merging with master

Leandro Santos
2 parents 7ec835d6 ae050c75
Showing 35 changed files with 612 additions and 886 deletions Show diff stats
Gemfile
Gemfile.lock
app/models/add_friend.rb
app/models/add_member.rb
app/models/approve_article.rb
app/models/change_password.rb
app/models/create_community.rb
app/models/create_enterprise.rb
app/models/email_activation.rb
app/models/enterprise_activation.rb
app/models/invitation.rb
app/models/moderate_user_registration.rb
app/models/profile.rb
app/models/suggest_article.rb
app/models/task.rb
app/views/api/playground.html.erb
config.ru
config/application.rb
config/initializers/eager_load.rb
db/schema.rb
@@ -18,18 +18,18 @@ gem &#39;exception_notification&#39;,   &#39;~&gt; 4.0.1&#39;
 gem 'gettext',                  '~> 2.2.1', :require => false
 gem 'locale',                   '~> 2.0.5'
 gem 'whenever', :require => false
-gem 'grape',                    '~> 0.11.0'
+gem 'eita-jrails', '~> 0.9.5', require: 'jrails'
+
+# API dependencies
+gem 'grape',                    '~> 0.12'
 gem 'grape-entity'
-gem 'grape-swagger'
-gem 'grape_logging'
-gem 'api-pagination',           '~> 4.1.1'
+#FIXME Get the Grape Loggin from master yo solve this issue https://github.com/intridea/grape/issues/1059
+#We have to remove this commit referenve code when update the next release of grape_logging. Actualy we are using (1.1.2)
+gem 'grape_logging', :git => 'https://github.com/aceunreal/grape_logging.git', :ref => '100091b'
 gem 'rack-cors'
 gem 'rack-contrib'
-#gem 'grape-swagger-rails'
  
-# FIXME list here all actual dependencies (i.e. the ones in debian/control),
-# with their GEM names (not the Debian package names)
-gem 'eita-jrails', '~> 0.9.5', require: 'jrails'
+gem 'api-pagination',           '~> 4.1.1'
  
 # asset pipeline
 gem 'uglifier', '>= 1.0.3'
@@ -1,269 +0,0 @@
-GEM
-  remote: https://rubygems.org/
-  specs:
-    RedCloth (4.2.9)
-    actionmailer (3.2.22)
-      actionpack (= 3.2.22)
-      mail (~> 2.5.4)
-    actionpack (3.2.22)
-      activemodel (= 3.2.22)
-      activesupport (= 3.2.22)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.5)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.2.1)
-    activemodel (3.2.22)
-      activesupport (= 3.2.22)
-      builder (~> 3.0.0)
-    activerecord (3.2.22)
-      activemodel (= 3.2.22)
-      activesupport (= 3.2.22)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.22)
-      activemodel (= 3.2.22)
-      activesupport (= 3.2.22)
-    activesupport (3.2.22)
-      i18n (~> 0.6, >= 0.6.4)
-      multi_json (~> 1.0)
-    acts-as-taggable-on (3.4.4)
-      activerecord (>= 3.2, < 5)
-    api-pagination (4.1.1)
-    arel (3.0.3)
-    axiom-types (0.1.1)
-      descendants_tracker (~> 0.0.4)
-      ice_nine (~> 0.11.0)
-      thread_safe (~> 0.3, >= 0.3.1)
-    builder (3.0.4)
-    capybara (2.1.0)
-      mime-types (>= 1.16)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      xpath (~> 2.0)
-    childprocess (0.5.6)
-      ffi (~> 1.0, >= 1.0.11)
-    chronic (0.10.2)
-    coercible (1.0.0)
-      descendants_tracker (~> 0.0.1)
-    cucumber (1.0.6)
-      builder (>= 2.1.2)
-      diff-lcs (>= 1.1.2)
-      gherkin (~> 2.4.18)
-      json (>= 1.4.6)
-      term-ansicolor (>= 1.0.6)
-    cucumber-rails (1.0.6)
-      capybara (>= 1.1.1)
-      cucumber (>= 1.0.6)
-      nokogiri (>= 1.5.0)
-    daemons (1.1.9)
-    dalli (2.7.4)
-    database_cleaner (1.2.0)
-    descendants_tracker (0.0.4)
-      thread_safe (~> 0.3, >= 0.3.1)
-    diff-lcs (1.2.5)
-    eita-jrails (0.9.5)
-      actionpack (~> 3.2, >= 3.1.0)
-      activesupport (~> 3.2, >= 3.0.0)
-    equalizer (0.0.11)
-    erubis (2.7.0)
-    eventmachine (1.0.7)
-    exception_notification (4.0.1)
-      actionmailer (>= 3.0.4)
-      activesupport (>= 3.0.4)
-    execjs (2.5.2)
-    fast_gettext (0.6.12)
-    ffi (1.9.10)
-    gettext (2.2.1)
-      locale
-    gherkin (2.4.21)
-      json (>= 1.4.6)
-    git-version-bump (0.15.1)
-    grape (0.11.0)
-      activesupport
-      builder
-      hashie (>= 2.1.0)
-      multi_json (>= 1.3.2)
-      multi_xml (>= 0.5.2)
-      rack (>= 1.3.0)
-      rack-accept
-      rack-mount
-      virtus (>= 1.0.0)
-    grape-entity (0.4.5)
-      activesupport
-      multi_json (>= 1.3.2)
-    grape-swagger (0.10.1)
-      grape (>= 0.8.0)
-      grape-entity
-    grape_logging (1.1.2)
-      grape
-    hashie (3.4.2)
-    hike (1.2.3)
-    i18n (0.7.0)
-    ice_nine (0.11.1)
-    journey (1.0.4)
-    json (1.8.3)
-    locale (2.0.9)
-    magic (0.2.9)
-      ffi (>= 0.6.3)
-    mail (2.5.4)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    metaclass (0.0.4)
-    mime-types (1.25.1)
-    mini_portile (0.6.2)
-    minitest (3.2.0)
-    mocha (1.1.0)
-      metaclass (~> 0.0.1)
-    multi_json (1.11.2)
-    multi_xml (0.5.5)
-    nokogiri (1.6.6.2)
-      mini_portile (~> 0.6.0)
-    pg (0.13.2)
-    polyglot (0.3.5)
-    rack (1.4.7)
-    rack-accept (0.4.5)
-      rack (>= 0.4)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-contrib (1.3.0)
-      git-version-bump (~> 0.15)
-      rack (~> 1.4)
-    rack-cors (0.4.0)
-    rack-mount (0.8.3)
-      rack (>= 1.0.0)
-    rack-ssl (1.3.4)
-      rack
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rails (3.2.22)
-      actionmailer (= 3.2.22)
-      actionpack (= 3.2.22)
-      activerecord (= 3.2.22)
-      activeresource (= 3.2.22)
-      activesupport (= 3.2.22)
-      bundler (~> 1.0)
-      railties (= 3.2.22)
-    rails_autolink (1.1.6)
-      rails (> 3.1)
-    railties (3.2.22)
-      actionpack (= 3.2.22)
-      activesupport (= 3.2.22)
-      rack-ssl (~> 1.3.2)
-      rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
-    rake (10.4.2)
-    rdoc (3.12.2)
-      json (~> 1.4)
-    rest-client (1.6.9)
-      mime-types (~> 1.16)
-    rmagick (2.13.4)
-    rspec (2.14.1)
-      rspec-core (~> 2.14.0)
-      rspec-expectations (~> 2.14.0)
-      rspec-mocks (~> 2.14.0)
-    rspec-core (2.14.8)
-    rspec-expectations (2.14.5)
-      diff-lcs (>= 1.1.3, < 2.0)
-    rspec-mocks (2.14.6)
-    rspec-rails (2.14.2)
-      actionpack (>= 3.0)
-      activemodel (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-core (~> 2.14.0)
-      rspec-expectations (~> 2.14.0)
-      rspec-mocks (~> 2.14.0)
-    ruby-feedparser (0.9.3)
-      magic
-    rubyzip (1.1.7)
-    sass (3.4.15)
-    sass-rails (3.2.6)
-      railties (~> 3.2.0)
-      sass (>= 3.1.10)
-      tilt (~> 1.3)
-    selenium-webdriver (2.39.0)
-      childprocess (>= 0.2.5)
-      multi_json (~> 1.0)
-      rubyzip (~> 1.0)
-      websocket (~> 1.0.4)
-    sprockets (2.2.3)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    term-ansicolor (1.3.2)
-      tins (~> 1.0)
-    thin (1.3.1)
-      daemons (>= 1.0.9)
-      eventmachine (>= 0.12.6)
-      rack (>= 1.0.0)
-    thor (0.19.1)
-    thread_safe (0.3.5)
-    tilt (1.4.1)
-    tins (1.5.4)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.44)
-    uglifier (2.7.1)
-      execjs (>= 0.3.0)
-      json (>= 1.8.0)
-    virtus (1.0.5)
-      axiom-types (~> 0.1)
-      coercible (~> 1.0)
-      descendants_tracker (~> 0.0, >= 0.0.3)
-      equalizer (~> 0.0, >= 0.0.9)
-    websocket (1.0.7)
-    whenever (0.9.4)
-      chronic (>= 0.6.3)
-    will_paginate (3.0.7)
-    xpath (2.0.0)
-      nokogiri (~> 1.3)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  RedCloth (~> 4.2.9)
-  acts-as-taggable-on (~> 3.4.2)
-  api-pagination (~> 4.1.1)
-  capybara (~> 2.1.0)
-  cucumber (~> 1.0.6)
-  cucumber-rails (~> 1.0.6)
-  daemons (~> 1.1.5)
-  dalli (~> 2.7.0)
-  database_cleaner (~> 1.2.0)
-  eita-jrails (~> 0.9.5)
-  exception_notification (~> 4.0.1)
-  fast_gettext (~> 0.6.8)
-  gettext (~> 2.2.1)
-  grape (~> 0.11.0)
-  grape-entity
-  grape-swagger
-  grape_logging
-  locale (~> 2.0.5)
-  minitest (~> 3.2.0)
-  mocha (~> 1.1.0)
-  nokogiri (~> 1.6.0)
-  pg (~> 0.13.2)
-  rack-contrib
-  rack-cors
-  rails (~> 3.2.22)
-  rails_autolink (~> 1.1.5)
-  rake
-  rest-client (~> 1.6.7)
-  rmagick (~> 2.13.1)
-  rspec (~> 2.14.0)
-  rspec-rails (~> 2.14.1)
-  ruby-feedparser (~> 0.7)
-  sass-rails
-  selenium-webdriver (~> 2.39.0)
-  thin (~> 1.3.1)
-  uglifier (>= 1.0.3)
-  whenever
-  will_paginate (~> 3.0.3)
@@ -14,6 +14,9 @@ class AddFriend &lt; Task
   alias :friend :target
   alias :friend= :target=
  
+	validates :requestor, :kind_of => { :kind => Person }
+	validates :target, :kind_of => { :kind => Person }
+
   after_create do |task|
     TaskMailer.invitation_notification(task).deliver unless task.friend
     remove_from_suggestion_list(task)
@@ -2,6 +2,9 @@ class AddMember &lt; Task
  
   validates_presence_of :requestor_id, :target_id
  
+  validates :requestor, kind_of: {kind: Person}
+  validates :target, kind_of: {kind: Organization}
+
   alias :person :requestor
   alias :person= :requestor=
  
 class ApproveArticle < Task
   validates_presence_of :requestor_id, :target_id
  
+  validates :requestor, kind_of: {kind: Person}
+  validate :allowed_requestor
+
+  def allowed_requestor
+    if target
+      if target.person? && requestor != target
+        self.errors.add(:requestor, _('You can not post articles to other users.'))
+      end
+      if target.organization? && !target.members.include?(requestor) && target.environment.portal_community != target
+        self.errors.add(:requestor, _('Only members can post articles on communities.'))
+      end
+    end
+  end
+
   def article_title
     article ? article.title : _('(The original text was removed)')
   end
-  
+
   def article
     Article.find_by_id data[:article_id]
   end
@@ -124,4 +138,9 @@ class ApproveArticle &lt; Task
     message
   end
  
+  def request_is_member_of_target
+    unless requestor.is_member_of?(target)
+      errors.add(:approve_article, N_('Requestor must be a member of target.'))
+    end
+  end
 end
@@ -18,6 +18,8 @@ class ChangePassword &lt; Task
  
   validates_presence_of :requestor
  
+  validates :requestor, kind_of: {kind: Person}
+
   ###################################################
   # validations for updating a ChangePassword task 
  
@@ -3,6 +3,9 @@ class CreateCommunity &lt; Task
   validates_presence_of :requestor_id, :target_id
   validates_presence_of :name
  
+  validates :requestor, kind_of: {kind: Person}
+  validates :target, kind_of: {kind: Environment}
+
   alias :environment :target
   alias :environment= :target=
  
@@ -27,6 +27,8 @@ class CreateEnterprise &lt; Task
   # checks for actual attributes
   validates_presence_of :requestor_id, :target_id
  
+  validates :requestor, kind_of: {kind: Person}
+
   # checks for admins required attributes
   DATA_FIELDS.each do |attribute|
     validates_presence_of attribute, :if => lambda { |obj| obj.environment.required_enterprise_fields.include?(attribute) }
 class EmailActivation < Task
  
   validates_presence_of :requestor_id, :target_id
+
+  validates :requestor, kind_of: {kind: Person}
+  validates :target, kind_of: {kind: Environment}
+
   validate :already_requested, :on => :create
  
   alias :environment :target
   alias :person :requestor
  
   def already_requested
-    if !self.requestor.nil? && self.requestor.user.email_activation_pending?
+    if !self.requestor.nil? && self.requestor.person? && self.requestor.user.email_activation_pending?
       self.errors.add(:base, _('You have already requested activation of your mailbox.'))
     end
   end
@@ -8,6 +8,8 @@ class EnterpriseActivation &lt; Task
  
   validates_presence_of :enterprise
  
+  validates :target, kind_of: {kind: Enterprise}
+
   def perform
     self.enterprise.enable self.requestor
   end
@@ -6,6 +6,8 @@ class Invitation &lt; Task
  
   validates_presence_of :target_id, :if => Proc.new{|invite| invite.friend_email.blank?}
  
+  validates :requestor, kind_of: {kind: Person}
+
   validates_presence_of :friend_email, :if => Proc.new{|invite| invite.target_id.blank?}
   validates_format_of :friend_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => Proc.new{|invite| invite.target_id.blank?}
  
@@ -34,7 +36,7 @@ class Invitation &lt; Task
   end
  
   def not_invite_yourself
-    email = friend ? friend.user.email : friend_email
+    email = friend && friend.person? ? friend.user.email : friend_email
     if person && email && person.user.email == email
       self.errors.add(:base, _("You can't invite youself"))
     end
@@ -136,7 +138,11 @@ class Invitation &lt; Task
   end
  
   def environment
-    self.requestor.environment
+    if self.requestor
+      self.requestor.environment
+    else
+      nil
+    end
   end
  
 end
@@ -7,6 +7,8 @@ class ModerateUserRegistration &lt; Task
  
   after_create :schedule_spam_checking
  
+  validates :target, kind_of: {kind: Environment}
+
   alias :environment :target
   alias :environment= :target=
  
@@ -203,9 +203,9 @@ class Profile &lt; ActiveRecord::Base
     Profile.column_names.map{|n| [Profile.table_name, n].join('.')}.join(',')
   end
  
-  scope :visible, :conditions => { :visible => true }
+  scope :visible, :conditions => { :visible => true, :secret => false }
   scope :disabled, :conditions => { :visible => false }
-  scope :public, :conditions => { :visible => true, :public_profile => true }
+  scope :public, :conditions => { :visible => true, :public_profile => true, :secret => false }
   scope :enabled, :conditions => { :enabled => true }
  
   # Subclasses must override this method
@@ -92,4 +92,5 @@ class SuggestArticle &lt; Task
   def after_ham!
     self.delay.marked_as_ham
   end
+
 end
@@ -117,6 +117,51 @@ class Task &lt; ActiveRecord::Base
     end
   end
  
+  class KindOfValidator < ActiveModel::EachValidator
+    def validate_each(record, attribute, value)
+      environment = record.environment || Environment.default
+      klass = options[:kind]
+      group = klass.to_s.downcase.pluralize
+      id = attribute.to_s + "_id"
+      if environment.respond_to?(group)
+        attrb = value || environment.send(group).find_by_id(record.send(id))
+      else
+        attrb = value || klass.find_by_id(record.send(id))
+      end
+      if attrb.respond_to?(klass.to_s.downcase + "?")
+        unless attrb.send(klass.to_s.downcase + "?")
+          record.errors[attribute] << (options[:message] || "should be "+ klass.to_s.downcase)
+        end
+      else
+        unless attrb.class == klass
+          record.errors[attribute] << (options[:message] || "should be "+ klass.to_s.downcase)
+        end
+      end
+    end
+  end
+
+  def requestor_is_of_kind(klass, message = nil)
+    error_message = message ||= _('Task requestor must be '+klass.to_s.downcase)
+    group = klass.to_s.downcase.pluralize
+    if environment.respond_to?(group) and requestor_id
+      requestor = requestor ||= environment.send(klass.to_s.downcase.pluralize).find_by_id(requestor_id)
+    end
+    unless requestor.class == klass
+      errors.add(error_message)
+    end
+  end
+
+  def target_is_of_kind(klass, message = nil)
+    error_message = message ||= _('Task target must be '+klass.to_s.downcase)
+    group = klass.to_s.downcase.pluralize
+    if environment.respond_to?(group) and target_id
+      target = target ||= environment.send(klass.to_s.downcase.pluralize).find_by_id(target_id)
+    end
+    unless target.class == klass
+      errors.add(error_message)
+    end
+  end
+
   def close(status, closed_by)
     self.status = status
     self.end_date = Time.now
@@ -12,7 +12,11 @@ endpoints.map do |endpoint|
       }
     end
   end
-end.flatten.compact.sort{|a,b| a[:path]=='/api/v1/login' ? -1:1}.to_json %>;
+end.flatten.compact.sort{|a,b|
+  a[:path]=='/api/v1/login' ? -1 :
+  b[:path]=='/api/v1/login' ?  1 :
+  a[:path] <=> b[:path]
+}.to_json %>;
 </script>
  
 <form id="api-form">
@@ -6,6 +6,13 @@ require ::File.expand_path(&#39;../config/environment&#39;,  __FILE__)
 #use Rails::Rack::Static
 #run ActionController::Dispatcher.new
  
+use Rack::Cors do
+  allow do
+    origins '*'
+    resource '/api/*', :headers => :any, :methods => [:get, :post]
+  end
+end
+
 rails_app = Rack::Builder.new do
   run Noosfero::Application
 end
@@ -135,12 +135,5 @@ module Noosfero
  
     Noosfero::Plugin.setup(config)
  
-    config.middleware.use Rack::Cors do
-      allow do
-        origins '*'
-        resource '/api/*', :headers => :any, :methods => [:get, :post]
-      end
-    end
-
   end
 end
@@ -0,0 +1 @@
+Rails.application.eager_load!
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
  
-ActiveRecord::Schema.define(:version => 20150603182105) do
+ActiveRecord::Schema.define(:version => 20150712194411) do
  
   create_table "abuse_reports", :force => true do |t|
     t.integer  "reporter_id"
@@ -48,6 +48,18 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
   add_index "action_tracker_notifications", ["profile_id", "action_tracker_id"], :name => "index_action_tracker_notif_on_prof_id_act_tracker_id", :unique => true
   add_index "action_tracker_notifications", ["profile_id"], :name => "index_action_tracker_notifications_on_profile_id"
  
+  create_table "article_followers", :force => true do |t|
+    t.integer  "person_id",  :null => false
+    t.integer  "article_id", :null => false
+    t.datetime "since"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
+  add_index "article_followers", ["article_id"], :name => "index_article_followers_on_article_id"
+  add_index "article_followers", ["person_id", "article_id"], :name => "index_article_followers_on_person_id_and_article_id", :unique => true
+  add_index "article_followers", ["person_id"], :name => "index_article_followers_on_person_id"
+
   create_table "article_privacy_exceptions", :id => false, :force => true do |t|
     t.integer "article_id"
     t.integer "person_id"
@@ -75,8 +87,8 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.integer  "comments_count"
     t.boolean  "advertise",            :default => true
     t.boolean  "published",            :default => true
-    t.date     "start_date"
-    t.date     "end_date"
+    t.datetime "start_date"
+    t.datetime "end_date"
     t.integer  "children_count",       :default => 0
     t.boolean  "accept_comments",      :default => true
     t.integer  "reference_article_id"
@@ -127,8 +139,8 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.integer  "comments_count",       :default => 0
     t.boolean  "advertise",            :default => true
     t.boolean  "published",            :default => true
-    t.date     "start_date"
-    t.date     "end_date"
+    t.datetime "start_date"
+    t.datetime "end_date"
     t.integer  "children_count",       :default => 0
     t.boolean  "accept_comments",      :default => true
     t.integer  "reference_article_id"
@@ -151,6 +163,8 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.integer  "author_id"
     t.integer  "created_by_id"
     t.boolean  "show_to_followers",    :default => true
+    t.integer  "sash_id"
+    t.integer  "level",                :default => 0
   end
  
   add_index "articles", ["comments_count"], :name => "index_articles_on_comments_count"
@@ -177,6 +191,17 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
   add_index "articles_categories", ["article_id"], :name => "index_articles_categories_on_article_id"
   add_index "articles_categories", ["category_id"], :name => "index_articles_categories_on_category_id"
  
+  create_table "badges_sashes", :force => true do |t|
+    t.integer  "badge_id"
+    t.integer  "sash_id"
+    t.boolean  "notified_user", :default => false
+    t.datetime "created_at"
+  end
+
+  add_index "badges_sashes", ["badge_id", "sash_id"], :name => "index_badges_sashes_on_badge_id_and_sash_id"
+  add_index "badges_sashes", ["badge_id"], :name => "index_badges_sashes_on_badge_id"
+  add_index "badges_sashes", ["sash_id"], :name => "index_badges_sashes_on_sash_id"
+
   create_table "blocks", :force => true do |t|
     t.string   "title"
     t.integer  "box_id"
@@ -272,8 +297,10 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.string   "referrer"
     t.text     "settings"
     t.integer  "paragraph_id"
+    t.string   "paragraph_uuid"
   end
  
+  add_index "comments", ["paragraph_uuid"], :name => "index_comments_on_paragraph_uuid"
   add_index "comments", ["source_id", "spam"], :name => "index_comments_on_source_id_and_spam"
  
   create_table "contact_lists", :force => true do |t|
@@ -313,6 +340,17 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
   add_index "domains", ["owner_id", "owner_type", "is_default"], :name => "index_domains_on_owner_id_and_owner_type_and_is_default"
   add_index "domains", ["owner_id", "owner_type"], :name => "index_domains_on_owner_id_and_owner_type"
  
+  create_table "email_templates", :force => true do |t|
+    t.string   "name"
+    t.string   "template_type"
+    t.string   "subject"
+    t.text     "body"
+    t.integer  "owner_id"
+    t.string   "owner_type"
+    t.datetime "created_at",    :null => false
+    t.datetime "updated_at",    :null => false
+  end
+
   create_table "environments", :force => true do |t|
     t.string   "name"
     t.string   "contact_email"
@@ -332,6 +370,7 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.string   "default_language"
     t.string   "noreply_email"
     t.string   "redirection_after_signup",     :default => "keep_on_same_page"
+    t.text     "send_email_plugin_allow_to"
     t.string   "date_format",                  :default => "month_name_with_year"
   end
  
@@ -368,6 +407,17 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
   add_index "friendships", ["person_id", "friend_id"], :name => "index_friendships_on_person_id_and_friend_id"
   add_index "friendships", ["person_id"], :name => "index_friendships_on_person_id"
  
+  create_table "gamification_plugin_badges", :force => true do |t|
+    t.string   "name"
+    t.integer  "level"
+    t.string   "description"
+    t.string   "custom_fields"
+    t.integer  "owner_id"
+    t.string   "owner_type"
+    t.datetime "created_at",    :null => false
+    t.datetime "updated_at",    :null => false
+  end
+
   create_table "images", :force => true do |t|
     t.integer "parent_id"
     t.string  "content_type"
@@ -424,6 +474,46 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.datetime "updated_at"
   end
  
+  create_table "mark_comment_as_read_plugin", :force => true do |t|
+    t.integer "comment_id"
+    t.integer "person_id"
+  end
+
+  add_index "mark_comment_as_read_plugin", ["comment_id", "person_id"], :name => "index_mark_comment_as_read_plugin_on_comment_id_and_person_id", :unique => true
+
+  create_table "merit_actions", :force => true do |t|
+    t.integer  "user_id"
+    t.string   "action_method"
+    t.integer  "action_value"
+    t.boolean  "had_errors",    :default => false
+    t.string   "target_model"
+    t.integer  "target_id"
+    t.text     "target_data"
+    t.boolean  "processed",     :default => false
+    t.datetime "created_at",                       :null => false
+    t.datetime "updated_at",                       :null => false
+  end
+
+  create_table "merit_activity_logs", :force => true do |t|
+    t.integer  "action_id"
+    t.string   "related_change_type"
+    t.integer  "related_change_id"
+    t.string   "description"
+    t.datetime "created_at"
+  end
+
+  create_table "merit_score_points", :force => true do |t|
+    t.integer  "score_id"
+    t.integer  "num_points", :default => 0
+    t.string   "log"
+    t.datetime "created_at"
+  end
+
+  create_table "merit_scores", :force => true do |t|
+    t.integer "sash_id"
+    t.string  "category", :default => "default"
+  end
+
   create_table "national_region_types", :force => true do |t|
     t.string "name"
   end
@@ -440,6 +530,15 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
   add_index "national_regions", ["name"], :name => "name_index"
   add_index "national_regions", ["national_region_code"], :name => "code_index"
  
+  create_table "pairwise_plugin_choices_related", :force => true do |t|
+    t.integer  "choice_id"
+    t.integer  "parent_choice_id"
+    t.integer  "question_id"
+    t.integer  "user_id"
+    t.datetime "created_at",       :null => false
+    t.datetime "updated_at",       :null => false
+  end
+
   create_table "price_details", :force => true do |t|
     t.decimal  "price",              :default => 0.0
     t.integer  "product_id"
@@ -547,15 +646,37 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.boolean  "allow_members_to_invite",               :default => true
     t.boolean  "invite_friends_only",                   :default => false
     t.boolean  "secret",                                :default => false
+    t.integer  "sash_id"
+    t.integer  "level",                                 :default => 0
   end
  
   add_index "profiles", ["activities_count"], :name => "index_profiles_on_activities_count"
   add_index "profiles", ["created_at"], :name => "index_profiles_on_created_at"
+  add_index "profiles", ["enabled"], :name => "index_profiles_on_enabled"
   add_index "profiles", ["environment_id"], :name => "index_profiles_on_environment_id"
   add_index "profiles", ["friends_count"], :name => "index_profiles_on_friends_count"
   add_index "profiles", ["identifier"], :name => "index_profiles_on_identifier"
   add_index "profiles", ["members_count"], :name => "index_profiles_on_members_count"
   add_index "profiles", ["region_id"], :name => "index_profiles_on_region_id"
+  add_index "profiles", ["type"], :name => "index_profiles_on_type"
+  add_index "profiles", ["validated"], :name => "index_profiles_on_validated"
+  add_index "profiles", ["visible"], :name => "index_profiles_on_visible"
+
+  create_table "proposals_discussion_plugin_proposal_evaluations", :force => true do |t|
+    t.integer  "proposal_task_id"
+    t.integer  "evaluator_id"
+    t.integer  "flagged_status"
+    t.datetime "created_at",       :null => false
+    t.datetime "updated_at",       :null => false
+  end
+
+  add_index "proposals_discussion_plugin_proposal_evaluations", ["evaluator_id"], :name => "index_proposals_discussion_plugin_proposal_evaluator_id"
+  add_index "proposals_discussion_plugin_proposal_evaluations", ["proposal_task_id"], :name => "index_proposals_discussion_plugin_proposal_task_id"
+
+  create_table "proposals_discussion_plugin_task_categories", :id => false, :force => true do |t|
+    t.integer "task_id"
+    t.integer "category_id"
+  end
  
   create_table "qualifier_certifiers", :force => true do |t|
     t.integer "qualifier_id"
@@ -597,6 +718,12 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.boolean "is_global"
   end
  
+  add_index "role_assignments", ["accessor_id", "accessor_type", "resource_id", "resource_type"], :name => "index_on_role_assigments_accessor_resource_role"
+  add_index "role_assignments", ["accessor_id", "accessor_type", "role_id"], :name => "index_on_role_assigments_accessor_role"
+  add_index "role_assignments", ["accessor_id", "accessor_type"], :name => "index_role_assignments_on_accessor_id_and_accessor_type"
+  add_index "role_assignments", ["resource_id", "resource_type", "role_id"], :name => "index_on_role_assigments_resource_role"
+  add_index "role_assignments", ["resource_id", "resource_type"], :name => "index_role_assignments_on_resource_id_and_resource_type"
+
   create_table "roles", :force => true do |t|
     t.string  "name"
     t.string  "key"
@@ -606,6 +733,11 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.integer "profile_id"
   end
  
+  create_table "sashes", :force => true do |t|
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
   create_table "scraps", :force => true do |t|
     t.text     "content"
     t.integer  "sender_id"
@@ -684,7 +816,7 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
   create_table "tasks", :force => true do |t|
     t.text     "data"
     t.integer  "status"
-    t.date     "end_date"
+    t.datetime "end_date"
     t.integer  "requestor_id"
     t.integer  "target_id"
     t.string   "code",           :limit => 40
@@ -59,7 +59,8 @@
         end
       end
  
-      ARTICLE_TYPES = Article.descendants.map{|a| a.to_s}
+      ARTICLE_TYPES = ['Article'] + Article.descendants.map{|a| a.to_s}
+      TASK_TYPES = ['Task'] + Task.descendants.map{|a| a.to_s}
  
       def find_article(articles, id)
         article = articles.find(id)
@@ -107,9 +108,36 @@
         articles
       end
  
-      def find_task(tasks, id)
-        task = tasks.find(id)
-        task.display_to?(current_user.person) ? task : forbidden!
+      def find_task(asset, id)
+        task = asset.tasks.find(id)
+        current_person.has_permission?(task.permission, asset) ? task : forbidden!
+      end
+
+      def post_task(asset, params)
+        klass_type= params[:content_type].nil? ? 'Task' : params[:content_type]
+        return forbidden! unless TASK_TYPES.include?(klass_type)
+
+        task = klass_type.constantize.new(params[:task])
+        task.requestor_id = current_person.id
+        task.target_id = asset.id
+        task.target_type = 'Profile'
+
+        if !task.save
+          render_api_errors!(task.errors.full_messages)
+        end
+        present task, :with => Entities::Task, :fields => params[:fields]
+      end
+
+      def present_task(asset)
+        task = find_task(asset, params[:id])
+        present task, :with => Entities::Task, :fields => params[:fields]
+      end
+
+      def present_tasks(asset)
+        tasks = select_filtered_collection_of(asset, 'tasks', params)
+        tasks = tasks.select {|t| current_person.has_permission?(t.permission, asset)}
+        return forbidden! if tasks.empty? && !current_person.has_permission?(:perform_task, asset)
+        present tasks, :with => Entities::Task, :fields => params[:fields]
       end
  
       def make_conditions_with_parameter(params = {})
@@ -131,12 +159,13 @@
       end
  
       def by_reference(scope, params)
-        if params[:reference_id]
-          created_at = scope.find(params[:reference_id]).created_at
-          scope.send("#{params.key?(:oldest) ? 'older_than' : 'younger_than'}", created_at)
-        else
+        reference_id = params[:reference_id].to_i == 0 ? nil : params[:reference_id].to_i
+        if reference_id.nil?
           scope
-        end
+        else
+          created_at = scope.find(reference_id).created_at
+          scope.send("#{params.key?(:oldest) ? 'older_than' : 'younger_than'}", created_at)
+         end
       end
  
       def select_filtered_collection_of(object, method, params)
@@ -18,146 +18,41 @@ module Noosfero
           # Example Request:
           #  GET host/api/v1/tasks?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317
           get do
-            #FIXME check for permission
             tasks = select_filtered_collection_of(environment, 'tasks', params)
+            tasks = tasks.select {|t| current_person.has_permission?(t.permission, environment)}
             present tasks, :with => Entities::Task, :fields => params[:fields]
           end
  
           desc "Return the task id"
           get ':id' do
-            task = find_task(environment.tasks, params[:id])
+            task = find_task(environment, params[:id])
             present task, :with => Entities::Task, :fields => params[:fields]
           end
-
-
         end
  
-        resource :communities do
-          segment '/:community_id' do
-            resource :tasks do
-              get do
-                #FIXME check for permission
-                community = environment.communities.find(params[:community_id])
-                tasks = select_filtered_collection_of(community, 'tasks', params)
-                present tasks, :with => Entities::Task, :fields => params[:fields]
-              end
-
-              get ':id' do
-                community = environment.communities.find(params[:community_id])
-                task = find_task(community.tasks, params[:id])
-                present task, :with => Entities::Task, :fields => params[:fields]
-              end
-
-              # Example Request:
-              #  POST api/v1/communites/:community_id/articles?private_token=234298743290432&article[name]=title&article[body]=body
-              post do
-                community = environment.communities.find(params[:community_id])
-#FIXME see the correct permission
-                return forbidden! unless current_person.can_post_content?(community)
-#FIXME check the task type before create
-                klass_type= params[:content_type].nil? ? 'Task' : params[:content_type]
-#                return forbidden! unless ARTICLE_TYPES.include?(klass_type)
-#
-                task = klass_type.constantize.new(params[:task])
-                task.requestor = current_person
-                task.target = community
-
-                if !task.save
-                  render_api_errors!(task.errors.full_messages)
+        kinds = %w[community person enterprise]
+        kinds.each do |kind|
+          resource kind.pluralize.to_sym do
+            segment "/:#{kind}_id" do
+              resource :tasks do
+                get do
+                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                  present_tasks(profile)
                 end
-                present task, :with => Entities::Task, :fields => params[:fields]
-              end
-
-            end
-          end
-
-        end
-
-        resource :people do
-          segment '/:person_id' do
-            resource :tasks do
-              get do
-#                person = environment.people.find(params[:person_id])
-#                articles = select_filtered_collection_of(person, 'articles', params)
-#                articles = articles.display_filter(current_person, person)
-tasks = Task.all
-                present tasks, :with => Entities::Task, :fields => params[:fields]
-              end
-
-              get ':id' do
-#                person = environment.people.find(params[:person_id])
-#                article = find_article(person.articles, params[:id])
-task = Task.first
-                present task, :with => Entities::Task, :fields => params[:fields]
-              end
  
-              post do
-#                person = environment.people.find(params[:person_id])
-#                return forbidden! unless current_person.can_post_content?(person)
-#
-#                klass_type= params[:content_type].nil? ? 'TinyMceArticle' : params[:content_type]
-#                return forbidden! unless ARTICLE_TYPES.include?(klass_type)
-#
-#                article = klass_type.constantize.new(params[:article])
-#                article.last_changed_by = current_person
-#                article.created_by= current_person
-#                article.profile = person
-#
-#                if !article.save
-#                  render_api_errors!(article.errors.full_messages)
-#                end
-task = Task.first
-                present task, :with => Entities::Task, :fields => params[:fields]
-              end
-
-            end
-          end
-
-        end
-
-        resource :enterprises do
-          segment '/:enterprise_id' do
-            resource :tasks do
-              get do
-#                enterprise = environment.enterprises.find(params[:enterprise_id])
-#                articles = select_filtered_collection_of(enterprise, 'articles', params)
-#                articles = articles.display_filter(current_person, enterprise)
-tasks = Task.all
-                present tasks, :with => Entities::Task, :fields => params[:fields]
-              end
-
-              get ':id' do
-#                enterprise = environment.enterprises.find(params[:enterprise_id])
-#                article = find_article(enterprise.articles, params[:id])
-task = Task.first
-                present task, :with => Entities::Task, :fields => params[:fields]
-              end
+                get ':id' do
+                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                  present_task(profile)
+                end
  
-              post do
-#                enterprise = environment.enterprises.find(params[:enterprise_id])
-#                return forbidden! unless current_person.can_post_content?(enterprise)
-#
-#                klass_type= params[:content_type].nil? ? 'TinyMceArticle' : params[:content_type]
-#                return forbidden! unless ARTICLE_TYPES.include?(klass_type)
-#
-#                article = klass_type.constantize.new(params[:article])
-#                article.last_changed_by = current_person
-#                article.created_by= current_person
-#                article.profile = enterprise
-#
-#                if !article.save
-#                  render_api_errors!(article.errors.full_messages)
-#                end
-task = Task.first
-                present task, :with => Entities::Task, :fields => params[:fields]
+                post do
+                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                  post_task(profile, params)
+                end
               end
-
             end
           end
-
         end
-
-
       end
     end
   end
@@ -32,12 +32,10 @@ class CategoriesControllerTest &lt; ActionController::TestCase
   end
  
   def test_edit
-    cat = Category.new
-    env.categories.expects(:find).with('1').returns(cat)
-    get :edit, :id => '1'
+    get :edit, :id => cat1
     assert_response :success
     assert_template 'edit'
-    assert_equal cat, assigns(:category)
+    assert_equal cat1, assigns(:category)
   end
  
   def test_edit_save
@@ -145,15 +145,23 @@ class TasksControllerTest &lt; ActionController::TestCase
   end
  
   should 'affiliate roles to user after finish add member task' do
-    community = fast_create(Community)
-    community.add_member(person)
-    another_person = fast_create(Person)
-    t = AddMember.create!(:person => another_person, :organization => community)
-    count = community.members.size
-    @controller.stubs(:profile).returns(community)
+    c = fast_create(Community)
+    p = create_user('member').person
+
+    @controller.stubs(:profile).returns(c)
+    c.affiliate(profile, Profile::Roles.all_roles(profile.environment.id))
+
+    t = AddMember.create!(:person => p, :organization => c)
+
+    count = c.members.size
+
     post :close, :tasks => {t.id => {:decision => 'finish', :task => {}}}
-    community = Profile.find(community.id)
-    assert_equal count + 1, community.members.size
+    t.reload
+    
+    ok('task should be finished') { t.status == Task::Status::FINISHED }
+
+    c.reload
+    assert_equal count + 1, c.members.size
   end
  
   should 'display a create ticket form' do
@@ -269,6 +277,7 @@ class TasksControllerTest &lt; ActionController::TestCase
     @controller.stubs(:profile).returns(c)
     c.affiliate(person, Profile::Roles.all_roles(c.environment))
     person = create_user('test_user').person
+    c.add_member(person)
     p_blog = Blog.create!(:profile => person, :name => 'Blog')
     c_blog1 = Blog.create!(:profile => c, :name => 'Blog')
     c_blog2 = Blog.new(:profile => c); c_blog2.name = 'blog2'; c_blog2.save!
@@ -31,7 +31,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   end
  
   should 'not return article if user has no permission to view it' do
-    person = fast_create(Person)
+    person = fast_create(Person, :environment_id => environment.id)
     article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
     assert !article.published?
  
@@ -58,7 +58,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   end
  
   should 'not list children of forbidden article' do
-    person = fast_create(Person)
+    person = fast_create(Person, :environment_id => environment.id)
     article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
     child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
     child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
@@ -67,7 +67,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   end
  
   should 'not return child of forbidden article' do
-    person = fast_create(Person)
+    person = fast_create(Person, :environment_id => environment.id)
     article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
     child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
     get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
@@ -75,7 +75,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   end
  
   should 'not return private child' do
-    person = fast_create(Person)
+    person = fast_create(Person, :environment_id => environment.id)
     article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
     child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
     get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
@@ -83,7 +83,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   end
  
   should 'not list private child' do
-    person = fast_create(Person)
+    person = fast_create(Person, :environment_id => environment.id)
     article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
     child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
     get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
@@ -98,7 +98,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   profile_kinds = %w(community person enterprise)
   profile_kinds.each do |kind|
     should "return article by #{kind}" do
-      profile = fast_create(kind.camelcase.constantize)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
       article = fast_create(Article, :profile_id => profile.id, :name => "Some thing")
       get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}"
       json = JSON.parse(last_response.body)
@@ -106,7 +106,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     end
  
     should "not return article by #{kind} if user has no permission to view it" do
-      profile = fast_create(kind.camelcase.constantize)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
       article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false)
       assert !article.published?
  
@@ -115,7 +115,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     end
  
     should "not list forbidden article when listing articles by #{kind}" do
-      profile = fast_create(kind.camelcase.constantize)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
       article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false)
       assert !article.published?
  
@@ -132,7 +132,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   group_kinds = %w(community enterprise)
   group_kinds.each do |kind|
     should "#{kind}: create article" do
-      profile = fast_create(kind.camelcase.constantize)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
       give_permission(user.person, 'post_content', profile)
       params[:article] = {:name => "Title"}
       post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
@@ -141,16 +141,16 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     end
  
     should "#{kind}: do not create article if user has no permission to post content" do
-      profile = fast_create(kind.camelcase.constantize)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
       give_permission(user.person, 'invite_members', profile)
       params[:article] = {:name => "Title"}
       post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
       assert_equal 403, last_response.status
     end
  
-    should "#{kind}: create article with parent" do
-      profile = fast_create(kind.camelcase.constantize)
-      profile.add_member(user.person)
+    should "#{kind} create article with parent" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
       article = fast_create(Article)
  
       params[:article] = {:name => "Title", :parent_id => article.id}
@@ -159,9 +159,9 @@ class ArticlesTest &lt; ActiveSupport::TestCase
       assert_equal article.id, json["article"]["parent"]["id"]
     end
  
-    should "#{kind}: create article with content type passed as parameter" do
-      profile = fast_create(kind.camelcase.constantize)
-      profile.add_member(user.person)
+    should "#{kind} create article with content type passed as parameter" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
  
       Article.delete_all
       params[:article] = {:name => "Title"}
@@ -173,8 +173,8 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     end
  
     should "#{kind}: create article of TinyMceArticle type if no content type is passed as parameter" do
-      profile = fast_create(kind.camelcase.constantize)
-      profile.add_member(user.person)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
  
       params[:article] = {:name => "Title"}
       post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
@@ -184,7 +184,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     end
  
     should "#{kind}: not create article with invalid article content type" do
-      profile = fast_create(kind.camelcase.constantize)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
       profile.add_member(user.person)
  
       params[:article] = {:name => "Title"}
@@ -195,20 +195,20 @@ class ArticlesTest &lt; ActiveSupport::TestCase
       assert_equal 403, last_response.status
     end
  
-    should "#{kind}: create article defining the correct profile" do
-      profile = fast_create(kind.camelcase.constantize)
-      profile.add_member(user.person)
+    should "#{kind} create article defining the correct profile" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
  
       params[:article] = {:name => "Title"}
       post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
       json = JSON.parse(last_response.body)
  
-      assert_equal profile, Article.last.profile
+      assert_equal profile.id, json['article']['profile']['id']
     end
  
     should "#{kind}: create article defining the created_by" do
-      profile = fast_create(kind.camelcase.constantize)
-      profile.add_member(user.person)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
  
       params[:article] = {:name => "Title"}
       post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
@@ -218,8 +218,8 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     end
  
     should "#{kind}: create article defining the last_changed_by" do
-      profile = fast_create(kind.camelcase.constantize)
-      profile.add_member(user.person)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
  
       params[:article] = {:name => "Title"}
       post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
@@ -241,7 +241,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   end
  
   should 'person do not create article if user has no permission to post content' do
-    person = fast_create(Person)
+    person = fast_create(Person, :environment_id => environment.id)
     params[:article] = {:name => "Title"}
     post "/api/v1/people/#{person.id}/articles?#{params.to_query}"
     assert_equal 403, last_response.status
@@ -7,25 +7,25 @@ class CategoriesTest &lt; ActiveSupport::TestCase
   end
  
   should 'list categories' do
-    category = fast_create(Category)
+    category = fast_create(Category, :environment_id => environment.id)
     get "/api/v1/categories/?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_includes json["categories"].map { |c| c["name"] }, category.name
   end
  
   should 'get category by id' do
-    category = fast_create(Category)
+    category = fast_create(Category, :environment_id => environment.id)
     get "/api/v1/categories/#{category.id}/?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equal category.name, json["category"]["name"]
   end
  
   should 'list parent and children when get category by id' do
-    parent = fast_create(Category)
-    child_1 = fast_create(Category)
-    child_2 = fast_create(Category)
+    parent = fast_create(Category, :environment_id => environment.id)
+    child_1 = fast_create(Category, :environment_id => environment.id)
+    child_2 = fast_create(Category, :environment_id => environment.id)
  
-    category = fast_create(Category)
+    category = fast_create(Category, :environment_id => environment.id)
     category.parent = parent
     category.children << child_1
     category.children << child_2
@@ -38,11 +38,11 @@ class CategoriesTest &lt; ActiveSupport::TestCase
   end
  
   should 'include parent in categories list if params is true' do
-    parent_1 = fast_create(Category) # parent_1 has no parent category
-    child_1 = fast_create(Category)
-    child_2 = fast_create(Category)
+    parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category
+    child_1 = fast_create(Category, :environment_id => environment.id)
+    child_2 = fast_create(Category, :environment_id => environment.id)
  
-    parent_2 = fast_create(Category)
+    parent_2 = fast_create(Category, :environment_id => environment.id)
     parent_2.parent = parent_1
     parent_2.children << child_1
     parent_2.children << child_2
@@ -60,10 +60,10 @@ class CategoriesTest &lt; ActiveSupport::TestCase
   end
  
   should 'include children in categories list if params is true' do
-    category = fast_create(Category)
-    child_1 = fast_create(Category)
-    child_2 = fast_create(Category)
-    child_3 = fast_create(Category)
+    category = fast_create(Category, :environment_id => environment.id)
+    child_1 = fast_create(Category, :environment_id => environment.id)
+    child_2 = fast_create(Category, :environment_id => environment.id)
+    child_3 = fast_create(Category, :environment_id => environment.id)
  
     category.children << child_1
     category.children << child_2
@@ -8,8 +8,8 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
  
   should 'list only communities' do
-    community = fast_create(Community)
-    enterprise = fast_create(Enterprise) # should not list this enterprise
+    community = fast_create(Community, :environment_id => environment.id)
+    enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise
     get "/api/v1/communities?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id
@@ -17,16 +17,16 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
  
   should 'list all communities' do
-    community1 = fast_create(Community, :public_profile => true)
-    community2 = fast_create(Community)
+    community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true)
+    community2 = fast_create(Community, :environment_id => environment.id)
     get "/api/v1/communities?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']}
   end
  
   should 'not list invisible communities' do
-    community1 = fast_create(Community)
-    fast_create(Community, :visible => false)
+    community1 = fast_create(Community, :environment_id => environment.id)
+    fast_create(Community, :environment_id => environment.id, :visible => false)
  
     get "/api/v1/communities?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -34,8 +34,8 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
  
   should 'not list private communities without permission' do
-    community1 = fast_create(Community)
-    fast_create(Community, :public_profile => false)
+    community1 = fast_create(Community, :environment_id => environment.id)
+    fast_create(Community, :environment_id => environment.id, :public_profile => false)
  
     get "/api/v1/communities?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -43,8 +43,8 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
  
   should 'list private community for members' do
-    c1 = fast_create(Community)
-    c2 = fast_create(Community, :public_profile => false)
+    c1 = fast_create(Community, :environment_id => environment.id)
+    c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false)
     c2.add_member(person)
  
     get "/api/v1/communities?#{params.to_query}"
@@ -66,7 +66,7 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
  
   should 'get community' do
-    community = fast_create(Community)
+    community = fast_create(Community, :environment_id => environment.id)
  
     get "/api/v1/communities/#{community.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -74,7 +74,7 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
  
   should 'not get invisible community' do
-    community = fast_create(Community, :visible => false)
+    community = fast_create(Community, :environment_id => environment.id, :visible => false)
  
     get "/api/v1/communities/#{community.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -82,8 +82,8 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
  
   should 'not get private communities without permission' do
-    community = fast_create(Community)
-    fast_create(Community, :public_profile => false)
+    community = fast_create(Community, :environment_id => environment.id)
+    fast_create(Community, :environment_id => environment.id, :public_profile => false)
  
     get "/api/v1/communities/#{community.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -91,17 +91,18 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
  
   should 'get private community for members' do
-    community = fast_create(Community, :public_profile => false)
+    community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true)
     community.add_member(person)
  
+
     get "/api/v1/communities/#{community.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equal community.id, json['community']['id']
   end
  
   should 'list person communities' do
-    community = fast_create(Community)
-    fast_create(Community)
+    community = fast_create(Community, :environment_id => environment.id)
+    fast_create(Community, :environment_id => environment.id)
     community.add_member(person)
  
     get "/api/v1/people/#{person.id}/communities?#{params.to_query}"
@@ -110,8 +111,8 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
  
   should 'not list person communities invisible' do
-    c1 = fast_create(Community)
-    c2 = fast_create(Community, :visible => false)
+    c1 = fast_create(Community, :environment_id => environment.id)
+    c2 = fast_create(Community, :environment_id => environment.id, :visible => false)
     c1.add_member(person)
     c2.add_member(person)
  
@@ -8,8 +8,8 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
  
   should 'list only enterprises' do
-    community = fast_create(Community) # should not list this community
-    enterprise = fast_create(Enterprise, :public_profile => true)
+    community = fast_create(Community, :environment_id => environment.id) # should not list this community
+    enterprise = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true)
     get "/api/v1/enterprises?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_includes json['enterprises'].map {|c| c['id']}, enterprise.id
@@ -17,15 +17,15 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
  
   should 'list all enterprises' do
-    enterprise1 = fast_create(Enterprise, :public_profile => true)
-    enterprise2 = fast_create(Enterprise)
+    enterprise1 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true)
+    enterprise2 = fast_create(Enterprise, :environment_id => environment.id)
     get "/api/v1/enterprises?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equivalent [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']}
   end
  
   should 'not list invisible enterprises' do
-    enterprise1 = fast_create(Enterprise)
+    enterprise1 = fast_create(Enterprise, :environment_id => environment.id)
     fast_create(Enterprise, :visible => false)
  
     get "/api/v1/enterprises?#{params.to_query}"
@@ -34,8 +34,8 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
  
   should 'not list private enterprises without permission' do
-    enterprise1 = fast_create(Enterprise)
-    fast_create(Enterprise, :public_profile => false)
+    enterprise1 = fast_create(Enterprise, :environment_id => environment.id)
+    fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
  
     get "/api/v1/enterprises?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -43,8 +43,8 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
  
   should 'list private enterprise for members' do
-    c1 = fast_create(Enterprise)
-    c2 = fast_create(Enterprise, :public_profile => false)
+    c1 = fast_create(Enterprise, :environment_id => environment.id)
+    c2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
     c2.add_member(person)
  
     get "/api/v1/enterprises?#{params.to_query}"
@@ -53,7 +53,7 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
  
   should 'get enterprise' do
-    enterprise = fast_create(Enterprise)
+    enterprise = fast_create(Enterprise, :environment_id => environment.id)
  
     get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -69,8 +69,8 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
  
   should 'not get private enterprises without permission' do
-    enterprise = fast_create(Enterprise)
-    fast_create(Enterprise, :public_profile => false)
+    enterprise = fast_create(Enterprise, :environment_id => environment.id)
+    fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
  
     get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -87,8 +87,8 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
  
   should 'list person enterprises' do
-    enterprise = fast_create(Enterprise)
-    fast_create(Enterprise)
+    enterprise = fast_create(Enterprise, :environment_id => environment.id)
+    fast_create(Enterprise, :environment_id => environment.id)
     enterprise.add_member(person)
  
     get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}"
@@ -97,8 +97,8 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
  
   should 'not list person enterprises invisible' do
-    c1 = fast_create(Enterprise)
-    c2 = fast_create(Enterprise, :visible => false)
+    c1 = fast_create(Enterprise, :environment_id => environment.id)
+    c2 = fast_create(Enterprise, :environment_id => environment.id, :visible => false)
     c1.add_member(person)
     c2.add_member(person)
  
@@ -12,6 +12,7 @@ class TasksTest &lt; ActiveSupport::TestCase
   attr_accessor :person, :community, :environment
  
   should 'list tasks of environment' do
+    environment.add_admin(person)
     task = create(Task, :requestor => person, :target => environment)
     get "/api/v1/tasks?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -26,364 +27,147 @@ class TasksTest &lt; ActiveSupport::TestCase
     assert_equal task.id, json["task"]["id"]
   end
  
-#  should 'not return environmet task if user has no permission to view it' do
-#    person = fast_create(Person)
-#    task = create(Task, :requestor => person, :target => environment)
-#
-#    get "/api/v1/tasks/#{task.id}?#{params.to_query}"
-#    assert_equal 403, last_response.status
-#  end
-#
-#  #############################
-#  #     Community Tasks    #
-#  #############################
-#
-#  should 'return task by community' do
-#    community = fast_create(Community)
-#    task = create(Task, :requestor => person, :target => community)
-#    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
-#    json = JSON.parse(last_response.body)
-#    assert_equal task.id, json["task"]["id"]
-#  end
-#
-#  should 'not return task by community if user has no permission to view it' do
-#    community = fast_create(Community)
-#    task = create(Task, :requestor => person, :target => community)
-#    assert !person.is_member_of?(community)
-#
-#    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
-#    assert_equal 403, last_response.status
-#  end
-#
-##  should 'not list forbidden article when listing articles by community' do
-##    community = fast_create(Community)
-##    article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false)
-##    assert !article.published?
-##
-##    get "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_not_includes json['articles'].map {|a| a['id']}, article.id
-##  end
-#
-#  should 'create task in a community' do
-#    community = fast_create(Community)
-#    give_permission(person, 'post_content', community)
-#    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
-#    json = JSON.parse(last_response.body)
-#    assert_not_nil json["task"]["id"]
-#  end
-#
-#  should 'do not create article if user has no permission to post content' do
-#assert false
-##    community = fast_create(Community)
-##    give_permission(user.person, 'invite_members', community)
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
-##    assert_equal 403, last_response.status
-#  end
-#
-##  should 'create article with parent' do
-##    community = fast_create(Community)
-##    community.add_member(user.person)
-##    article = fast_create(Article)
-##
-##    params[:article] = {:name => "Title", :parent_id => article.id}
-##    post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal article.id, json["article"]["parent"]["id"]
-##  end
-#
-#  should 'create task defining the requestor as current profile logged in' do
-#    community = fast_create(Community)
-#    community.add_member(person)
-#
-#    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
-#    json = JSON.parse(last_response.body)
-#    
-#    assert_equal person, Task.last.requestor
-#  end
-#
-#  should 'create task defining the target as the community' do
-#    community = fast_create(Community)
-#    community.add_member(person)
-#
-#    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
-#    json = JSON.parse(last_response.body)
-#    
-#    assert_equal community, Task.last.target
-#  end
-#
-##  #############################
-##  #       Person Articles     #
-##  #############################
-##
-##  should 'return article by person' do
-##    person = fast_create(Person)
-##    article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
-##    get "/api/v1/people/#{person.id}/articles/#{article.id}?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal article.id, json["article"]["id"]
-##  end
-##
-##  should 'not return article by person if user has no permission to view it' do
-##    person = fast_create(Person)
-##    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
-##    assert !article.published?
-##
-##    get "/api/v1/people/#{person.id}/articles/#{article.id}?#{params.to_query}"
-##    assert_equal 403, last_response.status
-##  end
-##
-##  should 'not list forbidden article when listing articles by person' do
-##    person = fast_create(Person)
-##    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
-##    assert !article.published?
-##    get "/api/v1/people/#{person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_not_includes json['articles'].map {|a| a['id']}, article.id
-##  end
-##
-##  should 'create article in a person' do
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal "Title", json["article"]["title"]
-##  end
-##
-##  should 'person do not create article if user has no permission to post content' do
-##    person = fast_create(Person)
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/people/#{person.id}/articles?#{params.to_query}"
-##    assert_equal 403, last_response.status
-##  end
-##
-##  should 'person create article with parent' do
-##    article = fast_create(Article)
-##
-##    params[:article] = {:name => "Title", :parent_id => article.id}
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal article.id, json["article"]["parent"]["id"]
-##  end
-##
-##  should 'person create article with content type passed as parameter' do
-##    Article.delete_all
-##    params[:article] = {:name => "Title"}
-##    params[:content_type] = 'TextArticle'
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_kind_of TextArticle, Article.last
-##  end
-##  
-##  should 'person create article of TinyMceArticle type if no content type is passed as parameter' do
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_kind_of TinyMceArticle, Article.last
-##  end
-##
-##  should 'person not create article with invalid article content type' do
-##    params[:article] = {:name => "Title"}
-##    params[:content_type] = 'Person'
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal 403, last_response.status
-##  end
-##
-##  should 'person create article defining the correct profile' do
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal user.person, Article.last.profile
-##  end
-##
-##  should 'person create article defining the created_by' do
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal user.person, Article.last.created_by
-##  end
-##
-##  should 'person create article defining the last_changed_by' do
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal user.person, Article.last.last_changed_by
-##  end
-##
-##  #############################
-##  #     Enterprise Articles    #
-##  #############################
-##
-##  should 'return article by enterprise' do
-##    enterprise = fast_create(Enterprise)
-##    article = fast_create(Article, :profile_id => enterprise.id, :name => "Some thing")
-##    get "/api/v1/enterprises/#{enterprise.id}/articles/#{article.id}?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal article.id, json["article"]["id"]
-##  end
-##
-##  should 'not return article by enterprise if user has no permission to view it' do
-##    enterprise = fast_create(Enterprise)
-##    article = fast_create(Article, :profile_id => enterprise.id, :name => "Some thing", :published => false)
-##    assert !article.published?
-##
-##    get "/api/v1/enterprises/#{enterprise.id}/articles/#{article.id}?#{params.to_query}"
-##    assert_equal 403, last_response.status
-##  end
-##
-##  should 'not list forbidden article when listing articles by enterprise' do
-##    enterprise = fast_create(Enterprise)
-##    article = fast_create(Article, :profile_id => enterprise.id, :name => "Some thing", :published => false)
-##    assert !article.published?
-##
-##    get "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_not_includes json['articles'].map {|a| a['id']}, article.id
-##  end
-##
-##  should 'create article in a enterprise' do
-##    enterprise = fast_create(Enterprise)
-##    give_permission(user.person, 'post_content', enterprise)
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal "Title", json["article"]["title"]
-##  end
-##
-##  should 'enterprise: do not create article if user has no permission to post content' do
-##    enterprise = fast_create(Enterprise)
-##    give_permission(user.person, 'invite_members', enterprise)
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    assert_equal 403, last_response.status
-##  end
-##
-##  should 'enterprise: create article with parent' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##    article = fast_create(Article)
-##
-##    params[:article] = {:name => "Title", :parent_id => article.id}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal article.id, json["article"]["parent"]["id"]
-##  end
-##
-##  should 'enterprise: create article with content type passed as parameter' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##
-##    Article.delete_all
-##    params[:article] = {:name => "Title"}
-##    params[:content_type] = 'TextArticle'
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_kind_of TextArticle, Article.last
-##  end
-##  
-##  should 'enterprise: create article of TinyMceArticle type if no content type is passed as parameter' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_kind_of TinyMceArticle, Article.last
-##  end
-##
-##  should 'enterprise: not create article with invalid article content type' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##
-##    params[:article] = {:name => "Title"}
-##    params[:content_type] = 'Person'
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal 403, last_response.status
-##  end
-##
-##  should 'enterprise: create article defining the correct profile' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal enterprise, Article.last.profile
-##  end
-##
-##  should 'enterprise: create article defining the created_by' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal user.person, Article.last.created_by
-##  end
-##
-##  should 'enterprise: create article defining the last_changed_by' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal user.person, Article.last.last_changed_by
-##  end
-##
-##  should 'list article children with partial fields' do
-##    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-##    child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
-##    params[:fields] = [:title]
-##    get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal ['title'], json['articles'].first.keys
-##  end
-##
-##  should 'suggest article children' do
-##    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-##    params[:target_id] = user.person.id
-##    params[:article] = {:name => "Article name", :body => "Article body"}
-##    assert_difference "SuggestArticle.count" do
-##      post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}"
-##    end
-##    json = JSON.parse(last_response.body)
-##    assert_equal 'SuggestArticle', json['type']
-##  end
-##
-##  should 'suggest event children' do
-##    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-##    params[:target_id] = user.person.id
-##    params[:article] = {:name => "Article name", :body => "Article body", :type => "Event"}
-##    assert_difference "SuggestArticle.count" do
-##      post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}"
-##    end
-##    json = JSON.parse(last_response.body)
-##    assert_equal 'SuggestArticle', json['type']
-##  end
-##
-##  should 'update hit attribute of article children' do
-##    a1 = fast_create(Article, :profile_id => user.person.id)
-##    a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)
-##    a3 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)
-##    get "/api/v1/articles/#{a1.id}/children?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal [1, 1], json['articles'].map { |a| a['hits']}
-##    assert_equal [0, 1, 1], [a1.reload.hits, a2.reload.hits, a3.reload.hits]
-##  end
-##
+  should 'not return environmet task if user has no permission to view it' do
+    person = fast_create(Person)
+    task = create(Task, :requestor => person, :target => environment)
+
+    get "/api/v1/tasks/#{task.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+ #############################
+ #     Community Tasks    #
+ #############################
+
+  should 'return task by community' do
+    community = fast_create(Community)
+    community.add_admin(person)
+
+    task = create(Task, :requestor => person, :target => community)
+    assert person.is_member_of?(community)
+
+    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal task.id, json["task"]["id"]
+  end
+
+  should 'not return task by community if user has no permission to view it' do
+    community = fast_create(Community)
+    task = create(Task, :requestor => person, :target => community)
+    assert !person.is_member_of?(community)
+
+    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'create task in a community' do
+    community = fast_create(Community)
+    give_permission(person, 'perform_task', community)
+    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_not_nil json["task"]["id"]
+  end
+
+  should 'create task defining the requestor as current profile logged in' do
+    community = fast_create(Community)
+    community.add_member(person)
+
+    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal person, Task.last.requestor
+  end
+
+  should 'create task defining the target as the community' do
+    community = fast_create(Community)
+    community.add_member(person)
+
+    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal community, Task.last.target
+  end
+
+ #############################
+ #        Person Tasks       #
+ #############################
+
+  should 'return task by person' do
+    task = create(Task, :requestor => person, :target => person)
+    get "/api/v1/people/#{person.id}/tasks/#{task.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal task.id, json["task"]["id"]
+  end
+
+  should 'not return task by person if user has no permission to view it' do
+    some_person = fast_create(Person)
+    task = create(Task, :requestor => person, :target => some_person)
+
+    get "/api/v1/people/#{some_person.id}/tasks/#{task.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'create task for person' do
+    post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_not_nil json["task"]["id"]
+  end
+
+  should 'create task for another person' do
+    some_person = fast_create(Person)
+    post "/api/v1/people/#{some_person.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal some_person, Task.last.target
+  end
+
+  should 'create task defining the target as a person' do
+    post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal person, Task.last.target
+  end
+
+ #############################
+ #      Enterprise Tasks     #
+ #############################
+
+  should 'return task by enterprise' do
+    enterprise = fast_create(Enterprise)
+    enterprise.add_admin(person)
+
+    task = create(Task, :requestor => person, :target => enterprise)
+    assert person.is_member_of?(enterprise)
+
+    get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal task.id, json["task"]["id"]
+  end
+
+  should 'not return task by enterprise if user has no permission to view it' do
+    enterprise = fast_create(Enterprise)
+    task = create(Task, :requestor => person, :target => enterprise)
+    assert !person.is_member_of?(enterprise)
+
+    get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'create task in a enterprise' do
+    enterprise = fast_create(Enterprise)
+    give_permission(person, 'perform_task', enterprise)
+    post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_not_nil json["task"]["id"]
+  end
+
+  should 'create task defining the target as the enterprise' do
+    enterprise = fast_create(Enterprise)
+    enterprise.add_member(person)
+
+    post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal enterprise, Task.last.target
+  end
 end
@@ -9,7 +9,8 @@ class ActiveSupport::TestCase
   end
  
   def login_api
-    @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => Environment.default)
+    @environment = Environment.default
+    @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => @environment)
     @user.activate
     @person = @user.person
  
@@ -18,7 +19,7 @@ class ActiveSupport::TestCase
     @private_token = json["private_token"]
     @params = {:private_token => @private_token}
   end
-  attr_accessor :private_token, :user, :person, :params
+  attr_accessor :private_token, :user, :person, :params, :environment
  
   private
  
@@ -9,6 +9,7 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     @profile = create_user('test_user').person
     @article = fast_create(TextileArticle, :profile_id => @profile.id, :name => 'test name', :abstract => 'Lead of article', :body => 'This is my article')
     @community = fast_create(Community)
+    @community.add_member(@profile)
   end
   attr_reader :profile, :article, :community
  
@@ -251,6 +252,8 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
   end
  
   should 'not group trackers activity of article\'s creation' do
+    other_community = fast_create(Community)
+    other_community.add_member(profile)
     ActionTracker::Record.delete_all
  
     article = fast_create(TextileArticle)
@@ -262,20 +265,20 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     a.finish
  
     article = fast_create(TextileArticle)
-    other_community = fast_create(Community)
     a = create(ApproveArticle, :name => 'another bar', :article => article, :target => other_community, :requestor => profile)
     a.finish
     assert_equal 3, ActionTracker::Record.count
   end
  
   should 'not create trackers activity when updating articles' do
+    other_community = fast_create(Community)
+    other_community.add_member(profile)
     ActionTracker::Record.delete_all
     article1 = fast_create(TextileArticle)
     a = create(ApproveArticle, :name => 'bar', :article => article1, :target => community, :requestor => profile)
     a.finish
  
     article2 = fast_create(TinyMceArticle)
-    other_community = fast_create(Community)
     a = create(ApproveArticle, :name => 'another bar', :article => article2, :target => other_community, :requestor => profile)
     a.finish
     assert_equal 2, ActionTracker::Record.count
@@ -283,7 +286,7 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     assert_no_difference 'ActionTracker::Record.count' do
       published = article1.class.last
       published.name = 'foo';published.save!
-  
+
       published = article2.class.last
       published.name = 'another foo';published.save!
     end
@@ -307,7 +310,7 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     person = fast_create(Person)
     person.stubs(:notification_emails).returns(['target@example.org'])
  
-    a = create(ApproveArticle, :article => article, :target => person, :requestor => profile)
+    a = create(ApproveArticle, :article => article, :target => person, :requestor => person)
     a.finish
  
     approved_article = person.articles.find_by_name(article.name)
@@ -427,7 +430,7 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     article = fast_create(Article)
     profile.domains << create(Domain, :name => 'example.org')
     assert_nothing_raised do
-      create(ApproveArticle, :article => article, :target => profile, :requestor => community)
+      create(ApproveArticle, :article => article, :target => profile, :requestor => profile)
     end
   end
  
@@ -440,4 +443,47 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     assert_equal article, LinkArticle.last.reference_article
   end
  
+  should 'not allow non-person requestor' do
+    task = ApproveArticle.new(:requestor => Community.new)
+    task.valid?
+    assert task.invalid?(:requestor)
+  end
+
+  should 'allow only self requestors when the target is a person' do
+    person = fast_create(Person)
+    another_person = fast_create(Person)
+
+    t1 = ApproveArticle.new(:requestor => person, :target => person)
+    t2 = ApproveArticle.new(:requestor => another_person, :target => person)
+
+    assert t1.valid?
+    assert !t2.valid?
+    assert t2.invalid?(:requestor)
+  end
+
+  should 'allow only members to be requestors when target is a community' do
+    community = fast_create(Community)
+    member = fast_create(Person)
+    community.add_member(member)
+    non_member = fast_create(Person)
+
+    t1 = ApproveArticle.new(:requestor => member, :target => community)
+    t2 = ApproveArticle.new(:requestor => non_member, :target => community)
+
+    assert t1.valid?
+    assert !t2.valid?
+    assert t2.invalid?(:requestor)
+  end
+
+  should 'allow any user to be requestor whe the target is the portal community' do
+    community = fast_create(Community)
+    environment = community.environment
+    environment.portal_community = community
+    environment.save!
+    person = fast_create(Person)
+
+    task = ApproveArticle.new(:requestor => person, :target => community)
+
+    assert task.valid?
+  end
 end
@@ -913,6 +913,7 @@ class ArticleTest &lt; ActiveSupport::TestCase
   should 'not doubly escape quotes in the name' do
     person = fast_create(Person)
     community = fast_create(Community)
+    community.add_member(profile)
     article = fast_create(Article, :name => 'article name', :profile_id => person.id)
     a = create(ApproveArticle, :article => article, :target => community, :requestor => profile)
     a.finish
@@ -93,6 +93,7 @@ class FolderTest &lt; ActiveSupport::TestCase
     image = UploadedFile.create!(:profile => person, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'))
  
     community = fast_create(Community)
+    community.add_member(person)
     folder = fast_create(Folder, :profile_id => community.id)
     a = create(ApproveArticle, :article => image, :target => community, :requestor => person, :article_parent => folder)
     a.finish
@@ -101,6 +101,7 @@ class GalleryTest &lt; ActiveSupport::TestCase
     i = UploadedFile.create!(:profile => p, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'))
  
     c = fast_create(Community)
+    c.add_member(p)
     gallery = fast_create(Gallery, :profile_id => c.id)
  
     a = create(ApproveArticle, :article => i, :target => c, :requestor => p, :article_parent => gallery)
@@ -218,7 +218,7 @@ class ScrapTest &lt; ActiveSupport::TestCase
   should "update the scrap on reply creation" do
     person = create_user.person
     s = fast_create(Scrap, :updated_at => DateTime.parse('2010-01-01'))
-    assert_equal DateTime.parse('2010-01-01'), s.updated_at.strftime('%Y-%m-%d')
+    assert_equal DateTime.parse('2010-01-01'), s.updated_at
     DateTime.stubs(:now).returns(DateTime.parse('2010-09-07'))
     s1 = create(Scrap, :content => 'some content', :sender => person, :receiver => person, :scrap_id => s.id)
     s.reload
...	...	@@ -18,18 +18,18 @@ gem 'exception_notification', '~> 4.0.1'
18	18	gem 'gettext', '~> 2.2.1', :require => false
19	19	gem 'locale', '~> 2.0.5'
20	20	gem 'whenever', :require => false
21		-gem 'grape', '~> 0.11.0'
	21	+gem 'eita-jrails', '~> 0.9.5', require: 'jrails'
	22	+
	23	+# API dependencies
	24	+gem 'grape', '~> 0.12'
22	25	gem 'grape-entity'
23		-gem 'grape-swagger'
24		-gem 'grape_logging'
25		-gem 'api-pagination', '~> 4.1.1'
	26	+#FIXME Get the Grape Loggin from master yo solve this issue https://github.com/intridea/grape/issues/1059
	27	+#We have to remove this commit referenve code when update the next release of grape_logging. Actualy we are using (1.1.2)
	28	+gem 'grape_logging', :git => 'https://github.com/aceunreal/grape_logging.git', :ref => '100091b'
26	29	gem 'rack-cors'
27	30	gem 'rack-contrib'
28		-#gem 'grape-swagger-rails'
29	31
30		-# FIXME list here all actual dependencies (i.e. the ones in debian/control),
31		-# with their GEM names (not the Debian package names)
32		-gem 'eita-jrails', '~> 0.9.5', require: 'jrails'
	32	+gem 'api-pagination', '~> 4.1.1'
33	33
34	34	# asset pipeline
35	35	gem 'uglifier', '>= 1.0.3'
...	...
...	...	@@ -1,269 +0,0 @@
1		-GEM
2		- remote: https://rubygems.org/
3		- specs:
4		- RedCloth (4.2.9)
5		- actionmailer (3.2.22)
6		- actionpack (= 3.2.22)
7		- mail (~> 2.5.4)
8		- actionpack (3.2.22)
9		- activemodel (= 3.2.22)
10		- activesupport (= 3.2.22)
11		- builder (~> 3.0.0)
12		- erubis (~> 2.7.0)
13		- journey (~> 1.0.4)
14		- rack (~> 1.4.5)
15		- rack-cache (~> 1.2)
16		- rack-test (~> 0.6.1)
17		- sprockets (~> 2.2.1)
18		- activemodel (3.2.22)
19		- activesupport (= 3.2.22)
20		- builder (~> 3.0.0)
21		- activerecord (3.2.22)
22		- activemodel (= 3.2.22)
23		- activesupport (= 3.2.22)
24		- arel (~> 3.0.2)
25		- tzinfo (~> 0.3.29)
26		- activeresource (3.2.22)
27		- activemodel (= 3.2.22)
28		- activesupport (= 3.2.22)
29		- activesupport (3.2.22)
30		- i18n (~> 0.6, >= 0.6.4)
31		- multi_json (~> 1.0)
32		- acts-as-taggable-on (3.4.4)
33		- activerecord (>= 3.2, < 5)
34		- api-pagination (4.1.1)
35		- arel (3.0.3)
36		- axiom-types (0.1.1)
37		- descendants_tracker (~> 0.0.4)
38		- ice_nine (~> 0.11.0)
39		- thread_safe (~> 0.3, >= 0.3.1)
40		- builder (3.0.4)
41		- capybara (2.1.0)
42		- mime-types (>= 1.16)
43		- nokogiri (>= 1.3.3)
44		- rack (>= 1.0.0)
45		- rack-test (>= 0.5.4)
46		- xpath (~> 2.0)
47		- childprocess (0.5.6)
48		- ffi (~> 1.0, >= 1.0.11)
49		- chronic (0.10.2)
50		- coercible (1.0.0)
51		- descendants_tracker (~> 0.0.1)
52		- cucumber (1.0.6)
53		- builder (>= 2.1.2)
54		- diff-lcs (>= 1.1.2)
55		- gherkin (~> 2.4.18)
56		- json (>= 1.4.6)
57		- term-ansicolor (>= 1.0.6)
58		- cucumber-rails (1.0.6)
59		- capybara (>= 1.1.1)
60		- cucumber (>= 1.0.6)
61		- nokogiri (>= 1.5.0)
62		- daemons (1.1.9)
63		- dalli (2.7.4)
64		- database_cleaner (1.2.0)
65		- descendants_tracker (0.0.4)
66		- thread_safe (~> 0.3, >= 0.3.1)
67		- diff-lcs (1.2.5)
68		- eita-jrails (0.9.5)
69		- actionpack (~> 3.2, >= 3.1.0)
70		- activesupport (~> 3.2, >= 3.0.0)
71		- equalizer (0.0.11)
72		- erubis (2.7.0)
73		- eventmachine (1.0.7)
74		- exception_notification (4.0.1)
75		- actionmailer (>= 3.0.4)
76		- activesupport (>= 3.0.4)
77		- execjs (2.5.2)
78		- fast_gettext (0.6.12)
79		- ffi (1.9.10)
80		- gettext (2.2.1)
81		- locale
82		- gherkin (2.4.21)
83		- json (>= 1.4.6)
84		- git-version-bump (0.15.1)
85		- grape (0.11.0)
86		- activesupport
87		- builder
88		- hashie (>= 2.1.0)
89		- multi_json (>= 1.3.2)
90		- multi_xml (>= 0.5.2)
91		- rack (>= 1.3.0)
92		- rack-accept
93		- rack-mount
94		- virtus (>= 1.0.0)
95		- grape-entity (0.4.5)
96		- activesupport
97		- multi_json (>= 1.3.2)
98		- grape-swagger (0.10.1)
99		- grape (>= 0.8.0)
100		- grape-entity
101		- grape_logging (1.1.2)
102		- grape
103		- hashie (3.4.2)
104		- hike (1.2.3)
105		- i18n (0.7.0)
106		- ice_nine (0.11.1)
107		- journey (1.0.4)
108		- json (1.8.3)
109		- locale (2.0.9)
110		- magic (0.2.9)
111		- ffi (>= 0.6.3)
112		- mail (2.5.4)
113		- mime-types (~> 1.16)
114		- treetop (~> 1.4.8)
115		- metaclass (0.0.4)
116		- mime-types (1.25.1)
117		- mini_portile (0.6.2)
118		- minitest (3.2.0)
119		- mocha (1.1.0)
120		- metaclass (~> 0.0.1)
121		- multi_json (1.11.2)
122		- multi_xml (0.5.5)
123		- nokogiri (1.6.6.2)
124		- mini_portile (~> 0.6.0)
125		- pg (0.13.2)
126		- polyglot (0.3.5)
127		- rack (1.4.7)
128		- rack-accept (0.4.5)
129		- rack (>= 0.4)
130		- rack-cache (1.2)
131		- rack (>= 0.4)
132		- rack-contrib (1.3.0)
133		- git-version-bump (~> 0.15)
134		- rack (~> 1.4)
135		- rack-cors (0.4.0)
136		- rack-mount (0.8.3)
137		- rack (>= 1.0.0)
138		- rack-ssl (1.3.4)
139		- rack
140		- rack-test (0.6.3)
141		- rack (>= 1.0)
142		- rails (3.2.22)
143		- actionmailer (= 3.2.22)
144		- actionpack (= 3.2.22)
145		- activerecord (= 3.2.22)
146		- activeresource (= 3.2.22)
147		- activesupport (= 3.2.22)
148		- bundler (~> 1.0)
149		- railties (= 3.2.22)
150		- rails_autolink (1.1.6)
151		- rails (> 3.1)
152		- railties (3.2.22)
153		- actionpack (= 3.2.22)
154		- activesupport (= 3.2.22)
155		- rack-ssl (~> 1.3.2)
156		- rake (>= 0.8.7)
157		- rdoc (~> 3.4)
158		- thor (>= 0.14.6, < 2.0)
159		- rake (10.4.2)
160		- rdoc (3.12.2)
161		- json (~> 1.4)
162		- rest-client (1.6.9)
163		- mime-types (~> 1.16)
164		- rmagick (2.13.4)
165		- rspec (2.14.1)
166		- rspec-core (~> 2.14.0)
167		- rspec-expectations (~> 2.14.0)
168		- rspec-mocks (~> 2.14.0)
169		- rspec-core (2.14.8)
170		- rspec-expectations (2.14.5)
171		- diff-lcs (>= 1.1.3, < 2.0)
172		- rspec-mocks (2.14.6)
173		- rspec-rails (2.14.2)
174		- actionpack (>= 3.0)
175		- activemodel (>= 3.0)
176		- activesupport (>= 3.0)
177		- railties (>= 3.0)
178		- rspec-core (~> 2.14.0)
179		- rspec-expectations (~> 2.14.0)
180		- rspec-mocks (~> 2.14.0)
181		- ruby-feedparser (0.9.3)
182		- magic
183		- rubyzip (1.1.7)
184		- sass (3.4.15)
185		- sass-rails (3.2.6)
186		- railties (~> 3.2.0)
187		- sass (>= 3.1.10)
188		- tilt (~> 1.3)
189		- selenium-webdriver (2.39.0)
190		- childprocess (>= 0.2.5)
191		- multi_json (~> 1.0)
192		- rubyzip (~> 1.0)
193		- websocket (~> 1.0.4)
194		- sprockets (2.2.3)
195		- hike (~> 1.2)
196		- multi_json (~> 1.0)
197		- rack (~> 1.0)
198		- tilt (~> 1.1, != 1.3.0)
199		- term-ansicolor (1.3.2)
200		- tins (~> 1.0)
201		- thin (1.3.1)
202		- daemons (>= 1.0.9)
203		- eventmachine (>= 0.12.6)
204		- rack (>= 1.0.0)
205		- thor (0.19.1)
206		- thread_safe (0.3.5)
207		- tilt (1.4.1)
208		- tins (1.5.4)
209		- treetop (1.4.15)
210		- polyglot
211		- polyglot (>= 0.3.1)
212		- tzinfo (0.3.44)
213		- uglifier (2.7.1)
214		- execjs (>= 0.3.0)
215		- json (>= 1.8.0)
216		- virtus (1.0.5)
217		- axiom-types (~> 0.1)
218		- coercible (~> 1.0)
219		- descendants_tracker (~> 0.0, >= 0.0.3)
220		- equalizer (~> 0.0, >= 0.0.9)
221		- websocket (1.0.7)
222		- whenever (0.9.4)
223		- chronic (>= 0.6.3)
224		- will_paginate (3.0.7)
225		- xpath (2.0.0)
226		- nokogiri (~> 1.3)
227		-
228		-PLATFORMS
229		- ruby
230		-
231		-DEPENDENCIES
232		- RedCloth (~> 4.2.9)
233		- acts-as-taggable-on (~> 3.4.2)
234		- api-pagination (~> 4.1.1)
235		- capybara (~> 2.1.0)
236		- cucumber (~> 1.0.6)
237		- cucumber-rails (~> 1.0.6)
238		- daemons (~> 1.1.5)
239		- dalli (~> 2.7.0)
240		- database_cleaner (~> 1.2.0)
241		- eita-jrails (~> 0.9.5)
242		- exception_notification (~> 4.0.1)
243		- fast_gettext (~> 0.6.8)
244		- gettext (~> 2.2.1)
245		- grape (~> 0.11.0)
246		- grape-entity
247		- grape-swagger
248		- grape_logging
249		- locale (~> 2.0.5)
250		- minitest (~> 3.2.0)
251		- mocha (~> 1.1.0)
252		- nokogiri (~> 1.6.0)
253		- pg (~> 0.13.2)
254		- rack-contrib
255		- rack-cors
256		- rails (~> 3.2.22)
257		- rails_autolink (~> 1.1.5)
258		- rake
259		- rest-client (~> 1.6.7)
260		- rmagick (~> 2.13.1)
261		- rspec (~> 2.14.0)
262		- rspec-rails (~> 2.14.1)
263		- ruby-feedparser (~> 0.7)
264		- sass-rails
265		- selenium-webdriver (~> 2.39.0)
266		- thin (~> 1.3.1)
267		- uglifier (>= 1.0.3)
268		- whenever
269		- will_paginate (~> 3.0.3)
...	...	@@ -14,6 +14,9 @@ class AddFriend < Task
14	14	alias :friend :target
15	15	alias :friend= :target=
16	16
	17	+ validates :requestor, :kind_of => { :kind => Person }
	18	+ validates :target, :kind_of => { :kind => Person }
	19	+
17	20	after_create do \|task\|
18	21	TaskMailer.invitation_notification(task).deliver unless task.friend
19	22	remove_from_suggestion_list(task)
...	...
...	...	@@ -2,6 +2,9 @@ class AddMember < Task
2	2
3	3	validates_presence_of :requestor_id, :target_id
4	4
	5	+ validates :requestor, kind_of: {kind: Person}
	6	+ validates :target, kind_of: {kind: Organization}
	7	+
5	8	alias :person :requestor
6	9	alias :person= :requestor=
7	10
...	...
1	1	class ApproveArticle < Task
2	2	validates_presence_of :requestor_id, :target_id
3	3
	4	+ validates :requestor, kind_of: {kind: Person}
	5	+ validate :allowed_requestor
	6	+
	7	+ def allowed_requestor
	8	+ if target
	9	+ if target.person? && requestor != target
	10	+ self.errors.add(:requestor, _('You can not post articles to other users.'))
	11	+ end
	12	+ if target.organization? && !target.members.include?(requestor) && target.environment.portal_community != target
	13	+ self.errors.add(:requestor, _('Only members can post articles on communities.'))
	14	+ end
	15	+ end
	16	+ end
	17	+
4	18	def article_title
5	19	article ? article.title : _('(The original text was removed)')
6	20	end
7		-
	21	+
8	22	def article
9	23	Article.find_by_id data[:article_id]
10	24	end
...	...	@@ -124,4 +138,9 @@ class ApproveArticle < Task
124	138	message
125	139	end
126	140
	141	+ def request_is_member_of_target
	142	+ unless requestor.is_member_of?(target)
	143	+ errors.add(:approve_article, N_('Requestor must be a member of target.'))
	144	+ end
	145	+ end
127	146	end
...	...
...	...	@@ -18,6 +18,8 @@ class ChangePassword < Task
18	18
19	19	validates_presence_of :requestor
20	20
	21	+ validates :requestor, kind_of: {kind: Person}
	22	+
21	23	###################################################
22	24	# validations for updating a ChangePassword task
23	25
...	...
...	...	@@ -3,6 +3,9 @@ class CreateCommunity < Task
3	3	validates_presence_of :requestor_id, :target_id
4	4	validates_presence_of :name
5	5
	6	+ validates :requestor, kind_of: {kind: Person}
	7	+ validates :target, kind_of: {kind: Environment}
	8	+
6	9	alias :environment :target
7	10	alias :environment= :target=
8	11
...	...
...	...	@@ -27,6 +27,8 @@ class CreateEnterprise < Task
27	27	# checks for actual attributes
28	28	validates_presence_of :requestor_id, :target_id
29	29
	30	+ validates :requestor, kind_of: {kind: Person}
	31	+
30	32	# checks for admins required attributes
31	33	DATA_FIELDS.each do \|attribute\|
32	34	validates_presence_of attribute, :if => lambda { \|obj\| obj.environment.required_enterprise_fields.include?(attribute) }
...	...
1	1	class EmailActivation < Task
2	2
3	3	validates_presence_of :requestor_id, :target_id
	4	+
	5	+ validates :requestor, kind_of: {kind: Person}
	6	+ validates :target, kind_of: {kind: Environment}
	7	+
4	8	validate :already_requested, :on => :create
5	9
6	10	alias :environment :target
7	11	alias :person :requestor
8	12
9	13	def already_requested
10		- if !self.requestor.nil? && self.requestor.user.email_activation_pending?
	14	+ if !self.requestor.nil? && self.requestor.person? && self.requestor.user.email_activation_pending?
11	15	self.errors.add(:base, _('You have already requested activation of your mailbox.'))
12	16	end
13	17	end
...	...
...	...	@@ -8,6 +8,8 @@ class EnterpriseActivation < Task
8	8
9	9	validates_presence_of :enterprise
10	10
	11	+ validates :target, kind_of: {kind: Enterprise}
	12	+
11	13	def perform
12	14	self.enterprise.enable self.requestor
13	15	end
...	...