Cache what a crop is harvested for (#4582)

Add Rack::Attack rate limiting and Fail2Ban protection

.dockerignore

@@ -7,7 +7,6 @@ tmp/*
 node_modules
 public/assets
 .env
-.ruby-version
 .ruby-gemset
 .editorconfig
 .esignore

Gemfile

@@ -116,6 +116,8 @@ gem 'xmlrpc' # fixes rake error - can be removed if not needed later
 
 gem 'puma'
 
+gem 'rack-attack'
+
 gem 'loofah', '>= 2.19.1'
 gem 'rack-protection', '>= 2.0.1'
 

Gemfile.lock

@@ -503,6 +503,8 @@ GEM
     query_diet (0.7.3)
     racc (1.8.1)
     rack (2.2.23)
+    rack-attack (6.8.0)
+      rack (>= 1.0, < 4)
     rack-cors (2.0.2)
       rack (>= 2.0.0)
     rack-protection (3.2.0)
@@ -841,6 +843,7 @@ DEPENDENCIES
   pry
   puma
   query_diet
+  rack-attack
   rack-cors
   rack-protection (>= 2.0.1)
   rails (~> 7.2.0)

app/controllers/admin/members_controller.rb

@@ -8,9 +8,9 @@ module Admin
     responders :flash
 
     def index
-      @members = Member.all
-      @members = @members.where("login_name ILIKE ?", "%#{search_term}%") unless search_term.nil?
-      @members = @members.order(:login_name).paginate(page: params[:page])
+      @members = Member.order(:login_name)
+      @members = @members.where("login_name ILIKE ?", "%#{search_term}%") if search_term.present?
+      @members = @members.paginate(page: params[:page])
     end
 
     def edit

app/controllers/blocks_controller.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+class BlocksController < ApplicationController
+  load_and_authorize_resource
+  skip_load_resource only: :create
+
+  def create
+    @block = current_member.blocks.build(blocked: Member.find(params[:blocked]))
+
+    if @block.save
+      flash[:notice] = "Blocked #{@block.blocked.login_name}"
+    else
+      flash[:error] = "Already blocking or error while blocking."
+    end
+    redirect_back_or_to(root_path)
+  end
+
+  def destroy
+    @block = current_member.blocks.find(params[:id])
+    @unblocked = @block.blocked
+    @block.destroy
+
+    flash[:notice] = "Unblocked #{@unblocked.login_name}"
+    redirect_to @unblocked
+  end
+
+  private
+
+  def block_params
+    params.permit(:id, :blocked)
+  end
+end

app/controllers/charts/crops_controller.rb

@@ -14,9 +14,12 @@ module Charts
 
     def harvested_for
       @crop = Crop.find_by!(slug: params[:crop_slug])
-      render json: Harvest.joins(:plant_part)
-        .where(crop: @crop)
-        .group("plant_parts.name").count(:id)
+      data = Rails.cache.fetch("#{@crop.cache_key_with_version}/harvested_for", expires_in: 1.day) do
+        Harvest.joins(:plant_part)
+          .where(crop: @crop)
+          .group("plant_parts.name").count(:id)
+      end
+      render json: data
     end
 
     private

app/controllers/messages_controller.rb

@@ -27,10 +27,21 @@ class MessagesController < ApplicationController
   def create
     if params[:conversation_id].present?
       @conversation = Mailboxer::Conversation.find(params[:conversation_id])
+      # Check if any of the recipients have blocked the sender
+      if @conversation.recipients.any? { |recipient| recipient.already_blocking?(current_member) }
+        flash[:error] = "You cannot reply to this conversation because one of the recipients has blocked you."
+        redirect_to conversation_path(@conversation)
+        return
+      end
       current_member.reply_to_conversation(@conversation, params[:body])
       redirect_to conversation_path(@conversation)
     else
       recipient = Member.find(params[:recipient_id])
+      if recipient.already_blocking?(current_member)
+        flash[:error] = "You cannot send a message to a member who has blocked you."
+        redirect_back_or_to(root_path)
+        return
+      end
       body = params[:body]
       subject = params[:subject]
       @conversation = current_member.send_message(recipient, body, subject)

app/models/ability.rb

@@ -164,6 +164,12 @@ class Ability
     can :destroy, Follow
     cannot :destroy, Follow, followed_id: member.id # can't unfollow yourself
 
+    # blocking/unblocking permissions
+    can :create, Block
+    cannot :create, Block, blocked_id: member.id # can't block yourself
+
+    can :destroy, Block, blocker_id: member.id # can only unblock your own blocks
+
     cannot :create, GardenType
     cannot :update, GardenType
     cannot :destroy, GardenType

app/models/block.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class Block < ApplicationRecord
+  belongs_to :blocker, class_name: "Member"
+  belongs_to :blocked, class_name: "Member"
+
+  validates :blocker_id, uniqueness: { scope: :blocked_id }
+
+  after_create :destroy_follow_relationship
+
+  private
+
+  def destroy_follow_relationship
+    # Destroy the follow relationship in both directions
+    Follow.where(follower: blocker, followed: blocked).destroy_all
+    Follow.where(follower: blocked, followed: blocker).destroy_all
+  end
+end

app/models/comment.rb

@@ -4,6 +4,7 @@ class Comment < ApplicationRecord
   belongs_to :author, class_name: 'Member', inverse_of: :comments
   belongs_to :commentable, polymorphic: true, counter_cache: true
   # validates :body, presence: true
+  validate :author_is_not_blocked
 
   scope :post_order, -> { order(created_at: :asc) } # for display on post page
 
@@ -25,4 +26,14 @@ class Comment < ApplicationRecord
   def to_s
     "#{author.login_name} commented on #{commentable.subject}"
   end
+
+  private
+
+  def author_is_not_blocked
+    return unless author
+
+    return unless commentable.author.already_blocking?(author)
+
+    errors.add(:base, "You cannot comment on a post of a member who has blocked you.")
+  end
 end

app/models/follow.rb

@@ -4,6 +4,7 @@ class Follow < ApplicationRecord
   belongs_to :follower, class_name: "Member", inverse_of: :follows
   belongs_to :followed, class_name: "Member", inverse_of: :inverse_follows
   validates :follower_id, uniqueness: { scope: :followed_id }
+  validate :follower_is_not_blocked
 
   after_create do
     Notification.create(
@@ -14,4 +15,14 @@ class Follow < ApplicationRecord
       notifiable:   self
     )
   end
+
+  private
+
+  def follower_is_not_blocked
+    return unless follower
+
+    return unless followed.already_blocking?(follower)
+
+    errors.add(:base, "You cannot follow a member who has blocked you.")
+  end
 end

app/models/like.rb

@@ -5,4 +5,24 @@ class Like < ApplicationRecord
   belongs_to :likeable, polymorphic: true, counter_cache: true, touch: true
   validates :member, :likeable, presence: true
   validates :member, uniqueness: { scope: :likeable }
+  validate :member_is_not_blocked
+
+  def likeable_author
+    if likeable.respond_to?(:author)
+      likeable.author
+    elsif likeable.respond_to?(:owner)
+      likeable.owner
+    end
+  end
+
+  private
+
+  def member_is_not_blocked
+    return unless member
+
+    author = likeable_author
+    return unless author&.already_blocking?(member)
+
+    errors.add(:base, "You cannot like content of a member who has blocked you.")
+  end
 end

app/models/member.rb

@@ -52,6 +52,15 @@ class Member < ApplicationRecord
   has_many :followed, through: :follows
   has_many :followers, through: :inverse_follows, source: :follower
 
+  #
+  # Blocking other members
+  has_many :blocks, class_name: "Block", foreign_key: "blocker_id", dependent: :destroy,
+                    inverse_of: :blocker
+  has_many :inverse_blocks, class_name: "Block", foreign_key: "blocked_id",
+                            dependent: :destroy, inverse_of: :blocked
+  has_many :blocked_members, through: :blocks, source: :blocked
+  has_many :blockers, through: :inverse_blocks, source: :blocker
+
   #
   # Global data records this member created
   has_many :requested_crops, class_name: 'Crop', foreign_key: 'requester_id', dependent: :nullify,
@@ -164,12 +173,12 @@ class Member < ApplicationRecord
   end
 
   def self.nearest_to(place)
-    nearby_members = []
-    if place
-      latitude, longitude = Geocoder.coordinates(place, params: { limit: 1 })
-      nearby_members = Member.located.sort_by { |x| x.distance_from([latitude, longitude]) } if latitude && longitude
-    end
-    nearby_members
+    return [] if place.blank?
+
+    latitude, longitude = Geocoder.coordinates(place, params: { limit: 1 })
+    return [] unless latitude && longitude
+
+    Member.located.near([latitude, longitude], 1000)
   end
 
   def already_following?(member)
@@ -179,4 +188,33 @@ class Member < ApplicationRecord
   def get_follow(member)
     follows.find_by(followed_id: member.id) if already_following?(member)
   end
+
+  def already_blocking?(member)
+    blocks.exists?(blocked_id: member.id)
+  end
+
+  def get_block(member)
+    blocks.find_by(blocked_id: member.id) if already_blocking?(member)
+  end
+
+  def has_activity?
+    (gardens.exists? && gardens.count > 1) ||
+      plantings.exists? ||
+      harvests.exists? ||
+      seeds.exists? ||
+      photos.exists? ||
+      forums.exists? ||
+      activities.exists? ||
+      posts.exists? ||
+      comments.exists? ||
+      requested_crops.exists? ||
+      created_crops.exists? ||
+      likes.exists? ||
+      created_alternate_names.exists? ||
+      created_scientific_names.exists? ||
+      follows.exists? ||
+      inverse_follows.exists? ||
+      blocks.exists? ||
+      inverse_blocks.exists?
+  end
 end

app/models/post.rb

@@ -49,9 +49,10 @@ class Post < ApplicationRecord
 
   # return posts sorted by recent activity
   def self.recently_active
-    Post.order(created_at: :desc).sort do |a, b|
-      b.recent_activity <=> a.recent_activity
-    end
+    left_joins(:comments)
+      .select('posts.*, COALESCE(MAX(comments.created_at), posts.created_at) AS last_activity_at')
+      .group('posts.id')
+      .order(Arel.sql('last_activity_at DESC'))
   end
 
   def owner_id

app/services/gbif_service.rb

@@ -85,7 +85,7 @@ class GbifService
   end
 
   def import!
-    Crop.order(updated_at: :desc).each do |crop|
+    Crop.order(updated_at: :desc).find_each do |crop|
       Rails.logger.debug { "#{crop.id}, #{crop.name}" }
       update_crop(crop) if crop.valid?
     rescue ActiveRecord::RecordInvalid

app/views/alternate_names/_form.html.haml

@@ -22,8 +22,8 @@
       .form-group
         = f.label :crop_id, class: 'control-label col-md-2'
         .col-md-8
-          = collection_select(:alternate_name, :crop_id,
-                              Crop.all, :id, :name,
+          = select(:alternate_name, :crop_id,
+                              Crop.order(:name).pluck(:name, :id),
                               { selected: @alternate_name.crop_id || @crop.id },
                               class: 'form-control')
 

app/views/crops/_actions.html.haml

@@ -1,6 +1,9 @@
 - if crop.approved? && signed_in?
+  - active_plantings = current_member.plantings.where(crop: crop).active
 
   .btn-group.crop-actions{"aria-label" => "Crop Actions", role: "group"}
     = render 'plantings/modal', planting: Planting.new(crop: crop, owner: current_member)
     = render 'harvests/modal', harvest: Harvest.new(crop: @crop,  owner: current_member)
     = render 'seeds/modal', seed: Seed.new(crop: @crop,  owner: current_member)
+    - if active_plantings.any?
+      = render 'plantings/failed_modal', crop: crop, active_plantings: active_plantings

app/views/crops/_form.html.haml

@@ -85,7 +85,7 @@
 
       -# Only crop wranglers see the crop hierarchy (for now)
       - if can? :wrangle, @crop
-        = f.collection_select(:parent_id, Crop.all.order(:name), :id, :name,
+        = f.select(:parent_id, Crop.order(:name).pluck(:name, :id),
           { include_blank: true, label: 'Parent crop'})
         %span.help-block Optional. For setting up crop hierarchies for varieties etc.
 

app/views/crops/_plantings.html.haml

@@ -8,6 +8,8 @@
           = link_to planting_path(planting), class: 'card-link' do
             = planting_icon
             = planting
+          - if can?(:edit, planting)
+            .float-right= render 'plantings/actions', planting: planting
           .float-right= render 'members/location', member: planting.owner
   .card-footer
     - if crop.approved?

app/views/crops/show.html.haml

@@ -73,10 +73,11 @@
               = pie_chart crop_harvested_for_path(@crop, format: :json), legend: "bottom"
 
     - if @crop.varieties.any?
-      %section.varieties
-        %h2 Varieties
-        .index-cards
-          = render 'varieties', crop: @crop
+      - cache [@crop, 'varieties'] do
+        %section.varieties
+          %h2 Varieties
+          .index-cards
+            = render 'varieties', crop: @crop
 
     %section.crop-map
       %h2
@@ -134,9 +135,11 @@
     = render 'harvests', crop: @crop
     = render 'find_seeds', crop: @crop
 
-    = render 'openfarm_data', crop: @crop
+    - cache [@crop, 'openfarm_data'] do
+      = render 'openfarm_data', crop: @crop
 
-    = render 'nutritional_data', crop: @crop
+    - cache [@crop, 'nutritional_data'] do
+      = render 'nutritional_data', crop: @crop
 
     = cute_icon
     .card

app/views/forums/index.html.haml

@@ -6,6 +6,7 @@
 
 - @forums.each do |forum|
   %h2= forum
+  %p= forum.description
   %p
     = localize_plural(forum.posts, Post)
     |

app/views/members/_follow_buttons.haml

@@ -1,6 +1,11 @@
 - if current_member && current_member != member # must be logged in, can't follow yourself
+  - block = current_member.get_block(member)
   - follow = current_member.get_follow(member)
-  - if !follow && can?(:create, Follow) # not already following
+  - if !block && !follow && can?(:create, Follow) # not already following, and not blocking
     = link_to 'Follow', follows_path(followed: member), method: :post, class: 'btn btn-block btn-success'
   - if follow && can?(:destroy, follow) # already following
-    = link_to 'Unfollow', follow_path(follow), method: :delete, class: 'btn btn-block'
+    = link_to 'Unfollow', follow_path(follow), method: :delete, class: 'btn btn-block'
+  - if !block && can?(:create, Block) # not already blocking
+    = link_to 'Block', blocks_path(blocked: member), method: :post, class: 'btn btn-block btn-danger'
+  - if block && can?(:destroy, block) # already blocking
+    = link_to 'Unblock', block_path(block), method: :delete, class: 'btn btn-block'

app/views/plantings/_failed_modal.html.haml

@@ -0,0 +1,26 @@
+#modelFailedPlantingForm.modal.fade{"aria-hidden" => "true", "aria-labelledby" => "failed-planting-button", role: "dialog", tabindex: "-1"}
+  .modal-dialog{role: "document"}
+    .modal-content
+      .modal-header.text-center
+        %h4.modal-title.w-100.font-weight-bold Mark #{crop.name} planting as failed
+        %button.close{"aria-label" => "Close", "data-bs-dismiss" => "modal", type: "button"}
+          %span{"aria-hidden" => "true"} ×
+      .modal-body
+        %p Which planting would you like to mark as failed?
+
+        %ul.list-group
+          - active_plantings.each do |planting|
+            %li.list-group-item
+              = link_to planting_path(planting, planting: {failed: 1}), method: :put do
+                .d-flex.justify-content-between
+                  %span
+                    %h4= planting.garden.name
+                    %p Planted #{planting.planted_at}
+                  %span
+                    = finished_icon
+        .mt-3.text-right
+          = link_to 'cancel', '', "data-bs-dismiss" => "modal", class: 'btn btn-secondary'
+
+%a.btn#failed-planting-button{"data-bs-target" => "#modelFailedPlantingForm", "data-bs-toggle" => "modal", href: ""}
+  = finished_icon
+  Mark as failed

app/views/scientific_names/_form.html.haml

@@ -17,8 +17,8 @@
   .form-group
     = f.label :crop_id, class: 'control-label col-md-2'
     .col-md-8
-      = collection_select(:scientific_name, :crop_id, Crop.all.order(:name), :id,
-        :name, { selected: @scientific_name.crop_id || @crop.id },
+      = select(:scientific_name, :crop_id, Crop.order(:name).pluck(:name, :id),
+        { selected: @scientific_name.crop_id || @crop.id },
         class: 'form-control')
   .form-group
     = f.label :name, class: 'control-label col-md-2'

config/application.rb

@@ -73,6 +73,8 @@ module Growstuff
     config.newsletter_list_id = ENV.fetch('GROWSTUFF_MAILCHIMP_NEWSLETTER_ID', nil)
 
     # config.active_record.raise_in_transactional_callbacks = true
+    config.middleware.insert_before 0, Rack::Attack
+
     config.middleware.insert_before 0, Rack::Cors do
       allow do
         origins '*'

config/initializers/rack_attack.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+class Rack::Attack
+  ### Throttle Config ###
+
+  if Rails.env.production?
+    # Throttle requests to /plantings, /harvests, and /members to 10 per minute per IP
+    # Includes API routes
+    throttle('req/ip/restricted_routes', limit: 20, period: 1.minute) do |req|
+      if req.path =~ %r{^/(plantings|harvests|members)(/|$)} || req.path =~ %r{^/api/v1/(plantings|harvests|members)(/|$)}
+        req.ip
+      end
+    end
+
+    ### Fail2Ban Config ###
+
+    # Block IPs that make too many requests to suspicious paths
+    # After 5 "bad" requests in 10 minutes, block the IP for 1 hour
+    blocklist('fail2ban/pentesters') do |req|
+      Fail2Ban.filter("pentesters-#{req.ip}", maxretry: 5, findtime: 10.minutes, bantime: 1.hour) do
+        # The count for the IP is incremented if the return value is truthy.
+        req.path.include?('wp-admin') ||
+          req.path.include?('wp-login') ||
+          req.path.include?('cgi-bin') ||
+          req.path.end_with?('.php', '.asp', '.aspx', '.jsp', '.exe', '.env', '.git')
+      end
+    end
+  end
+
+  ### Custom Response Headers ###
+
+  # Add Retry-After header to throttled responses
+  self.throttled_response_retry_after_header = true
+end

config/routes.rb

@@ -105,6 +105,7 @@ Rails.application.routes.draw do
   resources :forums
 
   resources :follows, only: %i(create destroy)
+  resources :blocks, only: %i(create destroy)
 
   post 'likes' => 'likes#create'
   delete 'likes' => 'likes#destroy'
@@ -121,6 +122,7 @@ Rails.application.routes.draw do
 
     resources :follows
     get 'followers' => 'follows#followers'
+    resources :blocks, only: %i(create destroy)
   end
 
   resources :messages

db/migrate/20250901144900_create_blocks.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class CreateBlocks < ActiveRecord::Migration[6.1]
+  def change
+    create_table :blocks do |t|
+      t.references :blocker, foreign_key: { to_table: :members }
+      t.references :blocked, foreign_key: { to_table: :members }
+
+      t.timestamps
+    end
+    add_index :blocks, %i(blocker_id blocked_id), unique: true
+  end
+end

db/schema.rb

@@ -384,6 +384,16 @@ ActiveRecord::Schema[7.2].define(version: 2025_12_01_045000) do
     t.index ["member_id"], name: "index_authentications_on_member_id"
   end
 
+  create_table "blocks", force: :cascade do |t|
+    t.bigint "blocker_id"
+    t.bigint "blocked_id"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["blocked_id"], name: "index_blocks_on_blocked_id"
+    t.index ["blocker_id", "blocked_id"], name: "index_blocks_on_blocker_id_and_blocked_id", unique: true
+    t.index ["blocker_id"], name: "index_blocks_on_blocker_id"
+  end
+
   create_table "comfy_cms_categories", id: :serial, force: :cascade do |t|
     t.integer "site_id", null: false
     t.string "label", null: false
@@ -972,6 +982,8 @@ ActiveRecord::Schema[7.2].define(version: 2025_12_01_045000) do
 
   add_foreign_key "active_storage_attachments", "active_storage_blobs", column: "blob_id"
   add_foreign_key "active_storage_variant_records", "active_storage_blobs", column: "blob_id"
+  add_foreign_key "blocks", "members", column: "blocked_id"
+  add_foreign_key "blocks", "members", column: "blocker_id"
   add_foreign_key "harvests", "plantings"
   add_foreign_key "mailboxer_conversation_opt_outs", "mailboxer_conversations", column: "conversation_id", name: "mb_opt_outs_on_conversations_id"
   add_foreign_key "mailboxer_notifications", "mailboxer_conversations", column: "conversation_id", name: "notifications_on_conversation_id"

lib/tasks/members.rake

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+namespace :members do
+  desc "Remove inactive members with no activity and last login > 24 months ago"
+  # usage: rake members:cleanup_inactive
+  # usage: DRY_RUN=true rake members:cleanup_inactive
+  task cleanup_inactive: :environment do
+    limit_date = 3.years.ago
+    dry_run = ENV.fetch('DRY_RUN', 'false') == 'true'
+
+    inactive_members = Member.where("last_sign_in_at < ? OR (last_sign_in_at IS NULL AND created_at < ?)", limit_date, limit_date)
+
+    count = 0
+    inactive_members.find_each do |member|
+      # Check for activity using the model method
+      unless member.has_activity?
+        if dry_run
+          puts "[DRY RUN] Would delete inactive member: #{member.login_name} (ID: #{member.id}, Last login: #{member.last_sign_in_at || 'Never'}, Created: #{member.created_at})"
+        else
+          puts "Deleting inactive member: #{member.login_name} (ID: #{member.id}, Last login: #{member.last_sign_in_at || 'Never'}, Created: #{member.created_at})"
+          member.destroy
+        end
+        count += 1
+      end
+    end
+
+    if dry_run
+      puts "Total inactive members that would be deleted: #{count}"
+    else
+      puts "Total inactive members deleted: #{count}"
+    end
+  end
+end

spec/controllers/forums_controller_spec.rb

@@ -0,0 +1,113 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe ForumsController do
+  let(:admin) { create(:admin_member) }
+  let(:member) { create(:member) }
+  let(:forum) { create(:forum) }
+
+  describe "GET #index" do
+    it "returns a success response" do
+      get :index
+      expect(response).to be_successful
+    end
+
+    it "assigns @forums" do
+      forum # create forum
+      get :index
+      expect(assigns(:forums)).to include(forum)
+    end
+  end
+
+  describe "GET #show" do
+    it "returns a success response" do
+      get :show, params: { id: forum.to_param }
+      expect(response).to be_successful
+    end
+  end
+
+  context "as an admin" do
+    before { sign_in admin }
+
+    describe "GET #new" do
+      it "returns a success response" do
+        get :new
+        expect(response).to be_successful
+      end
+    end
+
+    describe "GET #edit" do
+      it "returns a success response" do
+        get :edit, params: { id: forum.to_param }
+        expect(response).to be_successful
+      end
+    end
+
+    describe "POST #create" do
+      context "with valid params" do
+        let(:valid_attributes) { { name: "New Forum", description: "A new forum", owner_id: admin.id } }
+
+        it "creates a new Forum" do
+          expect do
+            post :create, params: { forum: valid_attributes }
+          end.to change(Forum, :count).by(1)
+        end
+
+        it "redirects to the created forum" do
+          post :create, params: { forum: valid_attributes }
+          expect(response).to redirect_to(Forum.last)
+        end
+      end
+    end
+
+    describe "PUT #update" do
+      context "with valid params" do
+        let(:new_attributes) { { name: "Updated Name" } }
+
+        it "updates the requested forum" do
+          put :update, params: { id: forum.to_param, forum: new_attributes }
+          forum.reload
+          expect(forum.name).to eq("Updated Name")
+        end
+
+        it "redirects to the forum" do
+          put :update, params: { id: forum.to_param, forum: new_attributes }
+          expect(response).to redirect_to(forum)
+        end
+      end
+    end
+
+    describe "DELETE #destroy" do
+      it "destroys the requested forum" do
+        forum # ensure forum exists
+        expect do
+          delete :destroy, params: { id: forum.to_param }
+        end.to change(Forum, :count).by(-1)
+      end
+
+      it "redirects to the forums list" do
+        delete :destroy, params: { id: forum.to_param }
+        expect(response).to redirect_to(forums_url)
+      end
+    end
+  end
+
+  context "as a regular member" do
+    before { sign_in member }
+
+    describe "GET #new" do
+      it "denies access" do
+        get :new
+        expect(response).to redirect_to(root_path)
+      end
+    end
+
+    describe "POST #create" do
+      it "denies access" do
+        post :create, params: { forum: { name: "Forbidden" } }
+        expect(response).to redirect_to(root_path)
+      end
+    end
+  end
+end

spec/controllers/places_controller_spec.rb

@@ -9,18 +9,18 @@ describe PlacesController do
 
   describe "GET show" do
     before do
-      @member_london = create(:london_member)
-      @member_south_pole = create(:south_pole_member)
+      @london_member = create(:london_member)
+      @edinburgh_member = create(:edinburgh_member)
     end
 
     it "assigns place name" do
-      get :show, params: { place: @member_london.location }
-      assigns(:place).should eq @member_london.location
+      get :show, params: { place: @london_member.location }
+      assigns(:place).should eq @london_member.location
     end
 
     it "assigns nearby members" do
-      get :show, params: { place: @member_london.location }
-      assigns(:nearby_members).should eq [@member_london, @member_south_pole]
+      get :show, params: { place: @london_member.location }
+      assigns(:nearby_members).should eq [@london_member, @edinburgh_member]
     end
   end
 

spec/features/forums_spec.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe "Forums usage", :js do
+  let!(:forum) { create(:forum, name: "General Discussion", description: "Talk about anything") }
+  let(:member) { create(:member) }
+
+  describe "browsing forums" do
+    it "shows the list of forums" do
+      visit forums_path
+      expect(page).to have_content("General Discussion")
+      expect(page).to have_content("Talk about anything")
+    end
+  end
+
+  describe "viewing a forum" do
+    let!(:post) { create(:post, forum: forum, subject: "Hello World", author: member) }
+
+    it "shows forum details and posts" do
+      visit forum_path(forum)
+      expect(page).to have_css("h1", text: "General Discussion")
+      expect(page).to have_content("Talk about anything")
+      expect(page).to have_content("Hello World")
+      expect(page).to have_link("Post something")
+    end
+  end
+
+  describe "starting a new post from a forum" do
+    include_context 'signed in member'
+
+    it "pre-fills the forum when creating a new post" do
+      visit forum_path(forum)
+      click_link "Post something"
+
+      expect(page).to have_current_path(new_post_path(forum_id: forum.id))
+      expect(page).to have_content("This post will be posted in the forum #{forum.name}")
+
+      fill_in "post_subject", with: "My New Post"
+      fill_in "post_body", with: "Content of my post"
+      click_button "Post"
+
+      expect(page).to have_content("Post was successfully created")
+      expect(Post.last.forum).to eq(forum)
+    end
+  end
+end

spec/features/members/blocking_spec.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe "blocks", :js do
+  context "when signed in" do
+    include_context 'signed in member'
+    let(:other_member) { create(:member) }
+
+    it "your profile doesn't have a block button" do
+      visit member_path(member)
+      expect(page).to have_no_link "Block"
+      expect(page).to have_no_link "Unblock"
+    end
+
+    context "blocking another member" do
+      before { visit member_path(other_member) }
+
+      it "has a block button" do
+        expect(page).to have_link "Block", href: blocks_path(blocked: other_member.slug)
+      end
+
+      it "has correct message and unblock button" do
+        click_link 'Block'
+        expect(page).to have_content "Blocked #{other_member.login_name}"
+        expect(page).to have_link "Unblock", href: block_path(member.get_block(other_member))
+      end
+
+      it "has correct message and block button after unblock" do
+        click_link 'Block'
+        click_link 'Unblock'
+        expect(page).to have_content "Unblocked #{other_member.login_name}"
+        visit member_path(other_member) # unblocking redirects to root
+        expect(page).to have_link "Block", href: blocks_path(blocked: other_member.slug)
+      end
+
+      context "when a member is blocked" do
+        before do
+          click_link 'Block'
+        end
+
+        it "prevents following" do
+          visit member_path(other_member)
+          expect(page).to have_no_link "Follow"
+        end
+
+        xit "prevents messaging" do
+          visit new_message_path(recipient_id: other_member.id)
+          fill_in "Subject", with: "Test message"
+          fill_in "Body", with: "Test message body"
+          click_button "Send message"
+          expect(page).to have_content "You cannot send a message to a member who has blocked you."
+        end
+
+        xit "prevents commenting" do
+          post = create(:post, author: other_member)
+          visit post_path(post)
+          fill_in "comment_body", with: "Test comment"
+          click_button "Post Comment"
+          expect(page).to have_content "You cannot comment on a post of a member who has blocked you."
+        end
+
+        xit "prevents liking" do
+          post = create(:post, author: other_member)
+          visit post_path(post)
+          click_link "Like"
+          expect(page).to have_content "You cannot like content of a member who has blocked you."
+        end
+      end
+    end
+  end
+end

spec/features/members/following_spec.rb

@@ -23,6 +23,17 @@ describe "follows", :js do
       expect(page).to have_no_link "Unfollow"
     end
 
+    context "when the other member is blocked" do
+      before do
+        member.blocks.create(blocked: other_member)
+        visit member_path(other_member)
+      end
+
+      it "does not have a follow button" do
+        expect(page).to have_no_link "Follow"
+      end
+    end
+
     context "following another member" do
       before { visit member_path(other_member) }
 

spec/models/ability_spec.rb

@@ -77,6 +77,90 @@ describe Ability do
     end
   end
 
+  context 'plantings' do
+    let(:approved_crop) { create(:crop, approval_status: 'approved') }
+    let(:unapproved_crop) { create(:crop, approval_status: 'unapproved') }
+    let(:garden) { create(:garden, owner: member) }
+    let(:planting) { create(:planting, garden: garden, crop: approved_crop, owner: member) }
+    let(:other_planting) { create(:planting, crop: approved_crop) }
+    let(:planting_with_unapproved_crop) { create(:planting, garden: garden, crop: unapproved_crop, owner: member) }
+
+    it 'can create a planting' do
+      ability.should be_able_to(:create, Planting)
+    end
+
+    it 'can manage their own planting with an approved crop' do
+      ability.should be_able_to(:update, planting)
+      ability.should be_able_to(:destroy, planting)
+    end
+
+    xit "can't manage their own planting with an unapproved crop" do
+      ability.should_not be_able_to(:update, planting_with_unapproved_crop)
+      ability.should_not be_able_to(:destroy, planting_with_unapproved_crop)
+    end
+
+    it "can't manage another member's planting" do
+      ability.should_not be_able_to(:update, other_planting)
+      ability.should_not be_able_to(:destroy, other_planting)
+    end
+
+    it 'can transplant their own planting' do
+      ability.should be_able_to(:transplant, planting)
+    end
+
+    context 'garden collaborator' do
+      let(:garden) { create(:garden) }
+      let(:planting_in_garden) { create(:planting, garden:, crop: approved_crop, owner: garden.owner) }
+
+      before do
+        garden.garden_collaborators.create(member:)
+      end
+
+      it 'can manage plantings in a garden they collaborate on' do
+        ability.should be_able_to(:update, planting_in_garden)
+        ability.should be_able_to(:destroy, planting_in_garden)
+      end
+
+      it 'can transplant a planting in a garden they collaborate on' do
+        ability.should be_able_to(:transplant, planting_in_garden)
+      end
+    end
+  end
+
+  context 'harvests' do
+    let(:harvest) { create(:harvest, owner: member) }
+    let(:other_harvest) { create(:harvest) }
+
+    it 'can create a harvest' do
+      ability.should be_able_to(:create, Harvest)
+    end
+
+    it 'can manage their own harvest' do
+      ability.should be_able_to(:update, harvest)
+      ability.should be_able_to(:destroy, harvest)
+    end
+
+    it "can't manage another member's harvest" do
+      ability.should_not be_able_to(:update, other_harvest)
+      ability.should_not be_able_to(:destroy, other_harvest)
+    end
+
+    context 'garden collaborator' do
+      let(:garden) { create(:garden) }
+      let(:planting_in_garden) { create(:planting, garden:, owner: garden.owner) }
+      let(:harvest_in_garden) { create(:harvest, planting: planting_in_garden, owner: planting_in_garden.owner) }
+
+      before do
+        garden.garden_collaborators.create(member:)
+      end
+
+      it 'can manage harvests in a garden they collaborate on' do
+        ability.should be_able_to(:update, harvest_in_garden)
+        ability.should be_able_to(:destroy, harvest_in_garden)
+      end
+    end
+  end
+
   context 'plant parts' do
     let(:plant_part) { create(:plant_part) }
 
@@ -142,4 +226,111 @@ describe Ability do
       end
     end
   end
+
+  context 'activities' do
+    let(:activity) { create(:activity, owner: member) }
+    let(:other_activity) { create(:activity) }
+
+    it 'can create an activity' do
+      ability.should be_able_to(:create, Activity)
+    end
+
+    it 'can manage their own activity' do
+      ability.should be_able_to(:update, activity)
+      ability.should be_able_to(:destroy, activity)
+    end
+
+    it "can't manage another member's activity" do
+      ability.should_not be_able_to(:update, other_activity)
+      ability.should_not be_able_to(:destroy, other_activity)
+    end
+
+    context 'garden collaborator' do
+      let(:garden) { create(:garden) }
+      let(:activity_in_garden) { create(:activity, garden:) }
+
+      before do
+        garden.garden_collaborators.create(member:)
+      end
+
+      it 'can manage activities in a garden they collaborate on' do
+        ability.should be_able_to(:update, activity_in_garden)
+        ability.should be_able_to(:destroy, activity_in_garden)
+      end
+    end
+  end
+
+  context 'seeds' do
+    let(:seed) { create(:seed, owner: member) }
+    let(:other_seed) { create(:seed) }
+
+    it 'can create a seed' do
+      ability.should be_able_to(:create, Seed)
+    end
+
+    it 'can manage their own seed' do
+      ability.should be_able_to(:update, seed)
+      ability.should be_able_to(:destroy, seed)
+    end
+
+    it "can't manage another member's seed" do
+      ability.should_not be_able_to(:update, other_seed)
+      ability.should_not be_able_to(:destroy, other_seed)
+    end
+  end
+
+  context 'comments' do
+    let(:comment) { create(:comment, author: member) }
+    let(:other_comment) { create(:comment) }
+
+    it 'can create a comment' do
+      ability.should be_able_to(:create, Comment)
+    end
+
+    it 'can manage their own comment' do
+      ability.should be_able_to(:update, comment)
+      ability.should be_able_to(:destroy, comment)
+    end
+
+    it "can't manage another member's comment" do
+      ability.should_not be_able_to(:update, other_comment)
+      ability.should_not be_able_to(:destroy, other_comment)
+    end
+  end
+
+  context 'photos' do
+    let(:photo) { create(:photo, owner: member) }
+    let(:other_photo) { create(:photo) }
+
+    it 'can create a photo' do
+      ability.should be_able_to(:create, Photo)
+    end
+
+    it 'can manage their own photo' do
+      ability.should be_able_to(:update, photo)
+      ability.should be_able_to(:destroy, photo)
+    end
+
+    it "can't manage another member's photo" do
+      ability.should_not be_able_to(:update, other_photo)
+      ability.should_not be_able_to(:destroy, other_photo)
+    end
+  end
+
+  context 'likes' do
+    let(:like) { create(:like, member:) }
+    let(:other_like) { create(:like) }
+
+    it 'can create a like' do
+      ability.should be_able_to(:create, Like)
+    end
+
+    it 'can destroy their own like' do
+      ability.should be_able_to(:destroy, like)
+    end
+
+    it "can't destroy another member's like" do
+      ability.should_not be_able_to(:destroy, other_like)
+    end
+  end
 end

spec/models/comment_spec.rb

@@ -41,6 +41,21 @@ describe Comment do
     end
   end
 
+  context "when the post author has blocked the comment author" do
+    let(:post_author) { create(:member) }
+    let(:comment_author) { create(:member) }
+    let(:post) { create(:post, author: post_author) }
+
+    before do
+      post_author.blocks.create(blocked: comment_author)
+    end
+
+    it "is not valid" do
+      comment = build(:comment, commentable: post, author: comment_author)
+      expect(comment).not_to be_valid
+    end
+  end
+
   context "ordering" do
     before do
       @m = create(:member)

spec/models/like_spec.rb

@@ -63,6 +63,21 @@ describe Like do
     expect(Like.all).not_to include like
   end
 
+  context "when the likeable author has blocked the member" do
+    let(:likeable_author) { create(:member) }
+    let(:post_author) { create(:member) }
+    let(:post) { create(:post, author: likeable_author) }
+
+    before do
+      likeable_author.blocks.create(blocked: member)
+    end
+
+    it "is not valid" do
+      like = build(:like, likeable: post, member: member)
+      expect(like).not_to be_valid
+    end
+  end
+
   it 'liked_by_members_names' do
     expect(post.liked_by_members_names).to eq []
     Like.create(member:, likeable: post)

spec/models/plant_part_spec.rb

@@ -18,8 +18,8 @@ describe PlantPart do
     @h2 = create(:harvest,
                  crop:       @maize,
                  plant_part: @pp1)
-    @pp1.crops.should include @tomato
-    @pp1.crops.should include @maize
+    expect(@pp1.crops).to include @tomato
+    expect(@pp1.crops).to include @maize
   end
 
   it "doesn't duplicate crops" do
@@ -31,6 +31,6 @@ describe PlantPart do
     @h2 = create(:harvest,
                  crop:       @maize,
                  plant_part: @pp1)
-    @pp1.crops.should eq [@maize]
+    expect(@pp1.crops).to eq [@maize]
   end
 end

spec/models/seed_spec.rb

@@ -7,35 +7,35 @@ describe Seed do
   let(:seed)  { build(:seed, owner:) }
 
   it 'saves a basic seed' do
-    seed.save.should be(true)
+    expect(seed.save).to be(true)
   end
 
   it "has a slug" do
     seed.save
-    seed.slug.should match(/tamateapokaiwhenua-magic-bean/)
+    expect(seed.slug).to match(/tamateapokaiwhenua-magic-bean/)
   end
 
   context 'quantity' do
     it 'allows integer quantities' do
       @seed = build(:seed, quantity: 99)
-      @seed.should be_valid
+      expect(@seed).to be_valid
     end
 
     it "doesn't allow decimal quantities" do
       @seed = build(:seed, quantity: 99.9)
-      @seed.should_not be_valid
+      expect(@seed).not_to be_valid
     end
 
     it "doesn't allow non-numeric quantities" do
       @seed = build(:seed, quantity: 'foo')
-      @seed.should_not be_valid
+      expect(@seed).not_to be_valid
     end
 
     it "allows blank quantities" do
       @seed = build(:seed, quantity: nil)
-      @seed.should be_valid
+      expect(@seed).to be_valid
       @seed = build(:seed, quantity: '')
-      @seed.should be_valid
+      expect(@seed).to be_valid
     end
   end
 
@@ -43,14 +43,14 @@ describe Seed do
     it 'all valid tradable_to values should work' do
       %w(nowhere locally nationally internationally).each do |t|
         @seed = build(:seed, tradable_to: t)
-        @seed.should be_valid
+        expect(@seed).to be_valid
       end
     end
 
     it 'refuses invalid tradable_to values' do
       @seed = build(:seed, tradable_to: 'not valid')
-      @seed.should_not be_valid
-      @seed.errors[:tradable_to].should include(
+      expect(@seed).not_to be_valid
+      expect(@seed.errors[:tradable_to]).to include(
         "You may only trade seed nowhere, locally, " \
         "nationally, or internationally"
       )
@@ -58,35 +58,35 @@ describe Seed do
 
     it 'does not allow nil or blank values' do
       @seed = build(:seed, tradable_to: nil)
-      @seed.should_not be_valid
+      expect(@seed).not_to be_valid
       @seed = build(:seed, tradable_to: '')
-      @seed.should_not be_valid
+      expect(@seed).not_to be_valid
     end
 
     it 'tradable gives the right answers' do
       @seed = create(:seed, tradable_to: 'nowhere')
-      @seed.tradable.should be false
+      expect(@seed.tradable).to be false
       @seed = create(:seed, tradable_to: 'locally')
-      @seed.tradable.should be true
+      expect(@seed.tradable).to be true
       @seed = create(:seed, tradable_to: 'nationally')
-      @seed.tradable.should be true
+      expect(@seed.tradable).to be true
       @seed = create(:seed, tradable_to: 'internationally')
-      @seed.tradable.should be true
+      expect(@seed.tradable).to be true
     end
 
     it 'recognises a tradable seed' do
-      create(:tradable_seed).tradable.should == true
+      expect(create(:tradable_seed).tradable).to be true
     end
 
     it 'recognises an untradable seed' do
-      create(:untradable_seed).tradable.should == false
+      expect(create(:untradable_seed).tradable).to be false
     end
 
     it 'scopes correctly' do
       @tradable = create(:tradable_seed)
       @untradable = create(:untradable_seed)
-      described_class.tradable.should include @tradable
-      described_class.tradable.should_not include @untradable
+      expect(described_class.tradable).to include @tradable
+      expect(described_class.tradable).not_to include @untradable
     end
   end
 
@@ -95,7 +95,7 @@ describe Seed do
       ['certified organic', 'non-certified organic',
        'conventional/non-organic', 'unknown'].each do |t|
         @seed = build(:seed, organic: t)
-        @seed.should be_valid
+        expect(@seed).to be_valid
       end
     end
 
@@ -103,31 +103,31 @@ describe Seed do
       ['certified GMO-free', 'non-certified GMO-free',
        'GMO', 'unknown'].each do |t|
         @seed = build(:seed, gmo: t)
-        @seed.should be_valid
+        expect(@seed).to be_valid
       end
     end
 
     it 'all valid heirloom values should work' do
       %w(heirloom hybrid unknown).each do |t|
         @seed = build(:seed, heirloom: t)
-        @seed.should be_valid
+        expect(@seed).to be_valid
       end
     end
 
     it 'refuses invalid organic/GMO/heirloom values' do
       %i(organic gmo heirloom).each do |field|
         @seed = build(:seed, field => 'not valid')
-        @seed.should_not be_valid
-        @seed.errors[field].should_not be_empty
+        expect(@seed).not_to be_valid
+        expect(@seed.errors[field]).not_to be_empty
       end
     end
 
     it 'does not allow nil or blank values' do
       %i(organic gmo heirloom).each do |field|
         @seed = build(:seed, field => nil)
-        @seed.should_not be_valid
+        expect(@seed).not_to be_valid
         @seed = build(:seed, field => '')
-        @seed.should_not be_valid
+        expect(@seed).not_to be_valid
       end
     end
   end
@@ -136,13 +136,13 @@ describe Seed do
     it 'returns seeds with a plant_before date in the past' do
       expired_seed = create(:seed, plant_before: 1.day.ago)
       not_expired_seed = create(:seed, plant_before: 1.day.from_now)
-      described_class.expired.should include expired_seed
-      described_class.expired.should_not include not_expired_seed
+      expect(described_class.expired).to include expired_seed
+      expect(described_class.expired).not_to include not_expired_seed
     end
 
     it 'does not return finished seeds' do
       expired_seed = create(:seed, plant_before: 1.day.ago, finished: true)
-      described_class.expired.should_not include expired_seed
+      expect(described_class.expired).not_to include expired_seed
     end
   end
 
@@ -158,11 +158,11 @@ describe Seed do
       @seed3 = create(:tradable_seed)
       @seed4 = create(:seed)
 
-      described_class.interesting.should include @seed1
-      described_class.interesting.should_not include @seed2
-      described_class.interesting.should_not include @seed3
-      described_class.interesting.should_not include @seed4
-      described_class.interesting.size.should == 1
+      expect(described_class.interesting).to include @seed1
+      expect(described_class.interesting).not_to include @seed2
+      expect(described_class.interesting).not_to include @seed3
+      expect(described_class.interesting).not_to include @seed4
+      expect(described_class.interesting.size).to eq 1
     end
   end
 
@@ -172,7 +172,7 @@ describe Seed do
     before { seed.photos << create(:photo, owner: seed.owner) }
 
     it 'is found in has_photos scope' do
-      described_class.has_photos.should include(seed)
+      expect(described_class.has_photos).to include(seed)
     end
   end
 

spec/requests/forums_spec.rb

@@ -3,11 +3,53 @@
 require 'rails_helper'
 
 describe "Forums" do
+  let(:admin) { create(:admin_member) }
+  let(:forum) { create(:forum) }
+
   describe "GET /forums" do
-    it "works! (now write some real specs)" do
-      # Run the generator again with the --webrat flag if you want to use webrat methods/matchers
+    it "returns a successful response" do
       get forums_path
-      response.status.should be(200)
+      expect(response).to have_http_status(:ok)
+    end
+
+    it "returns JSON when requested" do
+      get forums_path(format: :json)
+      expect(response).to have_http_status(:ok)
+      expect(response.content_type).to include("application/json")
+    end
+  end
+
+  describe "GET /forums/:id" do
+    it "returns a successful response" do
+      get forum_path(forum)
+      expect(response).to have_http_status(:ok)
+    end
+
+    it "returns JSON when requested" do
+      get forum_path(forum, format: :json)
+      expect(response).to have_http_status(:ok)
+      expect(response.content_type).to include("application/json")
+    end
+  end
+
+  describe "POST /forums" do
+    context "as an admin" do
+      before { sign_in admin }
+
+      it "creates a new forum" do
+        expect do
+          post forums_path, params: { forum: { name: "New Request Forum", description: "Desc", owner_id: admin.id } }
+        end.to change(Forum, :count).by(1)
+        expect(response).to redirect_to(forum_path(Forum.last))
+      end
+    end
+
+    context "as a guest" do
+      it "redirects to sign in or denies access" do
+        post forums_path, params: { forum: { name: "New Request Forum", description: "Desc" } }
+        # Depending on CanCan/Devise setup, it might be a redirect to login or root
+        expect(response).to redirect_to(new_member_session_path).or redirect_to(root_path)
+      end
     end
   end
 end

spec/tasks/members_spec.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+require 'rake'
+
+describe 'members:cleanup_inactive' do
+  before :all do
+    Rails.application.load_tasks
+  end
+
+  let(:cleanup_task) { Rake::Task['members:cleanup_inactive'] }
+
+  before do
+    cleanup_task.reenable
+  end
+
+  it "deletes inactive members with no gardens and no other activity" do
+    inactive_no_activity = create(:member, last_sign_in_at: 25.months.ago)
+
+    # We must explicitly remove the default garden to test the "no gardens" condition
+    inactive_no_activity.gardens.destroy_all
+    expect(inactive_no_activity.gardens.count).to eq(0)
+
+    cleanup_task.invoke
+
+    expect(Member.exists?(inactive_no_activity.id)).to be_falsey
+  end
+
+  it "does not delete inactive members with a garden (even if empty)" do
+    inactive_with_garden = create(:member, last_sign_in_at: 25.months.ago)
+    # They have 1 default garden
+    expect(inactive_with_garden.gardens.count).to eq(1)
+
+    cleanup_task.invoke
+
+    expect(Member.exists?(inactive_with_garden.id)).to be_truthy
+  end
+
+  it "does not delete members with recent login" do
+    recent_member = create(:member, last_sign_in_at: 1.month.ago)
+    recent_member.gardens.destroy_all
+
+    cleanup_task.invoke
+
+    expect(Member.exists?(recent_member.id)).to be_truthy
+  end
+
+  it "does not delete inactive members with activity (posts)" do
+    inactive_with_post = create(:member, last_sign_in_at: 25.months.ago)
+    inactive_with_post.gardens.destroy_all
+    create(:post, author: inactive_with_post)
+
+    cleanup_task.invoke
+
+    expect(Member.exists?(inactive_with_post.id)).to be_truthy
+  end
+
+  it "honors DRY_RUN environment variable" do
+    inactive_no_activity = create(:member, last_sign_in_at: 25.months.ago)
+    inactive_no_activity.gardens.destroy_all
+
+    ENV['DRY_RUN'] = 'true'
+    cleanup_task.invoke
+    ENV['DRY_RUN'] = nil
+
+    expect(Member.exists?(inactive_no_activity.id)).to be_truthy
+  end
+end

spec/views/comments/index.rss.haml_spec.rb

@@ -15,11 +15,11 @@ describe 'comments/index.rss.haml' do
   end
 
   it 'shows RSS feed title' do
-    rendered.should have_content "Recent comments on all posts"
+    expect(rendered).to have_content "Recent comments on all posts"
   end
 
   it 'shows item title' do
-    rendered.should have_content "Comment by #{@author.login_name}"
+    expect(rendered).to have_content "Comment by #{@author.login_name}"
   end
 
   it 'escapes html for link to post' do
@@ -28,6 +28,6 @@ describe 'comments/index.rss.haml' do
   end
 
   it 'shows content of comments' do
-    rendered.should have_content "OMG LOL"
+    expect(rendered).to have_content "OMG LOL"
   end
 end

spec/views/crops/_grown_for.html.haml_spec.rb

@@ -13,7 +13,7 @@ describe "crops/_grown_for" do
 
   it 'shows plant parts' do
     render partial: 'crops/grown_for', locals: { crop: }
-    rendered.should have_content plant_path.name
+    expect(rendered).to have_content plant_path.name
     assert_select "a", href: plant_part_path(plant_path)
   end
 end

spec/views/crops/_popover.html.haml_spec.rb

@@ -12,10 +12,10 @@ describe "crops/_popover" do
   end
 
   it 'has a scientific name' do
-    rendered.should have_content 'Solanum lycopersicum'
+    expect(rendered).to have_content 'Solanum lycopersicum'
   end
 
   it 'shows count of plantings' do
-    rendered.should have_content '1 time'
+    expect(rendered).to have_content '1 time'
   end
 end

spec/views/crops/index.html.haml_spec.rb

@@ -33,7 +33,7 @@ describe "crops/index.html.haml" do
   context "downloads" do
     it "offers data downloads" do
       render
-      rendered.should have_content "The data on this page is available in the following formats:"
+      expect(rendered).to have_content "The data on this page is available in the following formats:"
       assert_select "a", href: crops_path(format: 'csv')
       assert_select "a", href: crops_path(format: 'json')
       assert_select "a", href: crops_path(format: 'rss')

spec/views/crops/index.rss.haml_spec.rb

@@ -13,11 +13,11 @@ describe 'crops/index.rss.haml' do
   end
 
   it 'shows RSS feed title' do
-    rendered.should have_content "Recently added crops"
+    expect(rendered).to have_content "Recently added crops"
   end
 
   it 'shows names of crops' do
-    rendered.should have_content @tomato.name
-    rendered.should have_content @maize.name
+    expect(rendered).to have_content @tomato.name
+    expect(rendered).to have_content @maize.name
   end
 end

spec/views/devise/confirmations/new_spec.rb

@@ -10,6 +10,6 @@ describe 'devise/confirmations/new.html.haml', type: "view" do
   end
 
   it 'contains a login field' do
-    rendered.should have_content "Enter either your login name or your email address"
+    expect(rendered).to have_content "Enter either your login name or your email address"
   end
 end

spec/views/devise/mailer/confirmation_instructions_spec.rb

@@ -10,11 +10,11 @@ describe 'devise/mailer/confirmation_instructions.html.haml', type: "view" do
     end
 
     it 'has a confirmation link' do
-      rendered.should have_content 'Confirm my account'
+      expect(rendered).to have_content 'Confirm my account'
     end
 
     it 'has a link to the homepage' do
-      rendered.should have_content root_url
+      expect(rendered).to have_content root_url
     end
   end
 end

spec/views/devise/mailer/reset_password_instructions_spec.rb

@@ -12,8 +12,8 @@ describe 'devise/mailer/reset_password_instructions.html.haml', type: "view" do
     end
 
     it 'has some of the right text' do
-      rendered.should have_content 'Change my password'
-      rendered.should have_content 'Someone has requested a link to reset your password'
+      expect(rendered).to have_content 'Change my password'
+      expect(rendered).to have_content 'Someone has requested a link to reset your password'
     end
   end
 end

spec/views/devise/mailer/unlock_instructions_spec.rb

@@ -9,11 +9,11 @@ describe 'devise/mailer/unlock_instructions.html.haml', type: "view" do
     end
 
     it "explains what's happened" do
-      rendered.should have_content "account has been locked"
+      expect(rendered).to have_content "account has been locked"
     end
 
     it "has an unlock link" do
-      rendered.should have_content "Unlock my account"
+      expect(rendered).to have_content "Unlock my account"
     end
   end
 end

spec/views/devise/registrations/edit_spec.rb

@@ -16,7 +16,7 @@ describe 'devise/registrations/edit.html.haml', type: "view" do
 
     it 'has some fields' do
       render
-      rendered.should have_content 'Email'
+      expect(rendered).to have_content 'Email'
     end
 
     context 'email section' do

spec/views/devise/registrations/new_spec.rb

@@ -13,7 +13,7 @@ describe 'devise/registrations/new.html.haml', type: "view" do
     end
 
     it 'has some fields' do
-      rendered.should have_content 'Email'
+      expect(rendered).to have_content 'Email'
     end
 
     it 'has a checkbox for newsletter subscription' do

spec/views/devise/sessions/new_spec.rb

@@ -13,8 +13,8 @@ describe 'devise/sessions/new.html.haml', type: "view" do
     end
 
     it 'has some fields' do
-      rendered.should have_content 'Remember me'
-      rendered.should have_content 'Password'
+      expect(rendered).to have_content 'Remember me'
+      expect(rendered).to have_content 'Password'
     end
   end
 end

spec/views/home/_blurb.html.haml_spec.rb

@@ -10,7 +10,7 @@ describe 'home/_blurb.html.haml', type: "view" do
     end
 
     it 'has description' do
-      rendered.should have_content 'is a community of food gardeners'
+      expect(rendered).to have_content 'is a community of food gardeners'
     end
 
     it 'has signup section' do
@@ -19,7 +19,7 @@ describe 'home/_blurb.html.haml', type: "view" do
     end
 
     it 'has a link to sign in' do
-      rendered.should have_content "Or sign in if you already have an account"
+      expect(rendered).to have_content "Or sign in if you already have an account"
       assert_select "a", href: new_member_session_path
     end
   end

spec/views/home/_stats.html.haml_spec.rb

@@ -5,6 +5,6 @@ require 'rails_helper'
 describe 'home/_stats.html.haml', type: "view" do
   it 'has activity stats' do
     render
-    rendered.should have_content "So far, 0 members have planted 0 crops"
+    expect(rendered).to have_content "So far, 0 members have planted 0 crops"
   end
 end

spec/views/home/index_spec.rb

@@ -29,8 +29,8 @@ describe 'home/index.html.haml', type: "view" do
     end
 
     it 'show interesting members' do
-      rendered.should have_content @member.login_name
-      rendered.should have_content @member.location
+      expect(rendered).to have_content @member.login_name
+      expect(rendered).to have_content @member.location
     end
   end
 end

spec/views/layouts/_header_spec.rb

@@ -14,24 +14,24 @@ describe 'layouts/_header.html.haml', type: "view" do
     end
 
     it 'has signup/signin links' do
-      rendered.should have_content 'Sign up'
-      rendered.should have_content 'Sign in'
+      expect(rendered).to have_content 'Sign up'
+      expect(rendered).to have_content 'Sign in'
     end
 
     it 'has a Crops link' do
-      rendered.should have_content "Crops"
+      expect(rendered).to have_content "Crops"
     end
 
     it 'has a Seeds link' do
-      rendered.should have_content "Seeds"
+      expect(rendered).to have_content "Seeds"
     end
 
     it 'has a Places link' do
-      rendered.should have_content "Community Map"
+      expect(rendered).to have_content "Community Map"
     end
 
     it 'has a Community section' do
-      rendered.should have_content "Community"
+      expect(rendered).to have_content "Community"
     end
 
     it 'links to members' do
@@ -62,7 +62,7 @@ describe 'layouts/_header.html.haml', type: "view" do
 
     context "login name" do
       it 'has member login name' do
-        rendered.should have_content @member.login_name.to_s
+        expect(rendered).to have_content @member.login_name.to_s
       end
 
       it "shows link to member's gardens" do
@@ -83,19 +83,19 @@ describe 'layouts/_header.html.haml', type: "view" do
     end
 
     it 'shows signout link' do
-      rendered.should have_content 'Sign out'
+      expect(rendered).to have_content 'Sign out'
     end
 
     it 'shows inbox link' do
-      rendered.should have_content 'Inbox'
-      rendered.should_not match(/Inbox \d+/)
+      expect(rendered).to have_content 'Inbox'
+      expect(rendered).not_to match(/Inbox \d+/)
     end
 
     context 'has notifications' do
       it 'shows inbox count' do
         create(:notification, recipient: @member)
         render
-        rendered.should have_content 'Inbox 1'
+        expect(rendered).to have_content 'Inbox 1'
       end
     end
   end

spec/views/layouts/application_spec.rb

@@ -11,6 +11,6 @@ describe 'layouts/application.html.haml', type: "view" do
     Rails.application.config.analytics_code = '<script>console.log("foo!");</script>'
     render
     assert_select "script", text: 'console.log("foo!");'
-    rendered.should_not have_content 'script'
+    expect(rendered).to have_no_content 'script'
   end
 end

spec/views/photos/show.html.haml_spec.rb

@@ -109,7 +109,7 @@ describe "photos/show" do
     end
 
     it "contains the phrase 'All rights reserved'" do
-      rendered.should have_content "All rights reserved"
+      expect(rendered).to have_content "All rights reserved"
     end
   end
 end

spec/views/places/show.html.haml_spec.rb

@@ -22,7 +22,7 @@ describe "places/show" do
 
   it "shows the names of nearby members" do
     @nearby_members.each do |m|
-      rendered.should have_content m.login_name
+      expect(rendered).to have_content m.login_name
     end
   end
 end

spec/views/plantings/index.html.haml_spec.rb

@@ -45,7 +45,7 @@ describe "plantings/index.html.haml" do
 
   it "provides data links" do
     render
-    rendered.should have_content "The data on this page is available in the following formats:"
+    expect(rendered).to have_content "The data on this page is available in the following formats:"
     assert_select "a", href: plantings_path(format: 'csv')
     assert_select "a", href: plantings_path(format: 'json')
     assert_select "a", href: plantings_path(format: 'rss')

spec/views/posts/_single.html.haml_spec.rb

@@ -54,11 +54,11 @@ describe "posts/_single" do
     end
 
     it "shows edited at" do
-      rendered.should have_content "edited at"
+      expect(rendered).to have_content "edited at"
     end
 
     it "shows the updated time" do
-      rendered.should have_content @post.updated_at.to_fs(:default)
+      expect(rendered).to have_content @post.updated_at.to_fs(:default)
     end
   end
 
@@ -74,11 +74,11 @@ describe "posts/_single" do
     end
 
     it "shows edited at time" do
-      rendered.should have_content "edited at"
+      expect(rendered).to have_content "edited at"
     end
 
     it "shows updated time" do
-      rendered.should have_content @comment.updated_at
+      expect(rendered).to have_content @comment.updated_at
     end
   end
 
@@ -93,7 +93,7 @@ describe "posts/_single" do
     end
 
     it "does not show edited at" do
-      rendered.should_not have_content "edited at #{@post.updated_at}"
+      expect(rendered).to have_no_content "edited at #{@post.updated_at}"
     end
   end
 
@@ -109,7 +109,7 @@ describe "posts/_single" do
     end
 
     it "does not show edited at" do
-      rendered.should_not have_content "edited at #{@comment.updated_at}"
+      expect(rendered).to have_no_content "edited at #{@comment.updated_at}"
     end
   end
 end

spec/views/posts/edit.html.haml_spec.rb

@@ -27,7 +27,7 @@ describe "posts/edit" do
     end
 
     it 'no forum mentioned' do
-      rendered.should_not have_content "This post will be posted in the forum"
+      expect(rendered).to have_no_content "This post will be posted in the forum"
     end
 
     context "forum specified" do
@@ -44,7 +44,7 @@ describe "posts/edit" do
       end
 
       it 'tells the user what forum it will be posted in' do
-        rendered.should have_content "This post will be posted in the forum #{@forum.name}"
+        expect(rendered).to have_content "This post will be posted in the forum #{@forum.name}"
       end
     end
   end

spec/views/posts/show.rss.haml_spec.rb

@@ -14,19 +14,19 @@ describe 'posts/show.rss.haml' do
   end
 
   it 'shows RSS feed title' do
-    rendered.should have_content "Recent comments on #{@post.subject}"
+    expect(rendered).to have_content "Recent comments on #{@post.subject}"
   end
 
   it 'shows item title' do
-    rendered.should have_content "Comment by #{@author.login_name}"
+    expect(rendered).to have_content "Comment by #{@author.login_name}"
   end
 
   it 'escapes html for link to post' do
     # it's then unescaped by 'render' so we don't actually look for <
-    rendered.should have_content '<a href='
+    expect(rendered).to have_content '<a href='
   end
 
   it 'shows content of comments' do
-    rendered.should have_content "OMG LOL"
+    expect(rendered).to have_content "OMG LOL"
   end
 end