spree_cm_commissioner 2.1.8 → 2.1.9.pre.pre1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 36165e2d7e9f037f00a0590045ae9c6171825a79f0499ec4cb70af91a246b0d5
-  data.tar.gz: b6d46f79ab01845de456585f50881dbca8b0b28d208e2db386a1833a9dfe1b30
+  metadata.gz: a278c011c4129a11c968c695ac8ae1a22996991ab69f8700bdafa6d9002c470e
+  data.tar.gz: 5354f593b70e02b4956f27006a82cc06341a2630ee45306b9e8f33a4c246eb9f
 SHA512:
-  metadata.gz: bd7ac99403f71109009b3d06dff1fc5a72b61b833d00e27f2a7513c552f7005782ff819a5e69ca67d64160865af6fabf4dd9554f7253b3cbd85ea4ba283b555a
-  data.tar.gz: f7d227c43eb5ecfc72eeebbf715e651f576f998a769106a1303e647680a9b4e82820b1e31e3c3b10299a1ee79fa6da9fde4fce5ea9ec62074b62d5b6e937d560
+  metadata.gz: 140d7641c8e2542f82e64f8d8bf5758b31b5c3a6daf9232bd57bc9835c27685aba70182cf173df43fb805edc08b0968c80612d726469fd1780ad05a05d38d596
+  data.tar.gz: fe162b2e261ace9661ea9b2e05a699617ff5da1a707dab0cad139b72c6fb0242966a9728c37e2a653213665c34767177ab8a4ee1d11c8c02ecf82088631386bb

data/.env.example

@@ -1,29 +1,75 @@
-# aws
-AWS_ACCESS_KEY_ID=""
-AWS_BUCKET_NAME=""
-AWS_REGION=""
-AWS_SECRET_ACCESS_KEY=
-AWS_CLUSTER_NAME="" # fetch all tasks
-
-AWS_CF_MEDIA_DOMAIN="medias.bookme.plus"
-AWS_CF_PUBLIC_KEY_ID="KKC****QFJ2"
-AWS_OUTPUT_BUCKET_NAME="output-production-cm"
-
-AWS_CF_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----
------END PRIVATE KEY-----"
-
-# for GET request with following host, it will be cached.
-CONTENT_HOST_URL=https://content.bookme.plus
-CONTENT_CACHE_MAX_AGE=7200
-
-WAITING_ROOM_SESSION_SIGNATURE="e6b2********************26e3"
-WAITING_ROOM_SESSION_EXPIRE_DURATION_IN_SECOND=
-WAITING_ROOM_MIN_SESSIONS_COUNT=5
-WAITING_ROOM_DISABLED=no
-
-# Vattanac Bank
-VATTANAC_AES_SECRET_KEY= ""
-VATTANAC_PUBLIC_KEY=""
-
-# Organizer URL
-ORGANIZER_URL=http://127.0.0.1:4000/organizer
+# Rails Configuration
+RAILS_ENV=development # Rails environment (development, test, production)
+RAILS_MASTER_KEY= # Rails master key for encrypted credentials
+RAILS_MIN_THREADS=5 # Minimum number of threads for Puma server
+RAILS_MAX_THREADS=5 # Maximum number of threads for Puma server
+RAILS_SERVE_STATIC_FILES= # Enable static file serving (useful for production)
+RAILS_LOG_TO_STDOUT=enabled # Enable Rails logging to STDOUT
+
+# Server Configuration
+PORT=3000 # Port for the server to listen on
+PIDFILE=tmp/pids/server.pid # Process ID file location
+WEB_CONCURRENCY=2 # Number of web workers for Puma
+DEFAULT_URL_HOST=http://localhost:4000 # Default host URL for the application
+ORGANIZER_URL= # Organizer platform URL (e.g., https://organizer.bookme.plus)
+
+# Redis Configuration
+REDIS_URL=redis://localhost:6379/12 # Redis connection URL
+REDIS_POOL_SIZE=5 # Redis connection pool size
+REDIS_TIMEOUT=5 # Redis connection timeout in seconds
+
+# AWS Configuration
+AWS_REGION=ap-southeast-1 # AWS region for services
+AWS_ACCESS_KEY_ID= # AWS access key ID for authentication
+AWS_SECRET_ACCESS_KEY= # AWS secret access key for authentication
+AWS_BUCKET_NAME=contigoasia-production # AWS S3 bucket name for storage
+AWS_OUTPUT_BUCKET_NAME=output-production-cm # AWS S3 output bucket name for media processing
+AWS_CLUSTER_NAME=production-cm-web # AWS ECS cluster name for waiting room system
+
+# AWS CloudFront Configuration
+ASSETS_SYNC_CF_DIST_ID=E3DV5NICAX5NCH # CloudFront distribution ID for asset synchronization
+AWS_CF_MEDIA_DOMAIN=medias.bookme.plus # CloudFront media domain (e.g., medias.bookme.plus)
+AWS_CF_PUBLIC_KEY_ID= # CloudFront public key ID for signed URLs
+AWS_CF_PRIVATE_KEY= # CloudFront private key for signed URLs (PEM format)
+
+# Cache Configuration
+CONTENT_CACHE_MAX_AGE=180 # Maximum age for CDN content cache in seconds (default: 86400)
+
+# Email Configuration
+NO_REPLY_EMAIL=noreply@example.com # No-reply email address for outgoing emails
+
+# SMS Configuration
+SMS_SENDER_ID=SMS Info # Sender ID for SMS messages (default: 'SMS Info')
+
+# Payment Gateway Configuration
+VATTANAC_AES_SECRET_KEY= # Vattanac Bank AES secret key for encryption
+BOOKMEPLUS_PRIVATE_KEY= # BookMe+ private key for Vattanac Bank integration
+VATTANAC_PUBLIC_KEY= # Vattanac Bank public key for signature verification
+
+# Google Services Configuration
+GOOGLE_MAP_KEY=AIzaSyBt-OSnDZze6hxGjfiapSxpcyGzBo_COv8 # Google Maps API key for nearby places and location services
+ISSUER_ID=3388000000022336356 # Google Wallet issuer ID for digital passes
+
+# Waiting Room System Configuration
+WAITING_ROOM_DISABLED=no # Disable waiting room functionality (set to 'yes' to disable)
+WAITING_ROOM_SESSION_SIGNATURE=4234f0a3-c42f-40b5-9057-7c006793cea4 # JWT signature key for waiting room session tokens
+WAITING_ROOM_SESSION_EXPIRE_DURATION_IN_SECOND=180 # Session expiration duration in seconds (default: 180 / 3 minutes)
+WAITING_ROOM_MIN_SESSIONS_COUNT=5 # Minimum sessions count for waiting room calculation (default: 5)
+WAITING_ROOM_SERVERS_COUNT=2 # Number of running servers for capacity calculation (default: 2)
+WAITING_ROOM_MAX_THREAD_COUNT=10 # Maximum thread count per server (default: 10)
+WAITING_ROOM_MULTIPLIER=150 # Multiplier for waiting room capacity calculation (default: 150)
+
+# Exception Notification Configuration
+EXCEPTION_NOTIFY_ENABLE=yes # Enable exception notifications (set to 'yes' to enable)
+EXCEPTION_TELEGRAM_BOT_TOKEN=6441690414:AAFBpevRdBaRTXmalJR2vcSdPNzYoDnMEFk # Telegram bot token for exception notifications
+EXCEPTION_NOTIFIER_TELEGRAM_CHANNEL_ID=-1001807686211 # Telegram channel ID for exception notifications
+
+# Telegram Bot Configuration
+DEFAULT_TELEGRAM_BOT_API_TOKEN=6441690414:AAFBpevRdBaRTXmalJR2vcSdPNzYoDnMEFk # Default Telegram bot API token
+PIN_CODE_DEBUG_NOTIFIY_TELEGRAM_ENABLE=yes # Enable PIN code debug notifications via Telegram (set to 'yes' to enable)
+
+# Business Rules Configuration
+ACCOMMODATION_MAX_STAY_DAYS=10 # Maximum number of days allowed for accommodation stays (default: 10)
+
+# Development/Testing Configuration
+BUNDLE_GEMFILE= # Gemfile location for bundler

data/Gemfile.lock

@@ -34,7 +34,7 @@ GIT
 PATH
   remote: .
   specs:
-    spree_cm_commissioner (2.1.8)
+    spree_cm_commissioner (2.1.9.pre.pre1)
       activerecord-multi-tenant
       activerecord_json_validator (~> 2.1, >= 2.1.3)
       aws-sdk-cloudfront

data/app/controllers/spree/api/v2/storefront/access_tokens_controller.rb

@@ -0,0 +1,10 @@
+module Spree
+  module Api
+    module V2
+      module Storefront
+        class AccessTokensController < Doorkeeper::TokensController
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/storefront/account/guest_dynamic_fields_controller.rb

@@ -0,0 +1,82 @@
+module Spree
+  module Api
+    module V2
+      module Storefront
+        module Account
+          class GuestDynamicFieldsController < ::Spree::Api::V2::ResourceController
+            before_action :require_spree_current_user
+            before_action :load_guest
+
+            def update_dynamic_field
+              phase = params[:phase]
+
+              return render_error_payload('Invalid phase', 422) unless %w[pre_registration post_registration].include?(phase)
+
+              begin
+                fields = dynamic_fields_params
+              rescue ActionController::ParameterMissing
+                return render_error_payload('No dynamic fields provided', 422)
+              end
+
+              return render_error_payload('No dynamic fields provided', 422) if fields.blank?
+
+              ActiveRecord::Base.transaction do
+                fields.each do |field|
+                  process_dynamic_field(field, phase)
+                end
+
+                @guest.save_and_move_to_next_stage
+              end
+
+              render_serialized_payload { serialize_guest(@guest) }
+            rescue ActiveRecord::RecordInvalid => e
+              render_error_payload(e.record.errors, 422)
+            rescue ActiveRecord::RecordNotFound => e
+              render_error_payload(e.message, 404)
+            end
+
+            private
+
+            def dynamic_fields_params
+              params.require(:dynamic_fields).map do |field|
+                field.permit(:id, :value)
+              end
+            end
+
+            def load_guest
+              @guest = SpreeCmCommissioner::Guest.find(params[:guest_id])
+
+              unless spree_current_user.guests.exists?(id: @guest.id) ||
+                  @guest.line_item.order.user == spree_current_user
+                render_error_payload('Unauthorized', 401)
+              end
+            end
+
+            def process_dynamic_field(field, phase)
+              dynamic_field = SpreeCmCommissioner::DynamicField.find(field[:id])
+              guest_field = @guest.guest_dynamic_fields.find_or_initialize_by(dynamic_field_id: dynamic_field.id)
+
+              return if guest_field.new_record? && dynamic_field.data_fill_stage != phase
+
+              if dynamic_field.requires_dynamic_field_options?
+                option = dynamic_field.dynamic_field_options.find_by(value: field[:value])
+                raise ActiveRecord::RecordNotFound, "Invalid value for dynamic field #{dynamic_field.label}" unless option
+
+                guest_field.dynamic_field_option = option
+                guest_field.value = option.value
+              else
+                guest_field.value = field[:value]
+              end
+
+              guest_field.save!
+            end
+
+            def serialize_guest(guest)
+              SpreeCmCommissioner::V2::Storefront::GuestSerializer.new(guest).serializable_hash
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/storefront/account/mark_guest_info_complete_controller.rb

@@ -0,0 +1,39 @@
+module Spree
+  module Api
+    module V2
+      module Storefront
+        module Account
+          class MarkGuestInfoCompleteController < ::Spree::Api::V2::ResourceController
+            before_action :require_spree_current_user
+
+            def update
+              update_user_metadata
+              render_success_response
+            end
+
+            private
+
+            def update_user_metadata
+              spree_current_user.public_metadata['has_incomplete_guest_info'] = false
+              spree_current_user.save!
+            end
+
+            def render_success_response
+              render_serialized_payload(200) do
+                {
+                  success: true,
+                  message: 'Guest information marked as complete',
+                  has_incomplete_guest_info: false
+                }
+              end
+            end
+
+            def model_class
+              Spree::User
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/storefront/account/orders_controller_decorator.rb

@@ -4,12 +4,41 @@ module Spree
       module Storefront
         module Account
           module OrdersControllerDecorator
+            def self.prepended(base)
+              base.include Spree::Api::V2::Storefront::OrderConcern
+            end
+
             def collection
-              if params[:request_state].present?
-                spree_current_user.orders.filter_by_request_state
-              else
-                collection_finder.new(user: spree_current_user, store: current_store, state: params.delete(:state)).execute
-              end
+              @collection =
+                if params[:incomplete_guest_info] == 'true'
+                  find_orders_with_incomplete_guest_info
+                elsif params[:request_state].present?
+                  spree_current_user.orders.filter_by_request_state
+                else
+                  collection_finder.new(user: spree_current_user, store: current_store, state: params.delete(:state)).execute
+                end
+
+              @collection.page(params[:page]).per(params[:per_page])
+            end
+
+            private
+
+            def find_orders_with_incomplete_guest_info
+              orders = spree_current_user.orders
+                                         .complete
+                                         .includes(line_items: { guests: [:guest_dynamic_fields] })
+
+              incomplete_order_ids = orders.select do |order|
+                order.line_items.any? do |line_item|
+                  line_item.guests.any? do |guest|
+                    guest.pre_registration_completed? &&
+                      guest.post_registration_fields? &&
+                      !guest.post_registration_completed?
+                  end
+                end
+              end.map(&:id)
+
+              spree_current_user.orders.where(id: incomplete_order_ids)
             end
 
             def collection_finder

data/app/controllers/spree/api/v2/storefront/seat_layouts_controller.rb

@@ -1,4 +1,4 @@
-# This endpoint is only used for events (via `event.seat_layout_id` to call this API).
+# This endpoint is only used for events (via `event.preload_seat_layout_id` to call this API).
 # For transit, seat layouts are included directly in the Trip API (no separate call needed).
 #
 # In both cases, seat availability must always be checked using:

data/app/controllers/spree/api/v2/tenant/access_tokens_controller.rb

@@ -0,0 +1,10 @@
+module Spree
+  module Api
+    module V2
+      module Tenant
+        class AccessTokensController < Doorkeeper::TokensController
+        end
+      end
+    end
+  end
+end

data/app/interactors/spree_cm_commissioner/stock/inventory_item_resetter.rb

@@ -35,7 +35,7 @@ module SpreeCmCommissioner
       end
 
       def clear_inventory_cache
-        SpreeCmCommissioner.redis_pool.with do |redis|
+        SpreeCmCommissioner.inventory_redis_pool.with do |redis|
           redis.del(inventory_item.redis_key)
         end
       end

data/app/models/concerns/spree_cm_commissioner/event_metadata.rb

@@ -0,0 +1,39 @@
+module SpreeCmCommissioner
+  module EventMetadata
+    extend ActiveSupport::Concern
+
+    included do
+      store_public_metadata :background_color, :string
+      store_public_metadata :foreground_color, :string
+
+      store_public_metadata :group_check_in_enabled, :boolean, default: true
+      store_public_metadata :individual_check_in_enabled, :boolean, default: true
+
+      # By default, for most events, manual search is allowed for operators.
+      # For certain large events, admin can disable this manually.
+      store_public_metadata :allow_manual_search_for_operator, :boolean, default: true
+
+      # This model has no seat_layout column (polymorphic association), so we store the preload_seat_layout_id ID in public_metadata.
+      # This lets us check if a seat layout exists without triggering a database query.
+      # The ID is automatically updated whenever the seat_layout is saved.
+      store_public_metadata :preload_seat_layout_id, :integer
+
+      before_validation :validate_at_least_one_check_in_flow_presence
+    end
+
+    def check_in_flows
+      flows = []
+      flows << 'group' if group_check_in_enabled?
+      flows << 'individual' if individual_check_in_enabled?
+      flows
+    end
+
+    private
+
+    def validate_at_least_one_check_in_flow_presence
+      return if check_in_flows.any?
+
+      errors.add(:check_in_flows, 'must have at least one flow selected')
+    end
+  end
+end

data/app/models/concerns/spree_cm_commissioner/order_state_machine.rb

@@ -74,17 +74,40 @@ module SpreeCmCommissioner
       end
     end
 
+    def mark_user_as_has_incomplete_guest_info
+      user&.public_metadata&.[]=('has_incomplete_guest_info', true)
+      user&.save!
+    end
+
     def has_incomplete_guest_info? # rubocop:disable Naming/PredicateName
       line_items.any? do |line_item|
         line_item.guests.any? do |guest|
-          !guest.post_registration_completed?
+          guest_incomplete?(guest)
         end
       end
     end
 
-    def mark_user_as_has_incomplete_guest_info
-      user&.public_metadata&.[]=('has_incomplete_guest_info', true)
-      user&.save!
+    # overrided not to send email yet to user if order needs confirmation
+    # it will send after vendors accepted.
+    def confirmation_delivered?
+      confirmation_delivered || need_confirmation?
+    end
+
+    # allow authorized user to accept all requested line items
+    def accepted_by(user)
+      transaction do
+        accept!
+
+        line_items.each do |line_item|
+          line_item.accepted_by(user)
+        end
+      end
+    end
+
+    def guest_incomplete?(guest)
+      (guest.pre_registration_fields? && !guest.pre_registration_completed?) ||
+        (guest.post_registration_fields? && !guest.post_registration_completed?) ||
+        (guest.during_check_in_fields? && !guest.check_in_completed?)
     end
 
     def unstock_inventory!
@@ -159,23 +182,6 @@ module SpreeCmCommissioner
       user.present? && user.email.present?
     end
 
-    # allow authorized user to accept all requested line items
-    def accepted_by(user)
-      transaction do
-        accept!
-
-        line_items.each do |line_item|
-          line_item.accepted_by(user)
-        end
-      end
-    end
-
-    # overrided not to send email yet to user if order needs confirmation
-    # it will send after vendors accepted.
-    def confirmation_delivered?
-      confirmation_delivered || need_confirmation?
-    end
-
     # can_accepted? already use by ransack/visitor.rb
     def can_accept_all?
       approved? && requested?

data/app/models/concerns/spree_cm_commissioner/store_metadata.rb

@@ -0,0 +1,97 @@
+# Provides a DSL for defining typed key/value attributes stored in JSON columns
+# using ActiveRecord's `store`.
+#
+# Enhancements over ActiveRecord::Store:
+# - Supports default values when a key is missing or nil
+# - Applies type casting when reading from the database
+# - Adds predicate helpers (`foo?`) for boolean attributes
+# - Validates new data types only (does not validate existing DB values)
+#
+# Supported types:
+# - boolean
+# - string
+# - integer
+#
+# Example usage:
+# ```
+# class Spree::Taxon < ApplicationRecord
+#   include SpreeCmCommissioner::StoreMetadata
+
+#   store_public_metadata :completed, :boolean, default: true
+#   store_public_metadata :count, :integer, default: 5
+#   store_private_metadata :app_token, :string,  default: "XYZ"
+# end
+#
+# taxon = Spree::Taxon.new(completed: true, app_token: "ABC", count: 10)
+# taxon.completed          # => true, store in public_metadata
+# taxon.completed?         # => true, store in public_metadata
+# taxon.count              # => 10, store in public_metadata
+# taxon.app_token          # => "ABC", store in private_metadata
+# ```
+
+module SpreeCmCommissioner
+  module StoreMetadata
+    extend ActiveSupport::Concern
+
+    class_methods do
+      def store_private_metadata(key, type, default: nil)
+        store :private_metadata, accessors: [key], coder: JSON
+
+        define_metadata_reader(:private_metadata, key, type, default)
+        define_metadata_validation(:private_metadata, key, type)
+      end
+
+      def store_public_metadata(key, type, default: nil)
+        store :public_metadata, accessors: [key], coder: JSON
+
+        define_metadata_reader(:public_metadata, key, type, default)
+        define_metadata_validation(:public_metadata, key, type)
+      end
+
+      private
+
+      # Override the store reader to:
+      # - Return default if nil
+      # - Cast to correct type
+      # - Add `?` predicate for booleans
+      def define_metadata_reader(column_name, key, type, default)
+        define_method(key) do
+          metadata = send(column_name) || {}
+          raw_value = metadata[key.to_s]
+          return default if raw_value.nil?
+
+          case type
+          when :boolean
+            ActiveModel::Type::Boolean.new.cast(raw_value)
+          when :integer
+            raw_value.to_i
+          when :string
+            raw_value.to_s
+          else
+            raw_value
+          end
+        end
+
+        define_method("#{key}?") { send(key) } if type == :boolean
+      end
+
+      # Validates only new assignments (raw JSON values) for type safety
+      def define_metadata_validation(column_name, key, type)
+        case type
+        when :boolean
+          validates key, inclusion: { in: [true, false] }, allow_nil: true
+        when :integer
+          validate do
+            metadata = send(column_name) || {}
+            raw_value = metadata[key.to_s]
+            next if raw_value.nil?
+
+            errors.add(key, 'is not a number') unless raw_value.to_s =~ /\A-?\d+\z/
+          end
+        when :string
+          validates key, length: { maximum: 255 }, allow_nil: true
+        end
+      end
+    end
+  end
+end

data/app/models/spree_cm_commissioner/guest.rb

@@ -57,10 +57,9 @@ module SpreeCmCommissioner
     before_create :generate_bib, if: -> { line_item.reload && variant.bib_pre_generation_on_create? }
     after_create :preload_order_block_ids, if: -> { block_id.present? }
     after_update :preload_order_block_ids, if: :saved_change_to_block_id?
-
     before_destroy :cancel_reserved_block!, if: -> { reserved_block.present? && reserved_block.active_on_hold? }
-
     after_destroy :preload_order_block_ids
+    after_commit :update_user_incomplete_guest_info_status, if: :should_update_incomplete_guest_info?
 
     validates :bib_index, uniqueness: true, allow_nil: true
 
@@ -396,8 +395,6 @@ module SpreeCmCommissioner
       eligible_check_in_sessions.include?(session)
     end
 
-    private
-
     def product_dynamic_fields
       @product_dynamic_fields ||= line_item.product.dynamic_fields
     end
@@ -417,6 +414,43 @@ module SpreeCmCommissioner
       # Reject if dynamic_field_id is blank or if _destroy is true
       attributes[:dynamic_field_id].blank? || ActiveModel::Type::Boolean.new.cast(attributes[:_destroy])
     end
+
+    def update_user_incomplete_guest_info_status
+      return unless user
+      return unless line_item&.order&.completed?
+
+      user.reload
+
+      has_incomplete = user.orders.complete.any? do |order|
+        order_has_incomplete_guests?(order)
+      end
+
+      current_status = user.public_metadata['has_incomplete_guest_info'] || false
+
+      return unless current_status != has_incomplete
+
+      user.public_metadata['has_incomplete_guest_info'] = has_incomplete
+      user.save!
+    end
+
+    def order_has_incomplete_guests?(order)
+      order.line_items.any? do |line_item|
+        line_item.guests.any? do |guest|
+          guest_incomplete?(guest)
+        end
+      end
+    end
+
+    def guest_incomplete?(guest)
+      (guest.pre_registration_fields? && !guest.pre_registration_completed?) ||
+        (guest.post_registration_fields? && !guest.post_registration_completed?) ||
+        (guest.during_check_in_fields? && !guest.check_in_completed?)
+    end
+
+    def should_update_incomplete_guest_info?
+      saved_change_to_data_fill_stage_phase? ||
+        (guest_dynamic_fields.any? && (guest_dynamic_fields.any?(&:saved_changes?) || guest_dynamic_fields.any?(&:destroyed?)))
+    end
   end
 end
 # rubocop:enable Metrics/ClassLength

data/app/models/spree_cm_commissioner/guest_dynamic_field.rb

@@ -88,6 +88,7 @@ module SpreeCmCommissioner
 
     def sync_guest_data_fill_stage_phase
       guest&.save_and_move_to_next_stage
+      guest&.update_user_incomplete_guest_info_status
     end
 
     def reject_empty_string_for_text_fields

data/app/models/spree_cm_commissioner/inventory_item.rb

@@ -48,7 +48,7 @@ module SpreeCmCommissioner
     end
 
     def adjust_quantity_in_redis(quantity)
-      SpreeCmCommissioner.redis_pool.with do |redis|
+      SpreeCmCommissioner.inventory_redis_pool.with do |redis|
         cached_quantity_available = redis.get(redis_key)
         # ignore if redis doesn't exist
         return if cached_quantity_available.nil? # rubocop:disable Lint/NonLocalExitFromIterator

data/app/models/spree_cm_commissioner/invite_team.rb

@@ -14,6 +14,8 @@ module SpreeCmCommissioner
 
     validate :validate_roles
 
+    before_validation :normalize_email
+
     after_create :set_expiration
     after_create :send_team_invite_email
 
@@ -42,5 +44,11 @@ module SpreeCmCommissioner
     def url_valid?
       expires_at.present? && expires_at > Time.current
     end
+
+    private
+
+    def normalize_email
+      self.email = email.strip.downcase if email.present?
+    end
   end
 end

data/app/models/spree_cm_commissioner/redis_stock/cached_inventory_items_builder.rb

@@ -12,7 +12,7 @@ module SpreeCmCommissioner
         keys = inventory_items.map { |item| "inventory:#{item.id}" }
         return [] unless keys.any?
 
-        counts = SpreeCmCommissioner.redis_pool.with { |redis| redis.mget(*keys) }
+        counts = SpreeCmCommissioner.inventory_redis_pool.with { |redis| redis.mget(*keys) }
         inventory_items.map.with_index do |inventory_item, i|
           ::SpreeCmCommissioner::CachedInventoryItem.new(
             inventory_key: keys[i],
@@ -30,7 +30,7 @@ module SpreeCmCommissioner
         return count_in_redis.to_i if count_in_redis.present?
         return inventory_item.quantity_available unless inventory_item.active?
 
-        SpreeCmCommissioner.redis_pool.with do |redis|
+        SpreeCmCommissioner.inventory_redis_pool.with do |redis|
           redis.set(key, inventory_item.quantity_available, ex: inventory_item.redis_expired_in)
         end
 

data/app/models/spree_cm_commissioner/redis_stock/inventory_updater.rb

@@ -51,13 +51,13 @@ module SpreeCmCommissioner
       end
 
       def unstock(keys, quantities)
-        SpreeCmCommissioner.redis_pool.with do |redis|
+        SpreeCmCommissioner.inventory_redis_pool.with do |redis|
           redis.eval(unstock_redis_script, keys: keys, argv: quantities)
         end.positive?
       end
 
       def restock(keys, quantities)
-        SpreeCmCommissioner.redis_pool.with do |redis|
+        SpreeCmCommissioner.inventory_redis_pool.with do |redis|
           redis.eval(restock_redis_script, keys: keys, argv: quantities)
         end.positive?
       end

data/app/models/spree_cm_commissioner/seat_layout.rb

@@ -27,13 +27,13 @@ module SpreeCmCommissioner
 
     private
 
-    # layoutable (taxon, vehicle) must have seat_layout_id attribute,
+    # layoutable (taxon, vehicle) must have preload_seat_layout_id attribute,
     # either as a column or as a key in a JSONB column (e.g., metadata)
     def sync_seat_layout_id_to_layoutable!
       if destroyed?
-        layoutable.update!(seat_layout_id: nil)
+        layoutable.update!(preload_seat_layout_id: nil)
       else
-        layoutable.update!(seat_layout_id: id)
+        layoutable.update!(preload_seat_layout_id: id)
       end
     end
   end

data/app/models/spree_cm_commissioner/taxon_decorator.rb

@@ -1,20 +1,10 @@
 module SpreeCmCommissioner
   module TaxonDecorator
     def self.prepended(base) # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
+      base.include SpreeCmCommissioner::StoreMetadata
       base.include SpreeCmCommissioner::TaxonKind
       base.include SpreeCmCommissioner::ParticipationTypeBitwise
-      base.include SpreeCmCommissioner::EventCheckInFlowable
-
-      base.preference :background_color, :string
-      base.preference :foreground_color, :string
-
-      # seat_layout_id:
-      #   This model has no seat_layout column (polymorphic association), so we store the seat_layout ID in public_metadata.
-      #   This lets us check if a seat layout exists without triggering a database query.
-      #   The ID is automatically updated whenever the seat_layout is saved.
-      base.store :public_metadata, accessors: %i[
-        seat_layout_id
-      ], coder: JSON
+      base.include SpreeCmCommissioner::EventMetadata
 
       base.has_many :taxon_vendors, class_name: 'SpreeCmCommissioner::TaxonVendor'
       base.has_many :vendors, through: :taxon_vendors
@@ -104,14 +94,6 @@ module SpreeCmCommissioner
       end
     end
 
-    def background_color
-      preferred_background_color
-    end
-
-    def foreground_color
-      preferred_foreground_color
-    end
-
     def set_kind
       self.kind = taxonomy.kind
     end

data/app/models/spree_cm_commissioner/trip.rb

@@ -1,16 +1,14 @@
 module SpreeCmCommissioner
   class Trip < Base
+    include SpreeCmCommissioner::StoreMetadata
     include SpreeCmCommissioner::RouteType
 
     attr_accessor :hours, :minutes, :seconds
 
-    # seat_layout_id:
-    #   This model has no seat_layout column (polymorphic association), so we store the seat_layout ID in public_metadata.
-    #   This lets us check if a seat layout exists without triggering a database query.
-    #   The ID is automatically updated whenever the seat_layout is saved.
-    store :public_metadata, accessors: %i[
-      seat_layout_id
-    ], coder: JSON
+    # This model has no seat_layout column (polymorphic association), so we store the preload_seat_layout_id ID in public_metadata.
+    # This lets us check if a seat layout exists without triggering a database query.
+    # The ID is automatically updated whenever the seat_layout is saved.
+    store_public_metadata :preload_seat_layout_id, :integer
 
     before_validation :convert_duration_to_seconds
 

data/app/models/spree_cm_commissioner/vehicle.rb

@@ -1,14 +1,12 @@
 module SpreeCmCommissioner
   class Vehicle < Base
+    include SpreeCmCommissioner::StoreMetadata
     include SpreeCmCommissioner::VehicleType
 
-    # seat_layout_id:
-    #   This model has no seat_layout column (polymorphic association), so we store the seat_layout ID in public_metadata.
-    #   This lets us check if a seat layout exists without triggering a database query.
-    #   The ID is automatically updated whenever the seat_layout is saved.
-    store :public_metadata, accessors: %i[
-      seat_layout_id
-    ], coder: JSON
+    # This model has no seat_layout column (polymorphic association), so we store the preload_seat_layout_id ID in public_metadata.
+    # This lets us check if a seat layout exists without triggering a database query.
+    # The ID is automatically updated whenever the seat_layout is saved.
+    store_public_metadata :preload_seat_layout_id, :integer
 
     belongs_to :vendor, class_name: 'Spree::Vendor'
 

data/app/overrides/spree/admin/taxons/_form/background_color_and_foreground_color.html.erb.deface

@@ -4,17 +4,17 @@
 
 <div class="row <%= "d-none" unless @taxon.depth == 1 %>">
   <div class="col-md-6">
-    <%= f.label :preferred_background_color, Spree.t('background_color'), class: 'form-label' %>
-    <%= f.text_field :preferred_background_color, class: 'form-control color-picker', placeholder: '#FFFFFF', value: @object.preferred_background_color %>
+    <%= f.label :background_color, Spree.t('background_color'), class: 'form-label' %>
+    <%= f.text_field :background_color, class: 'form-control color-picker', placeholder: '#FFFFFF', value: @object.background_color %>
     <div class="color-preview" style="margin-top: 10px;">
-      <%= content_tag :div, nil, style: "background-color: #{@object.preferred_background_color}; width: 60px; height: 60px; border: 1px solid #ccc; box-sizing: border-box; display: block;" %>
+      <%= content_tag :div, nil, style: "background-color: #{@object.background_color}; width: 60px; height: 60px; border: 1px solid #ccc; box-sizing: border-box; display: block;" %>
     </div>
   </div>
   <div class="col-md-6">
-    <%= f.label :preferred_foreground_color, Spree.t('foreground_color'), class: 'form-label' %>
-    <%= f.text_field :preferred_foreground_color, class: 'form-control color-picker', placeholder: '#FFFFFF', value: @object.preferred_foreground_color %>
+    <%= f.label :foreground_color, Spree.t('foreground_color'), class: 'form-label' %>
+    <%= f.text_field :foreground_color, class: 'form-control color-picker', placeholder: '#FFFFFF', value: @object.foreground_color %>
     <div class="color-preview" style="margin-top: 10px;">
-      <%= content_tag :div, nil, style: "background-color: #{@object.preferred_foreground_color}; width: 60px; height: 60px; border: 1px solid #ccc; box-sizing: border-box; display: block;" %>
+      <%= content_tag :div, nil, style: "background-color: #{@object.foreground_color}; width: 60px; height: 60px; border: 1px solid #ccc; box-sizing: border-box; display: block;" %>
     </div>
   </div>
 </div>

data/app/overrides/spree/admin/taxons/_form/check_in_flows.html.erb.deface

@@ -2,17 +2,23 @@
 
 <%# Sections don't use video banner, so we hide the form here to avoid confusing admin. %>
 
-<%= f.field_container :preferred_group_check_in_enabled, class: ['custom-control', 'custom-checkbox', 'my-4'] do %>
-  <%= f.check_box :preferred_group_check_in_enabled, class: 'custom-control-input' %>
-  <%= f.label :preferred_group_check_in_enabled, Spree.t(:enable_group_check_in), class: 'custom-control-label' %>
-  <%= f.error_message_on :preferred_group_check_in_enabled %>
+<%= f.field_container :group_check_in_enabled, class: ['custom-control', 'custom-checkbox', 'my-4'] do %>
+  <%= f.check_box :group_check_in_enabled, class: 'custom-control-input' %>
+  <%= f.label :group_check_in_enabled, Spree.t(:enable_group_check_in), class: 'custom-control-label' %>
+  <%= f.error_message_on :group_check_in_enabled %>
   <small class="form-text text-muted">
     Enabled by default for most events where users can purchase multiple tickets or use group scanning. For large events (like PSK, ASK, etc.) or invitation-based events, you should disable this to ensure each ticket or invitation is scanned individually.
   </small>
 <% end if @taxon.event? && @taxon.depth == 1 %> %>
 
-<%= f.field_container :preferred_individual_check_in_enabled, class: ['custom-control', 'custom-checkbox', 'my-4'] do %>
-  <%= f.check_box :preferred_individual_check_in_enabled, class: 'custom-control-input' %>
-  <%= f.label :preferred_individual_check_in_enabled, Spree.t(:enable_individual_check_in), class: 'custom-control-label' %>
-  <%= f.error_message_on :preferred_individual_check_in_enabled %>
+<%= f.field_container :individual_check_in_enabled, class: ['custom-control', 'custom-checkbox', 'my-4'] do %>
+  <%= f.check_box :individual_check_in_enabled, class: 'custom-control-input' %>
+  <%= f.label :individual_check_in_enabled, Spree.t(:enable_individual_check_in), class: 'custom-control-label' %>
+  <%= f.error_message_on :individual_check_in_enabled %>
+<% end if @taxon.event? && @taxon.depth == 1 %> %>
+
+<%= f.field_container :allow_manual_search_for_operator, class: ['custom-control', 'custom-checkbox', 'my-4'] do %>
+  <%= f.check_box :allow_manual_search_for_operator, class: 'custom-control-input' %>
+  <%= f.label :allow_manual_search_for_operator, Spree.t(:allow_manual_search_for_operator), class: 'custom-control-label' %>
+  <%= f.error_message_on :allow_manual_search_for_operator %>
 <% end if @taxon.event? && @taxon.depth == 1 %> %>

data/app/serializers/spree/v2/storefront/order_serializer_decorator.rb

@@ -0,0 +1,63 @@
+module Spree
+  module V2
+    module Storefront
+      module OrderSerializerDecorator
+        def self.prepended(base)
+          base.attribute :has_incomplete_guest_info do |order|
+            order.user.public_metadata['has_incomplete_guest_info'] || false
+          end
+
+          base.attribute :guest_info_status do |order|
+            {
+              incomplete: order_has_incomplete_guests?(order),
+              can_mark_complete: can_mark_complete?(order)
+            }
+          end
+        end
+
+        def self.order_has_incomplete_guests?(order)
+          order.line_items.any? do |line_item|
+            line_item.guests.any? do |guest|
+              guest_incomplete?(guest)
+            end
+          end
+        end
+
+        def self.guest_incomplete?(guest)
+          (guest.pre_registration_fields? && !guest.pre_registration_completed?) ||
+            (guest.post_registration_fields? && !guest.post_registration_completed?) ||
+            (guest.during_check_in_fields? && !guest.check_in_completed?)
+        end
+
+        def self.can_mark_complete?(order)
+          event_ended?(order) || all_guest_info_complete?(order)
+        end
+
+        def self.event_ended?(order)
+          order.line_items.any? { |line_item| event_ended_for_line_item?(line_item) }
+        end
+
+        def self.event_ended_for_line_item?(line_item)
+          event = line_item.event
+          event&.to_date.present? && event.to_date < Time.zone.today
+        end
+
+        def self.all_guest_info_complete?(order)
+          order.line_items.all? { |line_item| line_item_guests_complete?(line_item) }
+        end
+
+        def self.line_item_guests_complete?(line_item)
+          line_item.guests.all? { |guest| guest_complete?(guest) }
+        end
+
+        def self.guest_complete?(guest)
+          guest.pre_registration_completed? &&
+            (!guest.post_registration_fields? || guest.post_registration_completed?) &&
+            (!guest.during_check_in_fields? || guest.check_in_completed?)
+        end
+      end
+    end
+  end
+end
+
+Spree::V2::Storefront::OrderSerializer.prepend(Spree::V2::Storefront::OrderSerializerDecorator)

data/app/serializers/spree/v2/storefront/taxon_serializer_decorator.rb

@@ -18,7 +18,7 @@ module Spree
                           :purchasable_on, :vendor_id, :available_on, :hide_video_banner
 
           # To get full seat layout details, call the seat_layouts API with this ID.
-          base.attributes :seat_layout_id
+          base.attribute :seat_layout_id, &:preload_seat_layout_id
 
           base.attribute :purchasable_on_app do |taxon|
             taxon.purchasable_on == 'app' || taxon.purchasable_on == 'both'

data/app/serializers/spree_cm_commissioner/v2/operator/dashboard_crew_event_serializer.rb

@@ -5,6 +5,7 @@ module SpreeCmCommissioner
         attributes :id, :name, :permalink,
                    :from_date, :to_date,
                    :check_in_flows,
+                   :allow_manual_search_for_operator,
                    :updated_at
 
         has_many :children_classifications, serializer: :classification

data/config/initializers/spree_permitted_attributes.rb

@@ -31,10 +31,11 @@ module Spree
       from_date
       kind
       subtitle
-      preferred_background_color
-      preferred_foreground_color
-      preferred_group_check_in_enabled
-      preferred_individual_check_in_enabled
+      background_color
+      foreground_color
+      group_check_in_enabled
+      individual_check_in_enabled
+      allow_manual_search_for_operator
       show_badge_status
       purchasable_on
       available_on

data/config/routes.rb

@@ -477,6 +477,7 @@ Spree::Core::Engine.add_routes do
       end
 
       namespace :tenant do
+        resource :token, controller: :access_tokens, only: [:create]
         resources :vendors
         resources :products
         resources :taxons, only: %i[index show], id: /.+/
@@ -560,6 +561,7 @@ Spree::Core::Engine.add_routes do
       end
 
       namespace :storefront do
+        resource :token, controller: :access_tokens, only: [:create]
         resources :waiting_room_sessions, only: :create
         resources :vattanac_banks, only: %i[create]
         resource :cart, controller: :cart, only: %i[show create destroy] do
@@ -599,6 +601,10 @@ Spree::Core::Engine.add_routes do
 
         namespace :account do
           resource :preferred_payment_method, controller: :preferred_payment_method, only: %i[show update]
+          patch :mark_guest_info_complete, to: 'mark_guest_info_complete#update'
+          resources :guests, only: [] do
+            patch 'dynamic_fields/:phase', to: 'guest_dynamic_fields#update_dynamic_field', as: :update_dynamic_fields
+          end
         end
 
         resource :s3_signed_urls

data/docs/api/scoped-access-token-endpoints.md

@@ -0,0 +1,84 @@
+# Scoped Access Token Endpoints
+
+This document describes the new scoped access token endpoints that provide better security and clarity for different API usage patterns.
+
+## Overview
+
+Previously, all access tokens were retrieved via the generic `/oauth/token` endpoint, which made it difficult to apply security rules and prevent abuse. The new scoped endpoints provide:
+
+- **Clear separation** between storefront and tenant API usage
+- **Enhanced security** with application-specific validations
+- **Better monitoring** and logging capabilities
+- **Easier maintenance** and debugging
+
+## Endpoints
+
+### Storefront Access Token Endpoint
+
+**POST** `/api/v2/storefront/token`
+
+Issues access tokens for storefront applications.
+
+#### Example Response
+
+```json
+{
+  "access_token": "abc123...",
+  "token_type": "Bearer",
+  "expires_in": 86400,
+  "refresh_token": "def456...",
+  "created_at": 1640995200
+}
+```
+
+### Tenant Access Token Endpoint
+
+**POST** `/api/v2/tenant/token`
+
+Issues access tokens for tenant applications (third-party integrations, partner apps, etc.).
+
+#### Example Response
+
+```json
+{
+  "access_token": "xyz789...",
+  "token_type": "Bearer",
+  "expires_in": 86400,
+  "refresh_token": "uvw012...",
+  "created_at": 1640995200
+}
+```
+
+## Migration Guide
+
+### For Storefront Applications
+
+1. **Update endpoint URL**: Change from `/oauth/token` to `/api/v2/storefront/token`
+2. **No other changes required**: All existing parameters and flows work identically
+
+### For Tenant Applications
+
+1. **Update endpoint URL**: Change from `/oauth/token` to `/api/v2/tenant/token`
+2. **No other changes required**: All existing parameters and flows work identically
+
+### Legacy Support
+
+The original `/oauth/token` endpoint remains available.
+
+## Implementation
+
+### Controller Inheritance
+
+Both controllers inherit from `Doorkeeper::TokensController`.
+
+### Route Configuration
+
+```ruby
+namespace :storefront do
+  resource :token, controller: :access_tokens, only: [:create]
+end
+
+namespace :tenant do
+  resource :token, controller: :access_tokens, only: [:create]
+end
+```

data/lib/spree_cm_commissioner/version.rb

@@ -1,5 +1,5 @@
 module SpreeCmCommissioner
-  VERSION = '2.1.8'.freeze
+  VERSION = '2.1.9-pre1'.freeze
 
   module_function
 

data/lib/spree_cm_commissioner.rb

@@ -52,27 +52,49 @@ require 'byebug' if Rails.env.development? || Rails.env.test?
 
 module SpreeCmCommissioner
   class << self
-    # Allows overriding the default Redis connection pool with a custom one
-    attr_writer :redis_pool
+    # Allows overriding the default Redis connection pools with custom ones
+    attr_writer :inventory_redis_pool, :external_integrations_redis_pool
 
-    def redis_pool
-      @redis_pool ||= default_redis_pool
+    # Inventory Redis pool for inventory management
+    def inventory_redis_pool
+      @inventory_redis_pool ||= default_inventory_redis_pool
     end
 
-    # Resets the Redis pool, useful for testing or reinitialization
-    def reset_redis_pool
-      @redis_pool = nil
+    # External integrations Redis pool for external API integrations
+    def external_integrations_redis_pool
+      @external_integrations_redis_pool ||= default_external_integrations_redis_pool
+    end
+
+    # Resets all Redis pools, useful for testing or reinitialization
+    def reset_redis_pools
+      @inventory_redis_pool = nil
+      @external_integrations_redis_pool = nil
     end
 
     private
 
-    def default_redis_pool
-      pool_size = ENV.fetch('REDIS_POOL_SIZE', '5').to_i
-      timeout = ENV.fetch('REDIS_TIMEOUT', '5').to_i
-      redis_url = ENV.fetch('REDIS_URL', 'redis://localhost:6379/12')
+    def default_inventory_redis_pool
+      create_redis_pool(
+        url: ENV.fetch('REDIS_INVENTORY_URL', ENV.fetch('REDIS_URL', 'redis://localhost:6379/12')),
+        pool_size: ENV.fetch('REDIS_INVENTORY_POOL_SIZE', ENV.fetch('REDIS_POOL_SIZE', '5')).to_i,
+        timeout: ENV.fetch('REDIS_TIMEOUT', '5').to_i
+      )
+    end
+
+    def default_external_integrations_redis_pool
+      create_redis_pool(
+        url: ENV.fetch('REDIS_EXTERNAL_INTEGRATIONS_URL', ENV.fetch('REDIS_URL', 'redis://localhost:6379/13')),
+        pool_size: ENV.fetch('REDIS_EXTERNAL_INTEGRATIONS_POOL_SIZE', ENV.fetch('REDIS_POOL_SIZE', '5')).to_i,
+        timeout: ENV.fetch('REDIS_TIMEOUT', '5').to_i
+      )
+    end
+
+    def create_redis_pool(url:, pool_size:, timeout:)
+      ssl_params = {}
+      ssl_params.merge!({ verify_mode: OpenSSL::SSL::VERIFY_NONE }) if ENV['HEROKU_APP_ID'].present?
 
       ConnectionPool.new(size: pool_size, timeout: timeout) do
-        Redis.new(url: redis_url, timeout: timeout)
+        Redis.new(url: url, timeout: timeout, ssl_params: ssl_params)
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spree_cm_commissioner
 version: !ruby/object:Gem::Version
-  version: 2.1.8
+  version: 2.1.9.pre.pre1
 platform: ruby
 authors:
 - You
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-10-01 00:00:00.000000000 Z
+date: 2025-10-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: spree
@@ -909,8 +909,11 @@ files:
 - app/controllers/spree/api/v2/platform/seat_number_layouts_controller.rb
 - app/controllers/spree/api/v2/platform/taxons_controller_decorator.rb
 - app/controllers/spree/api/v2/resource_controller_decorator.rb
+- app/controllers/spree/api/v2/storefront/access_tokens_controller.rb
 - app/controllers/spree/api/v2/storefront/accommodations/variants_controller.rb
 - app/controllers/spree/api/v2/storefront/accommodations_controller.rb
+- app/controllers/spree/api/v2/storefront/account/guest_dynamic_fields_controller.rb
+- app/controllers/spree/api/v2/storefront/account/mark_guest_info_complete_controller.rb
 - app/controllers/spree/api/v2/storefront/account/orders_controller_decorator.rb
 - app/controllers/spree/api/v2/storefront/account/preferred_payment_method_controller.rb
 - app/controllers/spree/api/v2/storefront/account_checker_controller.rb
@@ -978,6 +981,7 @@ files:
 - app/controllers/spree/api/v2/storefront/waiting_room_sessions_controller.rb
 - app/controllers/spree/api/v2/storefront/wished_items_controller.rb
 - app/controllers/spree/api/v2/storefront/wishlists_controller_decorator.rb
+- app/controllers/spree/api/v2/tenant/access_tokens_controller.rb
 - app/controllers/spree/api/v2/tenant/account/orders_controller.rb
 - app/controllers/spree/api/v2/tenant/account_checker_controller.rb
 - app/controllers/spree/api/v2/tenant/account_controller.rb
@@ -1309,7 +1313,7 @@ files:
 - app/mailers/spree_cm_commissioner/pin_code_mailer.rb
 - app/mailers/spree_cm_commissioner/team_invite_mailer.rb
 - app/models/.gitkeep
-- app/models/concerns/spree_cm_commissioner/event_check_in_flowable.rb
+- app/models/concerns/spree_cm_commissioner/event_metadata.rb
 - app/models/concerns/spree_cm_commissioner/homepage_section_bitwise.rb
 - app/models/concerns/spree_cm_commissioner/json_preference_validator.rb
 - app/models/concerns/spree_cm_commissioner/kyc_bitwise.rb
@@ -1329,6 +1333,7 @@ files:
 - app/models/concerns/spree_cm_commissioner/product_type.rb
 - app/models/concerns/spree_cm_commissioner/route_type.rb
 - app/models/concerns/spree_cm_commissioner/service_calendar_type.rb
+- app/models/concerns/spree_cm_commissioner/store_metadata.rb
 - app/models/concerns/spree_cm_commissioner/store_preference.rb
 - app/models/concerns/spree_cm_commissioner/taxon_kind.rb
 - app/models/concerns/spree_cm_commissioner/tenant_preference.rb
@@ -1738,6 +1743,7 @@ files:
 - app/serializers/spree/v2/storefront/notification_serializer.rb
 - app/serializers/spree/v2/storefront/option_type_serializer_decorator.rb
 - app/serializers/spree/v2/storefront/option_value_serializer_decorator.rb
+- app/serializers/spree/v2/storefront/order_serializer_decorator.rb
 - app/serializers/spree/v2/storefront/place_serializer.rb
 - app/serializers/spree/v2/storefront/product_serializer_decorator.rb
 - app/serializers/spree/v2/storefront/role_serializer.rb
@@ -2773,6 +2779,7 @@ files:
 - db/migrate/20250930094228_add_application_id_to_cm_pin_codes.rb
 - db/migrate/20250930100657_add_settings_to_spree_oauth_applications.rb
 - docker-compose.yml
+- docs/api/scoped-access-token-endpoints.md
 - docs/option_types/attr_types.md
 - docs/private_key.pem
 - docs/public_key.pem
@@ -2931,9 +2938,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements:
 - none
 rubygems_version: 3.4.1

data/app/models/concerns/spree_cm_commissioner/event_check_in_flowable.rb

@@ -1,30 +0,0 @@
-module SpreeCmCommissioner
-  module EventCheckInFlowable
-    extend ActiveSupport::Concern
-
-    included do
-      preference :group_check_in_enabled, :boolean, default: true
-      preference :individual_check_in_enabled, :boolean, default: true
-
-      before_validation :validate_at_least_one_check_in_flow_presence
-    end
-
-    def check_in_flows
-      flows = []
-      flows << 'group' if group_check_in_enabled?
-      flows << 'individual' if individual_check_in_enabled?
-      flows
-    end
-
-    def group_check_in_enabled? = preferred_group_check_in_enabled
-    def individual_check_in_enabled? = preferred_individual_check_in_enabled
-
-    private
-
-    def validate_at_least_one_check_in_flow_presence
-      return if check_in_flows.any?
-
-      errors.add(:check_in_flows, 'must have at least one flow selected')
-    end
-  end
-end