Merge pull request #1080 from Growstuff/dev

Release 16

.codeclimate.yml

@@ -0,0 +1,40 @@
+engines:
+  rubocop:
+    enabled: true
+  scss-lint:
+    enabled: true
+  shellcheck:
+    enabled: true
+  eslint:
+    enabled: true
+  coffeelint:
+    enabled: true
+  brakeman:
+    enabled: true
+  bundler-audit:
+    enabled: true
+  duplication:
+    enabled: true
+    config:
+      languages:
+      - ruby
+      - javascript
+  fixme:
+    enabled: true
+    exclude_fingerprints:  # rubocop_todo filename
+    - 63b8552079d106832fbe281566b6d028
+    - d38afbaaea3ecaa9a4cf046b07a01cec
+    - 57ff3968fd371d3e1f75c237d6c78acf
+ratings:
+  paths:
+  - "**.rb"
+  - "**.js"
+  - "**.coffee"
+  - "**.sass"
+  - "**.haml"
+  - Gemfile.lock
+exclude_paths:
+- config/
+- db/
+- spec/
+- public/

.gitignore

@@ -8,8 +8,10 @@ coverage
 *~
 *.DS_Store
 config/application.yml
+config/database.yml
 credentials*.sh
 Pathogen:
 custom_plan.rb
 zeus.json
 .bundle
+.idea/**

.rspec

@@ -1 +1,2 @@
 --color
+--require spec_helper

.rubocop.yml

@@ -0,0 +1,68 @@
+inherit_from: .rubocop_todo.yml
+AllCops:
+  Include:
+    - 'Rakefile'
+    - 'config.ru'
+    - 'lib/**/*.rake'
+  Exclude:
+    - 'db/schema.rb'
+    - 'vendor/**/*'
+
+Style/FileName:
+  Exclude:
+    - 'Gemfile'
+    - 'Gemfile.lock'
+
+Style/StringLiterals:
+  Enabled: false
+
+Style/MultilineMethodCallIndentation:
+  EnforcedStyle: indented
+
+# Configuration parameters: EnforcedStyle, SupportedStyles, IndentationWidth.
+# SupportedStyles: with_first_parameter, with_fixed_indentation
+Style/AlignParameters:
+  EnforcedStyle: with_fixed_indentation
+
+Metrics/MethodLength:
+  Description: 'Avoid methods longer than 30 lines of code.'
+  StyleGuide: 'https://github.com/bbatsov/ruby-style-guide#short-methods'
+  # Set to 30 once all methods are fixed.
+  # Max: 30
+  Max: 104
+
+# Remove the following once the code style matches
+# Offense count: 59
+Metrics/AbcSize:
+  Max: 115
+
+# Offense count: 5
+# Configuration parameters: CountComments.
+Metrics/BlockLength:
+  Max: 62
+
+# Offense count: 6
+# Configuration parameters: CountComments.
+Metrics/ClassLength:
+  Max: 275
+
+# Offense count: 6
+Metrics/CyclomaticComplexity:
+  Max: 11
+
+Metrics/LineLength:
+  Max: 120
+
+# Offense count: 8
+Metrics/PerceivedComplexity:
+  Max: 10
+
+# See https://github.com/bbatsov/rubocop/issues/3629
+Rails/HttpPositionalArguments:
+  Enabled: false
+
+Style/Documentation:
+  Enabled: false
+
+Style/FrozenStringLiteralComment:
+  Enabled: false

.ruby-version

@@ -1 +1 @@
-2.1.5
+2.3.1

.travis.yml

@@ -1,12 +1,58 @@
----
+sudo: false
 language: ruby
-
-env: GROWSTUFF_SITE_NAME="Growstuff (travis)" RAILS_SECRET_TOKEN='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
-bundler_args: --without development production staging
+cache:
+  bundler: true
+  directories:
+    - travis_phantomjs
+env:
+  matrix:
+    - GROWSTUFF_SITE_NAME="Growstuff (travis)" RAILS_SECRET_TOKEN='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' GROWSTUFF_ELASTICSEARCH='true'
+    - GROWSTUFF_SITE_NAME="Growstuff (travis)" RAILS_SECRET_TOKEN='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' GROWSTUFF_ELASTICSEARCH='false'
+  global:
+    secure: "Z5TpM2jEX4UCvNePnk/LwltQX48U2u9BRc+Iypr1x9QW2o228QJhPIOH39a8RMUrepGnkQIq9q3ZRUn98RfrJz1yThtlNFL3NmzdQ57gKgjGwfpa0e4Dwj/ZJqV2D84tDGjvdVYLP7zzaYZxQcwk/cgNpzKf/jq97HLNP7CYuf4="
 rvm:
-  - 2.1.5
+  - 2.3.1
+before_install:
+  - export PATH=$PWD/travis_phantomjs/phantomjs-2.1.1-linux-x86_64/bin:$PATH
+  - >
+    if [ $(phantomjs --version) != '2.1.1' ]; then
+    PHANTOM_URL=https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2;
+    rm -rf $PWD/travis_phantomjs;
+    mkdir -p $PWD/travis_phantomjs;
+    wget $PHANTOM_URL -O $PWD/travis_phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2;
+    tar -xvf $PWD/travis_phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2 -C $PWD/travis_phantomjs;
+    fi
+  - phantomjs --version
 before_script:
-  - psql -c 'create database growstuff_test;' -U postgres
+  - bundle exec rake db:create db:migrate db:test:prepare
+  - bundle exec rake assets:precompile
 script:
+  - bundle exec rubocop --display-cop-names --rails
+  - script/gemfile_check
+  - bundle exec script/check_contributors_md
   - bundle exec rake db:migrate --trace
   - bundle exec rspec spec/
+services:
+  - elasticsearch
+before_deploy:
+  - bundle exec script/heroku_maintenance.rb on
+deploy:
+  provider: heroku
+  api_key:
+    secure: WrQxf0fEKkCdXrjcejurobOnNNz3he4dDwjBbToXbQTQNDObPp7NetJrLsfM8FiUFEeOuvhIHHiDQtMvY720zGGAGxDptvgFS+0QHCUqoTRZA/yFfUmHlG2jROXTzk5uVK0AE4k6Ion5kX8+mM0EnMT/7u+MTFiukrJctSiEXfg=
+  on:
+    repo: Growstuff/growstuff
+  app:
+    dev: growstuff-staging
+    master: growstuff-prod
+    travis_deploy: tranquil-basin-3130
+    travis_containers: tranquil-basin-3130
+  run:
+    - "rake db:migrate"
+    - "script/deploy-tasks.sh"
+    - restart
+after_deploy:
+  - bundle exec script/heroku_maintenance.rb off
+addons:
+  code_climate:
+    repo_token: 462e015bbdaabfb20910fc07f2fea253410ecb131444e00f97dbf32dc6789ca6

.yamllint

@@ -0,0 +1,7 @@
+extends: relaxed
+
+rules:
+  # 80 chars should be enough, but don't fail if a line is longer
+  line-length:
+    max: 150
+    level: warning

CONTRIBUTORS.md

@@ -11,10 +11,12 @@ submit the change with your pull request.
 - Alex Bayley / [Skud](https://github.com/Skud)
 - Cesy / [cesy](https://github.com/cesy)
 - Miles Gould / [pozorvlak](https://github.com/pozorvlak)
-- Joseph Caudle / [jcaudle](https://github.com/jcaudle)
+- Taylor Griffin / [tygriffin](https://github.com/tygriffin)
+- Mackenzie Morgan / [maco](https://github.com/maco)
 
 ## Contributors
 
+- Joseph Caudle / [jcaudle](https://github.com/jcaudle)
 - Ricky Amianym / [amianym](https://github.com/amianym)
 - Juliet Kemp / [julietk](https://github.com/julietk)
 - Federico Mena Quintero / [federicomenaquintero](https://github.com/federicomenaquintero)
@@ -22,7 +24,6 @@ submit the change with your pull request.
 - Maia Sauren / [sauramaia](https://github.com/sauramaia)
 - Norman Ancajas / [nbancajas](https://github.com/nbancajas)
 - Jonathan "Duke" Leto / [leto](https://github.com/leto)
-- Mackenzie Morgan / [maco](https://github.com/maco)
 - Amy Hendrix / [sabreuse](https://github.com/sabreuse)
 - CephLPod / [cephLpod](https://github.com/cephLpod/)
 - Gemma Mason / [gemmaellen](https://github.com/gemmaellen)
@@ -40,7 +41,6 @@ submit the change with your pull request.
 - Marty Hines / [martyhines](https://github.com/martyhines)
 - Amelia Greenhall / [ameliagreenhall](https://github.com/ameliagreenhall)
 - Barb Natali / [barbnatali](https://github.com/barbnatali)
-- Taylor Griffin / [tygriffin](https://github.com/tygriffin)
 - Marlena Compton / [Marlena](https://github.com/marlena)
 - Elizabeth A. Kari / [catfriend](https://github.com/catfriend)
 - Cheri Allen / [cherimarie](https://github.com/cherimarie)
@@ -51,4 +51,24 @@ submit the change with your pull request.
 - Yoong Kang Lim / [yoongkang](https://github.com/yoongkang)
 - Kevin Yang / [kevieyang](https://github.com/kevieyang)
 - Justin Hamman / [juzham](https://github.com/juzham)
-
+- Rocky Jaiswal / [rocky-jaiswal](https://github.com/rocky-jaiswal)
+- Robert Landreaux / [robertlandreaux](https://github.com/robertlandreaux)
+- Savant Krishna / [sksavant](https://github.com/sksavant)
+- Jake Yesbeck / [yez](https://github.com/yez)
+- Mauricio Gonzalez / [mauricio-gonzalez](https://github.com/mauricio-gonzalez)
+- Andrey Bazhutkin / [andrba](https://github.com/andrba)
+- Gabriel Sandoval / [gabrielsandoval](https://github.com/gabrielsandoval)
+- Cjay Billones / [CjayBillones](https://github.com/CjayBillones)
+- Katy Ereira / [maccath](https://github.com/maccath)
+- Gabrielle DeWitt / [gabrielle27](https://github.com/gabrielle27)
+- Manmeet Singh / [manmeetsingh](https://github.com/manmeetsingh)
+- Jym Paul Carandang / [jacarandang](https://github.com/jacarandang)
+- Anthony Atkinson / [sha1sum](https://github.com/sha1sum)
+- Terence Conquest / [twconquest](https://github.com/twconquest)
+- Daniel O'Connor / [CloCkWeRX](https://github.com/CloCkWeRX)
+- DV Dasari / [dv2](https://github.com/dv2)
+- Eric Tillberg / [Thrillberg](https://github.com/Thrillberg)
+- Lucas Nogueira / [lucasnogueira](https://github.com/lucasnogueira)
+- Charley Lewittes / [ctlewitt](https://github.com/ctlewitt)
+- Kristine Nicole Polvoriza / [polveenomials](https://github.com/polveenomials)
+- Brenda Wallace / [br3nda](https://github.com/br3nda)

Capfile

@@ -1,4 +0,0 @@
-load 'deploy'
-# Uncomment if you are using Rails' asset pipeline
-    # load 'deploy/assets'
-load 'config/deploy' # remove this line to skip loading any of the default tasks

Gemfile

@@ -1,83 +1,90 @@
+# frozen_string_literal: true
 source 'https://rubygems.org'
 
-ruby "2.1.5"
+ruby '2.3.1'
+
+gem 'rails', '~> 4.2.1'
 
 gem 'bundler', '>=1.1.5'
 
-gem 'rails', '3.2.13'
-gem 'rack', '~>1.4.5'
-gem 'json', '~>1.7.7'
+gem 'sass-rails',   '~> 5.0.4'
+gem 'coffee-rails', '~> 4.1.0'
 gem 'haml'
+
+# CSS framework
+gem 'bootstrap-sass', '~> 3.3.6'
+gem 'font-awesome-sass'
+
+gem 'uglifier', '~> 2.7.2' # JavaScript compressor
+
+gem 'jquery-rails'
+gem 'jquery-ui-rails', '~> 5.0.2'
+gem 'js-routes' # provides access to Rails routes in Javascript
+gem 'flickraw'
+
 gem 'leaflet-rails'
 gem 'leaflet-markercluster-rails'
-gem 'unicorn' # http server
-
+gem 'unicorn'                      # http server
 gem 'pg'
+gem 'figaro'                       # for handling config via ENV variables
+gem 'cancancan', '~> 1.9'          # for checking member privileges
+gem 'gibbon', '~>1.2.0'            # for Mailchimp newsletter subscriptions
+gem 'csv_shaper'                   # CSV export
+gem 'ruby-units'                   # for unit conversion
 
-gem 'figaro' # for handling config via ENV variables
+gem 'comfortable_mexican_sofa', '~> 1.12.0' # content management system
 
-gem 'cancan' # for checking member privileges
+gem 'kaminari'                     # pagination
+gem 'bootstrap-kaminari-views'     # bootstrap views for kaminari
 
-gem 'gibbon' # for Mailchimp newsletter subscriptions
+gem 'activemerchant'
+gem 'active_utils'
+gem 'sidekiq'
 
-gem 'csv_shaper' # CSV export
+# Markdown formatting for updates etc
+gem 'bluecloth'
 
-# vendored activemerchant for testing- needed for bogus paypal
-# gateway monkeypatch
-gem 'activemerchant', '1.33.0',
-  :path => 'vendor/gems/activemerchant-1.33.0',
-  :require => 'active_merchant'
-gem 'active_utils', '1.0.5',
-  :path => 'vendor/gems/active_utils-1.0.5'
+# Pagination
+gem 'will_paginate', '~> 3.0'
+
+# user signup/login/etc
+gem 'devise', '>= 4.0.0'
+
+# nicely formatted URLs
+gem 'friendly_id', '~> 5.0.4'
+
+# gravatars
+gem 'gravatar-ultimate'
+
+# For geolocation
+gem 'geocoder'
+
+# For easy calendar selection
+gem 'bootstrap-datepicker-rails'
+
+# For connecting to other services (eg Twitter)
+gem 'omniauth'
+gem 'omniauth-twitter'
+gem 'omniauth-flickr', '>= 0.0.15'
+gem 'omniauth-facebook'
+
+# client for Elasticsearch. Elasticsearch is a flexible
+# and powerful, distributed, real-time search and analytics engine.
+# An example of the use in the project is fuzzy crop search.
+gem "elasticsearch-model"
+gem "elasticsearch-rails"
+
+gem 'rake', '>= 10.0.0'
 
 group :production, :staging do
   gem 'newrelic_rpm'
   gem 'dalli'
   gem 'memcachier'
   gem 'rails_12factor' # supresses heroku plugin injection
+  gem 'bonsai-elasticsearch-rails' # Integration with Bonsa-Elasticsearch on heroku
+  gem 'sparkpost_rails'
 end
 
-# Gems used only for assets and not required
-# in production environments by default.
-group :assets do
-  # CSS preprocessor, used for app/assets/stylesheets/application.css
-  gem 'sass-rails',   '~> 3.2.3'
-  # CoffeeScript is a Python-like language that compiles to JavaScript
-  gem 'coffee-rails', '~> 3.2.1'
-
-  # less-rails depends on a JavaScript engine; we use therubyracer.
-  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
-  # long term, we'll probably want node.js for performance, but this will do
-  # for now as it's easier for new people to install
-  gem "therubyracer", "~> 0.12", :platforms => :ruby
-  # libv8 is needed by therubyracer and is a bit finicky
-  gem 'libv8', '3.16.14.7'
-
-  # Another CSS preprocessor, used for Bootstrap overrides
-  gem "less", '~>2.5.0'
-  gem "less-rails", '~> 2.5.0'
-  # CSS framework
-  gem "less-rails-bootstrap", '~> 3.2.0'
-
-  gem 'uglifier', '>= 1.0.3' # JavaScript compressor
-
-  gem 'compass-rails', '~> 1.0.3' # Yet Another CSS framework
-end
-
-gem 'jquery-rails'
-gem 'jquery-ui-rails'
-gem 'js-routes'  # provides access to Rails routes in Javascript
-gem 'flickraw'
-
-# To use ActiveModel has_secure_password
-# gem 'bcrypt-ruby', '~> 3.0.0'
-
-# To use Jbuilder templates for JSON
-gem 'jbuilder'
-
-# Use unicorn as the app server
-# gem 'unicorn'
-
 group :development do
   # A debugger and irb alternative. Pry doesn't play nice
   # with unicorn, so start a Webrick server when debugging
@@ -86,49 +93,34 @@ group :development do
   gem 'better_errors'
   gem 'binding_of_caller'
   gem 'letter_opener'
+  gem 'quiet_assets'
+  gem 'guard'
+  gem 'guard-rspec'
 end
 
-# Markdown formatting for updates etc
-gem 'bluecloth'
-
-# Pagination
-gem 'will_paginate', '~> 3.0'
-
-# user signup/login/etc
-gem 'devise', '~> 3.2.0'
-
-# nicely formatted URLs
-gem 'friendly_id', '~> 4.0.10'
-
-# gravatars
-gem 'gravatar-ultimate'
-
-# For geolocation
-gem 'geocoder',
-  :git => 'https://github.com/alexreisner/geocoder.git',
-  :ref => '104d46'
-
-# For easy calendar selection
-gem 'bootstrap-datepicker-rails'
-
-# For connecting to other services (eg Twitter)
-gem 'omniauth'
-gem 'omniauth-twitter'
-gem 'omniauth-flickr', '>= 0.0.15'
-
-gem 'rake', '>= 10.0.0'
-
 group :development, :test do
-  gem 'byebug'                       # debugging
-  gem 'haml-rails'                   # HTML templating language
-  gem 'rspec-rails', '~> 2.12.1'     # unit testing framework
-  gem 'database_cleaner', '~> 1.3.0'
-  gem 'webrat'                       # provides HTML matchers for view tests
-  gem 'factory_girl_rails', '~> 4.0' # for creating test data
-  gem 'coveralls', require: false    # coverage analysis
-  gem 'capybara'                     # integration tests
-  gem 'capybara-email'               # integration tests for email
-  gem 'poltergeist', '~> 1.5.1'      # for headless JS testing
-  gem 'i18n-tasks'                   # adds tests for finding missing and unused translations
-  gem 'json_spec'                    # extra ways to test JSON data
+  gem 'haml-rails'                      # HTML templating language
+  gem 'rspec-rails'                     # unit testing framework
+  gem 'rspec-activemodel-mocks'
+  gem 'byebug'                          # debugging
+  gem 'database_cleaner', '~> 1.5.0'
+  gem 'webrat'                          # provides HTML matchers for view tests
+  gem 'factory_girl_rails'              # for creating test data
+  gem 'coveralls', require: false       # coverage analysis
+  gem 'capybara'                        # integration tests
+  gem 'capybara-email'                  # integration tests for email
+  gem 'capybara-screenshot'             # for test debugging
+  gem 'poltergeist'                     # for headless JS testing
+  gem 'i18n-tasks'                      # adds tests for finding missing and unused translations
+  gem 'selenium-webdriver'
+  gem "active_merchant-paypal-bogus-gateway"
+  gem 'rubocop', require: false
+end
+
+group :test do
+  gem 'codeclimate-test-reporter', require: false
+end
+
+group :travis do
+  gem 'heroku-api'
 end

Gemfile.lock

@@ -1,330 +1,485 @@
-GIT
-  remote: https://github.com/alexreisner/geocoder.git
-  revision: 104d466ba7097b7dce5ba19f8e4091b7f69ccdf6
-  ref: 104d46
-  specs:
-    geocoder (1.1.8)
-
-PATH
-  remote: vendor/gems/active_utils-1.0.5
-  specs:
-    active_utils (1.0.5)
-      activesupport (>= 2.3.11)
-      i18n
-
-PATH
-  remote: vendor/gems/activemerchant-1.33.0
-  specs:
-    activemerchant (1.33.0)
-
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (3.2.13)
-      actionpack (= 3.2.13)
-      mail (~> 2.5.3)
-    actionpack (3.2.13)
-      activemodel (= 3.2.13)
-      activesupport (= 3.2.13)
-      builder (~> 3.0.0)
+    actionmailer (4.2.7.1)
+      actionpack (= 4.2.7.1)
+      actionview (= 4.2.7.1)
+      activejob (= 4.2.7.1)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.7.1)
+      actionview (= 4.2.7.1)
+      activesupport (= 4.2.7.1)
+      rack (~> 1.6)
+      rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (4.2.7.1)
+      activesupport (= 4.2.7.1)
+      builder (~> 3.1)
       erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.5)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.2.1)
-    activemodel (3.2.13)
-      activesupport (= 3.2.13)
-      builder (~> 3.0.0)
-    activerecord (3.2.13)
-      activemodel (= 3.2.13)
-      activesupport (= 3.2.13)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.13)
-      activemodel (= 3.2.13)
-      activesupport (= 3.2.13)
-    activesupport (3.2.13)
-      i18n (= 0.6.1)
-      multi_json (~> 1.0)
-    addressable (2.3.6)
-    arel (3.0.3)
-    bcrypt (3.1.9)
-    better_errors (2.0.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    active_link_to (1.0.3)
+      actionpack
+    active_merchant-paypal-bogus-gateway (0.1.0)
+      activemerchant
+    active_utils (3.2.3)
+      activesupport (>= 3.2, < 5.1.0)
+      i18n
+    activejob (4.2.7.1)
+      activesupport (= 4.2.7.1)
+      globalid (>= 0.3.0)
+    activemerchant (1.61.0)
+      activesupport (>= 3.2.14, < 5.1)
+      builder (>= 2.1.2, < 4.0.0)
+      i18n (>= 0.6.9)
+      nokogiri (~> 1.4)
+    activemodel (4.2.7.1)
+      activesupport (= 4.2.7.1)
+      builder (~> 3.1)
+    activerecord (4.2.7.1)
+      activemodel (= 4.2.7.1)
+      activesupport (= 4.2.7.1)
+      arel (~> 6.0)
+    activesupport (4.2.7.1)
+      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    addressable (2.5.0)
+      public_suffix (~> 2.0, >= 2.0.2)
+    arel (6.0.3)
+    ast (2.3.0)
+    autoprefixer-rails (6.4.0.2)
+      execjs
+    bcrypt (3.1.11)
+    better_errors (2.1.1)
       coderay (>= 1.0.0)
       erubis (>= 2.6.6)
       rack (>= 0.9.0)
     binding_of_caller (0.7.2)
       debug_inspector (>= 0.0.1)
     bluecloth (2.2.0)
-    bootstrap-datepicker-rails (1.3.0.2)
+    bonsai-elasticsearch-rails (0.0.4)
+    bootstrap-datepicker-rails (1.6.4.1)
       railties (>= 3.0)
-    builder (3.0.4)
-    byebug (3.5.1)
-      columnize (~> 0.8)
-      debugger-linecache (~> 1.2)
-      slop (~> 3.6)
-    cancan (1.6.10)
-    capybara (2.4.4)
+    bootstrap-kaminari-views (0.0.5)
+      kaminari (>= 0.13)
+      rails (>= 3.1)
+    bootstrap-sass (3.3.7)
+      autoprefixer-rails (>= 5.2.1)
+      sass (>= 3.3.4)
+    bootstrap_form (2.5.2)
+    builder (3.2.2)
+    byebug (9.0.6)
+    cancancan (1.15.0)
+    capybara (2.10.1)
+      addressable
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
       rack (>= 1.0.0)
       rack-test (>= 0.5.4)
       xpath (~> 2.0)
-    capybara-email (2.4.0)
+    capybara-email (2.5.0)
       capybara (~> 2.4)
       mail
-    chunky_png (1.3.3)
+    capybara-screenshot (1.0.14)
+      capybara (>= 1.0, < 3)
+      launchy
+    childprocess (0.5.9)
+      ffi (~> 1.0, >= 1.0.11)
+    climate_control (0.0.3)
+      activesupport (>= 3.0)
     cliver (0.3.2)
-    coderay (1.1.0)
-    coffee-rails (3.2.2)
+    cocaine (0.5.8)
+      climate_control (>= 0.0.3, < 1.0)
+    codeclimate-test-reporter (0.6.0)
+      simplecov (>= 0.7.1, < 1.0.0)
+    codemirror-rails (5.16.0)
+      railties (>= 3.0, < 6.0)
+    coderay (1.1.1)
+    coffee-rails (4.1.1)
       coffee-script (>= 2.2.0)
-      railties (~> 3.2.0)
-    coffee-script (2.3.0)
+      railties (>= 4.0.0, < 5.1.x)
+    coffee-script (2.4.1)
       coffee-script-source
       execjs
-    coffee-script-source (1.8.0)
-    columnize (0.8.9)
-    commonjs (0.2.7)
-    compass (0.12.7)
-      chunky_png (~> 1.2)
-      fssm (>= 0.2.7)
-      sass (~> 3.2.19)
-    compass-rails (1.0.3)
-      compass (>= 0.12.2, < 0.14)
-    coveralls (0.7.1)
-      multi_json (~> 1.3)
-      rest-client
-      simplecov (>= 0.7)
-      term-ansicolor
-      thor
-    csv_shaper (1.1.1)
+    coffee-script-source (1.10.0)
+    comfortable_mexican_sofa (1.12.9)
+      active_link_to (>= 1.0.0)
+      bootstrap-sass (>= 3.2.0)
+      bootstrap_form (>= 2.2.0)
+      codemirror-rails (>= 3.0.0)
+      coffee-rails (>= 3.1.0)
+      haml-rails (>= 0.3.0)
+      jquery-rails (>= 3.0.0)
+      jquery-ui-rails (>= 5.0.0)
+      kramdown (>= 1.0.0)
+      paperclip (>= 4.0.0)
+      plupload-rails (>= 1.2.1)
+      rails (>= 4.0.0, < 5)
+      rails-i18n (>= 4.0.0)
+      sass-rails (>= 4.0.3)
+    concurrent-ruby (1.0.2)
+    connection_pool (2.2.0)
+    coveralls (0.8.16)
+      json (>= 1.8, < 3)
+      simplecov (~> 0.12.0)
+      term-ansicolor (~> 1.3.0)
+      thor (~> 0.19.1)
+      tins (>= 1.6.0, < 2)
+    csv_shaper (1.3.0)
       activesupport (>= 3.0.0)
-    dalli (2.7.2)
-    database_cleaner (1.3.0)
+    dalli (2.7.6)
+    database_cleaner (1.5.3)
     debug_inspector (0.0.2)
-    debugger-linecache (1.2.0)
-    devise (3.2.4)
+    devise (4.2.0)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 3.2.6, < 5)
-      thread_safe (~> 0.1)
+      railties (>= 4.1.0, < 5.1)
+      responders
       warden (~> 1.2.3)
-    diff-lcs (1.1.3)
+    diff-lcs (1.2.5)
     docile (1.1.5)
     easy_translate (0.5.0)
       json
       thread
       thread_safe
+    elasticsearch (2.0.0)
+      elasticsearch-api (= 2.0.0)
+      elasticsearch-transport (= 2.0.0)
+    elasticsearch-api (2.0.0)
+      multi_json
+    elasticsearch-model (0.1.9)
+      activesupport (> 3)
+      elasticsearch (> 0.4)
+      hashie
+    elasticsearch-rails (0.1.9)
+    elasticsearch-transport (2.0.0)
+      faraday
+      multi_json
     erubis (2.7.0)
-    execjs (2.2.2)
-    factory_girl (4.5.0)
+    excon (0.54.0)
+    execjs (2.7.0)
+    factory_girl (4.7.0)
       activesupport (>= 3.0.0)
-    factory_girl_rails (4.5.0)
-      factory_girl (~> 4.5.0)
+    factory_girl_rails (4.7.0)
+      factory_girl (~> 4.7.0)
       railties (>= 3.0.0)
-    figaro (1.0.0)
+    faraday (0.9.2)
+      multipart-post (>= 1.2, < 3)
+    ffi (1.9.14)
+    figaro (1.1.1)
       thor (~> 0.14)
-    flickraw (0.9.8)
-    friendly_id (4.0.10.1)
-      activerecord (>= 3.0, < 4.0)
-    fssm (0.2.10)
-    gibbon (1.1.4)
+    flickraw (0.9.9)
+    font-awesome-sass (4.6.2)
+      sass (>= 3.2)
+    formatador (0.2.5)
+    friendly_id (5.0.5)
+      activerecord (>= 4.0.0)
+    geocoder (1.3.7)
+    gibbon (1.2.1)
       httparty
-      multi_json (>= 1.3.4)
+      multi_json (>= 1.9.0)
+    globalid (0.3.7)
+      activesupport (>= 4.1.0)
     gravatar-ultimate (2.0.0)
       activesupport (>= 2.3.14)
       rack
-    haml (4.0.5)
+    guard (2.14.0)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (~> 1.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    haml (4.0.7)
       tilt
-    haml-rails (0.4)
-      actionpack (>= 3.1, < 4.1)
-      activesupport (>= 3.1, < 4.1)
-      haml (>= 3.1, < 4.1)
-      railties (>= 3.1, < 4.1)
-    hashie (3.3.2)
-    highline (1.6.21)
-    hike (1.2.3)
-    httparty (0.11.0)
-      multi_json (~> 1.0)
+    haml-rails (0.9.0)
+      actionpack (>= 4.0.1)
+      activesupport (>= 4.0.1)
+      haml (>= 4.0.6, < 5.0)
+      html2haml (>= 1.0.1)
+      railties (>= 4.0.1)
+    hashie (3.4.4)
+    heroku-api (0.4.2)
+      excon (~> 0.45)
+      multi_json (~> 1.8)
+    highline (1.7.8)
+    html2haml (2.0.0)
+      erubis (~> 2.7.0)
+      haml (~> 4.0.0)
+      nokogiri (~> 1.6.0)
+      ruby_parser (~> 3.5)
+    httparty (0.14.0)
       multi_xml (>= 0.5.2)
-    i18n (0.6.1)
-    i18n-tasks (0.7.8)
-      activesupport
+    i18n (0.7.0)
+    i18n-tasks (0.9.6)
+      activesupport (>= 4.0.2)
+      ast (>= 2.1.0)
       easy_translate (>= 0.5.0)
       erubis
-      highline
+      highline (>= 1.7.3)
       i18n
-      slop (>= 3.5.0)
-      term-ansicolor
-      terminal-table
-    jbuilder (2.2.6)
-      activesupport (>= 3.0.0, < 5)
-      multi_json (~> 1.2)
-    journey (1.0.4)
-    jquery-rails (3.1.2)
-      railties (>= 3.0, < 5.0)
+      parser (>= 2.2.3.0)
+      term-ansicolor (>= 1.3.2)
+      terminal-table (>= 1.5.1)
+    jquery-rails (4.2.1)
+      rails-dom-testing (>= 1, < 3)
+      railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
-    jquery-ui-rails (4.1.2)
-      railties (>= 3.1.0)
-    js-routes (0.9.9)
+    jquery-ui-rails (5.0.5)
+      railties (>= 3.2.16)
+    js-routes (1.3.0)
       railties (>= 3.2)
       sprockets-rails
-    json (1.7.7)
-    json_spec (1.1.4)
-      multi_json (~> 1.0)
-      rspec (>= 2.0, < 4.0)
-    kgio (2.9.2)
+    json (1.8.3)
+    jwt (1.5.6)
+    kaminari (0.17.0)
+      actionpack (>= 3.0.0)
+      activesupport (>= 3.0.0)
+    kgio (2.10.0)
+    kramdown (1.13.1)
     launchy (2.4.3)
       addressable (~> 2.3)
     leaflet-markercluster-rails (0.7.0)
       railties (>= 3.1)
-    leaflet-rails (0.7.4)
-    less (2.5.1)
-      commonjs (~> 0.2.7)
-    less-rails (2.5.0)
-      actionpack (>= 3.1)
-      less (~> 2.5.0)
-    less-rails-bootstrap (3.2.0)
-      less-rails (~> 2.5.0)
-    letter_opener (1.2.0)
+    leaflet-rails (0.7.7)
+    letter_opener (1.4.1)
       launchy (~> 2.2)
-    libv8 (3.16.14.7)
-    mail (2.5.4)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
+    listen (3.1.5)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+      ruby_dep (~> 1.2)
+    loofah (2.0.3)
+      nokogiri (>= 1.5.9)
+    lumberjack (1.0.10)
+    mail (2.6.4)
+      mime-types (>= 1.16, < 4)
     memcachier (0.0.2)
     method_source (0.8.2)
-    mime-types (1.25.1)
-    mini_portile (0.6.1)
-    multi_json (1.10.1)
+    mime-types (3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2016.0521)
+    mimemagic (0.3.2)
+    mini_portile2 (2.1.0)
+    minitest (5.9.1)
+    multi_json (1.11.3)
     multi_xml (0.5.5)
-    netrc (0.8.0)
-    newrelic_rpm (3.9.7.266)
-    nokogiri (1.6.5)
-      mini_portile (~> 0.6.0)
-    oauth (0.4.7)
-    omniauth (1.2.2)
+    multipart-post (2.0.0)
+    nenv (0.3.0)
+    newrelic_rpm (3.17.1.326)
+    nokogiri (1.6.8.1)
+      mini_portile2 (~> 2.1.0)
+    notiffany (0.1.1)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    oauth (0.5.1)
+    oauth2 (1.2.0)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.3.1)
       hashie (>= 1.2, < 4)
-      rack (~> 1.0)
-    omniauth-flickr (0.0.15)
+      rack (>= 1.0, < 3)
+    omniauth-facebook (3.0.0)
+      omniauth-oauth2 (~> 1.2)
+    omniauth-flickr (0.0.19)
+      multi_json (~> 1.11.0)
       omniauth-oauth (~> 1.0)
-    omniauth-oauth (1.0.1)
+    omniauth-oauth (1.1.0)
       oauth
       omniauth (~> 1.0)
-    omniauth-twitter (1.1.0)
-      multi_json (~> 1.3)
-      omniauth-oauth (~> 1.0)
+    omniauth-oauth2 (1.4.0)
+      oauth2 (~> 1.0)
+      omniauth (~> 1.2)
+    omniauth-twitter (1.2.1)
+      json (~> 1.3)
+      omniauth-oauth (~> 1.1)
     orm_adapter (0.5.0)
-    pg (0.17.1)
-    poltergeist (1.5.1)
+    paperclip (5.1.0)
+      activemodel (>= 4.2.0)
+      activesupport (>= 4.2.0)
+      cocaine (~> 0.5.5)
+      mime-types
+      mimemagic (~> 0.3.0)
+    parser (2.3.2.0)
+      ast (~> 2.2)
+    pg (0.19.0)
+    plupload-rails (1.2.1)
+      rails (>= 3.1)
+    poltergeist (1.11.0)
       capybara (~> 2.1)
       cliver (~> 0.3.1)
-      multi_json (~> 1.0)
       websocket-driver (>= 0.2.0)
-    polyglot (0.3.5)
-    pry (0.10.1)
+    powerpack (0.1.1)
+    pry (0.10.4)
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
       slop (~> 3.4)
-    rack (1.4.5)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-ssl (1.3.4)
+    public_suffix (2.0.4)
+    quiet_assets (1.1.0)
+      railties (>= 3.1, < 5.0)
+    rack (1.6.5)
+    rack-protection (1.5.3)
       rack
-    rack-test (0.6.2)
+    rack-test (0.6.3)
       rack (>= 1.0)
-    rails (3.2.13)
-      actionmailer (= 3.2.13)
-      actionpack (= 3.2.13)
-      activerecord (= 3.2.13)
-      activeresource (= 3.2.13)
-      activesupport (= 3.2.13)
-      bundler (~> 1.0)
-      railties (= 3.2.13)
+    rails (4.2.7.1)
+      actionmailer (= 4.2.7.1)
+      actionpack (= 4.2.7.1)
+      actionview (= 4.2.7.1)
+      activejob (= 4.2.7.1)
+      activemodel (= 4.2.7.1)
+      activerecord (= 4.2.7.1)
+      activesupport (= 4.2.7.1)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.2.7.1)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.7)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.3)
+      loofah (~> 2.0)
+    rails-i18n (4.0.9)
+      i18n (~> 0.7)
+      railties (~> 4.0)
     rails_12factor (0.0.3)
       rails_serve_static_assets
       rails_stdout_logging
-    rails_serve_static_assets (0.0.2)
-    rails_stdout_logging (0.0.3)
-    railties (3.2.13)
-      actionpack (= 3.2.13)
-      activesupport (= 3.2.13)
-      rack-ssl (~> 1.3.2)
+    rails_serve_static_assets (0.0.5)
+    rails_stdout_logging (0.0.5)
+    railties (4.2.7.1)
+      actionpack (= 4.2.7.1)
+      activesupport (= 4.2.7.1)
       rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
-    raindrops (0.13.0)
-    rake (10.4.0)
-    rdoc (3.12.2)
-      json (~> 1.4)
-    ref (1.0.5)
-    rest-client (1.7.2)
-      mime-types (>= 1.16, < 3.0)
-      netrc (~> 0.7)
-    rspec (2.12.0)
-      rspec-core (~> 2.12.0)
-      rspec-expectations (~> 2.12.0)
-      rspec-mocks (~> 2.12.0)
-    rspec-core (2.12.2)
-    rspec-expectations (2.12.1)
-      diff-lcs (~> 1.1.3)
-    rspec-mocks (2.12.2)
-    rspec-rails (2.12.2)
+      thor (>= 0.18.1, < 2.0)
+    rainbow (2.1.0)
+    raindrops (0.17.0)
+    rake (11.3.0)
+    rb-fsevent (0.9.8)
+    rb-inotify (0.9.7)
+      ffi (>= 0.5.0)
+    redis (3.3.2)
+    responders (2.3.0)
+      railties (>= 4.2.0, < 5.1)
+    rspec (3.5.0)
+      rspec-core (~> 3.5.0)
+      rspec-expectations (~> 3.5.0)
+      rspec-mocks (~> 3.5.0)
+    rspec-activemodel-mocks (1.0.3)
+      activemodel (>= 3.0)
+      activesupport (>= 3.0)
+      rspec-mocks (>= 2.99, < 4.0)
+    rspec-core (3.5.4)
+      rspec-support (~> 3.5.0)
+    rspec-expectations (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-mocks (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-rails (3.5.2)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       railties (>= 3.0)
-      rspec-core (~> 2.12.0)
-      rspec-expectations (~> 2.12.0)
-      rspec-mocks (~> 2.12.0)
-    sass (3.2.19)
-    sass-rails (3.2.6)
-      railties (~> 3.2.0)
-      sass (>= 3.1.10)
-      tilt (~> 1.3)
-    simplecov (0.9.1)
+      rspec-core (~> 3.5.0)
+      rspec-expectations (~> 3.5.0)
+      rspec-mocks (~> 3.5.0)
+      rspec-support (~> 3.5.0)
+    rspec-support (3.5.0)
+    rubocop (0.45.0)
+      parser (>= 2.3.1.1, < 3.0)
+      powerpack (~> 0.1)
+      rainbow (>= 1.99.1, < 3.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.8.1)
+    ruby-units (2.0.1)
+    ruby_dep (1.4.0)
+    ruby_parser (3.8.3)
+      sexp_processor (~> 4.1)
+    rubyzip (1.2.0)
+    sass (3.4.22)
+    sass-rails (5.0.6)
+      railties (>= 4.0.0, < 6)
+      sass (~> 3.1)
+      sprockets (>= 2.8, < 4.0)
+      sprockets-rails (>= 2.0, < 4.0)
+      tilt (>= 1.1, < 3)
+    selenium-webdriver (2.53.4)
+      childprocess (~> 0.5)
+      rubyzip (~> 1.0)
+      websocket (~> 1.0)
+    sexp_processor (4.7.0)
+    shellany (0.0.1)
+    sidekiq (4.1.4)
+      concurrent-ruby (~> 1.0)
+      connection_pool (~> 2.2, >= 2.2.0)
+      redis (~> 3.2, >= 3.2.1)
+      sinatra (>= 1.4.7)
+    simplecov (0.12.0)
       docile (~> 1.1.0)
-      multi_json (~> 1.0)
-      simplecov-html (~> 0.8.0)
-    simplecov-html (0.8.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.0)
+    sinatra (1.4.7)
+      rack (~> 1.5)
+      rack-protection (~> 1.4)
+      tilt (>= 1.3, < 3)
     slop (3.6.0)
-    sprockets (2.2.3)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (0.0.1)
-      sprockets (>= 1.0.2)
-    term-ansicolor (1.3.0)
+    sparkpost_rails (1.4.0)
+      rails (>= 4.0, < 5.1)
+    sprockets (3.7.0)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.1.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    term-ansicolor (1.3.2)
       tins (~> 1.0)
-    terminal-table (1.4.5)
-    therubyracer (0.12.1)
-      libv8 (~> 3.16.14.0)
-      ref
-    thor (0.19.1)
-    thread (0.1.4)
-    thread_safe (0.3.4)
-    tilt (1.4.1)
-    tins (1.3.3)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.42)
-    uglifier (2.2.1)
+    terminal-table (1.7.3)
+      unicode-display_width (~> 1.1.1)
+    thor (0.19.3)
+    thread (0.2.2)
+    thread_safe (0.3.5)
+    tilt (2.0.5)
+    tins (1.13.0)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+    uglifier (2.7.2)
       execjs (>= 0.3.0)
-      multi_json (~> 1.0, >= 1.0.2)
-    unicorn (4.8.3)
+      json (>= 1.8.0)
+    unicode-display_width (1.1.1)
+    unicorn (5.1.0)
       kgio (~> 2.6)
-      rack
       raindrops (~> 0.7)
-    warden (1.2.3)
+    warden (1.2.6)
       rack (>= 1.0)
     webrat (0.7.3)
       nokogiri (>= 1.2.0)
       rack (>= 1.0)
       rack-test (>= 0.5.3)
-    websocket-driver (0.4.0)
-    will_paginate (3.0.7)
+    websocket (1.2.3)
+    websocket-driver (0.6.4)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.2)
+    will_paginate (3.1.0)
     xpath (2.0.0)
       nokogiri (~> 1.3)
 
@@ -332,63 +487,81 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  active_utils (= 1.0.5)!
-  activemerchant (= 1.33.0)!
+  active_merchant-paypal-bogus-gateway
+  active_utils
+  activemerchant
   better_errors
   binding_of_caller
   bluecloth
+  bonsai-elasticsearch-rails
   bootstrap-datepicker-rails
+  bootstrap-kaminari-views
+  bootstrap-sass (~> 3.3.6)
   bundler (>= 1.1.5)
   byebug
-  cancan
+  cancancan (~> 1.9)
   capybara
   capybara-email
-  coffee-rails (~> 3.2.1)
-  compass-rails (~> 1.0.3)
+  capybara-screenshot
+  codeclimate-test-reporter
+  coffee-rails (~> 4.1.0)
+  comfortable_mexican_sofa (~> 1.12.0)
   coveralls
   csv_shaper
   dalli
-  database_cleaner (~> 1.3.0)
-  devise (~> 3.2.0)
-  factory_girl_rails (~> 4.0)
+  database_cleaner (~> 1.5.0)
+  devise (>= 4.0.0)
+  elasticsearch-model
+  elasticsearch-rails
+  factory_girl_rails
   figaro
   flickraw
-  friendly_id (~> 4.0.10)
-  geocoder!
-  gibbon
+  font-awesome-sass
+  friendly_id (~> 5.0.4)
+  geocoder
+  gibbon (~> 1.2.0)
   gravatar-ultimate
+  guard
+  guard-rspec
   haml
   haml-rails
+  heroku-api
   i18n-tasks
-  jbuilder
   jquery-rails
-  jquery-ui-rails
+  jquery-ui-rails (~> 5.0.2)
   js-routes
-  json (~> 1.7.7)
-  json_spec
+  kaminari
   leaflet-markercluster-rails
   leaflet-rails
-  less (~> 2.5.0)
-  less-rails (~> 2.5.0)
-  less-rails-bootstrap (~> 3.2.0)
   letter_opener
-  libv8 (= 3.16.14.7)
   memcachier
   newrelic_rpm
   omniauth
+  omniauth-facebook
   omniauth-flickr (>= 0.0.15)
   omniauth-twitter
   pg
-  poltergeist (~> 1.5.1)
+  poltergeist
   pry
-  rack (~> 1.4.5)
-  rails (= 3.2.13)
+  quiet_assets
+  rails (~> 4.2.1)
   rails_12factor
   rake (>= 10.0.0)
-  rspec-rails (~> 2.12.1)
-  sass-rails (~> 3.2.3)
-  therubyracer (~> 0.12)
-  uglifier (>= 1.0.3)
+  rspec-activemodel-mocks
+  rspec-rails
+  rubocop
+  ruby-units
+  sass-rails (~> 5.0.4)
+  selenium-webdriver
+  sidekiq
+  sparkpost_rails
+  uglifier (~> 2.7.2)
   unicorn
   webrat
   will_paginate (~> 3.0)
+
+RUBY VERSION
+   ruby 2.3.1p112
+
+BUNDLED WITH
+   1.13.6

Guardfile

@@ -0,0 +1,13 @@
+guard :rspec,
+      cmd: 'bundle exec rspec --format documentation',
+      failed_mode: :keep do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$}) { |m| "spec/libs/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+
+  # Rails example
+  watch(%r{^app/(.+)\.rb$})                           { |m| "spec/#{m[1]}_spec.rb" }
+  watch(%r{^app/(.*)(\.erb|\.haml|\.slim)$})          { |m| "spec/#{m[1]}#{m[2]}_spec.rb" }
+  watch(%r{^spec/support/(.+)\.rb$})                  { "spec" }
+  watch('config/routes.rb')                           { "spec/routing" }
+end

README.md

@@ -2,6 +2,7 @@
 
 [![Build Status](https://travis-ci.org/Growstuff/growstuff.png)](https://travis-ci.org/Growstuff/growstuff)
 [![Coverage Status](https://coveralls.io/repos/Growstuff/growstuff/badge.png)](https://coveralls.io/r/Growstuff/growstuff)
+[![Code Climate](https://codeclimate.com/github/Growstuff/growstuff/badges/gpa.svg)](https://codeclimate.com/github/Growstuff/growstuff)
 
 Welcome to the Growstuff project.
 
@@ -18,8 +19,9 @@ encourage participation from people of all backgrounds and skill levels.
 
 * [Issues](http://github.com/Growstuff/growstuff/issues) (features we're
   working on, known bugs, etc)
-* [Discussion forums](http://wiki.growstuff.org/index.php/Discussion_forums) (mailing lists, IRC, etc)
-* [Wiki](http://wiki.growstuff.org/) (general documentation)
+* [Discussion forums](http://talk.growstuff.org/) (design ideas, planning releases)
+* [IRC](https://webchat.freenode.net/) growstuff channel (general chat, brainstorming and troubleshooting) or [Gitter](https://gitter.im/Growstuff/growstuff)
+* [Wiki](https://github.com/Growstuff/growstuff/wiki) (general documentation, etc. Help by migrating from the [old wiki](https://web.archive.org/web/*/wiki.growstuff.org))
 
 ## For coders
 
@@ -27,10 +29,10 @@ Growstuff is built in Ruby on Rails and also uses JavaScript for
 frontend features. We welcome contributions -- see
 [CONTRIBUTING](CONTRIBUTING.md) for details.
 
-* To set up your development environment, see [Getting started](http://wiki.growstuff.org/index.php/Development/Getting_Started).
+* To set up your development environment, see [Getting started](https://github.com/Growstuff/growstuff/wiki/New-contributor-guide).
 * We encourage [pair programming](http://wiki.growstuff.org/index.php/Pairing), especially for newer developers. [Find a pair programming partner.](http://talk.growstuff.org/t/find-a-pair-programming-partner/13)
-* Drop in to one of our [discussion forums](http://wiki.growstuff.org/index.php/Discussion_forums) to chat to other developers, get help, etc.
-* You may also be interested in our [API](http://wiki.growstuff.org/index.php/API).
+* Drop in to our [discussion forums](http://talk.growstuff.org/), IRC or Gitter to chat to other developers, get help, etc.
+* You may also be interested in our [API](https://github.com/Growstuff/growstuff/wiki/API).
 
 ## For designers, writers, researchers, data wranglers, and other contributors
 
@@ -49,6 +51,7 @@ Here on Github, you might find these useful:
 * [needs: visual design](https://github.com/Growstuff/growstuff/labels/needs:%20visual design) - tasks requiring visual/graphical design
 * [needs: documentation](https://github.com/Growstuff/growstuff/labels/needs:%20documentation)
 * [needs: data](https://github.com/Growstuff/growstuff/labels/needs:%20data) - tasks requiring data entry, data design, data import, or similar
+* [curated:beginner](https://github.com/Growstuff/growstuff/labels/curated:%20beginner) - tasks that are ideal for beginner programmers or people new to the project
 
 Feel free to comment on any of the issues you find there, or open up a broader conversation on [Growstuff Talk](http://talk.growstuff.org).
 

app/assets/javascripts/append_date.js.coffee

@@ -5,17 +5,15 @@
 jQuery ->
 
   el = $('.append-date')
-  
+
   el.datepicker({'format': 'yyyy-mm-dd'})
 
-  href = el.attr('href')
-
-  originalText = el.text()
-
   el.click (e) ->
     e.stopPropagation()
     e.preventDefault()
 
+    originalText = $(this).text()
+    href = $(this).attr('href')
     $(this).text('Confirm without date')
 
     $(this).bind('click.confirm', (e) ->
@@ -31,6 +29,8 @@ jQuery ->
 
   el.one 'changeDate', ->
     date = $(this).datepicker('getDate')
+    href = $(this).attr('href')
+
     url  = "#{href}&planting[finished_at]=#{date}"
 
     link = $("<a href='#{url}' data-method='put'></a>")

app/assets/javascripts/application.js

@@ -15,8 +15,7 @@
 //= require js-routes
 //= require jquery
 //= require jquery_ujs
-//= require jquery.ui.autocomplete
-//= require twitter/bootstrap
-//= require_tree .
+//= require jquery-ui/autocomplete
+//= require bootstrap-sprockets
 //= require bootstrap-datepicker
-
+//= require_tree .

app/assets/javascripts/comfy/admin/cms/custom.js.coffee

@@ -0,0 +1 @@
+# Custom JS for the admin area

app/assets/javascripts/crops.js.erb

@@ -1,6 +1,7 @@
 if (document.getElementById("cropmap") !== null) {
   mapbox_map_id = "<%= Rails.env == 'test' ? 0 : Growstuff::Application.config.mapbox_map_id %>";
-  mapbox_base_url = "https://c.tiles.mapbox.com/v3/" + mapbox_map_id + "/{z}/{x}/{y}.png";
+  mapbox_access_token = "<%= Rails.env == 'test' ? 0 : Growstuff::Application.config.mapbox_access_token %>";
+  mapbox_base_url = "http://a.tiles.mapbox.com/v4/" + mapbox_map_id + "/{z}/{x}/{y}.png?access_token=" + mapbox_access_token;
 
   L.Icon.Default.imagePath = '/assets'
 
@@ -47,3 +48,7 @@ function showCropMap(cropmap) {
 
   cropmap.addLayer(markers);
 }
+
+$('.btn.toggle.crop-hierarchy').click(function () {
+  $('.toggle.crop-hierarchy').toggleClass('hide');
+});

app/assets/javascripts/finish_planting.js.coffee

@@ -9,11 +9,11 @@ jQuery ->
     finished = $('#planting_finished_at')
     if @checked
       if previousValue.length
-        date = previousValue 
+        date = previousValue
         finished.val(date)
       else
         finished.trigger('focus')
     else
       previousValue = finished.val()
       finished.val('')
-  )
+  )

app/assets/javascripts/members.js.erb

@@ -1,6 +1,7 @@
 if (document.getElementById("membermap") !== null) {
   mapbox_map_id = "<%= Rails.env == 'test' ? 0 : Growstuff::Application.config.mapbox_map_id %>";
-  mapbox_base_url = "https://c.tiles.mapbox.com/v3/" + mapbox_map_id + "/{z}/{x}/{y}.png";
+  mapbox_access_token = "<%= Rails.env == 'test' ? 0 : Growstuff::Application.config.mapbox_access_token %>";
+  mapbox_base_url = "http://a.tiles.mapbox.com/v4/" + mapbox_map_id + "/{z}/{x}/{y}.png?access_token=" + mapbox_access_token;
 
   L.Icon.Default.imagePath = '/assets'
 

app/assets/javascripts/places.js.erb

@@ -1,7 +1,8 @@
 if (document.getElementById("placesmap") !== null) {
   places_base_path = "/places";
   mapbox_map_id = "<%= Rails.env == 'test' ? 0 : Growstuff::Application.config.mapbox_map_id %>";
-  mapbox_base_url = "https://c.tiles.mapbox.com/v3/" + mapbox_map_id + "/{z}/{x}/{y}.png";
+  mapbox_access_token = "<%= Rails.env == 'test' ? 0 : Growstuff::Application.config.mapbox_access_token %>";
+  mapbox_base_url = "http://a.tiles.mapbox.com/v4/" + mapbox_map_id + "/{z}/{x}/{y}.png?access_token=" + mapbox_access_token;
   nominatim_base_url = 'http://nominatim.openstreetmap.org/search/';
   nominatim_user_agent_email = "<%= Rails.env == 'test' ? 0 : Growstuff::Application.config.user_agent_email %>";
 

app/assets/javascripts/seeds.js.coffee

@@ -4,3 +4,41 @@
 
 jQuery ->
   $('.add-datepicker').datepicker('format' : 'yyyy-mm-dd')
+  $('#add-sci_name-row').css("display", "inline-block")
+  $('#remove-sci_name-row').css("display", "inline-block")
+  $("#add-alt_name-row").css("display", "inline-block")
+  $("#remove-alt_name-row").css("display", "inline-block")
+
+$ ->
+  sci_template = "<div id='sci_template[INDEX]' class='template col-md-12'><div class='col-md-2'><label>Scientific name INDEX:</label></div><div class='col-md-8'><input name='sci_name[INDEX]' class='form-control', id='sci_name[INDEX]')'></input><span class='help-block'>Scientific name of crop.</span></div><div class='col-md-2'></div></div>"
+
+  sci_index = $('#scientific_names .template').length + 1
+
+  $('#add-sci_name-row').click ->
+    compiled_input = $(sci_template.split("INDEX").join(sci_index))
+    $('#scientific_names').append(compiled_input)
+    sci_index = sci_index + 1
+
+  $('#remove-sci_name-row').click ->
+    if (sci_index > 2)
+    	sci_index = sci_index - 1
+    	tmp = 'sci_template[' + sci_index + ']'
+    	element = document.getElementById(tmp)
+    	element.remove()
+
+  alt_template = "<div id='alt_template[INDEX]' class='template col-md-12'><div class='col-md-2'><label>Alternate name INDEX:</label></div><div class='col-md-8'><input name='alt_name[INDEX]' class='form-control', id='alt_name[INDEX]')'></input><span class='help-block'>Alternate name of crop.</span></div><div class='col-md-2'></div></div>"
+
+  alt_index = $('#alternate_names .template').length + 1
+
+  $('#add-alt_name-row').click ->
+    compiled_input = $(alt_template.split("INDEX").join(alt_index))
+    $('#alternate_names').append(compiled_input)
+    alt_index = alt_index + 1
+
+  $('#remove-alt_name-row').click ->
+    if (alt_index > 2)
+      alt_index = alt_index - 1
+      tmp = 'alt_template[' + alt_index + ']'
+      element = document.getElementById(tmp)
+      console.log("%s",tmp)
+      element.remove()

app/assets/stylesheets/application.css

@@ -1,14 +0,0 @@
-/*
- * This is a manifest file that'll automatically include all the stylesheets available in this directory
- * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
- * the top of the compiled file, but it's generally better to create a new file per style scope.
- *= require_self
- *= require jquery.ui.autocomplete
- *= require bootstrap-datepicker
- *= require leaflet
- *= require leaflet.markercluster
- *= require leaflet.markercluster.default
- *= require custom_bootstrap/custom_bootstrap
- *= require overrides.css
- *= require_tree .
-*/

app/assets/stylesheets/application.sass

@@ -0,0 +1,7 @@
+@import 'jquery-ui/autocomplete'
+@import 'bootstrap-datepicker'
+@import 'leaflet'
+@import 'leaflet.markercluster'
+@import 'leaflet.markercluster.default'
+@import 'custom_bootstrap/custom_bootstrap'
+@import 'overrides'

app/assets/stylesheets/bootstrap-accessibility.css

@@ -0,0 +1 @@
+.btn:focus{outline:dotted 2px #000}div.active:focus{outline:dotted 1px #000}a:focus{outline:dotted 1px #000}.close:hover,.close:focus{outline:dotted 1px #000}.nav>li>a:hover,.nav>li>a:focus{outline:dotted 1px #000}.carousel-inner>.item{position:absolute;top:-999999em;display:block;-moz-transition:ease-in-out 0.6s left;-o-transition:ease-in-out 0.6s left;-webkit-transition:ease-in-out 0.6s left;transition:ease-in-out 0.6s left}.carousel-inner>.active{top:0}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{position:relative}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.alert-success{color:#2d4821}.alert-info{color:#214c62}.alert-warning{color:#6c4a00;background-color:#f9f1c6}.alert-danger{color:#d2322d}.alert-danger:hover{color:#a82824}

app/assets/stylesheets/comfy/admin/cms/custom.sass

@@ -0,0 +1 @@
+// custom CSS for admin area

app/assets/stylesheets/custom_bootstrap/custom_bootstrap.less

@@ -1,56 +0,0 @@
-// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-// !!! AUTOMATICALLY GENERATED FILE. DO NOT MODIFY !!!
-// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
-// Core variables and mixins
-@import "twitter/bootstrap/variables.less";
-@import "custom_bootstrap/variables.less"; // Modify this for custom colors, font-sizes, etc
-@import "twitter/bootstrap/mixins.less";
-@import "custom_bootstrap/mixins.less"; // Modify this for custom mixins
-
-// Reset and dependencies
-@import "twitter/bootstrap/normalize.less";
-@import "twitter/bootstrap/print.less";
-@import "twitter/bootstrap/glyphicons.less";
-
-// Core CSS
-@import "twitter/bootstrap/scaffolding.less";
-@import "twitter/bootstrap/type.less";
-@import "twitter/bootstrap/code.less";
-@import "twitter/bootstrap/grid.less";
-@import "twitter/bootstrap/tables.less";
-@import "twitter/bootstrap/forms.less";
-@import "twitter/bootstrap/buttons.less";
-
-// Components
-@import "twitter/bootstrap/component-animations.less";
-@import "twitter/bootstrap/dropdowns.less";
-@import "twitter/bootstrap/button-groups.less";
-@import "twitter/bootstrap/input-groups.less";
-@import "twitter/bootstrap/navs.less";
-@import "twitter/bootstrap/navbar.less";
-@import "twitter/bootstrap/breadcrumbs.less";
-@import "twitter/bootstrap/pagination.less";
-@import "twitter/bootstrap/pager.less";
-@import "twitter/bootstrap/labels.less";
-@import "twitter/bootstrap/badges.less";
-@import "twitter/bootstrap/jumbotron.less";
-@import "twitter/bootstrap/thumbnails.less";
-@import "twitter/bootstrap/alerts.less";
-@import "twitter/bootstrap/progress-bars.less";
-@import "twitter/bootstrap/media.less";
-@import "twitter/bootstrap/list-group.less";
-@import "twitter/bootstrap/panels.less";
-@import "twitter/bootstrap/responsive-embed.less";
-@import "twitter/bootstrap/wells.less";
-@import "twitter/bootstrap/close.less";
-
-// Components w/ JavaScript
-@import "twitter/bootstrap/modals.less";
-@import "twitter/bootstrap/tooltip.less";
-@import "twitter/bootstrap/popovers.less";
-@import "twitter/bootstrap/carousel.less";
-
-// Utility classes
-@import "twitter/bootstrap/utilities.less";
-@import "twitter/bootstrap/responsive-utilities.less";

app/assets/stylesheets/custom_bootstrap/custom_bootstrap.sass

@@ -0,0 +1,59 @@
+// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+// !!! AUTOMATICALLY GENERATED FILE. DO NOT MODIFY !!!
+// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+// Core variables and mixins
+@import "bootstrap-sprockets"
+@import "bootstrap/variables"
+// Modify this for custom colors, font-sizes, etc
+@import "custom_bootstrap/variables"
+@import "bootstrap/mixins"
+// Modify this for custom mixins
+@import "custom_bootstrap/mixins"
+
+// Reset and dependencies
+@import "bootstrap/normalize"
+@import "bootstrap/print"
+@import "bootstrap/glyphicons"
+
+// Core CSS
+@import "bootstrap/scaffolding"
+@import "bootstrap/type"
+@import "bootstrap/code"
+@import "bootstrap/grid"
+@import "bootstrap/tables"
+@import "bootstrap/forms"
+@import "bootstrap/buttons"
+
+// Components
+@import "bootstrap/component-animations"
+@import "bootstrap/dropdowns"
+@import "bootstrap/button-groups"
+@import "bootstrap/input-groups"
+@import "bootstrap/navs"
+@import "bootstrap/navbar"
+@import "bootstrap/breadcrumbs"
+@import "bootstrap/pagination"
+@import "bootstrap/pager"
+@import "bootstrap/labels"
+@import "bootstrap/badges"
+@import "bootstrap/jumbotron"
+@import "bootstrap/thumbnails"
+@import "bootstrap/alerts"
+@import "bootstrap/progress-bars"
+@import "bootstrap/media"
+@import "bootstrap/list-group"
+@import "bootstrap/panels"
+@import "bootstrap/responsive-embed"
+@import "bootstrap/wells"
+@import "bootstrap/close"
+
+// Components w/ JavaScript
+@import "bootstrap/modals"
+@import "bootstrap/tooltip"
+@import "bootstrap/popovers"
+@import "bootstrap/carousel"
+
+// Utility classes
+@import "bootstrap/utilities"
+@import "bootstrap/responsive-utilities"

app/assets/stylesheets/custom_bootstrap/variables.less

@@ -1,54 +0,0 @@
-// Use this file to override Twitter Bootstrap variables or define own variables.
-
-// Import original variables so they can be used in overrides
-@import "twitter/bootstrap/variables.less";
-
-// Base colours
-
-@beige: #f3f1ee;
-@brown: #413f3b;
-
-@green:  #5f8e43;
-@blue:   #2f4365;
-@red:    #8e4d43;
-@orange: #b2685c;
-@yellow: #b2935c;
-
-@body-bg: @beige;
-@text-color: @brown;
-@link-color: @green;
-
-@brand-primary: @green;
-
-@font-family-sans-serif:        "Helvetica Neue", Helvetica, Arial, sans-serif;
-@font-family-serif:       Georgia, "Times New Roman", Times, serif;
-@font-family-mono:        Monaco, Menlo, Consolas, "Courier New", monospace;
-
-@font-size-base:          14px;
-@font-family-base:        @font-family-sans-serif;
-@line-height-base:        1.5;
-@alt-font-family:         @font-family-serif;
-
-@headings-font-family:    @font-family-sans-serif;
-@headings-font-weight:    bold;    // instead of browser default, bold
-@headings-color:         inherit; // empty to use BS default, @textColor
-
-// Hero unit
-@jumbotron-bg: darken(@body-bg, 10%);
-
-// Nav bar
-@navbar-default-bg: @brown;
-@navbar-default-bg-highlight: @brown;
-@navbar-default-color: @beige;
-@navbar-default-link-color: darken(@beige, 20%);
-@navbar-default-link-hover-color: @beige;
-@navbar-default-link-active-color: @beige;
-@navbar-default-brand-color: lighten(@green, 20%);
-
-// Top nav collapse threshold
-@grid-float-breakpoint: @screen-md-min;
-
-@dropdown-bg: lighten(@beige, 10%);
-@dropdown-link-color: @brown;
-@dropdown-link-hover-color: @brown;
-@dropdown-link-hover-bg: lighten(@green, 50%);

app/assets/stylesheets/custom_bootstrap/variables.sass

@@ -0,0 +1,54 @@
+// Use this file to override Twitter Bootstrap variables or define own variables.
+
+// Import original variables so they can be used in overrides
+//@import 'bootstrap/variables.scss'
+
+// Base colours
+
+$beige: #f3f1ee
+$brown: #413f3b
+
+$green:  #5f8e43
+$blue:   #2f4365
+$red:    #8e4d43
+$orange: #b2685c
+$yellow: #b2935c
+
+$body-bg: $beige
+$text-color: $brown
+$link-color: $green
+
+$brand-primary: $green
+
+$font-family-sans-serif:        "Helvetica Neue", Helvetica, Arial, sans-serif
+$font-family-serif:       Georgia, "Times New Roman", Times, serif
+$font-family-mono:        Monaco, Menlo, Consolas, "Courier New", monospace
+
+$font-size-base:          14px
+$font-family-base:        $font-family-sans-serif
+$line-height-base:        1.5
+$alt-font-family:         $font-family-serif
+
+$headings-font-family:    $font-family-sans-serif
+$headings-font-weight:    bold    // instead of browser default, bold
+$headings-color:         inherit // empty to use BS default, $textColor
+
+// Hero unit
+$jumbotron-bg: darken($body-bg, 10%)
+
+// Nav bar
+$navbar-default-bg: $brown
+$navbar-default-bg-highlight: $brown
+$navbar-default-color: $beige
+$navbar-default-link-color: darken($beige, 20%)
+$navbar-default-link-hover-color: $beige
+$navbar-default-link-active-color: darken($beige,80%)
+$navbar-default-brand-color: lighten($green, 20%)
+
+// Top nav collapse threshold
+$grid-float-breakpoint: $screen-md-min
+
+$dropdown-bg: lighten($beige, 10%)
+$dropdown-link-color: $brown
+$dropdown-link-hover-color: $brown
+$dropdown-link-hover-bg: lighten($green, 50%)

app/assets/stylesheets/leaflet_overrides.css.less

@@ -1,3 +0,0 @@
-.leaflet-popup-content-wrapper, .leaflet-popup-tip {
-  border: none;
-}

app/assets/stylesheets/leaflet_overrides.sass

@@ -0,0 +1,10 @@
+.leaflet-popup-content-wrapper,
+.leaflet-popup-tip
+  border: none
+
+.thumbnail
+  background: #fff !important
+  border: solid 1px whitesmoke
+
+.thumbnail .crop-thumbnail .cropinfo
+  padding-top: 14px

app/assets/stylesheets/overrides.css.less

@@ -1,263 +0,0 @@
-@import "twitter/bootstrap/bootstrap";
-@import "custom_bootstrap/variables";
-// this padding needs to be done before the responsive stuff is imported
-body {
-  // modifying this for our promotional banner. can be replaced after if
-  // needed.
-  // padding-top: @navbar-height + 15px;
-  padding-top: @navbar-height;
-}
-
-//@import "twitter/bootstrap/responsive";
-
-// Set the correct sprite paths
-@iconSpritePath: asset-path("twitter/bootstrap/glyphicons-halflings");
-@iconWhiteSpritePath: asset-path("twitter/bootstrap/glyphicons-halflings-white");
-
-// Set the Font Awesome (Font Awesome is default. You can disable by commenting below lines)
-@fontAwesomeEotPath: asset-url("fontawesome-webfont.eot");
-@fontAwesomeEotPath_iefix: asset-url("fontawesome-webfont.eot#iefix");
-@fontAwesomeWoffPath: asset-url("fontawesome-webfont.woff");
-@fontAwesomeTtfPath: asset-url("fontawesome-webfont.ttf");
-@fontAwesomeSvgPath: asset-url("fontawesome-webfont.svg#fontawesomeregular");
-
-// Font Awesome
-//@import "fontawesome/font-awesome";
-
-// Glyphicons
-//@import "twitter/bootstrap/sprites.less";
-
-
-.list-inline > li.first {
-  padding-left: 0px;
-}
-
-h2 {
-  font-size: 150%;
-}
-
-/*
-#subtitle {
-  color: lighten(@brown, 30%);
-  margin-top: 0px;
-  padding-top: 0px;
-  padding-left: 1em;
-  font-style: italic;
-  font-weight: normal;
-}
-*/
-
-h3 {
-  font-size: 120%;
-}
-
-.main {
-  padding-right: 1em;
-}
-
-.sidebar {
-  margin-left: -1px;
-  border-left: 1px solid darken(@beige, 10%);
-  padding-left: 1em;
-}
-
-// this is used for eg. crops and members index pages
-.six-across:nth-child(6n+1) {
-  margin-left: 0px
-}
-
-.three-across:nth-child(3n+1) {
-  margin-left: 0px;
-  clear: both;
-}
-
-// let's condense the hero unit a little
-.jumbotron {
-  padding-top: 30px;
-  padding-bottom: 30px;
-}
-
-// info under the main heading on homepage
-.jumbotron .info {
-  padding-top: 15px;
-}
-
-// signup widget on homepage
-.jumbotron .signup {
-  background-color: lighten(@green, 40%);
-  border: 1px solid lighten(@green, 20%);
-  border-radius: 6px;
-  padding: 15px;
-  text-align: center;
-  line-height: 200%;
-}
-
-// stats shown on homepage. eg. "999 members..."
-p.stats {
-  font-weight: bold;
-}
-
-.homepage-members {
-  height: 100px;
-}
-
-.homepage-members:nth-child(odd) {
-  margin-left: 0px;
-}
-
-#placesmap, #cropmap {
-  height: 500px;
-}
-
-#membermap {
-  height: 250px;
-}
-
-.member-location {
-  font-size: small;
-  font-style: italic;
-}
-
-.member-location a {
-  color: @brown;
-}
-
-.crop-thumbnail {
-  position:relative;
-  padding:0;
-  img {
-    width:100%;
-  }
-  .text {
-    display:none;
-    color:#000;
-    position:absolute;
-    bottom:0;
-    background:rgba(0, 0, 0, 0.8);
-    width:100%;
-    margin:0;
-  }
-  p {
-    padding:5px;
-    margin:0;
-    color:#fff;
-  }
-  &:hover {
-    .text {
-      display:block;
-    }
-  }
-}
-
-.member-thumbnail {
-  img {
-    height: 85px;
-    width: 85px;
-    max-width: 85px
-  }
-}
-
-.thumbnail {
-  margin-bottom: 1.5em;
-  
-  .scientific-name small, .crop-name a {
-    display: inline-block;
-    max-width: 100%;
-    white-space: nowrap;
-    overflow: hidden;
-    text-overflow: ellipsis;
-    line-height: 1em;
-    padding-bottom: 2px;
-  }
-
-  .crop-name a {
-    padding-top: 2px;
-  }
-
-  .scientific-name small {
-    margin-bottom: -2px;
-  }
-}
-
-li.crop-hierarchy {
-  list-style-type: disc;
-}
-
-.navbar-brand {
-  margin: 0px;
-  padding: 0px;
-}
-
-.navbar-bottom {
-  margin: 40px 0px 0px 0px !important;
-}
-
-// navbar centering
-footer .navbar .nav {
-  float: none;
-  display: inline-block;
-  *display: inline;
-  /* ie7 fix */
-  *zoom: 1;
-  /* hasLayout ie7 trigger */
-  vertical-align: top;
-  > li {
-    float: none;
-    display: inline-block;
-    *display: inline;
-    /* ie7 fix */
-    *zoom: 1;
-    /* hasLayout ie7 trigger */
-    vertical-align: top;
-  }
-}
-
-.navbar-bottom.navbar {
-  text-align: center;
-  border-radius: 0;
-}
-
-.crop-image, .member-image {
-  width: 100%;
-  height: 100%;
-}
-
-// Autosuggest
-
-.ui-autocomplete {
-  z-index: @zindex-tooltip;
-}
-
-// Crowdfunding campaign, Sep-Oct 2014
-
-.crowdfunding-banner {
-  text-align: center;
-  font-weight: bold;
-  background-color: lighten(@green, 30%);
-  margin-top: 0px;
-  margin-bottom: 5px;
-  padding: 15px;
-}
-
-.crowdfunding-banner a {
-  color: @brown;
-  text-decoration: underline;
-}
-
-// Overrides applying only to mobile view. This must be at the end of the overrides file.
-
-@media only screen and (max-width: 767px) {
-  .sidebar {
-    margin-left: 0;
-    border-left: none;
-    padding-left: 0;
-  }
-
-  #map {
-    height: 300px;
-  }
-
-  .navbar .nav > li {
-    display: block;
-  }
-}

app/assets/stylesheets/overrides.sass

@@ -0,0 +1,338 @@
+@import "bootstrap-sprockets"
+@import "bootstrap"
+@import "custom_bootstrap/variables"
+// this padding needs to be done before the responsive stuff is imported
+body
+  // modifying this for our promotional banner. can be replaced after if
+  // needed.
+  // padding-top: $navbar-height + 15px
+  padding-top: $navbar-height
+
+
+//@import "bootstrap/responsive"
+
+// Font Awesome
+@import "font-awesome-sprockets"
+@import "font-awesome"
+
+// Glyphicons
+//@import "bootstrap/glyphicons"
+
+
+.list-inline > li.first
+  padding-left: 0px
+
+h2
+  font-size: 150%
+
+
+//#subtitle
+//  color: lighten($brown, 30%)
+//  font-style: italic
+//  font-weight: normal
+//  margin-top: 0px
+//  padding-left: 1em
+//  padding-top: 0px
+
+h3
+  font-size: 120%
+
+.main
+  padding-right: 1em
+
+.navbar .navbar-form
+  padding-top: 0
+  padding-bottom: 0
+  margin-right: 0
+  margin-left: 15px
+  border: 0
+  -webkit-box-shadow: none
+  box-shadow: none
+
+.img-responsive
+  max-width: 100%
+  height: auto
+
+.sidebar
+  border-left: 1px solid darken($beige, 10%)
+  margin-left: -1px
+  padding-left: 1em
+
+// this is used for eg. crops and members index pages
+.six-across:nth-child(6n+1)
+  margin-left: 0px
+
+.three-across:nth-child(3n+1)
+  margin-left: 0px
+  clear: both
+
+// let's condense the hero unit a little
+.jumbotron
+  padding-top: 30px
+  padding-bottom: 30px
+
+// info under the main heading on homepage
+.jumbotron .info
+  padding-top: 15px
+
+// signup widget on homepage
+.jumbotron .signup
+  background-color: lighten($green, 40%)
+  border: 1px solid lighten($green, 20%)
+  border-radius: 6px
+  line-height: 200%
+  padding: 15px
+  text-align: center
+
+// stats shown on homepage. eg. "999 members..."
+p.stats
+  font-weight: bold
+
+.member-cards
+  display: flex
+  flex: none
+  flex-wrap: wrap
+  justify-content: space-between
+
+.member-thumbnail
+  padding: .25em
+
+  div
+    width: 5em
+    display: inline-block
+    vertical-align: top
+
+.member-thumbnail div~div
+  padding-left: 1em
+  width: 15em
+
+.planting
+  dl.planting-attributes
+    font-size: 85%
+
+    dt
+      text-align: left
+    dd
+      margin-left: auto
+
+@media (min-width: $screen-md-min)
+  .planting-thumbnail
+    dl.planting-attributes
+      font-size: 85%
+      width: 100%
+
+      dt
+        text-align: left
+        width: 80px
+      dd
+        padding-left: 80px
+        margin-left: auto
+
+  .navbar .navbar-form
+    width: 250px
+
+
+#placesmap, #cropmap
+  height: 500px
+
+#membermap
+  height: 250px
+
+.location-not-set
+  height: 250px
+  width: 100%
+  background-image: image-url('location-not-set.en.png')
+  background-repeat: no-repeat
+  background-position: center
+
+.member-location
+  font-size: small
+  font-style: italic
+
+
+.member-location a
+  color: $brown
+
+
+.photo-thumbnail
+  padding: 0
+  position: relative
+
+  img
+    width: 100%
+
+  .text
+    display: none
+    color: #000
+    position: absolute
+    bottom: 0
+    background: rgba(0, 0, 0, 0.8)
+    width: 100%
+    margin: 0
+
+  p
+    padding: 5px
+    margin: 0
+    color: #fff
+
+  &:hover
+    .text
+      display: block
+
+.thumbnail
+  border: none
+  text-align: center
+  margin-bottom: 1.5em
+
+  .member-thumbnail
+    text-align: left
+    img
+      height: 85px
+      width: 85px
+      max-width: 85px
+
+  .crop-thumbnail
+    height: 220px
+    .cropinfo
+      display: inline-block
+      max-width: 100%
+      white-space: nowrap
+      line-height: 1em
+      padding-bottom: 2px
+
+      .cropname
+        overflow: hidden
+        text-overflow: ellipsis
+
+      .scientificname
+        font-size: small
+        font-style: italic
+        overflow: hidden
+        text-overflow: ellipsis
+
+      .plantingcount
+        font-size: small
+
+    .crop-name a
+      padding-top: 2px
+
+    .scientific-name small
+      margin-bottom: -2px
+
+li.crop-hierarchy
+  list-style-type: disc
+
+.navbar-brand
+  margin: 0px
+  padding: 0px
+
+.navbar-bottom
+  margin: 40px 0px 0px 0px !important
+
+// footer
+footer
+  #footer1, #footer2, #footer3
+    text-align: left
+    padding-top: 1em
+    padding-bottom: 2em
+    ul
+      list-style-type: none
+      list-style-position: outside
+      padding-left: 0px
+      margin-left: 0px
+
+    a
+      color: $navbar-default-link-color
+      text-decoration: none
+
+    a:hover
+      color: $navbar-default-link-hover-color
+
+    a:active
+      color: $navbar-default-link-active-color
+
+  .navbar-bottom.navbar
+    border-radius: 0
+
+// ensure footer is pushed to bottom of browser window
+
+#maincontainer
+  min-height: 80%
+
+html, body
+  height: 100%
+
+.crop-image, .member-image
+  width: 100%
+  height: 100%
+
+// Autosuggest
+
+.ui-autocomplete
+  background: white
+  z-index: $zindex-tooltip
+
+.alert
+  a
+    font-weight: 800
+
+// Overrides applying only to mobile view. This must be at the end of the overrides file.
+
+@media only screen and (max-width: 767px)
+  .sidebar
+    margin-left: 0
+    border-left: none
+    padding-left: 0
+
+  #map
+    height: 300px
+
+  .navbar .nav > li
+    display: block
+
+  .navbar .navbar-form
+    width: 185px
+    padding-left: 0
+    padding-right: 0
+
+/* override "info" alert boxes to be green, not blue, on Growstuff */
+$state-info-text: darken($green, 10%)
+$state-info-bg: lighten($green, 50%)
+
+/* and set "success" to be the same, as it was just very slightly
+ * different because the default bootstrap green is slightly different
+ * from ours */
+$state-success-text: darken($green, 10%)
+$state-success-bg: lighten($green, 50%)
+
+.hide
+  display: none
+
+#add-sci_name-row, #remove-sci_name-row, #add-alt_name-row, #remove-alt_name-row
+  display: none
+
+.panel-footer
+  height: 6em
+
+.panel
+  .dl-horizontal
+    text-overflow: ellipsis
+    overflow: hidden
+
+#gardens_panel_body
+  height: 20em
+
+.form-group.required .control-label:before
+  content: "* "
+  color: red
+
+.margin-bottom
+  margin-bottom: 1em
+
+.red
+  color: red
+
+.truncate
+  overflow: hidden
+  text-overflow: ellipsis
+  white-space: nowrap

app/controllers/about_controller.rb

@@ -1,2 +0,0 @@
-class AboutController < ApplicationController
-end

app/controllers/account_types_controller.rb

@@ -1,7 +1,7 @@
 class AccountTypesController < ApplicationController
   before_filter :authenticate_member!
   load_and_authorize_resource
-  
+
   # GET /account_types
   def index
     @account_types = AccountType.all
@@ -36,7 +36,7 @@ class AccountTypesController < ApplicationController
 
   # POST /account_types
   def create
-    @account_type = AccountType.new(params[:account_type])
+    @account_type = AccountType.new(account_type_params)
 
     respond_to do |format|
       if @account_type.save
@@ -52,7 +52,7 @@ class AccountTypesController < ApplicationController
     @account_type = AccountType.find(params[:id])
 
     respond_to do |format|
-      if @account_type.update_attributes(params[:account_type])
+      if @account_type.update(account_type_params)
         format.html { redirect_to @account_type, notice: 'Account type was successfully updated.' }
       else
         format.html { render action: "edit" }
@@ -69,4 +69,10 @@ class AccountTypesController < ApplicationController
       format.html { redirect_to account_types_url, notice: 'Account type was successfully deleted.' }
     end
   end
+
+  private
+
+  def account_type_params
+    params.require(:account_type).permit(:is_paid, :is_permanent_paid, :name)
+  end
 end

app/controllers/accounts_controller.rb

@@ -1,7 +1,7 @@
 class AccountsController < ApplicationController
   before_filter :authenticate_member!
   load_and_authorize_resource
-  
+
   # GET /accounts
   def index
     @accounts = Account.all
@@ -30,7 +30,7 @@ class AccountsController < ApplicationController
     @account = Account.find(params[:id])
 
     respond_to do |format|
-      if @account.update_attributes(params[:account])
+      if @account.update(params[:account])
         format.html { redirect_to @account, notice: 'Account detail was successfully updated.' }
       else
         format.html { render action: "edit" }
@@ -38,4 +38,9 @@ class AccountsController < ApplicationController
     end
   end
 
+  private
+
+  def account_params
+    params.require(:account).permit(:account_type_id, :member_id, :paid_until)
+  end
 end

app/controllers/admin/orders_controller.rb

@@ -8,7 +8,7 @@ class Admin::OrdersController < ApplicationController
 
   def search
     authorize! :manage, :all
-    @orders = Order.search({:by => params[:search_by], :for => params[:search_text]})
+    @orders = Order.search({ by: params[:search_by], for: params[:search_text] })
 
     if @orders.empty?
       flash[:alert] = "Couldn't find order with #{params[:search_by]} = #{params[:search_text]}"
@@ -17,6 +17,5 @@ class Admin::OrdersController < ApplicationController
     respond_to do |format|
       format.html # index.html.haml
     end
-
   end
 end

app/controllers/alternate_names_controller.rb

@@ -1,5 +1,5 @@
 class AlternateNamesController < ApplicationController
-  before_filter :authenticate_member!, :except => [:index, :show]
+  before_filter :authenticate_member!, except: [:index, :show]
   load_and_authorize_resource
 
   # GET /alternate_names
@@ -13,17 +13,6 @@ class AlternateNamesController < ApplicationController
     end
   end
 
-  # GET /alternate_names/1
-  # GET /alternate_names/1.json
-  def show
-    @alternate_name = AlternateName.find(params[:id])
-
-    respond_to do |format|
-      format.html # show.html.haml
-      format.json { render json: @alternate_name }
-    end
-  end
-
   # GET /alternate_names/new
   # GET /alternate_names/new.json
   def new
@@ -45,7 +34,7 @@ class AlternateNamesController < ApplicationController
   # POST /alternate_names.json
   def create
     params[:alternate_name][:creator_id] = current_member.id
-    @alternate_name = AlternateName.new(params[:alternate_name])
+    @alternate_name = AlternateName.new(alternate_name_params)
 
     respond_to do |format|
       if @alternate_name.save
@@ -64,7 +53,7 @@ class AlternateNamesController < ApplicationController
     @alternate_name = AlternateName.find(params[:id])
 
     respond_to do |format|
-      if @alternate_name.update_attributes(params[:alternate_name])
+      if @alternate_name.update(alternate_name_params)
         format.html { redirect_to @alternate_name.crop, notice: 'Alternate name was successfully updated.' }
         format.json { head :no_content }
       else
@@ -88,4 +77,10 @@ class AlternateNamesController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def alternate_name_params
+    params.require(:alternate_name).permit(:crop_id, :name, :creator_id)
+  end
 end

app/controllers/api/v1/crops_controller.rb

@@ -1,13 +0,0 @@
-class Api::V1::CropsController < ApplicationController
-
-  # GET /api/v1/crops
-  def index
-    @crops = Crop.all
-  end
-
-  # GET /crops/1
-  def show
-    @crop = Crop.find(params[:id])
-  end
-
-end

app/controllers/application_controller.rb

@@ -14,7 +14,7 @@ class ApplicationController < ActionController::Base
         request.path != "/members/confirmation" &&
         request.path != "/members/sign_out" &&
         !request.xhr?)
-        store_location_for(:member, request.fullpath)
+      store_location_for(:member, request.fullpath)
     end
   end
 
@@ -22,6 +22,10 @@ class ApplicationController < ActionController::Base
     stored_location_for(:member) || root_path
   end
 
+  def after_sign_out_path_for(resource_or_scope)
+    request.referrer
+  end
+
   # tweak CanCan defaults because we don't have a "current_user" method
   # this means that we use current_user in specs but current_member everywhere
   # else in the code.
@@ -31,9 +35,9 @@ class ApplicationController < ActionController::Base
 
   # CanCan error handling
   rescue_from CanCan::AccessDenied do |exception|
-    redirect_to request.referer || root_url, :alert => exception.message
+    redirect_to request.referer || root_url, alert: exception.message
   end
-   
+
   def set_locale
     I18n.locale = params[:locale] || extract_locale_from_subdomain || I18n.default_locale
   end
@@ -43,4 +47,35 @@ class ApplicationController < ActionController::Base
     I18n.available_locales.map(&:to_s).include?(parsed_locale) ? parsed_locale : nil
   end
 
+  before_action :configure_permitted_parameters, if: :devise_controller?
+
+  protected
+
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_up) do |member|
+      member.permit(:login_name, :email, :password, :password_confirmation,
+        :remember_me, :login,
+        # terms of service
+        :tos_agreement,
+        # profile stuff
+        :bio, :location, :latitude, :longitude,
+        # email settings
+        :show_email, :newsletter, :send_notification_email, :send_planting_reminder
+      )
+    end
+
+    devise_parameter_sanitizer.permit(:account_update) do |member|
+      member.permit(:login_name, :email, :password, :password_confirmation,
+        :remember_me, :login,
+        # terms of service
+        :tos_agreement,
+        # profile stuff
+        :bio, :location, :latitude, :longitude,
+        # email settings
+        :show_email, :newsletter, :send_notification_email, :send_planting_reminder,
+        # update password
+        :current_password
+      )
+    end
+  end
 end

app/controllers/authentications_controller.rb

@@ -2,37 +2,24 @@ class AuthenticationsController < ApplicationController
   before_filter :authenticate_member!
   load_and_authorize_resource
 
-  # GET /authentications
-  def index
-    @authentications = current_member.authentications if member_signed_in?
-
-    respond_to do |format|
-      format.html # index.html.erb
-    end
-  end
-
   # POST /authentications
   def create
     auth = request.env['omniauth.auth']
     @authentication = nil
     if auth
+      name = Growstuff::OauthSignupAction.new.determine_name(auth)
 
-      name = ''
-      case auth['provider']
-      when 'twitter'
-        name = auth['info']['nickname']
-      when 'flickr'
-        name = auth['info']['name']
-      else
-        name = auth['info']['name']
-      end
+      @authentication = current_member.authentications
+        .create_with(
+          name: name,
+          token: auth['credentials']['token'],
+          secret: auth['credentials']['secret']
+        )
+        .find_or_create_by(
+          provider: auth['provider'],
+          uid: auth['uid'],
+          name: name)
 
-      @authentication = current_member.authentications.find_or_create_by_provider_and_uid(
-        :provider => auth['provider'],
-        :uid => auth['uid'],
-        :name => name,
-        :token => auth['credentials']['token'],
-        :secret => auth['credentials']['secret'])
       flash[:notice] = "Authentication successful."
     else
       flash[:notice] = "Authentication failed."

app/controllers/comments_controller.rb

@@ -1,29 +1,16 @@
 class CommentsController < ApplicationController
-  before_filter :authenticate_member!, :except => [:index, :show]
+  before_filter :authenticate_member!, except: [:index, :show]
   load_and_authorize_resource
 
-  cache_sweeper :comment_sweeper
-
   # GET /comments
   # GET /comments.json
   def index
-    @comments = Comment.paginate(:page => params[:page])
+    @comments = Comment.paginate(page: params[:page])
 
     respond_to do |format|
       format.html # index.html.erb
       format.json { render json: @comments }
-      format.rss { render :layout => false }
-    end
-  end
-
-  # GET /comments/1
-  # GET /comments/1.json
-  def show
-    @comment = Comment.find(params[:id])
-
-    respond_to do |format|
-      format.html # show.html.erb
-      format.json { render json: @comment }
+      format.rss { render layout: false }
     end
   end
 
@@ -41,7 +28,7 @@ class CommentsController < ApplicationController
       end
     else
       redirect_to request.referer || root_url,
-        :alert => "Can't post a comment on a non-existent post"
+        alert: "Can't post a comment on a non-existent post"
     end
   end
 
@@ -55,11 +42,11 @@ class CommentsController < ApplicationController
   # POST /comments.json
   def create
     params[:comment][:author_id] = current_member.id
-    @comment = Comment.new(params[:comment])
+    @comment = Comment.new(comment_params)
 
     respond_to do |format|
       if @comment.save
-        format.html { redirect_to @comment.post, notice: 'Comment was successfully created.' }
+        format.html { redirect_to @comment.post, notice: "Comment was successfully created." }
         format.json { render json: @comment, status: :created, location: @comment }
       else
         format.html { render action: "new" }
@@ -79,7 +66,7 @@ class CommentsController < ApplicationController
     params[:comment].delete("author_id")
 
     respond_to do |format|
-      if @comment.update_attributes(params[:comment])
+      if @comment.update(comment_params)
         format.html { redirect_to @comment.post, notice: 'Comment was successfully updated.' }
         format.json { head :no_content }
       else
@@ -101,4 +88,10 @@ class CommentsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def comment_params
+    params.require(:comment).permit(:author_id, :body, :post_id)
+  end
 end

app/controllers/crops_controller.rb

@@ -1,9 +1,9 @@
-class CropsController < ApplicationController
-  before_filter :authenticate_member!, :except => [:index, :hierarchy, :search, :show]
-  load_and_authorize_resource
-  skip_authorize_resource :only => [:hierarchy, :search]
+require 'will_paginate/array'
 
-  cache_sweeper :crop_sweeper
+class CropsController < ApplicationController
+  before_filter :authenticate_member!, except: [:index, :hierarchy, :search, :show]
+  load_and_authorize_resource
+  skip_authorize_resource only: [:hierarchy, :search]
 
   # GET /crops
   # GET /crops.json
@@ -11,30 +11,43 @@ class CropsController < ApplicationController
     @sort = params[:sort]
     if @sort == 'alpha'
       # alphabetical order
-      @crops = Crop.includes(:scientific_names, {:plantings => :photos}).paginate(:page => params[:page])
+      @crops = Crop.includes(:scientific_names, { plantings: :photos })
+      @paginated_crops = @crops.approved.paginate(page: params[:page])
     else
       # default to sorting by popularity
-      @crops = Crop.popular.includes(:scientific_names, {:plantings => :photos}).paginate(:page => params[:page])
+      @crops = Crop.popular.includes(:scientific_names, { plantings: :photos })
+      @paginated_crops = @crops.approved.paginate(page: params[:page])
     end
 
     respond_to do |format|
       format.html
-      format.json { render :json => @crops }
+      format.json { render json: @crops }
       format.rss do
         @crops = Crop.recent.includes(:scientific_names, :creator)
-        render :rss => @crops
+        render rss: @crops
       end
       format.csv do
         @filename = "Growstuff-Crops-#{Time.zone.now.to_s(:number)}.csv"
         @crops = Crop.includes(:scientific_names, :plantings, :seeds, :creator)
-        render :csv => @crops
+        render csv: @crops
       end
     end
   end
 
   # GET /crops/wrangle
   def wrangle
-    @crops = Crop.recent.paginate(:page => params[:page])
+    @approval_status = params[:approval_status]
+    @crops = case @approval_status
+             when "pending"
+               Crop.pending_approval
+             when "rejected"
+               Crop.rejected
+             else
+               Crop.recent
+             end
+
+    @crops = @crops.paginate(page: params[:page])
+
     @crop_wranglers = Role.crop_wranglers
     respond_to do |format|
       format.html
@@ -51,33 +64,36 @@ class CropsController < ApplicationController
 
   # GET /crops/search
   def search
-    @search = params[:search]
-    @exact_match = Crop.find_by_name(params[:search])
-
-    @partial_matches = Crop.search(params[:search])
-    # exclude exact match from partial match list
-    @partial_matches.reject!{ |r| @exact_match && r.eql?(@exact_match) }
-
-    @fuzzy = Crop.search(params[:term])
+    @term = params[:term]
+    @matches = Crop.search(@term)
+    @paginated_matches = @matches.paginate(page: params[:page])
 
     respond_to do |format|
       format.html
-      format.json { render :json => @fuzzy }
+      format.json { render json: @matches }
     end
   end
 
   # GET /crops/1
   # GET /crops/1.json
   def show
-    @crop = Crop.includes(:scientific_names, {:plantings => :photos}).find(params[:id])
-    @posts = @crop.posts.paginate(:page => params[:page])
+    @crop = Crop.includes(:scientific_names, { plantings: :photos }).find(params[:id])
+    @posts = @crop.posts.paginate(page: params[:page])
 
     respond_to do |format|
       format.html # show.html.haml
       format.json do
-        render :json => @crop.to_json(:include => {
-          :plantings => { :include => { :owner => { :only => [:id, :login_name, :location, :latitude, :longitude] }}}
-        })
+        # TODO RABL or similar one day to avoid presentation logic here
+        owner_structure = {
+          owner: {
+            only: [:id, :login_name, :location, :latitude, :longitude]
+          }
+        }
+        render json: @crop.to_json(include: {
+                                     plantings: {
+                                       include: owner_structure
+                                     }
+                                   })
       end
     end
   end
@@ -86,9 +102,9 @@ class CropsController < ApplicationController
   # GET /crops/new.json
   def new
     @crop = Crop.new
-    3.times do
-      @crop.scientific_names.build
-    end
+    @crop.alternate_names.build
+    @crop.scientific_names.build
+
     respond_to do |format|
       format.html # new.html.haml
       format.json { render json: @crop }
@@ -98,17 +114,39 @@ class CropsController < ApplicationController
   # GET /crops/1/edit
   def edit
     @crop = Crop.find(params[:id])
+    @crop.alternate_names.build if @crop.alternate_names.blank?
+    @crop.scientific_names.build if @crop.scientific_names.blank?
   end
 
   # POST /crops
   # POST /crops.json
   def create
-    params[:crop][:creator_id] = current_member.id
-    @crop = Crop.new(params[:crop])
+    @crop = Crop.new(crop_params)
+
+    if current_member.has_role? :crop_wrangler
+      @crop.creator = current_member
+      success_msg = "Crop was successfully created."
+    else
+      @crop.requester = current_member
+      @crop.approval_status = "pending"
+      success_msg = "Crop was successfully requested."
+    end
 
     respond_to do |format|
       if @crop.save
-        format.html { redirect_to @crop, notice: 'Crop was successfully created.' }
+        params[:alt_name].each do |index, value|
+          create_name('alternate', value)
+        end
+        params[:sci_name].each do |index, value|
+          create_name('scientific', value)
+        end
+        unless current_member.has_role? :crop_wrangler
+          Role.crop_wranglers.each do |w|
+            Notifier.new_crop_request(w, @crop).deliver_later!
+          end
+        end
+
+        format.html { redirect_to @crop, notice: success_msg }
         format.json { render json: @crop, status: :created, location: @crop }
       else
         format.html { render action: "new" }
@@ -122,8 +160,21 @@ class CropsController < ApplicationController
   def update
     @crop = Crop.find(params[:id])
 
+    previous_status = @crop.approval_status
+
+    @crop.creator = current_member if previous_status == "pending"
+
     respond_to do |format|
-      if @crop.update_attributes(params[:crop])
+      if @crop.update(crop_params)
+        recreate_names('alt_name', 'alternate')
+        recreate_names('sci_name', 'scientific')
+
+        if previous_status == "pending"
+          requester = @crop.requester
+          new_status = @crop.approval_status
+          Notifier.crop_request_approved(requester, @crop).deliver_later! if new_status == "approved"
+          Notifier.crop_request_rejected(requester, @crop).deliver_later! if new_status == "rejected"
+        end
         format.html { redirect_to @crop, notice: 'Crop was successfully updated.' }
         format.json { head :no_content }
       else
@@ -144,4 +195,37 @@ class CropsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def recreate_names(param_name, name_type)
+    return unless params[param_name].present?
+    destroy_names(name_type)
+    params[param_name].each do |index, value|
+      create_name(name_type, value)
+    end
+  end
+
+  def destroy_names(name_type)
+    @crop.send("#{name_type}_names").each do |alt_name|
+      alt_name.destroy
+    end
+  end
+
+  def create_name(name_type, value)
+    @crop.send("#{name_type}_names").create(name: value, creator_id: current_member.id)
+  end
+
+  def crop_params
+    params.require(:crop).permit(:en_wikipedia_url,
+      :name,
+      :parent_id,
+      :creator_id,
+      :approval_status,
+      :request_notes,
+      :reason_for_rejection,
+      :rejection_notes, scientific_names_attributes: [:scientific_name,
+                                                      :_destroy,
+                                                      :id])
+  end
 end

app/controllers/follows_controller.rb

@@ -1,11 +1,14 @@
 class FollowsController < ApplicationController
+  before_filter :authenticate_member!
+  load_and_authorize_resource
+  skip_load_resource only: :create
 
   # POST /follows
   def create
-    @follow = current_member.follows.build(:followed_id => params[:followed_id])
+    @follow = current_member.follows.build(followed_id: follow_params[:followed_id])
 
     if @follow.save
-      flash[:notice] = "Followed #{ @follow.followed.login_name }"
+      flash[:notice] = "Followed #{@follow.followed.login_name}"
       redirect_to :back
     else
       flash[:error] = "Already following or error while following."
@@ -15,11 +18,17 @@ class FollowsController < ApplicationController
 
   # DELETE /follows/1
   def destroy
-    @follow = current_member.follows.find(params[:id])
+    @follow = current_member.follows.find(follow_params[:id])
     unfollowed_name = @follow.followed.login_name
     @follow.destroy
 
-    flash[:notice] = "Unfollowed #{ unfollowed_name }"
+    flash[:notice] = "Unfollowed #{unfollowed_name}"
     redirect_to root_path
   end
+
+  private
+
+  def follow_params
+    params.permit(:id, :followed_id, :follower_id, :authenticity_token, :_method)
+  end
 end

app/controllers/forums_controller.rb

@@ -1,8 +1,6 @@
 class ForumsController < ApplicationController
   load_and_authorize_resource
 
-  cache_sweeper :forum_sweeper
-
   # GET /forums
   # GET /forums.json
   def index
@@ -44,7 +42,7 @@ class ForumsController < ApplicationController
   # POST /forums
   # POST /forums.json
   def create
-    @forum = Forum.new(params[:forum])
+    @forum = Forum.new(forum_params)
 
     respond_to do |format|
       if @forum.save
@@ -63,7 +61,7 @@ class ForumsController < ApplicationController
     @forum = Forum.find(params[:id])
 
     respond_to do |format|
-      if @forum.update_attributes(params[:forum])
+      if @forum.update(forum_params)
         format.html { redirect_to @forum, notice: 'Forum was successfully updated.' }
         format.json { head :no_content }
       else
@@ -84,4 +82,10 @@ class ForumsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def forum_params
+    params.require(:forum).permit(:description, :name, :owner_id, :slug)
+  end
 end

app/controllers/gardens_controller.rb

@@ -1,16 +1,14 @@
 class GardensController < ApplicationController
-  before_filter :authenticate_member!, :except => [:index, :show]
+  before_filter :authenticate_member!, except: [:index, :show]
   load_and_authorize_resource
-  
-  cache_sweeper :garden_sweeper
 
   # GET /gardens
   # GET /gardens.json
   def index
-    @gardens = Garden.paginate(:page => params[:page])
+    @gardens = Garden.paginate(page: params[:page])
     @owner = Member.find_by_slug(params[:owner])
     if @owner
-      @gardens = @owner.gardens.paginate(:page => params[:page])
+      @gardens = @owner.gardens.paginate(page: params[:page])
     end
 
     respond_to do |format|
@@ -50,12 +48,13 @@ class GardensController < ApplicationController
   # POST /gardens.json
   def create
     params[:garden][:owner_id] = current_member.id
-    @garden = Garden.new(params[:garden])
+    @garden = Garden.new(garden_params)
 
     respond_to do |format|
       if @garden.save
         format.html { redirect_to @garden, notice: 'Garden was successfully created.' }
         format.json { render json: @garden, status: :created, location: @garden }
+        expire_fragment("homepage_stats")
       else
         format.html { render action: "new" }
         format.json { render json: @garden.errors, status: :unprocessable_entity }
@@ -69,7 +68,7 @@ class GardensController < ApplicationController
     @garden = Garden.find(params[:id])
 
     respond_to do |format|
-      if @garden.update_attributes(params[:garden])
+      if @garden.update(garden_params)
         format.html { redirect_to @garden, notice: 'Garden was successfully updated.' }
         format.json { head :no_content }
       else
@@ -84,10 +83,20 @@ class GardensController < ApplicationController
   def destroy
     @garden = Garden.find(params[:id])
     @garden.destroy
+    expire_fragment("homepage_stats")
 
     respond_to do |format|
-      format.html { redirect_to gardens_by_owner_path(:owner => @garden.owner), notice: 'Garden was successfully deleted.' }
+      format.html do
+        redirect_to gardens_by_owner_path(owner: @garden.owner), notice: 'Garden was successfully deleted.'
+      end
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def garden_params
+    params.require(:garden).permit(:name, :slug, :owner_id, :description, :active,
+      :location, :latitude, :longitude, :area, :area_unit)
+  end
 end

app/controllers/harvests_controller.rb

@@ -1,50 +1,38 @@
 class HarvestsController < ApplicationController
-  before_filter :authenticate_member!, :except => [:index, :show]
+  before_filter :authenticate_member!, except: [:index, :show]
   load_and_authorize_resource
-  
 
   # GET /harvests
   # GET /harvests.json
   def index
     @owner = Member.find_by_slug(params[:owner])
     @crop = Crop.find_by_slug(params[:crop])
-    if @owner
-      @harvests = @owner.harvests.includes(:owner, :crop)
-    elsif @crop
-      @harvests = @crop.harvests.includes(:owner, :crop)
-    else
-      @harvests = Harvest.includes(:owner, :crop)
-    end
+    @harvests = if @owner
+                  @owner.harvests.includes(:owner, :crop)
+                elsif @crop
+                  @crop.harvests.includes(:owner, :crop)
+                else
+                  Harvest.includes(:owner, :crop)
+                end
 
     respond_to do |format|
-      format.html { @harvests = @harvests.paginate(:page => params[:page]) }
+      format.html { @harvests = @harvests.paginate(page: params[:page]) }
       format.json { render json: @harvests }
       format.csv do
-        specifics = (@owner ? "#{@owner.name}-" : @crop ? "#{@crop.name}-" : nil)
+        specifics = (@owner ? "#{@owner.login_name}-" : @crop ? "#{@crop.name}-" : nil)
         @filename = "Growstuff-#{specifics}Harvests-#{Time.zone.now.to_s(:number)}.csv"
-        render :csv => @harvests
+        render csv: @harvests
       end
     end
   end
 
-  # GET /harvests/1
-  # GET /harvests/1.json
-  def show
-    @harvest = Harvest.find(params[:id])
-
-    respond_to do |format|
-      format.html # show.html.erb
-      format.json { render json: @harvest }
-    end
-  end
-
   # GET /harvests/new
   # GET /harvests/new.json
   def new
     @harvest = Harvest.new('harvested_at' => Date.today)
 
     # using find_by_id here because it returns nil, unlike find
-    @crop     = Crop.find_by_id(params[:crop_id]) || Crop.new
+    @crop = Crop.find_by_id(params[:crop_id]) || Crop.new
 
     respond_to do |format|
       format.html # new.html.erb
@@ -62,7 +50,7 @@ class HarvestsController < ApplicationController
   def create
     params[:harvest][:owner_id] = current_member.id
     params[:harvested_at] = parse_date(params[:harvested_at])
-    @harvest = Harvest.new(params[:harvest])
+    @harvest = Harvest.new(harvest_params)
 
     respond_to do |format|
       if @harvest.save
@@ -81,7 +69,7 @@ class HarvestsController < ApplicationController
     @harvest = Harvest.find(params[:id])
 
     respond_to do |format|
-      if @harvest.update_attributes(params[:harvest])
+      if @harvest.update(harvest_params)
         format.html { redirect_to @harvest, notice: 'Harvest was successfully updated.' }
         format.json { head :no_content }
       else
@@ -102,4 +90,11 @@ class HarvestsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def harvest_params
+    params.require(:harvest).permit(:crop_id, :harvested_at, :description, :owner_id,
+      :quantity, :unit, :weight_quantity, :weight_unit, :plant_part_id, :slug, :si_weight)
+  end
 end

app/controllers/home_controller.rb

@@ -2,7 +2,6 @@ class HomeController < ApplicationController
   skip_authorize_resource
 
   def index
-
     # we were previously generating a lot of instance variables like
     # @members_count and @interesting_crops in here, but now we call
     # the relevant class methods directly in the view, so that fragment
@@ -12,5 +11,4 @@ class HomeController < ApplicationController
       format.html # index.html.haml
     end
   end
-
 end

app/controllers/members_controller.rb

@@ -1,47 +1,105 @@
 class MembersController < ApplicationController
   load_and_authorize_resource
 
-  cache_sweeper :member_sweeper
+  skip_authorize_resource only: [:nearby, :unsubscribe, :finish_signup]
 
-  skip_authorize_resource :only => :nearby
+  after_action :expire_cache_fragments, only: :create
 
   def index
-    @members = Member.confirmed.paginate(:page => params[:page])
+    @sort = params[:sort]
+    @members = if @sort == 'recently_joined'
+                 Member.confirmed.recently_joined.paginate(page: params[:page])
+               else
+                 Member.confirmed.paginate(page: params[:page])
+               end
 
     respond_to do |format|
       format.html # index.html.haml
-      format.json { render :json => @members.to_json(:only => [:id, :login_name, :slug, :bio, :created_at, :location, :latitude, :longitude]) }
+      format.json {
+        render json: @members.to_json(only: [
+                                        :id, :login_name, :slug, :bio, :created_at, :location, :latitude, :longitude
+                                      ])
+      }
     end
   end
 
   def show
-    @member       = Member.confirmed.find(params[:id])
-    @twitter_auth = @member.auth('twitter')
-    @flickr_auth  = @member.auth('flickr')
-    @posts        = @member.posts
+    @member        = Member.confirmed.find(params[:id])
+    @twitter_auth  = @member.auth('twitter')
+    @flickr_auth   = @member.auth('flickr')
+    @facebook_auth = @member.auth('facebook')
+    @posts         = @member.posts
     # The garden form partial is called from the "New Garden" tab;
     # it requires a garden to be passed in @garden.
     # The new garden is not persisted unless Garden#save is called.
     @garden = Garden.new
-    
+
     respond_to do |format|
       format.html # show.html.haml
-      format.json { render :json => @member.to_json(:only => [:id, :login_name, :bio, :created_at, :slug, :location, :latitude, :longitude]) }
+      format.json {
+        render json: @member.to_json(only: [
+                                       :id, :login_name, :bio, :created_at, :slug, :location, :latitude, :longitude
+                                     ])
+      }
       format.rss { render(
-        :layout => false,
-        :locals => { :member => @member }
+        layout: false,
+        locals: { member: @member }
       )}
     end
   end
 
   def view_follows
     @member = Member.confirmed.find(params[:login_name])
-    @follows = @member.followed.paginate(:page => params[:page])
+    @follows = @member.followed.paginate(page: params[:page])
   end
 
   def view_followers
     @member = Member.confirmed.find(params[:login_name])
-    @followers = @member.followers.paginate(:page => params[:page])
+    @followers = @member.followers.paginate(page: params[:page])
   end
 
+  EMAIL_TYPE_STRING = {
+    send_notification_email: "direct message notifications",
+    send_planting_reminder: "planting reminders"
+  }
+
+  def unsubscribe
+    begin
+      verifier = ActiveSupport::MessageVerifier.new(ENV['RAILS_SECRET_TOKEN'])
+      decrypted_message = verifier.verify(params[:message])
+
+      @member = Member.find(decrypted_message[:member_id])
+      @type = decrypted_message[:type]
+      @member.update(@type => false)
+
+      flash.now[:notice] = "You have been unsubscribed from #{EMAIL_TYPE_STRING[@type]} emails."
+
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      flash.now[:alert] = "We're sorry, there was an error updating your settings."
+    end
+  end
+
+  def finish_signup
+    @member = current_member
+    if request.patch? && params[:member]
+      if @member.update(member_params)
+        @member.skip_reconfirmation!
+        bypass_sign_in(@member)
+        redirect_to root_path, notice: 'Welcome.'
+      else
+        flash[:alert] = 'Failed to complete signup'
+        @show_errors = true
+      end
+    end
+  end
+
+  private
+
+  def expire_cache_fragments
+    expire_fragment("homepage_stats")
+  end
+
+  def member_params
+    params.require(:member).permit(:login_name, :tos_agreement, :email, :newsletter)
+  end
 end

app/controllers/notifications_controller.rb

@@ -5,7 +5,7 @@ class NotificationsController < ApplicationController
 
   # GET /notifications
   def index
-    @notifications = Notification.find_all_by_recipient_id(current_member)
+    @notifications = Notification.where(recipient_id: current_member).page(params[:page])
 
     respond_to do |format|
       format.html # index.html.erb
@@ -36,6 +36,22 @@ class NotificationsController < ApplicationController
     end
   end
 
+  # GET /notifications/1/reply
+  def reply
+    @notification = Notification.new
+    @sender_notification = Notification.find(params[:id])
+    @sender_notification.read = true
+    @sender_notification.save
+    @recipient = @sender_notification.sender
+    @subject   = @sender_notification.subject =~ /^Re: / ?
+      @sender_notification.subject :
+      "Re: " + @sender_notification.subject
+
+    respond_to do |format|
+      format.html # reply.html.haml
+    end
+  end
+
   # DELETE /notifications/1
   def destroy
     @notification = Notification.find(params[:id])
@@ -49,7 +65,7 @@ class NotificationsController < ApplicationController
   # POST /notifications
   def create
     params[:notification][:sender_id] = current_member.id
-    @notification = Notification.new(params[:notification])
+    @notification = Notification.new(notification_params)
     @recipient = Member.find_by_id(params[:notification][:recipient_id])
 
     respond_to do |format|
@@ -60,4 +76,10 @@ class NotificationsController < ApplicationController
       end
     end
   end
+
+  private
+
+  def notification_params
+    params.require(:notification).permit(:sender_id, :recipient_id, :subject, :body, :post_id, :read)
+  end
 end

app/controllers/omniauth_callbacks_controller.rb

@@ -0,0 +1,52 @@
+require './lib/actions/oauth_signup_action'
+
+#
+# Handle signup or signin
+# from various oauth providers
+#
+# Heavily overlaps with Authentications controller
+#
+class OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  def facebook
+    create
+  end
+
+  def failure
+    flash[:alert] = "Authentication failed."
+    redirect_to request.env['omniauth.origin'] || "/"
+  end
+
+  private
+
+  def create
+    auth = request.env['omniauth.auth']
+    action = Growstuff::OauthSignupAction.new
+
+    @authentication = nil
+    if auth
+      member = action.find_or_create_from_authorization(auth)
+      @authentication = action.establish_authentication(auth, member)
+
+      unless action.member_created?
+        sign_in_and_redirect member, event: :authentication # this will throw if @user is not activated
+        set_flash_message(:notice, :success, kind: auth['provider']) if is_navigational_format?
+      else
+        raise "Invalid provider" unless ['facebook', 'twitter', 'flickr'].index(auth['provider'].to_s)
+
+        session["devise.#{auth['provider']}_data"] = request.env["omniauth.auth"]
+        sign_in member
+        redirect_to finish_signup_url(member)
+      end
+    else
+      redirect_to request.env['omniauth.origin'] || edit_member_registration_path
+    end
+  end
+
+  def after_sign_in_path_for(resource)
+    if resource.tos_agreement
+      super resource
+    else
+      finish_signup_path(resource)
+    end
+  end
+end

app/controllers/order_items_controller.rb

@@ -7,8 +7,8 @@ class OrderItemsController < ApplicationController
     if params[:order_item][:price]
       params[:order_item][:price] = params[:order_item][:price].to_f * 100 # convert to cents
     end
-    @order_item = OrderItem.new(params[:order_item])
-    @order_item.order = current_member.current_order || Order.create(:member_id => current_member.id)
+    @order_item = OrderItem.new(order_item_params)
+    @order_item.order = current_member.current_order || Order.create(member_id: current_member.id)
 
     respond_to do |format|
       if @order_item.save
@@ -20,4 +20,10 @@ class OrderItemsController < ApplicationController
       end
     end
   end
+
+  private
+
+  def order_item_params
+    params.require(:order_item).permit(:order_id, :price, :product_id, :quantity)
+  end
 end

app/controllers/orders_controller.rb

@@ -4,7 +4,7 @@ class OrdersController < ApplicationController
 
   # GET /orders
   def index
-    @orders = Order.find_all_by_member_id(current_member.id)
+    @orders = Order.where(member_id: current_member.id)
 
     respond_to do |format|
       format.html # index.html.erb
@@ -34,22 +34,21 @@ class OrdersController < ApplicationController
     @order = Order.find(params[:id])
 
     respond_to do |format|
-      if @order.update_attributes(:referral_code => params[:referral_code])
+      if @order.update_attributes(referral_code: params[:referral_code])
         response = EXPRESS_GATEWAY.setup_purchase(
           @order.total,
-          :items             => @order.activemerchant_items,
-          :currency          => Growstuff::Application.config.currency,
-          :no_shipping       => true,
-          :ip                => request.remote_ip,
-          :return_url        => complete_order_url,
-          :cancel_return_url => shop_url
+          items: @order.activemerchant_items,
+          currency: Growstuff::Application.config.currency,
+          no_shipping: true,
+          ip: request.remote_ip,
+          return_url: complete_order_url,
+          cancel_return_url: shop_url
         )
         format.html { redirect_to EXPRESS_GATEWAY.redirect_url_for(response.token) }
       else
         format.html { render action: "show" }
       end
     end
-
   end
 
   def complete
@@ -58,10 +57,10 @@ class OrdersController < ApplicationController
     if (params[:token] && params['PayerID'])
       purchase = EXPRESS_GATEWAY.purchase(
         @order.total,
-        :currency          => Growstuff::Application.config.currency,
-        :ip       => request.remote_ip,
-        :payer_id => params['PayerID'],
-        :token    => params[:token]
+        currency: Growstuff::Application.config.currency,
+        ip: request.remote_ip,
+        payer_id: params['PayerID'],
+        token: params[:token]
       )
       if purchase.success?
         @order.completed_at = Time.zone.now
@@ -78,7 +77,6 @@ class OrdersController < ApplicationController
     respond_to do |format|
       format.html # new.html.erb
     end
-
   end
 
   def cancel

app/controllers/pages_controller.rb

@@ -0,0 +1,6 @@
+class PagesController < ApplicationController
+  def letsencrypt
+    # use your code here, not mine
+    render text: "y9KNck8wqkoQLnlr2RgA2TVwWtyYb4PeY_hzGNx0Tfs.dlIPqFhMDCLyQEccczY3roHZ1UWu6UqVeyb9mkRxheU"
+  end
+end

app/controllers/passwords_controller.rb

@@ -1,7 +1,7 @@
 class PasswordsController < Devise::PasswordsController
+  protected
 
-protected
   def after_resetting_password_path_for(resource)
     root_path
   end
-end
+end

app/controllers/photos_controller.rb

@@ -1,13 +1,11 @@
 class PhotosController < ApplicationController
-  before_filter :authenticate_member!, :except => [:index, :show]
+  before_action :authenticate_member!, except: [:index, :show]
   load_and_authorize_resource
-  
-  cache_sweeper :photo_sweeper
 
   # GET /photos
   # GET /photos.json
   def index
-    @photos = Photo.paginate(:page => params[:page])
+    @photos = Photo.paginate(page: params[:page])
 
     respond_to do |format|
       format.html # index.html.erb
@@ -15,17 +13,6 @@ class PhotosController < ApplicationController
     end
   end
 
-  # GET /photos/1
-  # GET /photos/1.json
-  def show
-    @photo = Photo.find(params[:id])
-
-    respond_to do |format|
-      format.html # show.html.erb
-      format.json { render json: @photo }
-    end
-  end
-
   # GET /photos/new
   # GET /photos/new.json
   def new
@@ -60,43 +47,12 @@ class PhotosController < ApplicationController
   # POST /photos
   # POST /photos.json
   def create
-    @photo = Photo.find_by_flickr_photo_id(params[:photo][:flickr_photo_id]) ||
-      Photo.new(params[:photo])
-    @photo.owner_id = current_member.id
-    @photo.set_flickr_metadata
+    find_or_create_photo_from_flickr_photo
+    add_photo_to_collection
 
-    # several models can have photos. we need to know what model and the id
-    # for the entry to attach the photo to
-    valid_models = ["planting", "harvest"]
-    if params[:type]
-      if valid_models.include?(params[:type])
-        if params[:id]
-          item = params[:type].camelcase.constantize.find_by_id(params[:id])
-          if item
-            if item.owner.id == current_member.id
-              #  This syntax is weird, so just know that it means this:
-              #  @photo.harvests << item unless @photo.harvests.include?(item)
-              #  but with the correct many-to-many relationship automatically referenced
-              (@photo.send "#{params[:type]}s") << item unless (@photo.send "#{params[:type]}s").include?(item)
-            else
-              flash[:alert] = "You must own both the #{params[:type]} and the photo."
-            end
-          else
-            flash[:alert] = "Couldn't find #{params[:type]} to connect to photo."
-          end
-        else
-          flash[:alert] = "Missing id parameter"
-        end
-      else
-        flash[:alert] = "Cannot attach photos to #{params[:type]}"
-      end
-    else    
-      flash[:alert] = "Missing type parameter"
-    end
-  
     respond_to do |format|
-      if @photo.save
-        format.html { redirect_to @photo, notice: 'Photo was successfully added.' }
+      if @photo.present? && @photo.save
+        format.html { redirect_to photo_path(@photo), notice: 'Photo was successfully added.' }
         format.json { render json: @photo, status: :created, location: @photo }
       else
         format.html { render action: "new" }
@@ -111,7 +67,7 @@ class PhotosController < ApplicationController
     @photo = Photo.find(params[:id])
 
     respond_to do |format|
-      if @photo.update_attributes(params[:photo])
+      if @photo.update(photo_params)
         format.html { redirect_to @photo, notice: 'Photo was successfully updated.' }
         format.json { head :no_content }
       else
@@ -126,10 +82,67 @@ class PhotosController < ApplicationController
   def destroy
     @photo = Photo.find(params[:id])
     @photo.destroy
+    flash[:alert] = "Photo successfully deleted."
 
     respond_to do |format|
       format.html { redirect_to photos_url }
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def item_id?
+    params.key? :id
+  end
+
+  def flickr_photo_id_param
+    params[:photo][:flickr_photo_id]
+  end
+
+  def photo_params
+    params.require(:photo).permit(:flickr_photo_id, :owner_id, :title, :license_name,
+      :license_url, :thumbnail_url, :fullsize_url, :link_url)
+  end
+
+  def find_or_create_photo_from_flickr_photo
+    @photo = Photo.find_by(flickr_photo_id: flickr_photo_id_param)
+    @photo = Photo.new(photo_params) unless @photo
+    @photo.owner_id = current_member.id
+    @photo.set_flickr_metadata
+    @photo
+  end
+
+  def which_collection?
+    case params[:type]
+    when "garden" then @photo.gardens
+    when "harvest" then @photo.harvests
+    when "planting" then @photo.plantings
+    else raise "Invalid type"
+    end
+  end
+
+  def add_photo_to_collection
+    collection = which_collection?
+
+    unless collection && item_id?
+      flash[:alert] = "Missing or invalid type or id parameter"
+      return
+    end
+
+    item = find_item_for_photo!
+    collection << item unless collection.include?(item)
+  rescue
+    flash[:alert] = "Could not find this item owned by you"
+  end
+
+  def find_item_for_photo!
+    item_class = case params[:type]
+                 when "garden" then Garden
+                 when "harvest" then Harvest
+                 when "planting" then Planting
+                 else raise "Invalid type"
+                 end
+    item_class.find_by!(id: params[:id], owner_id: current_member.id)
+  end
 end

app/controllers/places_controller.rb

@@ -5,7 +5,11 @@ class PlacesController < ApplicationController
     respond_to do |format|
       format.html
       # json response is whatever we want to map here
-      format.json { render :json => Member.located.to_json(:only => [:id, :login_name, :slug, :location, :latitude, :longitude]) }
+      format.json do
+        render json: Member.located.to_json(only: [
+                                              :id, :login_name, :slug, :location, :latitude, :longitude
+                                            ])
+      end
     end
   end
 
@@ -16,16 +20,27 @@ class PlacesController < ApplicationController
     @nearby_members = Member.nearest_to(params[:place])
     respond_to do |format|
       format.html # show.html.haml
-      format.json { render :json => @nearby_members.to_json(:only => [:id, :login_name, :slug, :location, :latitude, :longitude]) }
-    end
-  end
-
-  def search
-    respond_to do |format|
-      format.html do
-        redirect_to place_path(params[:new_place])
+      format.json do
+        render json: @nearby_members.to_json(only: [
+                                               :id, :login_name, :slug, :location, :latitude, :longitude
+                                             ])
       end
     end
   end
 
+  def search
+    if params[:new_place].empty?
+      respond_to do |format|
+        format.html do
+          redirect_to places_path, alert: 'Please enter a valid location'
+        end
+      end
+    else
+      respond_to do |format|
+        format.html do
+          redirect_to place_path(params[:new_place])
+        end
+      end
+    end
+  end
 end

app/controllers/plant_parts_controller.rb

@@ -42,7 +42,7 @@ class PlantPartsController < ApplicationController
   # POST /plant_parts
   # POST /plant_parts.json
   def create
-    @plant_part = PlantPart.new(params[:plant_part])
+    @plant_part = PlantPart.new(plant_part_params)
 
     respond_to do |format|
       if @plant_part.save
@@ -61,7 +61,7 @@ class PlantPartsController < ApplicationController
     @plant_part = PlantPart.find(params[:id])
 
     respond_to do |format|
-      if @plant_part.update_attributes(params[:plant_part])
+      if @plant_part.update(plant_part_params)
         format.html { redirect_to @plant_part, notice: 'Plant part was successfully updated.' }
         format.json { head :no_content }
       else
@@ -82,4 +82,10 @@ class PlantPartsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def plant_part_params
+    params.require(:plant_part).permit(:name, :slug)
+  end
 end

app/controllers/plantings_controller.rb

@@ -1,31 +1,28 @@
 class PlantingsController < ApplicationController
-  before_filter :authenticate_member!, :except => [:index, :show]
+  before_filter :authenticate_member!, except: [:index, :show]
   load_and_authorize_resource
-  
-
-  cache_sweeper :planting_sweeper
 
   # GET /plantings
   # GET /plantings.json
   def index
     @owner = Member.find_by_slug(params[:owner])
     @crop = Crop.find_by_slug(params[:crop])
-    if @owner
-      @plantings = @owner.plantings.includes(:owner, :crop, :garden).paginate(:page => params[:page])
-    elsif @crop
-      @plantings = @crop.plantings.includes(:owner, :crop, :garden).paginate(:page => params[:page])
-    else
-      @plantings = Planting.includes(:owner, :crop, :garden).paginate(:page => params[:page])
-    end
+    @plantings = if @owner
+                   @owner.plantings.includes(:owner, :crop, :garden).paginate(page: params[:page])
+                 elsif @crop
+                   @crop.plantings.includes(:owner, :crop, :garden).paginate(page: params[:page])
+                 else
+                   Planting.includes(:owner, :crop, :garden).paginate(page: params[:page])
+                 end
 
     respond_to do |format|
-      format.html { @plantings = @plantings.paginate(:page => params[:page]) }
+      format.html { @plantings = @plantings.paginate(page: params[:page]) }
       format.json { render json: @plantings }
-      format.rss { render :layout => false } #index.rss.builder
+      format.rss { render layout: false } # index.rss.builder
       format.csv do
-        specifics = (@owner ? "#{@owner.name}-" : @crop ? "#{@crop.name}-" : nil)
+        specifics = (@owner ? "#{@owner.login_name}-" : @crop ? "#{@crop.name}-" : nil)
         @filename = "Growstuff-#{specifics}Plantings-#{Time.zone.now.to_s(:number)}.csv"
-        render :csv => @plantings
+        render csv: @plantings
       end
     end
   end
@@ -33,7 +30,7 @@ class PlantingsController < ApplicationController
   # GET /plantings/1
   # GET /plantings/1.json
   def show
-    @planting = Planting.includes(:owner, :crop, :garden, :photos).find(params[:id])
+    @planting = Planting.includes(:owner, :crop, :garden, :photos).friendly.find(params[:id])
 
     respond_to do |format|
       format.html # show.html.erb
@@ -68,14 +65,17 @@ class PlantingsController < ApplicationController
   # POST /plantings
   # POST /plantings.json
   def create
-    params[:planting][:owner_id] = current_member.id
     params[:planted_at] = parse_date(params[:planted_at])
-    @planting = Planting.new(params[:planting])
+    @planting = Planting.new(planting_params)
+    @planting.owner = current_member
 
     respond_to do |format|
       if @planting.save
+        @planting.update_attribute(:days_before_maturity,
+          update_days_before_maturity(@planting, planting_params[:crop_id]))
         format.html { redirect_to @planting, notice: 'Planting was successfully created.' }
         format.json { render json: @planting, status: :created, location: @planting }
+        expire_fragment("homepage_stats")
       else
         format.html { render action: "new" }
         format.json { render json: @planting.errors, status: :unprocessable_entity }
@@ -90,7 +90,9 @@ class PlantingsController < ApplicationController
     params[:planted_at] = parse_date(params[:planted_at])
 
     respond_to do |format|
-      if @planting.update_attributes(params[:planting])
+      if @planting.update(planting_params)
+        @planting.update_attribute(:days_before_maturity,
+          update_days_before_maturity(@planting, planting_params[:crop_id]))
         format.html { redirect_to @planting, notice: 'Planting was successfully updated.' }
         format.json { head :no_content }
       else
@@ -106,10 +108,27 @@ class PlantingsController < ApplicationController
     @planting = Planting.find(params[:id])
     @garden = @planting.garden
     @planting.destroy
+    expire_fragment("homepage_stats")
 
     respond_to do |format|
       format.html { redirect_to @garden }
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def planting_params
+    params.require(:planting).permit(:crop_id, :description, :garden_id, :planted_at,
+      :quantity, :sunniness, :planted_from, :owner_id, :finished,
+      :finished_at)
+  end
+
+  def update_days_before_maturity(planting, crop_id)
+    if planting.finished_at.nil?
+      planting.calculate_days_before_maturity(planting, crop_id)
+    else
+      (planting.finished_at - planting.planted_at).to_i
+    end
+  end
 end

app/controllers/policy_controller.rb

@@ -1,2 +0,0 @@
-class PolicyController < ApplicationController
-end

app/controllers/posts_controller.rb

@@ -1,38 +1,36 @@
 class PostsController < ApplicationController
-  before_filter :authenticate_member!, :except => [:index, :show]
+  before_filter :authenticate_member!, except: [:index, :show]
   load_and_authorize_resource
 
-  cache_sweeper :post_sweeper
-
   # GET /posts
   # GET /posts.json
 
   def index
     @author = Member.find_by_slug(params[:author])
-    if @author
-      @posts = @author.posts.includes(:author, { :comments => :author }).paginate(:page => params[:page])
-    else
-      @posts = Post.includes(:author, { :comments => :author }).paginate(:page => params[:page])
-    end
+    @posts = if @author
+               @author.posts.includes(:author, { comments: :author }).paginate(page: params[:page])
+             else
+               Post.includes(:author, { comments: :author }).paginate(page: params[:page])
+             end
 
     respond_to do |format|
       format.html # index.html.haml
       format.json { render json: @posts }
-      format.rss { render :layout => false } #index.rss.builder
+      format.rss { render layout: false } # index.rss.builder
     end
   end
 
   # GET /posts/1
   # GET /posts/1.json
   def show
-    @post = Post.includes(:author, { :comments => :author }).find(params[:id])
+    @post = Post.includes(:author, { comments: :author }).find(params[:id])
 
     respond_to do |format|
       format.html # show.html.haml
       format.json { render json: @post }
       format.rss { render(
-        :layout => false,
-        :locals => { :post => @post }
+        layout: false,
+        locals: { post: @post }
       )}
     end
   end
@@ -58,7 +56,7 @@ class PostsController < ApplicationController
   # POST /posts.json
   def create
     params[:post][:author_id] = current_member.id
-    @post = Post.new(params[:post])
+    @post = Post.new(post_params)
 
     respond_to do |format|
       if @post.save
@@ -77,7 +75,7 @@ class PostsController < ApplicationController
     @post = Post.find(params[:id])
 
     respond_to do |format|
-      if @post.update_attributes(params[:post])
+      if @post.update(post_params)
         format.html { redirect_to @post, notice: 'Post was successfully updated.' }
         format.json { head :no_content }
       else
@@ -98,4 +96,10 @@ class PostsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def post_params
+    params.require(:post).permit(:body, :subject, :author_id, :forum_id)
+  end
 end

app/controllers/products_controller.rb

@@ -36,7 +36,7 @@ class ProductsController < ApplicationController
 
   # POST /products
   def create
-    @product = Product.new(params[:product])
+    @product = Product.new(product_params)
 
     respond_to do |format|
       if @product.save
@@ -52,7 +52,7 @@ class ProductsController < ApplicationController
     @product = Product.find(params[:id])
 
     respond_to do |format|
-      if @product.update_attributes(params[:product])
+      if @product.update(product_params)
         format.html { redirect_to @product, notice: 'Product was successfully updated.' }
       else
         format.html { render action: "edit" }
@@ -69,4 +69,11 @@ class ProductsController < ApplicationController
       format.html { redirect_to products_url }
     end
   end
+
+  private
+
+  def product_params
+    params.require(:product).permit(:description, :min_price, :recommended_price, :name,
+      :account_type_id, :paid_months)
+  end
 end

app/controllers/registrations_controller.rb

@@ -1,46 +1,44 @@
 class RegistrationsController < Devise::RegistrationsController
-
-  cache_sweeper :member_sweeper
+  respond_to :json
 
   def edit
-    @twitter_auth = current_member.auth('twitter')
-    @flickr_auth  = current_member.auth('flickr')
+    @twitter_auth  = current_member.auth('twitter')
+    @flickr_auth   = current_member.auth('flickr')
+    @facebook_auth = current_member.auth('facebook')
     render "edit"
   end
 
-# we need this subclassed method so that Devise doesn't force people to
-# change their password every time they want to edit their settings.
-# we also check that they give their current password to change their password.
-# Code copied from
-# https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password
+  # we need this subclassed method so that Devise doesn't force people to
+  # change their password every time they want to edit their settings.
+  # we also check that they give their current password to change their password.
+  # Code copied from
+  # https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-edit-their-account-without-providing-a-password
 
   def update
-
     @member = Member.find(current_member.id)
 
-    successfully_updated = if needs_password?(@member, params)
-      @member.update_with_password(devise_parameter_sanitizer.sanitize(:account_update))
+    if needs_password?(@member, params)
+      successfully_updated = @member.update_with_password(devise_parameter_sanitizer.sanitize(:account_update))
     else
       # remove the virtual current_password attribute
       # update_without_password doesn't know how to ignore it
       params[:member].delete(:current_password)
-      @member.update_without_password(devise_parameter_sanitizer.sanitize(:account_update))
+      successfully_updated = @member.update_without_password(devise_parameter_sanitizer.sanitize(:account_update))
     end
 
     if successfully_updated
       set_flash_message :notice, :updated
       # Sign in the member bypassing validation in case their password changed
-      sign_in @member, :bypass => true
+      sign_in @member, bypass: true
       redirect_to edit_member_registration_path
     else
       render "edit"
     end
-
   end
 end
 
 # check if we need the current password to update fields
 def needs_password?(member, params)
   params[:member][:password].present? ||
-  params[:member][:password_confirmation].present?
+    params[:member][:password_confirmation].present?
 end

app/controllers/robots_controller.rb

@@ -0,0 +1,15 @@
+class RobotsController < ApplicationController
+  DEFAULT_FILENAME = 'config/robots.txt'.freeze
+
+  def robots
+    filename = "config/robots.#{subdomain}.txt" if subdomain && subdomain != 'www'
+    file_to_render = File.exist?(filename.to_s) ? filename : DEFAULT_FILENAME
+    render file: file_to_render, layout: false, content_type: 'text/plain'
+  end
+
+  private
+
+  def subdomain
+    request.subdomain.present? ? request.subdomain : nil
+  end
+end

app/controllers/roles_controller.rb

@@ -1,7 +1,7 @@
 class RolesController < ApplicationController
   before_filter :authenticate_member!
   load_and_authorize_resource
-  
+
   # GET /roles
   def index
     @roles = Role.all
@@ -36,7 +36,7 @@ class RolesController < ApplicationController
 
   # POST /roles
   def create
-    @role = Role.new(params[:role])
+    @role = Role.new(role_params)
 
     respond_to do |format|
       if @role.save
@@ -52,7 +52,7 @@ class RolesController < ApplicationController
     @role = Role.find(params[:id])
 
     respond_to do |format|
-      if @role.update_attributes(params[:role])
+      if @role.update(role_params)
         format.html { redirect_to @role, notice: 'Role was successfully updated.' }
       else
         format.html { render action: "edit" }
@@ -69,4 +69,10 @@ class RolesController < ApplicationController
       format.html { redirect_to roles_url }
     end
   end
+
+  private
+
+  def role_params
+    params.require(:role).permit(:description, :name, :members, :slug)
+  end
 end

app/controllers/scientific_names_controller.rb

@@ -1,9 +1,7 @@
 class ScientificNamesController < ApplicationController
-  before_filter :authenticate_member!, :except => [:index, :show]
+  before_filter :authenticate_member!, except: [:index, :show]
   load_and_authorize_resource
 
-  cache_sweeper :scientific_name_sweeper
-
   # GET /scientific_names
   # GET /scientific_names.json
   def index
@@ -47,7 +45,7 @@ class ScientificNamesController < ApplicationController
   # POST /scientific_names.json
   def create
     params[:scientific_name][:creator_id] = current_member.id
-    @scientific_name = ScientificName.new(params[:scientific_name])
+    @scientific_name = ScientificName.new(scientific_name_params)
 
     respond_to do |format|
       if @scientific_name.save
@@ -66,7 +64,7 @@ class ScientificNamesController < ApplicationController
     @scientific_name = ScientificName.find(params[:id])
 
     respond_to do |format|
-      if @scientific_name.update_attributes(params[:scientific_name])
+      if @scientific_name.update(scientific_name_params)
         format.html { redirect_to @scientific_name.crop, notice: 'Scientific name was successfully updated.' }
         format.json { head :no_content }
       else
@@ -90,4 +88,10 @@ class ScientificNamesController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def scientific_name_params
+    params.require(:scientific_name).permit(:crop_id, :name, :creator_id)
+  end
 end

app/controllers/seeds_controller.rb

@@ -1,26 +1,24 @@
 class SeedsController < ApplicationController
-  before_filter :authenticate_member!, :except => [:index, :show]
+  before_filter :authenticate_member!, except: [:index, :show]
   load_and_authorize_resource
 
-  cache_sweeper :seed_sweeper
-
   # GET /seeds
   # GET /seeds.json
   def index
     @owner = Member.find_by_slug(params[:owner])
     @crop = Crop.find_by_slug(params[:crop])
-    if @owner
-      @seeds = @owner.seeds.includes(:owner, :crop).paginate(:page => params[:page])
-    elsif @crop
-      @seeds = @crop.seeds.includes(:owner, :crop).paginate(:page => params[:page])
-    else
-      @seeds = Seed.includes(:owner, :crop).paginate(:page => params[:page])
-    end
+    @seeds = if @owner
+               @owner.seeds.includes(:owner, :crop).paginate(page: params[:page])
+             elsif @crop
+               @crop.seeds.includes(:owner, :crop).paginate(page: params[:page])
+             else
+               Seed.includes(:owner, :crop).paginate(page: params[:page])
+             end
 
     respond_to do |format|
       format.html # index.html.erb
       format.json { render json: @seeds }
-      format.rss { render :layout => false } #index.rss.builder
+      format.rss { render layout: false } # index.rss.builder
       format.csv do
         if @owner
           @filename = "Growstuff-#{@owner}-Seeds-#{Time.zone.now.to_s(:number)}.csv"
@@ -29,7 +27,7 @@ class SeedsController < ApplicationController
           @filename = "Growstuff-Seeds-#{Time.zone.now.to_s(:number)}.csv"
           @seeds = Seed.includes(:owner, :crop)
         end
-        render :csv => @seeds
+        render csv: @seeds
       end
     end
   end
@@ -51,7 +49,7 @@ class SeedsController < ApplicationController
     @seed = Seed.new
 
     # using find_by_id here because it returns nil, unlike find
-    @crop     = Crop.find_by_id(params[:crop_id])     || Crop.new
+    @crop = Crop.find_by_id(params[:crop_id]) || Crop.new
 
     respond_to do |format|
       format.html # new.html.erb
@@ -68,7 +66,7 @@ class SeedsController < ApplicationController
   # POST /seeds.json
   def create
     params[:seed][:owner_id] = current_member.id
-    @seed = Seed.new(params[:seed])
+    @seed = Seed.new(seed_params)
 
     respond_to do |format|
       if @seed.save
@@ -87,7 +85,7 @@ class SeedsController < ApplicationController
     @seed = Seed.find(params[:id])
 
     respond_to do |format|
-      if @seed.update_attributes(params[:seed])
+      if @seed.update(seed_params)
         format.html { redirect_to @seed, notice: 'Seed was successfully updated.' }
         format.json { head :no_content }
       else
@@ -108,4 +106,13 @@ class SeedsController < ApplicationController
       format.json { head :no_content }
     end
   end
+
+  private
+
+  def seed_params
+    params.require(:seed).permit(
+      :owner_id, :crop_id, :description, :quantity, :plant_before,
+      :days_until_maturity_min, :days_until_maturity_max, :organic, :gmo,
+      :heirloom, :tradable_to, :slug)
+  end
 end

app/controllers/sessions_controller.rb

@@ -0,0 +1,11 @@
+class SessionsController < Devise::SessionsController
+  respond_to :json
+
+  def create
+    super do |resource|
+      if Crop.pending_approval.present? && current_member.has_role?(:crop_wrangler)
+        flash[:alert] = "There are crops waiting to be wrangled."
+      end
+    end
+  end
+end

app/controllers/support_controller.rb

@@ -1,2 +0,0 @@
-class SupportController < ApplicationController
-end

app/helpers/application_helper.rb

@@ -1,5 +1,4 @@
 module ApplicationHelper
-
   def price_in_dollars(price)
     return sprintf('%.2f', price / 100.0)
   end
@@ -7,7 +6,7 @@ module ApplicationHelper
   # 999 cents becomes 9.99 AUD -- for products/orders/etc
   def price_with_currency(price)
     return sprintf('%.2f %s', price / 100.0,
-        Growstuff::Application.config.currency)
+      Growstuff::Application.config.currency)
   end
 
   def parse_date(str)
@@ -19,10 +18,70 @@ module ApplicationHelper
     pid = price_in_dollars(price)
     currency = Growstuff::Application.config.currency
     link = "http://www.wolframalpha.com/input/?i=#{pid}+#{currency}"
-    return link_to "(convert)",
-      link,
-      :target => "_blank"
-  end 
 
+    link_to "(convert)", link, target: "_blank", rel: "noopener noreferrer"
+  end
+
+  def build_alert_classes(alert_type = :info)
+    classes = 'alert alert-dismissable '
+    case alert_type.to_sym
+    when :alert, :danger, :error, :validation_errors
+      classes += 'alert-danger'
+    when :warning, :todo
+      classes += 'alert-warning'
+    when :notice, :success
+      classes += 'alert-success'
+    when :info
+      classes += 'alert-info'
+    end
+    classes
+  end
+
+  # Produces a cache key for uniquely identifying cached fragments.
+  def cache_key_for(klass, identifier = "all")
+    count          = klass.count
+    max_updated_at = klass.maximum(:updated_at).try(:utc).try(:to_s, :number)
+    "#{klass.name.downcase.pluralize}/#{identifier}-#{count}-#{max_updated_at}"
+  end
+
+  def required_field_help_text
+    asterisk = content_tag :span, '*', class: ['red']
+    text = content_tag :em, 'denotes a required field'
+    content_tag :div, asterisk + ' '.html_safe + text, class: ['margin-bottom']
+  end
+
+  #
+  # Returns an image uri for a given member.
+  #
+  # Falls back to Gravatar
+  #
+  def avatar_uri(member, size = 150)
+    if member.preferred_avatar_uri.present?
+      # Some avatars support different sizes
+      # http://graph.facebook.com/12345678/picture?width=150&height=150
+      uri = URI.parse(member.preferred_avatar_uri)
+
+      if uri.host == 'graph.facebook.com'
+        uri.query = "&width=#{size}&height=#{size}"
+      end
+
+      # TODO: Assess twitter - https://dev.twitter.com/overview/general/user-profile-images-and-banners
+      # TODO: Assess flickr  - https://www.flickr.com/services/api/misc.buddyicons.html
+
+      return uri.to_s
+    end
+
+    Gravatar.new(member.email).image_url({
+                                           size: size,
+                                           default: :identicon
+                                         })
+  end
+
+  # Returns a string with the quantity and the right pluralization for a
+  # given collection and model.
+  def localize_plural(collection, model)
+    size       = collection.size
+    model_name = model.model_name.human(count: size)
+    "#{size} #{model_name}"
+  end
 end
-

app/helpers/auto_suggest_helper.rb

@@ -1,6 +1,5 @@
 module AutoSuggestHelper
-
-  def auto_suggest(resource, source, options={})
+  def auto_suggest(resource, source, options = {})
     if options[:default] && !options[:default].new_record?
       default = options[:default]
       default_id = options[:default].try(:id)
@@ -13,10 +12,14 @@ module AutoSuggestHelper
     source_path = Rails.application.routes.url_helpers.send("#{source}s_search_path")
 
     %Q{
-      <input id="#{source}" class="auto-suggest #{options[:class]}" type="text" value="#{default}" data-source-url="#{source_path}", placeholder="e.g. lettuce">
-      <noscript class="text-warning">Warning: Javascript must be available to search and match crops</noscript>
-      <input id="#{resource}_#{source}_id" class="auto-suggest-id" type="hidden" name="#{resource}[#{source}_id]" value="#{default_id}">
+      <input id="#{source}" class="auto-suggest #{options[:class]}"
+        type="text" value="#{default}" data-source-url="#{source_path}",
+        placeholder="e.g. lettuce">
+      <noscript class="text-warning">
+        Warning: Javascript must be available to search and match crops
+      </noscript>
+      <input id="#{resource}_#{source}_id" class="auto-suggest-id"
+        type="hidden" name="#{resource}[#{source}_id]" value="#{default_id}">
     }.html_safe
   end
-
-end
+end

app/helpers/crops_helper.rb

@@ -0,0 +1,21 @@
+module CropsHelper
+  def display_seed_availability(member, crop)
+    total_quantity = 0
+
+    seeds = member.seeds.select { |seed| seed.crop.name == crop.name }
+
+    seeds.each do |seed|
+      total_quantity = total_quantity + seed.quantity if seed.quantity
+    end
+
+    if !seeds.any?
+      return "You don't have any seeds of this crop."
+    end
+
+    if (total_quantity != 0)
+      "You have #{total_quantity} #{Seed.model_name.human(count: total_quantity)} of this crop."
+    else
+      "You have an unknown quantity of seeds of this crop."
+    end
+  end
+end

app/helpers/gardens_helper.rb

@@ -0,0 +1,26 @@
+module GardensHelper
+  def display_garden_description(garden)
+    if garden.description.nil?
+      "no description provided."
+    else
+      truncate(garden.description, length: 130, separator: ' ', omission: '... ') do
+        link_to "Read more", garden_path(garden)
+      end
+    end
+  end
+
+  def display_garden_plantings(plantings)
+    if plantings.blank?
+      "None"
+    else
+      output = ""
+      plantings.first(2).each do |planting|
+        output += "<li>"
+        output += planting.quantity.nil? ? "0 " : "#{planting.quantity} "
+        output += link_to planting.crop.name, planting.crop
+        output += ", planted on #{planting.planted_at}</li>"
+      end
+      output.html_safe
+    end
+  end
+end

app/helpers/harvests_helper.rb

@@ -1,5 +1,4 @@
 module HarvestsHelper
-
   def display_quantity(harvest)
     human_quantity = display_human_quantity(harvest)
     weight = display_weight(harvest)
@@ -16,13 +15,13 @@ module HarvestsHelper
   end
 
   def display_human_quantity(harvest)
-    if ! harvest.quantity.blank? && harvest.quantity > 0
+    if !harvest.quantity.blank? && harvest.quantity > 0
       if harvest.unit == 'individual' # just the number
-        number_to_human(harvest.quantity, :strip_insignificant_zeros => true)
-      elsif ! harvest.unit.blank? # pluralize anything else
-        return pluralize(number_to_human(harvest.quantity, :strip_insignificant_zeros => true), harvest.unit)
+        number_to_human(harvest.quantity, strip_insignificant_zeros: true)
+      elsif !harvest.unit.blank? # pluralize anything else
+        return pluralize(number_to_human(harvest.quantity, strip_insignificant_zeros: true), harvest.unit)
       else
-        return "#{number_to_human(harvest.quantity, :strip_insignificant_zeros => true)} #{harvest.unit}"
+        return "#{number_to_human(harvest.quantity, strip_insignificant_zeros: true)} #{harvest.unit}"
       end
     else
       return nil
@@ -30,11 +29,18 @@ module HarvestsHelper
   end
 
   def display_weight(harvest)
-    if ! harvest.weight_quantity.blank? && harvest.weight_quantity > 0
-      return "#{number_to_human(harvest.weight_quantity, :strip_insignificant_zeros => true)} #{harvest.weight_unit}"
+    if !harvest.weight_quantity.blank? && harvest.weight_quantity > 0
+      return "#{number_to_human(harvest.weight_quantity, strip_insignificant_zeros: true)} #{harvest.weight_unit}"
     else
       return nil
     end
   end
 
+  def display_harvest_description(harvest)
+    if harvest.description.empty?
+      "No description provided."
+    else
+      harvest.description
+    end
+  end
 end

app/helpers/notifications_helper.rb

@@ -2,15 +2,10 @@ module NotificationsHelper
   def reply_link(notification)
     if notification.post
       # comment on the post in question
-      new_comment_url(:post_id => notification.post.id)
+      new_comment_url(post_id: notification.post.id)
     else
       # by default, reply link sends a PM in return
-      new_notification_url(
-        :recipient_id => notification.sender.id,
-        :subject => notification.subject =~ /^Re: / ?
-          notification.subject :
-          "Re: " + notification.subject
-      )
+      reply_notification_url(notification)
     end
   end
 end

app/helpers/plantings_helper.rb

@@ -0,0 +1,43 @@
+module PlantingsHelper
+  def display_days_before_maturity(planting)
+    if planting.finished?
+      0
+    elsif !planting.finished_at.nil?
+      ((p = planting.finished_at - DateTime.now).to_i) <= 0 ? 0 : p.to_i
+    elsif planting.planted_at.nil? || planting.days_before_maturity.nil?
+      "unknown"
+    else
+      ((p = (planting.planted_at + planting.days_before_maturity) - DateTime.now).to_i <= 0) ? 0 : p.to_i
+    end
+  end
+
+  def display_finished(planting)
+    if !planting.finished_at.nil?
+      planting.finished_at
+    elsif planting.finished
+      "Yes (no date specified)"
+    else
+      "(no date specified)"
+    end
+  end
+
+  def display_planted_from(planting)
+    !planting.planted_from.blank? ? planting.planted_from : "not specified"
+  end
+
+  def display_planting_quantity(planting)
+    !planting.quantity.blank? ? planting.quantity : "not specified"
+  end
+
+  def display_planting(planting)
+    if planting.quantity.to_i > 0 && planting.planted_from.present?
+      return "#{planting.owner} planted #{pluralize(planting.quantity, planting.planted_from)}."
+    elsif planting.quantity.to_i > 0
+      return "#{planting.owner} planted #{pluralize(planting.quantity, 'unit')}."
+    elsif planting.planted_from.present?
+      return "#{planting.owner} planted #{planting.planted_from.pluralize}."
+    else
+      return "#{planting.owner}."
+    end
+  end
+end

app/helpers/seeds_helper.rb

@@ -0,0 +1,9 @@
+module SeedsHelper
+  def display_seed_description(seed)
+    if seed.description.nil?
+      "no description provided."
+    else
+      truncate(seed.description, length: 130, separator: ' ', omission: '... ') { link_to "Read more", seed_path(seed) }
+    end
+  end
+end

app/mailers/notifier.rb

@@ -2,24 +2,53 @@ class Notifier < ActionMailer::Base
   include NotificationsHelper
   default from: "Growstuff <noreply@growstuff.org>"
 
+  def verifier
+    unless ENV['RAILS_SECRET_TOKEN']
+      raise "RAILS_SECRET_TOKEN environment variable"\
+        "not set - have you created config/application.yml?"
+    end
+
+    return ActiveSupport::MessageVerifier.new(ENV['RAILS_SECRET_TOKEN'])
+  end
+
   def notify(notification)
     @notification = notification
     @reply_link = reply_link(@notification)
 
-    mail(:to => @notification.recipient.email,
-         :subject => @notification.subject)
+    # Encrypting
+    @signed_message = verifier.generate ({ member_id: @notification.recipient.id, type: :send_notification_email })
+
+    mail(to: @notification.recipient.email,
+         subject: @notification.subject)
   end
 
   def planting_reminder(member)
     @member = member
 
-    @plantings = @member.plantings.reorder.last(5)
-    @harvests = @member.harvests.reorder.last(5)
+    @plantings = @member.plantings.first(5)
+    @harvests = @member.harvests.first(5)
+
+    # Encrypting
+    @signed_message = verifier.generate ({ member_id: @member.id, type: :send_planting_reminder })
 
     if @member.send_planting_reminder
-      mail(:to => @member.email,
-          :subject => "What have you planted lately?")
+      mail(to: @member.email,
+           subject: "What have you planted lately?")
     end
   end
 
+  def new_crop_request(member, request)
+    @member, @request = member, request
+    mail(to: @member.email, subject: "#{@request.requester.login_name} has requested #{@request.name} as a new crop")
+  end
+
+  def crop_request_approved(member, crop)
+    @member, @crop = member, crop
+    mail(to: @member.email, subject: "#{crop.name.capitalize} has been approved")
+  end
+
+  def crop_request_rejected(member, crop)
+    @member, @crop = member, crop
+    mail(to: @member.email, subject: "#{crop.name.capitalize} has been rejected")
+  end
 end

app/models/ability.rb

@@ -21,14 +21,32 @@ class Ability
     cannot :read, Account
     cannot :read, AccountType
 
+    # nobody should be able to view unapproved crops unless they
+    # are wranglers or admins
+    cannot :read, Crop
+    can :read, Crop, approval_status: "approved"
+    # scientific names should only be viewable if associated crop is approved
+    cannot :read, ScientificName
+    can :read, ScientificName do |sn|
+      sn.crop.approved?
+    end
+    # ... same for alternate names
+    cannot :read, AlternateName
+    can :read, AlternateName do |an|
+      an.crop.approved?
+    end
+
     if member
+      # members can see even rejected or pending crops if they requested it
+      can :read, Crop, requester_id: member.id
 
       # managing your own user settings
-      can :update, Member, :id => member.id
+      can :update, Member, id: member.id
 
       # can read/delete notifications that were sent to them
-      can :read, Notification, :recipient_id => member.id
-      can :destroy, Notification, :recipient_id => member.id
+      can :read, Notification, recipient_id: member.id
+      can :destroy, Notification, recipient_id: member.id
+      can :reply, Notification, recipient_id: member.id
       # can send a private message to anyone but themselves
       # note: sadly, we can't test for this from the view, but it works
       # for the model/controller
@@ -45,58 +63,63 @@ class Ability
         can :manage, AlternateName
       end
 
+      # any member can create a crop provisionally
+      can :create, Crop
+
       # can create & destroy their own authentications against other sites.
       can :create, Authentication
-      can :destroy, Authentication, :member_id => member.id
+      can :destroy, Authentication, member_id: member.id
 
       # anyone can create a post, or comment on a post,
       # but only the author can edit/destroy it.
       can :create,  Post
-      can :update,  Post, :author_id => member.id
-      can :destroy, Post, :author_id => member.id
+      can :update,  Post, author_id: member.id
+      can :destroy, Post, author_id: member.id
       can :create,  Comment
-      can :update,  Comment, :author_id => member.id
-      can :destroy, Comment, :author_id => member.id
+      can :update,  Comment, author_id: member.id
+      can :destroy, Comment, author_id: member.id
 
       # same deal for gardens and plantings
       can :create,  Garden
-      can :update,  Garden, :owner_id => member.id
-      can :destroy, Garden, :owner_id => member.id
+      can :update,  Garden, owner_id: member.id
+      can :destroy, Garden, owner_id: member.id
 
       can :create,  Planting
-      can :update,  Planting, :garden => { :owner_id => member.id }
-      can :destroy, Planting, :garden => { :owner_id => member.id }
+      can :update,  Planting, garden: { owner_id: member.id }
+      can :destroy, Planting, garden: { owner_id: member.id }
 
       can :create,  Harvest
-      can :update,  Harvest, :owner_id => member.id
-      can :destroy, Harvest, :owner_id => member.id
+      can :update,  Harvest, owner_id: member.id
+      can :destroy, Harvest, owner_id: member.id
 
       can :create, Photo
-      can :update, Photo, :owner_id => member.id
-      can :destroy, Photo, :owner_id => member.id
+      can :update, Photo, owner_id: member.id
+      can :destroy, Photo, owner_id: member.id
 
       can :create, Seed
-      can :update, Seed, :owner_id => member.id
-      can :destroy, Seed, :owner_id => member.id
+      can :update, Seed, owner_id: member.id
+      can :destroy, Seed, owner_id: member.id
 
       # orders/shop/etc
       can :create,   Order
-      can :read,     Order, :member_id => member.id
-      can :complete, Order, :member_id => member.id, :completed_at => nil
-      can :checkout, Order, :member_id => member.id, :completed_at => nil
-      can :cancel,   Order, :member_id => member.id, :completed_at => nil
-      can :destroy,  Order, :member_id => member.id, :completed_at => nil
+      can :read,     Order, member_id: member.id
+      can :complete, Order, member_id: member.id, completed_at: nil
+      can :checkout, Order, member_id: member.id, completed_at: nil
+      can :cancel,   Order, member_id: member.id, completed_at: nil
+      can :destroy,  Order, member_id: member.id, completed_at: nil
 
-      can :create,  OrderItem
+      can :create, OrderItem
       # for now, let's not let people mess with individual order items
-      cannot :read,    OrderItem, :order => { :member_id => member.id }
-      cannot :update,  OrderItem, :order => { :member_id => member.id, :completed_at => nil }
-      cannot :destroy, OrderItem, :order => { :member_id => member.id, :completed_at => nil }
+      cannot :read,    OrderItem, order: { member_id: member.id }
+      cannot :update,  OrderItem, order: { member_id: member.id, completed_at: nil }
+      cannot :destroy, OrderItem, order: { member_id: member.id, completed_at: nil }
 
       # following/unfollowing permissions
-      can :create, Follow do |f|
-        !member.already_following?(f.followed) && f.followed_id != member.id
-      end
+      can :create, Follow
+      cannot :create, Follow, followed_id: member.id # can't follow yourself
+
+      can :destroy, Follow
+      cannot :destroy, Follow, followed_id: member.id # can't unfollow yourself
 
       if member.has_role? :admin
 

app/models/account.rb

@@ -1,15 +1,14 @@
 class Account < ActiveRecord::Base
-  attr_accessible :account_type_id, :member_id, :paid_until
   belongs_to :member
   belongs_to :account_type
 
-  validates :member_id, :uniqueness => {
-    :message => 'already has account details associated with it'
+  validates :member_id, uniqueness: {
+    message: 'already has account details associated with it'
   }
 
   before_create do |account|
     unless account.account_type
-      account.account_type = AccountType.find_or_create_by_name(
+      account.account_type = AccountType.find_or_create_by(name:
         Growstuff::Application.config.default_account_type
       )
     end
@@ -22,5 +21,4 @@ class Account < ActiveRecord::Base
       return paid_until.to_s
     end
   end
-
 end

app/models/account_type.rb

@@ -1,5 +1,4 @@
 class AccountType < ActiveRecord::Base
-  attr_accessible :is_paid, :is_permanent_paid, :name
   has_many :products
 
   def to_s

app/models/alternate_name.rb

@@ -1,5 +1,5 @@
 class AlternateName < ActiveRecord::Base
-  attr_accessible :crop_id, :name, :creator_id
+  after_commit { |an| an.crop.__elasticsearch__.index_document if an.crop && ENV['GROWSTUFF_ELASTICSEARCH'] == "true" }
   belongs_to :crop
-  belongs_to :creator, :class_name => 'Member'
+  belongs_to :creator, class_name: 'Member'
 end

app/models/authentication.rb

@@ -1,4 +1,3 @@
 class Authentication < ActiveRecord::Base
   belongs_to :member
-  attr_accessible :provider, :uid, :token, :secret, :name
 end

app/models/comment.rb

@@ -1,10 +1,9 @@
 class Comment < ActiveRecord::Base
-  attr_accessible :author_id, :body, :post_id
-  belongs_to :author, :class_name => 'Member'
+  belongs_to :author, class_name: 'Member'
   belongs_to :post
 
-  default_scope order("created_at DESC")
-  scope :post_order, reorder("created_at ASC") # for display on post page
+  default_scope { order("created_at DESC") }
+  scope :post_order, -> { reorder("created_at ASC") } # for display on post page
 
   after_create do
     recipient = self.post.author.id
@@ -12,13 +11,12 @@ class Comment < ActiveRecord::Base
     # don't send notifications to yourself
     if recipient != sender
       Notification.create(
-        :recipient_id => recipient,
-        :sender_id => sender,
-        :subject => "#{self.author} commented on #{self.post.subject}",
-        :body => self.body,
-        :post_id => self.post.id
+        recipient_id: recipient,
+        sender_id: sender,
+        subject: "#{self.author} commented on #{self.post.subject}",
+        body: self.body,
+        post_id: self.post.id
       )
     end
   end
-
 end

app/models/comment_sweeper.rb

@@ -1,15 +0,0 @@
-class CommentSweeper < ActionController::Caching::Sweeper
-  observe Comment
-
-  def after_create(comment)
-    expire_fragment('recent_posts')
-  end
-
-  def after_update(comment)
-  end
-
-  def after_destroy(comment)
-    expire_fragment('recent_posts')
-  end
-
-end

app/models/crop.rb

@@ -1,48 +1,134 @@
-class Crop < ActiveRecord::Base
+class Crop < ActiveRecord::Base # rubocop:disable Metrics/ClassLength
   extend FriendlyId
-  friendly_id :name, use: :slugged
-  attr_accessible :en_wikipedia_url, :name, :parent_id, :creator_id, :scientific_names_attributes
+  friendly_id :name, use: [:slugged, :finders]
 
-  has_many :scientific_names
+  has_many :scientific_names, after_add: :update_index, after_remove: :update_index
   accepts_nested_attributes_for :scientific_names,
-    :allow_destroy => true,
-    :reject_if     => :all_blank
+    allow_destroy: true,
+    reject_if: :all_blank
 
-  has_many :alternate_names
+  has_many :alternate_names, after_add: :update_index, after_remove: :update_index, dependent: :destroy
   has_many :plantings
-  has_many :photos, :through => :plantings
+  has_many :photos, through: :plantings
   has_many :seeds
   has_many :harvests
-  has_many :plant_parts, :through => :harvests, :uniq => :true
-  belongs_to :creator, :class_name => 'Member'
+  has_many :plant_parts, -> { uniq }, through: :harvests
+  belongs_to :creator, class_name: 'Member'
+  belongs_to :requester, class_name: 'Member'
 
-  belongs_to :parent, :class_name => 'Crop'
-  has_many :varieties, :class_name => 'Crop', :foreign_key => 'parent_id'
+  belongs_to :parent, class_name: 'Crop'
+  has_many :varieties, class_name: 'Crop', foreign_key: 'parent_id'
   has_and_belongs_to_many :posts
-  before_destroy {|crop| crop.posts.clear}
+  before_destroy { |crop| crop.posts.clear }
 
+  default_scope { order("lower(name) asc") }
+  scope :recent, lambda {
+    where(approval_status: "approved").reorder("created_at desc")
+  }
+  scope :toplevel, lambda {
+    where(approval_status: "approved", parent_id: nil)
+  }
+  scope :popular, lambda {
+    where(approval_status: "approved").reorder("plantings_count desc, lower(name) asc")
+  }
+  scope :randomized, lambda {
+    # ok on sqlite and psql, but not on mysql
+    where(approval_status: "approved").reorder('random()')
+  }
+  scope :pending_approval, -> { where(approval_status: "pending") }
+  scope :approved, -> { where(approval_status: "approved") }
+  scope :rejected, -> { where(approval_status: "rejected") }
 
-  default_scope order("lower(name) asc")
-  scope :recent, reorder("created_at desc")
-  scope :toplevel, where(:parent_id => nil)
-  scope :popular, reorder("plantings_count desc, lower(name) asc")
-  scope :randomized, reorder('random()') # ok on sqlite and psql, but not on mysql
-
+  ## Wikipedia urls are only necessary when approving a crop
   validates :en_wikipedia_url,
-    :format => {
-      :with => /^https?:\/\/en\.wikipedia\.org\/wiki/,
-      :message => 'is not a valid English Wikipedia URL'
-    }
+    format: {
+      with: /\Ahttps?:\/\/en\.wikipedia\.org\/wiki\/[[:alnum:]%_]+\z/,
+      message: 'is not a valid English Wikipedia URL'
+    },
+    if: :approved?
+
+  ## Reasons are only necessary when rejecting
+  validates :reason_for_rejection, presence: true, if: :rejected?
+
+  ## This validation addresses a race condition
+  validate :approval_status_cannot_be_changed_again
+
+  validate :must_be_rejected_if_rejected_reasons_present
+
+  validate :must_have_meaningful_reason_for_rejection
+
+  ####################################
+  # Elastic search configuration
+  if ENV["GROWSTUFF_ELASTICSEARCH"] == "true"
+    include Elasticsearch::Model
+    include Elasticsearch::Model::Callbacks
+    # In order to avoid clashing between different environments,
+    # use Rails.env as a part of index name (eg. development_growstuff)
+    index_name [Rails.env, "growstuff"].join('_')
+    settings index: { number_of_shards: 1 },
+             analysis: {
+               tokenizer: {
+                 gs_edgeNGram_tokenizer: {
+                   type: "edgeNGram", # edgeNGram: NGram match from the start of a token
+                   min_gram: 3,
+                   max_gram: 10,
+                   # token_chars: Elasticsearch will split on characters
+                   # that don’t belong to any of these classes
+                   token_chars: ["letter", "digit"]
+                 }
+               },
+               analyzer: {
+                 gs_edgeNGram_analyzer: {
+                   tokenizer: "gs_edgeNGram_tokenizer",
+                   filter: ["lowercase"]
+                 }
+               },
+             } do
+      mappings dynamic: 'false' do
+        indexes :id, type: 'long'
+        indexes :name, type: 'string', analyzer: 'gs_edgeNGram_analyzer'
+        indexes :approval_status, type: 'string'
+        indexes :scientific_names do
+          indexes :name,
+            type: 'string',
+            analyzer: 'gs_edgeNGram_analyzer',
+            # Disabling field-length norm (norm). If the norm option is turned on(by default),
+            # higher weigh would be given for shorter fields, which in our case is irrelevant.
+            norms: { enabled: false }
+        end
+        indexes :alternate_names do
+          indexes :name, type: 'string', analyzer: 'gs_edgeNGram_analyzer'
+        end
+      end
+    end
+  end
+
+  def as_indexed_json(options = {})
+    self.as_json(
+      only: [:id, :name, :approval_status],
+      include: {
+        scientific_names: { only: :name },
+        alternate_names: { only: :name }
+      })
+  end
+
+  # update the Elasticsearch index (only if we're using it in this
+  # environment)
+  def update_index(name_obj)
+    if ENV["GROWSTUFF_ELASTICSEARCH"] == "true"
+      __elasticsearch__.index_document
+    end
+  end
+
+  # End Elasticsearch section
 
   def to_s
-    return name
+    name
   end
 
   def default_scientific_name
-    if scientific_names.count > 0
-      return scientific_names.first.scientific_name
-    else
-      return nil
+    if scientific_names.size > 0
+      scientific_names.first.name
     end
   end
 
@@ -51,7 +137,11 @@ class Crop < ActiveRecord::Base
   # later we can choose a default photo based on different criteria,
   # eg. popularity
   def default_photo
-    return photos.first
+    return photos.first if photos.any?
+
+    # Crop has no photos? Look for the most recent harvest with a photo.
+    harvest_with_photo = Harvest.where(crop_id: id).joins(:photos).order('harvests.id DESC').limit(1).first
+    harvest_with_photo.photos.first if harvest_with_photo
   end
 
   # crop.sunniness
@@ -60,13 +150,7 @@ class Crop < ActiveRecord::Base
   # key: sunniness (eg. 'sun')
   # value: count of how many times it's been used by plantings
   def sunniness
-    sunniness = Hash.new(0)
-    plantings.each do |p|
-      if !p.sunniness.blank?
-        sunniness[p.sunniness] += 1
-      end
-    end
-    return sunniness
+    count_uses_of_property 'sunniness'
   end
 
   # crop.planted_from
@@ -74,13 +158,7 @@ class Crop < ActiveRecord::Base
   # key: propagation method (eg. 'seed')
   # value: count of how many times it's been used by plantings
   def planted_from
-    planted_from = Hash.new(0)
-    plantings.each do |p|
-      if !p.planted_from.blank?
-        planted_from[p.planted_from] += 1
-      end
-    end
-    return planted_from
+    count_uses_of_property 'planted_from'
   end
 
   # crop.popular_plant_parts
@@ -100,48 +178,68 @@ class Crop < ActiveRecord::Base
   def interesting?
     min_plantings = 3 # needs this many plantings to be interesting
     min_photos    = 3 # needs this many photos to be interesting
-    return false unless photos.count >= min_photos
+    return false unless photos.size >= min_photos
     return false unless plantings_count >= min_plantings
     return true
   end
 
+  def pending?
+    approval_status == "pending"
+  end
+
+  def approved?
+    approval_status == "approved"
+  end
+
+  def rejected?
+    approval_status == "rejected"
+  end
+
+  def approval_statuses
+    ['rejected', 'pending', 'approved']
+  end
+
+  def reasons_for_rejection
+    ["already in database", "not edible", "not enough information", "other"]
+  end
+
   # Crop.interesting
   # returns a list of interesting crops, for use on the homepage etc
   def Crop.interesting
-  howmany = 12 # max number to find
-  interesting_crops = Array.new
-    Crop.randomized.each do |c|
-      break if interesting_crops.length == howmany
+    howmany = 12 # max number to find
+    interesting_crops = []
+    Crop.includes(:photos).randomized.each do |c|
+      break if interesting_crops.size == howmany
       next unless c.interesting?
       interesting_crops.push(c)
     end
     return interesting_crops
   end
 
-# Crop.create_from_csv(row)
-# used by db/seeds.rb and rake growstuff:import_crops
-# CSV fields:
-# - name (required)
-# - en_wikipedia_url (required)
-# - parent (name, optional)
-# - scientific name (optional, can be picked up from parent if it has one)
+  # Crop.create_from_csv(row)
+  # used by db/seeds.rb and rake growstuff:import_crops
+  # CSV fields:
+  # - name (required)
+  # - en_wikipedia_url (required)
+  # - parent (name, optional)
+  # - scientific name (optional, can be picked up from parent if it has one)
 
   def Crop.create_from_csv(row)
-    name,en_wikipedia_url,parent,scientific_names,alternate_names = row
+    name, en_wikipedia_url, parent, scientific_names, alternate_names = row
 
     cropbot = Member.find_by_login_name('cropbot')
     raise "cropbot account not found: run rake db:seed" unless cropbot
 
-    crop = Crop.find_or_create_by_name(name)
+    crop = Crop.find_or_create_by(name: name)
     crop.update_attributes(
-      :en_wikipedia_url => en_wikipedia_url,
-      :creator_id => cropbot.id
+      en_wikipedia_url: en_wikipedia_url,
+      creator_id: cropbot.id
     )
 
     if parent
       parent = Crop.find_by_name(parent)
       if parent
-        crop.update_attributes(:parent_id => parent.id)
+        crop.update_attributes(parent_id: parent.id)
       else
         logger.warn("Warning: parent crop #{parent} not found")
       end
@@ -149,64 +247,146 @@ class Crop < ActiveRecord::Base
 
     crop.add_scientific_names_from_csv(scientific_names)
     crop.add_alternate_names_from_csv(alternate_names)
-
   end
 
   def add_scientific_names_from_csv(scientific_names)
     names_to_add = []
-    if ! scientific_names.blank? # i.e. we actually passed something in, which isn't a given
+    if !scientific_names.blank? # i.e. we actually passed something in, which isn't a given
       names_to_add = scientific_names.split(%r{,\s*})
     elsif parent && parent.scientific_names.size > 0 # pick up from parent
-      names_to_add = parent.scientific_names.map{|s| s.scientific_name}
+      names_to_add = parent.scientific_names.map { |s| s.name }
     else
       logger.warn("Warning: no scientific name (not even on parent crop) for #{self}")
     end
 
+    cropbot = Member.find_by_login_name('cropbot')
+
     if names_to_add.size > 0
-      cropbot = Member.find_by_login_name('cropbot')
       raise "cropbot account not found: run rake db:seed" unless cropbot
 
-      names_to_add.each do |n|
-        if self.scientific_names.exists?(:scientific_name => n)
-          logger.warn("Warning: skipping duplicate scientific name #{n} for #{self}")
-        else
-
-          self.scientific_names.create(
-            :scientific_name => n,
-            :creator_id => cropbot.id
-          )
-        end
-      end
+      add_names_to_list(names_to_add, 'scientific')
     end
   end
 
   def add_alternate_names_from_csv(alternate_names)
+    cropbot = Member.find_by_login_name('cropbot')
+
     names_to_add = []
-    if ! alternate_names.blank? # i.e. we actually passed something in, which isn't a given
-      cropbot = Member.find_by_login_name('cropbot')
+
+    if !alternate_names.blank? # i.e. we actually passed something in, which isn't a given
       raise "cropbot account not found: run rake db:seed" unless cropbot
 
       names_to_add = alternate_names.split(%r{,\s*})
+      add_names_to_list(names_to_add, 'alternate')
+    end
+  end
 
-      names_to_add.each do |n|
-        if self.alternate_names.exists?(:name => n)
-          logger.warn("Warning: skipping duplicate alternate name #{n} for #{self}")
-        else
-          self.alternate_names.create(
-            :name => n,
-            :creator_id => cropbot.id
-          )
-        end
-      end
-
+  def rejection_explanation
+    if reason_for_rejection == "other"
+      return rejection_notes
+    else
+      return reason_for_rejection
     end
   end
 
   # Crop.search(string)
-  # searches for crops whose names match the string given
-  # just uses SQL LIKE for now, but can be made fancier later
   def self.search(query)
-    where("name ILIKE ?", "%#{query}%")
+    if ENV['GROWSTUFF_ELASTICSEARCH'] == "true"
+      search_str = query.nil? ? "" : query.downcase
+      response = __elasticsearch__.search({
+                                            # Finds documents which match any field, but uses the _score from
+                                            # the best field insead of adding up _score from each field.
+                                            query: {
+                                              multi_match: {
+                                                query: "#{search_str}",
+                                                analyzer: "standard",
+                                                fields: ["name",
+                                                         "scientific_names.scientific_name",
+                                                         "alternate_names.name"]
+                                              }
+                                            },
+                                            filter: {
+                                              term: { approval_status: "approved" }
+                                            },
+                                            size: 50
+                                          }
+      )
+      return response.records.to_a
+    else
+      # if we don't have elasticsearch, just do a basic SQL query.
+      # also, make sure it's an actual array not an activerecord
+      # collection, so it matches what we get from elasticsearch and we can
+      # manipulate it in the same ways (eg. deleting elements without deleting
+      # the whole record from the db)
+      matches = Crop.approved.where("name ILIKE ?", "%#{query}%").to_a
+
+      # we want to make sure that exact matches come first, even if not
+      # using elasticsearch (eg. in development)
+      exact_match = Crop.approved.find_by_name(query)
+      if exact_match
+        matches.delete(exact_match)
+        matches.unshift(exact_match)
+      end
+
+      return matches
+    end
   end
 
+  private
+
+  def add_names_to_list(names_to_add, list_name)
+    names_to_add.each do |n|
+      if name_already_exists(list_name, n)
+        logger.warn("Warning: skipping duplicate #{list_name} name #{n} for #{self}")
+      else
+        create_crop_in_list(list_name, n)
+      end
+    end
+  end
+
+  def create_crop_in_list(list_name, name)
+    cropbot = Member.find_by_login_name('cropbot')
+    create_hash = {
+      creator_id: "#{cropbot.id}",
+      name: name
+    }
+    self.send("#{list_name}_names").create(create_hash)
+  end
+
+  def name_already_exists(list_name, name)
+    self.send("#{list_name}_names").exists?(name: name)
+  end
+
+  def count_uses_of_property(col_name)
+    data = Hash.new(0)
+    plantings.each do |p|
+      if !p.send("#{col_name}").blank?
+        data[p.send("#{col_name}")] += 1
+      end
+    end
+    data
+  end
+
+  # Custom validations
+
+  def approval_status_cannot_be_changed_again
+    previous = previous_changes.include?(:approval_status) ? previous_changes.approval_status : {}
+    if previous.include?(:rejected) || previous.include?(:approved)
+      errors.add(:approval_status, "has already been set to #{approval_status}")
+    end
+  end
+
+  def must_be_rejected_if_rejected_reasons_present
+    unless rejected?
+      if reason_for_rejection.present? || rejection_notes.present?
+        errors.add(:approval_status, "must be rejected if a reason for rejection is present")
+      end
+    end
+  end
+
+  def must_have_meaningful_reason_for_rejection
+    if reason_for_rejection == "other" && rejection_notes.blank?
+      errors.add(:rejection_notes, "must be added if the reason for rejection is \"other\"")
+    end
+  end
 end

app/models/crop_sweeper.rb

@@ -1,21 +0,0 @@
-class CropSweeper < ActionController::Caching::Sweeper
-  observe Crop
-
-  def after_create(crop)
-    expire_fragment('homepage_stats')
-    expire_fragment('recent_crops')
-    expire_fragment('full_crop_hierarchy')
-  end
-
-  def after_update(crop)
-    expire_fragment("crop_image_#{crop.id}")
-  end
-
-  def after_destroy(crop)
-    expire_fragment('homepage_stats')
-    expire_fragment('recent_crops')
-    expire_fragment('full_crop_hierarchy')
-  end
-
-end
-

app/models/follow.rb

@@ -1,17 +1,14 @@
 class Follow < ActiveRecord::Base
-  attr_accessible :followed_id, :follower_id
   belongs_to :follower, class_name: "Member"
   belongs_to :followed, class_name: "Member"
-  validates :follower_id, uniqueness: { :scope => :followed_id }
+  validates :follower_id, uniqueness: { scope: :followed_id }
 
   after_create do
     Notification.create(
-      :recipient_id => self.followed_id,
-      :sender_id => self.follower_id,
-      :subject => "#{self.follower.login_name} is now following you",
-      :body => "#{self.follower.login_name} just followed you on #{ENV["GROWSTUFF_SITE_NAME"]}. "
+      recipient_id: self.followed_id,
+      sender_id: self.follower_id,
+      subject: "#{self.follower.login_name} is now following you",
+      body: "#{self.follower.login_name} just followed you on #{ENV["GROWSTUFF_SITE_NAME"]}. "
     )
   end
-
-
 end

app/models/forum.rb

@@ -1,12 +1,11 @@
 class Forum < ActiveRecord::Base
   extend FriendlyId
-  friendly_id :name, use: :slugged
-  attr_accessible :description, :name, :owner_id, :slug
+  friendly_id :name, use: [:slugged, :finders]
+
   has_many :posts
-  belongs_to :owner, :class_name => "Member"
+  belongs_to :owner, class_name: "Member"
 
   def to_s
     return name
   end
-
 end