Rubocop (#4242)

* feat: Add API token generation and authentication

This commit introduces API token generation and authentication for write operations.

- Adds a section to the user's profile edit page to generate and display an API token.
- Reuses the `authentications` table to store the API token, avoiding the need for a database migration.
- Implements token-based authentication for the API using the `Authorization: Token token=...` header.
- Enables write operations for all API resources and ensures they are protected by the new authentication mechanism.
- Adds feature and request specs to test the new functionality.

* feat: Add API token generation and authentication

This commit introduces API token generation and authentication for write operations.

- Adds a section to the user's profile edit page to generate and display an API token.
- Reuses the `authentications` table to store the API token, avoiding the need for a database migration.
- Implements token-based authentication for the API using the `Authorization: Token token=...` header.
- Enables write operations for all API resources and ensures they are protected by the new authentication mechanism.
- Adds feature and request specs to test the new functionality.

* Mark as editable

* Refactor

* WIP - Authentication

* Implement more test coverage

* Split 401 and 403

* Before Create hooks

* Update harvest specs, defaulting to the first plant part - this may not be right

* Update coverage

* Update coverage

* Rubocop

* Rubocop

* Rubocop

* Fix coverage

* For now, mark photos immutable again

* Fix specs

* Fix specs

* Rubocop

* Fix specs

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Daniel O'Connor <daniel.oconnor@gmail.com>

.rubocop_todo.yml

@@ -1,30 +1,18 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2025-09-07 08:46:49 UTC using RuboCop version 1.80.2.
+# on 2024-07-13 05:47:38 UTC using RuboCop version 1.65.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 2
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation.
-Bundler/OrderedGems:
-  Exclude:
-    - 'Gemfile'
+# Offense count: 231
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: link_or_button, strict
+Capybara/ClickLinkOrButtonStyle:
+  Enabled: false
 
-# Offense count: 18
-Capybara/NegationMatcherAfterVisit:
-  Exclude:
-    - 'spec/features/crops/crop_detail_page_spec.rb'
-    - 'spec/features/crops/crop_wranglers_spec.rb'
-    - 'spec/features/gardens/gardens_spec.rb'
-    - 'spec/features/members/deletion_spec.rb'
-    - 'spec/features/members/following_spec.rb'
-    - 'spec/features/members/profile_spec.rb'
-    - 'spec/features/plantings/planting_a_crop_spec.rb'
-
-# Offense count: 34
+# Offense count: 39
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: DefaultSelector.
 Capybara/RSpec/HaveSelector:
@@ -37,6 +25,7 @@ Capybara/RSpec/HaveSelector:
     - 'spec/features/plantings/planting_a_crop_spec.rb'
     - 'spec/features/seeds/adding_seeds_spec.rb'
     - 'spec/features/shared_examples/crop_suggest.rb'
+    - 'spec/helpers/application_helper_spec.rb'
     - 'spec/support/feature_helpers.rb'
     - 'spec/views/posts/show.html.haml_spec.rb'
 
@@ -67,7 +56,8 @@ FactoryBot/AssociationStyle:
 
 # Offense count: 3
 # This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: EnforcedStyle, ExplicitOnly.
+# Configuration parameters: AutoCorrect, Include, EnforcedStyle, ExplicitOnly.
+# Include: **/*_spec.rb, **/spec/**/*, **/test/**/*, **/features/support/factories/**/*.rb
 # SupportedStyles: create_list, n_times
 FactoryBot/CreateList:
   Exclude:
@@ -76,29 +66,31 @@ FactoryBot/CreateList:
     - 'spec/views/posts/index.html.haml_spec.rb'
 
 # Offense count: 4
-# Configuration parameters: MaxAmount.
+# Configuration parameters: Include, MaxAmount.
+# Include: **/*_spec.rb, **/spec/**/*, **/test/**/*, **/features/support/factories/**/*.rb
 FactoryBot/ExcessiveCreateList:
   Exclude:
     - 'spec/controllers/posts_controller_spec.rb'
     - 'spec/features/crops/show_spec.rb'
     - 'spec/features/percy/percy_spec.rb'
 
-# Offense count: 1144
+# Offense count: 1127
 # This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Include.
+# Include: **/*_spec.rb, **/spec/**/*, **/test/**/*, **/features/support/factories/**/*.rb
 FactoryBot/SyntaxMethods:
   Enabled: false
 
-# Offense count: 3
+# Offense count: 2
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: Max, AllowHeredoc, AllowURI, AllowQualifiedName, URISchemes, IgnoreCopDirectives, AllowedPatterns, SplitStrings.
+# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
 # URISchemes: http, https
 Layout/LineLength:
   Exclude:
-    - 'app/models/concerns/predict_planting.rb'
-    - 'app/models/member.rb'
+    - 'app/helpers/crops_helper.rb'
     - 'db/seeds.rb'
 
-# Offense count: 4
+# Offense count: 3
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: RequireParenthesesForMethodChains.
 Lint/AmbiguousRange:
@@ -106,20 +98,14 @@ Lint/AmbiguousRange:
     - 'app/models/concerns/search_activities.rb'
     - 'app/models/concerns/search_harvests.rb'
     - 'app/models/concerns/search_plantings.rb'
-    - 'db/seeds.rb'
 
 # Offense count: 2
-# Configuration parameters: IgnoreLiteralBranches, IgnoreConstantBranches, IgnoreDuplicateElseBranch.
+# Configuration parameters: IgnoreLiteralBranches, IgnoreConstantBranches.
 Lint/DuplicateBranch:
   Exclude:
     - 'app/models/harvest.rb'
     - 'lib/actions/oauth_signup_action.rb'
 
-# Offense count: 1
-Lint/DuplicateMethods:
-  Exclude:
-    - 'app/models/planting.rb'
-
 # Offense count: 8
 # Configuration parameters: AllowComments, AllowEmptyLambdas.
 Lint/EmptyBlock:
@@ -138,6 +124,12 @@ Lint/RedundantCopDisableDirective:
   Exclude:
     - 'db/migrate/20230313015323_create_active_storage_tables.active_storage.rb'
 
+# Offense count: 2
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Lint/RedundantDirGlobSort:
+  Exclude:
+    - 'spec/rails_helper.rb'
+
 # Offense count: 1
 # Configuration parameters: AllowComments, AllowNil.
 Lint/SuppressedException:
@@ -145,18 +137,14 @@ Lint/SuppressedException:
     - 'lib/tasks/testing.rake'
 
 # Offense count: 7
-# This cop supports safe autocorrection (--autocorrect).
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AutoCorrect.
 Lint/UselessAssignment:
   Exclude:
     - 'config.rb'
     - 'config/compass.rb'
 
-# Offense count: 1
-Lint/UselessConstantScoping:
-  Exclude:
-    - 'app/controllers/members_controller.rb'
-
-# Offense count: 55
+# Offense count: 52
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
 Metrics/AbcSize:
   Max: 151
@@ -165,42 +153,33 @@ Metrics/AbcSize:
 # Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns, inherit_mode.
 # AllowedMethods: refine
 Metrics/BlockLength:
-  Max: 116
+  Max: 115
 
-# Offense count: 9
+# Offense count: 7
 # Configuration parameters: CountComments, CountAsOne.
 Metrics/ClassLength:
-  Max: 181
+  Max: 188
 
-# Offense count: 8
+# Offense count: 6
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 Metrics/CyclomaticComplexity:
   Max: 32
 
-# Offense count: 73
+# Offense count: 71
 # Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
 Metrics/MethodLength:
-  Max: 128
+  Max: 127
 
 # Offense count: 2
 # Configuration parameters: CountComments, CountAsOne.
 Metrics/ModuleLength:
-  Max: 132
+  Max: 125
 
-# Offense count: 7
+# Offense count: 5
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 Metrics/PerceivedComplexity:
   Max: 32
 
-# Offense count: 2
-# Configuration parameters: Mode, AllowedMethods, AllowedPatterns, AllowBangMethods, WaywardPredicates.
-# AllowedMethods: call
-# WaywardPredicates: nonzero?
-Naming/PredicateMethod:
-  Exclude:
-    - 'app/models/concerns/finishable.rb'
-    - 'app/models/seed.rb'
-
 # Offense count: 3
 RSpec/AnyInstance:
   Exclude:
@@ -225,6 +204,7 @@ RSpec/DescribedClass:
 
 # Offense count: 13
 # This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AutoCorrect.
 RSpec/EmptyExampleGroup:
   Exclude:
     - 'spec/controllers/authentications_controller_spec.rb'
@@ -240,10 +220,17 @@ RSpec/EmptyExampleGroup:
     - 'spec/views/photos/edit.html.haml_spec.rb'
     - 'spec/views/posts/_single.html.haml_spec.rb'
 
-# Offense count: 137
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowConsecutiveOneLiners.
+RSpec/EmptyLineAfterExample:
+  Exclude:
+    - 'spec/models/ability_spec.rb'
+
+# Offense count: 140
 # Configuration parameters: CountAsOne.
 RSpec/ExampleLength:
-  Max: 27
+  Max: 25
 
 # Offense count: 32
 RSpec/ExpectInHook:
@@ -258,8 +245,17 @@ RSpec/ExpectInHook:
     - 'spec/features/plantings/planting_a_crop_spec.rb'
     - 'spec/features/shared_examples/append_date.rb'
 
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: implicit, each, example
+RSpec/HookArgument:
+  Exclude:
+    - 'spec/requests/api/v1/plantings_request_spec.rb'
+
 # Offense count: 2
 # This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AutoCorrect.
 RSpec/HooksBeforeExamples:
   Exclude:
     - 'spec/features/crops/creating_a_crop_spec.rb'
@@ -280,15 +276,21 @@ RSpec/IndexedLet:
     - 'spec/models/member_spec.rb'
     - 'spec/views/forums/index.html.haml_spec.rb'
 
-# Offense count: 719
+# Offense count: 720
 # Configuration parameters: AssignmentOnly.
 RSpec/InstanceVariable:
   Enabled: false
 
-# Offense count: 42
+# Offense count: 40
 RSpec/LetSetup:
   Enabled: false
 
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+RSpec/MatchArray:
+  Exclude:
+    - 'spec/models/post_spec.rb'
+
 # Offense count: 2
 RSpec/MessageChain:
   Exclude:
@@ -305,14 +307,14 @@ RSpec/MultipleDescribes:
   Exclude:
     - 'spec/features/crops/crop_wranglers_spec.rb'
 
-# Offense count: 149
+# Offense count: 152
 RSpec/MultipleExpectations:
   Max: 19
 
-# Offense count: 147
+# Offense count: 138
 # Configuration parameters: AllowSubject.
 RSpec/MultipleMemoizedHelpers:
-  Max: 14
+  Max: 20
 
 # Offense count: 133
 # Configuration parameters: EnforcedStyle, IgnoreSharedExamples.
@@ -320,12 +322,12 @@ RSpec/MultipleMemoizedHelpers:
 RSpec/NamedSubject:
   Enabled: false
 
-# Offense count: 110
+# Offense count: 111
 # Configuration parameters: AllowedGroups.
 RSpec/NestedGroups:
   Max: 6
 
-# Offense count: 407
+# Offense count: 403
 # Configuration parameters: AllowedPatterns.
 # AllowedPatterns: ^expect_, ^assert_
 RSpec/NoExpectationExample:
@@ -356,13 +358,15 @@ RSpec/RepeatedExampleGroupBody:
 
 # Offense count: 6
 # This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AutoCorrect.
 RSpec/ScatteredSetup:
   Exclude:
     - 'spec/features/percy/percy_spec.rb'
     - 'spec/features/plantings/prediction_spec.rb'
 
 # Offense count: 1
-# Configuration parameters: CustomTransform, IgnoreMethods, IgnoreMetadata.
+# Configuration parameters: Include, CustomTransform, IgnoreMethods, IgnoreMetadata.
+# Include: **/*_spec.rb
 RSpec/SpecFilePathFormat:
   Exclude:
     - 'spec/controllers/member_controller_spec.rb'
@@ -376,6 +380,8 @@ RSpec/StubbedMock:
 
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: constant, string
 RSpec/VerifiedDoubleReference:
   Exclude:
     - 'spec/models/member_spec.rb'
@@ -405,36 +411,30 @@ RSpecRails/HaveHttpStatus:
 RSpecRails/InferredSpecType:
   Enabled: false
 
-# Offense count: 1
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: NilOrEmpty, NotPresent, UnlessPresent.
-Rails/Blank:
-  Exclude:
-    - 'lib/tasks/wikidata.rake'
-
-# Offense count: 29
-# Configuration parameters: Database.
+# Offense count: 28
+# Configuration parameters: Database, Include.
 # SupportedDatabases: mysql, postgresql
+# Include: db/**/*.rb
 Rails/BulkChangeTable:
   Enabled: false
 
 # Offense count: 4
+# Configuration parameters: Include.
+# Include: db/**/*.rb
 Rails/CreateTableWithTimestamps:
   Exclude:
     - 'db/migrate/20150201052245_create_cms.rb'
     - 'db/migrate/20171022032108_all_the_predictions.rb'
 
-# Offense count: 3
+# Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle, AllowToTime.
 # SupportedStyles: strict, flexible
 Rails/Date:
   Exclude:
-    - 'app/controllers/activities_controller.rb'
     - 'app/mailers/notifier_mailer.rb'
-    - 'app/models/concerns/search_seeds.rb'
 
-# Offense count: 12
+# Offense count: 11
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 # AllowedMethods: order, limit, select, lock
@@ -445,55 +445,64 @@ Rails/FindEach:
     - 'db/migrate/20171129041341_create_photographings.rb'
     - 'db/migrate/20190130090437_add_crop_to_photographings.rb'
     - 'db/migrate/20191119030244_cms_tags.rb'
-    - 'lib/tasks/wikidata.rake'
 
 # Offense count: 2
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
 Rails/HasAndBelongsToMany:
   Exclude:
     - 'app/models/member.rb'
     - 'app/models/role.rb'
 
 # Offense count: 5
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
 Rails/HasManyOrHasOneDependent:
   Exclude:
     - 'app/models/member.rb'
 
 # Offense count: 1
+# Configuration parameters: Include.
+# Include: spec/**/*.rb, test/**/*.rb
 Rails/I18nLocaleAssignment:
   Exclude:
     - 'spec/features/locale_spec.rb'
 
-# Offense count: 37
+# Offense count: 33
 Rails/I18nLocaleTexts:
   Enabled: false
 
 # Offense count: 3
+# Configuration parameters: Include.
+# Include: app/controllers/**/*.rb, app/mailers/**/*.rb
 Rails/LexicallyScopedActionFilter:
   Exclude:
     - 'app/controllers/data_controller.rb'
     - 'app/controllers/registrations_controller.rb'
 
-# Offense count: 1
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Rails/OrderArguments:
-  Exclude:
-    - 'app/models/crop.rb'
-
 # Offense count: 2
 Rails/OutputSafety:
   Exclude:
     - 'app/helpers/auto_suggest_helper.rb'
     - 'app/helpers/gardens_helper.rb'
 
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+Rails/PluralizationGrammar:
+  Exclude:
+    - 'spec/requests/plantings_spec.rb'
+
 # Offense count: 4
 # This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Include.
+# Include: **/Rakefile, **/*.rake
 Rails/RakeEnvironment:
   Exclude:
     - 'lib/tasks/hooks.rake'
     - 'lib/tasks/i18n.rake'
     - 'lib/tasks/testing.rake'
 
-# Offense count: 8
+# Offense count: 9
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: AllowedReceivers.
 # AllowedReceivers: ActionMailer::Preview, ActiveSupport::TimeZone
@@ -504,6 +513,7 @@ Rails/RedundantActiveRecordAllMethod:
     - 'app/controllers/forums_controller.rb'
     - 'app/controllers/plant_parts_controller.rb'
     - 'app/controllers/scientific_names_controller.rb'
+    - 'app/services/openfarm_service.rb'
     - 'spec/features/percy/percy_spec.rb'
     - 'spec/models/harvest_spec.rb'
 
@@ -518,6 +528,8 @@ Rails/RedundantPresenceValidationOnBelongsTo:
 
 # Offense count: 15
 # This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Include.
+# Include: spec/controllers/**/*.rb, spec/requests/**/*.rb, test/controllers/**/*.rb, test/integration/**/*.rb
 Rails/ResponseParsedBody:
   Exclude:
     - 'spec/controllers/api/v1/plantings_controller_spec.rb'
@@ -531,31 +543,29 @@ Rails/ResponseParsedBody:
     - 'spec/requests/api/v1/seeds_request_spec.rb'
 
 # Offense count: 9
+# Configuration parameters: Include.
+# Include: db/**/*.rb
 Rails/ReversibleMigration:
   Exclude:
     - 'db/migrate/20130326092227_change_planted_at_to_date.rb'
     - 'db/migrate/20191119020643_upgrade_cms.rb'
 
-# Offense count: 3
+# Offense count: 2
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/RootPathnameMethods:
   Exclude:
     - 'app/controllers/crops_controller.rb'
     - 'app/helpers/icons_helper.rb'
-    - 'config/application.rb'
-
-# Offense count: 2
-# Configuration parameters: ForbiddenMethods, AllowedMethods.
-# ForbiddenMethods: decrement!, decrement_counter, increment!, increment_counter, insert, insert!, insert_all, insert_all!, toggle!, touch, touch_all, update_all, update_attribute, update_column, update_columns, update_counters, upsert, upsert_all
-Rails/SkipsModelValidations:
-  Exclude:
-    - 'db/migrate/20240810160538_set_default_language_for_existing_alternate_names.rb'
 
 # Offense count: 21
+# Configuration parameters: Include.
+# Include: db/**/*.rb
 Rails/ThreeStateBooleanColumn:
   Enabled: false
 
 # Offense count: 6
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
 Rails/UniqueValidationWithoutIndex:
   Exclude:
     - 'app/models/follow.rb'
@@ -573,13 +583,12 @@ Rails/WhereEquals:
     - 'app/models/harvest.rb'
     - 'app/models/planting.rb'
 
-# Offense count: 3
+# Offense count: 2
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/WhereRange:
   Exclude:
     - 'app/models/concerns/predict_planting.rb'
     - 'app/models/garden.rb'
-    - 'app/models/seed.rb'
 
 # Offense count: 1
 Rake/MethodDefinitionInTask:
@@ -588,10 +597,8 @@ Rake/MethodDefinitionInTask:
 
 # Offense count: 3
 # This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: EnforcedStyle, EnforcedStyleForClasses, EnforcedStyleForModules.
+# Configuration parameters: EnforcedStyle.
 # SupportedStyles: nested, compact
-# SupportedStylesForClasses: ~, nested, compact
-# SupportedStylesForModules: ~, nested, compact
 Style/ClassAndModuleChildren:
   Exclude:
     - 'lib/actions/oauth_signup_action.rb'
@@ -607,15 +614,7 @@ Style/CommentedKeyword:
     - 'spec/models/photo_spec.rb'
     - 'spec/models/planting_spec.rb'
 
-# Offense count: 1
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: left_coerce, right_coerce, single_coerce, fdiv
-Style/FloatDivision:
-  Exclude:
-    - 'app/models/concerns/predict_planting.rb'
-
-# Offense count: 11
+# Offense count: 3
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: always, always_true, never
@@ -623,34 +622,23 @@ Style/FrozenStringLiteralComment:
   Exclude:
     - 'config/initializers/new_framework_defaults_6_0.rb'
     - 'db/migrate/20200801084007_add_foreign_key_constraint_to_active_storage_attachments_for_blob_id.active_storage.rb'
-    - 'db/migrate/20240716120000_add_social_media_to_members.rb'
-    - 'db/migrate/20240716120001_rename_other_handle_to_other_url_in_members.rb'
-    - 'db/migrate/20240929041435_create_garden_collaborators.rb'
-    - 'db/migrate/20250810120000_make_notifications_polymorphic.rb'
-    - 'db/migrate/20250824081313_change_comments_polymorphic.rb'
-    - 'db/migrate/20250901105232_add_source_to_seeds.rb'
-    - 'db/migrate/20250901110545_add_indexes_crops.rb'
-    - 'db/migrate/20250901130830_add_overall_rating_plantings.rb'
     - 'spec/lib/haml/filters/growstuff_markdown_spec.rb'
 
-# Offense count: 2
+# Offense count: 3
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/GlobalStdStream:
   Exclude:
     - 'config/environments/production.rb'
     - 'lib/tasks/gbif.rake'
+    - 'lib/tasks/openfarm.rake'
 
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
-Style/HashFetchChain:
+# Configuration parameters: AllowedMethods.
+# AllowedMethods: nonzero?
+Style/IfWithBooleanLiteralBranches:
   Exclude:
-    - 'app/models/concerns/open_farm_data.rb'
-
-# Offense count: 2
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Style/IdenticalConditionalBranches:
-  Exclude:
-    - 'lib/actions/oauth_signup_action.rb'
+    - 'app/controllers/gardens_controller.rb'
 
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
@@ -688,12 +676,11 @@ Style/OpenStructUse:
   Exclude:
     - 'spec/helpers/event_helper_spec.rb'
 
-# Offense count: 3
+# Offense count: 2
 # Configuration parameters: AllowedMethods.
 # AllowedMethods: respond_to_missing?
 Style/OptionalBooleanParameter:
   Exclude:
-    - 'app/helpers/application_helper.rb'
     - 'app/models/concerns/member_newsletter.rb'
 
 # Offense count: 1
@@ -710,26 +697,6 @@ Style/RedundantFetchBlock:
   Exclude:
     - 'config/puma.rb'
 
-# Offense count: 1
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Style/RedundantInterpolation:
-  Exclude:
-    - 'app/helpers/buttons_helper.rb'
-
-# Offense count: 1
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: implicit, explicit
-Style/RescueStandardError:
-  Exclude:
-    - 'lib/tasks/wikidata.rake'
-
-# Offense count: 4
-# Configuration parameters: Max.
-Style/SafeNavigationChainLength:
-  Exclude:
-    - 'app/models/ability.rb'
-
 # Offense count: 2
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowModifier.
@@ -738,35 +705,17 @@ Style/SoleNestedConditional:
     - 'app/controllers/application_controller.rb'
     - 'app/controllers/messages_controller.rb'
 
-# Offense count: 28
+# Offense count: 24
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Mode.
 Style/StringConcatenation:
   Exclude:
     - 'app/controllers/messages_controller.rb'
-    - 'app/helpers/application_helper.rb'
     - 'app/helpers/buttons_helper.rb'
-    - 'app/models/photo.rb'
     - 'config/initializers/rswag_api.rb'
     - 'spec/helpers/gardens_helper_spec.rb'
     - 'spec/helpers/seeds_helper_spec.rb'
 
-# Offense count: 1
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: single_quotes, double_quotes
-Style/StringLiteralsInInterpolation:
-  Exclude:
-    - 'config/initializers/mailboxer.rb'
-
-# Offense count: 1
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: .
-# SupportedStyles: percent, brackets
-Style/SymbolArray:
-  EnforcedStyle: percent
-  MinSize: 3
-
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: AllowMethodsWithArguments, AllowedMethods, AllowedPatterns, AllowComments.

Gemfile

@@ -199,4 +199,6 @@ group :travis do
   gem 'platform-api'
 end
 
+
+
 gem "i18n_data", "~> 1.1"

Gemfile.lock

@@ -142,7 +142,7 @@ GEM
       erubi (>= 1.0.0)
       rack (>= 0.9.0)
       rouge (>= 1.0.0)
-    bigdecimal (3.2.2)
+    bigdecimal (3.2.3)
     bluecloth (2.2.0)
     bonsai-elasticsearch-rails (7.0.1)
       elasticsearch-model (< 8)
@@ -198,7 +198,7 @@ GEM
     comfy_bootstrap_form (4.0.9)
       rails (>= 5.0.0)
     concurrent-ruby (1.3.5)
-    connection_pool (2.5.3)
+    connection_pool (2.5.4)
     crass (1.0.6)
     crowdin-api (1.12.0)
       open-uri (>= 0.1.0, < 0.2.0)
@@ -257,9 +257,9 @@ GEM
     excon (1.2.5)
       logger
     execjs (2.10.0)
-    factory_bot (6.5.4)
+    factory_bot (6.5.5)
       activesupport (>= 6.1.0)
-    factory_bot_rails (6.5.0)
+    factory_bot_rails (6.5.1)
       factory_bot (~> 6.5)
       railties (>= 6.1.0)
     faker (3.5.2)
@@ -475,7 +475,7 @@ GEM
       date
       stringio
     public_suffix (6.0.1)
-    puma (7.0.0)
+    puma (7.0.2)
       nio4r (~> 2.0)
     query_diet (0.7.2)
     racc (1.8.1)

app/controllers/api/v1/activities_controller.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module Api
+  module V1
+    class ActivitiesController < BaseController
+    end
+  end
+end

app/controllers/api/v1/base_controller.rb

@@ -4,6 +4,40 @@ module Api
   module V1
     class BaseController < JSONAPI::ResourceController
       abstract
+      protect_from_forgery with: :null_session
+      before_action :authenticate_member_from_token!
+      before_action :enforce_member_for_write_operations!, only: %i(create update destroy)
+      rescue_from CanCan::AccessDenied do
+        head :forbidden
+      end
+
+      def context
+        {
+          current_user:    current_user,
+          current_ability: current_ability,
+          controller:      self,
+          action:          params[:action]
+        }
+      end
+
+      private
+
+      attr_reader :current_user
+
+      def enforce_member_for_write_operations!
+        head :unauthorized unless current_user
+      end
+
+      def authenticate_member_from_token!
+        authenticate_with_http_token do |token, _options|
+          auth = Authentication.find_by(token: token, provider: 'api')
+          if auth.present?
+            @current_user = auth.member
+
+            return true
+          end
+        end
+      end
     end
   end
 end

app/controllers/crops_controller.rb

@@ -192,6 +192,8 @@ class CropsController < ApplicationController
       :parent_id, :perennial,
       :request_notes, :reason_for_rejection,
       :rejection_notes,
+      :row_spacing, :spread, :height,
+      :sowing_method, :sun_requirements, :growing_degree_days,
       scientific_names_attributes: %i(scientific_name _destroy id)
     )
   end

app/controllers/gardens_controller.rb

@@ -20,6 +20,7 @@ class GardensController < DataController
   def show
     @current_plantings = @garden.plantings.current.where.not(failed: true).includes(:crop, :owner).order(planted_at: :desc)
     @current_activities = @garden.activities.current.includes(:owner).order(created_at: :desc)
+    @finished_activities = @garden.activities.finished.includes(:owner).order(created_at: :desc)
     @finished_plantings = @garden.plantings.finished.includes(:crop)
     @suggested_companions = Crop.approved.where(
       id: CropCompanion.where(crop_a_id: @current_plantings.select(:crop_id)).select(:crop_b_id)

app/controllers/plantings_controller.rb

@@ -37,6 +37,7 @@ class PlantingsController < DataController
     @photos = @planting.photos.includes(:owner).order(date_taken: :desc)
     @harvests = Harvest.search(where: { planting_id: @planting.id })
     @current_activities = @planting.activities.current.includes(:owner).order(created_at: :desc)
+    @finished_activities = @planting.activities.finished.includes(:owner).order(created_at: :desc)
     @matching_seeds = matching_seeds
     @crop = @planting.crop
 

app/controllers/registrations_controller.rb

@@ -38,6 +38,12 @@ class RegistrationsController < Devise::RegistrationsController
     end
   end
 
+  def regenerate_api_token
+    current_member.regenerate_api_token
+    set_flash_message :notice, :api_token_regenerated
+    redirect_to edit_member_registration_path + '#apps'
+  end
+
   def destroy
     if @member.valid_password?(params.require(:member)[:current_password])
       @member.discard

app/helpers/application_helper.rb

@@ -38,9 +38,9 @@ module ApplicationHelper
     return 'today' if from_time.is_a?(Date) && (from_time == to_time)
 
     return 'now' if from_time == to_time
-    return distance_of_time_in_words(from_time, to_time, include_seconds:) + ' ago' if from_time > to_time
+    return "#{distance_of_time_in_words(from_time, to_time, include_seconds:)} ago" if from_time < to_time
 
-    'in ' + distance_of_time_in_words(from_time, to_time, include_seconds:)
+    "in #{distance_of_time_in_words(from_time, to_time, include_seconds:)}"
   end
 
   def count_github_contibutors

app/helpers/auto_suggest_helper.rb

@@ -13,7 +13,7 @@ module AutoSuggestHelper
     resource = resource.class.name.downcase
     source_path = Rails.application.routes.url_helpers.send("search_#{source}s_path", format: :json)
     %(
-      <input id="#{source}" class="auto-suggest #{options[:class]}" #{'required="required"' if options[:required]}
+      <input id="#{source}" class="auto-suggest #{options[:class]}" #{options[:required] ? 'required="required"' : ''}
         type="text" value="#{default}" data-source-url="#{source_path}",
         placeholder="e.g. lettuce">
       <noscript class="text-warning">

app/helpers/event_helper.rb

@@ -7,8 +7,8 @@ module EventHelper
 
   def event_description(event)
     render "#{event.event_type.pluralize}/description", event_model: resolve_model(event)
-  rescue ActionView::MissingTemplate
-    "#{event.event_type.humanize.downcase}d"
+rescue ActionView::MissingTemplate
+  "#{event.event_type.humanize.downcase}d"
   end
 
   def resolve_model(event)

app/models/activity.rb

@@ -30,4 +30,20 @@ class Activity < ApplicationRecord
   def to_s
     name
   end
+
+  def garden_name
+    garden&.name
+  end
+
+  def garden_slug
+    garden&.slug
+  end
+
+  def planting_name
+    planting&.crop&.name
+  end
+
+  def planting_slug
+    planting&.crop&.slug
+  end
 end

app/models/concerns/open_farm_data.rb

@@ -8,14 +8,6 @@ module OpenFarmData
       fetch_attr('main_image_path')
     end
 
-    def height
-      fetch_attr('height')
-    end
-
-    def spread
-      fetch_attr('spread')
-    end
-
     def svg_icon
       icon = fetch_attr('svg_icon')
       return icon if icon.present?
@@ -31,10 +23,6 @@ module OpenFarmData
       fetch_attr('description')
     end
 
-    def row_spacing
-      fetch_attr('row_spacing')
-    end
-
     def common_names
       fetch_attr('common_names')
     end
@@ -43,22 +31,10 @@ module OpenFarmData
       fetch_attr('binomial_name')
     end
 
-    def sowing_method
-      fetch_attr('sowing_method')
-    end
-
     def main_image_path
       fetch_attr('main_image_path')
     end
 
-    def sun_requirements
-      fetch_attr('sun_requirements')
-    end
-
-    def growing_degree_days
-      fetch_attr('growing_degree_days')
-    end
-
     def processing_pictures
       fetch_attr('processing_pictures')
     end

app/models/crop.rb

@@ -90,7 +90,7 @@ class Crop < ApplicationRecord
   def popular_plant_parts
     PlantPart.joins(:harvests)
       .where("crop_id = ?", id)
-      .order(count_harvests_id: :desc)
+      .order("count_harvests_id DESC")
       .group("plant_parts.id", "plant_parts.name")
       .count("harvests.id")
   end

app/models/forum.rb

@@ -3,7 +3,6 @@
 class Forum < ApplicationRecord
   extend FriendlyId
   include Ownable
-
   validates :name, presence: true
   validates :description, presence: true
   friendly_id :name, use: %i(slugged finders)

app/models/garden_type.rb

@@ -2,7 +2,6 @@
 
 class GardenType < ApplicationRecord
   extend FriendlyId
-
   friendly_id :name, use: %i(slugged finders)
 
   has_many :gardens, dependent: :nullify

app/models/member.rb

@@ -2,14 +2,12 @@
 
 class Member < ApplicationRecord
   include Discard::Model
-
   acts_as_messageable # messages can be sent to this model
   include Geocodable
   include MemberFlickr
   include MemberNewsletter
 
   extend FriendlyId
-
   friendly_id :login_name, use: %i(slugged finders)
 
   #
@@ -26,6 +24,20 @@ class Member < ApplicationRecord
   has_many :notifications, foreign_key: 'recipient_id', inverse_of: :recipient
   has_many :sent_notifications, foreign_key: 'sender_id', inverse_of: :sender, class_name: "Notification"
   has_many :authentications, dependent: :destroy
+  has_one :api_token, -> { where(provider: 'api') }, class_name: 'Authentication', dependent: :destroy
+
+  def api_token?
+    api_token.present?
+  end
+
+  def regenerate_api_token
+    api_token.destroy if api_token?
+    create_api_token(
+      provider: 'api',
+      uid:      id,
+      token:    SecureRandom.hex(16)
+    )
+  end
   has_many :photos, inverse_of: :owner
   has_many :likes, dependent: :destroy
 
@@ -93,9 +105,9 @@ class Member < ApplicationRecord
             uniqueness: {
               case_sensitive: false
             }
-  validates :website_url, format: { with: %r{\Ahttps?://}, message: "must start with http:// or https://" }, allow_blank: true
-  validates :other_url, format: { with: %r{\Ahttps?://}, message: "must start with http:// or https://" }, allow_blank: true
-  validates :instagram_handle, :facebook_handle, :bluesky_handle, format: { without: %r{\Ahttps?://|/}, message: "should be a handle, not a URL" }, allow_blank: true
+  validates :website_url, format: { with: /\Ahttps?:\/\//, message: "must start with http:// or https://" }, allow_blank: true
+  validates :other_url, format: { with: /\Ahttps?:\/\//, message: "must start with http:// or https://" }, allow_blank: true
+  validates :instagram_handle, :facebook_handle, :bluesky_handle, format: { without: %r{\Ahttps?:\/\/|\/}, message: "should be a handle, not a URL" }, allow_blank: true
 
   #
   # Triggers

app/models/plant_part.rb

@@ -2,7 +2,6 @@
 
 class PlantPart < ApplicationRecord
   extend FriendlyId
-
   friendly_id :name, use: %i(slugged finders)
 
   has_many :harvests, dependent: :destroy

app/models/role.rb

@@ -2,7 +2,6 @@
 
 class Role < ApplicationRecord
   extend FriendlyId
-
   friendly_id :name, use: %i(slugged finders)
   validates :name, uniqueness: true, presence: true
 

app/models/seed.rb

@@ -6,7 +6,6 @@ class Seed < ApplicationRecord
   include Finishable
   include Ownable
   include SearchSeeds
-
   friendly_id :seed_slug, use: %i(slugged finders)
 
   TRADABLE_TO_VALUES = %w(nowhere locally nationally internationally).freeze
@@ -49,7 +48,7 @@ class Seed < ApplicationRecord
                                                                     "are heirloom, hybrid, or unknown" }
   validates :source, allow_blank: true,
                      inclusion:   { in: SOURCE_VALUES, message: "You must say where the seeds are from," \
-                                                                "or that you don't know" }
+                                                                 "or that you don't know" }
 
   #
   # Delegations

app/resources/api/v1/activity_resource.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Api
+  module V1
+    class ActivityResource < BaseResource
+      before_create do
+        @model.owner = context[:current_user]
+      end
+
+      has_one :owner, class_name: 'Member'
+      has_one :garden
+      has_one :planting
+
+      attribute :name
+      attribute :description
+      attribute :category
+      attribute :finished
+      attribute :due_date
+
+      filter :owner
+      filter :owner_id
+      filter :garden
+      filter :garden_id
+      filter :planting
+      filter :planting_id
+      filter :category
+    end
+  end
+end

app/resources/api/v1/crop_resource.rb

@@ -3,8 +3,7 @@
 module Api
   module V1
     class CropResource < BaseResource
-      immutable
-
+      immutable # TODO: Re-evaluate this later
       filter :approval_status, default: 'approved'
 
       has_many :plantings

app/resources/api/v1/garden_resource.rb

@@ -3,13 +3,22 @@
 module Api
   module V1
     class GardenResource < BaseResource
-      immutable
+      before_create do
+        @model.owner = context[:current_user]
+      end
 
       has_one :owner, class_name: 'Member'
       has_many :plantings
       has_many :photos
 
       attribute :name
+
+      filter :owner
+      filter :owner_id
+      filter :active
+      filter :garden_type
+      filter :location
+      filter :slug
     end
   end
 end

app/resources/api/v1/harvest_resource.rb

@@ -3,11 +3,17 @@
 module Api
   module V1
     class HarvestResource < BaseResource
-      immutable
+      before_save do
+        @model.owner = context[:current_user]
+        @model.crop_id = @model.planting.crop_id if @model.planting_id
+        @model.harvested_at = Time.zone.now if @model.harvested_at.blank?
+        @model.plant_part = PlantPart.first
+      end
 
       has_one :crop
       has_one :planting
       has_one :owner, class_name: 'Member'
+      # has_one :plant_part
       has_many :photos
 
       attribute :harvested_at
@@ -16,6 +22,15 @@ module Api
       attribute :weight_quantity
       attribute :weight_unit
       attribute :si_weight
+
+      filter :owner
+      filter :owner_id
+      filter :crop
+      filter :crop_id
+      filter :planting
+      filter :planting_id
+      filter :plant_part
+      filter :harvested_at
     end
   end
 end

app/resources/api/v1/photo_resource.rb

@@ -3,7 +3,10 @@
 module Api
   module V1
     class PhotoResource < BaseResource
-      immutable
+      immutable # TODO: Re-evaluate this.
+      before_create do
+        @model.owner = context[:current_user]
+      end
 
       has_one :owner, class_name: 'Member'
       has_many :plantings

app/resources/api/v1/planting_resource.rb

@@ -3,7 +3,9 @@
 module Api
   module V1
     class PlantingResource < BaseResource
-      immutable
+      before_create do
+        @model.owner = context[:current_user]
+      end
 
       has_one :garden
       has_one :crop
@@ -36,6 +38,10 @@ module Api
       filter :owner
       filter :owner_id
       filter :finished
+      filter :active, apply: ->(records, _value, _options) { records.active }
+      filter :failed, apply: ->(records, _value, _options) { records.failed }
+      filter :sunniness
+      filter :perennial, apply: ->(records, _value, _options) { records.perennial }
 
       attribute :percentage_grown
       delegate :percentage_grown, to: :@model

app/resources/api/v1/seed_resource.rb

@@ -3,7 +3,9 @@
 module Api
   module V1
     class SeedResource < BaseResource
-      immutable
+      before_create do
+        @model.owner = context[:current_user]
+      end
 
       has_one :owner, class_name: 'Member'
       has_one :crop
@@ -17,6 +19,15 @@ module Api
       attribute :organic
       attribute :gmo
       attribute :heirloom
+
+      filter :owner
+      filter :owner_id
+      filter :crop
+      filter :crop_id
+      filter :tradable_to
+      filter :organic
+      filter :gmo
+      filter :heirloom
     end
   end
 end

app/resources/base_resource.rb

@@ -1,6 +1,16 @@
 # frozen_string_literal: true
 
 class BaseResource < JSONAPI::Resource
-  immutable
   abstract
+
+  [:create, :update, :remove].each do |action|
+    set_callback action, :before, :authorize
+  end
+
+  # Check authorisation for write operations.
+  # NOTE: At a later time, we may require API tokens for READ operations.
+  def authorize
+    # context[:action] is simply context[:controller].params[:action]
+    context[:current_ability].authorize! context[:action].to_sym, @model
+  end
 end

app/views/crops/_form.html.haml

@@ -41,6 +41,14 @@
         = f.radio_button(:perennial, true, label: "Perennial")
         %span.help-block Living more than two years
 
+      %h2 OpenFarm Data
+      = f.number_field :row_spacing, label: 'Row Spacing (cm)', min: 0
+      = f.number_field :spread, label: 'Spread (cm)', min: 0
+      = f.number_field :height, label: 'Height (cm)', min: 0
+      = f.text_field :sowing_method
+      = f.text_field :sun_requirements
+      = f.number_field :growing_degree_days, min: 0
+
       - unless @crop.approved?
         = link_to 'Search wikipedia', "https://en.wikipedia.org/w/index.php?search=#{@crop.name}", target: '_blank'
       = f.url_field :en_wikipedia_url, id: "en_wikipedia_url", label: 'Wikipedia URL'

app/views/crops/_openfarm_data.html.haml

@@ -0,0 +1,33 @@
+- if crop.row_spacing || crop.spread || crop.height || crop.sowing_method || crop.sun_requirements || crop.growing_degree_days
+  = cute_icon
+  .card
+    .card-body
+      %h4 OpenFarm Data
+    %ul.list-group.list-group-flush
+      - if crop.row_spacing
+        %li.list-group-item
+          %strong Row Spacing:
+          = crop.row_spacing
+          cm
+      - if crop.spread
+        %li.list-group-item
+          %strong Spread:
+          = crop.spread
+          cm
+      - if crop.height
+        %li.list-group-item
+          %strong Height:
+          = crop.height
+          cm
+      - if crop.sowing_method
+        %li.list-group-item
+          %strong Sowing Method:
+          = crop.sowing_method
+      - if crop.sun_requirements
+        %li.list-group-item
+          %strong Sun Requirements:
+          = crop.sun_requirements
+      - if crop.growing_degree_days
+        %li.list-group-item
+          %strong Growing Degree Days:
+          = crop.growing_degree_days

app/views/crops/show.html.haml

@@ -111,6 +111,8 @@
     = render 'harvests', crop: @crop
     = render 'find_seeds', crop: @crop
 
+    = render 'openfarm_data', crop: @crop
+
     = cute_icon
     .card
       .card-body

app/views/devise/registrations/_edit_apps.html.haml

@@ -15,3 +15,16 @@
                     method: :delete, class: "remove btn btn-danger"
         - else
           = link_to 'Connect to Flickr', '/members/auth/flickr', class: 'btn'
+  %hr
+  .row
+    .col-md-12
+      %p
+        = image_tag "icons/post.svg", size: "32x32", alt: 'API logo'
+        - if current_member.api_token?
+          Your API token is
+          %code= current_member.api_token.token
+          = link_to "Regenerate", regenerate_api_token_path,
+                    data: { confirm: "Are you sure? Your old token will stop working immediately." },
+                    method: :post, class: "remove btn btn-danger"
+        - else
+          = link_to 'Generate API Token', regenerate_api_token_path, method: :post, class: 'btn btn-primary'

app/views/gardens/_previously.haml

@@ -16,3 +16,8 @@
   .col-md-12
     %p Nothing has been planted here.
 
+- if @finished_activities&.size&.positive?
+  %h2 Finished activities in garden
+  .index-cards
+    - @finished_activities.each do |activity|
+      = render "activities/card", activity: activity

app/views/harvests/_planting.haml

@@ -9,4 +9,4 @@
 - if @harvest.planting.present? && @harvest.planting.overall_rating.blank?
   .alert.alert-info{role: "alert"}
     This harvest is from a planting that hasn't been rated yet.
-    = link_to "Rate this planting", edit_planting_path(@harvest.planting), class: 'alert-link'
+    = link_to "Rate this planting", edit_planting_path(@harvest.planting, anchor: "planting_overall_rating"), class: 'alert-link'

app/views/plantings/show.html.haml

@@ -89,7 +89,11 @@
           - else
             .col-md-12
               %p Nothing is currently planned here.
-
+        - if @finished_activities&.size&.positive?
+          %h2 Finished activities for planting
+          .index-cards
+            - @finished_activities.each do |activity|
+              = render "activities/card", activity: activity
 
     .col-md-4.col-xs-12
       = render @planting.crop

config/initializers/jsonapi_resources.rb

@@ -1,8 +1,10 @@
 # frozen_string_literal: true
-
+class UnauthorisedError < JSONAPI::Error
+end
 JSONAPI.configure do |config|
   # built in paginators are :none, :offset, :paged
   config.default_paginator = :offset
   config.default_page_size = 10
   config.maximum_page_size = 100
+  config.exception_class_whitelist = [CanCan::AccessDenied, UnauthorisedError]
 end

config/initializers/mailboxer.rb

@@ -5,7 +5,7 @@ Mailboxer.setup do |config|
   config.uses_emails = true
 
   # Configures the default from for emails sent for Messages and Notifications
-  config.default_from = "Growstuff <#{ENV.fetch('GROWSTUFF_EMAIL', "no-reply@growstuff.org")}>"
+  config.default_from =  "Growstuff <#{ENV.fetch('GROWSTUFF_EMAIL', "no-reply@growstuff.org")}>"
 
   # Configures the methods needed by mailboxer
   # config.email_method = :email

config/locales/devise.en.yml

@@ -54,6 +54,7 @@ en:
         You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm
         link to finalize confirming your new email address.
       destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
+      api_token_regenerated: 'Your API token has been regenerated.'
     unlocks:
       send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
       unlocked: 'Your account has been unlocked successfully. Please sign in to continue.'

config/routes.rb

@@ -16,6 +16,7 @@ Rails.application.routes.draw do
   }
   devise_scope :member do
     get '/members/unsubscribe/:message' => 'members#unsubscribe', as: 'unsubscribe_member'
+    post '/members/regenerate_api_token' => 'registrations#regenerate_api_token', as: 'regenerate_api_token'
   end
   match '/members/:id/finish_signup' => 'members#finish_signup', via: %i(get patch), as: :finish_signup
 
@@ -141,6 +142,7 @@ Rails.application.routes.draw do
 
   namespace :api do
     namespace :v1 do
+      jsonapi_resources :activities
       jsonapi_resources :crops
       jsonapi_resources :gardens
       jsonapi_resources :harvests

db/migrate/20240101010101_add_fields_to_crops.rb

@@ -0,0 +1,10 @@
+class AddFieldsToCrops < ActiveRecord::Migration[5.2]
+  def change
+    add_column :crops, :row_spacing, :integer
+    add_column :crops, :spread, :integer
+    add_column :crops, :height, :integer
+    add_column :crops, :sowing_method, :string
+    add_column :crops, :sun_requirements, :string
+    add_column :crops, :growing_degree_days, :integer
+  end
+end

db/migrate/20240101010102_populate_crop_fields_from_openfarm_data.rb

@@ -0,0 +1,21 @@
+class PopulateCropFieldsFromOpenfarmData < ActiveRecord::Migration[5.2]
+  def up
+    Crop.find_each do |crop|
+      if crop.openfarm_data.present?
+        attributes = crop.openfarm_data.fetch('attributes', {})
+        crop.update_columns(
+          row_spacing: attributes['row_spacing'],
+          spread: attributes['spread'],
+          height: attributes['height'],
+          sowing_method: attributes['sowing_method'],
+          sun_requirements: attributes['sun_requirements'],
+          growing_degree_days: attributes['growing_degree_days']
+        )
+      end
+    end
+  end
+
+  def down
+    # This migration is not reversible.
+  end
+end

db/migrate/20240810160538_set_default_language_for_existing_alternate_names.rb

@@ -2,10 +2,10 @@
 
 class SetDefaultLanguageForExistingAlternateNames < ActiveRecord::Migration[7.2]
   def up
-    AlternateName.update_all(language: 'en') # rubocop:disable Rails/SkipsModelValidations
+    AlternateName.update_all(language: 'en')
   end
 
   def down
-    AlternateName.update_all(language: nil) # rubocop:disable Rails/SkipsModelValidations
+    AlternateName.update_all(language: nil)
   end
 end

db/schema.rb

@@ -252,6 +252,12 @@ ActiveRecord::Schema[7.2].define(version: 2025_09_01_130830) do
     t.jsonb "openfarm_data"
     t.integer "harvests_count", default: 0
     t.integer "photo_associations_count", default: 0
+    t.integer "row_spacing"
+    t.integer "spread"
+    t.integer "height"
+    t.string "sowing_method"
+    t.string "sun_requirements"
+    t.integer "growing_degree_days"
     t.index ["creator_id"], name: "index_crops_on_creator_id"
     t.index ["name"], name: "index_crops_on_name"
     t.index ["parent_id"], name: "index_crops_on_parent_id"

lib/tasks/wikidata.rake

@@ -50,7 +50,7 @@ namespace :wikidata do
         else
           puts "  Could not find Wikidata ID for #{crop.name}"
         end
-      rescue => e
+      rescue StandardError => e
         puts "  Error processing crop #{crop.name}: #{e.message}"
       end
     end

spec/controllers/crops_controller_spec.rb

@@ -100,6 +100,36 @@ describe CropsController do
       it { expect { subject }.to change(Crop, :count).by(1) }
       it { expect { subject }.to change(AlternateName, :count).by(2) }
       it { expect { subject }.to change(ScientificName, :count).by(1) }
+
+      context 'with openfarm data' do
+        let(:crop_params) do
+          {
+            crop:     {
+              name:                'aubergine',
+              en_wikipedia_url:    "https://en.wikipedia.org/wiki/Eggplant",
+              row_spacing:         10,
+              spread:              20,
+              height:              30,
+              sowing_method:       'direct',
+              sun_requirements:    'full sun',
+              growing_degree_days: 100
+            },
+            alt_name: { '1': "egg plant", '2': "purple apple" },
+            sci_name: { '1': "fancy sci name", '2': "" }
+          }
+        end
+
+        it 'saves openfarm data' do
+          subject
+          crop = Crop.last
+          expect(crop.row_spacing).to eq(10)
+          expect(crop.spread).to eq(20)
+          expect(crop.height).to eq(30)
+          expect(crop.sowing_method).to eq('direct')
+          expect(crop.sun_requirements).to eq('full sun')
+          expect(crop.growing_degree_days).to eq(100)
+        end
+      end
     end
   end
 

spec/controllers/garden_types_controller_spec.rb

@@ -4,7 +4,6 @@ require 'rails_helper'
 
 RSpec.describe GardenTypesController, type: :controller do
   include Devise::Test::ControllerHelpers
-
   let(:valid_params) { { name: 'My second GardenType' } }
   let(:garden_type)  { FactoryBot.create(:garden_type) }
 

spec/controllers/gardens_controller_spec.rb

@@ -4,7 +4,6 @@ require 'rails_helper'
 
 RSpec.describe GardensController, type: :controller do
   include Devise::Test::ControllerHelpers
-
   let(:valid_params) { { name: 'My second Garden' } }
 
   let(:garden) { FactoryBot.create(:garden) }

spec/factories/comments.rb

@@ -2,7 +2,7 @@
 
 FactoryBot.define do
   factory :comment do
-    commentable factory: %i(post)
+    association :commentable, factory: :post
     author
     sequence(:body) { |n| "OMG LOL #{n}" }
     # because our commenters are more polite than YouTube's

spec/factories/garden_collaborators.rb

@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 FactoryBot.define do
   factory :garden_collaborator do
     garden

spec/factories/notifications.rb

@@ -10,7 +10,7 @@ FactoryBot.define do
 
     body { "MyText" }
     read { false }
-    notifiable factory: %i(post)
+    association :notifiable, factory: :post
 
     factory :no_email_notification do
       recipient { FactoryBot.create(:no_email_notifications_member) }

spec/features/conversations/index_spec.rb

@@ -18,7 +18,7 @@ describe "Conversations", :js do
       click_link 'Inbox'
     end
 
-    it_behaves_like 'is accessible'
+    include_examples 'is accessible'
 
     it { expect(page).to have_content 'something i want to say' }
     it { page.percy_snapshot(page, name: 'conversations#index') }

spec/features/crops/alternate_name_spec.rb

@@ -83,23 +83,23 @@ describe "Alternate names", :js do
   end
 
   context 'Anonymous' do
-    it_behaves_like 'show alt names'
+    include_examples 'show alt names'
   end
 
   context 'Signed in member' do
     include_context 'signed in member'
-    it_behaves_like 'show alt names'
+    include_examples 'show alt names'
   end
 
   context 'Crop wrangler' do
     include_context 'signed in crop wrangler'
-    it_behaves_like 'show alt names'
-    it_behaves_like 'edit alt names'
+    include_examples 'show alt names'
+    include_examples 'edit alt names'
   end
 
   context 'Admin' do
     include_context 'signed in admin'
-    it_behaves_like 'show alt names'
-    it_behaves_like 'edit alt names'
+    include_examples 'show alt names'
+    include_examples 'edit alt names'
   end
 end

spec/features/crops/browse_crops_spec.rb

@@ -34,25 +34,25 @@ describe "browse crops", :search do
   end
 
   context 'anon' do
-    it_behaves_like 'shows crops'
+    include_examples 'shows crops'
     it { expect(page).to have_no_link "Add New Crop" }
   end
 
   context 'member' do
     include_context 'signed in member'
-    it_behaves_like 'shows crops'
-    it_behaves_like 'add new crop'
+    include_examples 'shows crops'
+    include_examples 'add new crop'
   end
 
   context 'wrangler' do
     include_context 'signed in crop wrangler'
-    it_behaves_like 'shows crops'
-    it_behaves_like 'add new crop'
+    include_examples 'shows crops'
+    include_examples 'add new crop'
   end
 
   context 'admin' do
     include_context 'signed in admin'
-    it_behaves_like 'shows crops'
-    it_behaves_like 'add new crop'
+    include_examples 'shows crops'
+    include_examples 'add new crop'
   end
 end

spec/features/crops/creating_a_crop_spec.rb

@@ -19,13 +19,21 @@ describe "Crop", :js do
         click_button class: "add-altname-row"
         fill_in "alt_name[3]", with: "Jazmin"
         fill_in "alt_name[4]", with: "Matsurika"
+
+        fill_in "crop_row_spacing", with: "12"
+        fill_in "crop_spread", with: "30"
+        fill_in "crop_height", with: "10"
+        fill_in "crop_sowing_method", with: "directly into final position"
+
+        fill_in "crop_sun_requirements", with: "full sun"
+        fill_in "crop_growing_degree_days", with: 100
       end
     end
   end
 
   shared_examples 'request crop' do
     describe "requesting a crop with multiple scientific and alternate name" do
-      it_behaves_like 'fill in form'
+      include_examples 'fill in form'
       before do
         within "form#new_crop" do
           fill_in "request_notes", with: "This is the Philippine national flower."
@@ -42,7 +50,7 @@ describe "Crop", :js do
 
   shared_examples 'create crop' do
     describe "creating a crop with multiple scientific and alternate name" do
-      it_behaves_like 'fill in form'
+      include_examples 'fill in form'
       before do
         click_button "Save"
       end
@@ -61,16 +69,16 @@ describe "Crop", :js do
 
   context 'member' do
     include_context 'signed in member'
-    it_behaves_like 'request crop'
+    include_examples 'request crop'
   end
 
   context 'crop wrangler' do
     include_context 'signed in crop wrangler'
-    it_behaves_like 'create crop'
+    include_examples 'create crop'
   end
 
   context 'admin' do
     include_context 'signed in admin'
-    it_behaves_like 'create crop'
+    include_examples 'create crop'
   end
 end

spec/features/crops/crop_photos_spec.rb

@@ -59,17 +59,17 @@ describe "crop detail page", :js, :search do
 
   context "when signed in" do
     include_context 'signed in member'
-    it_behaves_like "shows photos"
+    include_examples "shows photos"
   end
 
   context "when signed in as photos owner" do
     include_context 'signed in member'
     let(:member) { owner_member }
 
-    it_behaves_like "shows photos"
+    include_examples "shows photos"
   end
 
   context "when not signed in" do
-    it_behaves_like "shows photos"
+    include_examples "shows photos"
   end
 end

spec/features/crops/delete_crop_spec.rb

@@ -27,11 +27,11 @@ describe "Delete crop spec" do
 
   context "As a crop wrangler" do
     include_context 'signed in crop wrangler'
-    it_behaves_like 'delete crop'
+    include_examples 'delete crop'
   end
 
   context 'admin' do
     include_context 'signed in admin'
-    it_behaves_like 'delete crop'
+    include_examples 'delete crop'
   end
 end

spec/features/gardens/actions_spec.rb

@@ -25,7 +25,7 @@ describe "Gardens" do
       context 'my gardens' do
         before { visit gardens_path(member_slug: member.slug) }
 
-        it_behaves_like "has buttons bar at top"
+        include_examples "has buttons bar at top"
 
         context 'with actions menu expanded' do
           before { click_link 'Actions' }
@@ -43,13 +43,13 @@ describe "Gardens" do
       context 'all gardens' do
         before { visit gardens_path }
 
-        it_behaves_like "has buttons bar at top"
+        include_examples "has buttons bar at top"
       end
 
       context "other member's garden" do
         before { visit gardens_path(member_slug: FactoryBot.create(:member).slug) }
 
-        it_behaves_like "has buttons bar at top"
+        include_examples "has buttons bar at top"
         describe 'does not show actions on other member garden' do
           it { is_expected.to have_no_link 'Actions' }
         end

spec/features/gardens/adding_gardens_spec.rb

@@ -8,7 +8,7 @@ describe "Gardens", :js do
     include_context 'signed in member'
     before { visit new_garden_path }
 
-    it_behaves_like 'is accessible'
+    include_examples 'is accessible'
 
     it "displays required and optional fields properly" do
       expect(page).to have_selector ".required", text: "Name"

spec/features/gardens/index_spec.rb

@@ -14,7 +14,7 @@ describe "Gardens#index", :js do
         visit member_gardens_path(member_slug: member.slug)
       end
 
-      it_behaves_like 'is accessible'
+      include_examples 'is accessible'
 
       it "displays each of the gardens" do
         member.gardens.each do |garden|

spec/features/harvests/harvesting_a_crop_spec.rb

@@ -26,7 +26,7 @@ describe "Harvesting a crop", :js, :search do
 
       within "form#new_harvest" do
         choose plant_part.name
-        fill_in "When?", with: Time.zone.local(2014, 0o6, 15)
+        fill_in "When?", with: Time.new(2014, 06, 15)
         fill_in "How many?", with: 42
         fill_in "Weighing (in total)", with: 42
         fill_in "Notes", with: "It's killer."

spec/features/likeable_spec.rb

@@ -58,13 +58,13 @@ describe 'Likeable', :js, :search do
     describe 'photos#index' do
       let(:path) { photos_path }
 
-      it_behaves_like 'object can be liked'
+      include_examples 'object can be liked'
     end
 
     describe 'photos#show' do
       let(:path) { photo_path(photo) }
 
-      it_behaves_like 'object can be liked'
+      include_examples 'object can be liked'
     end
 
     describe 'crops#show' do
@@ -74,7 +74,7 @@ describe 'Likeable', :js, :search do
 
       before { planting.photos << photo }
 
-      it_behaves_like 'object can be liked'
+      include_examples 'object can be liked'
     end
   end
 
@@ -82,27 +82,27 @@ describe 'Likeable', :js, :search do
     let(:like_count_class) { ".post-#{post.id} .like-count" }
     let(:path) { post_path(post) }
 
-    it_behaves_like 'object can be liked'
+    include_examples 'object can be liked'
   end
 
   describe 'activities' do
     let(:like_count_class) { ".activity-#{activity.id} .like-count" }
     let(:path) { activity_path(activity) }
 
-    it_behaves_like 'object can be liked'
+    include_examples 'object can be liked'
   end
 
   describe 'plantings' do
     let(:like_count_class) { ".planting-#{planting.id} .like-count" }
     let(:path) { planting_path(planting) }
 
-    it_behaves_like 'object can be liked'
+    include_examples 'object can be liked'
   end
 
   describe 'harvests' do
     let(:like_count_class) { ".harvest-#{harvest.id} .like-count" }
     let(:path) { harvest_path(harvest) }
 
-    it_behaves_like 'object can be liked'
+    include_examples 'object can be liked'
   end
 end

spec/features/members/deletion_spec.rb

@@ -2,7 +2,7 @@
 
 require 'rails_helper'
 
-describe "member deletion", :flaky do
+describe "member deletion", flaky: true do
   context "with activity and followers" do
     let(:member)          { FactoryBot.create(:member)                     }
     let(:other_member)    { FactoryBot.create(:member)                     }
@@ -63,7 +63,7 @@ describe "member deletion", :flaky do
       member.reload
       expect(member.discarded?).to be true
 
-      # Frustratingly, this cannot be discarded? and also meet
+      # Frustratingly, this cannot be discarded? and also meet 
       # `@member = Member.confirmed.kept.find_by!(slug: params[:slug])`
       #
       # Yet, we see the below assert fail in CI.
@@ -96,7 +96,7 @@ describe "member deletion", :flaky do
       end
 
       describe 'member exists but is marked deleted' do
-        subject { Member.find(member.id) }
+        subject { Member.all.find(member.id) }
 
         it { expect(subject).to eq member }
         it { expect(subject.discarded?).to be true }

spec/features/members/token_management_spec.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe "member token management", :js do
+  include_context 'signed in member'
+
+  before do
+    visit edit_member_registration_path
+    click_on "Apps"
+  end
+
+  it "can generate an API token" do
+    expect(page).to have_no_content("Your API token is")
+    click_on "Generate API Token"
+    expect(page).to have_content("Your API token is")
+    member.reload
+    expect(member.api_token).to be_present
+  end
+
+  context "with an existing token" do
+    before do
+      member.regenerate_api_token
+      visit edit_member_registration_path
+      click_on "Apps"
+    end
+
+    it "can regenerate an API token" do
+      old_token = member.api_token.token
+      expect(page).to have_content("Your API token is")
+      accept_confirm do
+        click_on "Regenerate"
+      end
+      expect(page).to have_content("Your API token is")
+      expect(member.reload.api_token.token).not_to eq(old_token)
+    end
+  end
+end

spec/features/signout_spec.rb

@@ -34,11 +34,11 @@ describe "signout" do
   end
 
   describe 'after signout, redirect to signin page if page needs authentication' do
-    it_behaves_like "sign-in redirects", "/plantings/new"
-    it_behaves_like "sign-in redirects", "/harvests/new"
-    it_behaves_like "sign-in redirects", "/posts/new"
-    it_behaves_like "sign-in redirects", "/gardens/new"
-    it_behaves_like "sign-in redirects", "/seeds/new"
+    include_examples "sign-in redirects", "/plantings/new"
+    include_examples "sign-in redirects", "/harvests/new"
+    include_examples "sign-in redirects", "/posts/new"
+    include_examples "sign-in redirects", "/gardens/new"
+    include_examples "sign-in redirects", "/seeds/new"
   end
 
   it 'photos' do

spec/models/ability_spec.rb

@@ -136,7 +136,6 @@ describe Ability do
       it "can manage members" do
         ability.should be_able_to(:destroy, FactoryBot.create(:member))
       end
-
       it "cannot delete themselves" do
         ability.should_not be_able_to(:destroy, member)
       end

spec/models/crop_spec.rb

@@ -154,7 +154,7 @@ describe Crop do
 
       it { expect(crop.default_photo).to eq photo }
 
-      it_behaves_like 'has default photo'
+      include_examples 'has default photo'
     end
 
     context 'with a harvest photo' do
@@ -165,7 +165,7 @@ describe Crop do
 
       it { expect(crop.default_photo).to eq photo }
 
-      it_behaves_like 'has default photo'
+      include_examples 'has default photo'
 
       context 'and planting photo' do
         let(:planting) { FactoryBot.create(:planting, crop:) }

spec/models/planting_spec.rb

@@ -523,7 +523,6 @@ describe Planting do
 
   context "failed" do
     let(:failed_planting) { FactoryBot.create(:planting, failed: true) }
-
     it 'has a failed field' do
       expect(failed_planting.failed).to be true
     end
@@ -536,20 +535,20 @@ describe Planting do
     end
 
     it 'is not included in the active scope' do
-      @p = FactoryBot.create(:planting)
-      @f = FactoryBot.create(:planting, failed: true)
-      described_class.active.should include @p
-      described_class.active.should_not include @f
+        @p = FactoryBot.create(:planting)
+        @f = FactoryBot.create(:planting, failed: true)
+        described_class.active.should include @p
+        described_class.active.should_not include @f
     end
 
     it 'cannot be finished and failed' do
-      @f = FactoryBot.build(:planting, finished: true, failed: true)
-      @f.should_not be_valid
+        @f = FactoryBot.build(:planting, finished: true, failed: true)
+        @f.should_not be_valid
     end
 
     it 'is not finished' do
-      @f = FactoryBot.build(:planting, finished: true, failed: true)
-      expect(@f.finished?).to be false
+        @f = FactoryBot.build(:planting, finished: true, failed: true)
+        expect(@f.finished?).to be false
     end
   end
 
@@ -588,7 +587,7 @@ describe Planting do
       FactoryBot.create(:finished_planting, owner: member, garden: member.gardens.first)
     end
     let!(:failed_planting) do
-      FactoryBot.create(:planting, failed: true, owner: member, garden: member.gardens.first)
+        FactoryBot.create(:planting, failed: true, owner: member, garden: member.gardens.first)
     end
 
     it { expect(member.plantings.active).to include(planting) }

spec/models/post_spec.rb

@@ -144,7 +144,7 @@ describe Post do
     end
 
     it "does not duplicate" do
-      expect(post.crops).to contain_exactly(tomato, maize)
+      expect(post.crops).to match_array([tomato, maize])
     end
 
     it "is updated when post was modified" do

spec/rails_helper.rb

@@ -70,8 +70,8 @@ include Warden::Test::Helpers
 # directory. Alternatively, in the individual `*_spec.rb` files, manually
 # require only the support files necessary.
 #
-Rails.root.glob("spec/support/**/*.rb").sort.each { |f| require f }
-Rails.root.glob("spec/features/shared_examples/**/*.rb").sort.each { |f| require f }
+Dir[Rails.root.join("spec/support/**/*.rb")].sort.each { |f| require f }
+Dir[Rails.root.join("spec/features/shared_examples/**/*.rb")].sort.each { |f| require f }
 
 # Checks for pending migrations before tests are run.
 # If you are not using ActiveRecord, you can remove this line.

spec/requests/api/v1/activities_request_spec.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Activities', type: :request do
+  subject { JSON.parse response.body }
+
+  let(:headers) { { 'Accept' => 'application/vnd.api+json' } }
+  let!(:activity) { FactoryBot.create(:activity, garden: create(:garden), planting: create(:planting)) }
+  let!(:activity2) { FactoryBot.create(:activity) }
+
+  it '#index' do
+    get('/api/v1/activities', params: {}, headers:)
+    expect(subject['data'].size).to eq(2)
+  end
+
+  it '#show' do
+    get("/api/v1/activities/#{activity.id}", params: {}, headers:)
+    expect(subject['data']['id']).to eq(activity.id.to_s)
+  end
+
+  context 'filtering' do
+    it 'filters by owner' do
+      get("/api/v1/activities?filter[owner-id]=#{activity.owner.id}", params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(activity.id.to_s)
+    end
+
+    it 'filters by garden' do
+      get("/api/v1/activities?filter[garden-id]=#{activity.garden.id}", params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(activity.id.to_s)
+    end
+
+    it 'filters by planting' do
+      get("/api/v1/activities?filter[planting-id]=#{activity.planting.id}", params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(activity.id.to_s)
+    end
+
+    it 'filters by category' do
+      get("/api/v1/activities?filter[category]=#{activity.category}", params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(2)
+      expect(subject['data'][0]['id']).to eq(activity.id.to_s)
+      expect(subject['data'][1]['id']).to eq(activity2.id.to_s)
+    end
+  end
+end

spec/requests/api/v1/gardens_request_spec.rb

@@ -50,21 +50,138 @@ RSpec.describe 'Gardens', type: :request do
     expect(subject['data']).to include(garden_encoded_as_json_api)
   end
 
-  it '#create' do
-    expect do
-      post '/api/v1/gardens', params: { 'garden' => { 'name' => 'can i make this' } }, headers:
-    end.to raise_error ActionController::RoutingError
+  context 'filtering' do
+    let!(:garden2) { FactoryBot.create(:garden, active: false, garden_type: FactoryBot.create(:garden_type)) }
+
+    pending 'filters by active' do
+      get('/api/v1/gardens?filter[active]=true', params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(garden.id.to_s)
+    end
+
+    it 'filters by garden_type' do
+      get("/api/v1/gardens?filter[garden_type]=#{garden2.garden_type.id}", params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(garden2.id.to_s)
+    end
+
+    it 'filters by owner' do
+      get("/api/v1/gardens?filter[owner_id]=#{garden2.owner.id}", params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(2)
+      expect(subject['data'][1]['id']).to eq(garden2.id.to_s)
+    end
   end
 
-  it '#update' do
-    expect do
-      post "/api/v1/gardens/#{garden.id}", params: { 'garden' => { 'name' => 'can i modify this' } }, headers:
-    end.to raise_error ActionController::RoutingError
+  describe '#create' do
+    let!(:member) { create(:member) }
+    let(:token) do
+      member.regenerate_api_token
+      member.api_token.token
+    end
+    let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
+    let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
+    let(:garden_params) do
+      {
+        data: {
+          type:       'gardens',
+          attributes: {
+            name: 'My API Garden'
+          }
+        }
+      }.to_json
+    end
+
+    it 'returns 401 Unauthorized without a token' do
+      post '/api/v1/gardens', params: garden_params, headers: headers
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it 'returns 201 Created with a valid token' do
+      post '/api/v1/gardens', params: garden_params, headers: auth_headers
+      expect(response).to have_http_status(:created)
+      expect(member.gardens.count).to eq(2) # 1 from after_create callback, 1 from api
+    end
   end
 
-  it '#delete' do
-    expect do
-      delete "/api/v1/gardens/#{garden.id}", params: {}, headers:
-    end.to raise_error ActionController::RoutingError
+  describe '#update' do
+    let!(:member) { create(:member) }
+    let(:token) do
+      member.regenerate_api_token
+      member.api_token.token
+    end
+    let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
+    let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
+    let(:garden) { create(:garden, owner: member) }
+    let(:other_member_garden) { create(:garden) }
+    let(:update_params) do
+      {
+        data: {
+          type:       'gardens',
+          id:         garden.id.to_s,
+          attributes: {
+            name: 'An updated garden'
+          }
+        }
+      }.to_json
+    end
+
+    it 'returns 401 Unauthorized without a token' do
+      patch "/api/v1/gardens/#{garden.id}", params: update_params, headers: headers
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it 'returns 200 OK with a valid token for own garden' do
+      patch "/api/v1/gardens/#{garden.id}", params: update_params, headers: auth_headers
+      expect(response).to have_http_status(:ok)
+      expect(garden.reload.name).to eq('An updated garden')
+    end
+
+    it 'returns 403 Forbidden for another member\'s garden' do
+      update_params_for_other = {
+        data: {
+          type:       'gardens',
+          id:         other_member_garden.id.to_s,
+          attributes: {
+            name: 'An updated garden'
+          }
+        }
+      }.to_json
+      patch "/api/v1/gardens/#{other_member_garden.id}", params: update_params_for_other, headers: auth_headers
+      expect(response).to have_http_status(:forbidden)
+    end
+  end
+
+  describe '#delete' do
+    let!(:member) { create(:member) }
+    let(:token) do
+      member.regenerate_api_token
+      member.api_token.token
+    end
+    let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
+    let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
+    let!(:garden) { create(:garden, owner: member) }
+    let(:other_member_garden) { create(:garden) }
+
+    it 'returns 401 Unauthorized without a token' do
+      delete "/api/v1/gardens/#{garden.id}", headers: headers
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it 'returns 204 No Content with a valid token for own garden' do
+      delete "/api/v1/gardens/#{garden.id}", headers: auth_headers
+      expect(response).to have_http_status(:no_content)
+      expect(Garden.find_by(id: garden.id)).to be_nil
+    end
+
+    it 'returns 403 Forbidden for another member\'s garden' do
+      delete "/api/v1/gardens/#{other_member_garden.id}", headers: auth_headers
+      expect(response).to have_http_status(:forbidden)
+    end
   end
 end

spec/requests/api/v1/harvests_request_spec.rb

@@ -76,25 +76,153 @@ RSpec.describe 'Harvests', type: :request do
     it { expect(subject['data']).to eq(harvest_encoded_as_json_api) }
   end
 
-  it '#create' do
-    expect do
-      put '/api/v1/harvests', headers:, params: {
-        'harvest' => { 'description' => 'can i make this' }
-      }
-    end.to raise_error ActionController::RoutingError
+  context 'filtering' do
+    let!(:harvest2) { FactoryBot.create(:harvest, planting: create(:planting)) }
+
+    it 'filters by crop' do
+      get("/api/v1/harvests?filter[crop_id]=#{harvest2.crop.id}", params: {}, headers:)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(harvest2.id.to_s)
+    end
+
+    it 'filters by planting' do
+      get("/api/v1/harvests?filter[planting_id]=#{harvest2.planting.id}", params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(harvest2.id.to_s)
+    end
+
+    it 'filters by plant_part' do
+      get("/api/v1/harvests?filter[plant_part]=#{harvest2.plant_part.id}", params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(harvest2.id.to_s)
+    end
+
+    it 'filters by owner' do
+      get("/api/v1/harvests?filter[owner_id]=#{harvest2.owner.id}", params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(harvest2.id.to_s)
+    end
   end
 
-  it '#update' do
-    expect do
-      post "/api/v1/harvests/#{harvest.id}", headers:, params: {
-        'harvest' => { 'description' => 'can i modify this' }
-      }
-    end.to raise_error ActionController::RoutingError
+  describe '#create' do
+    let!(:member) { create(:member) }
+    let(:token) do
+      member.regenerate_api_token
+      member.api_token.token
+    end
+    let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
+    let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
+    let(:crop) { create(:crop) }
+    let(:planting) { create(:planting, owner: member) }
+    let(:plant_part) { create(:plant_part) }
+    let(:harvest_params) do
+      {
+        data: {
+          type:          'harvests',
+          attributes:    {
+            description: 'My API harvests'
+          },
+          relationships: {
+            planting: { data: { type: 'plantings', id: planting.id } }
+            # plant_part: { data: { type: 'plant_parts', id: plant_part.id } }
+          }
+        }
+      }.to_json
+    end
+
+    it 'returns 401 Unauthorized without a token' do
+      post '/api/v1/harvests', params: harvest_params, headers: headers
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it 'returns 201 Created with a valid token' do
+      post '/api/v1/harvests', params: harvest_params, headers: auth_headers
+
+      expect(response).to have_http_status(:created)
+      expect(member.harvests.count).to eq(1)
+    end
   end
 
-  it '#delete' do
-    expect do
-      delete "/api/v1/harvests/#{harvest.id}", headers:, params: {}
-    end.to raise_error ActionController::RoutingError
+  describe '#update' do
+    let!(:member) { create(:member) }
+    let(:token) do
+      member.regenerate_api_token
+      member.api_token.token
+    end
+    let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
+    let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
+    let(:harvest) { create(:harvest, owner: member) }
+    let(:other_member_harvest) { create(:harvest) }
+    let(:update_params) do
+      {
+        data: {
+          type:       'harvests',
+          id:         harvest.id.to_s,
+          attributes: {
+            description: 'An updated harvest'
+          }
+        }
+      }.to_json
+    end
+
+    it 'returns 401 Unauthorized without a token' do
+      patch "/api/v1/harvests/#{harvest.id}", params: update_params, headers: headers
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it 'returns 200 OK with a valid token for own harvest' do
+      patch "/api/v1/harvests/#{harvest.id}", params: update_params, headers: auth_headers
+
+      expect(response).to have_http_status(:ok)
+      expect(harvest.reload.description).to eq('An updated harvest')
+    end
+
+    it 'returns 403 Forbidden for another member\'s harvest' do
+      update_params_for_other = {
+        data: {
+          type:       'harvests',
+          id:         other_member_harvest.id.to_s,
+          attributes: {
+            description: 'An updated harvest'
+          }
+        }
+      }.to_json
+      patch "/api/v1/harvests/#{other_member_harvest.id}", params: update_params_for_other, headers: auth_headers
+      expect(response).to have_http_status(:forbidden)
+    end
+  end
+
+  describe '#delete' do
+    let!(:member) { create(:member) }
+    let(:token) do
+      member.regenerate_api_token
+      member.api_token.token
+    end
+    let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
+    let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
+    let!(:harvest) { create(:harvest, owner: member) }
+    let(:other_member_harvest) { create(:harvest) }
+
+    it 'returns 401 Unauthorized without a token' do
+      delete "/api/v1/harvests/#{harvest.id}", headers: headers
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it 'returns 204 No Content with a valid token for own harvest' do
+      delete "/api/v1/harvests/#{harvest.id}", headers: auth_headers
+      expect(response).to have_http_status(:no_content)
+      expect(Garden.find_by(id: harvest.id)).to be_nil
+    end
+
+    it 'returns 403 Forbidden for another member\'s harvest' do
+      delete "/api/v1/harvests/#{other_member_harvest.id}", headers: auth_headers
+      expect(response).to have_http_status(:forbidden)
+    end
   end
 end

spec/requests/api/v1/plantings_request_spec.rb

@@ -95,28 +95,123 @@ RSpec.describe 'Plantings', type: :request do
     expect(subject['data']).to eq(planting_encoded_as_json_api)
   end
 
-  it '#create' do
-    expect do
-      post '/api/v1/plantings', params: { 'planting' => { 'description' => 'can i make this' } }, headers:
-    end.to raise_error ActionController::RoutingError
+  describe '#create' do
+    let!(:member) { create(:member) }
+    let(:token) do
+      member.regenerate_api_token
+      member.api_token.token
+    end
+    let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
+    let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
+    let(:crop) { create(:crop) }
+    let(:garden) { create(:garden, owner: member) }
+    let(:planting_params) do
+      {
+        data: {
+          type:          'plantings',
+          attributes:    {
+            description: 'My API plantings'
+          },
+          relationships: {
+            crop:   { data: { type: 'crops', id: crop.id } },
+            garden: { data: { type: 'gardens', id: garden.id } }
+          }
+        }
+      }.to_json
+    end
+
+    it 'returns 401 Unauthorized without a token' do
+      post '/api/v1/plantings', params: planting_params, headers: headers
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it 'returns 201 Created with a valid token' do
+      post '/api/v1/plantings', params: planting_params, headers: auth_headers
+
+      expect(response).to have_http_status(:created)
+      expect(member.plantings.count).to eq(1)
+    end
   end
 
-  it '#update' do
-    expect do
-      post "/api/v1/plantings/#{planting.id}", headers:, params: {
-        'planting' => { 'description' => 'can i modify this' }
-      }
-    end.to raise_error ActionController::RoutingError
+  describe '#update' do
+    let!(:member) { create(:member) }
+    let(:token) do
+      member.regenerate_api_token
+      member.api_token.token
+    end
+    let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
+    let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
+    let(:planting) { create(:planting, owner: member) }
+    let(:other_member_planting) { create(:planting) }
+    let(:update_params) do
+      {
+        data: {
+          type:       'plantings',
+          id:         planting.id.to_s,
+          attributes: {
+            description: 'An updated planting'
+          }
+        }
+      }.to_json
+    end
+
+    it 'returns 401 Unauthorized without a token' do
+      patch "/api/v1/plantings/#{planting.id}", params: update_params, headers: headers
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it 'returns 200 OK with a valid token for own planting' do
+      patch "/api/v1/plantings/#{planting.id}", params: update_params, headers: auth_headers
+
+      expect(response).to have_http_status(:ok)
+      expect(planting.reload.description).to eq('An updated planting')
+    end
+
+    it 'returns 403 Forbidden for another member\'s planting' do
+      update_params_for_other = {
+        data: {
+          type:       'plantings',
+          id:         other_member_planting.id.to_s,
+          attributes: {
+            description: 'An updated planting'
+          }
+        }
+      }.to_json
+      patch "/api/v1/plantings/#{other_member_planting.id}", params: update_params_for_other, headers: auth_headers
+      expect(response).to have_http_status(:forbidden)
+    end
   end
 
-  it '#delete' do
-    expect do
-      delete "/api/v1/plantings/#{planting.id}", params: {}, headers:
-    end.to raise_error ActionController::RoutingError
+  describe '#delete' do
+    let!(:member) { create(:member) }
+    let(:token) do
+      member.regenerate_api_token
+      member.api_token.token
+    end
+    let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
+    let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
+    let!(:planting) { create(:planting, owner: member) }
+    let(:other_member_planting) { create(:planting) }
+
+    it 'returns 401 Unauthorized without a token' do
+      delete "/api/v1/plantings/#{planting.id}", headers: headers
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it 'returns 204 No Content with a valid token for own planting' do
+      delete "/api/v1/plantings/#{planting.id}", headers: auth_headers
+      expect(response).to have_http_status(:no_content)
+      expect(Garden.find_by(id: planting.id)).to be_nil
+    end
+
+    it 'returns 403 Forbidden for another member\'s planting' do
+      delete "/api/v1/plantings/#{other_member_planting.id}", headers: auth_headers
+      expect(response).to have_http_status(:forbidden)
+    end
   end
 
   describe "by member/owner" do
-    before do
+    before :each do
       @member1 = planting.owner
       @planting2 = create(:planting, owner: create(:owner))
       @member2 = @planting2.owner
@@ -140,4 +235,37 @@ RSpec.describe 'Plantings', type: :request do
       end
     end
   end
+
+  context 'filtering' do
+    let!(:planting2) { FactoryBot.create(:planting, failed: true, sunniness: 'shade') }
+    let!(:perennial_planting) { FactoryBot.create(:planting, crop: FactoryBot.create(:crop, perennial: true)) }
+
+    it 'filters by failed' do
+      get('/api/v1/plantings?filter[failed]=true', params: {}, headers:)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(planting2.id.to_s)
+    end
+
+    it 'filters by sunniness' do
+      get('/api/v1/plantings?filter[sunniness]=shade', params: {}, headers:)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(planting2.id.to_s)
+    end
+
+    it 'filters by perennial' do
+      get('/api/v1/plantings?filter[perennial]=true', params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(perennial_planting.id.to_s)
+    end
+
+    it 'filters by active' do
+      get('/api/v1/plantings?filter[active]=true', params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(2)
+      expect(subject['data'][0]['id']).to eq(planting.id.to_s)
+    end
+  end
 end

spec/requests/api/v1/seeds_request_spec.rb

@@ -61,21 +61,170 @@ RSpec.describe 'Seeds', type: :request do
     it { expect(subject['data']).to eq(seed_encoded_as_json_api) }
   end
 
-  it '#create' do
-    expect do
-      post '/api/v1/seeds', params: { 'seed' => { 'name' => 'can i make this' } }, headers:
-    end.to raise_error ActionController::RoutingError
+  describe '#create' do
+    let!(:member) { create(:member) }
+    let(:token) do
+      member.regenerate_api_token
+      member.api_token.token
+    end
+    let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
+    let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
+    let(:crop) { create(:crop) }
+    let(:seed_params) do
+      {
+        data: {
+          type:          'seeds',
+          attributes:    {
+            description: 'My API seeds'
+          },
+          relationships: {
+            crop: { data: { type: 'crops', id: crop.id } }
+          }
+        }
+      }.to_json
+    end
+
+    it 'returns 401 Unauthorized without a token' do
+      post '/api/v1/seeds', params: seed_params, headers: headers
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it 'returns 201 Created with a valid token' do
+      post '/api/v1/seeds', params: seed_params, headers: auth_headers
+      expect(response).to have_http_status(:created)
+      expect(member.seeds.count).to eq(1)
+    end
   end
 
-  it '#update' do
-    expect do
-      post "/api/v1/seeds/#{seed.id}", params: { 'seed' => { 'name' => 'can i modify this' } }, headers:
-    end.to raise_error ActionController::RoutingError
+  describe '#update' do
+    let!(:member) { create(:member) }
+    let(:token) do
+      member.regenerate_api_token
+      member.api_token.token
+    end
+    let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
+    let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
+    let(:crop) { create(:crop) }
+    let(:seed) { create(:seed, owner: member, crop: crop) }
+    let(:other_member_seed) { create(:seed) }
+    let(:update_params) do
+      {
+        data: {
+          type:       'seeds',
+          id:         seed.id.to_s,
+          attributes: {
+            description: 'An updated seed'
+          }
+        }
+      }.to_json
+    end
+
+    it 'returns 401 Unauthorized without a token' do
+      patch "/api/v1/seeds/#{seed.id}", params: update_params, headers: headers
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it 'returns 200 OK with a valid token for own seed' do
+      patch "/api/v1/seeds/#{seed.id}", params: update_params, headers: auth_headers
+      expect(response).to have_http_status(:ok)
+      expect(seed.reload.description).to eq('An updated seed')
+    end
+
+    it 'returns 403 Forbidden for another member\'s seed' do
+      update_params_for_other = {
+        data: {
+          type:       'seeds',
+          id:         other_member_seed.id.to_s,
+          attributes: {
+            description: 'An updated seed'
+          }
+        }
+      }.to_json
+      patch "/api/v1/seeds/#{other_member_seed.id}", params: update_params_for_other, headers: auth_headers
+      expect(response).to have_http_status(:forbidden)
+    end
   end
 
-  it '#delete' do
-    expect do
-      delete "/api/v1/seeds/#{seed.id}", params: {}, headers:
-    end.to raise_error ActionController::RoutingError
+  describe '#delete' do
+    let!(:member) { create(:member) }
+    let(:token) do
+      member.regenerate_api_token
+      member.api_token.token
+    end
+    let(:headers) { { 'Accept' => 'application/vnd.api+json', 'Content-Type' => 'application/vnd.api+json' } }
+    let(:auth_headers) { headers.merge('Authorization' => "Token token=#{token}") }
+    let(:crop) { create(:crop) }
+    let!(:seed) { create(:seed, owner: member, crop: crop) }
+    let(:other_member_seed) { create(:seed) }
+
+    it 'returns 401 Unauthorized without a token' do
+      delete "/api/v1/seeds/#{seed.id}", headers: headers
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it 'returns 204 No Content with a valid token for own seed' do
+      delete "/api/v1/seeds/#{seed.id}", headers: auth_headers
+      expect(response).to have_http_status(:no_content)
+      expect(Seed.find_by(id: seed.id)).to be_nil
+    end
+
+    it 'returns 403 Forbidden for another member\'s seed' do
+      delete "/api/v1/seeds/#{other_member_seed.id}", headers: auth_headers
+      expect(response).to have_http_status(:forbidden)
+    end
+  end
+
+  context 'filtering' do
+    let!(:seed2) do
+      FactoryBot.create(:seed, tradable_to: 'nationally', organic: 'certified organic', gmo: 'certified GMO-free', heirloom: 'heirloom')
+    end
+
+    it 'filters by crop' do
+      get("/api/v1/seeds?filter[crop]=#{seed2.crop.id}", params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(seed2.id.to_s)
+    end
+
+    it 'filters by tradable_to' do
+      get('/api/v1/seeds?filter[tradable_to]=nationally', params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(seed2.id.to_s)
+    end
+
+    it 'filters by organic' do
+      get('/api/v1/seeds?filter[organic]=certified organic', params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(seed2.id.to_s)
+    end
+
+    it 'filters by gmo' do
+      get('/api/v1/seeds?filter[gmo]=certified GMO-free', params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(seed2.id.to_s)
+    end
+
+    it 'filters by heirloom' do
+      get('/api/v1/seeds?filter[heirloom]=heirloom', params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(seed2.id.to_s)
+    end
+
+    it 'filters by owner' do
+      get("/api/v1/seeds?filter[owner_id]=#{seed2.owner.id}", params: {}, headers:)
+
+      expect(response).to have_http_status(:ok)
+      expect(subject['data'].size).to eq(1)
+      expect(subject['data'][0]['id']).to eq(seed2.id.to_s)
+    end
   end
 end

spec/requests/plantings_spec.rb

@@ -15,7 +15,7 @@ describe "Plantings" do
     before do
       @member = create(:interesting_member)
 
-      @predictable_planting = create(:predictable_planting, owner: @member, planted_at: 1.day.ago, days_to_first_harvest: 10,
+      @predictable_planting = create(:predictable_planting, owner: @member, planted_at: 1.days.ago, days_to_first_harvest: 10,
 days_to_last_harvest: 20)
       @predictable_planting.crop.update(median_days_to_first_harvest: 10)
 

spec/support/feature_helpers.rb

@@ -14,17 +14,17 @@ module FeatureHelpers
 
   shared_context 'signed in member' do
     let(:member) { FactoryBot.create(:member) }
-    it_behaves_like 'sign in'
+    include_examples 'sign in'
   end
 
   shared_context 'signed in crop wrangler' do
     let(:member) { FactoryBot.create(:crop_wrangling_member) }
-    it_behaves_like 'sign in'
+    include_examples 'sign in'
   end
 
   shared_context 'signed in admin' do
     let(:member) { FactoryBot.create(:admin_member) }
-    it_behaves_like 'sign in'
+    include_examples 'sign in'
   end
 
   shared_context 'sign in' do

spec/views/photos/show.html.haml_spec.rb

@@ -58,7 +58,7 @@ describe "photos/show" do
       render
     end
 
-    it_behaves_like "photo data renders"
+    include_examples "photo data renders"
 
     it "has a delete button" do
       assert_select "a[href='#{photo_path(@photo)}']"
@@ -71,8 +71,8 @@ describe "photos/show" do
       render
     end
 
-    it_behaves_like "photo data renders"
-    it_behaves_like "No links to change data"
+    include_examples "photo data renders"
+    include_examples "No links to change data"
   end
 
   context "not signed in" do
@@ -81,8 +81,8 @@ describe "photos/show" do
       render
     end
 
-    it_behaves_like "photo data renders"
-    it_behaves_like "No links to change data"
+    include_examples "photo data renders"
+    include_examples "No links to change data"
   end
 
   context "CC-licensed photo" do

spec/views/seeds/index.rss.haml_spec.rb

@@ -31,7 +31,7 @@ describe 'seeds/index.rss.haml', :search do
       render
     end
 
-    it_behaves_like 'displays seed in rss feed'
+    include_examples 'displays seed in rss feed'
 
     it 'shows RSS feed title' do
       expect(rendered).to have_content "Recent seeds from all members"
@@ -60,6 +60,6 @@ describe 'seeds/index.rss.haml', :search do
       expect(rendered).to have_content "Recent seeds from #{seed.owner}"
     end
 
-    it_behaves_like 'displays seed in rss feed'
+    include_examples 'displays seed in rss feed'
   end
 end