers, producer_id: @producer_id,
-                             category_options: categories, tax_category_options:,
-                             category_id: @category_id, flashes: flash })
-    )
-
-    cable_ready.replace_state(
-      url: current_url,
-    )
-
-    morph :nothing
-  end
-
-  def render_products_form_with_flash
-    locals = { products: @products }
-    locals[:error_counts] = @error_counts if @error_counts.present?
-    locals[:flashes] = flash if flash.any?
-
-    cable_ready.replace(
-      selector: "#products-form",
-      html: render(partial: "admin/products_v3/table", locals:)
-    )
-    morph :nothing
-
-    # dunno why this doesn't work. The HTML stops after the first `<col>` element, wtf?!
-    # morph "#products-form", render(partial: "admin/products_v3/table", locals:)
-  end
-
-  def producers
-    producers = OpenFoodNetwork::Permissions.new(current_user)
-      .managed_product_enterprises.is_primary_producer.by_name
-    producers.map { |p| [p.name, p.id] }
-  end
-
-  def categories
-    Spree::Taxon.order(:name).map { |c| [c.name, c.id] }
-  end
-
-  def tax_category_options
-    Spree::TaxCategory.order(:name).pluck(:name, :id)
-  end
-
-  def fetch_products
-    product_query = OpenFoodNetwork::Permissions.new(current_user)
-      .editable_products.merge(product_scope).ransack(ransack_query).result(distinct: true)
-    @pagy, @products = pagy(product_query.order(:name), items: @per_page, page: @page,
-                                                        size: [1, 2, 2, 1])
-  end
-
-  def product_scope
-    scope = if current_user.has_spree_role?("admin") || current_user.enterprises.present?
-              Spree::Product
-            else
-              Spree::Product.active
-            end
-
-    scope.includes(product_query_includes)
-  end
-
-  def ransack_query
-    query = {}
-    query.merge!(supplier_id_in: @producer_id) if @producer_id.present?
-    if @search_term.present?
-      query.merge!(Spree::Variant::SEARCH_KEY => @search_term)
-    end
-    query.merge!(variants_primary_taxon_id_in: @category_id) if @category_id.present?
-    query
-  end
-
-  # Optimise by pre-loading required columns
-  def product_query_includes
-    # TODO: add other fields used in columns? (eg supplier: [:name])
-    [
-      # variants: [
-      #   :default_price,
-      #   :stock_locations,
-      #   :stock_items,
-      #   :variant_overrides
-      # ]
-    ]
-  end
-
-  def current_url
-    url = URI(request.original_url)
-    url.query = url.query.present? ? "#{url.query}&" : ""
-    # add params with _ to avoid conflicts with params from the form
-    url.query += "_page=#{@page}"
-    url.query += "&_per_page=#{@per_page}"
-    url.query += "&_search_term=#{@search_term}" if @search_term.present?
-    url.query += "&_producer_id=#{@producer_id}" if @producer_id.present?
-    url.query += "&_category_id=#{@category_id}" if @category_id.present?
-    url.to_s
-  end
-
-  # Similar to spree/admin/products_controller
-  def product_set_from_params
-    # Form field names:
-    #   '[products][0][id]' (hidden field)
-    #   '[products][0][name]'
-    #   '[products][0][variants_attributes][0][id]' (hidden field)
-    #   '[products][0][variants_attributes][0][display_name]'
-    #
-    # Resulting in params:
-    #     "products" => {
-    #       "0" =>  {
-    #         "id" => "123"
-    #         "name" => "Pommes",
-    #         "variants_attributes" => {
-    #           "0" => {
-    #           "id" => "1234",
-    #           "display_name" => "Large box",
-    #         }
-    #       }
-    #     }
-    collection_hash = products_bulk_params[:products]
-      .transform_values { |product|
-        # Convert variants_attributes form hash to an array if present
-        product[:variants_attributes] &&= product[:variants_attributes].values
-        product
-      }.with_indifferent_access
-    Sets::ProductSet.new(collection_attributes: collection_hash)
-  end
-
-  def products_bulk_params
-    params.permit(products: ::PermittedAttributes::Product.attributes)
-      .to_h.with_indifferent_access
-  end
-
-  def product_finder(id)
-    ProductScopeQuery.new(current_user, { id: })
-  end
-
-  def current_id_from_element(element)
-    element.dataset.current_id
-  end
-end

app/serializers/api/admin/for_order_cycle/supplied_product_serializer.rb

@@ -7,7 +7,7 @@ module Api
         attributes :name, :supplier_name, :image_url, :variants
 
         def supplier_name
-          object.supplier&.name
+          object.variants.first.supplier&.name
         end
 
         def image_url

app/serializers/api/admin/line_item_serializer.rb

@@ -9,7 +9,7 @@ module Api
       has_one :order, serializer: Api::Admin::IdSerializer
 
       def supplier
-        { id: object.product.supplier_id }
+        { id: object.supplier.id }
       end
 
       def units_product

app/serializers/api/admin/product_serializer.rb

@@ -7,8 +7,6 @@ module Api
                  :inherits_properties, :on_hand, :price, :import_date, :image_url,
                  :thumb_url, :variants
 
-      has_one :supplier, key: :producer_id, embed: :id
-
       def variants
         ActiveModel::ArraySerializer.new(
           object.variants,

app/serializers/api/admin/product_simple_serializer.rb

@@ -3,13 +3,9 @@
 module Api
   module Admin
     class ProductSimpleSerializer < ActiveModel::Serializer
-      attributes :id, :name, :producer_id
+      attributes :id, :name
 
       has_many :variants, key: :variants, serializer: Api::Admin::VariantSimpleSerializer
-
-      def producer_id
-        object.supplier_id
-      end
     end
   end
 end

app/serializers/api/admin/variant_serializer.rb

@@ -9,6 +9,7 @@ module Api
                  :price, :on_demand, :on_hand, :in_stock, :stock_location_id, :stock_location_name
 
       has_one :primary_taxon, key: :category_id, embed: :id
+      has_one :supplier, key: :producer_id, embed: :id
 
       def name
         if object.full_name.present?
@@ -31,7 +32,7 @@ module Api
       end
 
       def producer_name
-        object.product.supplier.name
+        object.supplier.name
       end
 
       def image

app/serializers/api/admin/variant_simple_serializer.rb

@@ -6,7 +6,7 @@ module Api
       attributes :id, :name, :import_date,
                  :options_text, :unit_value, :unit_description, :unit_to_display,
                  :display_as, :display_name, :name_to_display,
-                 :price, :on_demand, :on_hand
+                 :price, :on_demand, :on_hand, :producer_id
 
       has_many :variant_overrides
 
@@ -27,6 +27,10 @@ module Api
       def price
         object.price.nil? ? 0.to_f : object.price
       end
+
+      def producer_id
+        object.supplier_id
+      end
     end
   end
 end

app/serializers/api/cached_enterprise_serializer.rb

@@ -131,7 +131,7 @@ module Api
         producer_shop: "map_003-producer-shop.svg",
         producer: "map_001-producer-only.svg",
       }
-      "/map_icons/" + (icons[enterprise.category] || "map_001-producer-only.svg")
+      "/map_icons/#{icons[enterprise.category] || 'map_001-producer-only.svg'}"
     end
 
     # Choose regular icon font for enterprises.