Update en.yml

Removing mentions about UFC Que choisir and changing the link

.env.development

@@ -6,9 +6,9 @@
 #     cp .env.development .env.local
 
 # Locale for translation. Using a locale other than `en` tests the
-# successful fallback to `en`. To see up-to-date text used in production,
-# set another locale in a local env file.
-LOCALE="en_TST"
+# successful fallback to `en`. You will also see up-to-date text used
+# in production
+LOCALE="en_AU"
 
 VERBOSE_QUERY_LOGS=true
 
@@ -16,9 +16,8 @@ SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 
 OFN_REDIS_URL="redis://localhost:6379/1"
 OFN_REDIS_JOBS_URL="redis://localhost:6379/2"
-OFN_REDIS_CABLE_URL="redis://localhost:6379/0"
 
-SITE_URL="localhost:3000"
+SITE_URL="0.0.0.0:3000"
 
 # Deactivate rack-timeout in development.
 # https://github.com/zombocom/rack-timeout#configuring

.env.test

@@ -1,17 +1,8 @@
 # ENV vars for the test environment
 # Override locally with `.env.test.local`
 
-# Test env specific variables
-#
-# Adjust this to your computer. When you start test-driven development, you may
-# want to reduce this value to avoid waiting for a test that you expect to fail.
-CAPYBARA_MAX_WAIT_TIME="10"
-
-# General app specific variables
-
-# Locale for translation. Using a locale other than `en` tests the
-# successful fallback to `en`.
-LOCALE="en_TST"
+# Locale for translation.
+LOCALE="en_TEST"
 
 OFN_REDIS_JOBS_URL="redis://localhost:6379/2"
 
@@ -24,10 +15,6 @@ STRIPE_PUBLIC_TEST_API_KEY="bogus_stripe_publishable_key"
 
 SITE_URL="test.host"
 
-# OIDC Settings for DFC authentication
-# Find secrets in BitWarden.
-# To get a refresh token: log into the OIDC provider, connect your OFN user to it at /admin/oidc_settings, then copy the token from the database:
-#  ./bin/rails runner 'puts "OPENID_REFRESH_TOKEN=\"#{OidcAccount.last.refresh_token}\""'
 OPENID_APP_ID="test-provider"
 OPENID_APP_SECRET="dummy-openid-app-secret-token"
 OPENID_REFRESH_TOKEN="dummy-refresh-token"

.github/ISSUE_TEMPLATE/release.md

@@ -13,7 +13,6 @@ assignees: ''
 - [ ] Include translations: `script/release/update_locales`
     - You need the [Transifex Client] installed on your local dev environement to run the script.
 - [ ] Increment version number: `git push upstream HEAD:refs/tags/vX.Y.Z`
-    Check for [minor or major breaking changes]
     - Major: if server changes are required (eg. provision with ofn-install)
     - Minor: larger change that is irreversible (eg. migration deleting data)
     - Patch: all others. Shortcut: `script/release/tag`
@@ -57,4 +56,3 @@ The full process is described at https://github.com/openfoodfoundation/openfoodn
 [Create issue]: https://github.com/openfoodfoundation/openfoodnetwork/issues/new?assignees=&labels=&projects=&template=release.md&title=Release
 [#delivery-circle]: https://openfoodnetwork.slack.com/archives/C01T75H6G0Z
 [Transifex Client]: https://developers.transifex.com/docs/cli
-[minor or major breaking changes]: https://github.com/openfoodfoundation/openfoodnetwork/pulls?q=label%3A%22breaking+change%22%2C%22major+breaking+change%22

.github/release.yml

@@ -14,12 +14,6 @@ changelog:
           - technical changes only
           - user facing changes
 
-    # These will require a minor or major version increment
-    - title: "Significant changes 🚀"
-      labels:
-        - breaking change
-        - major breaking change
-
     # Posted in advance for #instance-managers
     - title: "User-facing changes 👀"
       labels:

.github/workflows/brakeman-analysis.yml

@@ -0,0 +1,51 @@
+# This workflow integrates Brakeman with GitHub's Code Scanning feature
+# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
+
+name: Brakeman Scan
+
+# This section configures the trigger for the workflow. Feel free to customize depending on your convention
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+permissions:
+  contents: read
+
+jobs:
+  brakeman-scan:
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
+    name: Brakeman Scan
+    runs-on: ubuntu-latest
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    # Customize the ruby version depending on your needs
+    - name: Setup Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: '2.7'
+
+    - name: Setup Brakeman
+      env:
+        BRAKEMAN_VERSION: '5.4.0'
+      run: |
+        gem install brakeman --version $BRAKEMAN_VERSION
+
+    # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
+    - name: Scan
+      continue-on-error: true
+      run: |
+        git show --no-patch # the commit being tested (which is often a merge due to actions/checkout@v3)
+        brakeman -f sarif -o output.sarif.json .
+
+    # Upload the SARIF file generated in the previous step
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: output.sarif.json

.github/workflows/build.yml

@@ -17,7 +17,85 @@ permissions:
   contents: read
 
 jobs:
-  controllers_and_models:
+  controllers:
+    runs-on: ubuntu-22.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    strategy:
+      fail-fast: false
+      matrix:
+        # [n] - where the n is a number of parallel jobs you want to run your tests on.
+        # Use a higher number if you have slow tests to split them between more parallel jobs.
+        # Remember to update the value of the `ci_node_index` below to (0..n-1).
+        ci_node_total: [8]
+        # Indexes for parallel jobs (starting from zero).
+        # E.g. use [0, 1] for 2 parallel jobs, [0, 1, 2] for 3 parallel jobs, etc.
+        ci_node_index: [0, 1, 2, 3, 4, 5, 6, 7]
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup redis
+        uses: supercharge/redis-github-action@1.4.0
+        with:
+          redis-version: 6
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      # JS is required in order for webpacker to compile, in order to render templates containing image urls
+      - uses: actions/setup-node@v3
+        with:
+          node-version-file: .node-version
+          cache: yarn
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up database
+        run: |
+          bin/rake db:create db:schema:load
+
+      - name: Run tests
+        env:
+          KNAPSACK_PRO_TEST_SUITE_TOKEN_RSPEC: 864ef557d85ea8e603e086c0387d5154
+          KNAPSACK_PRO_CI_NODE_TOTAL: ${{ matrix.ci_node_total }}
+          KNAPSACK_PRO_CI_NODE_INDEX: ${{ matrix.ci_node_index }}
+          KNAPSACK_PRO_LOG_LEVEL: info
+          # if you use Knapsack Pro Queue Mode you must set below env variable
+          # to be able to retry CI build and run previously recorded tests
+          # https://github.com/KnapsackPro/knapsack_pro-ruby#knapsack_pro_fixed_queue_split-remember-queue-split-on-retry-ci-node
+          # KNAPSACK_PRO_FIXED_QUEUE_SPLIT: false
+          # RSpec split test files by test examples feature - it's optional
+          # https://knapsackpro.com/faq/question/how-to-split-slow-rspec-test-files-by-test-examples-by-individual-it
+          #KNAPSACK_PRO_RSPEC_SPLIT_BY_TEST_EXAMPLES: true
+          KNAPSACK_PRO_TEST_FILE_PATTERN: "{spec/controllers/**/*_spec.rb}"
+        run: |
+          git show --no-patch # the commit being tested (which is often a merge due to actions/checkout@v3)
+          bin/rake knapsack_pro:rspec
+
+      - name: Save SimpleCov file
+        uses: actions/upload-artifact@v4
+        with:
+          name: simplecov-chunk-controllers-${{ matrix.ci_node_index }}
+          path: coverage/*.*
+          retention-days: 2 # doesn't need to be long, because it's the combined results that matter
+          if-no-files-found: ignore
+          include-hidden-files: true
+
+  models:
     runs-on: ubuntu-22.04
     services:
       postgres:
@@ -55,22 +133,13 @@ jobs:
         with:
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
 
-      # JS is required in order for webpacker to compile, in order to render templates containing image urls
-      - uses: actions/setup-node@v3
-        with:
-          node-version-file: .node-version
-          cache: yarn
-
-      - name: Install JS dependencies
-        run: yarn install --frozen-lockfile
-
       - name: Set up database
         run: |
-          bin/rails db:create db:schema:load
+          bin/rake db:create db:schema:load
 
       - name: Run tests
         env:
-          KNAPSACK_PRO_TEST_SUITE_TOKEN_RSPEC: 864ef557d85ea8e603e086c0387d5154
+          KNAPSACK_PRO_TEST_SUITE_TOKEN_RSPEC: 09476e2ce491c12083df62768667c674
           KNAPSACK_PRO_CI_NODE_TOTAL: ${{ matrix.ci_node_total }}
           KNAPSACK_PRO_CI_NODE_INDEX: ${{ matrix.ci_node_index }}
           KNAPSACK_PRO_LOG_LEVEL: info
@@ -81,21 +150,20 @@ jobs:
           # RSpec split test files by test examples feature - it's optional
           # https://knapsackpro.com/faq/question/how-to-split-slow-rspec-test-files-by-test-examples-by-individual-it
           #KNAPSACK_PRO_RSPEC_SPLIT_BY_TEST_EXAMPLES: true
-          KNAPSACK_PRO_TEST_FILE_PATTERN: "{spec/controllers/**/*_spec.rb,spec/models/**/*_spec.rb}"
+          KNAPSACK_PRO_TEST_FILE_PATTERN: "{spec/models/**/*_spec.rb}"
         run: |
-          git show --no-patch # the commit being tested (which is often a merge due to actions/checkout@v3)
-          bin/rails assets:precompile knapsack_pro:rspec
+          bin/rake knapsack_pro:rspec
 
       - name: Save SimpleCov file
         uses: actions/upload-artifact@v4
         with:
-          name: simplecov-chunk-controllers-${{ matrix.ci_node_index }}
+          name: simplecov-chunk-models-${{ matrix.ci_node_index }}
           path: coverage/*.*
           retention-days: 2 # doesn't need to be long, because it's the combined results that matter
           if-no-files-found: ignore
           include-hidden-files: true
 
-  system:
+  system_admin:
     runs-on: ubuntu-22.04
     services:
       postgres:
@@ -116,10 +184,10 @@ jobs:
         # [n] - where the n is a number of parallel jobs you want to run your tests on.
         # Use a higher number if you have slow tests to split them between more parallel jobs.
         # Remember to update the value of the `ci_node_index` below to (0..n-1).
-        ci_node_total: [19]
+        ci_node_total: [14]
         # Indexes for parallel jobs (starting from zero).
         # E.g. use [0, 1] for 2 parallel jobs, [0, 1, 2] for 3 parallel jobs, etc.
-        ci_node_index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18]
+        ci_node_index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]
     steps:
       - uses: actions/checkout@v3
 
@@ -143,7 +211,7 @@ jobs:
 
       - name: Set up database
         run: |
-          bin/rails db:create db:schema:load
+          bin/rake db:create db:schema:load
 
       - name: Run tests
 
@@ -159,15 +227,15 @@ jobs:
           # RSpec split test files by test examples feature - it's optional
           # https://knapsackpro.com/faq/question/how-to-split-slow-rspec-test-files-by-test-examples-by-individual-it
           #KNAPSACK_PRO_RSPEC_SPLIT_BY_TEST_EXAMPLES: true
-          KNAPSACK_PRO_TEST_FILE_PATTERN: "{spec/system/admin/**/*_spec.rb,spec/system/consumer/**/*_spec.rb}"
+          KNAPSACK_PRO_TEST_FILE_PATTERN: "{spec/system/admin/**/*_spec.rb}"
 
         run: |
-          bin/rails assets:precompile knapsack_pro:queue:rspec
+          bin/rake knapsack_pro:queue:rspec
 
       - name: Save SimpleCov file
         uses: actions/upload-artifact@v4
         with:
-          name: simplecov-chunk-system-${{ matrix.ci_node_index }}
+          name: simplecov-chunk-system-admin-${{ matrix.ci_node_index }}
           path: coverage/*.*
           retention-days: 2 # doesn't need to be long, because it's the combined results that matter
           if-no-files-found: ignore
@@ -177,7 +245,94 @@ jobs:
         if: failure()
         uses: actions/upload-artifact@v4
         with:
-          name: failed-system_${{ matrix.ci_node_index }}-tests-screenshots
+          name: failed-admin_${{ matrix.ci_node_index }}-tests-screenshots
+          path: tmp/capybara/screenshots/*.png
+          retention-days: 7
+          if-no-files-found: ignore
+
+  system_consumer:
+    runs-on: ubuntu-22.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    strategy:
+      fail-fast: false
+      matrix:
+        # [n] - where the n is a number of parallel jobs you want to run your tests on.
+        # Use a higher number if you have slow tests to split them between more parallel jobs.
+        # Remember to update the value of the `ci_node_index` below to (0..n-1).
+        ci_node_total: [12]
+        # Indexes for parallel jobs (starting from zero).
+        # E.g. use [0, 1] for 2 parallel jobs, [0, 1, 2] for 3 parallel jobs, etc.
+        ci_node_index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup redis
+        uses: supercharge/redis-github-action@1.4.0
+        with:
+          redis-version: 6
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version-file: .node-version
+          cache: yarn
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up database
+        run: |
+          bin/rake db:create db:schema:load
+
+      - name: Run tests
+
+        env:
+          KNAPSACK_PRO_TEST_SUITE_TOKEN_RSPEC: e52bd4390c853e6c5bdfe4d0334586c1
+          KNAPSACK_PRO_CI_NODE_TOTAL: ${{ matrix.ci_node_total }}
+          KNAPSACK_PRO_CI_NODE_INDEX: ${{ matrix.ci_node_index }}
+          KNAPSACK_PRO_LOG_LEVEL: info
+          # if you use Knapsack Pro Queue Mode you must set below env variable
+          # to be able to retry CI build and run previously recorded tests
+          # https://github.com/KnapsackPro/knapsack_pro-ruby#knapsack_pro_fixed_queue_split-remember-queue-split-on-retry-ci-node
+          KNAPSACK_PRO_FIXED_QUEUE_SPLIT: true
+          # RSpec split test files by test examples feature - it's optional
+          # https://knapsackpro.com/faq/question/how-to-split-slow-rspec-test-files-by-test-examples-by-individual-it
+          #KNAPSACK_PRO_RSPEC_SPLIT_BY_TEST_EXAMPLES: true
+          KNAPSACK_PRO_TEST_FILE_PATTERN: "{spec/system/consumer/**/*_spec.rb}"
+
+        run: |
+          bin/rake knapsack_pro:queue:rspec
+
+      - name: Save SimpleCov file
+        uses: actions/upload-artifact@v4
+        with:
+          name: simplecov-chunk-system-consumer-${{ matrix.ci_node_index }}
+          path: coverage/*.*
+          retention-days: 2 # doesn't need to be long, because it's the combined results that matter
+          if-no-files-found: ignore
+          include-hidden-files: true
+
+      - name: Archive failed tests screenshots
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: failed-consumer_${{ matrix.ci_node_index }}-tests-screenshots
           path: tmp/capybara/screenshots/*.png
           retention-days: 7
           if-no-files-found: ignore
@@ -231,7 +386,7 @@ jobs:
 
       - name: Set up database
         run: |
-          bin/rails db:create db:schema:load
+          bin/rake db:create db:schema:load
 
       - name: Run tests
 
@@ -250,7 +405,7 @@ jobs:
           KNAPSACK_PRO_TEST_FILE_PATTERN: "{spec/lib/**/*_spec.rb,spec/migrations/**/*_spec.rb,spec/serializers/**/*_spec.rb,engines/**/*_spec.rb}"
 
         run: |
-          bin/rails assets:precompile knapsack_pro:rspec
+          bin/rake knapsack_pro:rspec
 
       - name: Save SimpleCov file
         uses: actions/upload-artifact@v4
@@ -282,10 +437,10 @@ jobs:
         # [n] - where the n is a number of parallel jobs you want to run your tests on.
         # Use a higher number if you have slow tests to split them between more parallel jobs.
         # Remember to update the value of the `ci_node_index` below to (0..n-1).
-        ci_node_total: [3]
+        ci_node_total: [5]
         # Indexes for parallel jobs (starting from zero).
         # E.g. use [0, 1] for 2 parallel jobs, [0, 1, 2] for 3 parallel jobs, etc.
-        ci_node_index: [0, 1, 2]
+        ci_node_index: [0, 1, 2, 3, 4]
     steps:
       - uses: actions/checkout@v3
 
@@ -310,7 +465,7 @@ jobs:
 
       - name: Set up database
         run: |
-          bin/rails db:create db:schema:load
+          bin/rake db:create db:schema:load
 
       - name: Run tests
         env:
@@ -327,7 +482,7 @@ jobs:
           #KNAPSACK_PRO_RSPEC_SPLIT_BY_TEST_EXAMPLES: true
           KNAPSACK_PRO_TEST_FILE_EXCLUDE_PATTERN: "{engines/**/*_spec.rb,spec/models/**/*_spec.rb,spec/controllers/**/*_spec.rb,spec/serializers/**/*_spec.rb,spec/lib/**/*_spec.rb,spec/migrations/**/*_spec.rb,spec/system/**/*_spec.rb}"
         run: |
-          bin/rails assets:precompile knapsack_pro:rspec
+          bin/rake knapsack_pro:rspec
 
       - name: Save SimpleCov file
         uses: actions/upload-artifact@v4
@@ -379,9 +534,11 @@ jobs:
   collate_simplecov_results:
     runs-on: ubuntu-22.04
     needs:
-      - controllers_and_models
+      - controllers
+      - models
       - engines
-      - system
+      - system_admin
+      - system_consumer
       - test_the_rest
     steps:
       - uses: actions/checkout@v3
@@ -396,6 +553,7 @@ jobs:
         with:
           pattern: simplecov-chunk-*
           path: tmp/simplecov
+          merge-multiple: true
 
       - name: collate results from each of the workers
         run: bundle exec rake 'simplecov:collate_results[tmp/simplecov]'
@@ -408,8 +566,3 @@ jobs:
           retention-days: 7
           if-no-files-found: ignore
           include-hidden-files: true
-      - name: Compare SimpleCov results with Undercover
-        run: |
-          git fetch --no-tags origin ${{ github.event.pull_request.base.ref }}:master
-          bundle exec undercover
-        if: ${{ github.ref != 'refs/heads/master' }} # Does not run on master, as we can't fetch master in the master branch

.github/workflows/linters.yml

@@ -3,32 +3,18 @@ on: [push, pull_request]
 permissions:
   contents: read # to fetch code (actions/checkout)
 jobs:
-  lint:
-    name: prettier and rubocop
+  rubocop:
+    name: runner / rubocop
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
 
-      - uses: actions/setup-node@v3
-        with:
-          node-version-file: .node-version
-      - name: Install JS dependencies
-        run: yarn install --frozen-lockfile
-
       - uses: ruby/setup-ruby@v1
         with:
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
 
       - run: git show --no-patch # the commit being tested (which is often a merge due to actions/checkout@v3)
 
-      - name: prettier
-        uses: EPMatt/reviewdog-action-prettier@v1
-        with:
-          github_token: ${{ secrets.github_token }}
-          reporter: github-pr-check
-          level: error
-          fail_on_error: true
-
       - name: rubocop
         uses: reviewdog/action-rubocop@v2
         with:
@@ -38,4 +24,27 @@ jobs:
           level: error
           filter_mode: nofilter
           use_bundler: true
-          fail_level: any
+          fail_on_error: true
+  prettier:
+    name: runner / prettier
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version-file: .node-version
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - run: git show --no-patch # the commit being tested (which is often a merge due to actions/checkout@v3)
+
+      - name: prettier
+        uses: EPMatt/reviewdog-action-prettier@v1
+        with:
+          github_token: ${{ secrets.github_token }}
+          reporter: github-pr-check
+          level: error
+          fail_on_error: true

.github/workflows/mapi.yml

@@ -0,0 +1,51 @@
+name: 'Mayhem for API'
+on: workflow_dispatch
+permissions:
+  contents: read # to fetch code (actions/checkout)
+jobs:
+  test:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+      security-events: write # to upload SARIF results (github/codeql-action/upload-sarif)
+    if: ${{ github.repository_owner == 'openfoodfoundation' }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+    steps:
+    - uses: actions/checkout@v3
+    - run: docker/build
+    - run: docker compose up --detach
+    - run: until curl -f -s http://localhost:3000; do echo "waiting for api server"; sleep 1; done
+    - run: docker compose exec -T db psql postgresql://ofn:f00d@localhost:5432/open_food_network_dev --command="update spree_users set spree_api_key='testing' where login='ofn@example.com'"
+    # equivalent to Flipper.enable(:api_v1)
+    - run: docker compose exec -T db psql postgresql://ofn:f00d@localhost:5432/open_food_network_dev --command="insert into flipper_features (key, created_at, updated_at) values ('api_v1', localtimestamp, localtimestamp)"
+    - run: docker compose exec -T db psql postgresql://ofn:f00d@localhost:5432/open_food_network_dev --command="insert into flipper_gates (feature_key, key, value, created_at, updated_at) values ('api_v1', 'boolean', 'true', localtimestamp, localtimestamp)"
+
+    # Run Mayhem for API
+    - name: Run Mayhem for API
+      uses: ForAllSecure/mapi-action@v1
+      continue-on-error: true
+      with:
+        mapi-token: ${{ secrets.MAPI_TOKEN }}
+        api-url: http://localhost:3000
+        api-spec: swagger/v1.yaml
+        target: openfoodfoundation/openfoodnetwork
+        duration: 1min
+        sarif-report: mapi.sarif
+        html-report: mapi.html
+        run-args: |
+          --header-auth
+          X-Api-Token: testing
+
+    # Archive HTML report
+    - name: Archive Mayhem for API report
+      uses: actions/upload-artifact@v3
+      with:
+        name: mapi-report
+        path: mapi.html
+
+    # Upload SARIF file (only available on public repos or github enterprise)
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: mapi.sarif

.rubocop_styleguide.yml

@@ -3,20 +3,15 @@
 # These are the rules we agreed upon and we work towards.
 AllCops:
   NewCops: enable
-  MigratedSchemaVersion: "20250111000000"
   Exclude:
     - bin/**/*
+    - db/**/*
     - config/**/*
-    - db/bad_migrations/*
-    - db/migrate/201*
-    - db/migrate/202[0-4]*
-    - db/schema.rb
     - script/**/*
     - vendor/**/*
     - node_modules/**/*
     # Excluding: inadequate Naming/FileName rule rejects GemFile name with camelcase
     - engines/web/Gemfile
-    - .undercover
 
 Bundler/DuplicatedGem:
   Enabled: false
@@ -103,8 +98,6 @@ Naming/VariableNumber:
     - street_address_2
   AllowedPatterns:
     - _v[\d]+
-    # Cf. conversation https://github.com/openfoodfoundation/openfoodnetwork/pull/13306#pullrequestreview-2831644286 
-    - menu_[\d]
 
 Rails/ApplicationRecord:
   Exclude:
@@ -118,10 +111,6 @@ Rails/ApplicationRecord:
 Rails/HasAndBelongsToMany:
   Enabled: false
 
-# Cf. conversation https://github.com/openfoodfoundation/openfoodnetwork/pull/13251
-Rails/LexicallyScopedActionFilter:
-  Enabled: false
-
 Rails/OutputSafety:
   Exclude:
     - spec/**/*

.rubocop_todo.yml

@@ -6,6 +6,85 @@
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+Layout/EmptyLines:
+  Exclude:
+    - 'app/services/products_renderer.rb'
+
+# Offense count: 16
+# Configuration parameters: AllowComments, AllowEmptyLambdas.
+Lint/EmptyBlock:
+  Exclude:
+    - 'engines/catalog/config/routes.rb'
+    - 'spec/components/distributor_title_component_spec.rb'
+    - 'spec/components/example_component_spec.rb'
+    - 'spec/controllers/admin/subscription_line_items_controller_spec.rb'
+    - 'spec/controllers/api/v0/shipments_controller_spec.rb'
+    - 'spec/controllers/concerns/extra_fields_spec.rb'
+    - 'spec/factories.rb'
+    - 'spec/factories/enterprise_factory.rb'
+    - 'spec/jobs/order_cycle_opened_job_spec.rb'
+    - 'spec/jobs/subscription_placement_job_spec.rb'
+    - 'spec/models/product_import/entry_validator_spec.rb'
+
+# Offense count: 4
+# Configuration parameters: AllowComments.
+Lint/EmptyClass:
+  Exclude:
+    - 'spec/lib/reports/report_loader_spec.rb'
+
+# Offense count: 1
+# Configuration parameters: AllowComments.
+Lint/EmptyFile:
+  Exclude:
+    - 'spec/lib/open_food_network/enterprise_injection_data_spec.rb'
+
+# Offense count: 2
+Lint/FloatComparison:
+  Exclude:
+    - 'app/models/product_import/entry_validator.rb'
+    - 'app/models/spree/gateway/pay_pal_express.rb'
+
+# Offense count: 1
+Lint/IneffectiveAccessModifier:
+  Exclude:
+    - 'app/models/spree/user.rb'
+
+# Offense count: 1
+Lint/NoReturnInBeginEndBlocks:
+  Exclude:
+    - 'app/controllers/payment_gateways/stripe_controller.rb'
+
+# Offense count: 4
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Lint/RedundantDirGlobSort:
+  Exclude:
+    - 'engines/catalog/spec/spec_helper.rb'
+    - 'engines/dfc_provider/spec/spec_helper.rb'
+    - 'spec/base_spec_helper.rb'
+    - 'spec/system_helper.rb'
+
+# Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AllowedMethods.
+# AllowedMethods: instance_of?, kind_of?, is_a?, eql?, respond_to?, equal?, presence, present?
+Lint/RedundantSafeNavigation:
+  Exclude:
+    - 'app/models/spree/payment.rb'
+
+# Offense count: 1
+Lint/SelfAssignment:
+  Exclude:
+    - 'app/models/spree/order/checkout.rb'
+
+# Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AutoCorrect.
+Lint/UselessMethodDefinition:
+  Exclude:
+    - 'app/models/spree/gateway.rb'
+
 # Offense count: 24
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes, Max.
 Metrics/AbcSize:
@@ -13,6 +92,7 @@ Metrics/AbcSize:
     - 'app/controllers/admin/enterprises_controller.rb'
     - 'app/controllers/payment_gateways/paypal_controller.rb'
     - 'app/controllers/spree/admin/payments_controller.rb'
+    - 'app/controllers/spree/admin/taxons_controller.rb'
     - 'app/controllers/spree/admin/variants_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
     - 'app/helpers/spree/admin/navigation_helper.rb'
@@ -47,7 +127,7 @@ Metrics/BlockNesting:
   Exclude:
     - 'app/models/spree/payment/processing.rb'
 
-# Offense count: 47
+# Offense count: 46
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ClassLength:
   Exclude:
@@ -57,12 +137,12 @@ Metrics/ClassLength:
     - 'app/controllers/admin/resource_controller.rb'
     - 'app/controllers/admin/subscriptions_controller.rb'
     - 'app/controllers/application_controller.rb'
-    - 'app/controllers/checkout_controller.rb'
     - 'app/controllers/payment_gateways/paypal_controller.rb'
     - 'app/controllers/spree/admin/orders_controller.rb'
     - 'app/controllers/spree/admin/payment_methods_controller.rb'
     - 'app/controllers/spree/admin/payments_controller.rb'
     - 'app/controllers/spree/admin/products_controller.rb'
+    - 'app/controllers/spree/admin/users_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
     - 'app/models/enterprise.rb'
     - 'app/models/invoice/data_presenter.rb'
@@ -88,7 +168,6 @@ Metrics/ClassLength:
     - 'app/services/cart_service.rb'
     - 'app/services/order_cycles/form_service.rb'
     - 'app/services/orders/sync_service.rb'
-    - 'app/services/sets/product_set.rb'
     - 'engines/order_management/app/services/order_management/order/updater.rb'
     - 'lib/open_food_network/enterprise_fee_calculator.rb'
     - 'lib/open_food_network/order_cycle_form_applicator.rb'
@@ -98,14 +177,13 @@ Metrics/ClassLength:
     - 'lib/reporting/reports/enterprise_fee_summary/enterprise_fees_with_tax_report_by_producer.rb'
     - 'lib/reporting/reports/enterprise_fee_summary/scope.rb'
     - 'lib/reporting/reports/xero_invoices/base.rb'
-    - 'app/services/permissions/order.rb'
 
-# Offense count: 30
+# Offense count: 32
 # Configuration parameters: AllowedMethods, AllowedPatterns, Max.
 Metrics/CyclomaticComplexity:
   Exclude:
     - 'app/controllers/admin/enterprises_controller.rb'
-    - 'app/controllers/spree/admin/payments_controller.rb'
+    - 'app/controllers/spree/admin/taxons_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
     - 'app/helpers/checkout_helper.rb'
     - 'app/helpers/order_cycles_helper.rb'
@@ -121,6 +199,7 @@ Metrics/CyclomaticComplexity:
     - 'app/models/spree/preferences/preferable_class_methods.rb'
     - 'app/models/spree/return_authorization.rb'
     - 'app/models/spree/tax_rate.rb'
+    - 'app/models/spree/variant.rb'
     - 'app/models/spree/zone.rb'
     - 'lib/open_food_network/enterprise_issue_validator.rb'
     - 'lib/reporting/reports/xero_invoices/base.rb'
@@ -129,12 +208,13 @@ Metrics/CyclomaticComplexity:
     - 'lib/spree/localized_number.rb'
     - 'spec/models/product_importer_spec.rb'
 
-# Offense count: 23
+# Offense count: 24
 # Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns.
 Metrics/MethodLength:
   Exclude:
     - 'app/controllers/admin/enterprises_controller.rb'
     - 'app/controllers/payment_gateways/paypal_controller.rb'
+    - 'app/controllers/spree/admin/taxons_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
     - 'app/helpers/spree/admin/navigation_helper.rb'
     - 'app/models/spree/ability.rb'
@@ -149,7 +229,7 @@ Metrics/MethodLength:
     - 'lib/spree/localized_number.rb'
     - 'lib/tasks/sample_data/product_factory.rb'
 
-# Offense count: 47
+# Offense count: 49
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ModuleLength:
   Exclude:
@@ -161,7 +241,46 @@ Metrics/ModuleLength:
     - 'app/helpers/spree/admin/orders_helper.rb'
     - 'app/models/spree/order/checkout.rb'
     - 'app/models/spree/payment/processing.rb'
+    - 'engines/catalog/spec/services/catalog/product_import/products_reset_strategy_spec.rb'
+    - 'engines/order_management/spec/services/order_management/order/updater_spec.rb'
+    - 'engines/order_management/spec/services/order_management/stock/package_spec.rb'
+    - 'engines/order_management/spec/services/order_management/subscriptions/estimator_spec.rb'
+    - 'engines/order_management/spec/services/order_management/subscriptions/form_spec.rb'
+    - 'engines/order_management/spec/services/order_management/subscriptions/proxy_order_syncer_spec.rb'
+    - 'engines/order_management/spec/services/order_management/subscriptions/summarizer_spec.rb'
+    - 'engines/order_management/spec/services/order_management/subscriptions/summary_spec.rb'
+    - 'engines/order_management/spec/services/order_management/subscriptions/validator_spec.rb'
+    - 'engines/order_management/spec/services/order_management/subscriptions/variants_list_spec.rb'
     - 'lib/open_food_network/column_preference_defaults.rb'
+    - 'spec/controllers/admin/customers_controller_spec.rb'
+    - 'spec/controllers/admin/order_cycles_controller_spec.rb'
+    - 'spec/controllers/api/v0/order_cycles_controller_spec.rb'
+    - 'spec/controllers/api/v0/orders_controller_spec.rb'
+    - 'spec/controllers/payment_gateways/stripe_controller_spec.rb'
+    - 'spec/controllers/spree/admin/adjustments_controller_spec.rb'
+    - 'spec/controllers/spree/admin/payment_methods_controller_spec.rb'
+    - 'spec/controllers/spree/admin/variants_controller_spec.rb'
+    - 'spec/lib/open_food_network/address_finder_spec.rb'
+    - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
+    - 'spec/lib/open_food_network/order_cycle_form_applicator_spec.rb'
+    - 'spec/lib/open_food_network/order_cycle_permissions_spec.rb'
+    - 'spec/lib/open_food_network/permissions_spec.rb'
+    - 'spec/lib/open_food_network/scope_variant_to_hub_spec.rb'
+    - 'spec/lib/open_food_network/tag_rule_applicator_spec.rb'
+    - 'spec/lib/reports/customers_report_spec.rb'
+    - 'spec/lib/reports/enterprise_fee_summary/authorizer_spec.rb'
+    - 'spec/lib/reports/order_cycle_management_report_spec.rb'
+    - 'spec/lib/reports/products_and_inventory_report_spec.rb'
+    - 'spec/lib/reports/users_and_enterprises_report_spec.rb'
+    - 'spec/models/spree/adjustment_spec.rb'
+    - 'spec/models/spree/credit_card_spec.rb'
+    - 'spec/models/spree/line_item_spec.rb'
+    - 'spec/models/spree/order/tax_spec.rb'
+    - 'spec/models/spree/product_spec.rb'
+    - 'spec/models/spree/shipping_method_spec.rb'
+    - 'spec/models/spree/tax_rate_spec.rb'
+    - 'spec/services/permissions/order_spec.rb'
+    - 'spec/services/variant_units/option_value_namer_spec.rb'
     - 'spec/support/request/stripe_stubs.rb'
 
 # Offense count: 7
@@ -174,20 +293,386 @@ Metrics/ParameterLists:
     - 'spec/support/controller_requests_helper.rb'
     - 'spec/system/admin/reports_spec.rb'
 
-# Offense count: 3
+# Offense count: 4
 # Configuration parameters: AllowedMethods, AllowedPatterns, Max.
 Metrics/PerceivedComplexity:
   Exclude:
+    - 'app/controllers/spree/admin/taxons_controller.rb'
     - 'app/models/enterprise_relationship.rb'
     - 'app/models/spree/ability.rb'
     - 'app/models/spree/order/checkout.rb'
 
+# Offense count: 8
+Naming/AccessorMethodName:
+  Exclude:
+    - 'app/controllers/spree/admin/taxonomies_controller.rb'
+    - 'app/mailers/producer_mailer.rb'
+    - 'app/models/spree/order.rb'
+    - 'app/services/checkout/post_checkout_actions.rb'
+    - 'lib/spree/core/controller_helpers/common.rb'
+    - 'spec/support/request/shop_workflow.rb'
+    - 'spec/support/request/web_helper.rb'
+
+# Offense count: 1
+# Configuration parameters: ForbiddenDelimiters.
+# ForbiddenDelimiters: (?i-mx:(^|\s)(EO[A-Z]{1}|END)(\s|$))
+Naming/HeredocDelimiterNaming:
+  Exclude:
+    - 'app/models/content_configuration.rb'
+
+# Offense count: 5
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyleForLeadingUnderscores.
+# SupportedStylesForLeadingUnderscores: disallowed, required, optional
+Naming/MemoizedInstanceVariableName:
+  Exclude:
+    - 'app/mailers/producer_mailer.rb'
+    - 'app/models/concerns/balance.rb'
+    - 'lib/open_food_network/address_finder.rb'
+
+# Offense count: 1
+# Configuration parameters: MinNameLength, AllowNamesEndingInNumbers, AllowedNames, ForbiddenNames.
+# AllowedNames: as, at, by, cc, db, id, if, in, io, ip, of, on, os, pp, to
+Naming/MethodParameterName:
+  Exclude:
+    - 'app/services/process_payment_intent.rb'
+
+# Offense count: 28
+# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers, AllowedPatterns.
+# SupportedStyles: snake_case, normalcase, non_integer
+# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339, x86_64
+Naming/VariableNumber:
+  Exclude:
+    - 'app/controllers/spree/orders_controller.rb'
+    - 'app/models/content_configuration.rb'
+    - 'app/models/preference_sections/main_links_section.rb'
+    - 'lib/spree/core/controller_helpers/common.rb'
+    - 'spec/controllers/spree/admin/search_controller_spec.rb'
+    - 'spec/factories/stock_location_factory.rb'
+    - 'spec/models/spree/stock_item_spec.rb'
+    - 'spec/models/spree/tax_rate_spec.rb'
+    - 'spec/requests/api/orders_spec.rb'
+
+# Offense count: 142
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: ResponseMethods.
+# ResponseMethods: response, last_response
+RSpecRails/HaveHttpStatus:
+  Exclude:
+    - 'spec/controllers/admin/bulk_line_items_controller_spec.rb'
+    - 'spec/controllers/admin/order_cycles_controller_spec.rb'
+    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
+    - 'spec/controllers/api/v0/base_controller_spec.rb'
+    - 'spec/controllers/api/v0/customers_controller_spec.rb'
+    - 'spec/controllers/api/v0/enterprises_controller_spec.rb'
+    - 'spec/controllers/api/v0/logos_controller_spec.rb'
+    - 'spec/controllers/api/v0/order_cycles_controller_spec.rb'
+    - 'spec/controllers/api/v0/orders_controller_spec.rb'
+    - 'spec/controllers/api/v0/product_images_controller_spec.rb'
+    - 'spec/controllers/api/v0/products_controller_spec.rb'
+    - 'spec/controllers/api/v0/promo_images_controller_spec.rb'
+    - 'spec/controllers/api/v0/reports/packing_report_spec.rb'
+    - 'spec/controllers/api/v0/reports_controller_spec.rb'
+    - 'spec/controllers/api/v0/shipments_controller_spec.rb'
+    - 'spec/controllers/api/v0/statuses_controller_spec.rb'
+    - 'spec/controllers/api/v0/taxons_controller_spec.rb'
+    - 'spec/controllers/api/v0/terms_and_conditions_controller_spec.rb'
+    - 'spec/controllers/api/v0/variants_controller_spec.rb'
+    - 'spec/controllers/cart_controller_spec.rb'
+    - 'spec/controllers/checkout_controller_spec.rb'
+    - 'spec/controllers/enterprises_controller_spec.rb'
+    - 'spec/controllers/line_items_controller_spec.rb'
+    - 'spec/controllers/shop_controller_spec.rb'
+    - 'spec/controllers/spree/admin/orders/payments/payments_controller_spec.rb'
+    - 'spec/controllers/spree/admin/orders_controller_spec.rb'
+    - 'spec/controllers/spree/admin/products_controller_spec.rb'
+    - 'spec/controllers/spree/credit_cards_controller_spec.rb'
+    - 'spec/controllers/spree/orders_controller_spec.rb'
+    - 'spec/controllers/stripe/callbacks_controller_spec.rb'
+    - 'spec/controllers/stripe/webhooks_controller_spec.rb'
+    - 'spec/controllers/user_passwords_controller_spec.rb'
+    - 'spec/controllers/user_registrations_controller_spec.rb'
+    - 'spec/requests/api/routes_spec.rb'
+    - 'spec/requests/checkout/stripe_sca_spec.rb'
+    - 'spec/requests/home_controller_spec.rb'
+    - 'spec/requests/omniauth_callbacks_controller_spec.rb'
+    - 'spec/services/embedded_page_service_spec.rb'
+    - 'spec/support/api_helper.rb'
+
+# Offense count: 8
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: numeric, symbolic, be_status
+RSpecRails/HttpStatus:
+  Exclude:
+    - 'spec/controllers/spree/admin/products_controller_spec.rb'
+    - 'spec/requests/api/orders_spec.rb'
+
+# Offense count: 144
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Inferences.
+RSpecRails/InferredSpecType:
+  Exclude:
+    - 'engines/dfc_provider/spec/requests/addresses_spec.rb'
+    - 'engines/dfc_provider/spec/requests/catalog_items_spec.rb'
+    - 'engines/dfc_provider/spec/requests/enterprise_groups/affiliated_by_spec.rb'
+    - 'engines/dfc_provider/spec/requests/enterprise_groups_spec.rb'
+    - 'engines/dfc_provider/spec/requests/enterprises_spec.rb'
+    - 'engines/dfc_provider/spec/requests/offers_spec.rb'
+    - 'engines/dfc_provider/spec/requests/persons_spec.rb'
+    - 'engines/dfc_provider/spec/requests/social_medias_spec.rb'
+    - 'engines/dfc_provider/spec/requests/supplied_products_spec.rb'
+    - 'engines/web/spec/helpers/cookies_policy_helper_spec.rb'
+    - 'spec/controllers/admin/bulk_line_items_controller_spec.rb'
+    - 'spec/controllers/admin/column_preferences_controller_spec.rb'
+    - 'spec/controllers/admin/customers_controller_spec.rb'
+    - 'spec/controllers/admin/enterprises_controller_spec.rb'
+    - 'spec/controllers/admin/inventory_items_controller_spec.rb'
+    - 'spec/controllers/admin/invoice_settings_controller_spec.rb'
+    - 'spec/controllers/admin/matomo_settings_controller_spec.rb'
+    - 'spec/controllers/admin/order_cycles_controller_spec.rb'
+    - 'spec/controllers/admin/product_import_controller_spec.rb'
+    - 'spec/controllers/admin/proxy_orders_controller_spec.rb'
+    - 'spec/controllers/admin/reports_controller_spec.rb'
+    - 'spec/controllers/admin/schedules_controller_spec.rb'
+    - 'spec/controllers/admin/stripe_accounts_controller_spec.rb'
+    - 'spec/controllers/admin/stripe_connect_settings_controller_spec.rb'
+    - 'spec/controllers/admin/subscription_line_items_controller_spec.rb'
+    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
+    - 'spec/controllers/admin/tag_rules_controller_spec.rb'
+    - 'spec/controllers/admin/terms_of_service_files_controller_spec.rb'
+    - 'spec/controllers/admin/variant_overrides_controller_spec.rb'
+    - 'spec/controllers/api/v0/customers_controller_spec.rb'
+    - 'spec/controllers/api/v0/enterprise_fees_controller_spec.rb'
+    - 'spec/controllers/api/v0/enterprises_controller_spec.rb'
+    - 'spec/controllers/api/v0/exchange_products_controller_spec.rb'
+    - 'spec/controllers/api/v0/logos_controller_spec.rb'
+    - 'spec/controllers/api/v0/order_cycles_controller_spec.rb'
+    - 'spec/controllers/api/v0/orders_controller_spec.rb'
+    - 'spec/controllers/api/v0/product_images_controller_spec.rb'
+    - 'spec/controllers/api/v0/products_controller_spec.rb'
+    - 'spec/controllers/api/v0/promo_images_controller_spec.rb'
+    - 'spec/controllers/api/v0/reports/packing_report_spec.rb'
+    - 'spec/controllers/api/v0/reports_controller_spec.rb'
+    - 'spec/controllers/api/v0/shipments_controller_spec.rb'
+    - 'spec/controllers/api/v0/shops_controller_spec.rb'
+    - 'spec/controllers/api/v0/statuses_controller_spec.rb'
+    - 'spec/controllers/api/v0/terms_and_conditions_controller_spec.rb'
+    - 'spec/controllers/api/v0/variants_controller_spec.rb'
+    - 'spec/controllers/base_controller_spec.rb'
+    - 'spec/controllers/cart_controller_spec.rb'
+    - 'spec/controllers/checkout_controller_spec.rb'
+    - 'spec/controllers/enterprises_controller_spec.rb'
+    - 'spec/controllers/groups_controller_spec.rb'
+    - 'spec/controllers/line_items_controller_spec.rb'
+    - 'spec/controllers/payment_gateways/paypal_controller_spec.rb'
+    - 'spec/controllers/payment_gateways/stripe_controller_spec.rb'
+    - 'spec/controllers/registration_controller_spec.rb'
+    - 'spec/controllers/shop_controller_spec.rb'
+    - 'spec/controllers/shops_controller_spec.rb'
+    - 'spec/controllers/spree/admin/adjustments_controller_spec.rb'
+    - 'spec/controllers/spree/admin/base_controller_spec.rb'
+    - 'spec/controllers/spree/admin/countries_controller_spec.rb'
+    - 'spec/controllers/spree/admin/general_settings_controller_spec.rb'
+    - 'spec/controllers/spree/admin/orders/customer_details_controller_spec.rb'
+    - 'spec/controllers/spree/admin/orders/invoices_spec.rb'
+    - 'spec/controllers/spree/admin/orders/payments/payments_controller_refunds_spec.rb'
+    - 'spec/controllers/spree/admin/orders/payments/payments_controller_spec.rb'
+    - 'spec/controllers/spree/admin/orders_controller_spec.rb'
+    - 'spec/controllers/spree/admin/overview_controller_spec.rb'
+    - 'spec/controllers/spree/admin/payment_methods_controller_spec.rb'
+    - 'spec/controllers/spree/admin/products_controller_spec.rb'
+    - 'spec/controllers/spree/admin/return_authorizations_controller_spec.rb'
+    - 'spec/controllers/spree/admin/search_controller_spec.rb'
+    - 'spec/controllers/spree/admin/shipping_categories_controller_spec.rb'
+    - 'spec/controllers/spree/admin/shipping_methods_controller_spec.rb'
+    - 'spec/controllers/spree/admin/tax_rates_controller_spec.rb'
+    - 'spec/controllers/spree/admin/tax_settings_controller_spec.rb'
+    - 'spec/controllers/spree/admin/variants_controller_spec.rb'
+    - 'spec/controllers/spree/api_keys_controller_spec.rb'
+    - 'spec/controllers/spree/credit_cards_controller_spec.rb'
+    - 'spec/controllers/spree/orders_controller_spec.rb'
+    - 'spec/controllers/spree/user_sessions_controller_spec.rb'
+    - 'spec/controllers/spree/users_controller_spec.rb'
+    - 'spec/controllers/stripe/callbacks_controller_spec.rb'
+    - 'spec/controllers/stripe/webhooks_controller_spec.rb'
+    - 'spec/controllers/user_confirmations_controller_spec.rb'
+    - 'spec/controllers/user_passwords_controller_spec.rb'
+    - 'spec/controllers/user_registrations_controller_spec.rb'
+    - 'spec/controllers/webhook_endpoints_controller_spec.rb'
+    - 'spec/helpers/admin/enterprises_helper_spec.rb'
+    - 'spec/helpers/admin/orders_helper_spec.rb'
+    - 'spec/helpers/admin/reports_helper_spec.rb'
+    - 'spec/helpers/admin/subscriptions_helper_spec.rb'
+    - 'spec/helpers/application_helper_spec.rb'
+    - 'spec/helpers/checkout_helper_spec.rb'
+    - 'spec/helpers/i18n_helper_spec.rb'
+    - 'spec/helpers/injection_helper_spec.rb'
+    - 'spec/helpers/link_helper_spec.rb'
+    - 'spec/helpers/navigation_helper_spec.rb'
+    - 'spec/helpers/order_cycles_helper_spec.rb'
+    - 'spec/helpers/serializer_helper_spec.rb'
+    - 'spec/helpers/shop_helper_spec.rb'
+    - 'spec/helpers/spree/admin/base_helper_spec.rb'
+    - 'spec/helpers/spree/admin/general_settings_helper_spec.rb'
+    - 'spec/helpers/spree/admin/orders_helper_spec.rb'
+    - 'spec/helpers/spree/orders_helper_spec.rb'
+    - 'spec/helpers/tax_helper_spec.rb'
+    - 'spec/helpers/terms_and_conditions_helper_spec.rb'
+    - 'spec/jobs/connect_app_job_spec.rb'
+    - 'spec/mailers/producer_mailer_spec.rb'
+    - 'spec/mailers/subscription_mailer_spec.rb'
+    - 'spec/models/column_preference_spec.rb'
+    - 'spec/models/connected_app_spec.rb'
+    - 'spec/models/customer_spec.rb'
+    - 'spec/models/invoice_spec.rb'
+    - 'spec/models/oidc_account_spec.rb'
+    - 'spec/models/proxy_order_spec.rb'
+    - 'spec/models/report_blob_spec.rb'
+    - 'spec/models/semantic_link_spec.rb'
+    - 'spec/models/spree/gateway/stripe_sca_spec.rb'
+    - 'spec/models/subscription_spec.rb'
+    - 'spec/models/tag_rule/filter_order_cycles_spec.rb'
+    - 'spec/models/tag_rule/filter_payment_methods_spec.rb'
+    - 'spec/models/tag_rule/filter_products_spec.rb'
+    - 'spec/models/tag_rule/filter_shipping_methods_spec.rb'
+    - 'spec/models/tag_rule_spec.rb'
+    - 'spec/models/webhook_endpoint_spec.rb'
+    - 'spec/requests/admin/images_spec.rb'
+    - 'spec/requests/admin/product_import_spec.rb'
+    - 'spec/requests/admin/vouchers_spec.rb'
+    - 'spec/requests/api/orders_spec.rb'
+    - 'spec/requests/api/routes_spec.rb'
+    - 'spec/requests/api/v1/customers_spec.rb'
+    - 'spec/requests/api_docs_spec.rb'
+    - 'spec/requests/checkout/paypal_spec.rb'
+    - 'spec/requests/checkout/routes_spec.rb'
+    - 'spec/requests/checkout/stripe_sca_spec.rb'
+    - 'spec/requests/errors_spec.rb'
+    - 'spec/requests/home_controller_spec.rb'
+    - 'spec/requests/large_request_spec.rb'
+    - 'spec/requests/omniauth_callbacks_controller_spec.rb'
+    - 'spec/requests/spree/admin/overview_spec.rb'
+    - 'spec/requests/spree/admin/payments_spec.rb'
+    - 'spec/requests/voucher_adjustments_spec.rb'
+    - 'spec/routing/stripe_spec.rb'
+
+# Offense count: 22
+# Configuration parameters: IgnoreScopes, Include.
+# Include: app/models/**/*.rb
+Rails/InverseOf:
+  Exclude:
+    - 'app/models/enterprise.rb'
+    - 'app/models/order_cycle.rb'
+    - 'app/models/spree/country.rb'
+    - 'app/models/spree/inventory_unit.rb'
+    - 'app/models/spree/line_item.rb'
+    - 'app/models/spree/order.rb'
+    - 'app/models/spree/payment.rb'
+    - 'app/models/spree/price.rb'
+    - 'app/models/spree/product.rb'
+    - 'app/models/spree/stock_item.rb'
+    - 'app/models/spree/taxonomy.rb'
+    - 'app/models/spree/variant.rb'
+    - 'app/models/subscription_line_item.rb'
+
+# Offense count: 35
+# Configuration parameters: Include.
+# Include: app/controllers/**/*.rb, app/mailers/**/*.rb
+Rails/LexicallyScopedActionFilter:
+  Exclude:
+    - 'app/controllers/admin/enterprise_groups_controller.rb'
+    - 'app/controllers/admin/enterprises_controller.rb'
+    - 'app/controllers/admin/order_cycles_controller.rb'
+    - 'app/controllers/admin/producer_properties_controller.rb'
+    - 'app/controllers/admin/product_import_controller.rb'
+    - 'app/controllers/admin/schedules_controller.rb'
+    - 'app/controllers/admin/subscriptions_controller.rb'
+    - 'app/controllers/concerns/checkout_callbacks.rb'
+    - 'app/controllers/registration_controller.rb'
+    - 'app/controllers/spree/admin/adjustments_controller.rb'
+    - 'app/controllers/spree/admin/payment_methods_controller.rb'
+    - 'app/controllers/spree/admin/payments_controller.rb'
+    - 'app/controllers/spree/admin/products_controller.rb'
+    - 'app/controllers/spree/admin/return_authorizations_controller.rb'
+    - 'app/controllers/spree/admin/search_controller.rb'
+    - 'app/controllers/spree/admin/shipping_methods_controller.rb'
+    - 'app/controllers/spree/admin/users_controller.rb'
+    - 'app/controllers/spree/admin/zones_controller.rb'
+    - 'app/controllers/spree/users_controller.rb'
+
+# Offense count: 56
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Include.
+# Include: spec/controllers/**/*.rb, spec/requests/**/*.rb, test/controllers/**/*.rb, test/integration/**/*.rb
+Rails/ResponseParsedBody:
+  Exclude:
+    - 'spec/controllers/admin/bulk_line_items_controller_spec.rb'
+    - 'spec/controllers/admin/customers_controller_spec.rb'
+    - 'spec/controllers/admin/order_cycles_controller_spec.rb'
+    - 'spec/controllers/admin/proxy_orders_controller_spec.rb'
+    - 'spec/controllers/admin/schedules_controller_spec.rb'
+    - 'spec/controllers/admin/stripe_accounts_controller_spec.rb'
+    - 'spec/controllers/admin/subscription_line_items_controller_spec.rb'
+    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
+    - 'spec/controllers/cart_controller_spec.rb'
+    - 'spec/controllers/line_items_controller_spec.rb'
+    - 'spec/controllers/spree/admin/search_controller_spec.rb'
+    - 'spec/controllers/spree/credit_cards_controller_spec.rb'
+    - 'spec/controllers/user_registrations_controller_spec.rb'
+
+# Offense count: 7
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: strict, flexible
+Rails/TimeZone:
+  Exclude:
+    - 'app/models/spree/gateway/pay_pal_express.rb'
+    - 'spec/controllers/spree/credit_cards_controller_spec.rb'
+    - 'spec/services/order_cycles/webhook_service_spec.rb'
+    - 'spec/services/orders/customer_cancellation_service_spec.rb'
+
 # Offense count: 1
 # Configuration parameters: TransactionMethods.
 Rails/TransactionExitStatement:
   Exclude:
     - 'app/services/place_proxy_order.rb'
 
+# Offense count: 5
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/UniqueValidationWithoutIndex:
+  Exclude:
+    - 'app/models/customer.rb'
+    - 'app/models/exchange.rb'
+    - 'app/models/spree/stock_item.rb'
+    - 'app/models/spree/tax_category.rb'
+    - 'app/models/spree/zone.rb'
+
+# Offense count: 1
+Security/Open:
+  Exclude:
+    - 'app/services/image_importer.rb'
+
+# Offense count: 7
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/ArrayIntersect:
+  Exclude:
+    - 'app/models/spree/ability.rb'
+    - 'app/models/tag_rule/filter_order_cycles.rb'
+    - 'app/models/tag_rule/filter_payment_methods.rb'
+    - 'app/models/tag_rule/filter_products.rb'
+    - 'app/models/tag_rule/filter_shipping_methods.rb'
+    - 'lib/open_food_network/tag_rule_applicator.rb'
+    - 'spec/support/matchers/select2_matchers.rb'
+
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowOnConstant, AllowOnSelfClass.
+Style/CaseEquality:
+  Exclude:
+    - 'spec/models/spree/payment_spec.rb'
+
 # Offense count: 23
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
@@ -217,6 +702,56 @@ Style/ClassAndModuleChildren:
     - 'lib/open_food_network/locking.rb'
     - 'spec/models/spree/payment_method_spec.rb'
 
+# Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: always, always_true, never
+Style/FrozenStringLiteralComment:
+  Exclude:
+    - '.simplecov'
+
+# Offense count: 6
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/GlobalStdStream:
+  Exclude:
+    - 'lib/tasks/data.rake'
+    - 'lib/tasks/missing_payments.rake'
+    - 'lib/tasks/sample_data/logging.rb'
+    - 'lib/tasks/subscriptions/debug.rake'
+    - 'lib/tasks/subscriptions/test.rake'
+
+# Offense count: 12
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AllowSplatArgument.
+Style/HashConversion:
+  Exclude:
+    - 'app/controllers/admin/column_preferences_controller.rb'
+    - 'app/controllers/admin/variant_overrides_controller.rb'
+    - 'app/controllers/spree/admin/products_controller.rb'
+    - 'app/models/order_cycle.rb'
+    - 'app/models/product_import/product_importer.rb'
+    - 'app/models/spree/shipping_method.rb'
+    - 'app/serializers/api/admin/exchange_serializer.rb'
+    - 'app/services/variants_stock_levels.rb'
+    - 'spec/controllers/admin/inventory_items_controller_spec.rb'
+    - 'spec/controllers/admin/variant_overrides_controller_spec.rb'
+
+# Offense count: 13
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AllowedReceivers.
+# AllowedReceivers: Thread.current
+Style/HashEachMethods:
+  Exclude:
+    - 'app/controllers/admin/enterprises_controller.rb'
+    - 'app/controllers/spree/admin/shipping_methods_controller.rb'
+    - 'app/forms/enterprise_fees_bulk_update.rb'
+    - 'app/models/product_import/entry_processor.rb'
+    - 'app/models/spree/preferences/configuration.rb'
+    - 'app/services/sets/model_set.rb'
+    - 'lib/reporting/reports/sales_tax/sales_tax_totals_by_producer.rb'
+    - 'spec/models/product_importer_spec.rb'
+    - 'spec/support/cancan_helper.rb'
+
 # Offense count: 4
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/MapToHash:
@@ -226,6 +761,28 @@ Style/MapToHash:
     - 'lib/reporting/reports/enterprise_fee_summary/fee_summary.rb'
     - 'lib/tasks/sample_data/user_factory.rb'
 
+# Offense count: 3
+Style/MissingRespondToMissing:
+  Exclude:
+    - 'app/helpers/application_helper.rb'
+    - 'app/models/spree/gateway.rb'
+    - 'app/models/spree/preferences/configuration.rb'
+
+# Offense count: 22
+# This cop supports safe autocorrection (--autocorrect).
+Style/NestedModifier:
+  Exclude:
+    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
+    - 'spec/controllers/line_items_controller_spec.rb'
+    - 'spec/controllers/spree/admin/orders_controller_spec.rb'
+    - 'spec/controllers/spree/orders_controller_spec.rb'
+    - 'spec/factories/order_factory.rb'
+    - 'spec/models/proxy_order_spec.rb'
+    - 'spec/models/spree/line_item_spec.rb'
+    - 'spec/services/place_proxy_order_spec.rb'
+    - 'spec/system/admin/payments_stripe_spec.rb'
+    - 'spec/system/admin/reports_spec.rb'
+
 # Offense count: 38
 Style/OpenStructUse:
   Exclude:
@@ -254,3 +811,48 @@ Style/OptionalBooleanParameter:
     - 'engines/order_management/app/services/order_management/stock/estimator.rb'
     - 'lib/spree/core/controller_helpers/order.rb'
     - 'spec/support/request/web_helper.rb'
+
+# Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: short, verbose
+Style/PreferredHashMethods:
+  Exclude:
+    - 'app/controllers/api/v0/shipments_controller.rb'
+
+# Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Methods.
+Style/RedundantArgument:
+  Exclude:
+    - 'engines/dfc_provider/app/services/authorization_control.rb'
+
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+Style/RedundantAssignment:
+  Exclude:
+    - 'spec/models/database_spec.rb'
+
+# Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AutoCorrect, AllowComments.
+Style/RedundantInitialize:
+  Exclude:
+    - 'spec/models/spree/gateway_spec.rb'
+
+# Offense count: 19
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AllowedMethods, AllowedPatterns.
+Style/ReturnNilInPredicateMethodDefinition:
+  Exclude:
+    - 'app/models/order_cycle.rb'
+    - 'app/serializers/api/admin/customer_serializer.rb'
+    - 'engines/order_management/app/services/order_management/subscriptions/validator.rb'
+
+# Offense count: 3
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/SlicingWithRange:
+  Exclude:
+    - 'app/helpers/spree/admin/navigation_helper.rb'
+    - 'app/services/embedded_page_service.rb'
+    - 'engines/order_management/app/services/order_management/subscriptions/validator.rb'

.simplecov

@@ -1,11 +1,19 @@
 #!/bin/env ruby
-# frozen_string_literal: true
 
 SimpleCov.start 'rails' do
   add_filter '/bin/'
   add_filter '/config/'
+  add_filter '/jobs/application_job.rb'
+  add_filter '/schemas/'
+  add_filter '/lib/generators'
+  add_filter '/spec/'
+  add_filter '/vendor/'
+  add_filter '/public'
+  add_filter '/swagger'
   add_filter '/script'
+  add_filter '/log'
   add_filter '/db'
+  add_filter '/lib/tasks/sample_data/'
 
   formatter SimpleCov::Formatter::SimpleFormatter
 end

.undercover

@@ -1,4 +0,0 @@
-#!/bin/env ruby
-# frozen_string_literal: true
-
--c master

Dockerfile

@@ -1,32 +1,92 @@
-FROM ruby:3.1.4-alpine3.19 AS base
-ENV LANG=C.UTF-8 \
-    LC_ALL=C.UTF-8 \
-    TZ=Europe/London \
-    RAILS_ROOT=/usr/src/app
-RUN apk --no-cache upgrade && \
-    apk add --no-cache tzdata postgresql-client imagemagick imagemagick-jpeg && \
-    apk add --no-cache --virtual wkhtmltopdf
+FROM ubuntu:20.04
 
-WORKDIR $RAILS_ROOT
+ENV TZ Europe/London
 
-# Development dependencies
-FROM base AS development-base
-RUN apk add --no-cache --virtual .build-deps \
-    build-base postgresql-dev git nodejs yarn && \
-    apk add --no-cache --virtual .dev-utils \
-    bash curl less vim chromium-chromedriver zlib-dev openssl-dev \
-    readline-dev yaml-dev sqlite-dev libxml2-dev libxslt-dev libffi-dev vips-dev && \
-    curl -o /usr/local/bin/wait-for-it https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh && \
-    chmod +x /usr/local/bin/wait-for-it
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 
-# Install yarn dependencies separately for caching
-FROM development-base AS yarn-dependencies
-COPY package.json yarn.lock ./
-RUN yarn install --frozen-lockfile
+RUN echo "deb http://security.ubuntu.com/ubuntu bionic-security main" >> /etc/apt/sources.list
 
-# Install Ruby gems
-FROM development-base
-COPY . $RAILS_ROOT
-COPY Gemfile Gemfile.lock ./
-RUN bundle install --jobs "$(nproc)"
-COPY --from=yarn-dependencies $RAILS_ROOT/node_modules ./node_modules
+# Install all the requirements
+RUN apt-get update && apt-get install -y \
+  curl \
+  git \
+  build-essential \
+  software-properties-common \
+  wget \
+  zlib1g-dev \
+  libreadline-dev \
+  libyaml-dev \
+  libffi-dev \
+  libxml2-dev \
+  libxslt1-dev \
+  wait-for-it \
+  imagemagick \
+  unzip \
+  libjemalloc-dev \
+  libssl-dev \
+  ca-certificates \
+  gnupg
+
+# Setup ENV variables
+ENV PATH /usr/local/src/rbenv/shims:/usr/local/src/rbenv/bin:/usr/local/src/nodenv/shims:/usr/local/src/nodenv/bin:$PATH
+ENV RBENV_ROOT /usr/local/src/rbenv
+ENV NODENV_ROOT /usr/local/src/nodenv
+ENV CONFIGURE_OPTS --disable-install-doc
+ENV BUNDLE_PATH /bundles
+ENV LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so
+
+WORKDIR /usr/src/app
+
+# trim spaces and line return from .ruby-version file
+COPY .ruby-version .ruby-version.raw
+RUN cat .ruby-version.raw | tr -d '\r\t ' > .ruby-version
+
+# Install Rbenv & Ruby
+RUN git clone --depth 1 https://github.com/rbenv/rbenv.git ${RBENV_ROOT} && \
+    git clone --depth 1 https://github.com/rbenv/ruby-build.git ${RBENV_ROOT}/plugins/ruby-build && \
+    echo 'eval "$(rbenv init -)"' >> /etc/profile.d/rbenv.sh && \
+    RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install $(cat .ruby-version) && \
+    rbenv global $(cat .ruby-version)
+
+# Install Postgres
+RUN sh -c "echo 'deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main' >> /etc/apt/sources.list.d/pgdg.list" && \
+    curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg >/dev/null && \
+    apt-get update && \
+    apt-get install -yqq --no-install-recommends postgresql-client-10 libpq-dev
+
+
+# trim spaces and line return from .node-version file
+COPY .node-version .node-version.raw
+RUN cat .node-version.raw | tr -d '\r\t ' > .node-version
+
+# Install Node and Yarn with Nodenv
+RUN git clone --depth 1 https://github.com/nodenv/nodenv.git ${NODENV_ROOT} && \
+    git clone --depth 1 https://github.com/nodenv/node-build.git ${NODENV_ROOT}/plugins/node-build && \
+    git clone --depth 1 https://github.com/pine/nodenv-yarn-install.git ${NODENV_ROOT}/plugins/nodenv-yarn-install && \
+    git clone --depth 1 https://github.com/nodenv/nodenv-package-rehash.git ${NODENV_ROOT}/plugins/nodenv-package-rehash && \
+    echo 'eval "$(nodenv init -)"' >> /etc/profile.d/nodenv.sh && \
+    nodenv install $(cat .node-version) && \
+    nodenv global $(cat .node-version)
+
+# Install Chrome
+RUN wget --quiet -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \
+    sh -c "echo 'deb [arch=amd64]  http://dl.google.com/linux/chrome/deb/ stable main' >> /etc/apt/sources.list.d/google-chrome.list" && \
+    apt-get update && \
+    apt-get install -fy google-chrome-stable
+
+# Install Chromedriver
+RUN wget https://chromedriver.storage.googleapis.com/2.41/chromedriver_linux64.zip && \
+    unzip chromedriver_linux64.zip -d /usr/bin && \
+    chmod u+x /usr/bin/chromedriver
+
+# Copy code and install app dependencies
+COPY . /usr/src/app/
+
+# Install Bundler
+RUN ./script/install-bundler
+
+# Install front-end dependencies
+RUN yarn install
+
+# Run bundler install in parallel with the amount of available CPUs
+RUN bundle install --jobs="$(nproc)"

Dockerfile.ubuntu

@@ -1,92 +0,0 @@
-FROM ubuntu:20.04
-
-ENV TZ Europe/London
-
-RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
-
-RUN echo "deb http://security.ubuntu.com/ubuntu bionic-security main" >> /etc/apt/sources.list
-
-# Install all the requirements
-RUN apt-get update && apt-get install -y \
-  curl \
-  git \
-  build-essential \
-  software-properties-common \
-  wget \
-  zlib1g-dev \
-  libreadline-dev \
-  libyaml-dev \
-  libffi-dev \
-  libxml2-dev \
-  libxslt1-dev \
-  wait-for-it \
-  imagemagick \
-  unzip \
-  libjemalloc-dev \
-  libssl-dev \
-  ca-certificates \
-  gnupg
-
-# Setup ENV variables
-ENV PATH /usr/local/src/rbenv/shims:/usr/local/src/rbenv/bin:/usr/local/src/nodenv/shims:/usr/local/src/nodenv/bin:$PATH
-ENV RBENV_ROOT /usr/local/src/rbenv
-ENV NODENV_ROOT /usr/local/src/nodenv
-ENV CONFIGURE_OPTS --disable-install-doc
-ENV BUNDLE_PATH /bundles
-ENV LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so
-
-WORKDIR /usr/src/app
-
-# trim spaces and line return from .ruby-version file
-COPY .ruby-version .ruby-version.raw
-RUN cat .ruby-version.raw | tr -d '\r\t ' > .ruby-version
-
-# Install Rbenv & Ruby
-RUN git clone --depth 1 https://github.com/rbenv/rbenv.git ${RBENV_ROOT} && \
-    git clone --depth 1 https://github.com/rbenv/ruby-build.git ${RBENV_ROOT}/plugins/ruby-build && \
-    echo 'eval "$(rbenv init -)"' >> /etc/profile.d/rbenv.sh && \
-    RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install $(cat .ruby-version) && \
-    rbenv global $(cat .ruby-version)
-
-# Install Postgres
-RUN sh -c "echo 'deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main' >> /etc/apt/sources.list.d/pgdg.list" && \
-    curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg >/dev/null && \
-    apt-get update && \
-    apt-get install -yqq --no-install-recommends postgresql-client-10 libpq-dev
-
-
-# trim spaces and line return from .node-version file
-COPY .node-version .node-version.raw
-RUN cat .node-version.raw | tr -d '\r\t ' > .node-version
-
-# Install Node and Yarn with Nodenv
-RUN git clone --depth 1 https://github.com/nodenv/nodenv.git ${NODENV_ROOT} && \
-    git clone --depth 1 https://github.com/nodenv/node-build.git ${NODENV_ROOT}/plugins/node-build && \
-    git clone --depth 1 https://github.com/pine/nodenv-yarn-install.git ${NODENV_ROOT}/plugins/nodenv-yarn-install && \
-    git clone --depth 1 https://github.com/nodenv/nodenv-package-rehash.git ${NODENV_ROOT}/plugins/nodenv-package-rehash && \
-    echo 'eval "$(nodenv init -)"' >> /etc/profile.d/nodenv.sh && \
-    nodenv install $(cat .node-version) && \
-    nodenv global $(cat .node-version)
-
-# Install Chrome
-RUN wget --quiet -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \
-    sh -c "echo 'deb [arch=amd64]  http://dl.google.com/linux/chrome/deb/ stable main' >> /etc/apt/sources.list.d/google-chrome.list" && \
-    apt-get update && \
-    apt-get install -fy google-chrome-stable
-
-# Install Chromedriver
-RUN wget https://chromedriver.storage.googleapis.com/2.41/chromedriver_linux64.zip && \
-    unzip chromedriver_linux64.zip -d /usr/bin && \
-    chmod u+x /usr/bin/chromedriver
-
-# Copy code and install app dependencies
-COPY . /usr/src/app/
-
-# Install Bundler
-RUN ./script/install-bundler
-
-# Install front-end dependencies
-RUN yarn install
-
-# Run bundler install in parallel with the amount of available CPUs
-RUN bundle install --jobs="$(nproc)"

Gemfile

@@ -65,7 +65,7 @@ gem 'oauth2', '~> 1.4.7' # Used for Stripe Connect
 
 gem 'datafoodconsortium-connector'
 gem 'jsonapi-serializer'
-gem 'pagy', '~> 9'
+gem 'pagy', '~> 5.1'
 
 gem 'rswag-api'
 gem 'rswag-ui'
@@ -86,7 +86,7 @@ gem "active_model_serializers", "0.8.4"
 gem 'activerecord-session_store'
 gem 'acts-as-taggable-on'
 gem 'angularjs-file-upload-rails', '~> 2.4.1'
-gem 'bigdecimal'
+gem 'bigdecimal', '3.0.2'
 gem 'bootsnap', require: false
 gem 'geocoder'
 gem 'gmaps4rails'
@@ -152,7 +152,6 @@ end
 group :test, :development do
   gem 'bullet'
   gem 'capybara'
-  gem 'capybara-shadowdom'
   gem 'cuprite'
   gem 'database_cleaner', require: false
   gem 'debug', '>= 1.0.0'
@@ -172,10 +171,8 @@ end
 
 group :test do
   gem 'pdf-reader'
-  gem 'puffing-billy'
   gem 'rails-controller-testing'
   gem 'simplecov', require: false
-  gem 'undercover', require: false
   gem 'vcr', require: false
   gem 'webmock', require: false
   # See spec/spec_helper.rb for instructions
@@ -185,7 +182,6 @@ end
 group :development do
   gem 'debugger-linecache'
   gem 'foreman'
-  gem 'i18n-tasks'
   gem 'listen'
   gem 'pry', '~> 0.13.0'
   gem 'query_count'

Gemfile.lock

@@ -48,58 +48,54 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    Ascii85 (2.0.1)
-    actioncable (7.1.5.2)
-      actionpack (= 7.1.5.2)
-      activesupport (= 7.1.5.2)
+    Ascii85 (1.1.0)
+    actioncable (7.0.8)
+      actionpack (= 7.0.8)
+      activesupport (= 7.0.8)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-      zeitwerk (~> 2.6)
-    actionmailbox (7.1.5.2)
-      actionpack (= 7.1.5.2)
-      activejob (= 7.1.5.2)
-      activerecord (= 7.1.5.2)
-      activestorage (= 7.1.5.2)
-      activesupport (= 7.1.5.2)
+    actionmailbox (7.0.8)
+      actionpack (= 7.0.8)
+      activejob (= 7.0.8)
+      activerecord (= 7.0.8)
+      activestorage (= 7.0.8)
+      activesupport (= 7.0.8)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.1.5.2)
-      actionpack (= 7.1.5.2)
-      actionview (= 7.1.5.2)
-      activejob (= 7.1.5.2)
-      activesupport (= 7.1.5.2)
+    actionmailer (7.0.8)
+      actionpack (= 7.0.8)
+      actionview (= 7.0.8)
+      activejob (= 7.0.8)
+      activesupport (= 7.0.8)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
-      rails-dom-testing (~> 2.2)
-    actionpack (7.1.5.2)
-      actionview (= 7.1.5.2)
-      activesupport (= 7.1.5.2)
-      nokogiri (>= 1.8.5)
-      racc
-      rack (>= 2.2.4)
-      rack-session (>= 1.0.1)
+      rails-dom-testing (~> 2.0)
+    actionpack (7.0.8)
+      actionview (= 7.0.8)
+      activesupport (= 7.0.8)
+      rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.2)
-      rails-html-sanitizer (~> 1.6)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
     actionpack-action_caching (1.2.2)
       actionpack (>= 4.0.0)
-    actiontext (7.1.5.2)
-      actionpack (= 7.1.5.2)
-      activerecord (= 7.1.5.2)
-      activestorage (= 7.1.5.2)
-      activesupport (= 7.1.5.2)
+    actiontext (7.0.8)
+      actionpack (= 7.0.8)
+      activerecord (= 7.0.8)
+      activestorage (= 7.0.8)
+      activesupport (= 7.0.8)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.1.5.2)
-      activesupport (= 7.1.5.2)
+    actionview (7.0.8)
+      activesupport (= 7.0.8)
       builder (~> 3.1)
-      erubi (~> 1.11)
-      rails-dom-testing (~> 2.2)
-      rails-html-sanitizer (~> 1.6)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
     active_model_serializers (0.8.4)
       activemodel (>= 3.0)
     active_storage_validations (1.1.4)
@@ -107,8 +103,8 @@ GEM
       activemodel (>= 5.2.0)
       activestorage (>= 5.2.0)
       activesupport (>= 5.2.0)
-    activejob (7.1.5.2)
-      activesupport (= 7.1.5.2)
+    activejob (7.0.8)
+      activesupport (= 7.0.8)
       globalid (>= 0.3.6)
     activemerchant (1.133.0)
       activesupport (>= 4.2)
@@ -116,12 +112,11 @@ GEM
       i18n (>= 0.6.9)
       nokogiri (~> 1.4)
       rexml (~> 3.2.5)
-    activemodel (7.1.5.2)
-      activesupport (= 7.1.5.2)
-    activerecord (7.1.5.2)
-      activemodel (= 7.1.5.2)
-      activesupport (= 7.1.5.2)
-      timeout (>= 0.4.0)
+    activemodel (7.0.8)
+      activesupport (= 7.0.8)
+    activerecord (7.0.8)
+      activemodel (= 7.0.8)
+      activesupport (= 7.0.8)
     activerecord-import (1.6.0)
       activerecord (>= 4.2)
     activerecord-postgresql-adapter (0.0.1)
@@ -133,24 +128,17 @@ GEM
       multi_json (~> 1.11, >= 1.11.2)
       rack (>= 2.0.8, < 4)
       railties (>= 6.1)
-    activestorage (7.1.5.2)
-      actionpack (= 7.1.5.2)
-      activejob (= 7.1.5.2)
-      activerecord (= 7.1.5.2)
-      activesupport (= 7.1.5.2)
+    activestorage (7.0.8)
+      actionpack (= 7.0.8)
+      activejob (= 7.0.8)
+      activerecord (= 7.0.8)
+      activesupport (= 7.0.8)
       marcel (~> 1.0)
-    activesupport (7.1.5.2)
-      base64
-      benchmark (>= 0.3)
-      bigdecimal
+      mini_mime (>= 1.1.0)
+    activesupport (7.0.8)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      connection_pool (>= 2.2.5)
-      drb
       i18n (>= 1.6, < 2)
-      logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
-      securerandom (>= 0.3)
       tzinfo (~> 2.0)
     acts-as-taggable-on (10.0.0)
       activerecord (>= 6.1, < 7.2)
@@ -171,7 +159,7 @@ GEM
     angularjs-rails (1.8.0)
     arel-helpers (2.14.0)
       activerecord (>= 3.1.0, < 8)
-    ast (2.4.3)
+    ast (2.4.2)
     attr_required (1.0.2)
     aws-eventstream (1.3.0)
     aws-partitions (1.929.0)
@@ -189,11 +177,10 @@ GEM
       aws-sigv4 (~> 1.8)
     aws-sigv4 (1.8.0)
       aws-eventstream (~> 1, >= 1.0.2)
-    base64 (0.3.0)
+    base64 (0.2.0)
     bcp47_spec (0.2.1)
     bcrypt (3.1.20)
-    benchmark (0.4.1)
-    bigdecimal (3.2.2)
+    bigdecimal (3.0.2)
     bindata (2.5.0)
     bindex (0.8.1)
     bootsnap (1.18.3)
@@ -201,10 +188,10 @@ GEM
     bugsnag (6.26.4)
       concurrent-ruby (~> 1.0)
     builder (3.2.4)
-    bullet (8.0.8)
+    bullet (7.1.6)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
-    cable_ready (5.0.6)
+    cable_ready (5.0.5)
       actionpack (>= 5.2)
       actionview (>= 5.2)
       activesupport (>= 5.2)
@@ -221,14 +208,12 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
-    capybara-shadowdom (0.3.0)
-      capybara
     caxlsx (3.3.0)
       htmlentities (~> 4.3, >= 4.3.4)
       marcel (~> 1.0)
       nokogiri (~> 1.10, >= 1.10.4)
       rubyzip (>= 1.3.0, < 3)
-    cgi (0.3.7)
+    cgi (0.3.6)
     childprocess (5.0.0)
     choice (0.2.0)
     chronic (0.10.2)
@@ -243,9 +228,8 @@ GEM
     combine_pdf (1.0.26)
       matrix
       ruby-rc4 (>= 0.1.5)
-    concurrent-ruby (1.3.5)
-    connection_pool (2.5.3)
-    cookiejar (0.3.4)
+    concurrent-ruby (1.3.1)
+    connection_pool (2.4.1)
     crack (1.0.0)
       bigdecimal
       rexml
@@ -262,9 +246,9 @@ GEM
       activerecord (>= 5.a)
       database_cleaner-core (~> 2.0.0)
     database_cleaner-core (2.0.1)
-    datafoodconsortium-connector (1.1.0)
+    datafoodconsortium-connector (1.0.0.pre.alpha.13)
       virtual_assembly-semantizer (~> 1.0, >= 1.0.5)
-    date (3.4.1)
+    date (3.3.4)
     debug (1.9.2)
       irb (~> 1.10)
       reline (>= 0.3.8)
@@ -285,25 +269,11 @@ GEM
     digest (3.1.1)
     docile (1.4.0)
     dotenv (3.1.2)
-    drb (2.2.3)
-    em-http-request (1.1.7)
-      addressable (>= 2.3.4)
-      cookiejar (!= 0.3.1)
-      em-socksify (>= 0.3)
-      eventmachine (>= 1.0.3)
-      http_parser.rb (>= 0.6.0)
-    em-socksify (0.3.3)
-      base64
-      eventmachine (>= 1.0.0.beta.4)
-    em-synchrony (1.0.6)
-      eventmachine (>= 1.0.0.beta.1)
     email_validator (2.2.4)
       activemodel
     erubi (1.12.0)
-    et-orbi (1.3.0)
+    et-orbi (1.2.7)
       tzinfo
-    eventmachine (1.2.7)
-    eventmachine_httpserver (0.2.1)
     excon (0.81.0)
     execjs (2.7.0)
     factory_bot (6.2.0)
@@ -353,8 +323,8 @@ GEM
       nokogiri (>= 1.5.11, < 2.0.0)
     foreman (0.88.1)
     formatador (0.2.5)
-    fugit (1.11.1)
-      et-orbi (~> 1, >= 1.2.11)
+    fugit (1.8.1)
+      et-orbi (~> 1, >= 1.2.7)
       raabro (~> 1.4)
     fuubar (2.5.1)
       rspec-core (~> 3.0)
@@ -377,26 +347,13 @@ GEM
     hashie (5.0.0)
     highline (2.0.3)
     htmlentities (4.3.4)
-    http_parser.rb (0.8.0)
     i18n (1.14.5)
       concurrent-ruby (~> 1.0)
     i18n-js (3.9.2)
       i18n (>= 0.6.6)
-    i18n-tasks (1.0.14)
-      activesupport (>= 4.0.2)
-      ast (>= 2.1.0)
-      erubi
-      highline (>= 2.0.0)
-      i18n
-      parser (>= 3.2.2.1)
-      rails-i18n
-      rainbow (>= 2.2.2, < 4.0)
-      terminal-table (>= 1.5.1)
     image_processing (1.12.2)
       mini_magick (>= 4.9.5, < 5)
       ruby-vips (>= 2.0.17, < 3)
-    imagen (0.2.0)
-      parser (>= 2.5, != 2.5.1.1)
     immigrant (0.3.6)
       activerecord (>= 3.0)
     invisible_captcha (2.3.0)
@@ -439,7 +396,7 @@ GEM
       activesupport (>= 4.2)
     jwt (2.8.1)
       base64
-    knapsack_pro (8.1.2)
+    knapsack_pro (7.4.0)
       rake
     language_server-protocol (3.17.0.3)
     launchy (3.0.0)
@@ -451,8 +408,7 @@ GEM
     listen (3.9.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    logger (1.7.0)
-    loofah (2.24.1)
+    loofah (2.22.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     mail (2.8.1)
@@ -472,7 +428,7 @@ GEM
     mini_magick (4.11.0)
     mini_mime (1.1.5)
     mini_portile2 (2.8.6)
-    minitest (5.25.5)
+    minitest (5.23.1)
     monetize (1.13.0)
       money (~> 6.12)
     money (6.16.0)
@@ -480,10 +436,9 @@ GEM
     msgpack (1.7.2)
     multi_json (1.15.0)
     multi_xml (0.6.0)
-    mutex_m (0.3.0)
     net-http (0.4.1)
       uri
-    net-imap (0.4.20)
+    net-imap (0.4.10)
       date
       net-protocol
     net-pop (0.1.2)
@@ -494,7 +449,7 @@ GEM
       net-protocol
     newrelic_rpm (9.9.0)
     nio4r (2.7.1)
-    nokogiri (1.18.9)
+    nokogiri (1.16.5)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     nokogiri-html5-inference (0.3.0)
@@ -530,15 +485,15 @@ GEM
       validate_url
       webfinger (~> 2.0)
     orm_adapter (0.5.0)
-    ostruct (0.6.1)
-    pagy (9.3.4)
+    pagy (5.10.1)
+      activesupport
     paper_trail (15.1.0)
       activerecord (>= 6.1)
       request_store (~> 1.4)
     parallel (1.24.0)
     paranoia (2.6.3)
       activerecord (>= 5.1, < 7.2)
-    parser (3.3.8.0)
+    parser (3.3.2.0)
       ast (~> 2.4.1)
       racc
     paypal-sdk-core (0.3.4)
@@ -546,9 +501,9 @@ GEM
       xml-simple
     paypal-sdk-merchant (1.117.2)
       paypal-sdk-core (~> 0.3.0)
-    pdf-reader (2.15.0)
-      Ascii85 (>= 1.0, < 3.0, != 2.0.0)
-      afm (>= 0.2.1, < 2)
+    pdf-reader (2.12.0)
+      Ascii85 (~> 1.0)
+      afm (~> 0.2.1)
       hashery (~> 2.0)
       ruby-rc4
       ttfunk
@@ -560,22 +515,14 @@ GEM
     psych (5.1.2)
       stringio
     public_suffix (5.0.5)
-    puffing-billy (4.0.2)
-      addressable (~> 2.5)
-      em-http-request (~> 1.1, >= 1.1.0)
-      em-synchrony
-      eventmachine (~> 1.2)
-      eventmachine_httpserver
-      http_parser.rb (~> 0.8.0)
-      multi_json
-    puma (6.5.0)
+    puma (6.4.2)
       nio4r (~> 2.0)
     query_count (1.1.1)
       activerecord (>= 4.2)
       railties (>= 4.2)
     raabro (1.4.0)
-    racc (1.8.1)
-    rack (2.2.14)
+    racc (1.8.0)
+    rack (2.2.9)
     rack-mini-profiler (2.3.4)
       rack (>= 1.2.0)
     rack-oauth2 (2.2.1)
@@ -596,23 +543,20 @@ GEM
     rack-test (2.1.0)
       rack (>= 1.3)
     rack-timeout (0.7.0)
-    rackup (1.0.1)
-      rack (< 3)
-      webrick
-    rails (7.1.5.2)
-      actioncable (= 7.1.5.2)
-      actionmailbox (= 7.1.5.2)
-      actionmailer (= 7.1.5.2)
-      actionpack (= 7.1.5.2)
-      actiontext (= 7.1.5.2)
-      actionview (= 7.1.5.2)
-      activejob (= 7.1.5.2)
-      activemodel (= 7.1.5.2)
-      activerecord (= 7.1.5.2)
-      activestorage (= 7.1.5.2)
-      activesupport (= 7.1.5.2)
+    rails (7.0.8)
+      actioncable (= 7.0.8)
+      actionmailbox (= 7.0.8)
+      actionmailer (= 7.0.8)
+      actionpack (= 7.0.8)
+      actiontext (= 7.0.8)
+      actionview (= 7.0.8)
+      activejob (= 7.0.8)
+      activemodel (= 7.0.8)
+      activerecord (= 7.0.8)
+      activestorage (= 7.0.8)
+      activesupport (= 7.0.8)
       bundler (>= 1.15.0)
-      railties (= 7.1.5.2)
+      railties (= 7.0.8)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
@@ -626,21 +570,20 @@ GEM
       activesupport (>= 4.2)
       choice (~> 0.2.0)
       ruby-graphviz (~> 1.2)
-    rails-html-sanitizer (1.6.1)
+    rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
-      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
+      nokogiri (~> 1.14)
     rails-i18n (7.0.9)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
     rails_safe_tasks (1.0.0)
-    railties (7.1.5.2)
-      actionpack (= 7.1.5.2)
-      activesupport (= 7.1.5.2)
-      irb
-      rackup (>= 1.0.0)
+    railties (7.0.8)
+      actionpack (= 7.0.8)
+      activesupport (= 7.0.8)
+      method_source
       rake (>= 12.2)
-      thor (~> 1.0, >= 1.2.2)
-      zeitwerk (~> 2.6)
+      thor (~> 1.0)
+      zeitwerk (~> 2.5)
     rainbow (3.1.1)
     rake (13.2.1)
     ransack (4.1.1)
@@ -650,9 +593,8 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rdf (3.3.2)
+    rdf (3.3.1)
       bcp47_spec (~> 0.2)
-      bigdecimal (~> 3.1, >= 3.1.5)
       link_header (~> 0.0, >= 0.0.8)
     rdoc (6.6.3.1)
       psych (>= 4.0.0)
@@ -669,8 +611,8 @@ GEM
     responders (3.1.1)
       actionpack (>= 5.2)
       railties (>= 5.2)
-    rexml (3.2.9)
-      strscan
+    rexml (3.2.8)
+      strscan (>= 3.0.9)
     roadie (5.2.1)
       css_parser (~> 1.4)
       nokogiri (~> 1.15)
@@ -705,7 +647,7 @@ GEM
       rspec-support (~> 3.13)
     rspec-retry (0.6.2)
       rspec-core (> 3.3)
-    rspec-sql (0.0.3)
+    rspec-sql (0.0.2)
       activesupport
       rspec
     rspec-support (3.13.1)
@@ -741,10 +683,10 @@ GEM
       rubocop (~> 1.41)
     rubocop-factory_bot (2.25.1)
       rubocop (~> 1.41)
-    rubocop-rails (2.28.0)
+    rubocop-rails (2.24.1)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
-      rubocop (>= 1.52.0, < 2.0)
+      rubocop (>= 1.33.0, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
     rubocop-rspec (2.29.2)
       rubocop (~> 1.40)
@@ -762,7 +704,6 @@ GEM
     rubyzip (2.3.2)
     rufus-scheduler (3.8.2)
       fugit (~> 1.1, >= 1.1.6)
-    rugged (1.9.0)
     sanitize (6.1.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
@@ -774,7 +715,6 @@ GEM
       sprockets-rails (>= 2.0, < 4.0)
       tilt (>= 1.1, < 3)
     sd_notify (0.1.1)
-    securerandom (0.4.1)
     semantic_range (3.0.0)
     shoulda-matchers (6.2.0)
       activesupport (>= 5.2.0)
@@ -815,37 +755,33 @@ GEM
     state_machines-activerecord (0.9.0)
       activerecord (>= 6.0)
       state_machines-activemodel (>= 0.9.0)
-    stimulus_reflex (3.5.5)
-      actioncable (>= 5.2)
-      actionpack (>= 5.2)
-      actionview (>= 5.2)
-      activesupport (>= 5.2)
+    stimulus_reflex (3.5.1)
+      actioncable (>= 5.2, < 8)
+      actionpack (>= 5.2, < 8)
+      actionview (>= 5.2, < 8)
+      activesupport (>= 5.2, < 8)
       cable_ready (~> 5.0)
       nokogiri (~> 1.0)
       nokogiri-html5-inference (~> 0.3)
-      ostruct (~> 0.6)
       rack (>= 2, < 4)
-      railties (>= 5.2)
+      railties (>= 5.2, < 8)
       redis (>= 4.0, < 6.0)
     stringex (2.8.6)
     stringio (3.1.0)
     stripe (11.1.0)
-    strscan (3.1.2)
+    strscan (3.1.0)
     swd (2.0.3)
       activesupport (>= 3)
       attr_required (>= 0.0.5)
       faraday (~> 2.0)
       faraday-follow_redirects
     temple (0.8.2)
-    terminal-table (4.0.0)
-      unicode-display_width (>= 1.1.1, < 4)
-    thor (1.4.0)
+    thor (1.3.1)
     thread-local (1.1.0)
     tilt (2.3.0)
-    timecop (0.9.10)
-    timeout (0.4.3)
-    ttfunk (1.8.0)
-      bigdecimal (~> 3.1)
+    timecop (0.9.8)
+    timeout (0.4.1)
+    ttfunk (1.7.0)
     turbo-rails (2.0.5)
       actionpack (>= 6.0.0)
       activejob (>= 6.0.0)
@@ -854,17 +790,9 @@ GEM
       turbo-rails (>= 1.3.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    undercover (0.7.4)
-      base64
-      bigdecimal
-      imagen (>= 0.2.0)
-      rainbow (>= 2.1, < 4.0)
-      rugged (>= 0.27, < 1.10)
-      simplecov
-      simplecov_json_formatter
     unicode-display_width (2.5.0)
-    uniform_notifier (1.17.0)
-    uri (0.13.2)
+    uniform_notifier (1.16.0)
+    uri (0.13.0)
     valid_email2 (5.2.3)
       activemodel (>= 3.2)
       mail (~> 2.5)
@@ -904,7 +832,7 @@ GEM
       rack-proxy (>= 0.6.1)
       railties (>= 5.2)
       semantic_range (>= 2.3.0)
-    webrick (1.8.2)
+    webrick (1.8.1)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
@@ -937,14 +865,13 @@ DEPENDENCIES
   angularjs-rails (= 1.8.0)
   arel-helpers (~> 2.12)
   aws-sdk-s3
-  bigdecimal
+  bigdecimal (= 3.0.2)
   bootsnap
   bugsnag
   bullet
   cable_ready
   cancancan (~> 1.15.0)
   capybara
-  capybara-shadowdom
   catalog!
   coffee-rails (~> 5.0.0)
   combine_pdf
@@ -977,7 +904,6 @@ DEPENDENCIES
   highline (= 2.0.3)
   i18n
   i18n-js (~> 3.9.0)
-  i18n-tasks
   image_processing
   immigrant
   invisible_captcha
@@ -1000,7 +926,7 @@ DEPENDENCIES
   omniauth_openid_connect
   openid_connect
   order_management!
-  pagy (~> 9)
+  pagy (~> 5.1)
   paper_trail
   paranoia (~> 2.4)
   paypal-sdk-merchant (= 1.117.2)
@@ -1008,7 +934,6 @@ DEPENDENCIES
   pg (~> 1.2.3)
   private_address_check
   pry (~> 0.13.0)
-  puffing-billy
   puma
   query_count
   rack-mini-profiler (< 3.0.0)
@@ -1052,7 +977,6 @@ DEPENDENCIES
   timecop
   turbo-rails
   turbo_power
-  undercover
   valid_email2
   validates_lengths_from_database
   vcr

Procfile.docker

@@ -1,5 +0,0 @@
-# Foreman Procfile for Docker env. Start all dev server processes with: `bundle exec foreman start -f Procfile.docker`
-
-webpack:    WEBPACKER_DEV_SERVER_HOST=0.0.0.0 ./bin/webpack-dev-server
-sidekiq:    DEV_CACHING=true bundle exec sidekiq -q mailers -q default
-rails:      WEBPACKER_DEV_SERVER_HOST=0.0.0.0 DEV_CACHING=true bundle exec rails s -p 3000 -b 0.0.0.0

app/assets/javascripts/admin/all.js

@@ -67,5 +67,8 @@
 // foundation
 //= require ../shared/mm-foundation-tpls-0.9.0-20180826174721.min.js
 
+// LocalStorage
+//= require ../shared/angular-local-storage.js
+
 // requires the rest of the JS code in this folder
 //= require_tree .

app/assets/javascripts/admin/bulk_product_update.js.coffee

@@ -0,0 +1,393 @@
+angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout, $filter, $http, $window, $location, BulkProducts, DisplayProperties, DirtyProducts, VariantUnitManager, StatusMessage, producers, Taxons, Columns, tax_categories, RequestMonitor, SortOptions, ErrorsParser, ProductFiltersUrl) ->
+  $scope.StatusMessage = StatusMessage
+
+  $scope.columns = Columns.columns
+
+  $scope.variant_unit_options = VariantUnitManager.variantUnitOptions()
+
+  $scope.RequestMonitor = RequestMonitor
+  $scope.pagination = BulkProducts.pagination
+  $scope.per_page_options = [
+    {id: 15, name: t('js.admin.orders.index.per_page', results: 15)},
+    {id: 50, name: t('js.admin.orders.index.per_page', results: 50)},
+    {id: 100, name: t('js.admin.orders.index.per_page', results: 100)}
+  ]
+
+  $scope.q = {
+    producerFilter: ""
+    categoryFilter: ""
+    importDateFilter: ""
+    query: ""
+    sorting: ""
+  }
+
+  $scope.sorting = "name asc"
+  $scope.producers = producers
+  $scope.taxons = Taxons.all
+  $scope.tax_categories = tax_categories
+  $scope.page = 1
+  $scope.per_page = 15
+  $scope.products = BulkProducts.products
+  $scope.DisplayProperties = DisplayProperties
+
+  $scope.sortOptions = SortOptions
+
+  $scope.initialise = ->
+    $scope.q = ProductFiltersUrl.loadFromUrl($location.search())
+    $scope.fetchProducts()
+
+  $scope.$watchCollection '[q.query, q.producerFilter, q.categoryFilter, q.importDateFilter, per_page]', ->
+    $scope.page = 1 # Reset page when changing filters for new search
+
+  $scope.changePage = (newPage) ->
+    $scope.page = newPage
+    $scope.fetchProducts()
+
+  $scope.fetchProducts = ->
+    removeClearedValues()
+    params = {
+      'q[name_cont]': $scope.q.query,
+      'q[variants_supplier_id_eq]': $scope.q.producerFilter,
+      'q[variants_primary_taxon_id_eq]': $scope.q.categoryFilter,
+      'q[s]': $scope.sorting,
+      import_date: $scope.q.importDateFilter,
+      page: $scope.page,
+      per_page: $scope.per_page
+    }
+    RequestMonitor.load(BulkProducts.fetch(params).$promise).then ->
+      # update url with the filters used
+      $location.search(ProductFiltersUrl.generate($scope.q))
+      $scope.resetProducts()
+
+  removeClearedValues = ->
+    delete $scope.q.producerFilter if $scope.q.producerFilter == "0"
+    delete $scope.q.categoryFilter if $scope.q.categoryFilter == "0"
+    delete $scope.q.importDateFilter if $scope.q.importDateFilter == "0"
+
+  $timeout ->
+    if $scope.showLatestImport
+      $scope.q.importDateFilter = $scope.importDates[1].id
+
+  $scope.resetProducts = ->
+    DirtyProducts.clear()
+    StatusMessage.clear()
+
+  $scope.updateOnHand = (product) ->
+    on_demand_variants = []
+    if product.variants
+      on_demand_variants = (variant for id, variant of product.variants when variant.on_demand)
+
+    unless product.on_demand || on_demand_variants.length > 0
+      product.on_hand = $scope.onHand(product)
+
+
+  $scope.onHand = (product) ->
+    onHand = 0
+    if product.hasOwnProperty("variants") and product.variants instanceof Object
+      for id, variant of product.variants
+        onHand = onHand + parseInt(if variant.on_hand > 0 then variant.on_hand else 0)
+    else
+      onHand = "error"
+    onHand
+
+  $scope.shiftTab = (tab) ->
+    $scope.visibleTab.visible = false unless $scope.visibleTab == tab || $scope.visibleTab == undefined
+    tab.visible = !tab.visible
+    $scope.visibleTab = tab
+
+  $scope.resetSelectFilters = ->
+    $scope.q.query = ""
+    $scope.q.producerFilter = "0"
+    $scope.q.categoryFilter = "0"
+    $scope.q.importDateFilter = "0"
+    $scope.fetchProducts()
+
+  $scope.$watch 'sortOptions', (sort) ->
+    return unless sort && sort.predicate != ""
+
+    $scope.sorting = sort.getSortingExpr(defaultDirection: "asc")
+    $scope.fetchProducts()
+  , true
+
+  confirm_unsaved_changes = () ->
+    (DirtyProducts.count() > 0 and confirm(t("unsaved_changes_confirmation"))) or (DirtyProducts.count() == 0)
+
+  editProductUrl = (product, variant) ->
+    "/admin/products/" + product.id + ((if variant then "/variants/" + variant.id else "")) + "/edit"
+
+  $scope.editWarn = (product, variant) ->
+    if confirm_unsaved_changes()
+      $window.location.href = ProductFiltersUrl.buildUrl(editProductUrl(product, variant), $scope.q)
+
+  $scope.toggleShowAllVariants = ->
+    showVariants = !DisplayProperties.showVariants 0
+    $scope.products.forEach (product) ->
+      DisplayProperties.setShowVariants product.id, showVariants
+    DisplayProperties.setShowVariants 0, showVariants
+
+  $scope.addVariant = (product) ->
+    # Set new variant category to same as last product variant category to keep compactibility with deleted variant callback to set new variant category
+    newVariantId = $scope.nextVariantId();
+    newVariantCategoryId = product.variants[product.variants.length - 1]?.category_id
+    product.variants.push
+      id: newVariantId
+      unit_value: null
+      unit_description: null
+      on_demand: false
+      display_as: null
+      display_name: null
+      on_hand: null
+      price: null
+      tax_category_id: null
+      category_id: newVariantCategoryId
+    DisplayProperties.setShowVariants product.id, true
+    DirtyProducts.addVariantProperty(product.id, newVariantId, 'category_id', newVariantCategoryId)
+
+
+  $scope.nextVariantId = ->
+    $scope.variantIdCounter = 0 unless $scope.variantIdCounter?
+    $scope.variantIdCounter -= 1
+    $scope.variantIdCounter
+
+  $scope.deleteProduct = (product) ->
+    if confirm(t('are_you_sure'))
+      $http(
+        method: "DELETE"
+        url: "/api/v0/products/" + product.id
+      ).then (response) ->
+        $scope.products.splice $scope.products.indexOf(product), 1
+        DirtyProducts.deleteProduct product.id
+        $scope.displayDirtyProducts()
+
+
+  $scope.deleteVariant = (product, variant) ->
+    if product.variants.length > 1
+      if !$scope.variantSaved(variant)
+        $scope.removeVariant(product, variant)
+      else
+        if confirm(t("are_you_sure"))
+          $http(
+            method: "DELETE"
+            url: "/api/v0/products/" + product.id + "/variants/" + variant.id
+          ).then (response) ->
+            $scope.removeVariant(product, variant)
+    else
+      alert(t("delete_product_variant"))
+
+  $scope.removeVariant = (product, variant) ->
+    product.variants.splice product.variants.indexOf(variant), 1
+    DirtyProducts.deleteVariant product.id, variant.id
+    $scope.displayDirtyProducts()
+
+
+  $scope.cloneProduct = (product) ->
+    BulkProducts.cloneProduct product
+
+  $scope.hasVariants = (product) ->
+    product.variants.length > 0
+
+
+  $scope.hasUnit = (variant) ->
+    variant.variant_unit_with_scale?
+
+  $scope.variantSaved = (variant) ->
+    variant.hasOwnProperty('id') && variant.id > 0
+
+
+  $scope.hasOnDemandVariants = (product) ->
+    (variant for id, variant of product.variants when variant.on_demand).length > 0
+
+
+  $scope.submitProducts = ->
+    # Pack pack $scope.products, so they will match the list returned from the server,
+    # then pack $scope.dirtyProducts, ensuring that the correct product info is sent to the server.
+    $scope.packProduct product for id, product of $scope.products
+    $scope.packProduct product for id, product of DirtyProducts.all()
+
+    productsToSubmit = filterSubmitProducts(DirtyProducts.all())
+    if productsToSubmit.length > 0
+      $scope.updateProducts productsToSubmit # Don't submit an empty list
+    else
+      StatusMessage.display 'alert', t("products_change")
+
+
+  $scope.updateProducts = (productsToSubmit) ->
+    $scope.displayUpdating()
+    $http(
+      method: "POST"
+      url: "/admin/products/bulk_update"
+      data:
+        products: productsToSubmit
+        filters:
+          'q[name_cont]': $scope.q.query
+          'q[variants_supplier_id_eq]': $scope.q.producerFilter
+          'q[variants_primary_taxon_id_eq]': $scope.q.categoryFilter
+          'q[s]': $scope.sorting
+          import_date: $scope.q.importDateFilter
+        page: $scope.page
+        per_page: $scope.per_page
+    ).then((response) ->
+      DirtyProducts.clear()
+      BulkProducts.updateVariantLists(response.data.products || [])
+      $timeout -> $scope.displaySuccess()
+    ).catch (response) ->
+      if response.status == 400 && response.data.errors?
+        errorsString = ErrorsParser.toString(response.data.errors, response.status)
+        $scope.displayFailure t("products_update_error") + "\n" + errorsString
+      else
+        $scope.displayFailure t("products_update_error_data") + response.status
+
+  $scope.cancel = (destination) ->
+    $window.location = destination
+
+  $scope.packProduct = (product) ->
+    if product.variants
+      for id, variant of product.variants
+        $scope.packVariant variant
+
+
+  $scope.packVariant = (variant) ->
+    if variant.variant_unit_with_scale
+      match = variant.variant_unit_with_scale.match(/^([^_]+)_([\d\.]+)$/)
+      if match
+        variant.variant_unit = match[1]
+        variant.variant_unit_scale = parseFloat(match[2])
+      else
+        variant.variant_unit = variant.variant_unit_with_scale
+        variant.variant_unit_scale = null
+
+    if variant.hasOwnProperty("unit_value_with_description")
+      match = variant.unit_value_with_description.match(/^([\d\.\,]+(?= |$)|)( |)(.*)$/)
+      if match
+        variant.unit_value  = parseFloat(match[1].replace(",", "."))
+        variant.unit_value  = null if isNaN(variant.unit_value)
+        if variant.unit_value && variant.variant_unit_scale
+          variant.unit_value = parseFloat(window.bigDecimal.multiply(variant.unit_value, variant.variant_unit_scale, 2))
+        variant.unit_description = match[3]
+
+  $scope.incrementLimit = ->
+    if $scope.limit < $scope.products.length
+      $scope.limit = $scope.limit + 5
+
+
+  $scope.displayUpdating = ->
+    StatusMessage.display 'progress', t("saving")
+
+
+  $scope.displaySuccess = ->
+    StatusMessage.display 'success',t("products_changes_saved")
+    $scope.bulk_product_form.$setPristine()
+
+
+  $scope.displayFailure = (failMessage) ->
+    StatusMessage.display  'failure', t("products_update_error_msg") + " #{failMessage}"
+
+
+  $scope.displayDirtyProducts = ->
+    count = DirtyProducts.count()
+    switch count
+      when 0 then StatusMessage.clear()
+      when 1 then StatusMessage.display 'notice', t("one_product_unsaved")
+      else StatusMessage.display 'notice', t("products_unsaved", n: count)
+
+
+filterSubmitProducts = (productsToFilter) ->
+  filteredProducts = []
+  if productsToFilter instanceof Object
+    angular.forEach productsToFilter, (product) ->
+      if product.hasOwnProperty("id")
+        filteredProduct = {id: product.id}
+        filteredVariants = []
+        hasUpdatableProperty = false
+
+        if product.hasOwnProperty("variants")
+          angular.forEach product.variants, (variant) ->
+            result = filterSubmitVariant variant
+            filteredVariant = result.filteredVariant
+            variantHasUpdatableProperty = result.hasUpdatableProperty
+            filteredVariants.push filteredVariant  if variantHasUpdatableProperty
+
+        if product.hasOwnProperty("sku")
+          filteredProduct.sku = product.sku
+          hasUpdatableProperty = true
+        if product.hasOwnProperty("name")
+          filteredProduct.name = product.name
+          hasUpdatableProperty = true
+        if product.hasOwnProperty("price")
+          filteredProduct.price = product.price
+          hasUpdatableProperty = true
+        if product.hasOwnProperty("on_hand") and filteredVariants.length == 0 #only update if no variants present
+          filteredProduct.on_hand = product.on_hand
+          hasUpdatableProperty = true
+        if product.hasOwnProperty("on_demand") and filteredVariants.length == 0 #only update if no variants present
+          filteredProduct.on_demand = product.on_demand
+          hasUpdatableProperty = true
+        if product.hasOwnProperty("inherits_properties")
+          filteredProduct.inherits_properties = product.inherits_properties
+          hasUpdatableProperty = true
+        if filteredVariants.length > 0 # Note that the name of the property changes to enable mass assignment of variants attributes with rails
+          filteredProduct.variants_attributes = filteredVariants
+          hasUpdatableProperty = true
+        filteredProducts.push filteredProduct  if hasUpdatableProperty
+
+  filteredProducts
+
+
+filterSubmitVariant = (variant) ->
+  hasUpdatableProperty = false
+  filteredVariant = {}
+  if not variant.deleted_at? and variant.hasOwnProperty("id")
+    filteredVariant.id = variant.id unless variant.id <= 0
+    if variant.hasOwnProperty("sku")
+      filteredVariant.sku = variant.sku
+      hasUpdatableProperty = true
+    if variant.hasOwnProperty("on_hand")
+      filteredVariant.on_hand = variant.on_hand
+      hasUpdatableProperty = true
+    if variant.hasOwnProperty("on_demand")
+      filteredVariant.on_demand = variant.on_demand
+      hasUpdatableProperty = true
+    if variant.hasOwnProperty("price")
+      filteredVariant.price = variant.price
+      hasUpdatableProperty = true
+    if variant.hasOwnProperty("unit_value")
+      filteredVariant.unit_value = variant.unit_value
+      hasUpdatableProperty = true
+    if variant.hasOwnProperty("unit_description")
+      filteredVariant.unit_description = variant.unit_description
+      hasUpdatableProperty = true
+    if variant.hasOwnProperty("display_name")
+      filteredVariant.display_name = variant.display_name
+      hasUpdatableProperty = true
+    if variant.hasOwnProperty("tax_category_id")
+      filteredVariant.tax_category_id = variant.tax_category_id
+      hasUpdatableProperty = true
+    if variant.hasOwnProperty("category_id")
+      filteredVariant.primary_taxon_id = variant.category_id
+      hasUpdatableProperty = true
+    if variant.hasOwnProperty("display_as")
+      filteredVariant.display_as = variant.display_as
+      hasUpdatableProperty = true
+    if variant.hasOwnProperty("producer_id")
+      filteredVariant.supplier_id = variant.producer_id
+      hasUpdatableProperty = true
+    if variant.hasOwnProperty("variant_unit_with_scale")
+      filteredVariant.variant_unit       = variant.variant_unit
+      filteredVariant.variant_unit_scale = variant.variant_unit_scale
+      hasUpdatableProperty = true
+    if variant.hasOwnProperty("variant_unit_name")
+      filteredVariant.variant_unit_name = variant.variant_unit_name
+      hasUpdatableProperty = true
+
+  {filteredVariant: filteredVariant, hasUpdatableProperty: hasUpdatableProperty}
+
+
+toObjectWithIDKeys = (array) ->
+  object = {}
+
+  for i of array
+    if array[i] instanceof Object and array[i].hasOwnProperty("id")
+      object[array[i].id] = angular.copy(array[i])
+      object[array[i].id].variants = toObjectWithIDKeys(array[i].variants)  if array[i].hasOwnProperty("variants") and array[i].variants instanceof Array
+
+  object

app/assets/javascripts/admin/enterprises/controllers/enterprise_controller.js.coffee

@@ -55,6 +55,12 @@ angular.module("admin.enterprises")
         else
           alert ("#{manager.email}" + " " + t("is_already_manager"))
 
+    $scope.removeLogo = ->
+      $scope.performEnterpriseAction("removeLogo", "immediate_logo_removal_warning", "removed_logo_successfully")
+
+    $scope.removePromoImage = ->
+      $scope.performEnterpriseAction("removePromoImage", "immediate_promo_image_removal_warning", "removed_promo_image_successfully")
+
     $scope.performEnterpriseAction = (enterpriseActionName, warning_message_key, success_message_key) ->
       return unless confirm($scope.translation(warning_message_key))
 

app/assets/javascripts/admin/line_items/controllers/line_items_controller.js.coffee

@@ -19,6 +19,18 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
   $scope.page = 1
   $scope.per_page = $scope.per_page_options[0].id
   $scope.filterByVariantId = null
+  searchThrough = ["order_distributor_name",
+    "order_bill_address_phone",
+    "order_bill_address_firstname",
+    "order_bill_address_lastname",
+    "order_bill_address_full_name",
+    "order_bill_address_full_name_reversed",
+    "order_bill_address_full_name_with_comma",
+    "order_bill_address_full_name_with_comma_reversed",
+    "variant_supplier_name",
+    "order_email",
+    "order_number",
+    "product_name"].join("_or_") + "_cont"
 
   $scope.confirmRefresh = ->
     LineItems.allSaved() || confirm(t("unsaved_changes_warning"))
@@ -63,10 +75,11 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
     [formattedStartDate, formattedEndDate] = $scope.formatDates($scope.startDate, $scope.endDate)
 
     RequestMonitor.load LineItems.index(
+      "q[#{searchThrough}]": $scope.query,
+      "q[variant_id_eq]": $scope.filterByVariantId if $scope.filterByVariantId,
       "q[order_state_not_eq]": "canceled",
       "q[order_shipment_state_not_eq]": "shipped",
       "q[order_completed_at_not_null]": "true",
-      "q[variant_id_eq]": $scope.filterByVariantId if $scope.filterByVariantId,
       "q[order_distributor_id_eq]": $scope.distributorFilter,
       "q[variant_supplier_id_eq]": $scope.supplierFilter,
       "q[order_order_cycle_id_eq]": $scope.orderCycleFilter,
@@ -74,8 +87,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
       "q[order_completed_at_lt]": if formattedEndDate then formattedEndDate else undefined,
       "q[s]": "order_completed_at desc",
       "page": $scope.page,
-      "per_page": $scope.per_page,
-      "search_query": $scope.query
+      "per_page": $scope.per_page
     )
 
   $scope.formatDates = (startDate, endDate) ->
@@ -85,7 +97,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
 
   $scope.loadAssociatedData = ->
     RequestMonitor.load $scope.distributors = Enterprises.index(action: "visible", ams_prefix: "basic", "q[sells_in][]": ["own", "any"])
-    RequestMonitor.load $scope.orderCycles = OrderCycles.index(ams_prefix: "basic", as: "distributor", "q[orders_close_at_gt]": "#{moment().subtract(1,'year').format()}")
+    RequestMonitor.load $scope.orderCycles = OrderCycles.index(ams_prefix: "basic", as: "distributor", "q[orders_close_at_gt]": "#{moment().subtract(90,'days').format()}")
     RequestMonitor.load $scope.suppliers = Enterprises.index(action: "visible", ams_prefix: "basic", "q[is_primary_producer_eq]": "true")
 
   $scope.dereferenceLoadedData = ->

app/assets/javascripts/admin/orders/controllers/order_controller.js.coffee

@@ -5,8 +5,6 @@ angular.module("admin.orders").controller "orderCtrl", ($scope, shops, orderCycl
 
   $scope.distributor_id = parseInt($attrs.ofnDistributorId)
   $scope.order_cycle_id = parseInt($attrs.ofnOrderCycleId)
-  $scope.search_variants_as = $attrs.ofnSearchVariantsAs
-  $scope.order_id = $attrs.ofnOrderId
 
   $scope.validOrderCycle = (oc) ->
     $scope.orderCycleHasDistributor oc, parseInt($scope.distributor_id)

app/assets/javascripts/admin/products/controllers/product_image_controller.js.coffee

@@ -0,0 +1,8 @@
+angular.module("ofn.admin").controller "ProductImageCtrl", ($scope, ProductImageService) ->
+  $scope.imageUploader = ProductImageService.imageUploader
+  $scope.imagePreview = ProductImageService.imagePreview
+
+  $scope.$watch 'product.image_url', (newValue, oldValue) ->
+    if newValue != oldValue
+      $scope.imagePreview = newValue
+      $scope.uploadModal.close()

app/assets/javascripts/admin/products/directives/image_modal.js.coffee

@@ -0,0 +1,6 @@
+angular.module("ofn.admin").directive "imageModal", ($modal, ProductImageService) ->
+  restrict: 'C'
+  link: (scope, elem, attrs, ctrl) ->
+    elem.on "click", (ev) =>
+      scope.uploadModal = $modal.open(templateUrl: 'admin/modals/image_upload.html', controller: ctrl, scope: scope, windowClass: 'simple-modal')
+      ProductImageService.configure(scope.product)

app/assets/javascripts/admin/resources/resources/enterprise_resource.js.coffee

@@ -8,4 +8,10 @@ angular.module("admin.resources").factory 'EnterpriseResource', ($resource) ->
       isArray: true
     'update':
       method: 'PUT'
+    'removeLogo':
+      url: '/api/v0/enterprises/:id/logo.json'
+      method: 'DELETE'
+    'removePromoImage':
+      url: '/api/v0/enterprises/:id/promo_image.json'
+      method: 'DELETE'
   })

app/assets/javascripts/admin/resources/resources/product_resource.js.coffee

@@ -0,0 +1,6 @@
+angular.module("admin.resources").factory 'ProductResource', ($resource) ->
+  $resource('/admin/product/:id/:action.json', {}, {
+    'index':
+      url: '/api/v0/products/bulk_products.json'
+      method: 'GET'
+  })

app/assets/javascripts/admin/resources/services/enterprises.js.coffee

@@ -39,6 +39,17 @@ angular.module("admin.resources").factory 'Enterprises', ($q, $filter, Enterpris
     resetAttribute: (enterprise, attribute) ->
       enterprise[attribute] = @pristineByID[enterprise.id][attribute]
 
+    performActionOnEnterpriseResource = (resourceAction) ->
+      (enterprise) ->
+        deferred = $q.defer()
+        resourceAction({id: enterprise.permalink}, ((data) =>
+          @pristineByID[enterprise.id] = angular.copy(data)
+          deferred.resolve(data)
+        ), ((response) ->
+          deferred.reject(response)
+        ))
+        deferred.promise
+
     findByID: (id) ->
       @byID[id]
 
@@ -50,3 +61,5 @@ angular.module("admin.resources").factory 'Enterprises', ($q, $filter, Enterpris
       $filter('filter')(enterprises, term)
 
 
+    removeLogo: performActionOnEnterpriseResource(EnterpriseResource.removeLogo)
+    removePromoImage: performActionOnEnterpriseResource(EnterpriseResource.removePromoImage)

app/assets/javascripts/admin/services/bulk_products.js.coffee

@@ -0,0 +1,76 @@
+angular.module("ofn.admin").factory "BulkProducts", (ProductResource, dataFetcher, $http) ->
+  new class BulkProducts
+    products: []
+    pagination: {}
+
+    fetch: (params) ->
+      ProductResource.index params, (data) =>
+        @products.length = 0
+        @addProducts data.products
+        angular.extend(@pagination, data.pagination)
+
+    cloneProduct: (product) ->
+      $http.post("/api/v0/products/" + product.id + "/clone").then (response) =>
+        dataFetcher("/api/v0/products/" + response.data.id + "?template=bulk_show").then (newProduct) =>
+          @unpackProduct newProduct
+          @insertProductAfter(product, newProduct)
+
+    updateVariantLists: (serverProducts) ->
+      for server_product in serverProducts
+        product = @findProductInList(server_product.id, @products)
+        product.variants = server_product.variants
+        @loadVariantUnitValues product.variants
+
+    find: (id) ->
+      @findProductInList id, @products
+
+    findProductInList: (id, product_list) ->
+      products = (product for product in product_list when product.id == id)
+      if products.length == 0 then null else products[0]
+
+    addProducts: (products) ->
+      for product in products
+        @unpackProduct product
+        @products.push product
+
+    insertProductAfter: (product, newProduct) ->
+      index = @products.indexOf(product)
+      @products.splice(index + 1, 0, newProduct)
+
+    unpackProduct: (product) ->
+      @loadVariantUnit product
+
+    loadVariantUnit: (product) ->
+      @loadVariantUnitValues product.variants if product.variants
+
+    loadVariantUnitValues: (variants) ->
+      for variant in variants
+        @loadVariantUnitValue variant
+
+    loadVariantUnitValue: (variant) ->
+      variant.variant_unit_with_scale =
+        if variant.variant_unit && variant.variant_unit_scale && variant.variant_unit != 'items'
+          "#{variant.variant_unit}_#{variant.variant_unit_scale}"
+        else if variant.variant_unit
+          variant.variant_unit
+        else
+          null
+
+      unit_value = @variantUnitValue variant
+      unit_value = if unit_value? then unit_value else ''
+      variant.unit_value_with_description = "#{unit_value} #{variant.unit_description || ''}".trim()
+
+    variantUnitValue: (variant) ->
+      if variant.unit_value?
+        if variant.variant_unit_scale
+          variant_unit_value = @divideAsInteger variant.unit_value, variant.variant_unit_scale
+          parseFloat(window.bigDecimal.round(variant_unit_value, 2))
+        else
+          variant.unit_value
+      else
+        null
+
+    # forces integer division to avoid javascript floating point imprecision
+    # using one billion as the multiplier so that it works for numbers with up to 9 decimal places
+    divideAsInteger: (a, b) ->
+      (a * 1000000000) / (b * 1000000000)

app/assets/javascripts/admin/services/key_value_map_store.js.coffee

@@ -0,0 +1,29 @@
+angular.module("admin.indexUtils").factory 'KeyValueMapStore', (localStorageService)->
+  new class KeyValueMapStore
+    localStorageKey: ''
+    storableKeys: []
+
+    constructor: ->
+      localStorageService.setStorageType("sessionStorage")
+
+    getStoredKeyValueMap: ->
+      localStorageService.get(@localStorageKey) || {}
+
+    setStoredValues: (source) ->
+      keyValueMap = {}
+      for key in @storableKeys
+        keyValueMap[key] = source[key]
+      localStorageService.set(@localStorageKey, keyValueMap)
+
+    restoreValues: (target) ->
+      storedKeyValueMap = @getStoredKeyValueMap()
+      
+      return false if _.isEmpty(storedKeyValueMap)  
+      
+      for k,v of storedKeyValueMap
+       target[k] = v
+
+      return true
+
+    clearKeyValueMap: () ->
+      localStorageService.remove(@localStorageKey)

app/assets/javascripts/admin/spree/orders/variant_autocomplete.js.erb

@@ -187,17 +187,18 @@ addVariantFromStockLocation = function() {
   $('#stock_details').hide();
 
   var variant_id = $('input.variant_autocomplete').val();
-  var quantity = $("input.quantity").val();
+  var stock_location_id = $(this).data('stock-location-id');
+  var quantity = $("input.quantity[data-stock-location-id='" + stock_location_id + "']").val();
 
   var shipment = _.find(shipments, function(shipment){
-    return shipment.state == 'ready' || shipment.state == 'pending';
+    return shipment.stock_location_id == stock_location_id && (shipment.state == 'ready' || shipment.state == 'pending');
   });
 
   if(shipment==undefined){
     $.ajax({
       type: "POST",
       url: Spree.url(Spree.routes.orders_api + "/" + order_number + "/shipments.json"),
-      data: { variant_id: variant_id, quantity: quantity }
+      data: { variant_id: variant_id, quantity: quantity, stock_location_id: stock_location_id }
     }).done(function( msg ) {
       window.location.reload();
     }).error(function( msg ) {

app/assets/javascripts/admin/tag_rules/directives/new_rule_dialog.js.coffee

@@ -1,4 +1,4 @@
-angular.module("admin.tagRules").directive 'newTagRuleDialog', ($rootScope, $compile, $templateCache, DialogDefaults, ruleTypes) ->
+angular.module("admin.tagRules").directive 'newTagRuleDialog', ($rootScope, $compile, $templateCache, DialogDefaults) ->
   restrict: 'A'
   scope:
     tagGroup: '='
@@ -7,7 +7,12 @@ angular.module("admin.tagRules").directive 'newTagRuleDialog', ($rootScope, $com
     # Compile modal template
     template = $compile($templateCache.get('admin/new_tag_rule_dialog.html'))(scope)
 
-    scope.ruleTypes = ruleTypes
+    scope.ruleTypes = [
+      { id: "FilterProducts", name: t('js.tag_rules.show_hide_variants') }
+      { id: "FilterShippingMethods", name: t('js.tag_rules.show_hide_shipping') }
+      { id: "FilterPaymentMethods", name: t('js.tag_rules.show_hide_payment') }
+      { id: "FilterOrderCycles", name: t('js.tag_rules.show_hide_order_cycles') }
+    ]
 
     scope.ruleType = scope.ruleTypes[0].id
 

app/assets/javascripts/admin/utils/directives/variant_autocomplete.js.coffee

@@ -26,8 +26,6 @@ angular.module("admin.utils").directive "variantAutocomplete", ($timeout) ->
               order_cycle_id: scope.order_cycle_id
               eligible_for_subscriptions: scope.eligible_for_subscriptions
               include_out_of_stock: scope.include_out_of_stock
-              search_variants_as: scope.search_variants_as
-              order_id: scope.order_id
             results: (data, page) ->
               window.variants = data # this is how spree auto complete JS code picks up variants
               results: data

app/assets/javascripts/darkswarm/all.js.coffee

@@ -17,6 +17,7 @@
 #= require angular-google-maps.min.js
 #= require ../shared/mm-foundation-tpls-0.9.0-20180826174721.min.js
 #= require ../shared/ng-infinite-scroll.min.js
+#= require ../shared/angular-local-storage.js
 #= require ../shared/angular-slideables.js
 #= require ../shared/shared
 #= require_tree ../shared/directives

app/assets/javascripts/darkswarm/darkswarm.js.coffee

@@ -1,6 +1,7 @@
 angular.module("Darkswarm", [
   'ngResource',
   'mm.foundation',
+  'LocalStorageModule',
   'infinite-scroll',
   'angular-flash.service',
   'templates',

app/assets/javascripts/darkswarm/directives/disable_scroll.js.coffee

@@ -0,0 +1,10 @@
+angular.module('Darkswarm').directive "ofnDisableScroll", ()->
+  # Stops scrolling from incrementing or decrementing input value
+  # Useful for number inputs
+  restrict: 'A'
+  link: (scope, element, attrs)->
+    element.bind 'focus', ->
+      element.bind 'mousewheel', (e)->
+        e.preventDefault()
+    element.bind 'blur', ->
+      element.unbind 'mousewheel'

app/assets/javascripts/darkswarm/directives/integer.js.coffee

@@ -0,0 +1,5 @@
+angular.module('Darkswarm').directive "integer", ->
+  restrict: 'A'
+  link: (scope, elem, attr) ->
+    elem.bind 'input', ->
+      elem.val Math.round(elem.val())

app/assets/javascripts/darkswarm/directives/map_search.js.coffee

@@ -20,13 +20,10 @@ angular.module('Darkswarm').directive 'mapSearch', ($timeout, Search) ->
     $timeout =>
       map = ctrl.getMap()
 
-      if !map
-        alert(t('gmap_load_failure'))
-      else
-        searchBox = scope.createSearchBox map
-        scope.bindSearchResponse map, searchBox
-        scope.biasResults map, searchBox
-        scope.performUrlSearch map
+      searchBox = scope.createSearchBox map
+      scope.bindSearchResponse map, searchBox
+      scope.biasResults map, searchBox
+      scope.performUrlSearch map
 
     scope.createSearchBox = (map) ->
       map.controls[google.maps.ControlPosition.TOP_LEFT].push scope.input

app/assets/javascripts/darkswarm/directives/open_street_map.js.coffee

@@ -13,8 +13,6 @@ angular.module('Darkswarm').directive 'ofnOpenStreetMap', ($window, MapCentreCal
 
     buildMarker = (enterprise, latlng, title) ->
       icon = L.icon
-        iconAnchor: [14, 33]
-        iconSize: [28, 33]
         iconUrl: enterprise.icon
       marker = L.marker latlng,
         draggable:   true,

app/assets/javascripts/darkswarm/directives/render_svg.js.coffee

@@ -0,0 +1,14 @@
+angular.module('Darkswarm').directive "renderSvg", ()->
+  # Magical directive that'll render SVGs from URLs
+  # If only there were a neater way of doing this
+  restrict: 'E'
+  priority: 99
+  template: "<svg-wrapper></svg-wrapper>"
+
+  # Fetch SVG via ajax, inject into page using DOM
+  link: (scope, elem, attr)->
+    if /.svg/.test attr.path # Only do this if we've got an svg
+      $.ajax
+        url: attr.path
+        success: (html)->
+          elem.html($(html).find("svg"))

app/assets/javascripts/darkswarm/directives/scrollto.js.coffee

@@ -0,0 +1,9 @@
+angular.module('Darkswarm').directive "ofnScrollTo", ($location, $anchorScroll)->
+  # Onclick sets $location.hash to attrs.ofnScrollTo
+  # Then triggers anchorScroll
+  restrict: 'A'
+  link: (scope, element, attrs)->
+    element.bind 'click', (ev)->
+      ev.stopPropagation()
+      $location.hash attrs.ofnScrollTo 
+      $anchorScroll()

app/assets/javascripts/darkswarm/services/cart.js.coffee

@@ -1,4 +1,4 @@
-angular.module('Darkswarm').factory 'Cart', (CurrentOrder, Variants, $timeout, $http, $modal, $rootScope, $resource, Messages) ->
+angular.module('Darkswarm').factory 'Cart', (CurrentOrder, Variants, $timeout, $http, $modal, $rootScope, $resource, localStorageService, Messages) ->
   # Handles syncing of current cart/order state to server
   new class Cart
     dirty: false
@@ -113,6 +113,7 @@ angular.module('Darkswarm').factory 'Cart', (CurrentOrder, Variants, $timeout, $
 
     clear: ->
       @line_items = []
+      localStorageService.clearAll() # One day this will have to be moar GRANULAR
 
     isOnlyItemInOrder: (id) =>
       deletedItem = @line_items_finalised.find((item) -> item.id == id)

app/assets/javascripts/shared/angular-local-storage.js

@@ -0,0 +1,546 @@
+/**
+ * An Angular module that gives you access to the browsers local storage
+ * @version v0.5.0 - 2016-08-29
+ * @link https://github.com/grevory/angular-local-storage
+ * @author grevory <greg@gregpike.ca>
+ * @license MIT License, http://www.opensource.org/licenses/MIT
+ */
+(function (window, angular) {
+var isDefined = angular.isDefined,
+  isUndefined = angular.isUndefined,
+  isNumber = angular.isNumber,
+  isObject = angular.isObject,
+  isArray = angular.isArray,
+  extend = angular.extend,
+  toJson = angular.toJson;
+
+angular
+  .module('LocalStorageModule', [])
+  .provider('localStorageService', function() {
+    // You should set a prefix to avoid overwriting any local storage variables from the rest of your app
+    // e.g. localStorageServiceProvider.setPrefix('yourAppName');
+    // With provider you can use config as this:
+    // myApp.config(function (localStorageServiceProvider) {
+    //    localStorageServiceProvider.prefix = 'yourAppName';
+    // });
+    this.prefix = 'ls';
+
+    // You could change web storage type localstorage or sessionStorage
+    this.storageType = 'localStorage';
+
+    // Cookie options (usually in case of fallback)
+    // expiry = Number of days before cookies expire // 0 = Does not expire
+    // path = The web path the cookie represents
+    // secure = Wether the cookies should be secure (i.e only sent on HTTPS requests)
+    this.cookie = {
+      expiry: 30,
+      path: '/',
+      secure: false
+    };
+
+    // Decides wether we should default to cookies if localstorage is not supported.
+    this.defaultToCookie = true;
+
+    // Send signals for each of the following actions?
+    this.notify = {
+      setItem: true,
+      removeItem: false
+    };
+
+    // Setter for the prefix
+    this.setPrefix = function(prefix) {
+      this.prefix = prefix;
+      return this;
+    };
+
+    // Setter for the storageType
+    this.setStorageType = function(storageType) {
+      this.storageType = storageType;
+      return this;
+    };
+    // Setter for defaultToCookie value, default is true.
+    this.setDefaultToCookie = function (shouldDefault) {
+      this.defaultToCookie = !!shouldDefault; // Double-not to make sure it's a bool value.
+      return this;
+    };
+    // Setter for cookie config
+    this.setStorageCookie = function(exp, path, secure) {
+      this.cookie.expiry = exp;
+      this.cookie.path = path;
+      this.cookie.secure = secure;
+      return this;
+    };
+
+    // Setter for cookie domain
+    this.setStorageCookieDomain = function(domain) {
+      this.cookie.domain = domain;
+      return this;
+    };
+
+    // Setter for notification config
+    // itemSet & itemRemove should be booleans
+    this.setNotify = function(itemSet, itemRemove) {
+      this.notify = {
+        setItem: itemSet,
+        removeItem: itemRemove
+      };
+      return this;
+    };
+
+    this.$get = ['$rootScope', '$window', '$document', '$parse','$timeout', function($rootScope, $window, $document, $parse, $timeout) {
+      var self = this;
+      var prefix = self.prefix;
+      var cookie = self.cookie;
+      var notify = self.notify;
+      var storageType = self.storageType;
+      var webStorage;
+
+      // When Angular's $document is not available
+      if (!$document) {
+        $document = document;
+      } else if ($document[0]) {
+        $document = $document[0];
+      }
+
+      // If there is a prefix set in the config lets use that with an appended period for readability
+      if (prefix.substr(-1) !== '.') {
+        prefix = !!prefix ? prefix + '.' : '';
+      }
+      var deriveQualifiedKey = function(key) {
+        return prefix + key;
+      };
+
+      // Removes prefix from the key.
+      var underiveQualifiedKey = function (key) {
+        return key.replace(new RegExp('^' + prefix, 'g'), '');
+      };
+
+      // Check if the key is within our prefix namespace.
+      var isKeyPrefixOurs = function (key) {
+        return key.indexOf(prefix) === 0;
+      };
+
+      // Checks the browser to see if local storage is supported
+      var checkSupport = function () {
+        try {
+          var supported = (storageType in $window && $window[storageType] !== null);
+
+          // When Safari (OS X or iOS) is in private browsing mode, it appears as though localStorage
+          // is available, but trying to call .setItem throws an exception.
+          //
+          // "QUOTA_EXCEEDED_ERR: DOM Exception 22: An attempt was made to add something to storage
+          // that exceeded the quota."
+          var key = deriveQualifiedKey('__' + Math.round(Math.random() * 1e7));
+          if (supported) {
+            webStorage = $window[storageType];
+            webStorage.setItem(key, '');
+            webStorage.removeItem(key);
+          }
+
+          return supported;
+        } catch (e) {
+          // Only change storageType to cookies if defaulting is enabled.
+          if (self.defaultToCookie)
+            storageType = 'cookie';
+          $rootScope.$broadcast('LocalStorageModule.notification.error', e.message);
+          return false;
+        }
+      };
+      var browserSupportsLocalStorage = checkSupport();
+
+      // Directly adds a value to local storage
+      // If local storage is not available in the browser use cookies
+      // Example use: localStorageService.add('library','angular');
+      var addToLocalStorage = function (key, value, type) {
+        setStorageType(type);
+
+        // Let's convert undefined values to null to get the value consistent
+        if (isUndefined(value)) {
+          value = null;
+        } else {
+          value = toJson(value);
+        }
+
+        // If this browser does not support local storage use cookies
+        if (!browserSupportsLocalStorage && self.defaultToCookie || self.storageType === 'cookie') {
+          if (!browserSupportsLocalStorage) {
+            $rootScope.$broadcast('LocalStorageModule.notification.warning', 'LOCAL_STORAGE_NOT_SUPPORTED');
+          }
+
+          if (notify.setItem) {
+            $rootScope.$broadcast('LocalStorageModule.notification.setitem', {key: key, newvalue: value, storageType: 'cookie'});
+          }
+          return addToCookies(key, value);
+        }
+
+        try {
+          if (webStorage) {
+            webStorage.setItem(deriveQualifiedKey(key), value);
+          }
+          if (notify.setItem) {
+            $rootScope.$broadcast('LocalStorageModule.notification.setitem', {key: key, newvalue: value, storageType: self.storageType});
+          }
+        } catch (e) {
+          $rootScope.$broadcast('LocalStorageModule.notification.error', e.message);
+          return addToCookies(key, value);
+        }
+        return true;
+      };
+
+      // Directly get a value from local storage
+      // Example use: localStorageService.get('library'); // returns 'angular'
+      var getFromLocalStorage = function (key, type) {
+        setStorageType(type);
+
+        if (!browserSupportsLocalStorage && self.defaultToCookie  || self.storageType === 'cookie') {
+          if (!browserSupportsLocalStorage) {
+            $rootScope.$broadcast('LocalStorageModule.notification.warning', 'LOCAL_STORAGE_NOT_SUPPORTED');
+          }
+
+          return getFromCookies(key);
+        }
+
+        var item = webStorage ? webStorage.getItem(deriveQualifiedKey(key)) : null;
+        // angular.toJson will convert null to 'null', so a proper conversion is needed
+        // FIXME not a perfect solution, since a valid 'null' string can't be stored
+        if (!item || item === 'null') {
+          return null;
+        }
+
+        try {
+          return JSON.parse(item);
+        } catch (e) {
+          return item;
+        }
+      };
+
+      // Remove an item from local storage
+      // Example use: localStorageService.remove('library'); // removes the key/value pair of library='angular'
+      //
+      // This is var-arg removal, check the last argument to see if it is a storageType
+      // and set type accordingly before removing.
+      //
+      var removeFromLocalStorage = function () {
+        // can't pop on arguments, so we do this
+        var consumed = 0;
+        if (arguments.length >= 1 &&
+            (arguments[arguments.length - 1] === 'localStorage' ||
+             arguments[arguments.length - 1] === 'sessionStorage')) {
+          consumed = 1;
+          setStorageType(arguments[arguments.length - 1]);
+        }
+
+        var i, key;
+        for (i = 0; i < arguments.length - consumed; i++) {
+          key = arguments[i];
+          if (!browserSupportsLocalStorage && self.defaultToCookie || self.storageType === 'cookie') {
+            if (!browserSupportsLocalStorage) {
+              $rootScope.$broadcast('LocalStorageModule.notification.warning', 'LOCAL_STORAGE_NOT_SUPPORTED');
+            }
+
+            if (notify.removeItem) {
+              $rootScope.$broadcast('LocalStorageModule.notification.removeitem', {key: key, storageType: 'cookie'});
+            }
+            removeFromCookies(key);
+          }
+          else {
+            try {
+              webStorage.removeItem(deriveQualifiedKey(key));
+              if (notify.removeItem) {
+                $rootScope.$broadcast('LocalStorageModule.notification.removeitem', {
+                  key: key,
+                  storageType: self.storageType
+                });
+              }
+            } catch (e) {
+              $rootScope.$broadcast('LocalStorageModule.notification.error', e.message);
+              removeFromCookies(key);
+            }
+          }
+        }
+      };
+
+      // Return array of keys for local storage
+      // Example use: var keys = localStorageService.keys()
+      var getKeysForLocalStorage = function (type) {
+        setStorageType(type);
+
+        if (!browserSupportsLocalStorage) {
+          $rootScope.$broadcast('LocalStorageModule.notification.warning', 'LOCAL_STORAGE_NOT_SUPPORTED');
+          return [];
+        }
+
+        var prefixLength = prefix.length;
+        var keys = [];
+        for (var key in webStorage) {
+          // Only return keys that are for this app
+          if (key.substr(0, prefixLength) === prefix) {
+            try {
+              keys.push(key.substr(prefixLength));
+            } catch (e) {
+              $rootScope.$broadcast('LocalStorageModule.notification.error', e.Description);
+              return [];
+            }
+          }
+        }
+        return keys;
+      };
+
+      // Remove all data for this app from local storage
+      // Also optionally takes a regular expression string and removes the matching key-value pairs
+      // Example use: localStorageService.clearAll();
+      // Should be used mostly for development purposes
+      var clearAllFromLocalStorage = function (regularExpression, type) {
+        setStorageType(type);
+
+        // Setting both regular expressions independently
+        // Empty strings result in catchall RegExp
+        var prefixRegex = !!prefix ? new RegExp('^' + prefix) : new RegExp();
+        var testRegex = !!regularExpression ? new RegExp(regularExpression) : new RegExp();
+
+        if (!browserSupportsLocalStorage && self.defaultToCookie  || self.storageType === 'cookie') {
+          if (!browserSupportsLocalStorage) {
+            $rootScope.$broadcast('LocalStorageModule.notification.warning', 'LOCAL_STORAGE_NOT_SUPPORTED');
+          }
+          return clearAllFromCookies();
+        }
+        if (!browserSupportsLocalStorage && !self.defaultToCookie)
+          return false;
+        var prefixLength = prefix.length;
+
+        for (var key in webStorage) {
+          // Only remove items that are for this app and match the regular expression
+          if (prefixRegex.test(key) && testRegex.test(key.substr(prefixLength))) {
+            try {
+              removeFromLocalStorage(key.substr(prefixLength));
+            } catch (e) {
+              $rootScope.$broadcast('LocalStorageModule.notification.error', e.message);
+              return clearAllFromCookies();
+            }
+          }
+        }
+        return true;
+      };
+
+      // Checks the browser to see if cookies are supported
+      var browserSupportsCookies = (function() {
+        try {
+          return $window.navigator.cookieEnabled ||
+          ("cookie" in $document && ($document.cookie.length > 0 ||
+            ($document.cookie = "test").indexOf.call($document.cookie, "test") > -1));
+          } catch (e) {
+            $rootScope.$broadcast('LocalStorageModule.notification.error', e.message);
+            return false;
+          }
+        }());
+
+        // Directly adds a value to cookies
+        // Typically used as a fallback if local storage is not available in the browser
+        // Example use: localStorageService.cookie.add('library','angular');
+        var addToCookies = function (key, value, daysToExpiry, secure) {
+
+          if (isUndefined(value)) {
+            return false;
+          } else if(isArray(value) || isObject(value)) {
+            value = toJson(value);
+          }
+
+          if (!browserSupportsCookies) {
+            $rootScope.$broadcast('LocalStorageModule.notification.error', 'COOKIES_NOT_SUPPORTED');
+            return false;
+          }
+
+          try {
+            var expiry = '',
+            expiryDate = new Date(),
+            cookieDomain = '';
+
+            if (value === null) {
+              // Mark that the cookie has expired one day ago
+              expiryDate.setTime(expiryDate.getTime() + (-1 * 24 * 60 * 60 * 1000));
+              expiry = "; expires=" + expiryDate.toGMTString();
+              value = '';
+            } else if (isNumber(daysToExpiry) && daysToExpiry !== 0) {
+              expiryDate.setTime(expiryDate.getTime() + (daysToExpiry * 24 * 60 * 60 * 1000));
+              expiry = "; expires=" + expiryDate.toGMTString();
+            } else if (cookie.expiry !== 0) {
+              expiryDate.setTime(expiryDate.getTime() + (cookie.expiry * 24 * 60 * 60 * 1000));
+              expiry = "; expires=" + expiryDate.toGMTString();
+            }
+            if (!!key) {
+              var cookiePath = "; path=" + cookie.path;
+              if (cookie.domain) {
+                cookieDomain = "; domain=" + cookie.domain;
+              }
+              /* Providing the secure parameter always takes precedence over config
+               * (allows developer to mix and match secure + non-secure) */
+              if (typeof secure === 'boolean') {
+                  if (secure === true) {
+                      /* We've explicitly specified secure,
+                       * add the secure attribute to the cookie (after domain) */
+                      cookieDomain += "; secure";
+                  }
+                  // else - secure has been supplied but isn't true - so don't set secure flag, regardless of what config says
+              }
+              else if (cookie.secure === true) {
+                  // secure parameter wasn't specified, get default from config
+                  cookieDomain += "; secure";
+              }
+              $document.cookie = deriveQualifiedKey(key) + "=" + encodeURIComponent(value) + expiry + cookiePath + cookieDomain;
+            }
+          } catch (e) {
+            $rootScope.$broadcast('LocalStorageModule.notification.error', e.message);
+            return false;
+          }
+          return true;
+        };
+
+        // Directly get a value from a cookie
+        // Example use: localStorageService.cookie.get('library'); // returns 'angular'
+        var getFromCookies = function (key) {
+          if (!browserSupportsCookies) {
+            $rootScope.$broadcast('LocalStorageModule.notification.error', 'COOKIES_NOT_SUPPORTED');
+            return false;
+          }
+
+          var cookies = $document.cookie && $document.cookie.split(';') || [];
+          for(var i=0; i < cookies.length; i++) {
+            var thisCookie = cookies[i];
+            while (thisCookie.charAt(0) === ' ') {
+              thisCookie = thisCookie.substring(1,thisCookie.length);
+            }
+            if (thisCookie.indexOf(deriveQualifiedKey(key) + '=') === 0) {
+              var storedValues = decodeURIComponent(thisCookie.substring(prefix.length + key.length + 1, thisCookie.length));
+              try {
+                return JSON.parse(storedValues);
+              } catch(e) {
+                return storedValues;
+              }
+            }
+          }
+          return null;
+        };
+
+        var removeFromCookies = function (key) {
+          addToCookies(key,null);
+        };
+
+        var clearAllFromCookies = function () {
+          var thisCookie = null;
+          var prefixLength = prefix.length;
+          var cookies = $document.cookie.split(';');
+          for(var i = 0; i < cookies.length; i++) {
+            thisCookie = cookies[i];
+
+            while (thisCookie.charAt(0) === ' ') {
+              thisCookie = thisCookie.substring(1, thisCookie.length);
+            }
+
+            var key = thisCookie.substring(prefixLength, thisCookie.indexOf('='));
+            removeFromCookies(key);
+          }
+        };
+
+        var getStorageType = function() {
+          return storageType;
+        };
+
+        var setStorageType = function(type) {
+          if (type && storageType !== type) {
+            storageType = type;
+            browserSupportsLocalStorage = checkSupport();
+          }
+          return browserSupportsLocalStorage;
+        };
+
+        // Add a listener on scope variable to save its changes to local storage
+        // Return a function which when called cancels binding
+        var bindToScope = function(scope, key, def, lsKey, type) {
+          lsKey = lsKey || key;
+          var value = getFromLocalStorage(lsKey, type);
+
+          if (value === null && isDefined(def)) {
+            value = def;
+          } else if (isObject(value) && isObject(def)) {
+            value = extend(value, def);
+          }
+
+          $parse(key).assign(scope, value);
+
+          return scope.$watch(key, function(newVal) {
+            addToLocalStorage(lsKey, newVal, type);
+          }, isObject(scope[key]));
+        };
+
+        // Add listener to local storage, for update callbacks.
+        if (browserSupportsLocalStorage) {
+            if ($window.addEventListener) {
+                $window.addEventListener("storage", handleStorageChangeCallback, false);
+                $rootScope.$on('$destroy', function() {
+                    $window.removeEventListener("storage", handleStorageChangeCallback);
+                });
+            } else if($window.attachEvent){
+                // attachEvent and detachEvent are proprietary to IE v6-10
+                $window.attachEvent("onstorage", handleStorageChangeCallback);
+                $rootScope.$on('$destroy', function() {
+                    $window.detachEvent("onstorage", handleStorageChangeCallback);
+                });
+            }
+        }
+
+        // Callback handler for storage changed.
+        function handleStorageChangeCallback(e) {
+            if (!e) { e = $window.event; }
+            if (notify.setItem) {
+                if (isKeyPrefixOurs(e.key)) {
+                    var key = underiveQualifiedKey(e.key);
+                    // Use timeout, to avoid using $rootScope.$apply.
+                    $timeout(function () {
+                        $rootScope.$broadcast('LocalStorageModule.notification.changed', { key: key, newvalue: e.newValue, storageType: self.storageType });
+                    });
+                }
+            }
+        }
+
+        // Return localStorageService.length
+        // ignore keys that not owned
+        var lengthOfLocalStorage = function(type) {
+          setStorageType(type);
+
+          var count = 0;
+          var storage = $window[storageType];
+          for(var i = 0; i < storage.length; i++) {
+            if(storage.key(i).indexOf(prefix) === 0 ) {
+              count++;
+            }
+          }
+          return count;
+        };
+
+        return {
+          isSupported: browserSupportsLocalStorage,
+          getStorageType: getStorageType,
+          setStorageType: setStorageType,
+          set: addToLocalStorage,
+          add: addToLocalStorage, //DEPRECATED
+          get: getFromLocalStorage,
+          keys: getKeysForLocalStorage,
+          remove: removeFromLocalStorage,
+          clearAll: clearAllFromLocalStorage,
+          bind: bindToScope,
+          deriveKey: deriveQualifiedKey,
+          underiveKey: underiveQualifiedKey,
+          length: lengthOfLocalStorage,
+          defaultToCookie: this.defaultToCookie,
+          cookie: {
+            isSupported: browserSupportsCookies,
+            set: addToCookies,
+            add: addToCookies, //DEPRECATED
+            get: getFromCookies,
+            remove: removeFromCookies,
+            clearAll: clearAllFromCookies
+          }
+        };
+      }];
+  });
+})(window, window.angular);

app/assets/javascripts/shared/shared.js.coffee

@@ -1,4 +1,5 @@
 window.OFNShared = angular.module("OFNShared", [
   "mm.foundation",
+  "LocalStorageModule"
 ]).config ($httpProvider) ->
   $httpProvider.defaults.headers.common["Accept"] = "application/json, text/javascript, */*"

app/assets/javascripts/templates/admin/columns_dropdown.html.haml

@@ -2,13 +2,13 @@
   .ofn-drop-down-label
     = "  #{t('admin.columns')}".html_safe
     %span{ 'ng-class' => "expanded && 'icon-caret-up' || !expanded && 'icon-caret-down'" }
-  .menu{ 'ng-show' => "expanded" }
+  %div.menu{ 'ng-show' => "expanded" }
     .menu_items
       .menu_item{ "ng-repeat": "column in columns", "ng-click": "toggle(column);" }
         %input{ type: "checkbox", "ng-checked": "column.visible" }
         %span
           {{ column.name }}
       %hr
-      .menu_item.text-center
+      %div.menu_item.text-center
         %input.fullwidth.orange{ type: "button", "ng-value": "saved() ? 'Saved': 'Saving'", "ng-show": "saved() || saving", "ng-disabled": "saved()" }
         %input.fullwidth.red{ type: "button", value: t('admin.column_save_as_default').html_safe, "ng-show": "!saved() && !saving", "ng-click": "saveColumnPreferences(action)" }

app/assets/javascripts/templates/admin/modals/image_upload.html.haml

@@ -2,7 +2,7 @@
   %i.fa.fa-times-circle{'aria-hidden' => "true"}
 
 %form#image_upload{ name: 'form', novalidate: true, enctype: 'multipart/form-data', multipart: true, "ng-controller": "ProductImageCtrl" }
-  .image-preview
+  %div.image-preview
     %img.spinner{ src: image_path("/spinning-circles.svg"), "ng-hide": "!imageUploader.isUploading" }
     %img.preview{ "ng-src": "{{imagePreview}}", "ng-class": "{'faded': imageUploader.isUploading}" }
 

app/assets/javascripts/templates/admin/panels/exchange_products_distributed.html.haml

@@ -15,7 +15,7 @@
       .exchange-product{'ng-repeat' => 'product in enterprises[exchange.enterprise_id].supplied_products | filter:visibleProducts:exchange:order_cycle.visible_variants_for_outgoing_exchanges' }
         .exchange-product-details
           %label
-            %img{'ng-src' => '{{ product.image_url }}'} 
+            %img{'ng-src' => '{{ product.image_url }}'}
             .name {{ product.name }}
           .supplier {{ product.supplier_name }}
 

app/assets/javascripts/templates/out_of_stock.html.haml

@@ -1,4 +1,3 @@
-// please update the modal html in app/components/out_of_stock_modal_component/out_of_stock_modal_component.html.haml if updating this template
 %a.close-reveal-modal{"ng-click" => "$close()"}
   %i.ofn-i_009-close
 
@@ -13,4 +12,4 @@
   %span{'ng-if' => "v.on_hand == 0"}
     {{ 'js.out_of_stock.now_out_of_stock' | t }}
   %span{'ng-if' => "v.on_hand > 0"}
-    {{ 'js.out_of_stock.only_n_remaining' | t:{ num: v.on_hand } }}
+    {{ 'js.out_of_stock.only_n_remainging' | t:{ num: v.on_hand } }}

app/assets/javascripts/templates/partials/contact.html.haml

@@ -1,5 +1,5 @@
-.contact-container
-  .modal-centered{"ng-if" => "::enterprise.email_address || enterprise.website || enterprise.phone || enterprise.whatsapp_phone"}
+%div.contact-container
+  %div.modal-centered{"ng-if" => "::enterprise.email_address || enterprise.website || enterprise.phone || enterprise.whatsapp_phone"}
     %p.modal-header {{'contact' | t}}
     %p{"ng-if" => "::enterprise.phone", "ng-bind" => "::enterprise.phone"}
 

app/assets/javascripts/templates/partials/follow.html.haml

@@ -1,4 +1,4 @@
-.modal-centered{ "ng-if" => "::enterprise.twitter || enterprise.facebook || enterprise.linkedin || enterprise.instagram"}
+%div.modal-centered{ "ng-if" => "::enterprise.twitter || enterprise.facebook || enterprise.linkedin || enterprise.instagram"}
   %p.modal-header {{'follow' | t}}
   .follow-icons
     %span{"ng-if" => "::enterprise.twitter"}

app/assets/javascripts/templates/partials/producer_details.html.haml

@@ -7,7 +7,7 @@
       .columns.small-12.fat
         %div{"ng-if" => "::enterprise.name"}
           %label{"ng-bind-html" => "::'shop_for_products_html' | t:{enterprise: enterprise.name}"}
-        .show-for-medium-up{"ng-if" => "::!enterprise.name"}
+        %div.show-for-medium-up{"ng-if" => "::!enterprise.name"}
            
     .row
       .columns.small-12

app/assets/stylesheets/mail/email.scss

@@ -12,6 +12,11 @@ img {
   max-width: 100%;
 }
 
+.collapse {
+  margin: 0;
+  padding: 0;
+}
+
 body {
   -webkit-font-smoothing: antialiased;
   -webkit-text-size-adjust: none;
@@ -27,6 +32,18 @@ a {
   color: #0096ad;
 }
 
+.btn {
+  text-decoration: none;
+  color: #FFF;
+  background-color: #666;
+  padding: 10px 16px;
+  font-weight: bold;
+  margin-right: 10px;
+  text-align: center;
+  cursor: pointer;
+  display: inline-block;
+}
+
 p.callout {
   padding: 15px;
   background-color: #e1f0f5;
@@ -104,12 +121,6 @@ table.order-summary {
   text-align: right;
 }
 
-.logo {
-  vertical-align: middle;
-  max-height: 50px;
-  max-width: 247px;
-}
-
 .social .soc-btn {
   padding: 3px 7px;
   font-size: 12px;
@@ -167,11 +178,17 @@ del.quantity_was {
 
 table.head-wrap {
   width: 100%;
-  background-color: #f2f2f2;
 }
 
-.collapse {
-  margin: 0;
+.header.container table td {
+  &.logo {
+    padding: 15px;
+  }
+
+  &.label {
+    padding: 15px;
+    padding-left: 0px;
+  }
 }
 
 /* -------------------------------------
@@ -250,6 +267,10 @@ h6 {
   color: #999;
 }
 
+.collapse {
+  margin: 0 !important;
+}
+
 p, ul {
   margin-bottom: 10px;
   font-weight: normal;
@@ -361,6 +382,12 @@ ul {
   }
 }
 
+.column-wrap {
+  padding: 0 !important;
+  margin: 0 auto;
+  max-width: 600px !important;
+}
+
 .column table {
   width: 100%;
 }

app/components/example_component/example_component.html.haml

@@ -1,3 +1 @@
-- # the stimulus contoller "example-component--example" lives in app/component/example_component/example_controller.js
-%div{ "data-controller": "example-component--example"}
-  %h1 #{@title}
+%h1 #{@title}

app/components/example_component/example_controller.js

@@ -1,4 +0,0 @@
-// This controller will be called "example-component--example", ie "component-subdirectory--js-file-name"
-import { Controller } from "stimulus";
-
-export default class extends Controller {}

app/components/multiple_checked_select_component/multiple_checked_select_component.html.haml

@@ -1,12 +1,12 @@
 .ofn-drop-down.ofn-drop-down-v2{ data: { controller: "multiple-checked-select" } }
-  .ofn-drop-down-label{ "data-multiple-checked-select-target": "button" }
+  %div.ofn-drop-down-label{ "data-multiple-checked-select-target": "button" }
     %span{class: "label"}= t('admin.columns')
     %span{ class: "icon-caret-down", "data-multiple-checked-select-target": "caret" }
-  .menu{ class: "hidden", "data-multiple-checked-select-target": "options" }
-    .filter
+  %div.menu{ class: "hidden", "data-multiple-checked-select-target": "options" }
+    %div.filter
       %input{ type: "text", "data-multiple-checked-select-target": "filter", placeholder: I18n.t('components.multiple_checked_select.filter_placeholder') }
     %hr
-    .menu_items
+    %div.menu_items
       - @options.each do |option|
         %label.menu_item{ "data-multiple-checked-select-target": "option", "data-value": option[1], "data-label": option[0] }
           %input{ type: "checkbox", checked: @selected.include?(option[1]), name: "#{@name}[]", value: option[1] }

app/components/out_of_stock_modal_component.rb

@@ -1,10 +0,0 @@
-# frozen_string_literal: true
-
-class OutOfStockModalComponent < ModalComponent
-  def initialize(id:, variants: [], redirect: false)
-    super(id:, modal_class: "medium", instant: true)
-
-    @variants = variants
-    @redirect = redirect
-  end
-end

app/components/out_of_stock_modal_component/out_of_stock_modal_component.html.haml

@@ -1,26 +0,0 @@
-%div{ id: @id, "data-controller": "modal out-of-stock-modal", "data-action": "keyup@document->modal#closeIfEscapeKey modal:closing->out-of-stock-modal#redirect", "data-modal-instant-value": @instant, "data-out-of-stock-modal-redirect-value": @redirect }
-  .reveal-modal-bg.fade{ "data-modal-target": "background", "data-action": "click->modal#close" }
-  .reveal-modal.fade.modal-component{ "data-modal-target": "modal", class: @modal_class }
-    - # please update app/assets/javascripts/templates/out_of_stock.html.haml if updating this view
-    %a.close-reveal-modal{"data-action": "click->modal#close" }
-      %i.ofn-i_009-close
-    %h3
-      = t("js.out_of_stock.reduced_stock_available")
-    %p
-      = t("js.out_of_stock.out_of_stock_text")
-    - @variants.each do |variant|
-      - if variant.on_hand == 0
-        %p
-          %em
-            = "#{variant.name_to_display} - #{variant.unit_to_display}"
-            %span
-              = t("js.out_of_stock.now_out_of_stock")
-      - if variant.on_hand > 0
-        %p
-          %em
-            = "#{variant.name_to_display} - #{variant.unit_to_display}"
-            %span
-              = t("js.out_of_stock.only_n_remaining", num: variant.on_hand)
-
-    .text-center
-      %input{ class: "button icon-plus #{close_button_class}", type: 'button', value: t('js.admin.modals.close'), "data-action": "click->modal#close" }

app/components/tag_list_input_component.rb

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-class TagListInputComponent < ViewComponent::Base
-  # method in a "hidden_field" form helper and is the method used to get a list of tag on the model
-  def initialize(form:, method:, tags:,
-                 placeholder: I18n.t("components.tag_list_input.default_placeholder"),
-                 aria_label: nil)
-    @f = form
-    @method = method
-    @tags = tags
-    @placeholder = placeholder
-    @aria_label_option = aria_label ? { 'aria-label': aria_label } : {}
-  end
-
-  attr_reader :f, :method, :tags, :placeholder, :aria_label_option
-end

app/components/tag_list_input_component/tag_list_input_component.html.haml

@@ -1,19 +0,0 @@
-%div{ "data-controller": "tag-list-input-component--tag-list-input" }
-  .tags-input
-    .tags
-      - # We use display:none instead of hidden field, so changes to the value can be picked up by the bulkFormController 
-      = f.text_field method.to_sym, value: tags.join(","), "data-tag-list-input-component--tag-list-input-target": "tagList", "style": "display: none" 
-      %ul.tag-list{"data-tag-list-input-component--tag-list-input-target": "list"}
-        %template{"data-tag-list-input-component--tag-list-input-target": "template"}
-          %li.tag-item
-            .tag-template
-              %span
-              %a.remove-button{ "data-action": "click->tag-list-input-component--tag-list-input#removeTag" }
-                ×
-        - tags.each do |tag|
-          %li.tag-item
-            .tag-template
-              %span=tag
-              %a.remove-button{ "data-action": "click->tag-list-input-component--tag-list-input#removeTag" }
-                ×
-      = text_field_tag "variant_add_tag_#{f.object.id}".to_sym, nil, class: "input", placeholder: placeholder, "data-action": "keydown.enter->tag-list-input-component--tag-list-input#addTag keyup->tag-list-input-component--tag-list-input#filterInput", "data-tag-list-input-component--tag-list-input-target": "newTag", **aria_label_option

app/components/tag_list_input_component/tag_list_input_component.scss

@@ -1,70 +0,0 @@
-// Tags input
-.tags-input {
-  display: block;
-
-  .tags {
-    -moz-appearance: textfield;
-    -webkit-appearance: textfield;
-    overflow: hidden;
-    word-wrap: break-word;
-    cursor: text;
-    background-color: #fff;
-    height: 100%;
-    box-shadow: none;
-
-    &:has(.changed) {
-      border: 1px solid $color-txt-changed-brd;
-      border-radius: 4px;
-    }
-
-    .tag-error {
-      color: $color-error;
-    }
-
-    .tag-list {
-      margin: 0;
-      padding: 0;
-      list-style-type: none;
-    }
-
-    li.tag-item {
-      border-radius: 3px;
-      margin: 2px 0 2px 3px;
-      padding: 0 0 0 5px;
-      display: inline-block;
-      float: left;
-      font-size: 14px;
-      line-height: 25px;
-      border: none;
-      box-shadow: none;
-      color: white !important;
-      background-image: none;
-      background-color: $teal;
-
-      .remove-button {
-        border-left: 1px solid darken($teal, 5);
-        margin-left: 2px;
-        padding: 0 6px;
-        background: 0 0;
-        cursor: pointer;
-        vertical-align: middle;
-        font-size: 14px;
-        color: white;
-
-        &:hover {
-          background: rgba(0, 0, 0, 0.05);
-        }
-      }
-    }
-
-    .input {
-      border: 0;
-      outline: 0;
-      margin: 2px;
-      padding: 0 0 0 5px;
-      float: left;
-      height: 26px;
-      font-size: 14px;
-    }
-  }
-}

app/components/tag_list_input_component/tag_list_input_controller.js

@@ -1,63 +0,0 @@
-import { Controller } from "stimulus";
-
-export default class extends Controller {
-  static targets = ["tagList", "newTag", "template", "list"];
-
-  addTag(event) {
-    // prevent hotkey form submitting the form (default action for "enter" key)
-    event.preventDefault();
-
-    // Check if tag already exist
-    const newTagName = this.newTagTarget.value.trim();
-    if (newTagName.length == 0) {
-      return;
-    }
-
-    const tags = this.tagListTarget.value.split(",");
-    const index = tags.indexOf(newTagName);
-    if (index != -1) {
-      // highlight the value in red
-      this.newTagTarget.classList.add("tag-error");
-      return;
-    }
-
-    // add to tagList
-    this.tagListTarget.value = this.tagListTarget.value.concat(`,${newTagName}`);
-
-    // Create new li component with value
-    const newTagElement = this.templateTarget.content.cloneNode(true);
-    const spanElement = newTagElement.querySelector("span");
-    spanElement.innerText = newTagName;
-    this.listTarget.appendChild(newTagElement);
-
-    // Clear new tag value
-    this.newTagTarget.value = "";
-  }
-
-  removeTag(event) {
-    // Text to remove
-    const tagName = event.srcElement.previousElementSibling.textContent;
-
-    // Remove tag from list
-    const tags = this.tagListTarget.value.split(",");
-    this.tagListTarget.value = tags.filter(tag => tag != tagName).join(",");
-
-    // manualy dispatch an Input event so the change gets picked up by the bulk form controller
-    this.tagListTarget.dispatchEvent(new InputEvent("input"));
-
-    // Remove HTML element from the list
-    event.srcElement.parentElement.parentElement.remove();
-  }
-
-  filterInput(event) {
-    // clear error class if key is not enter
-    if (event.key !== "Enter") {
-      this.newTagTarget.classList.remove("tag-error");
-    }
-
-    // Strip comma from tag name
-    if (event.key === ",") {
-      event.srcElement.value = event.srcElement.value.replace(",", "");
-    }
-  }
-}

app/controllers/admin/bulk_line_items_controller.rb

@@ -12,7 +12,7 @@ module Admin
       @line_items = order_permissions.
         editable_line_items.where(order_id: orders).
         includes(:variant).
-        ransack(line_items_search_query).result.order(:id)
+        ransack(params[:q]).result.order(:id)
 
       @pagy, @line_items = pagy(@line_items) if pagination_required?
 
@@ -88,27 +88,5 @@ module Admin
     def page
       params[:page] || 1
     end
-
-    def line_items_search_query
-      query = params.permit(q: {}).to_h[:q] || {}
-
-      search_fields_string = [
-        spree_current_user.admin? ? "order_distributor_name" : "order_distributor_name_alias",
-        "order_bill_address_phone",
-        "order_bill_address_firstname",
-        "order_bill_address_lastname",
-        "order_bill_address_full_name",
-        "order_bill_address_full_name_reversed",
-        "order_bill_address_full_name_with_comma",
-        "order_bill_address_full_name_with_comma_reversed",
-        "variant_supplier_name",
-        "order_email",
-        "order_number",
-        "product_name"
-      ].join("_or_")
-      search_query = "#{search_fields_string}_cont"
-
-      query.merge({ search_query => params[:search_query] })
-    end
   end
 end

app/controllers/admin/column_preferences_controller.rb

@@ -40,8 +40,8 @@ module Admin
 
       respond_to do |format|
         format.json do
-          collection_attributes = permitted_params[:column_preferences].
-            each_with_index.to_h { |cp, i| [i, cp] }
+          collection_attributes = Hash[permitted_params[:column_preferences].
+            each_with_index.map { |cp, i| [i, cp] }]
           collection_attributes.select!{ |_i, cp|
             cp[:action_name] == permitted_params[:action_name]
           }

app/controllers/admin/connected_apps_controller.rb

@@ -44,9 +44,9 @@ module Admin
 
       create_connected_app
 
-      jwt_service = Vine::JwtService.new(secret: connected_app_params[:vine_secret])
-      vine_api = Vine::ApiService.new(api_key: connected_app_params[:vine_api_key],
-                                      jwt_generator: jwt_service)
+      jwt_service = VineJwtService.new(secret: connected_app_params[:vine_secret])
+      vine_api = VineApiService.new(api_key: connected_app_params[:vine_api_key],
+                                    jwt_generator: jwt_service)
 
       if !@app.connect(api_key: connected_app_params[:vine_api_key],
                        secret: connected_app_params[:vine_secret], vine_api:)
@@ -77,7 +77,7 @@ module Admin
 
     def log_and_notify_exception(exception)
       Rails.logger.error exception.inspect
-      Alert.raise(exception)
+      Bugsnag.notify(exception)
     end
 
     def vine_params_empty?

app/controllers/admin/dfc_product_imports_controller.rb

@@ -5,89 +5,50 @@ require "private_address_check/tcpsocket_ext"
 
 module Admin
   class DfcProductImportsController < Spree::Admin::BaseController
-    before_action :load_enterprise
-
     # Define model class for `can?` permissions:
     def model_class
       self.class
     end
 
     def index
-      # Fetch DFC catalog JSON for preview
-      @catalog_url = params.require(:catalog_url).strip
-      @catalog_json = api.call(@catalog_url)
-      catalog = DfcCatalog.from_json(@catalog_json)
+      # The plan:
+      #
+      # * Fetch DFC catalog as JSON from URL.
+      enterprise = OpenFoodNetwork::Permissions.new(spree_current_user)
+        .managed_product_enterprises.is_primary_producer
+        .find(params.require(:enterprise_id))
 
-      # Render table and let user decide which ones to import.
-      @items = list_products(catalog)
-      @absent_items = importer(catalog).absent_variants
-    rescue URI::InvalidURIError
-      flash[:error] = t ".invalid_url"
-      redirect_to admin_product_import_path
-    rescue Faraday::Error,
-           Addressable::URI::InvalidURIError,
-           ActionController::ParameterMissing => e
-      flash[:error] = e.message
-      redirect_to admin_product_import_path
-    rescue Rack::OAuth2::Client::Error
-      oidc_settings_link = helpers.link_to(
-        t('spree.admin.tab.oidc_settings'),
-        admin_oidc_settings_path
-      )
-      flash[:error] = t(".connection_invalid_html", oidc_settings_link:)
-      redirect_to admin_product_import_path
-    end
+      catalog_url = params.require(:catalog_url)
 
-    def import
-      ids = params.require(:semanticIds)
+      json_catalog = fetch_catalog(catalog_url)
+      graph = DfcIo.import(json_catalog)
 
-      # Load DFC catalog JSON
-      catalog = DfcCatalog.from_json(params.require(:catalog_json))
-      catalog.apply_wholesale_values!
+      # * First step: import all products for given enterprise.
+      # * Second step: render table and let user decide which ones to import.
+      imported = graph.map do |subject|
+        next unless subject.is_a? DataFoodConsortium::Connector::SuppliedProduct
 
-      # Import all selected products for given enterprise.
-      imported = ids.map do |semantic_id|
-        subject = catalog.item(semantic_id)
-        existing_variant = @enterprise.supplied_variants.linked_to(semantic_id)
+        existing_variant = enterprise.supplied_variants.linked_to(subject.semanticId)
 
         if existing_variant
-          SuppliedProductImporter.update_product(subject, existing_variant)
+          SuppliedProductBuilder.update_product(subject, existing_variant)
         else
-          SuppliedProductImporter.store_product(subject, @enterprise)
+          SuppliedProductBuilder.store_product(subject, enterprise)
         end
       end
 
       @count = imported.compact.count
-      @reset_count = importer(catalog).reset_absent_variants.count
-    rescue ActionController::ParameterMissing => e
+    rescue Faraday::Error,
+           Addressable::URI::InvalidURIError,
+           ActionController::ParameterMissing => e
       flash[:error] = e.message
       redirect_to admin_product_import_path
     end
 
     private
 
-    def api
-      @api ||= DfcRequest.new(spree_current_user)
-    end
-
-    def load_enterprise
-      @enterprise = OpenFoodNetwork::Permissions.new(spree_current_user)
-        .managed_product_enterprises.is_primary_producer
-        .find(params.require(:enterprise_id))
-    end
-
-    # List internal and external products for the preview.
-    def list_products(catalog)
-      catalog.products.map do |subject|
-        [
-          subject,
-          @enterprise.supplied_variants.linked_to(subject.semanticId)&.product
-        ]
-      end
-    end
-
-    def importer(catalog)
-      DfcCatalogImporter.new(@enterprise.supplied_variants, catalog)
+    def fetch_catalog(url)
+      DfcRequest.new(spree_current_user).call(url)
     end
   end
 end

app/controllers/admin/enterprises_controller.rb

@@ -14,8 +14,7 @@ module Admin
     prepend_before_action :override_owner, only: :create
     prepend_before_action :override_sells, only: :create
 
-    before_action :load_countries, except: [:index, :register]
-    before_action :require_enterprise, only: [:edit, :update]
+    before_action :load_countries, except: [:index, :register, :check_permalink]
     before_action :load_methods_and_fees, only: [:edit, :update]
     before_action :load_groups, only: [:new, :edit, :update, :create]
     before_action :load_taxons, only: [:new, :edit, :update, :create]
@@ -48,9 +47,6 @@ module Admin
       @object = Enterprise.where(permalink: params[:id]).
         includes(users: [:ship_address, :bill_address]).first
       @object.build_custom_tab if @object.custom_tab.nil?
-
-      load_tag_rule_types
-
       return unless params[:stimulus]
 
       @enterprise.is_primary_producer = params[:is_primary_producer]
@@ -72,15 +68,13 @@ module Admin
       delete_custom_tab if params[:custom_tab] == 'false'
 
       if @object.update(enterprise_params)
-        flash[:success] = flash_success_message
-
+        flash[:success] = flash_message_for(@object, :successfully_updated)
         respond_with(@object) do |format|
           format.html { redirect_to location_after_save }
           format.js   { render layout: false }
           format.json {
             render_as_json @object, ams_prefix: 'index', spree_current_user:
           }
-          format.turbo_stream
         end
       else
         respond_with(@object) do |format|
@@ -169,25 +163,6 @@ module Admin
 
     private
 
-    def flash_success_message
-      if attachment_removal?
-        I18n.t("admin.controllers.enterprises.#{attachment_removal_parameter}_success")
-      else
-        flash_message_for(@object, :successfully_updated)
-      end
-    end
-
-    def attachment_removal?
-      attachment_removal_parameter.present?
-    end
-
-    def attachment_removal_parameter
-      if enterprise_params.keys.one? && enterprise_params.keys.first.to_s.start_with?("remove_")
-        enterprise_params.keys.first
-      end
-    end
-    helper_method :attachment_removal_parameter
-
     def load_enterprise_set_on_index
       return unless spree_current_user.admin?
 
@@ -241,10 +216,6 @@ module Admin
       [:index, :for_order_cycle, :visible, :bulk_update]
     end
 
-    def require_enterprise
-      raise ActiveRecord::RecordNotFound if @enterprise.blank?
-    end
-
     def load_methods_and_fees
       enterprise_payment_methods = @enterprise.payment_methods.to_a
       enterprise_shipping_methods = @enterprise.shipping_methods.to_a
@@ -278,7 +249,7 @@ module Admin
       # methods that are specific to each class do not become available until after the
       # record is persisted. This problem is compounded by the use of calculators.
       @object.transaction do
-        tag_rules_attributes.select{ |_i, attrs| attrs[:type].present? }.each_value do |attrs|
+        tag_rules_attributes.select{ |_i, attrs| attrs[:type].present? }.each do |_i, attrs|
           rule = @object.tag_rules.find_by(id: attrs.delete(:id)) ||
                  attrs[:type].constantize.new(enterprise: @object)
 
@@ -317,7 +288,7 @@ module Admin
     def check_can_change_bulk_sells
       return if spree_current_user.admin?
 
-      params[:sets_enterprise_set][:collection_attributes].each_value do |enterprise_params|
+      params[:sets_enterprise_set][:collection_attributes].each do |_i, enterprise_params|
         unless spree_current_user == Enterprise.find_by(id: enterprise_params[:id]).owner
           enterprise_params.delete :sells
         end
@@ -351,7 +322,7 @@ module Admin
     def check_can_change_bulk_owner
       return if spree_current_user.admin?
 
-      bulk_params[:collection_attributes].each_value do |enterprise_params|
+      bulk_params[:collection_attributes].each do |_i, enterprise_params|
         enterprise_params.delete :owner_id
       end
     end
@@ -378,19 +349,6 @@ module Admin
       @properties = Spree::Property.pluck(:name)
     end
 
-    def load_tag_rule_types
-      # Load rule types
-      @tag_rule_types = [
-        { id: "FilterShippingMethods", name: t('js.tag_rules.show_hide_shipping') },
-        { id: "FilterPaymentMethods", name: t('js.tag_rules.show_hide_payment') },
-        { id: "FilterOrderCycles", name: t('js.tag_rules.show_hide_order_cycles') }
-      ]
-
-      return unless helpers.feature?(:inventory, @object)
-
-      @tag_rule_types.prepend({ id: "FilterProducts", name: t('js.tag_rules.show_hide_variants') })
-    end
-
     def setup_property
       @enterprise.producer_properties.build
     end

app/controllers/admin/product_import_controller.rb

@@ -17,10 +17,7 @@ module Admin
     end
 
     def import
-      return unless can_import_into_inventories?
-
       @filepath = save_uploaded_file(params[:file])
-
       @importer = ProductImport::ProductImporter.new(File.new(@filepath), spree_current_user,
                                                      params[:settings])
       @original_filename = params[:file].try(:original_filename)
@@ -33,28 +30,13 @@ module Admin
     def validate_data
       return unless process_data('validate')
 
-      render json: @importer.import_results
+      render json: @importer.import_results, response: 200
     end
 
     def save_data
       return unless process_data('save')
 
-      json = {
-        results: {
-          products_created: @importer.products_created_count,
-          products_updated: @importer.products_updated_count,
-          products_reset: @importer.products_reset_count,
-        },
-        updated_ids: @importer.updated_ids,
-        errors: @importer.errors.full_messages
-      }
-
-      if helpers.feature?(:inventory, spree_current_user.enterprises)
-        json[:results][:inventory_created] = @importer.inventory_created_count
-        json[:results][:inventory_updated] = @importer.inventory_updated_count
-      end
-
-      render json:
+      render json: @importer.save_results, response: 200
     end
 
     def reset_absent_products
@@ -94,7 +76,7 @@ module Admin
       begin
         @importer.public_send("#{method}_entries")
       rescue StandardError => e
-        render plain: e.message, status: :internal_server_error
+        render json: e.message, response: 500
         return false
       end
 
@@ -172,15 +154,5 @@ module Admin
                   notice: I18n.t(:product_import_no_data_in_spreadsheet_notice)
       raise 'Invalid File Path'
     end
-
-    # Return an error if trying to import into inventories when inventory is disable
-    def can_import_into_inventories?
-      return true if helpers.feature?(:inventory, spree_current_user.enterprises) ||
-                     params.dig(:settings, "import_into") != 'inventories'
-
-      redirect_to admin_product_import_url, notice: I18n.t(:product_import_inventory_disable)
-
-      false
-    end
   end
 end

app/controllers/admin/products_v3_controller.rb

@@ -10,8 +10,7 @@ module Admin
 
     def index
       fetch_products
-      render "index",
-             locals: { producers:, categories:, tax_category_options:, available_tags:, flash: }
+      render "index", locals: { producers:, categories:, tax_category_options:, flash: }
 
       session[:products_return_to_url] = request.url
     end
@@ -31,9 +30,7 @@ module Admin
         @error_counts = { saved: product_set.saved_count, invalid: product_set.invalid.count }
 
         render "index", status: :unprocessable_entity,
-                        locals: {
-                          producers:, categories:, tax_category_options:, available_tags:, flash:
-                        }
+                        locals: { producers:, categories:, tax_category_options:, flash: }
       end
     end
 
@@ -115,7 +112,6 @@ module Admin
       @search_term = params[:search_term] || params[:_search_term]
       @producer_id = params[:producer_id] || params[:_producer_id]
       @category_id = params[:category_id] || params[:_category_id]
-      @tags = params[:tags_name_in] || params[:_tags_name_in]
     end
 
     def init_pagination_params
@@ -139,39 +135,22 @@ module Admin
       Spree::TaxCategory.order(:name).pluck(:name, :id)
     end
 
-    def available_tags
-      variants = Spree::Variant.where(
-        product: OpenFoodNetwork::Permissions.new(spree_current_user)
-          .editable_products
-          .merge(product_scope)
-      )
-
-      ActsAsTaggableOn::Tag.joins(:taggings).where(
-        taggings: { taggable_type: "Spree::Variant", taggable_id: variants }
-      ).distinct.order(:name).pluck(:name)
-    end
-
     def fetch_products
       product_query = OpenFoodNetwork::Permissions.new(spree_current_user)
-        .editable_products.merge(product_scope_with_includes).ransack(ransack_query).result
-
-      @pagy, @products = pagy(product_query.order(:name), limit: @per_page, page: @page,
+        .editable_products.merge(product_scope).ransack(ransack_query).result
+      @pagy, @products = pagy(product_query.order(:name), items: @per_page, page: @page,
                                                           size: [1, 2, 2, 1])
     end
 
     def product_scope
       user = spree_current_user
-      scope = if user.admin? || user.enterprises.present?
+      scope = if user.has_spree_role?("admin") || user.enterprises.present?
                 Spree::Product
               else
                 Spree::Product.active
               end
 
-      scope.distinct
-    end
-
-    def product_scope_with_includes
-      product_scope.includes(product_query_includes)
+      scope.includes(product_query_includes).distinct
     end
 
     def ransack_query
@@ -181,7 +160,6 @@ module Admin
         query.merge!(Spree::Variant::SEARCH_KEY => @search_term)
       end
       query.merge!(variants_primary_taxon_id_in: @category_id) if @category_id.present?
-      query.merge!(variants_tags_name_in: @tags) if @tags.present?
       query.merge!(@q) if @q
 
       query
@@ -198,7 +176,6 @@ module Admin
           :stock_items,
           :tax_category,
           :supplier,
-          :taggings,
         ] },
       ]
     end

app/controllers/admin/subscription_line_items_controller.rb

@@ -53,9 +53,7 @@ module Admin
       return unless @order_cycle
 
       fee_calculator = OpenFoodNetwork::EnterpriseFeeCalculator.new(@shop, @order_cycle)
-
       OpenFoodNetwork::ScopeVariantToHub.new(@shop).scope(@variant)
-
       @variant.price + fee_calculator.indexed_fees_for(@variant)
     end
 

app/controllers/admin/variant_overrides_controller.rb

@@ -7,7 +7,7 @@ module Admin
     include OpenFoodNetwork::SpreeApiKeyLoader
     include EnterprisesHelper
 
-    prepend_before_action :load_data, if: :spree_current_user
+    prepend_before_action :load_data
     before_action :load_collection, only: [:bulk_update]
     before_action :load_spree_api_key, only: :index
 
@@ -70,13 +70,7 @@ module Admin
     end
 
     def load_collection
-      collection_hash = variant_overrides_params.each_with_index.to_h { |vo, i| [i, vo] }
-
-      # Reset count_on_hand when switching to producer settings:
-      collection_hash.each_value do |vo|
-        vo["count_on_hand"] = nil if vo.fetch("on_demand", :unchanged).nil?
-      end
-
+      collection_hash = Hash[variant_overrides_params.each_with_index.map { |vo, i| [i, vo] }]
       @vo_set = Sets::VariantOverrideSet.new(@variant_overrides,
                                              collection_attributes: collection_hash)
     end

app/controllers/api/v0/base_controller.rb

@@ -66,7 +66,7 @@ module Api
       end
 
       def error_during_processing(exception)
-        Alert.raise(exception)
+        Bugsnag.notify(exception)
 
         render(json: { exception: exception.message },
                status: :unprocessable_entity) && return

app/controllers/api/v0/exchange_products_controller.rb

@@ -77,7 +77,7 @@ module Api
 
         if pagination_required?
           @pagy, results = pagy(results,
-                                limit: params[:per_page] || DEFAULT_PER_PAGE)
+                                items: params[:per_page] || DEFAULT_PER_PAGE)
         end
 
         serialized_products = ActiveModel::ArraySerializer.new(

app/controllers/api/v0/order_cycles_controller.rb

@@ -22,8 +22,7 @@ module Api
           distributor,
           order_cycle,
           customer,
-          search_params,
-          inventory_enabled:
+          search_params
         ).products_json
 
         render plain: products
@@ -96,13 +95,9 @@ module Api
 
       def distributed_products
         OrderCycles::DistributedProductsService.new(
-          distributor, order_cycle, customer, inventory_enabled:
+          distributor, order_cycle, customer
         ).products_relation.pluck(:id)
       end
-
-      def inventory_enabled
-        OpenFoodNetwork::FeatureToggle.enabled?(:inventory, distributor)
-      end
     end
   end
 end

app/controllers/api/v0/orders_controller.rb

@@ -12,7 +12,7 @@ module Api
 
         if pagination_required?
           @pagy, orders = pagy(orders,
-                               limit: params[:per_page] || default_per_page)
+                               items: params[:per_page] || default_per_page)
         end
 
         render json: {
@@ -67,8 +67,7 @@ module Api
       def serialized_orders(orders)
         ActiveModel::ArraySerializer.new(
           orders,
-          each_serializer: Api::Admin::OrderSerializer,
-          current_user: current_api_user
+          each_serializer: Api::Admin::OrderSerializer
         )
       end
 

app/controllers/api/v0/products_controller.rb

@@ -78,7 +78,7 @@ module Api
       end
 
       def render_paged_products(products, product_serializer = ::Api::Admin::ProductSerializer)
-        @pagy, products = pagy(products, limit: params[:per_page] || DEFAULT_PER_PAGE)
+        @pagy, products = pagy(products, items: params[:per_page] || DEFAULT_PER_PAGE)
 
         serialized_products = ActiveModel::ArraySerializer.new(
           products,

app/controllers/api/v0/shipments_controller.rb

@@ -14,7 +14,7 @@ module Api
       def create
         variant = scoped_variant(params[:variant_id])
         quantity = params[:quantity].to_i
-        @shipment = @order.shipment || @order.shipments.create
+        @shipment = get_or_create_shipment(params[:stock_location_id])
 
         @order.contents.add(variant, quantity, @shipment)
 
@@ -24,7 +24,6 @@ module Api
         Orders::WorkflowService.new(@order).advance_to_payment if @order.line_items.any?
 
         @order.recreate_all_fees!
-        AmendBackorderJob.perform_later(@order) if @order.completed?
 
         render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
       end
@@ -74,7 +73,6 @@ module Api
 
         @order.contents.add(variant, quantity, @shipment)
         @order.recreate_all_fees!
-        AmendBackorderJob.perform_later(@order) if @order.completed?
 
         render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
       end
@@ -88,7 +86,6 @@ module Api
         @shipment.reload if @shipment.persisted?
 
         @order.recreate_all_fees!
-        AmendBackorderJob.perform_later(@order) if @order.completed?
 
         render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
       end
@@ -112,14 +109,16 @@ module Api
 
       def scoped_variant(variant_id)
         variant = Spree::Variant.find(variant_id)
-
         OpenFoodNetwork::ScopeVariantToHub.new(@order.distributor).scope(variant)
-
         variant
       end
 
+      def get_or_create_shipment(stock_location_id)
+        @order.shipment || @order.shipments.create(stock_location_id:)
+      end
+
       def shipment_params
-        return {} unless params.key? :shipment
+        return {} unless params.has_key? :shipment
 
         params.require(:shipment).permit(:tracking, :selected_shipping_rate_id)
       end

app/controllers/api/v0/variants_controller.rb

@@ -55,14 +55,14 @@ module Api
 
       def scope
         if @product
-          variants = if current_api_user.admin? || params[:show_deleted]
+          variants = if current_api_user.has_spree_role?("admin") || params[:show_deleted]
                        @product.variants.with_deleted
                      else
                        @product.variants
                      end
         else
           variants = Spree::Variant.where(nil)
-          if current_api_user.admin?
+          if current_api_user.has_spree_role?("admin")
             unless params[:show_deleted]
               variants = Spree::Variant.active
             end

app/controllers/api/v1/base_controller.rb

@@ -52,9 +52,9 @@ module Api
       end
 
       def error_during_processing(exception)
-        Alert.raise(exception)
+        Bugsnag.notify(exception)
 
-        if Rails.env.local?
+        if Rails.env.development? || Rails.env.test?
           render status: :unprocessable_entity,
                  json: json_api_error(exception.message, meta: exception.backtrace)
         else

app/controllers/api/v1/customers_controller.rb

@@ -18,7 +18,7 @@ module Api
       end
 
       def index
-        @pagy, customers = pagy(search_customers, **pagy_options)
+        @pagy, customers = pagy(search_customers, pagy_options)
 
         render json: Api::V1::CustomerSerializer.new(customers, pagination_options)
       end

app/controllers/base_controller.rb

@@ -25,6 +25,6 @@ class BaseController < ApplicationController
   def set_order_cycle
     return if @order_cycles.count != 1
 
-    current_order(true).assign_order_cycle! @order_cycles.first
+    current_order(true).set_order_cycle! @order_cycles.first
   end
 end

app/controllers/cart_controller.rb

@@ -11,7 +11,7 @@ class CartController < BaseController
       order.cap_quantity_at_stock!
       order.recreate_all_fees!
 
-      StockSyncJob.sync_linked_catalogs_later(order)
+      StockSyncJob.sync_linked_catalogs(order)
 
       render json: { error: false, stock_levels: stock_levels(order) }, status: :ok
     else

app/controllers/checkout_controller.rb

@@ -26,7 +26,6 @@ class CheckoutController < BaseController
     if params[:step].blank?
       redirect_to_step_based_on_order
     else
-      handle_insufficient_stock if details_step?
       update_order_state
       check_step
     end
@@ -37,9 +36,6 @@ class CheckoutController < BaseController
   end
 
   def update
-    return render cable_ready: cable_car.redirect_to(url: checkout_step_path(:details)) \
-      unless sufficient_stock?
-
     if confirm_order || update_order
       return if performed?
 
@@ -80,24 +76,10 @@ class CheckoutController < BaseController
 
     @order.customer.touch :terms_and_conditions_accepted_at
 
-    # Redeem VINE voucher
-    vine_voucher_redeemer = Vine::VoucherRedeemerService.new(order: @order)
-    unless vine_voucher_redeemer.redeem
-      # rubocop:disable Rails/DeprecatedActiveModelErrorsMethods
-      flash[:error] = if vine_voucher_redeemer.errors.keys.include?(:redeeming_failed)
-                        vine_voucher_redeemer.errors[:redeeming_failed]
-                      else
-                        I18n.t('checkout.errors.voucher_redeeming_error')
-                      end
-      return false
-      # rubocop:enable Rails/DeprecatedActiveModelErrorsMethods
-    end
-
     return true if redirect_to_payment_gateway
 
     @order.process_payments!
     @order.confirm!
-    BackorderJob.check_stock(@order)
     order_completion_reset @order
   end
 

app/controllers/concerns/checkout_callbacks.rb

@@ -25,6 +25,7 @@ module CheckoutCallbacks
 
     before_action :ensure_order_not_completed
     before_action :ensure_checkout_allowed
+    before_action :handle_insufficient_stock
     before_action :check_authorization
   end
 
@@ -48,8 +49,7 @@ module CheckoutCallbacks
   end
 
   def load_saved_addresses
-    finder = OpenFoodNetwork::AddressFinder.new(email: @order.email, customer: @order.customer,
-                                                user: spree_current_user)
+    finder = OpenFoodNetwork::AddressFinder.new(@order.email, @order.customer, spree_current_user)
 
     @order.bill_address ||= finder.bill_address
     @order.ship_address ||= finder.ship_address

app/controllers/concerns/order_completion.rb

@@ -26,7 +26,7 @@ module OrderCompletion
   # Builds an order setting the token and distributor of the one specified
   def build_new_order(distributor, token)
     new_order = current_order(true)
-    new_order.assign_distributor!(distributor)
+    new_order.set_distributor!(distributor)
     new_order.tokenized_permission.token = token
     new_order.tokenized_permission.save!
   end
@@ -50,7 +50,9 @@ module OrderCompletion
   end
 
   def order_invalid!
-    Alert.raise_with_record("Notice: invalid order loaded during checkout", @order)
+    Bugsnag.notify("Notice: invalid order loaded during checkout") do |payload|
+      payload.add_metadata :order, :order, @order
+    end
 
     flash[:error] = t('checkout.order_not_loaded')
     redirect_to main_app.shop_path
@@ -90,7 +92,9 @@ module OrderCompletion
   end
 
   def notify_failure(error = RuntimeError.new(order_processing_error))
-    Alert.raise_with_record(error, @order)
+    Bugsnag.notify(error) do |payload|
+      payload.add_metadata :order, @order
+    end
     flash[:error] = order_processing_error if flash.blank?
   end
 

app/controllers/concerns/order_stock_check.rb

@@ -4,28 +4,27 @@ module OrderStockCheck
   include CablecarResponses
   extend ActiveSupport::Concern
 
-  delegate :sufficient_stock?, to: :check_stock_service
-
   def valid_order_line_items?
-    OrderCycles::DistributedVariantsService.new(@order.order_cycle, @order.distributor).
-      distributes_order_variants?(@order)
+    @order.insufficient_stock_lines.empty? &&
+      OrderCycles::DistributedVariantsService.new(@order.order_cycle, @order.distributor).
+        distributes_order_variants?(@order)
   end
 
   def handle_insufficient_stock
-    @any_out_of_stock = false
-
     return if sufficient_stock?
 
-    @any_out_of_stock = true
-    @updated_variants = check_stock_service.update_line_items
+    flash[:error] = Spree.t(:inventory_error_flash_for_insufficient_quantity)
+    redirect_to main_app.cart_path
   end
 
   def check_order_cycle_expiry
     return unless current_order_cycle&.closed?
 
-    Alert.raise_with_record("Notice: order cycle closed during checkout completion", current_order)
+    Bugsnag.notify("Notice: order cycle closed during checkout completion") do |payload|
+      payload.add_metadata :order, :order, current_order
+    end
     current_order.empty!
-    current_order.assign_order_cycle! nil
+    current_order.set_order_cycle! nil
 
     flash[:info] = I18n.t('order_cycle_closed')
     respond_to do |format|
@@ -39,7 +38,7 @@ module OrderStockCheck
 
   private
 
-  def check_stock_service
-    @check_stock_service ||= Orders::CheckStockService.new(order: @order)
+  def sufficient_stock?
+    @sufficient_stock ||= @order.insufficient_stock_lines.blank?
   end
 end

app/controllers/enterprises_controller.rb

@@ -24,7 +24,6 @@ class EnterprisesController < BaseController
     set_noindex_meta_tag
 
     @enterprise = current_distributor
-    store_location_for :spree_user, request.original_fullpath
   end
 
   def relatives

app/controllers/errors_controller.rb

@@ -4,6 +4,11 @@ class ErrorsController < ApplicationController
   layout "errors"
 
   def not_found
+    Bugsnag.notify("404") do |event|
+      event.severity = "info"
+
+      event.add_metadata(:request, :env, request.env)
+    end
     render status: :not_found, formats: :html
   end
 

app/controllers/omniauth_callbacks_controller.rb

@@ -2,13 +2,8 @@
 
 class OmniauthCallbacksController < Devise::OmniauthCallbacksController
   def openid_connect
-    ActiveRecord::Base.transaction do
-      OidcAccount.link(spree_current_user, request.env["omniauth.auth"])
-    end
+    OidcAccount.link(spree_current_user, request.env["omniauth.auth"])
 
-    redirect_to admin_oidc_settings_path
-  rescue ActiveRecord::RecordNotUnique
-    flash[:error] = t("devise.oidc.record_not_unique", uid: request.env["omniauth.auth"].uid)
     redirect_to admin_oidc_settings_path
   end
 

app/controllers/payment_gateways/paypal_controller.rb

@@ -14,8 +14,6 @@ module PaymentGateways
     after_action :reset_order_when_complete, only: :confirm
 
     def express
-      return redirect_to order_failed_route if @any_out_of_stock == true
-
       pp_request = provider.build_set_express_checkout(
         express_checkout_request_details(@order)
       )
@@ -43,8 +41,6 @@ module PaymentGateways
     end
 
     def confirm
-      return redirect_to order_failed_route if @any_out_of_stock == true
-
       # At this point the user has come back from the Paypal form, and we get one
       # last chance to interact with the payment process before the money moves...
 

app/controllers/payment_gateways/stripe_controller.rb

@@ -8,12 +8,9 @@ module PaymentGateways
     before_action :load_checkout_order, only: :confirm
     before_action :validate_payment_intent, only: :confirm
     before_action :check_order_cycle_expiry, only: :confirm
+    before_action :validate_stock, only: :confirm
 
     def confirm
-      validate_stock
-
-      return redirect_to order_failed_route if @any_out_of_stock == true
-
       process_payment_completion!
     end
 
@@ -24,7 +21,7 @@ module PaymentGateways
 
       result = ProcessPaymentIntent.new(params["payment_intent"], @order).call!
 
-      unless result.success?
+      unless result.ok?
         flash.now[:error] = "#{I18n.t('payment_could_not_process')}. #{result.error}"
       end
 
@@ -68,8 +65,11 @@ module PaymentGateways
     end
 
     def valid_payment_intent?
-      @valid_payment_intent ||= params["payment_intent"]&.starts_with?("pi_") &&
-                                order_and_payment_valid?
+      @valid_payment_intent ||= begin
+        return false unless params["payment_intent"]&.starts_with?("pi_")
+
+        order_and_payment_valid?
+      end
     end
 
     def order_and_payment_valid?

app/controllers/shop_controller.rb

@@ -11,7 +11,7 @@ class ShopController < BaseController
   def order_cycle
     if request.post?
       if oc = OrderCycle.with_distributor(@distributor).active.find_by(id: params[:order_cycle_id])
-        current_order(true).assign_order_cycle! oc
+        current_order(true).set_order_cycle! oc
         @current_order_cycle = oc
         render json: @current_order_cycle, serializer: Api::OrderCycleSerializer
       else

app/controllers/spree/admin/orders_controller.rb

@@ -9,7 +9,6 @@ module Spree
       helper CheckoutHelper
 
       before_action :load_order, only: [:edit, :update, :fire, :resend, :invoice, :print]
-      before_action :refuse_changing_shipped_orders, only: [:update]
       before_action :load_distribution_choices, only: [:new, :create, :edit, :update]
       before_action :require_distributor_abn, only: :invoice
       before_action :restore_saved_query!, only: :index
@@ -18,7 +17,7 @@ module Spree
 
       def index
         orders = SearchOrders.new(search_params, spree_current_user).orders
-        @pagy, @orders = pagy(orders, limit: params[:per_page] || 15)
+        @pagy, @orders = pagy(orders, items: params[:per_page] || 15)
 
         update_search_results if searching?
       end
@@ -70,8 +69,7 @@ module Spree
         @order.send_cancellation_email = params[:send_cancellation_email] != "false"
         @order.restock_items = params.fetch(:restock_items, "true") == "true"
 
-        if allowed_events.include?(event) && @order.public_send(event.to_s)
-          AmendBackorderJob.perform_later(@order) if @order.completed?
+        if @order.public_send(event.to_s)
           flash[:success] = Spree.t(:order_updated)
         else
           flash[:error] = Spree.t(:cannot_perform_operation)
@@ -162,13 +160,6 @@ module Spree
         @order.update_order!
       end
 
-      def refuse_changing_shipped_orders
-        return unless @order.shipped?
-
-        flash[:error] = I18n.t("spree.admin.orders.add_product.cannot_add_item_to_shipped_order")
-        redirect_to spree.edit_admin_order_path(@order)
-      end
-
       def order_params
         return params[:order] if params[:order].blank?
 
@@ -206,10 +197,6 @@ module Spree
                         ocs.closed +
                         ocs.undated
       end
-
-      def allowed_events
-        %w{cancel resume}
-      end
     end
   end
 end

app/controllers/spree/admin/overview_controller.rb

@@ -5,11 +5,9 @@ module Spree
   module Admin
     class OverviewController < Spree::Admin::BaseController
       def index
-        my_enterprises = Enterprise.managed_by(spree_current_user)
-        @enterprises = my_enterprises
+        @enterprises = Enterprise
+          .managed_by(spree_current_user)
           .order('is_primary_producer ASC, name')
-          .limit(25)
-        @enterprises_count = my_enterprises.count if @enterprises.count >= 25
         @product_count = Spree::Product.active.managed_by(spree_current_user).count
         @order_cycle_count = OrderCycle.active.managed_by(spree_current_user).count
 

app/controllers/spree/admin/payments_controller.rb

@@ -24,12 +24,9 @@ module Spree
       end
 
       def create
-        # Try to redeem VINE voucher first as we don't want to create a payment and complete
-        # the order if it fails
-        return redirect_to spree.admin_order_payments_path(@order) unless redeem_vine_voucher
-
         @payment = @order.payments.build(object_params)
         load_payment_source
+
         begin
           unless @payment.save
             redirect_to spree.admin_order_payments_path(@order)
@@ -54,10 +51,6 @@ module Spree
         event = params[:e]
         return unless event && @payment.payment_source
 
-        # capture_and_complete_order will complete the order, so we want to try to redeem VINE
-        # voucher first and exit if it fails
-        return if event == "capture_and_complete_order" && !redeem_vine_voucher
-
         # Because we have a transition method also called void, we do this to avoid conflicts.
         event = "void_transaction" if event == "void"
         if allowed_events.include?(event) && @payment.public_send("#{event}!")
@@ -67,7 +60,7 @@ module Spree
         end
       rescue StandardError => e
         logger.error e.message
-        Alert.raise(e)
+        Bugsnag.notify(e)
         flash[:error] = e.message
       ensure
         redirect_to request.referer
@@ -189,22 +182,6 @@ module Spree
         %w{capture void_transaction credit refund resend_authorization_email
            capture_and_complete_order}
       end
-
-      def redeem_vine_voucher
-        vine_voucher_redeemer = Vine::VoucherRedeemerService.new(order: @order)
-        if vine_voucher_redeemer.redeem == false
-          # rubocop:disable Rails/DeprecatedActiveModelErrorsMethods
-          flash[:error] = if vine_voucher_redeemer.errors.keys.include?(:redeeming_failed)
-                            vine_voucher_redeemer.errors[:redeeming_failed]
-                          else
-                            I18n.t('checkout.errors.voucher_redeeming_error')
-                          end
-          # rubocop:enable Rails/DeprecatedActiveModelErrorsMethods
-          return false
-        end
-
-        true
-      end
     end
   end
 end

app/controllers/spree/admin/products_controller.rb

@@ -11,7 +11,6 @@ module Spree
       include OrderCyclesHelper
       include EnterprisesHelper
       helper ::Admin::ProductsHelper
-      helper Spree::Admin::TaxCategoriesHelper
 
       before_action :load_data
       before_action :load_producers, only: [:index, :new]
@@ -19,6 +18,11 @@ module Spree
       before_action :load_spree_api_key, only: [:index, :variant_overrides]
       before_action :strip_new_properties, only: [:create, :update]
 
+      def index
+        @current_user = spree_current_user
+        @show_latest_import = params[:latest_import] || false
+      end
+
       def show
         session[:return_to] ||= request.referer
         redirect_to( action: :edit )
@@ -60,6 +64,28 @@ module Spree
         end
       end
 
+      def bulk_update
+        product_set = product_set_from_params
+
+        product_set.collection.each { |p| authorize! :update, p }
+
+        if product_set.save
+          redirect_to main_app.bulk_products_api_v0_products_path(bulk_index_query)
+        elsif product_set.errors.present?
+          render json: { errors: product_set.errors }, status: :bad_request
+        else
+          render body: nil, status: :internal_server_error
+        end
+      end
+
+      def clone
+        @new = @product.duplicate
+        raise "Clone failed" unless @new.save
+
+        flash[:success] = t('.success')
+        redirect_to spree.admin_products_url
+      end
+
       def group_buy_options
         @url_filters = ::ProductFilters.new.extract(request.query_parameters)
       end
@@ -107,9 +133,9 @@ module Spree
       end
 
       def product_set_from_params
-        collection_hash = products_bulk_params[:products].each_with_index.to_h { |p, i|
-          [i, p]
-        }
+        collection_hash = Hash[products_bulk_params[:products].each_with_index.map { |p, i|
+                                 [i, p]
+                               } ]
         Sets::ProductSet.new(collection_attributes: collection_hash)
       end
 
@@ -187,7 +213,7 @@ module Spree
       end
 
       def notify_bugsnag(error, product, variant)
-        Alert.raise(error) do |report|
+        Bugsnag.notify(error) do |report|
           report.add_metadata(:product,
                               { product: product.attributes, variant: variant.attributes })
           report.add_metadata(:product, :product_error, product.errors.first) unless product.valid?

app/controllers/spree/admin/shipping_methods_controller.rb

@@ -104,7 +104,7 @@ module Spree
 
         return unless shipping_fees
 
-        shipping_fees.each_value do |shipping_amount|
+        shipping_fees.each do |_, shipping_amount|
           unless shipping_amount.nil? || Float(shipping_amount, exception: false)
             flash[:error] = I18n.t(:calculator_preferred_value_error)
             return redirect_to location_after_save

app/controllers/spree/admin/users_controller.rb

@@ -11,6 +11,8 @@ module Spree
 
       # http://spreecommerce.com/blog/2010/11/02/json-hijacking-vulnerability/
       before_action :check_json_authenticity, only: :index
+      before_action :load_roles, only: [:edit, :new, :update, :create,
+                                        :generate_api_key, :clear_api_key]
 
       def index
         respond_with(@collection) do |format|
@@ -20,9 +22,17 @@ module Spree
       end
 
       def create
+        if params[:user]
+          roles = params[:user].delete("spree_role_ids")
+        end
+
         @user = Spree::User.new(user_params)
         if @user.save
 
+          if roles
+            @user.spree_roles = roles.compact_blank.collect{ |r| Spree::Role.find(r) }
+          end
+
           flash[:success] = Spree.t(:created_successfully)
           redirect_to edit_admin_user_path(@user)
         else
@@ -31,7 +41,15 @@ module Spree
       end
 
       def update
+        if params[:user]
+          roles = params[:user].delete("spree_role_ids")
+        end
+
         if @user.update(user_params)
+          if roles
+            @user.spree_roles = roles.compact_blank.collect{ |r| Spree::Role.find(r) }
+          end
+
           flash[:success] = update_message
           redirect_to edit_admin_user_path(@user)
         else
@@ -60,7 +78,7 @@ module Spree
             limit(params[:limit] || 100)
         else
           @search = Spree::User.ransack(params[:q])
-          @pagy, @collection = pagy(@search.result, limit: Spree::Config[:admin_products_per_page])
+          @pagy, @collection = pagy(@search.result, items: Spree::Config[:admin_products_per_page])
           @collection
         end
       end
@@ -105,6 +123,10 @@ module Spree
         sign_in(@user, event: :authentication, bypass: true)
       end
 
+      def load_roles
+        @roles = Spree::Role.where(nil)
+      end
+
       def new_email_unconfirmed?
         params[:user][:email] != @user.email
       end
@@ -115,7 +137,7 @@ module Spree
 
       def user_params
         ::PermittedAttributes::User.new(params).call(
-          %i[admin enterprise_limit show_api_key_view]
+          %i[enterprise_limit show_api_key_view]
         )
       end
     end

app/controllers/spree/admin/variants_controller.rb

@@ -64,10 +64,7 @@ module Spree
       end
 
       def search
-        scoper = OpenFoodNetwork::ScopeVariantsForSearch.new(
-          variant_search_params,
-          spree_current_user
-        )
+        scoper = OpenFoodNetwork::ScopeVariantsForSearch.new(variant_search_params)
         @variants = scoper.search
         render json: @variants, each_serializer: ::Api::Admin::VariantSerializer
       end
@@ -117,7 +114,7 @@ module Spree
       def variant_search_params
         params.permit(
           :q, :distributor_id, :order_cycle_id, :schedule_id, :eligible_for_subscriptions,
-          :include_out_of_stock, :search_variants_as, :order_id
+          :include_out_of_stock
         ).to_h.with_indifferent_access
       end
 

app/controllers/spree/admin/zones_controller.rb

@@ -15,7 +15,7 @@ module Spree
         params[:q] ||= {}
         params[:q][:s] ||= "name asc"
         @search = super.ransack(params[:q])
-        @pagy, @zones = pagy(@search.result, limit: Spree::Config[:orders_per_page])
+        @pagy, @zones = pagy(@search.result, items: Spree::Config[:orders_per_page])
         @zones
       end
 

app/controllers/spree/api_keys_controller.rb

@@ -2,6 +2,7 @@
 
 module Spree
   class ApiKeysController < ::BaseController
+    include Spree::Core::ControllerHelpers
     include I18nHelper
 
     prepend_before_action :load_object

app/controllers/spree/orders_controller.rb

@@ -9,7 +9,7 @@ module Spree
 
     layout 'darkswarm'
 
-    rescue_from ActiveRecord::RecordNotFound, with: :render404
+    rescue_from ActiveRecord::RecordNotFound, with: :render_404
     helper 'spree/orders'
 
     respond_to :html, :json
@@ -70,15 +70,14 @@ module Spree
         @order.recreate_all_fees! # Enterprise fees on line items and on the order itself
 
         # Re apply the voucher
-        OrderManagement::Order::Updater.new(@order).update_voucher
+        VoucherAdjustmentsService.new(@order).update
+        @order.update_totals_and_states
 
         if @order.complete?
           @order.update_payment_fees!
           @order.create_tax_charge!
         end
 
-        AmendBackorderJob.perform_later(@order) if @order.completed?
-
         respond_with(@order) do |format|
           format.html do
             if params.key?(:checkout)