Merge branch 'master' into staging

Rodrigo Souto
2 parents 1fe6b276 4b00dad4
Showing 136 changed files with 1279 additions and 399 deletions Show diff stats
.travis.yml
RELEASING.md
app/controllers/box_organizer_controller.rb
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile/profile_members_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/content_viewer_controller.rb
app/controllers/public/profile_controller.rb
app/helpers/application_helper.rb
app/helpers/article_helper.rb
app/helpers/block_helper.rb
app/helpers/boxes_helper.rb
app/helpers/forms_helper.rb
app/mailers/mailing.rb
app/mailers/organization_mailing.rb
app/models/article.rb
app/models/block.rb
app/models/comment.rb
app/models/disabled_enterprise_message_block.rb
app/models/environment.rb
@@ -37,7 +37,7 @@ before_install:
 cache: bundler
  
 before_script:
-  - mkdir -p tmp/{pids,cache} log
+  - mkdir -p tmp/{pids,cache} log cache
   - script/noosfero-plugins disableall
   #- bundle exec rake makemo &>/dev/null
 # database
@@ -3,37 +3,30 @@ Noosfero release tasks
  
 This file documents release-related activities.
  
-Working with translations
--------------------------
-
-* Update translation files: `rake updatepo`. Then `git commit` them.
-* Send the PO files to the translators.
-* Get the PO files back from translators, put in `po/` under the correct language name (e.,g. `po/pt_BR/`) and `git commit`.
-* test translations: `rake makemo` and browse the application on the web.
-
 Releasing noosfero
 ------------------
  
-Considering you are on a Debian GNU/Linux or Debian-based system
+Considering you are on a Debian GNU/Linux or Debian-based system, the following
+packages are required during the release process:
  
-    # apt-get install devscripts debhelper
+```
+# apt install git devscripts debhelper
+```
  
 To prepare a release of noosfero, you must follow the steps below:
  
-* Finish all requirements and bugs assigned to the to-be-released version
+* Disable the automatic pushing of translation updates in weblate.
 * Make sure all tests pass
-* Write release notes at the version's wiki topic
 * Generate packages with `rake noosfero:release[(stable|test)]`. This task will:
   * Update the version in lib/noosfero.rb and debian/changelog.
   * Create the tarbal and the deb pkg under pkg/ directory.
   * Create a git tag and push it.
-  * Upload the pkg to the configured repository (if configured) on ~/.dput.cf.
+  * Upload the packages to the configured repository (if configured) on ~/.dput.cf.
 * Test that the tarball and deb package are ok
-* Go to the version's wiki topic and edit it to reflect the new reality
-* Edit the topic WebPreferences and update DEBIAN_REPOSITORY_TOPICS setting
-* Attach the generated packages to that topic. Before attaching calculate the sha1 of the package (with sha1sum and paste the SHA1 hash as comment in the attachment form)
-* Download the attached and verify the MD5 hash
 * Update an eventual demonstration version that you run.
-* Write an announcement e-mail to the relevant mailing lists pointing to the release notes, and maybe to the demonstration version.
+* Write an announcement e-mail to the relevant mailing lists pointing to the
+  release notes, and maybe to the demonstration version.
+* Re-enable the automatic pushing of trasnlatio updates in weblate.
  
-If you had any problem during these steps, you can do `rake clobber_package` to completely delete the generated packages and start the process again.
+If you had any problem during these steps, you can do `rake clobber_package` to
+completely delete the generated packages and start the process again.
@@ -83,12 +83,9 @@ class BoxOrganizerController &lt; ApplicationController
  
   def save
     @block = boxes_holder.blocks.find(params[:id])
-    if @block.kind_of?(RawHTMLBlock) && !user.is_admin?(environment)
-      render_access_denied
-    else
-      @block.update(params[:block])
-      redirect_to :action => 'index'
-    end
+    return render_access_denied unless @block.editable?(user)
+    @block.update(params[:block])
+    redirect_to :action => 'index'
   end
  
   def boxes_editor?
@@ -32,7 +32,8 @@ class CmsController &lt; MyProfileController
   end
  
   protect_if :only => [:new, :upload_files] do |c, user, profile|
-    parent = profile.articles.find_by_id(c.params[:parent_id])
+    parent_id = c.params[:article].present? ? c.params[:article][:parent_id] : c.params[:parent_id]
+    parent = profile.articles.find_by_id(parent_id)
     user && user.can_post_content?(profile, parent)
   end
  
@@ -2,8 +2,27 @@ class ProfileMembersController &lt; MyProfileController
   protect 'manage_memberships', :profile
  
   def index
-    @members = profile.members_by_name
-    @member_role = environment.roles.find_by_name('member')
+    @filters = params[:filters] || {:roles => []}
+    all_roles = Profile::Roles.organization_member_roles(environment.id) | Profile::Roles.organization_custom_roles(environment.id, profile.id)
+    @filters[:roles] = all_roles unless @filters[:roles].present?
+    @data = {}
+    field = 'name'
+    field = 'email' if @filters[:name] =~ /\@/
+
+    @data[:members] = profile.members_by(field,@filters[:name]).by_role(@filters[:roles])
+    session[:members_filtered] = @data[:members].map{|m|m.id} if request.post?
+    @data[:roles] = all_roles
+
+  end
+
+  def send_mail
+    session[:members_filtered] = params[:members_filtered].select{|value| value!="0"}
+    if session[:members_filtered].present?
+      redirect_to :controller => :profile, :action => :send_mail
+    else
+      session[:notice] = _("Select at least one member.")
+      redirect_to :action => :index
+    end
   end
  
   def update_roles
@@ -156,4 +175,13 @@ class ProfileMembersController &lt; MyProfileController
     end
   end
  
+  def search_members
+    field = 'name'
+    field = 'email' if params[:filter_name] =~ /\@/
+
+    result = profile.members_like field, params[:filter_name]
+    result = result.select{|member| member.can_view_field?(current_person, "email") } if field=="email"
+    render :json => result.map { |member| {:label => "#{member.name}#{member.can_view_field?(current_person, "email") ? " <#{member.email}>" : ""}", :value => member.name }}
+  end
+
 end
@@ -198,7 +198,7 @@ class AccountController &lt; ApplicationController
     if request.post?
       begin
         unless verify_recaptcha
-          @change_password.errors.add(:base, _('Please type the words correctly'))
+          @change_password.errors.add(:base, _('Please type the captcha text correctly'))
           return false
         end
  
@@ -68,11 +68,7 @@ class ContentViewerController &lt; ApplicationController
     process_comments(params)
  
     if request.xhr? and params[:comment_order]
-      if @comment_order == 'newest'
-        @comments = @comments.reverse
-      end
-
-      return render :partial => 'comment/comment', :collection => @comments
+      return render :partial => 'comment/comments_with_pagination'
     end
  
     if params[:slideshow]
@@ -209,8 +205,6 @@ class ContentViewerController &lt; ApplicationController
  
   def rendered_file_download(view = nil)
     if @page.download? view
-      headers['Content-Type'] = @page.mime_type
-      headers.merge! @page.download_headers
       data = @page.data
  
       # TODO test the condition
@@ -218,7 +212,12 @@ class ContentViewerController &lt; ApplicationController
         raise "No data for file"
       end
  
-      render :text => data, :layout => false
+      if @page.published && @page.uploaded_file?
+        redirect_to @page.public_filename
+      else
+        send_data data, @page.download_headers
+      end
+
       return true
     end
  
@@ -244,8 +243,12 @@ class ContentViewerController &lt; ApplicationController
  
   def get_posts(year = nil, month = nil)
     if year && month
-      filter_date = DateTime.parse("#{year}-#{month}-01")
-      return @page.posts.by_range(filter_date..filter_date.at_end_of_month)
+      begin
+        filter_date = DateTime.parse("#{year}-#{month}-01")
+        return @page.posts.by_range(filter_date..filter_date.at_end_of_month)
+      rescue ArgumentError
+        return @page.posts
+      end
     else
       return @page.posts
     end
@@ -276,8 +279,12 @@ class ContentViewerController &lt; ApplicationController
     @comments = @page.comments.without_spam
     @comments = @plugins.filter(:unavailable_comments, @comments)
     @comments_count = @comments.count
-    @comments = @comments.without_reply.paginate(:per_page => per_page, :page => params[:comment_page] )
     @comment_order = params[:comment_order].nil? ? 'oldest' : params[:comment_order]
+    @comments = @comments.without_reply
+    if @comment_order == 'newest'
+      @comments = @comments.reverse
+    end
+    @comments = @comments.paginate(:per_page => per_page, :page => params[:comment_page] )
   end
  
   private
@@ -155,6 +155,18 @@ class ProfileController &lt; PublicController
     end
   end
  
+  def follow_article
+    article = profile.environment.articles.find params[:article_id]
+    article.person_followers << user
+    redirect_to article.url
+  end
+
+  def unfollow_article
+    article = profile.environment.articles.find params[:article_id]
+    article.person_followers.delete(user)
+    redirect_to article.url
+  end
+
   def unblock
     if current_user.person.is_admin?(profile.environment)
       profile.unblock
@@ -362,6 +374,7 @@ class ProfileController &lt; PublicController
   def send_mail
     @mailing = profile.mailings.build(params[:mailing])
     @email_templates = profile.email_templates.find_all_by_template_type(:organization_members)
+    @mailing.data = session[:members_filtered] ? {:members_filtered => session[:members_filtered]} : {}
     if request.post?
       @mailing.locale = locale
       @mailing.person = user
@@ -150,14 +150,8 @@ module ApplicationHelper
     link_to text, profile_path(:profile => profile) , options
   end
  
-  def link_to_homepage(text, profile = nil, options = {})
-    p = if profile
-          Profile[profile]
-        else
-          user
-        end
-
-    link_to text, p.url, options
+  def link_to_homepage(text, profile, options = {})
+    link_to text, profile.url, options
   end
  
   def link_if_permitted(link, permission = nil, target = nil)
@@ -556,14 +550,25 @@ module ApplicationHelper
         trigger_class = 'enterprise-trigger'
       end
     end
-    extra_info = extra_info.nil? ? '' : content_tag( 'span', extra_info, :class => 'extra_info' )
+
+    extra_info_tag = ''
+    img_class = 'profile-image'
+
+    if extra_info.is_a? Hash
+      extra_info_tag = content_tag( 'span', extra_info[:value], :class => 'extra_info '+extra_info[:class])
+      img_class +=' '+extra_info[:class]
+    else
+      extra_info_tag = content_tag( 'span', extra_info, :class => 'extra_info' )
+    end
+
     links = links_for_balloon(profile)
     content_tag('div', content_tag(tag,
-                                   (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ? popover_menu(_('Profile links'),profile.short_name,links,{:class => trigger_class, :url => url}) : "") +
+                                   (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ?
+                                   popover_menu(_('Profile links'),profile.short_name,links,{:class => trigger_class, :url => url}) : "") +
     link_to(
-      content_tag( 'span', profile_image( profile, size ), :class => 'profile-image' ) +
+      content_tag( 'span', profile_image( profile, size ), :class => img_class ) +
       content_tag( 'span', h(name), :class => ( profile.class == Person ? 'fn' : 'org' ) ) +
-      extra_info + profile_sex_icon( profile ),
+      extra_info_tag + profile_sex_icon( profile ),
       profile.url,
       :class => 'profile_link url',
       :help => _('Click on this icon to go to the <b>%s</b>\'s home page') % profile.name,
@@ -711,7 +716,7 @@ module ApplicationHelper
   class NoosferoFormBuilder < ActionView::Helpers::FormBuilder
     extend ActionView::Helpers::TagHelper
  
-    def self.output_field(text, field_html, field_id = nil, options = {})
+    def self.output_field(text, field_html, field_id = nil)
       # try to guess an id if none given
       if field_id.nil?
         field_html =~ /id=['"]([^'"]*)['"]/
@@ -1040,10 +1045,11 @@ module ApplicationHelper
   end
  
   def search_contents_menu
+    host = environment.default_hostname
     links = [
-      {s_('contents|More recent') => {:href => url_for({:controller => 'search', :action => 'contents', :filter => 'more_recent'})}},
-      {s_('contents|More viewed') => {:href => url_for({:controller => 'search', :action => 'contents', :filter => 'more_popular'})}},
-      {s_('contents|Most commented') => {:href => url_for({:controller => 'search', :action => 'contents', :filter => 'more_comments'})}}
+      {s_('contents|More recent') => {href: url_for({host: host, controller: 'search', action: 'contents', filter: 'more_recent'})}},
+      {s_('contents|More viewed') => {href: url_for({host: host, controller: 'search', action: 'contents', filter: 'more_popular'})}},
+      {s_('contents|Most commented') => {href: url_for({host: host, controller: 'search', action: 'contents', filter: 'more_comments'})}}
     ]
     if logged_in?
       links.push(_('New content') => modal_options({:href => url_for({:controller => 'cms', :action => 'new', :profile => current_user.login, :cms => true})}))
@@ -1055,10 +1061,11 @@ module ApplicationHelper
   alias :browse_contents_menu :search_contents_menu
  
   def search_people_menu
+    host = environment.default_hostname
      links = [
-       {s_('people|More recent') => {:href => url_for({:controller => 'search', :action => 'people', :filter => 'more_recent'})}},
-       {s_('people|More active') => {:href => url_for({:controller => 'search', :action => 'people', :filter => 'more_active'})}},
-       {s_('people|More popular') => {:href => url_for({:controller => 'search', :action => 'people', :filter => 'more_popular'})}}
+       {s_('people|More recent') => {href: url_for({host: host, controller: 'search', action: 'people', filter: 'more_recent'})}},
+       {s_('people|More active') => {href: url_for({host: host, controller: 'search', action: 'people', filter: 'more_active'})}},
+       {s_('people|More popular') => {href: url_for({host: host, controller: 'search', action: 'people', filter: 'more_popular'})}}
      ]
      if logged_in?
        links.push(_('My friends') => {:href => url_for({:profile => current_user.login, :controller => 'friends'})})
@@ -1071,10 +1078,11 @@ module ApplicationHelper
   alias :browse_people_menu :search_people_menu
  
   def search_communities_menu
+    host = environment.default_hostname
      links = [
-       {s_('communities|More recent') => {:href => url_for({:controller => 'search', :action => 'communities', :filter => 'more_recent'})}},
-       {s_('communities|More active') => {:href => url_for({:controller => 'search', :action => 'communities', :filter => 'more_active'})}},
-       {s_('communities|More popular') => {:href => url_for({:controller => 'search', :action => 'communities', :filter => 'more_popular'})}}
+       {s_('communities|More recent') => {href: url_for({host: host, controller: 'search', action: 'communities', filter: 'more_recent'})}},
+       {s_('communities|More active') => {href: url_for({host: host, controller: 'search', action: 'communities', filter: 'more_active'})}},
+       {s_('communities|More popular') => {href: url_for({host: host, controller: 'search', action: 'communities', filter: 'more_popular'})}}
      ]
      if logged_in?
        links.push(_('My communities') => {:href => url_for({:profile => current_user.login, :controller => 'memberships'})})
@@ -169,4 +169,30 @@ module ArticleHelper
     _('Edit')
   end
  
+  def follow_button_text(article)
+    if article.event?
+      _('Attend')
+    else
+      _('Follow')
+    end
+  end
+
+  def unfollow_button_text(article)
+    if article.event?
+      _('Unattend')
+    else
+      _('Unfollow')
+    end
+  end
+
+  def following_button(page, user)
+    if !user.blank? and user != page.author
+      if page.is_followed_by? user
+        button :cancel, unfollow_button_text(page), {:controller => 'profile', :action => 'unfollow_article', :article_id => page.id}
+      else
+        button :add, follow_button_text(page), {:controller => 'profile', :action => 'follow_article', :article_id => page.id}
+      end
+    end
+  end
+
 end
@@ -14,6 +14,7 @@ module BlockHelper
       </td>
       <td>#{text_field_tag 'block[images][][address]', image[:address], :class => 'highlight-address', :size => 20}</td>
       <td>#{text_field_tag 'block[images][][position]', image[:position], :class => 'highlight-position', :size => 1}</td>
+      <td>#{check_box_tag 'block[images][][new_window]', '1', image[:new_window], :class => 'highlight-new_window', :size => 1}</td>
     </tr><tr class=\"image-title\" data-row-number='#{row_number}'>
       <td colspan=\"3\"><label>#{
         content_tag('span', _('Title')) +
@@ -250,7 +250,7 @@ module BoxesHelper
       end
     end
  
-    if editable?(block)
+    if editable?(block, user)
       buttons << modal_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
     end
  
@@ -296,7 +296,7 @@ module BoxesHelper
     return block.movable? || user.is_admin?
   end
  
-  def editable?(block)
-    return block.editable? || user.is_admin?
+  def editable?(block, user=nil)
+    return block.editable?(user) || user.is_admin?
   end
 end
@@ -7,9 +7,10 @@ module FormsHelper
  
   def labelled_check_box( human_name, name, value = "1", checked = false, options = {} )
     options[:id] ||= 'checkbox-' + FormsHelper.next_id_number
-    hidden_field_tag(name, '0') +
-      check_box_tag( name, value, checked, options ) +
-      content_tag( 'label', human_name, :for => options[:id] )
+    html = options[:add_hidden] == false ? "" : hidden_field_tag(name, '0')
+
+    html += check_box_tag( name, value, checked, options ) +
+         content_tag( 'label', human_name, :for => options[:id] )
   end
  
   def labelled_text_field( human_name, name, value=nil, options={} )
@@ -2,7 +2,10 @@ require_dependency &#39;mailing_job&#39;
  
 class Mailing < ActiveRecord::Base
  
-  attr_accessible :subject, :body
+  acts_as_having_settings :field => :data
+
+  attr_accessible :subject, :body, :data
+
   validates_presence_of :source_id, :subject, :body
   belongs_to :source, :foreign_key => :source_id, :polymorphic => true
   belongs_to :person
@@ -5,9 +5,17 @@ class OrganizationMailing &lt; Mailing
   end
  
   def recipients(offset=0, limit=100)
-    source.members.order(:id).offset(offset).limit(limit)
-      .joins("LEFT OUTER JOIN mailing_sents m ON (m.mailing_id = #{id} AND m.person_id = profiles.id)")
+    result = source.members.order(:id).offset(offset).limit(limit)
+
+    if data.present? and data.is_a?(Hash) and data[:members_filtered]
+      result = result.where('profiles.id IN (?)', data[:members_filtered])
+    end
+
+    if result.blank?
+      result = result.joins("LEFT OUTER JOIN mailing_sents m ON (m.mailing_id = #{id} AND m.person_id = profiles.id)")
       .where("m.person_id" => nil)
+    end
+    result
   end
  
   def each_recipient
@@ -8,8 +8,9 @@ class Article &lt; ActiveRecord::Base
                   :accept_comments, :feed, :published, :source, :source_name,
                   :highlighted, :notify_comments, :display_hits, :slug,
                   :external_feed_builder, :display_versions, :external_link,
-                  :author, :published_at, :person_followers, :show_to_followers, 
-                  :image_builder, :display_preview, :archived
+                  :image_builder, :show_to_followers,
+                  :author, :display_preview, :published_at, :person_followers,
+                  :archived
  
   acts_as_having_image
  
@@ -83,6 +84,10 @@ class Article &lt; ActiveRecord::Base
  
   has_many :comments, :class_name => 'Comment', :foreign_key => 'source_id', :dependent => :destroy, :order => 'created_at asc'
  
+  has_many :article_followers, :dependent => :destroy
+  has_many :person_followers, :class_name => 'Person', :through => :article_followers, :source => :person
+  has_many :person_followers_emails, :class_name => 'User', :through => :person_followers, :source => :user, :select => :email
+
   has_many :article_categorizations, -> { where 'articles_categories.virtual = ?', false }
   has_many :categories, :through => :article_categorizations
  
@@ -95,7 +100,6 @@ class Article &lt; ActiveRecord::Base
   settings_items :author_name, :type => :string, :default => ""
   settings_items :allow_members_to_edit, :type => :boolean, :default => false
   settings_items :moderate_comments, :type => :boolean, :default => false
-  settings_items :followers, :type => Array, :default => []
   has_and_belongs_to_many :article_privacy_exceptions, :class_name => 'Person', :join_table => 'article_privacy_exceptions'
  
   belongs_to :reference_article, :class_name => "Article", :foreign_key => 'reference_article_id'
@@ -173,7 +177,6 @@ class Article &lt; ActiveRecord::Base
     end
   end
  
-
   def is_trackable?
     self.published? && self.notifiable? && self.advertise? && self.profile.public_profile
   end
@@ -374,6 +377,10 @@ class Article &lt; ActiveRecord::Base
     self.parent and self.parent.forum?
   end
  
+  def person_followers_email_list
+    person_followers_emails.map{|p|p.email}
+  end
+
   def info_from_last_update
     last_comment = comments.last
     if last_comment
@@ -383,6 +390,10 @@ class Article &lt; ActiveRecord::Base
     end
   end
  
+  def full_path
+    profile.hostname.blank? ? "/#{profile.identifier}/#{path}" : "/#{path}"
+  end
+
   def url
     @url ||= self.profile.url.merge(:page => path.split('/'))
   end
@@ -408,13 +419,19 @@ class Article &lt; ActiveRecord::Base
   end
  
   def download? view = nil
-    (self.uploaded_file? and not self.image?) or
-      (self.image? and view.blank?) or
-      (not self.uploaded_file? and self.mime_type != 'text/html')
+    false
+  end
+
+  def is_followed_by?(user)
+    self.person_followers.include? user
+  end
+
+  def download_disposition
+    'inline'
   end
  
   def download_headers
-    {}
+    { :filename => filename, :type => mime_type, :disposition => download_disposition}
   end
  
   def alternate_languages
@@ -195,8 +195,8 @@ class Block &lt; ActiveRecord::Base
     nil
   end
  
-  # Is this block editable? (Default to <tt>false</tt>)
-  def editable?
+  # Is this block editable? (Default to <tt>true</tt>)
+  def editable?(user=nil)
     self.edit_modes == "all"
   end
  
@@ -6,13 +6,14 @@ class Comment &lt; ActiveRecord::Base
     :body => {:label => _('Content'), :weight => 2},
   }
  
-  attr_accessible :body, :author, :name, :email, :title, :reply_of_id, :source
+  attr_accessible :body, :author, :name, :email, :title, :reply_of_id, :source, :follow_article
  
   validates_presence_of :body
  
   belongs_to :source, :counter_cache => true, :polymorphic => true
   alias :article :source
   alias :article= :source=
+  attr_accessor :follow_article
  
   belongs_to :author, :class_name => 'Person', :foreign_key => 'author_id'
   has_many :children, :class_name => 'Comment', :foreign_key => 'reply_of_id', :dependent => :destroy
@@ -102,10 +103,9 @@ class Comment &lt; ActiveRecord::Base
  
   after_create :new_follower
   def new_follower
-    if source.kind_of?(Article)
-      article.followers += [author_email]
-      article.followers -= article.profile.notification_emails
-      article.followers.uniq!
+    if source.kind_of?(Article) and !author.nil? and @follow_article
+      article.person_followers += [author]
+      article.person_followers.uniq!
       article.save
     end
   end
@@ -147,7 +147,7 @@ class Comment &lt; ActiveRecord::Base
       if !notification_emails.empty?
         CommentNotifier.notification(self).deliver
       end
-      emails = article.followers - [author_email]
+      emails = article.person_followers_email_list - [author_email]
       if !emails.empty?
         CommentNotifier.mail_to_followers(self, emails).deliver
       end
@@ -19,7 +19,7 @@ class DisabledEnterpriseMessageBlock &lt; Block
     end
   end
  
-  def editable?
+  def editable?(user=nil)
     false
   end
  
@@ -56,6 +56,7 @@ class Environment &lt; ActiveRecord::Base
     'manage_environment_trusted_sites' => N_('Manage environment trusted sites'),
     'edit_appearance'      => N_('Edit appearance'),
     'manage_email_templates' => N_('Manage Email Templates'),
+    'edit_raw_html_block'      => N_('Edit Raw HTML block'),
   }
  
   module Roles
@@ -15,6 +15,8 @@ class HighlightsBlock &lt; Block
       if !Noosfero.root.nil? and !i[:address].start_with?(Noosfero.root + '/')
         i[:address] = Noosfero.root + i[:address]
       end
+      i[:new_window] = i[:new_window] == '1' ? true : false
+
       begin
         file = UploadedFile.find(i[:image_id])
         i[:image_src] = file.public_filename
 # A person is the profile of an user holding all relationships with the rest of the system
 class Person < Profile
  
-  attr_accessible :organization, :contact_information, :sex, :birth_date, :cell_phone,
-    :comercial_phone, :jabber_id, :personal_website, :nationality, :address_reference,
-    :district, :schooling, :schooling_status, :formation, :custom_formation, :area_of_study,
-    :custom_area_of_study, :professional_activity, :organization_website, :following_articles
+  attr_accessible :organization, :contact_information, :sex, :birth_date, :cell_phone, :comercial_phone, :jabber_id, :personal_website, :nationality, :address_reference, :district, :schooling, :schooling_status, :formation, :custom_formation, :area_of_study, :custom_area_of_study, :professional_activity, :organization_website, :following_articles
  
   SEARCH_FILTERS = {
     :order => %w[more_recent more_popular more_active],
@@ -19,26 +16,29 @@ class Person &lt; Profile
   acts_as_trackable :after_add => Proc.new {|p,t| notify_activity(t)}
   acts_as_accessor
  
-  scope :members_of, -> resources {
+  scope :members_of, lambda { |resources, field = ''|
     resources = Array(resources)
+    joins = [:role_assignments]
+    joins << :user if User.attribute_names.include? field
+
     conditions = resources.map {|resource| "role_assignments.resource_type = '#{resource.class.base_class.name}' AND role_assignments.resource_id = #{resource.id || -1}"}.join(' OR ')
-    select('DISTINCT profiles.*').joins(:role_assignments).where([conditions])
+    distinct.select('profiles.*').joins(joins).where([conditions])
   }
  
   scope :not_members_of, -> resources {
     resources = Array(resources)
     conditions = resources.map {|resource| "role_assignments.resource_type = '#{resource.class.base_class.name}' AND role_assignments.resource_id = #{resource.id || -1}"}.join(' OR ')
-    select('DISTINCT profiles.*').where('"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "role_assignments" ON "role_assignments"."accessor_id" = "profiles"."id" AND "role_assignments"."accessor_type" = (Profile) WHERE "profiles"."type" IN (Person) AND (%s))' % conditions)
+    distinct.select('profiles.*').where('"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "role_assignments" ON "role_assignments"."accessor_id" = "profiles"."id" AND "role_assignments"."accessor_type" = (Profile) WHERE "profiles"."type" IN (Person) AND (%s))' % conditions)
   }
  
   scope :by_role, -> roles {
     roles = Array(roles)
-    select('DISTINCT profiles.*').joins(:role_assignments).where('role_assignments.role_id IN (?)', roles)
+    distinct.select('profiles.*').joins(:role_assignments).where('role_assignments.role_id IN (?)', roles)
   }
  
   scope :not_friends_of, -> resources {
     resources = Array(resources)
-    select('DISTINCT profiles.*').where('"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id))
+    distinct.select('profiles.*').where('"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id))
   }
  
   scope :visible_for_person, lambda { |person|
@@ -51,8 +51,7 @@ class Person &lt; Profile
       ['( roles.key = ? AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR (
         ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )', 'environment_administrator', Profile.name, person.id, person.id,  true, true]
     ).uniq
-  }
-
+    }
  
   def has_permission_with_admin?(permission, resource)
     return true if resource.blank? || resource.admins.include?(self)
@@ -90,7 +89,8 @@ class Person &lt; Profile
   has_many :article_followers, :dependent => :destroy
   has_many :following_articles, :class_name => 'Article', :through => :article_followers, :source => :article
   has_many :comments, :foreign_key => :author_id
-
+  has_many :article_followers, :dependent => :destroy
+  has_many :following_articles, :class_name => 'Article', :through => :article_followers, :source => :article
   has_many :friendships, :dependent => :destroy
   has_many :friends, :class_name => 'Person', :through => :friendships
  
@@ -123,10 +123,10 @@ class Person &lt; Profile
   scope :more_popular, -> { order 'friends_count DESC' }
  
   scope :abusers, -> {
-    joins(:abuse_complaints).where('tasks.status = 3').select('DISTINCT profiles.*')
+    joins(:abuse_complaints).where('tasks.status = 3').distinct.select('profiles.*')
   }
   scope :non_abusers, -> {
-    select("DISTINCT profiles.*").
+    distinct.select("profiles.*").
     joins("LEFT JOIN tasks ON profiles.id = tasks.requestor_id AND tasks.type='AbuseComplaint'").
     where("tasks.status != 3 OR tasks.id is NULL")
   }
@@ -135,6 +135,11 @@ class Person &lt; Profile
   scope :activated, -> { joins(:user).where('users.activation_code IS NULL AND users.activated_at IS NOT NULL') }
   scope :deactivated, -> { joins(:user).where('NOT (users.activation_code IS NULL AND users.activated_at IS NOT NULL)') }
  
+  scope :with_role, -> role_id {
+    distinct.joins(:role_assignments).
+    where("role_assignments.role_id = #{role_id}")
+  }
+
   after_destroy do |person|
     Friendship.where(friend_id: person.id).each{ |friendship| friendship.destroy }
   end
@@ -78,6 +78,9 @@ class Profile &lt; ActiveRecord::Base
     def self.organization_member_roles(env_id)
       all_roles(env_id).select{ |r| r.key.match(/^profile_/) unless r.key.blank? || !r.profile_id.nil?}
     end
+    def self.organization_custom_roles(env_id, profile_id)
+      all_roles(env_id).where('profile_id = ?', profile_id)
+    end
     def self.all_roles(env_id)
       Role.where(environment_id: env_id)
     end
@@ -119,7 +122,7 @@ class Profile &lt; ActiveRecord::Base
   include Noosfero::Plugin::HotSpot
  
   scope :memberships_of, -> person {
-    select('DISTINCT profiles.*').
+    distinct.select('profiles.*').
     joins(:role_assignments).
     where('role_assignments.accessor_type = ? AND role_assignments.accessor_id = ?', person.class.base_class.name, person.id)
   }
@@ -185,15 +188,23 @@ class Profile &lt; ActiveRecord::Base
  
   include TimeScopes
  
-  def members
+  def members(by_field = '')
     scopes = plugins.dispatch_scopes(:organization_members, self)
-    scopes << Person.members_of(self)
+    scopes << Person.members_of(self,by_field)
     return scopes.first if scopes.size == 1
     ScopeTool.union *scopes
   end
  
-  def members_by_name
-    members.order('profiles.name')
+  def members_by(field,value = nil)
+    if value and !value.blank?
+      members_like(field,value).order('profiles.name')
+    else
+      members.order('profiles.name')
+    end
+  end
+
+  def members_like(field,value)
+    members(field).where("LOWER(#{field}) LIKE ?", "%#{value.downcase}%") if value
   end
  
   class << self
@@ -781,13 +792,13 @@ private :generate_url, :url_options
   end
  
   # Adds a person as member of this Profile.
-  def add_member(person)
+  def add_member(person, attributes={})
     if self.has_members?
       if self.closed? && members.count > 0
         AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
       else
-        self.affiliate(person, Profile::Roles.admin(environment.id)) if members.count == 0
-        self.affiliate(person, Profile::Roles.member(environment.id))
+        self.affiliate(person, Profile::Roles.admin(environment.id), attributes) if members.count == 0
+        self.affiliate(person, Profile::Roles.member(environment.id), attributes)
       end
       person.tasks.pending.of("InviteMember").select { |t| t.data[:community_id] == self.id }.each { |invite| invite.cancel }
       remove_from_suggestion_list person
@@ -1164,6 +1175,10 @@ private :generate_url, :url_options
     end
   end
  
+  def can_view_field? current_person, field
+    display_private_info_to?(current_person) || (public_fields.include?(field) && public?)
+  end
+
   validates_inclusion_of :redirection_after_login, :in => Environment.login_redirection_options.keys, :allow_nil => true
   def preferred_login_redirection
     redirection_after_login.blank? ? environment.redirection_after_login : redirection_after_login
@@ -19,4 +19,9 @@ class RawHTMLBlock &lt; Block
   def has_macro?
     true
   end
+
+  def editable?(user)
+    user.has_permission?('edit_raw_html_block', environment)
+  end
+
 end
@@ -65,6 +65,10 @@ class RssFeed &lt; Article
     'text/xml'
   end
  
+  def download?(view = nil)
+    true
+  end
+
   include Rails.application.routes.url_helpers
   def fetch_articles
     if parent && parent.has_posts?
@@ -2,6 +2,9 @@
 #
 # Limitation: only file metadata are versioned. Only the latest version
 # of the file itself is kept. (FIXME?)
+
+require 'sdbm'
+
 class UploadedFile < Article
  
   attr_accessible :uploaded_data, :title
@@ -10,6 +13,19 @@ class UploadedFile &lt; Article
     _('File')
   end
  
+  DBM_PRIVATE_FILE = 'cache/private_files'
+  after_save do |uploaded_file|
+    if uploaded_file.published_changed?
+      dbm = SDBM.open(DBM_PRIVATE_FILE)
+      if uploaded_file.published
+        dbm.delete(uploaded_file.public_filename)
+      else
+        dbm.store(uploaded_file.public_filename, uploaded_file.full_path)
+      end
+      dbm.close
+    end
+  end
+
   track_actions :upload_image, :after_create, :keep_params => ["view_url", "thumbnail_path", "parent.url", "parent.name"], :if => Proc.new { |a| a.published? && a.image? && !a.parent.nil? && a.parent.gallery? }, :custom_target => :parent
  
   def title
@@ -106,10 +122,13 @@ class UploadedFile &lt; Article
     self.name ||= self.filename
   end
  
-  def download_headers
-    {
-      'Content-Disposition' => "attachment; filename=\"#{self.filename}\"",
-    }
+  def download_disposition
+    case content_type
+    when 'application/pdf'
+      'inline'
+    else
+      'attachment'
+    end
   end
  
   def data
@@ -5,7 +5,7 @@
 <%= form_tag({:action => 'forgot_password'}, :method => 'post', :id => 'forgot-password-form') do %>
   <%= labelled_form_field fields_label, text_field_tag(:value) %>
  
-  <h3><%= _('Please type the two words below') %></h3>
+  <h3><%= _('Please type the captcha text below') %></h3>
   <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %>
  
   <div>
@@ -11,7 +11,7 @@
 </p>
  
 <p>
-<%= link_to_homepage(_('My home page.')) %>
+<%= link_to_homepage(_('My home page.'), user) %>
 <%= _('See your homepage.') %>
 </p>
  
@@ -3,7 +3,7 @@
   <div class='highlights-border'>
     <div class='highlights-container'>
       <% block.featured_images.each do |img| %>
-        <a href="<%= img[:address] %>" title="<%= img[:title] %>" class="highlights-image-link">
+        <a href="<%= img[:address] %>" <%= 'target="_blank"' if img[:new_window] %> title="<%= img[:title] %>" class="highlights-image-link">
           <%= image_tag [Noosfero.root, img[:image_src]].join, alt: img[:title] %>
           <p class="highlights-label"><%= img[:title] %></p>
         </a>
@@ -3,7 +3,7 @@
 <strong><%= _('Highlights') %></strong>
  
 <table class="noborder"><tbody id="highlights-data-table">
-  <tr><th><%= _('Image') %></th><th><%= _('Address') %></th><th><%= _('Position') %></th></tr>
+  <tr><th><%= _('Image') %></th><th><%= _('Address') %></th><th><%= _('Position') %></th><th><%= _('New Window') %></th></tr>
   <% @block.images.each_with_index do |image, index| %>
     <%= highlights_block_config_image_fields @block, image, index %>
   <% end %>
 <p>
 <em>
-  <%= _('Drag images to add them to the text.') %>
-  <%= _('Click on file names to add links to the text.') %>
+  <%= _('Drag images to add them to the text or click on file names to add links to the text.') %>
 </em>
 </p>
@@ -17,8 +17,8 @@
                 :parent_id, profile, default_folder, {}, {},
                 "type='Folder' or type='Gallery'"
           ) %>
+          <%= button(:newfolder, _('New folder'), '#', :id => 'new-folder-button') %>
         </div>
-        <%= button(:newfolder, _('New folder'), '#', :id => 'new-folder-button') %>
         <p><%= file_field_tag('file', :multiple => true) %></p>
       <% end %>
     </div>
@@ -31,7 +31,7 @@
   <div id='published-media' class='text-editor-sidebar-box' data-url='<%= url_for({:controller => 'cms', :action => 'published_media_items', :profile => profile.identifier}) %>'>
     <%= select_profile_folder(nil, :parent_id, profile, 'recent-media', {}, {},
         "type='Folder' or type='Gallery'", {:root_label => _('Recent media')}) %>
-    <%= labelled_form_field _('Search'), text_field_tag('q') %>
+    <%= labelled_form_field _('Search among your uploaded files'), text_field_tag('q', '', placeholder: _('Write words about the file you are looking for')) %>
     <%= render :partial => 'drag_and_drop_note' %>
     <div class='items'>
       <%= render :partial => 'published_media_items' %>
@@ -77,6 +77,10 @@ function check_captcha(button, confirm_action) {
   <%= labelled_form_field(_('Title'), f.text_field(:title)) %>
   <%= required labelled_form_field(_('Enter your comment'), f.text_area(:body, :rows => 5)) %>
  
+  <% if logged_in? %>
+    <%= labelled_form_field check_box(:comment, :follow_article, {}, true, false) + _('Follow this article'), '' %>
+  <% end%>
+
   <%= hidden_field_tag(:confirm, 'false') %>
   <%= hidden_field_tag(:view, params[:view])%>
   <%= f.hidden_field(:reply_of_id) %>
@@ -0,0 +1,4 @@
+<% if @comments.present? %>
+  <%= render :partial => 'comment/comment', :collection => @comments %>
+  <%= pagination_links @comments, :param_name => 'comment_page', :params => { :comment_order => @comment_order } %>
+<% end %>
@@ -57,6 +57,8 @@
       <%= button plugin_button[:icon], plugin_button[:title], plugin_button[:url], plugin_button[:html_options] %>
     <% end %>
  
+    <%= following_button @page, user %>
+
     <%= report_abuse(profile, :link, @page) %>
  
   </div>
@@ -10,6 +10,24 @@
     <%= (" - %s") % link_to_comments(@page)%>
   </span>
 <% end %>
+
+<span class="followers-count">
+|
+<% if @page.event? %>
+  <% if @page.person_followers.size > 0 %>
+    <%= _("%s will attend this event.") % [ pluralize(@page.person_followers.size, _("person"))]%>
+  <% else %>
+    <%= _("No one attending this event yet.") %>
+  <% end %>
+<% else %>
+  <% if @page.person_followers.size > 0 %>
+    <%= _("%s following this article.") % [ pluralize(@page.person_followers.size, _("person"))]%>
+  <% else %>
+    <%= _("No one following this article yet.") %>
+  <% end %>
+<% end %>
+</span>
+
 </span>
  
 <% if @page.display_hits? || @page.license.present? %>
@@ -81,7 +81,7 @@
     <ul class="article-comments-list">
       <% if @comments.present? %>
         <%= render :partial => 'comment/comment', :collection => @comments %>
-        <%= pagination_links @comments, :param_name => 'comment_page' %>
+        <%= pagination_links @comments, :param_name => 'comment_page', :params => { :comment_order => @comment_order } %>
       <% end %>
     </ul>
  
@@ -2,4 +2,4 @@
   <%= generic.abstract %>
 </div>
  
-<%= button(:download, _('Download'), [Noosfero.root, generic.public_filename].join, class:'download-link', option:'primary', size:'lg') %>
+<%= button(:download, _('Download'), generic.url, class:'download-link', option:'primary', size:'lg', :target => "_blank") %>
@@ -9,7 +9,8 @@
 </div>
 <ul class="profile-list-<%= role %>" >
   <% users.each do |u| %>
-    <%= profile_image_link(u, :thumb) %>
+    <% extra_info = u.member_since_date(profile) == Date.today ? {:value =>_('New'), :class => 'new-profile'}:'' %>
+    <%= profile_image_link(u, :thumb, 'li', extra_info) %>
   <% end %>
 </ul>
  
@@ -19,7 +19,6 @@
                      :id => "members-tab",
                      :content => div_members
                      } %>
-
     <% div_admins = content_tag :div, :class => "profile-admins" do
       render :partial => 'profile_members_list',
                             :locals => {
@@ -10,6 +10,9 @@
   </div>
 <% end %>
  
+  <% to = @mailing.data[:members_filtered].present? ? @mailing.recipients.map{|r| r.name}.join(', ') : _('All members')%>
+  <%= labelled_form_field(_('To:'), text_area(:data, 'members_filtered', :value => to, :rows => 4, :disabled => 'disabled', :class => 'send-mail-recipients'))  %>
+
 <%= form_for :mailing, :url => {:action => 'send_mail'}, :html => {:id => 'mailing-form'} do |f| %>
  
   <%= labelled_form_field(_('Subject:'), f.text_field(:subject)) %>
@@ -5,7 +5,7 @@
     <%= button :person, _('Invite people to join'), :controller => 'invite', :action => 'invite_friends' %>
   <% end %>
   <% if profile.community? and user.has_permission?(:send_mail_to_members, profile) %>
-    <%= button :send, _('Send e-mail to members'), :controller => 'profile', :action => 'send_mail' %>
+    <%= submit_button(:send, _('Send e-mail to members')) %>
   <% end %>
   <% @plugins.dispatch(:manage_members_extra_buttons).each do |plugin_button| %>
     <%= button plugin_button[:icon], plugin_button[:title], plugin_button[:url] %>
@@ -0,0 +1,18 @@
+<%= form_tag '#', :method => 'post' do %>
+
+    <%= field_set_tag _('Filter'), :class => 'filter_fields' do %>
+        <p>
+          <%= labelled_text_field(_('Name or Email')+': ', "filters[name]", @filters[:name], {:id => 'filter-name-autocomplete',:size => 30}) %>
+        </p>
+
+        <p><%= _('Roles:') %> </p>
+        <% @data[:roles].each do |r| %>
+          <%= labelled_check_box(r.name, 'filters[roles][]', r.id, @filters[:roles].include?(r.id.to_s), :add_hidden => false) %><br/>
+        <% end %>
+        <p>
+          <%= submit_button(:search, _('Search')) %>
+        </p>
+    <% end %>
+<% end %>
+
+<%= javascript_include_tag params[:controller] %>
 \ No newline at end of file
-<% collection = @collection == :profile_admins ? profile.admins : profile.members_by_name %>
+<% members = @data ? @data[:members] : profile.members_by('name') %>
+<% collection = @collection == :profile_admins ? profile.admins : members %>
 <% title = @title ? @title : _('Current members') %>
 <% remove_action = @remove_action ? @remove_action : {:action => 'unassociate'} %>
+<%= javascript_include_tag params[:controller] %>
  
 <h3><%= title %></h3>
  
 <table>
+  <col width="1">
   <tr>
+    <th><%= check_box_tag 'checkbox-all', 1, false, :onClick => "toggle(this)"  %></th>
     <th><%= _('Member') %></th>
     <th><%= _('Actions') %></th>
   </tr>
+
   <% collection.each do |m| %>
     <tr title="<%= m.name %>">
+      <td><%= labelled_check_box('', 'members_filtered[]', m.id.to_s, false, :id => 'checkbox-'+m.identifier) %></td>
       <td><%= link_to_profile m.short_name, m.identifier, :title => m.name %> </td>
       <td>
         <div class="members-buttons-cell">
@@ -27,3 +33,8 @@
     </tr>
   <% end %>
 </table>
+<% if collection.empty? %>
+  <p>
+    <em><%= _('No members found to: %s') % profile.name %></em>
+  </p>
+<% end %>
 <h1><%= h profile.short_name(50) %></h1>
  
-<%= render :partial => 'index_buttons' %>
+<%= render :partial => 'members_filter' %>
  
-<div id="members-list">
-  <%= render :partial => 'members_list' %>
-</div>
+<%= form_tag 'profile_members/send_mail', :method => 'post' do %>
+  <div id="members-list">
+    <%= render :partial => 'members_list' %>
+  </div>
  
-<%= render :partial => 'index_buttons' %>
+  <%= render :partial => 'index_buttons' %>
+
+<% end %>
@@ -5,7 +5,7 @@
 <ul>
   <% for validator in @region.validators %>
     <li>
-    <%= link_to_homepage validator.name, validator.identifier %>
+    <%= link_to_homepage validator.name, validator %>
     <%= link_to _('Remove validation rights'), { :action => 'remove', :id => @region.id, :validator_id => validator }, :method => 'post' %>
     </li>
   <% end %>
@@ -5,7 +5,7 @@
         @order == 'more_recent' ? enterprise.send(@order + '_label') + show_date(enterprise.created_at) : enterprise.send(@order + '_label') %>
     </div>
     <div class="search-enterprise-item-column-right">
-      <%= link_to_homepage(enterprise.name, enterprise.identifier, :class => "search-result-title") %>
+      <%= link_to_homepage enterprise.name, enterprise, class: "search-result-title" %>
       <div class="search-enterprise-description">
         <% if enterprise.description %>
           <% body_stripped = strip_tags(enterprise.description) %>
@@ -44,7 +44,7 @@
   <div class="search-product-item-second-column">
     <%= link_to_product product, :class => 'search-result-title' %>
     <div class="search-product-supplier">
-      <span class="search-field-label"><%= _('Supplier') %>  </span><%= link_to_homepage(product.enterprise.name, product.enterprise.identifier) %>
+      <span class="search-field-label"><%= _('Supplier') %>  </span><%= link_to_homepage product.enterprise.name, product.enterprise %>
     </div>
     <div class="search-product-description">
       <% if product.description %>
@@ -26,7 +26,7 @@
     <% end %>
   <% elsif image.is_a? Gallery %>
     <div class="search-gallery-items">
-      <% r = image.children.order(:updated_at).where('type = ?', 'UploadedFile').last(3) %>
+      <% r = image.children.latest.images.limit(3) %>
       <% if r.length > 0 %>
         <% r.each_index do |i| img = r[i] %>
           <%= link_to '', img.view_url, :class => "search-image-pic pic-num#{i+1}",
@@ -47,6 +47,8 @@
     <% else %>
       <div class="search-no-image"><span><%= _('No image') %></span></div>
     <% end %>
+  <% elsif image.first_image.present? %>
+    <img src="<%= image.first_image %>" class="automatic-abstract-thumb search-image-pic">
   <% else %>
     <div class="search-content-type-icon icon-content-<%=image.class.to_s.underscore.dasherize%>"></div>
   <% end %>
 <%= _('Hi, %{recipient}!') % { :recipient => @recipient } %>
  
-<%= word_wrap(_('Welcome to %{environment}! To activate your account, follow the link: %{activation_url}') % { :environment => @environment.name, :activation_url => @url + url_for(:controller => :account, :action => :activate, :activation_code => @activation_code, :redirection => @redirection, :join => @join) }) %>
+<%= word_wrap(_('Welcome to %{environment}! To activate your account, follow the link: %{activation_url}') % { :environment => @environment.name, :activation_url => url_for(:controller => :account, :action => :activate, :activation_code => @activation_code, :redirection => @redirection, :join => @join) }) %>
  
 <%= _("Greetings,") %>
  
 --
 <%= _('%s team.') % @environment.name %>
-<%= url_for @url %>
+<%= @url %>
@@ -0,0 +1,17 @@
+class AddEditRawHtmlBlockToAdminRole < ActiveRecord::Migration
+  def self.up
+    Environment.all.map(&:id).each do |id|
+      role = Environment::Roles.admin(id)
+      role.permissions << 'edit_raw_html_block'
+      role.save!
+    end
+  end
+
+  def self.down
+    Environment.all.map(&:id).each do |id|
+      role = Environment::Roles.admin(id)
+      role.permissions -= ['edit_raw_html_block']
+      role.save!
+    end
+  end
+end
@@ -0,0 +1,13 @@
+class CreateArticleFollowers < ActiveRecord::Migration
+  def self.up
+    execute("CREATE TABLE article_followers AS (SELECT profiles.id AS person_id, t.id AS article_id, clock_timestamp() AS since FROM (SELECT articles.id, regexp_split_to_table(replace(replace(substring(articles.setting FROM ':followers:[^:]*'), ':followers:', ''), '- ', ''), '\n') AS follower FROM articles) t INNER JOIN users ON users.email = follower INNER JOIN profiles ON users.id = profiles.user_id WHERE follower != '');")
+    add_timestamps :article_followers
+    add_index :article_followers, :person_id
+    add_index :article_followers, :article_id
+    add_index :article_followers, [:person_id, :article_id], :unique => true
+  end
+
+  def self.down
+    drop_table :article_followers
+  end
+end
@@ -0,0 +1,10 @@
+class AddFollowersCountToArticle < ActiveRecord::Migration
+  def self.up
+    add_column :articles, :followers_count, :integer, :default => 0
+    execute "update articles set followers_count = (select count(*) from article_followers where article_followers.article_id = articles.id)"
+  end
+
+  def self.down
+    remove_column :articles, :followers_count
+  end
+end
@@ -0,0 +1,5 @@
+class AddTimestampsToRoleAssignments < ActiveRecord::Migration
+  def change
+    add_timestamps :role_assignments
+  end
+end
@@ -0,0 +1,5 @@
+class AddDataToMailing < ActiveRecord::Migration
+  def change
+    add_column :mailings, :data, :text
+  end
+end
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
  
-ActiveRecord::Schema.define(version: 20151221105330) do
+ActiveRecord::Schema.define(version: 20160224132937) do
  
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -88,9 +88,9 @@ ActiveRecord::Schema.define(version: 20151221105330) do
     t.integer "profile_id"
   end
  
-  create_table "article_followers", force: :cascade do |t|
-    t.integer  "person_id",  null: false
-    t.integer  "article_id", null: false
+  create_table "article_followers", id: false, force: :cascade do |t|
+    t.integer  "person_id"
+    t.integer  "article_id"
     t.datetime "since"
     t.datetime "created_at"
     t.datetime "updated_at"
@@ -699,6 +699,7 @@ ActiveRecord::Schema.define(version: 20151221105330) do
     t.string   "locale"
     t.datetime "created_at"
     t.datetime "updated_at"
+    t.text     "data"
   end
  
   create_table "mark_comment_as_read_plugin", force: :cascade do |t|
@@ -1071,12 +1072,14 @@ ActiveRecord::Schema.define(version: 20151221105330) do
   end
  
   create_table "role_assignments", force: :cascade do |t|
-    t.integer "accessor_id",   null: false
-    t.string  "accessor_type"
-    t.integer "resource_id"
-    t.string  "resource_type"
-    t.integer "role_id",       null: false
-    t.boolean "is_global"
+    t.integer  "accessor_id",   null: false
+    t.string   "accessor_type"
+    t.integer  "resource_id"
+    t.string   "resource_type"
+    t.integer  "role_id",       null: false
+    t.boolean  "is_global"
+    t.datetime "created_at"
+    t.datetime "updated_at"
   end
  
   create_table "roles", force: :cascade do |t|
@@ -8,6 +8,19 @@ DocumentRoot &quot;/usr/share/noosfero/public&quot;
  
 RewriteEngine On
  
+# If your XMPP XMPP/BOSH isn't in localhost, change the config below to correct
+# point to address
+RewriteRule /http-bind http://localhost:5280/http-bind [P,QSA,L]
+<Proxy http://localhost:5280/http-bind>
+  Order Allow,Deny
+  Allow from All
+</Proxy>
+
+# Pass access to private files to backend
+RewriteMap private_files "dbm=sdbm:/usr/share/noosfero/cache/private_files"
+RewriteCond ${private_files:$1|NOT_FOUND} !NOT_FOUND
+RewriteRule ^(/articles/.*) ${private_files:$1} [P,QSA,L]
+
 # Rewrite index to check for static index.html
 RewriteRule ^/$ /index.html [QSA]
  
+noosfero (1.4) jessie-test; urgency=medium
+
+  * Noosfero 1.4
+
+ -- Antonio Terceiro <terceiro@colivre.coop.br>  Thu, 18 Feb 2016 16:20:23 -0200
+
 noosfero (1.4~rc3) jessie-test; urgency=medium
  
   * Noosfero 1.4 RC3
@@ -5,8 +5,6 @@ set -e
 # dbconfig-common uses "pgsql", but we want "postgresql"
 sed -i -e 's/adapter: pgsql/adapter: postgresql/' /etc/noosfero/database.yml
  
-/etc/init.d/noosfero setup
-
 cd /usr/share/noosfero && su noosfero -c "rake db:schema:load RAILS_ENV=production"
 cd /usr/share/noosfero && su noosfero -c "rake db:migrate RAILS_ENV=production SCHEMA=/dev/null"
 cd /usr/share/noosfero && su noosfero -c "rake db:data:minimal RAILS_ENV=production"
@@ -2,7 +2,5 @@
  
 set -e
  
-/etc/init.d/noosfero setup
-
 cd /usr/share/noosfero && su noosfero -c "rake db:migrate RAILS_ENV=production SCHEMA=/dev/null"
  
 var/tmp/noosfero                                    usr/share/noosfero/tmp
 var/log/noosfero                                    usr/share/noosfero/log
+var/cache/noosfero                                  usr/share/noosfero/cache
 etc/noosfero/database.yml                           usr/share/noosfero/config/database.yml
 etc/noosfero/unicorn.rb                             usr/share/noosfero/config/unicorn.rb
 etc/noosfero/plugins                                usr/share/noosfero/config/plugins
@@ -68,10 +68,17 @@ if [ ! -z &quot;$RET&quot; ]; then
   export NOOSFERO_DOMAIN="$RET"
 fi
  
+/etc/init.d/noosfero setup
+
 # dbconfig-common magic
 . /usr/share/dbconfig-common/dpkg/postinst
 dbc_go noosfero $@
  
+if [ ! -f /usr/share/noosfero/cache/private_files.pag ] && [ $1 = "configure" ] && [ -n  $2 ]; then
+  echo "Creating private files dbm map..."
+  cd /usr/share/noosfero && su noosfero -c "rake cache:private_files RAILS_ENV=production"
+fi
+
 # stop debconf to avoid the problem with infinite hanging, cfe
 # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295477
 db_stop
@@ -17,13 +17,13 @@ if test -x /usr/share/noosfero/script/apacheconf; then
   if ! test -e "$apache_site"; then
     echo "Generating apache virtual host ..."
     cd /usr/share/noosfero && su noosfero -c "RAILS_ENV=production ./script/apacheconf virtualhosts" > "$apache_site"
-  else
-    pattern="Include \/etc\/noosfero\/apache\/virtualhost.conf"
-    include="Include \/usr\/share\/noosfero\/util\/chat\/apache\/xmpp.conf"
-    if ! cat $apache_site | grep "^ *$include" > /dev/null ; then
-      echo "Updating apache virtual host ..."
-      sed -i "s/.*$pattern.*/  $include\n&/" $apache_site
-    fi
+  fi
+
+  # remove old way to include chat config
+  pattern="Include \/usr\/share\/noosfero\/util\/chat\/apache\/xmpp.conf"
+  if cat $apache_site | grep "^ *$pattern" > /dev/null ; then
+    echo "Removing obsolete chat configuration ..."
+    sed -i "/.*$pattern.*/d" $apache_site
   fi
  
   echo 'Noosfero Apache configuration updated.'
@@ -86,6 +86,13 @@ do_setup() {
     chmod 750 /var/tmp/noosfero
   fi
  
+  # Noosfero cache directory
+  if [ ! -d /var/cache/noosfero ]; then
+    mkdir /var/cache/noosfero
+    chown $NOOSFERO_USER:root /var/cache/noosfero
+    chmod 755 /var/cache/noosfero
+  fi
+
   # symlink the directories into Noosfero directory
   if [ ! -e $NOOSFERO_DIR/tmp ]; then
     ln -s /var/tmp/noosfero $NOOSFERO_DIR/tmp
@@ -96,6 +103,9 @@ do_setup() {
   if [ ! -e $NOOSFERO_DIR/log ]; then
     ln -s /var/log/noosfero $NOOSFERO_DIR/log
   fi
+  if [ ! -e $NOOSFERO_DIR/cache ]; then
+    ln -s /var/cache/noosfero $NOOSFERO_DIR/cache
+  fi
 }
  
 do_start() {
@@ -45,7 +45,7 @@ Feature: manage categories
     And I should see "Steak"
     When I follow "Hide"
     Then I should not see "Vegetarian"
-    And "Steak" should not be visible within "div"
+    And I should not see "Steak"
  
   @selenium
   Scenario: the show link is available just for categories with category tree
@@ -44,6 +44,7 @@ Feature: categories_block
     And I follow "Edit" within ".block-outer .categories-block"
     And I check "Product"
     And I press "Save"
+    And I go to /
     Then I should see "Food"
     And I should see "Book"
     And "Vegetarian" should not be visible within "span#category-name"
@@ -62,6 +63,7 @@ Feature: categories_block
     And I follow "Edit" within ".block-outer .categories-block"
     And I check "Product"
     And I press "Save"
+    And I go to /
     Then I should see "Book"
     And "Literature" should not be visible within "span#category-name"
     When I follow "block_2_category_2"
@@ -96,4 +96,4 @@ Feature: comment
   Scenario: hide post a comment button when clicked
     Given I am on /booking/article-to-comment
     And I follow "Post a comment"
-    Then "Post a comment" should not be visible within "#article"
+    Then "Post comment" should not be visible within "#article"
@@ -27,5 +27,7 @@ Feature: manage categories
     Then I should not see "Beans"
     And I should not see "Potatoes"
     When I follow "Show"
+    And I wait 0.5 seconds for Services show animation to finish
+    And I follow "Show"
     Then I should see "Beans"
     And I should see "Potatoes"
@@ -15,7 +15,7 @@ Background:
   Scenario: deactive user
     Given I follow "Deactivate user" within "tr[title='Joao Silva']"
     When I confirm the browser dialog
-    Then the "tr[title='Joao Silva'] td.actions a.icon-activate-user" button should be enabled
+    Then the field "tr[title='Joao Silva'] td.actions a.icon-activate-user" should be enabled
  
   @selenium
   Scenario: activate user
@@ -23,7 +23,7 @@ Background:
     And I confirm the browser dialog
     And I follow "Activate user" within "tr[title='Paulo Santos']"
     When I confirm the browser dialog
-    Then the "tr[title='Paulo Santos'] td.actions a.icon-deactivate-user" button should be enabled
+    Then the field "tr[title='Paulo Santos'] td.actions a.icon-deactivate-user" should be enabled
  
   @selenium
   Scenario: remove user
@@ -36,7 +36,7 @@ Background:
   Scenario: admin user
     Given I follow "Set admin role" within "tr[title='Joao Silva']"
     When I confirm the browser dialog
-    Then the "tr[title='Joao Silva'] td.actions a.icon-reset-admin-role" button should be enabled
+    Then the field "tr[title='Joao Silva'] td.actions a.icon-reset-admin-role" should be enabled
  
   @selenium
   Scenario: unadmin user
@@ -44,4 +44,4 @@ Background:
     And I confirm the browser dialog
     And I follow "Reset admin role" within "tr[title='Paulo Santos']"
     When I confirm the browser dialog
-    Then the "tr[title='Paulo Santos'] td.actions a.icon-set-admin-role" button should be enabled
+    Then the field "tr[title='Paulo Santos'] td.actions a.icon-set-admin-role" should be enabled
@@ -17,6 +17,7 @@ Feature: Use a secret community
     And I check "Secret"
     And I press "Save"
     And I follow "Logout"
+    And I go to /account/login
  
   @selenium
   Scenario: Hide privacity options when secret is checked
@@ -31,7 +31,8 @@ Feature: send emails to organization members
   Scenario: Send e-mail to members
     Given I am logged in as "joaosilva"
     And I go to Sample Community's members management
-    And I follow "Send e-mail to members"
+    And I check "checkbox-manoel"
+    And I press "Send e-mail to members"
     And I fill in "Subject" with "Hello, member!"
     And I fill in "Body" with "We have some news"
     When I press "Send"
@@ -40,7 +41,8 @@ Feature: send emails to organization members
   Scenario: Not send e-mail to members if subject is blank
     Given I am logged in as "joaosilva"
     And I go to Sample Community's members management
-    And I follow "Send e-mail to members"
+    And I check "checkbox-manoel"
+    And I press "Send e-mail to members"
     And I fill in "Body" with "We have some news"
     When I press "Send"
     Then I should be on /profile/sample-community/send_mail
@@ -48,7 +50,8 @@ Feature: send emails to organization members
   Scenario: Not send e-mail to members if body is blank
     Given I am logged in as "joaosilva"
     And I go to Sample Community's members management
-    And I follow "Send e-mail to members"
+    And I check "checkbox-manoel"
+    And I press "Send e-mail to members"
     And I fill in "Subject" with "Hello, user!"
     When I press "Send"
     Then I should be on /profile/sample-community/send_mail
@@ -56,7 +59,8 @@ Feature: send emails to organization members
   Scenario: Cancel creation of mailing
     Given I am logged in as "joaosilva"
     And I go to Sample Community's members management
-    And I follow "Send e-mail to members"
+    And I check "checkbox-manoel"
+    And I press "Send e-mail to members"
     When I follow "Cancel e-mail"
     Then I should be on Sample Community's members management
  
 Then /^"([^"]*)" should not be visible within "([^"]*)"$/ do |text, selector|
-  if page.has_content?(text)
-    page.should have_no_css(selector, :text => text, :visible => false)
-  end
+  page.should have_no_css selector, text: text, visible: false
 end
  
 Then /^"([^"]*)" should be visible within "([^"]*)"$/ do |text, selector|
-  if page.has_content?(text)
-    page.should have_css(selector, :text => text, :visible => false)
-  end
+  page.should have_css selector, text: text, visible: false
 end
  
 Then /^I should see "([^"]*)" link$/ do |text|
@@ -22,14 +18,14 @@ When /^I should see &quot;([^\&quot;]+)&quot; linking to &quot;([^\&quot;]+)&quot;$/ do |text, href|
   page.should have_xpath("//a[@href='#{href}']")
 end
  
-Then /^the "([^"]*)" button should be disabled$/ do |selector|
-  field = find(selector)
-  field['disabled'].should be_truthy
-end
+Then /^the field "([^"]*)" should be (enabled|disabled)$/ do |selector, status|
+  field = page.find(:css, selector)
  
-Then /^the "([^"]*)" button should be enabled$/ do |selector|
-  field = find(selector)
-  field['disabled'].should_not be_truthy
+  if status == 'enabled'
+    field.disabled?.should_not be_truthy
+  else
+    field.disabled?.should be_truthy
+  end
 end
  
 When /^I reload and wait for the page$/ do
@@ -7,7 +7,7 @@
  
 require 'uri'
 require 'cgi'
-require File.expand_path(File.join(File.dirname(__FILE__), "..", "support", "paths"))
+require_relative '../support/paths'
  
 module WithinHelpers
   def with_scope(locator)
@@ -39,37 +39,15 @@ end
  
 When /^(?:|I )follow "([^"]*)"(?: within "([^"]*)")?$/ do |link, selector|
   with_scope(selector) do
-    begin
-      click_link(link, :match => :prefer_exact)
-    rescue Selenium::WebDriver::Error::UnknownError => selenium_error
-      if selenium_error.message.start_with? 'Element is not clickable at point'
-        link = find_link(link)
-        href = link[:href]
-        onclick = link[:onClick]
-
-        warn "#{selenium_error.message}\n\n"\
-             "Trying to overcome this by:\n"
-
-        onclick_return = true
-
-        unless onclick.nil?
-          warn "\t* Running onClick JS:\n"\
-               "\t\t'#{onclick}'\n"
-          onclick_return = page.execute_script onclick
-        end
-
-        if onclick_return
-          warn "\t* Redirecting you to the link's href:\n"\
-               "\t\t'#{href}'\n"
-
-          visit href
-        end
-
-        warn "\nGood luck and be careful that this may produce hidden links to work on tests!\n"
-      else
-        raise selenium_error
-      end
+    link   = find :link_or_button, link, match: :prefer_exact
+    # If the link has child elements, then $(link).click() has no effect,
+    # so find the first child and click on it.
+    if Capybara.default_driver == :selenium
+      target = link.all('*').first || link
+    else
+      target = link
     end
+    target.click
   end
 end
  
@@ -21,3 +21,8 @@ Before do |scenario|
     puts "Can't find debugger or pry to debug"
   end
 end
+
+Then /^I open pry$/ do
+  require'pry';binding.pry
+end
+
@@ -65,5 +65,13 @@ Before do
   fixtures_folder = Rails.root.join('test', 'fixtures')
   fixtures = ['environments', 'roles']
   ActiveRecord::Fixtures.create_fixtures(fixtures_folder, fixtures)
+
+  # The same browser session is used across tests, so expire caching
+  # can create changes from scenario to another.
+  e=Environment.default
+  e.home_cache_in_minutes    = 0
+  e.general_cache_in_minutes = 0
+  e.profile_cache_in_minutes = 0
+  e.save
 end
  
@@ -22,6 +22,7 @@ public/thumbnails
 public/user_themes
 public/designs/themes/default
 public/designs/icons/default
+cache
  
 public/assets
 .sass-cache
@@ -52,8 +52,8 @@ class FilePresenter
     nil
   end
  
-  def download?(view=nil)
-    false
+  def download? view = nil
+    view.blank?
   end
  
   def short_description
@@ -165,6 +165,37 @@ module Noosfero
             end
           end
  
+          desc "Returns the total followers for the article" do
+            detail 'Get the followers of a specific article by id'
+            failure [[403, 'Forbidden']]
+            named 'ArticleFollowers'
+          end
+          get ':id/followers' do
+            article = find_article(environment.articles, params[:id])
+            total = article.person_followers.count
+            {:total_followers => total}
+          end
+
+          desc "Add a follower for the article" do
+            detail 'Add the current user identified by private token, like a follower of a article'
+            params Noosfero::API::Entities::UserLogin.documentation
+            failure [[401, 'Unauthorized']]
+            named 'ArticleFollow'
+          end
+          post ':id/follow' do
+            authenticate!
+            article = find_article(environment.articles, params[:id])
+            if article.article_followers.exists?(:person_id => current_person.id)
+              {:success => false, :already_follow => true}
+            else
+              article_follower = ArticleFollower.new
+              article_follower.article = article
+              article_follower.person = current_person
+              article_follower.save!
+              {:success => true}
+            end
+          end
+
           desc 'Return the children of a article identified by id' do
             detail 'Get all children articles of a specific article'
             params Noosfero::API::Entities::Article.documentation
 module Noosfero
   PROJECT = 'noosfero'
-  VERSION = '1.4~rc3'
+  VERSION = '1.4'
 end
  
 root = File.expand_path(File.dirname(__FILE__) + '/../..')
@@ -2,10 +2,10 @@ require_dependency &#39;models/vote&#39;
  
 class Vote
  
-  validates_uniqueness_of :voteable_id, :scope => [:voteable_type, :voter_type, :voter_id], :if => :allow_duplicated_vote?
+  validates_uniqueness_of :voteable_id, :scope => [:voteable_type, :voter_type, :voter_id], :unless => :allow_duplicate?
  
-  def allow_duplicated_vote?
-    voter.present?
+  def allow_duplicate?
+    voter.blank?
   end
  
   validate :verify_target_archived
@@ -0,0 +1,14 @@
+namespace :cache do
+  task :private_files => :environment do
+    require 'sdbm'
+
+    hash = {}
+    UploadedFile.where(:published => false).find_each do |uploaded_file|
+      hash[uploaded_file.public_filename] = uploaded_file.full_path
+    end
+
+    dbm = SDBM.open(UploadedFile::DBM_PRIVATE_FILE)
+    dbm.update(hash)
+    dbm.close
+  end
+end
 require_dependency 'profile'
  
-Profile.descendants.each do |subclass|
-  subclass.class_eval do
+class Profile
  
-    has_many :oauth_auths, foreign_key: :profile_id, class_name: 'OauthClientPlugin::Auth', dependent: :destroy
-    has_many :oauth_providers, through: :oauth_auths, source: :provider
+  has_many :oauth_auths, foreign_key: :profile_id, class_name: 'OauthClientPlugin::Auth', dependent: :destroy
+  has_many :oauth_providers, through: :oauth_auths, source: :provider
  
-  end
 end
@@ -33,4 +33,4 @@ Feature: rate_community
     Given I am on mycommunity's homepage
     When I follow "Rate this Community"
     Then I should see "Joao Silva" within ".star-profile-name"
-    And I should see Joao Silva's profile image
 \ No newline at end of file
+    And I should see Joao Silva's profile image
@@ -0,0 +1,23 @@
+Feature: vote_once_disable_cooldown
+  As a admin
+  I want to disable the cooldown time when vote once is enabled
+  Making it clearly that there is no cooldown when vote once is enabled
+
+  Background:
+    Given plugin "OrganizationRatings" is enabled on environment
+    And I am logged in as admin
+    And I go to /admin/plugins
+    And I check "Organization Ratings"
+    And I press "Save changes"
+
+  @selenium
+  Scenario: disable or enable the cooldown field when vote on is checked or unchecked
+    Given I follow "Administration"
+    And I follow "Plugins"
+    And I follow "Configuration"
+    And the field "#organization_ratings_config_cooldown" should be enabled
+    And I check "Vote once"
+    And the field "#organization_ratings_config_cooldown" should be disabled
+    And I uncheck "Vote once"
+    Then the field "#organization_ratings_config_cooldown" should be enabled
+
@@ -73,8 +73,8 @@ class OrganizationRatingsPlugin &lt; Noosfero::Plugin
  
   def js_files
     %w(
-      public/rate.js
-      public/organization_rating_management.js
+      rate.js
+      organization_rating_management.js
     )
   end
  
@@ -9,8 +9,8 @@
  
  
     cacheDom: function() {
-      this.$vote_once_checkbox = $("#environment_organization_ratings_vote_once");
-      this.$hours_timer_input = $("#environment_organization_ratings_cooldown");
+      this.$vote_once_checkbox = $("#organization_ratings_config_vote_once");
+      this.$hours_timer_input = $("#organization_ratings_config_cooldown");
     },
  
  
@@ -21,10 +21,22 @@
  
     verifyHoursTimerDisable: function() {
       if (this.$vote_once_checkbox.is(":checked")) {
-        this.$hours_timer_input.attr("disabled", "disabled");
+        //this.$hours_timer_input.attr("disabled", "disabled");
+        this.disableVoteOnce();
       } else {
-        this.$hours_timer_input.removeAttr("disabled");
+        //this.$hours_timer_input.removeAttr("disabled");
+        this.enableVoteOnce();
       }
+    },
+
+
+    enableVoteOnce: function() {
+      this.$hours_timer_input.removeAttr("disabled");
+    },
+
+
+    disableVoteOnce: function() {
+      this.$hours_timer_input.attr("disabled", "disabled");
     }
   }
  
@@ -14,11 +14,11 @@
 }
  
 .star-negative {
-  background-image: url('public/images/star-negative.png');
+  background-image: url('images/star-negative.png');
 }
  
 .star-positive {
-  background-image: url('public/images/star-positive.png');
+  background-image: url('images/star-positive.png');
 }
  
 .small-star-negative, .small-star-positive {
@@ -31,11 +31,11 @@
 }
  
 .small-star-negative {
-  background-image: url('public/images/small-star-negative.png');
+  background-image: url('images/small-star-negative.png');
 }
  
 .small-star-positive {
-  background-image: url('public/images/small-star-positive.png');
+  background-image: url('images/small-star-positive.png');
 }
  
 .medium-star-negative, .medium-star-positive {
@@ -48,11 +48,11 @@
 }
  
 .medium-star-positive {
-  background-image: url('public/images/star-positive-medium.png');
+  background-image: url('images/star-positive-medium.png');
 }
  
 .medium-star-negative {
-  background-image: url('public/images/star-negative-medium.png');
+  background-image: url('images/star-negative-medium.png');
 }
  
 .star-hide {
@@ -1,10 +0,0 @@
-require_dependency 'person'
-
-class Person
-
-  scope :with_role, -> role_id {
-    joins(:role_assignments).
-    where("role_assignments.role_id = #{role_id}")
-  }
-
-end
@@ -280,6 +280,21 @@ class MembersBlockTest &lt; ActionView::TestCase
     assert_includes block.roles, Profile::Roles.moderator(owner.environment.id)
   end
  
+  should 'count number of profiles by role' do
+    owner = fast_create(Community)
+    profile1 = fast_create(Person, {:public_profile => true})
+    profile2 = fast_create(Person, {:public_profile => true})
+
+    owner.add_member profile2
+    owner.add_moderator profile1
+
+    block = MembersBlock.new
+    block.visible_role = Profile::Roles.moderator(owner.environment.id).key
+    block.expects(:owner).returns(owner).at_least_once
+
+    assert_equivalent [profile1], block.profile_list
+  end
+
   protected
   include NoosferoTestHelper
  
@@ -25,7 +25,8 @@ class PgSearchPluginTest &lt; ActiveSupport::TestCase
     profile1 = fast_create(Profile, :identifier => 'profile1', :name => 'debugger')
     profile2 = fast_create(Profile, :identifier => 'profile2', :name => 'profile admin debugger')
     profile3 = fast_create(Profile, :identifier => 'profile3', :name => 'admin debugger')
-    assert_equal [profile2, profile3, profile1], search(Profile, 'profile admin deb')
+    profile4 = fast_create(Profile, :identifier => 'profile4', :name => 'simple user')
+    assert_equal [profile2, profile3, profile1, profile4], search(Profile, 'profile admin deb')
   end
  
   should 'locate profile escaping special characters' do
-class Person
+require_dependency 'person'
  
+class Person
   settings_items :site_tour_plugin_actions, :type => Array, :default => []
-
 end
@@ -15,6 +15,7 @@ class AccountControllerTest &lt; ActionController::TestCase
     t.date     "dtanas"
   end
   ActiveRecord::Base.establish_connection(:test)
+  StoaPlugin::UspUser.reset_column_information
  
   def setup
     @controller = AccountController.new
@@ -10,7 +10,7 @@
           <%= profile_image_link organization, :big, 'div' %>
         </div>
         <div class="related-organizations-item-column-right">
-          <%= link_to_homepage(organization.name, organization.identifier, :class => "search-result-title") %>
+          <%= link_to_homepage(organization.name, organization, :class => "search-result-title") %>
           <div class="related-organizations-description">
             <% if organization.description %>
               <% body_stripped = strip_tags(organization.description) %>
@@ -33,10 +33,14 @@ class VideoPlugin &lt; Noosfero::Plugin
   end
  
   def article_extra_toolbar_buttons(content)
-    if content.kind_of?(VideoPlugin::VideoGallery)
-      url = url_for(:action => 'new', :type=>'VideoPlugin::Video', :controller=>'cms', :parent_id => content.id)
-      {:title => _('New Video'), :url => url, :icon => 'button with-text icon-new'}
-    end
+    return [] if !content.kind_of?(VideoPlugin::VideoGallery)
+    {
+      :id=>"new-video-btn",
+      :class=>"button with-text icon-new",
+      :url=> {:action => 'new', :type=>'VideoPlugin::Video', :controller=>'cms', :parent_id => content.id},
+      :title=>_("New Video"),
+      :icon => :new
+    }
   end
  
 end
@@ -11,4 +11,4 @@
   <em><%= _('(empty video gallery)') %></em>
 <% else %>
   <%= list_videos(:contents=>video_gallery.children) %>
-<% end %>
 \ No newline at end of file
+<% end %>
@@ -48,3 +48,9 @@
   width: 80px;
 }
  
+.action-profile-send_mail .send-mail-recipients {
+  color: #888888;
+  padding: 10px;
+  width: 475px;
+  line-height: 15px;
+}
@@ -10,10 +10,9 @@ function send_order(order, url) {
   });
 }
  
-
 jQuery(document).ready(function(){
   jQuery("#comment_order").change(function(){
-    var url = jQuery("#page_url").val();
+    var url = window.location.href;
     send_order(this.value, url);
   });
-});
 \ No newline at end of file
+});
@@ -0,0 +1,25 @@
+(function($) {
+
+  //Autocomplete to list members
+  $('#filter-name-autocomplete').autocomplete({
+   minLength:2,
+   source:function(request,response){
+      $.ajax({
+        url:document.location.pathname+'/search_members',
+        dataType:'json',
+        data:{
+          filter_name:request.term
+        },
+        success:response
+      });
+   }
+  });
+})(jQuery);
+
+
+function toggle(source) {
+  checkboxes = document.getElementsByName('members_filtered[]');
+  for(var i=0, n=checkboxes.length;i<n;i++) {
+    checkboxes[i].checked = source.checked;
+  }
+}
@@ -207,3 +207,23 @@
   height: auto;
   font-size: 12px;
 }
+.action-profile-members .profile_link{
+	position: relative;
+}
+.action-profile-members .profile_link span.new-profile:last-child{
+	position: absolute;
+	top: 3px;
+	right: 2px;
+	text-transform: uppercase;
+	color: #FFF;
+	font-size: 9px;
+	background: #66CC33;
+	padding: 2px;
+	display: block;
+	width: 35px;
+	font-weight: 700;
+}
+.action-profile-members .profile_link .fn{
+	font-style: normal;
+	color: #000;
+}
@@ -17,7 +17,6 @@ when &#39;virtualhosts&#39;
       puts "  #{server_directive} #{domain.name}"
       server_directive = 'ServerAlias'
     end
-    puts "  Include /usr/share/noosfero/util/chat/apache/xmpp.conf"
     puts "  Include /etc/noosfero/apache/virtualhost.conf"
     puts "</VirtualHost>"
   end
...	...	@@ -37,7 +37,7 @@ before_install:
37	37	cache: bundler
38	38
39	39	before_script:
40		- - mkdir -p tmp/{pids,cache} log
	40	+ - mkdir -p tmp/{pids,cache} log cache
41	41	- script/noosfero-plugins disableall
42	42	#- bundle exec rake makemo &>/dev/null
43	43	# database
...	...
...	...	@@ -3,37 +3,30 @@ Noosfero release tasks
3	3
4	4	This file documents release-related activities.
5	5
6		-Working with translations
7		--------------------------
8		-
9		-* Update translation files: `rake updatepo`. Then `git commit` them.
10		-* Send the PO files to the translators.
11		-* Get the PO files back from translators, put in `po/` under the correct language name (e.,g. `po/pt_BR/`) and `git commit`.
12		-* test translations: `rake makemo` and browse the application on the web.
13		-
14	6	Releasing noosfero
15	7	------------------
16	8
17		-Considering you are on a Debian GNU/Linux or Debian-based system
	9	+Considering you are on a Debian GNU/Linux or Debian-based system, the following
	10	+packages are required during the release process:
18	11
19		- # apt-get install devscripts debhelper
	12	+```
	13	+# apt install git devscripts debhelper
	14	+```
20	15
21	16	To prepare a release of noosfero, you must follow the steps below:
22	17
23		-* Finish all requirements and bugs assigned to the to-be-released version
	18	+* Disable the automatic pushing of translation updates in weblate.
24	19	* Make sure all tests pass
25		-* Write release notes at the version's wiki topic
26	20	* Generate packages with `rake noosfero:release[(stable\|test)]`. This task will:
27	21	* Update the version in lib/noosfero.rb and debian/changelog.
28	22	* Create the tarbal and the deb pkg under pkg/ directory.
29	23	* Create a git tag and push it.
30		- * Upload the pkg to the configured repository (if configured) on ~/.dput.cf.
	24	+ * Upload the packages to the configured repository (if configured) on ~/.dput.cf.
31	25	* Test that the tarball and deb package are ok
32		-* Go to the version's wiki topic and edit it to reflect the new reality
33		-* Edit the topic WebPreferences and update DEBIAN_REPOSITORY_TOPICS setting
34		-* Attach the generated packages to that topic. Before attaching calculate the sha1 of the package (with sha1sum and paste the SHA1 hash as comment in the attachment form)
35		-* Download the attached and verify the MD5 hash
36	26	* Update an eventual demonstration version that you run.
37		-* Write an announcement e-mail to the relevant mailing lists pointing to the release notes, and maybe to the demonstration version.
	27	+* Write an announcement e-mail to the relevant mailing lists pointing to the
	28	+ release notes, and maybe to the demonstration version.
	29	+* Re-enable the automatic pushing of trasnlatio updates in weblate.
38	30
39		-If you had any problem during these steps, you can do `rake clobber_package` to completely delete the generated packages and start the process again.
	31	+If you had any problem during these steps, you can do `rake clobber_package` to
	32	+completely delete the generated packages and start the process again.
...	...
...	...	@@ -83,12 +83,9 @@ class BoxOrganizerController < ApplicationController
83	83
84	84	def save
85	85	@block = boxes_holder.blocks.find(params[:id])
86		- if @block.kind_of?(RawHTMLBlock) && !user.is_admin?(environment)
87		- render_access_denied
88		- else
89		- @block.update(params[:block])
90		- redirect_to :action => 'index'
91		- end
	86	+ return render_access_denied unless @block.editable?(user)
	87	+ @block.update(params[:block])
	88	+ redirect_to :action => 'index'
92	89	end
93	90
94	91	def boxes_editor?
...	...
...	...	@@ -32,7 +32,8 @@ class CmsController < MyProfileController
32	32	end
33	33
34	34	protect_if :only => [:new, :upload_files] do \|c, user, profile\|
35		- parent = profile.articles.find_by_id(c.params[:parent_id])
	35	+ parent_id = c.params[:article].present? ? c.params[:article][:parent_id] : c.params[:parent_id]
	36	+ parent = profile.articles.find_by_id(parent_id)
36	37	user && user.can_post_content?(profile, parent)
37	38	end
38	39
...	...
...	...	@@ -2,8 +2,27 @@ class ProfileMembersController < MyProfileController
2	2	protect 'manage_memberships', :profile
3	3
4	4	def index
5		- @members = profile.members_by_name
6		- @member_role = environment.roles.find_by_name('member')
	5	+ @filters = params[:filters] \|\| {:roles => []}
	6	+ all_roles = Profile::Roles.organization_member_roles(environment.id) \| Profile::Roles.organization_custom_roles(environment.id, profile.id)
	7	+ @filters[:roles] = all_roles unless @filters[:roles].present?
	8	+ @data = {}
	9	+ field = 'name'
	10	+ field = 'email' if @filters[:name] =~ /\@/
	11	+
	12	+ @data[:members] = profile.members_by(field,@filters[:name]).by_role(@filters[:roles])
	13	+ session[:members_filtered] = @data[:members].map{\|m\|m.id} if request.post?
	14	+ @data[:roles] = all_roles
	15	+
	16	+ end
	17	+
	18	+ def send_mail
	19	+ session[:members_filtered] = params[:members_filtered].select{\|value\| value!="0"}
	20	+ if session[:members_filtered].present?
	21	+ redirect_to :controller => :profile, :action => :send_mail
	22	+ else
	23	+ session[:notice] = _("Select at least one member.")
	24	+ redirect_to :action => :index
	25	+ end
7	26	end
8	27
9	28	def update_roles
...	...	@@ -156,4 +175,13 @@ class ProfileMembersController < MyProfileController
156	175	end
157	176	end
158	177
	178	+ def search_members
	179	+ field = 'name'
	180	+ field = 'email' if params[:filter_name] =~ /\@/
	181	+
	182	+ result = profile.members_like field, params[:filter_name]
	183	+ result = result.select{\|member\| member.can_view_field?(current_person, "email") } if field=="email"
	184	+ render :json => result.map { \|member\| {:label => "#{member.name}#{member.can_view_field?(current_person, "email") ? " <#{member.email}>" : ""}", :value => member.name }}
	185	+ end
	186	+
159	187	end
...	...
...	...	@@ -198,7 +198,7 @@ class AccountController < ApplicationController
198	198	if request.post?
199	199	begin
200	200	unless verify_recaptcha
201		- @change_password.errors.add(:base, _('Please type the words correctly'))
	201	+ @change_password.errors.add(:base, _('Please type the captcha text correctly'))
202	202	return false
203	203	end
204	204
...	...
...	...	@@ -68,11 +68,7 @@ class ContentViewerController < ApplicationController
68	68	process_comments(params)
69	69
70	70	if request.xhr? and params[:comment_order]
71		- if @comment_order == 'newest'
72		- @comments = @comments.reverse
73		- end
74		-
75		- return render :partial => 'comment/comment', :collection => @comments
	71	+ return render :partial => 'comment/comments_with_pagination'
76	72	end
77	73
78	74	if params[:slideshow]
...	...	@@ -209,8 +205,6 @@ class ContentViewerController < ApplicationController
209	205
210	206	def rendered_file_download(view = nil)
211	207	if @page.download? view
212		- headers['Content-Type'] = @page.mime_type
213		- headers.merge! @page.download_headers
214	208	data = @page.data
215	209
216	210	# TODO test the condition
...	...	@@ -218,7 +212,12 @@ class ContentViewerController < ApplicationController
218	212	raise "No data for file"
219	213	end
220	214
221		- render :text => data, :layout => false
	215	+ if @page.published && @page.uploaded_file?
	216	+ redirect_to @page.public_filename
	217	+ else
	218	+ send_data data, @page.download_headers
	219	+ end
	220	+
222	221	return true
223	222	end
224	223
...	...	@@ -244,8 +243,12 @@ class ContentViewerController < ApplicationController
244	243
245	244	def get_posts(year = nil, month = nil)
246	245	if year && month
247		- filter_date = DateTime.parse("#{year}-#{month}-01")
248		- return @page.posts.by_range(filter_date..filter_date.at_end_of_month)
	246	+ begin
	247	+ filter_date = DateTime.parse("#{year}-#{month}-01")
	248	+ return @page.posts.by_range(filter_date..filter_date.at_end_of_month)
	249	+ rescue ArgumentError
	250	+ return @page.posts
	251	+ end
249	252	else
250	253	return @page.posts
251	254	end
...	...	@@ -276,8 +279,12 @@ class ContentViewerController < ApplicationController
276	279	@comments = @page.comments.without_spam
277	280	@comments = @plugins.filter(:unavailable_comments, @comments)
278	281	@comments_count = @comments.count
279		- @comments = @comments.without_reply.paginate(:per_page => per_page, :page => params[:comment_page] )
280	282	@comment_order = params[:comment_order].nil? ? 'oldest' : params[:comment_order]
	283	+ @comments = @comments.without_reply
	284	+ if @comment_order == 'newest'
	285	+ @comments = @comments.reverse
	286	+ end
	287	+ @comments = @comments.paginate(:per_page => per_page, :page => params[:comment_page] )
281	288	end
282	289
283	290	private
...	...
...	...	@@ -155,6 +155,18 @@ class ProfileController < PublicController
155	155	end
156	156	end
157	157
	158	+ def follow_article
	159	+ article = profile.environment.articles.find params[:article_id]
	160	+ article.person_followers << user
	161	+ redirect_to article.url
	162	+ end
	163	+
	164	+ def unfollow_article
	165	+ article = profile.environment.articles.find params[:article_id]
	166	+ article.person_followers.delete(user)
	167	+ redirect_to article.url
	168	+ end
	169	+
158	170	def unblock
159	171	if current_user.person.is_admin?(profile.environment)
160	172	profile.unblock
...	...	@@ -362,6 +374,7 @@ class ProfileController < PublicController
362	374	def send_mail
363	375	@mailing = profile.mailings.build(params[:mailing])
364	376	@email_templates = profile.email_templates.find_all_by_template_type(:organization_members)
	377	+ @mailing.data = session[:members_filtered] ? {:members_filtered => session[:members_filtered]} : {}
365	378	if request.post?
366	379	@mailing.locale = locale
367	380	@mailing.person = user
...	...
...	...	@@ -150,14 +150,8 @@ module ApplicationHelper
150	150	link_to text, profile_path(:profile => profile) , options
151	151	end
152	152
153		- def link_to_homepage(text, profile = nil, options = {})
154		- p = if profile
155		- Profile[profile]
156		- else
157		- user
158		- end
159		-
160		- link_to text, p.url, options
	153	+ def link_to_homepage(text, profile, options = {})
	154	+ link_to text, profile.url, options
161	155	end
162	156
163	157	def link_if_permitted(link, permission = nil, target = nil)
...	...	@@ -556,14 +550,25 @@ module ApplicationHelper
556	550	trigger_class = 'enterprise-trigger'
557	551	end
558	552	end
559		- extra_info = extra_info.nil? ? '' : content_tag( 'span', extra_info, :class => 'extra_info' )
	553	+
	554	+ extra_info_tag = ''
	555	+ img_class = 'profile-image'
	556	+
	557	+ if extra_info.is_a? Hash
	558	+ extra_info_tag = content_tag( 'span', extra_info[:value], :class => 'extra_info '+extra_info[:class])
	559	+ img_class +=' '+extra_info[:class]
	560	+ else
	561	+ extra_info_tag = content_tag( 'span', extra_info, :class => 'extra_info' )
	562	+ end
	563	+
560	564	links = links_for_balloon(profile)
561	565	content_tag('div', content_tag(tag,
562		- (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ? popover_menu(_('Profile links'),profile.short_name,links,{:class => trigger_class, :url => url}) : "") +
	566	+ (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ?
	567	+ popover_menu(_('Profile links'),profile.short_name,links,{:class => trigger_class, :url => url}) : "") +
563	568	link_to(
564		- content_tag( 'span', profile_image( profile, size ), :class => 'profile-image' ) +
	569	+ content_tag( 'span', profile_image( profile, size ), :class => img_class ) +
565	570	content_tag( 'span', h(name), :class => ( profile.class == Person ? 'fn' : 'org' ) ) +
566		- extra_info + profile_sex_icon( profile ),
	571	+ extra_info_tag + profile_sex_icon( profile ),
567	572	profile.url,
568	573	:class => 'profile_link url',
569	574	:help => _('Click on this icon to go to the <b>%s</b>\'s home page') % profile.name,
...	...	@@ -711,7 +716,7 @@ module ApplicationHelper
711	716	class NoosferoFormBuilder < ActionView::Helpers::FormBuilder
712	717	extend ActionView::Helpers::TagHelper
713	718
714		- def self.output_field(text, field_html, field_id = nil, options = {})
	719	+ def self.output_field(text, field_html, field_id = nil)
715	720	# try to guess an id if none given
716	721	if field_id.nil?
717	722	field_html =~ /id=['"]([^'"]*)['"]/
...	...	@@ -1040,10 +1045,11 @@ module ApplicationHelper
1040	1045	end
1041	1046
1042	1047	def search_contents_menu
	1048	+ host = environment.default_hostname
1043	1049	links = [
1044		- {s_('contents\|More recent') => {:href => url_for({:controller => 'search', :action => 'contents', :filter => 'more_recent'})}},
1045		- {s_('contents\|More viewed') => {:href => url_for({:controller => 'search', :action => 'contents', :filter => 'more_popular'})}},
1046		- {s_('contents\|Most commented') => {:href => url_for({:controller => 'search', :action => 'contents', :filter => 'more_comments'})}}
	1050	+ {s_('contents\|More recent') => {href: url_for({host: host, controller: 'search', action: 'contents', filter: 'more_recent'})}},
	1051	+ {s_('contents\|More viewed') => {href: url_for({host: host, controller: 'search', action: 'contents', filter: 'more_popular'})}},
	1052	+ {s_('contents\|Most commented') => {href: url_for({host: host, controller: 'search', action: 'contents', filter: 'more_comments'})}}
1047	1053	]
1048	1054	if logged_in?
1049	1055	links.push(_('New content') => modal_options({:href => url_for({:controller => 'cms', :action => 'new', :profile => current_user.login, :cms => true})}))
...	...	@@ -1055,10 +1061,11 @@ module ApplicationHelper
1055	1061	alias :browse_contents_menu :search_contents_menu
1056	1062
1057	1063	def search_people_menu
	1064	+ host = environment.default_hostname
1058	1065	links = [
1059		- {s_('people\|More recent') => {:href => url_for({:controller => 'search', :action => 'people', :filter => 'more_recent'})}},
1060		- {s_('people\|More active') => {:href => url_for({:controller => 'search', :action => 'people', :filter => 'more_active'})}},
1061		- {s_('people\|More popular') => {:href => url_for({:controller => 'search', :action => 'people', :filter => 'more_popular'})}}
	1066	+ {s_('people\|More recent') => {href: url_for({host: host, controller: 'search', action: 'people', filter: 'more_recent'})}},
	1067	+ {s_('people\|More active') => {href: url_for({host: host, controller: 'search', action: 'people', filter: 'more_active'})}},
	1068	+ {s_('people\|More popular') => {href: url_for({host: host, controller: 'search', action: 'people', filter: 'more_popular'})}}
1062	1069	]
1063	1070	if logged_in?
1064	1071	links.push(_('My friends') => {:href => url_for({:profile => current_user.login, :controller => 'friends'})})
...	...	@@ -1071,10 +1078,11 @@ module ApplicationHelper
1071	1078	alias :browse_people_menu :search_people_menu
1072	1079
1073	1080	def search_communities_menu
	1081	+ host = environment.default_hostname
1074	1082	links = [
1075		- {s_('communities\|More recent') => {:href => url_for({:controller => 'search', :action => 'communities', :filter => 'more_recent'})}},
1076		- {s_('communities\|More active') => {:href => url_for({:controller => 'search', :action => 'communities', :filter => 'more_active'})}},
1077		- {s_('communities\|More popular') => {:href => url_for({:controller => 'search', :action => 'communities', :filter => 'more_popular'})}}
	1083	+ {s_('communities\|More recent') => {href: url_for({host: host, controller: 'search', action: 'communities', filter: 'more_recent'})}},
	1084	+ {s_('communities\|More active') => {href: url_for({host: host, controller: 'search', action: 'communities', filter: 'more_active'})}},
	1085	+ {s_('communities\|More popular') => {href: url_for({host: host, controller: 'search', action: 'communities', filter: 'more_popular'})}}
1078	1086	]
1079	1087	if logged_in?
1080	1088	links.push(_('My communities') => {:href => url_for({:profile => current_user.login, :controller => 'memberships'})})
...	...
...	...	@@ -169,4 +169,30 @@ module ArticleHelper
169	169	_('Edit')
170	170	end
171	171
	172	+ def follow_button_text(article)
	173	+ if article.event?
	174	+ _('Attend')
	175	+ else
	176	+ _('Follow')
	177	+ end
	178	+ end
	179	+
	180	+ def unfollow_button_text(article)
	181	+ if article.event?
	182	+ _('Unattend')
	183	+ else
	184	+ _('Unfollow')
	185	+ end
	186	+ end
	187	+
	188	+ def following_button(page, user)
	189	+ if !user.blank? and user != page.author
	190	+ if page.is_followed_by? user
	191	+ button :cancel, unfollow_button_text(page), {:controller => 'profile', :action => 'unfollow_article', :article_id => page.id}
	192	+ else
	193	+ button :add, follow_button_text(page), {:controller => 'profile', :action => 'follow_article', :article_id => page.id}
	194	+ end
	195	+ end
	196	+ end
	197	+
172	198	end
...	...