merging with master

Leandro Santos
2 parents 7ec835d6 ae050c75
Showing 35 changed files with 612 additions and 886 deletions Show diff stats
Gemfile
Gemfile.lock
app/models/add_friend.rb
app/models/add_member.rb
app/models/approve_article.rb
app/models/change_password.rb
app/models/create_community.rb
app/models/create_enterprise.rb
app/models/email_activation.rb
app/models/enterprise_activation.rb
app/models/invitation.rb
app/models/moderate_user_registration.rb
app/models/profile.rb
app/models/suggest_article.rb
app/models/task.rb
app/views/api/playground.html.erb
config.ru
config/application.rb
config/initializers/eager_load.rb
db/schema.rb
@@ -18,18 +18,18 @@ gem &#39;exception_notification&#39;,   &#39;~&gt; 4.0.1&#39;
 gem 'gettext',                  '~> 2.2.1', :require => false
 gem 'locale',                   '~> 2.0.5'
 gem 'whenever', :require => false
-gem 'grape',                    '~> 0.11.0'
+gem 'eita-jrails', '~> 0.9.5', require: 'jrails'
+
+# API dependencies
+gem 'grape',                    '~> 0.12'
 gem 'grape-entity'
-gem 'grape-swagger'
-gem 'grape_logging'
-gem 'api-pagination',           '~> 4.1.1'
+#FIXME Get the Grape Loggin from master yo solve this issue https://github.com/intridea/grape/issues/1059
+#We have to remove this commit referenve code when update the next release of grape_logging. Actualy we are using (1.1.2)
+gem 'grape_logging', :git => 'https://github.com/aceunreal/grape_logging.git', :ref => '100091b'
 gem 'rack-cors'
 gem 'rack-contrib'
-#gem 'grape-swagger-rails'
-# FIXME list here all actual dependencies (i.e. the ones in debian/control),
-# with their GEM names (not the Debian package names)
-gem 'eita-jrails', '~> 0.9.5', require: 'jrails'
+gem 'api-pagination',           '~> 4.1.1'
 # asset pipeline
 gem 'uglifier', '>= 1.0.3'
@@ -1,269 +0,0 @@
-GEM
-  remote: https://rubygems.org/
-  specs:
-    RedCloth (4.2.9)
-    actionmailer (3.2.22)
-      actionpack (= 3.2.22)
-      mail (~> 2.5.4)
-    actionpack (3.2.22)
-      activemodel (= 3.2.22)
-      activesupport (= 3.2.22)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.5)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.2.1)
-    activemodel (3.2.22)
-      activesupport (= 3.2.22)
-      builder (~> 3.0.0)
-    activerecord (3.2.22)
-      activemodel (= 3.2.22)
-      activesupport (= 3.2.22)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.22)
-      activemodel (= 3.2.22)
-      activesupport (= 3.2.22)
-    activesupport (3.2.22)
-      i18n (~> 0.6, >= 0.6.4)
-      multi_json (~> 1.0)
-    acts-as-taggable-on (3.4.4)
-      activerecord (>= 3.2, < 5)
-    api-pagination (4.1.1)
-    arel (3.0.3)
-    axiom-types (0.1.1)
-      descendants_tracker (~> 0.0.4)
-      ice_nine (~> 0.11.0)
-      thread_safe (~> 0.3, >= 0.3.1)
-    builder (3.0.4)
-    capybara (2.1.0)
-      mime-types (>= 1.16)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      xpath (~> 2.0)
-    childprocess (0.5.6)
-      ffi (~> 1.0, >= 1.0.11)
-    chronic (0.10.2)
-    coercible (1.0.0)
-      descendants_tracker (~> 0.0.1)
-    cucumber (1.0.6)
-      builder (>= 2.1.2)
-      diff-lcs (>= 1.1.2)
-      gherkin (~> 2.4.18)
-      json (>= 1.4.6)
-      term-ansicolor (>= 1.0.6)
-    cucumber-rails (1.0.6)
-      capybara (>= 1.1.1)
-      cucumber (>= 1.0.6)
-      nokogiri (>= 1.5.0)
-    daemons (1.1.9)
-    dalli (2.7.4)
-    database_cleaner (1.2.0)
-    descendants_tracker (0.0.4)
-      thread_safe (~> 0.3, >= 0.3.1)
-    diff-lcs (1.2.5)
-    eita-jrails (0.9.5)
-      actionpack (~> 3.2, >= 3.1.0)
-      activesupport (~> 3.2, >= 3.0.0)
-    equalizer (0.0.11)
-    erubis (2.7.0)
-    eventmachine (1.0.7)
-    exception_notification (4.0.1)
-      actionmailer (>= 3.0.4)
-      activesupport (>= 3.0.4)
-    execjs (2.5.2)
-    fast_gettext (0.6.12)
-    ffi (1.9.10)
-    gettext (2.2.1)
-      locale
-    gherkin (2.4.21)
-      json (>= 1.4.6)
-    git-version-bump (0.15.1)
-    grape (0.11.0)
-      activesupport
-      builder
-      hashie (>= 2.1.0)
-      multi_json (>= 1.3.2)
-      multi_xml (>= 0.5.2)
-      rack (>= 1.3.0)
-      rack-accept
-      rack-mount
-      virtus (>= 1.0.0)
-    grape-entity (0.4.5)
-      activesupport
-      multi_json (>= 1.3.2)
-    grape-swagger (0.10.1)
-      grape (>= 0.8.0)
-      grape-entity
-    grape_logging (1.1.2)
-      grape
-    hashie (3.4.2)
-    hike (1.2.3)
-    i18n (0.7.0)
-    ice_nine (0.11.1)
-    journey (1.0.4)
-    json (1.8.3)
-    locale (2.0.9)
-    magic (0.2.9)
-      ffi (>= 0.6.3)
-    mail (2.5.4)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    metaclass (0.0.4)
-    mime-types (1.25.1)
-    mini_portile (0.6.2)
-    minitest (3.2.0)
-    mocha (1.1.0)
-      metaclass (~> 0.0.1)
-    multi_json (1.11.2)
-    multi_xml (0.5.5)
-    nokogiri (1.6.6.2)
-      mini_portile (~> 0.6.0)
-    pg (0.13.2)
-    polyglot (0.3.5)
-    rack (1.4.7)
-    rack-accept (0.4.5)
-      rack (>= 0.4)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-contrib (1.3.0)
-      git-version-bump (~> 0.15)
-      rack (~> 1.4)
-    rack-cors (0.4.0)
-    rack-mount (0.8.3)
-      rack (>= 1.0.0)
-    rack-ssl (1.3.4)
-      rack
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rails (3.2.22)
-      actionmailer (= 3.2.22)
-      actionpack (= 3.2.22)
-      activerecord (= 3.2.22)
-      activeresource (= 3.2.22)
-      activesupport (= 3.2.22)
-      bundler (~> 1.0)
-      railties (= 3.2.22)
-    rails_autolink (1.1.6)
-      rails (> 3.1)
-    railties (3.2.22)
-      actionpack (= 3.2.22)
-      activesupport (= 3.2.22)
-      rack-ssl (~> 1.3.2)
-      rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
-    rake (10.4.2)
-    rdoc (3.12.2)
-      json (~> 1.4)
-    rest-client (1.6.9)
-      mime-types (~> 1.16)
-    rmagick (2.13.4)
-    rspec (2.14.1)
-      rspec-core (~> 2.14.0)
-      rspec-expectations (~> 2.14.0)
-      rspec-mocks (~> 2.14.0)
-    rspec-core (2.14.8)
-    rspec-expectations (2.14.5)
-      diff-lcs (>= 1.1.3, < 2.0)
-    rspec-mocks (2.14.6)
-    rspec-rails (2.14.2)
-      actionpack (>= 3.0)
-      activemodel (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-core (~> 2.14.0)
-      rspec-expectations (~> 2.14.0)
-      rspec-mocks (~> 2.14.0)
-    ruby-feedparser (0.9.3)
-      magic
-    rubyzip (1.1.7)
-    sass (3.4.15)
-    sass-rails (3.2.6)
-      railties (~> 3.2.0)
-      sass (>= 3.1.10)
-      tilt (~> 1.3)
-    selenium-webdriver (2.39.0)
-      childprocess (>= 0.2.5)
-      multi_json (~> 1.0)
-      rubyzip (~> 1.0)
-      websocket (~> 1.0.4)
-    sprockets (2.2.3)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    term-ansicolor (1.3.2)
-      tins (~> 1.0)
-    thin (1.3.1)
-      daemons (>= 1.0.9)
-      eventmachine (>= 0.12.6)
-      rack (>= 1.0.0)
-    thor (0.19.1)
-    thread_safe (0.3.5)
-    tilt (1.4.1)
-    tins (1.5.4)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.44)
-    uglifier (2.7.1)
-      execjs (>= 0.3.0)
-      json (>= 1.8.0)
-    virtus (1.0.5)
-      axiom-types (~> 0.1)
-      coercible (~> 1.0)
-      descendants_tracker (~> 0.0, >= 0.0.3)
-      equalizer (~> 0.0, >= 0.0.9)
-    websocket (1.0.7)
-    whenever (0.9.4)
-      chronic (>= 0.6.3)
-    will_paginate (3.0.7)
-    xpath (2.0.0)
-      nokogiri (~> 1.3)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  RedCloth (~> 4.2.9)
-  acts-as-taggable-on (~> 3.4.2)
-  api-pagination (~> 4.1.1)
-  capybara (~> 2.1.0)
-  cucumber (~> 1.0.6)
-  cucumber-rails (~> 1.0.6)
-  daemons (~> 1.1.5)
-  dalli (~> 2.7.0)
-  database_cleaner (~> 1.2.0)
-  eita-jrails (~> 0.9.5)
-  exception_notification (~> 4.0.1)
-  fast_gettext (~> 0.6.8)
-  gettext (~> 2.2.1)
-  grape (~> 0.11.0)
-  grape-entity
-  grape-swagger
-  grape_logging
-  locale (~> 2.0.5)
-  minitest (~> 3.2.0)
-  mocha (~> 1.1.0)
-  nokogiri (~> 1.6.0)
-  pg (~> 0.13.2)
-  rack-contrib
-  rack-cors
-  rails (~> 3.2.22)
-  rails_autolink (~> 1.1.5)
-  rake
-  rest-client (~> 1.6.7)
-  rmagick (~> 2.13.1)
-  rspec (~> 2.14.0)
-  rspec-rails (~> 2.14.1)
-  ruby-feedparser (~> 0.7)
-  sass-rails
-  selenium-webdriver (~> 2.39.0)
-  thin (~> 1.3.1)
-  uglifier (>= 1.0.3)
-  whenever
-  will_paginate (~> 3.0.3)
@@ -14,6 +14,9 @@ class AddFriend &lt; Task
   alias :friend :target
   alias :friend= :target=
+	validates :requestor, :kind_of => { :kind => Person }
+	validates :target, :kind_of => { :kind => Person }
+
   after_create do |task|
     TaskMailer.invitation_notification(task).deliver unless task.friend
     remove_from_suggestion_list(task)
@@ -2,6 +2,9 @@ class AddMember &lt; Task
   validates_presence_of :requestor_id, :target_id
+  validates :requestor, kind_of: {kind: Person}
+  validates :target, kind_of: {kind: Organization}
+
   alias :person :requestor
   alias :person= :requestor=
 class ApproveArticle < Task
   validates_presence_of :requestor_id, :target_id
+  validates :requestor, kind_of: {kind: Person}
+  validate :allowed_requestor
+
+  def allowed_requestor
+    if target
+      if target.person? && requestor != target
+        self.errors.add(:requestor, _('You can not post articles to other users.'))
+      end
+      if target.organization? && !target.members.include?(requestor) && target.environment.portal_community != target
+        self.errors.add(:requestor, _('Only members can post articles on communities.'))
+      end
+    end
+  end
+
   def article_title
     article ? article.title : _('(The original text was removed)')
   end
-  
+
   def article
     Article.find_by_id data[:article_id]
   end
@@ -124,4 +138,9 @@ class ApproveArticle &lt; Task
     message
   end
+  def request_is_member_of_target
+    unless requestor.is_member_of?(target)
+      errors.add(:approve_article, N_('Requestor must be a member of target.'))
+    end
+  end
 end
@@ -18,6 +18,8 @@ class ChangePassword &lt; Task
   validates_presence_of :requestor
+  validates :requestor, kind_of: {kind: Person}
+
   ###################################################
   # validations for updating a ChangePassword task 
@@ -3,6 +3,9 @@ class CreateCommunity &lt; Task
   validates_presence_of :requestor_id, :target_id
   validates_presence_of :name
+  validates :requestor, kind_of: {kind: Person}
+  validates :target, kind_of: {kind: Environment}
+
   alias :environment :target
   alias :environment= :target=
@@ -27,6 +27,8 @@ class CreateEnterprise &lt; Task
   # checks for actual attributes
   validates_presence_of :requestor_id, :target_id
+  validates :requestor, kind_of: {kind: Person}
+
   # checks for admins required attributes
   DATA_FIELDS.each do |attribute|
     validates_presence_of attribute, :if => lambda { |obj| obj.environment.required_enterprise_fields.include?(attribute) }
 class EmailActivation < Task
   validates_presence_of :requestor_id, :target_id
+
+  validates :requestor, kind_of: {kind: Person}
+  validates :target, kind_of: {kind: Environment}
+
   validate :already_requested, :on => :create
   alias :environment :target
   alias :person :requestor
   def already_requested
-    if !self.requestor.nil? && self.requestor.user.email_activation_pending?
+    if !self.requestor.nil? && self.requestor.person? && self.requestor.user.email_activation_pending?
       self.errors.add(:base, _('You have already requested activation of your mailbox.'))
     end
   end
@@ -8,6 +8,8 @@ class EnterpriseActivation &lt; Task
   validates_presence_of :enterprise
+  validates :target, kind_of: {kind: Enterprise}
+
   def perform
     self.enterprise.enable self.requestor
   end
@@ -6,6 +6,8 @@ class Invitation &lt; Task
   validates_presence_of :target_id, :if => Proc.new{|invite| invite.friend_email.blank?}
+  validates :requestor, kind_of: {kind: Person}
+
   validates_presence_of :friend_email, :if => Proc.new{|invite| invite.target_id.blank?}
   validates_format_of :friend_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => Proc.new{|invite| invite.target_id.blank?}
@@ -34,7 +36,7 @@ class Invitation &lt; Task
   end
   def not_invite_yourself
-    email = friend ? friend.user.email : friend_email
+    email = friend && friend.person? ? friend.user.email : friend_email
     if person && email && person.user.email == email
       self.errors.add(:base, _("You can't invite youself"))
     end
@@ -136,7 +138,11 @@ class Invitation &lt; Task
   end
   def environment
-    self.requestor.environment
+    if self.requestor
+      self.requestor.environment
+    else
+      nil
+    end
   end
 end
@@ -7,6 +7,8 @@ class ModerateUserRegistration &lt; Task
   after_create :schedule_spam_checking
+  validates :target, kind_of: {kind: Environment}
+
   alias :environment :target
   alias :environment= :target=
@@ -203,9 +203,9 @@ class Profile &lt; ActiveRecord::Base
     Profile.column_names.map{|n| [Profile.table_name, n].join('.')}.join(',')
   end
-  scope :visible, :conditions => { :visible => true }
+  scope :visible, :conditions => { :visible => true, :secret => false }
   scope :disabled, :conditions => { :visible => false }
-  scope :public, :conditions => { :visible => true, :public_profile => true }
+  scope :public, :conditions => { :visible => true, :public_profile => true, :secret => false }
   scope :enabled, :conditions => { :enabled => true }
   # Subclasses must override this method
@@ -92,4 +92,5 @@ class SuggestArticle &lt; Task
   def after_ham!
     self.delay.marked_as_ham
   end
+
 end
@@ -117,6 +117,51 @@ class Task &lt; ActiveRecord::Base
     end
   end
+  class KindOfValidator < ActiveModel::EachValidator
+    def validate_each(record, attribute, value)
+      environment = record.environment || Environment.default
+      klass = options[:kind]
+      group = klass.to_s.downcase.pluralize
+      id = attribute.to_s + "_id"
+      if environment.respond_to?(group)
+        attrb = value || environment.send(group).find_by_id(record.send(id))
+      else
+        attrb = value || klass.find_by_id(record.send(id))
+      end
+      if attrb.respond_to?(klass.to_s.downcase + "?")
+        unless attrb.send(klass.to_s.downcase + "?")
+          record.errors[attribute] << (options[:message] || "should be "+ klass.to_s.downcase)
+        end
+      else
+        unless attrb.class == klass
+          record.errors[attribute] << (options[:message] || "should be "+ klass.to_s.downcase)
+        end
+      end
+    end
+  end
+
+  def requestor_is_of_kind(klass, message = nil)
+    error_message = message ||= _('Task requestor must be '+klass.to_s.downcase)
+    group = klass.to_s.downcase.pluralize
+    if environment.respond_to?(group) and requestor_id
+      requestor = requestor ||= environment.send(klass.to_s.downcase.pluralize).find_by_id(requestor_id)
+    end
+    unless requestor.class == klass
+      errors.add(error_message)
+    end
+  end
+
+  def target_is_of_kind(klass, message = nil)
+    error_message = message ||= _('Task target must be '+klass.to_s.downcase)
+    group = klass.to_s.downcase.pluralize
+    if environment.respond_to?(group) and target_id
+      target = target ||= environment.send(klass.to_s.downcase.pluralize).find_by_id(target_id)
+    end
+    unless target.class == klass
+      errors.add(error_message)
+    end
+  end
+
   def close(status, closed_by)
     self.status = status
     self.end_date = Time.now
@@ -12,7 +12,11 @@ endpoints.map do |endpoint|
       }
     end
   end
-end.flatten.compact.sort{|a,b| a[:path]=='/api/v1/login' ? -1:1}.to_json %>;
+end.flatten.compact.sort{|a,b|
+  a[:path]=='/api/v1/login' ? -1 :
+  b[:path]=='/api/v1/login' ?  1 :
+  a[:path] <=> b[:path]
+}.to_json %>;
 </script>
 <form id="api-form">
@@ -6,6 +6,13 @@ require ::File.expand_path(&#39;../config/environment&#39;,  __FILE__)
 #use Rails::Rack::Static
 #run ActionController::Dispatcher.new
+use Rack::Cors do
+  allow do
+    origins '*'
+    resource '/api/*', :headers => :any, :methods => [:get, :post]
+  end
+end
+
 rails_app = Rack::Builder.new do
   run Noosfero::Application
 end
@@ -135,12 +135,5 @@ module Noosfero
     Noosfero::Plugin.setup(config)
-    config.middleware.use Rack::Cors do
-      allow do
-        origins '*'
-        resource '/api/*', :headers => :any, :methods => [:get, :post]
-      end
-    end
-
   end
 end
@@ -0,0 +1 @@
+Rails.application.eager_load!
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20150603182105) do
+ActiveRecord::Schema.define(:version => 20150712194411) do
   create_table "abuse_reports", :force => true do |t|
     t.integer  "reporter_id"
@@ -48,6 +48,18 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
   add_index "action_tracker_notifications", ["profile_id", "action_tracker_id"], :name => "index_action_tracker_notif_on_prof_id_act_tracker_id", :unique => true
   add_index "action_tracker_notifications", ["profile_id"], :name => "index_action_tracker_notifications_on_profile_id"
+  create_table "article_followers", :force => true do |t|
+    t.integer  "person_id",  :null => false
+    t.integer  "article_id", :null => false
+    t.datetime "since"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
+  add_index "article_followers", ["article_id"], :name => "index_article_followers_on_article_id"
+  add_index "article_followers", ["person_id", "article_id"], :name => "index_article_followers_on_person_id_and_article_id", :unique => true
+  add_index "article_followers", ["person_id"], :name => "index_article_followers_on_person_id"
+
   create_table "article_privacy_exceptions", :id => false, :force => true do |t|
     t.integer "article_id"
     t.integer "person_id"
@@ -75,8 +87,8 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.integer  "comments_count"
     t.boolean  "advertise",            :default => true
     t.boolean  "published",            :default => true
-    t.date     "start_date"
-    t.date     "end_date"
+    t.datetime "start_date"
+    t.datetime "end_date"
     t.integer  "children_count",       :default => 0
     t.boolean  "accept_comments",      :default => true
     t.integer  "reference_article_id"
@@ -127,8 +139,8 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.integer  "comments_count",       :default => 0
     t.boolean  "advertise",            :default => true
     t.boolean  "published",            :default => true
-    t.date     "start_date"
-    t.date     "end_date"
+    t.datetime "start_date"
+    t.datetime "end_date"
     t.integer  "children_count",       :default => 0
     t.boolean  "accept_comments",      :default => true
     t.integer  "reference_article_id"
@@ -151,6 +163,8 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.integer  "author_id"
     t.integer  "created_by_id"
     t.boolean  "show_to_followers",    :default => true
+    t.integer  "sash_id"
+    t.integer  "level",                :default => 0
   end
   add_index "articles", ["comments_count"], :name => "index_articles_on_comments_count"
@@ -177,6 +191,17 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
   add_index "articles_categories", ["article_id"], :name => "index_articles_categories_on_article_id"
   add_index "articles_categories", ["category_id"], :name => "index_articles_categories_on_category_id"
+  create_table "badges_sashes", :force => true do |t|
+    t.integer  "badge_id"
+    t.integer  "sash_id"
+    t.boolean  "notified_user", :default => false
+    t.datetime "created_at"
+  end
+
+  add_index "badges_sashes", ["badge_id", "sash_id"], :name => "index_badges_sashes_on_badge_id_and_sash_id"
+  add_index "badges_sashes", ["badge_id"], :name => "index_badges_sashes_on_badge_id"
+  add_index "badges_sashes", ["sash_id"], :name => "index_badges_sashes_on_sash_id"
+
   create_table "blocks", :force => true do |t|
     t.string   "title"
     t.integer  "box_id"
@@ -272,8 +297,10 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.string   "referrer"
     t.text     "settings"
     t.integer  "paragraph_id"
+    t.string   "paragraph_uuid"
   end
+  add_index "comments", ["paragraph_uuid"], :name => "index_comments_on_paragraph_uuid"
   add_index "comments", ["source_id", "spam"], :name => "index_comments_on_source_id_and_spam"
   create_table "contact_lists", :force => true do |t|
@@ -313,6 +340,17 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
   add_index "domains", ["owner_id", "owner_type", "is_default"], :name => "index_domains_on_owner_id_and_owner_type_and_is_default"
   add_index "domains", ["owner_id", "owner_type"], :name => "index_domains_on_owner_id_and_owner_type"
+  create_table "email_templates", :force => true do |t|
+    t.string   "name"
+    t.string   "template_type"
+    t.string   "subject"
+    t.text     "body"
+    t.integer  "owner_id"
+    t.string   "owner_type"
+    t.datetime "created_at",    :null => false
+    t.datetime "updated_at",    :null => false
+  end
+
   create_table "environments", :force => true do |t|
     t.string   "name"
     t.string   "contact_email"
@@ -332,6 +370,7 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.string   "default_language"
     t.string   "noreply_email"
     t.string   "redirection_after_signup",     :default => "keep_on_same_page"
+    t.text     "send_email_plugin_allow_to"
     t.string   "date_format",                  :default => "month_name_with_year"
   end
@@ -368,6 +407,17 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
   add_index "friendships", ["person_id", "friend_id"], :name => "index_friendships_on_person_id_and_friend_id"
   add_index "friendships", ["person_id"], :name => "index_friendships_on_person_id"
+  create_table "gamification_plugin_badges", :force => true do |t|
+    t.string   "name"
+    t.integer  "level"
+    t.string   "description"
+    t.string   "custom_fields"
+    t.integer  "owner_id"
+    t.string   "owner_type"
+    t.datetime "created_at",    :null => false
+    t.datetime "updated_at",    :null => false
+  end
+
   create_table "images", :force => true do |t|
     t.integer "parent_id"
     t.string  "content_type"
@@ -424,6 +474,46 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.datetime "updated_at"
   end
+  create_table "mark_comment_as_read_plugin", :force => true do |t|
+    t.integer "comment_id"
+    t.integer "person_id"
+  end
+
+  add_index "mark_comment_as_read_plugin", ["comment_id", "person_id"], :name => "index_mark_comment_as_read_plugin_on_comment_id_and_person_id", :unique => true
+
+  create_table "merit_actions", :force => true do |t|
+    t.integer  "user_id"
+    t.string   "action_method"
+    t.integer  "action_value"
+    t.boolean  "had_errors",    :default => false
+    t.string   "target_model"
+    t.integer  "target_id"
+    t.text     "target_data"
+    t.boolean  "processed",     :default => false
+    t.datetime "created_at",                       :null => false
+    t.datetime "updated_at",                       :null => false
+  end
+
+  create_table "merit_activity_logs", :force => true do |t|
+    t.integer  "action_id"
+    t.string   "related_change_type"
+    t.integer  "related_change_id"
+    t.string   "description"
+    t.datetime "created_at"
+  end
+
+  create_table "merit_score_points", :force => true do |t|
+    t.integer  "score_id"
+    t.integer  "num_points", :default => 0
+    t.string   "log"
+    t.datetime "created_at"
+  end
+
+  create_table "merit_scores", :force => true do |t|
+    t.integer "sash_id"
+    t.string  "category", :default => "default"
+  end
+
   create_table "national_region_types", :force => true do |t|
     t.string "name"
   end
@@ -440,6 +530,15 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
   add_index "national_regions", ["name"], :name => "name_index"
   add_index "national_regions", ["national_region_code"], :name => "code_index"
+  create_table "pairwise_plugin_choices_related", :force => true do |t|
+    t.integer  "choice_id"
+    t.integer  "parent_choice_id"
+    t.integer  "question_id"
+    t.integer  "user_id"
+    t.datetime "created_at",       :null => false
+    t.datetime "updated_at",       :null => false
+  end
+
   create_table "price_details", :force => true do |t|
     t.decimal  "price",              :default => 0.0
     t.integer  "product_id"
@@ -547,15 +646,37 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.boolean  "allow_members_to_invite",               :default => true
     t.boolean  "invite_friends_only",                   :default => false
     t.boolean  "secret",                                :default => false
+    t.integer  "sash_id"
+    t.integer  "level",                                 :default => 0
   end
   add_index "profiles", ["activities_count"], :name => "index_profiles_on_activities_count"
   add_index "profiles", ["created_at"], :name => "index_profiles_on_created_at"
+  add_index "profiles", ["enabled"], :name => "index_profiles_on_enabled"
   add_index "profiles", ["environment_id"], :name => "index_profiles_on_environment_id"
   add_index "profiles", ["friends_count"], :name => "index_profiles_on_friends_count"
   add_index "profiles", ["identifier"], :name => "index_profiles_on_identifier"
   add_index "profiles", ["members_count"], :name => "index_profiles_on_members_count"
   add_index "profiles", ["region_id"], :name => "index_profiles_on_region_id"
+  add_index "profiles", ["type"], :name => "index_profiles_on_type"
+  add_index "profiles", ["validated"], :name => "index_profiles_on_validated"
+  add_index "profiles", ["visible"], :name => "index_profiles_on_visible"
+
+  create_table "proposals_discussion_plugin_proposal_evaluations", :force => true do |t|
+    t.integer  "proposal_task_id"
+    t.integer  "evaluator_id"
+    t.integer  "flagged_status"
+    t.datetime "created_at",       :null => false
+    t.datetime "updated_at",       :null => false
+  end
+
+  add_index "proposals_discussion_plugin_proposal_evaluations", ["evaluator_id"], :name => "index_proposals_discussion_plugin_proposal_evaluator_id"
+  add_index "proposals_discussion_plugin_proposal_evaluations", ["proposal_task_id"], :name => "index_proposals_discussion_plugin_proposal_task_id"
+
+  create_table "proposals_discussion_plugin_task_categories", :id => false, :force => true do |t|
+    t.integer "task_id"
+    t.integer "category_id"
+  end
   create_table "qualifier_certifiers", :force => true do |t|
     t.integer "qualifier_id"
@@ -597,6 +718,12 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.boolean "is_global"
   end
+  add_index "role_assignments", ["accessor_id", "accessor_type", "resource_id", "resource_type"], :name => "index_on_role_assigments_accessor_resource_role"
+  add_index "role_assignments", ["accessor_id", "accessor_type", "role_id"], :name => "index_on_role_assigments_accessor_role"
+  add_index "role_assignments", ["accessor_id", "accessor_type"], :name => "index_role_assignments_on_accessor_id_and_accessor_type"
+  add_index "role_assignments", ["resource_id", "resource_type", "role_id"], :name => "index_on_role_assigments_resource_role"
+  add_index "role_assignments", ["resource_id", "resource_type"], :name => "index_role_assignments_on_resource_id_and_resource_type"
+
   create_table "roles", :force => true do |t|
     t.string  "name"
     t.string  "key"
@@ -606,6 +733,11 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
     t.integer "profile_id"
   end
+  create_table "sashes", :force => true do |t|
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
   create_table "scraps", :force => true do |t|
     t.text     "content"
     t.integer  "sender_id"
@@ -684,7 +816,7 @@ ActiveRecord::Schema.define(:version =&gt; 20150603182105) do
   create_table "tasks", :force => true do |t|
     t.text     "data"
     t.integer  "status"
-    t.date     "end_date"
+    t.datetime "end_date"
     t.integer  "requestor_id"
     t.integer  "target_id"
     t.string   "code",           :limit => 40
@@ -59,7 +59,8 @@
         end
       end
-      ARTICLE_TYPES = Article.descendants.map{|a| a.to_s}
+      ARTICLE_TYPES = ['Article'] + Article.descendants.map{|a| a.to_s}
+      TASK_TYPES = ['Task'] + Task.descendants.map{|a| a.to_s}
       def find_article(articles, id)
         article = articles.find(id)
@@ -107,9 +108,36 @@
         articles
       end
-      def find_task(tasks, id)
-        task = tasks.find(id)
-        task.display_to?(current_user.person) ? task : forbidden!
+      def find_task(asset, id)
+        task = asset.tasks.find(id)
+        current_person.has_permission?(task.permission, asset) ? task : forbidden!
+      end
+
+      def post_task(asset, params)
+        klass_type= params[:content_type].nil? ? 'Task' : params[:content_type]
+        return forbidden! unless TASK_TYPES.include?(klass_type)
+
+        task = klass_type.constantize.new(params[:task])
+        task.requestor_id = current_person.id
+        task.target_id = asset.id
+        task.target_type = 'Profile'
+
+        if !task.save
+          render_api_errors!(task.errors.full_messages)
+        end
+        present task, :with => Entities::Task, :fields => params[:fields]
+      end
+
+      def present_task(asset)
+        task = find_task(asset, params[:id])
+        present task, :with => Entities::Task, :fields => params[:fields]
+      end
+
+      def present_tasks(asset)
+        tasks = select_filtered_collection_of(asset, 'tasks', params)
+        tasks = tasks.select {|t| current_person.has_permission?(t.permission, asset)}
+        return forbidden! if tasks.empty? && !current_person.has_permission?(:perform_task, asset)
+        present tasks, :with => Entities::Task, :fields => params[:fields]
       end
       def make_conditions_with_parameter(params = {})
@@ -131,12 +159,13 @@
       end
       def by_reference(scope, params)
-        if params[:reference_id]
-          created_at = scope.find(params[:reference_id]).created_at
-          scope.send("#{params.key?(:oldest) ? 'older_than' : 'younger_than'}", created_at)
-        else
+        reference_id = params[:reference_id].to_i == 0 ? nil : params[:reference_id].to_i
+        if reference_id.nil?
           scope
-        end
+        else
+          created_at = scope.find(reference_id).created_at
+          scope.send("#{params.key?(:oldest) ? 'older_than' : 'younger_than'}", created_at)
+         end
       end
       def select_filtered_collection_of(object, method, params)
@@ -18,146 +18,41 @@ module Noosfero
           # Example Request:
           #  GET host/api/v1/tasks?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317
           get do
-            #FIXME check for permission
             tasks = select_filtered_collection_of(environment, 'tasks', params)
+            tasks = tasks.select {|t| current_person.has_permission?(t.permission, environment)}
             present tasks, :with => Entities::Task, :fields => params[:fields]
           end
           desc "Return the task id"
           get ':id' do
-            task = find_task(environment.tasks, params[:id])
+            task = find_task(environment, params[:id])
             present task, :with => Entities::Task, :fields => params[:fields]
           end
-
-
         end
-        resource :communities do
-          segment '/:community_id' do
-            resource :tasks do
-              get do
-                #FIXME check for permission
-                community = environment.communities.find(params[:community_id])
-                tasks = select_filtered_collection_of(community, 'tasks', params)
-                present tasks, :with => Entities::Task, :fields => params[:fields]
-              end
-
-              get ':id' do
-                community = environment.communities.find(params[:community_id])
-                task = find_task(community.tasks, params[:id])
-                present task, :with => Entities::Task, :fields => params[:fields]
-              end
-
-              # Example Request:
-              #  POST api/v1/communites/:community_id/articles?private_token=234298743290432&article[name]=title&article[body]=body
-              post do
-                community = environment.communities.find(params[:community_id])
-#FIXME see the correct permission
-                return forbidden! unless current_person.can_post_content?(community)
-#FIXME check the task type before create
-                klass_type= params[:content_type].nil? ? 'Task' : params[:content_type]
-#                return forbidden! unless ARTICLE_TYPES.include?(klass_type)
-#
-                task = klass_type.constantize.new(params[:task])
-                task.requestor = current_person
-                task.target = community
-
-                if !task.save
-                  render_api_errors!(task.errors.full_messages)
+        kinds = %w[community person enterprise]
+        kinds.each do |kind|
+          resource kind.pluralize.to_sym do
+            segment "/:#{kind}_id" do
+              resource :tasks do
+                get do
+                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                  present_tasks(profile)
                 end
-                present task, :with => Entities::Task, :fields => params[:fields]
-              end
-
-            end
-          end
-
-        end
-
-        resource :people do
-          segment '/:person_id' do
-            resource :tasks do
-              get do
-#                person = environment.people.find(params[:person_id])
-#                articles = select_filtered_collection_of(person, 'articles', params)
-#                articles = articles.display_filter(current_person, person)
-tasks = Task.all
-                present tasks, :with => Entities::Task, :fields => params[:fields]
-              end
-
-              get ':id' do
-#                person = environment.people.find(params[:person_id])
-#                article = find_article(person.articles, params[:id])
-task = Task.first
-                present task, :with => Entities::Task, :fields => params[:fields]
-              end
-              post do
-#                person = environment.people.find(params[:person_id])
-#                return forbidden! unless current_person.can_post_content?(person)
-#
-#                klass_type= params[:content_type].nil? ? 'TinyMceArticle' : params[:content_type]
-#                return forbidden! unless ARTICLE_TYPES.include?(klass_type)
-#
-#                article = klass_type.constantize.new(params[:article])
-#                article.last_changed_by = current_person
-#                article.created_by= current_person
-#                article.profile = person
-#
-#                if !article.save
-#                  render_api_errors!(article.errors.full_messages)
-#                end
-task = Task.first
-                present task, :with => Entities::Task, :fields => params[:fields]
-              end
-
-            end
-          end
-
-        end
-
-        resource :enterprises do
-          segment '/:enterprise_id' do
-            resource :tasks do
-              get do
-#                enterprise = environment.enterprises.find(params[:enterprise_id])
-#                articles = select_filtered_collection_of(enterprise, 'articles', params)
-#                articles = articles.display_filter(current_person, enterprise)
-tasks = Task.all
-                present tasks, :with => Entities::Task, :fields => params[:fields]
-              end
-
-              get ':id' do
-#                enterprise = environment.enterprises.find(params[:enterprise_id])
-#                article = find_article(enterprise.articles, params[:id])
-task = Task.first
-                present task, :with => Entities::Task, :fields => params[:fields]
-              end
+                get ':id' do
+                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                  present_task(profile)
+                end
-              post do
-#                enterprise = environment.enterprises.find(params[:enterprise_id])
-#                return forbidden! unless current_person.can_post_content?(enterprise)
-#
-#                klass_type= params[:content_type].nil? ? 'TinyMceArticle' : params[:content_type]
-#                return forbidden! unless ARTICLE_TYPES.include?(klass_type)
-#
-#                article = klass_type.constantize.new(params[:article])
-#                article.last_changed_by = current_person
-#                article.created_by= current_person
-#                article.profile = enterprise
-#
-#                if !article.save
-#                  render_api_errors!(article.errors.full_messages)
-#                end
-task = Task.first
-                present task, :with => Entities::Task, :fields => params[:fields]
+                post do
+                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                  post_task(profile, params)
+                end
               end
-
             end
           end
-
         end
-
-
       end
     end
   end
@@ -32,12 +32,10 @@ class CategoriesControllerTest &lt; ActionController::TestCase
   end
   def test_edit
-    cat = Category.new
-    env.categories.expects(:find).with('1').returns(cat)
-    get :edit, :id => '1'
+    get :edit, :id => cat1
     assert_response :success
     assert_template 'edit'
-    assert_equal cat, assigns(:category)
+    assert_equal cat1, assigns(:category)
   end
   def test_edit_save
@@ -145,15 +145,23 @@ class TasksControllerTest &lt; ActionController::TestCase
   end
   should 'affiliate roles to user after finish add member task' do
-    community = fast_create(Community)
-    community.add_member(person)
-    another_person = fast_create(Person)
-    t = AddMember.create!(:person => another_person, :organization => community)
-    count = community.members.size
-    @controller.stubs(:profile).returns(community)
+    c = fast_create(Community)
+    p = create_user('member').person
+
+    @controller.stubs(:profile).returns(c)
+    c.affiliate(profile, Profile::Roles.all_roles(profile.environment.id))
+
+    t = AddMember.create!(:person => p, :organization => c)
+
+    count = c.members.size
+
     post :close, :tasks => {t.id => {:decision => 'finish', :task => {}}}
-    community = Profile.find(community.id)
-    assert_equal count + 1, community.members.size
+    t.reload
+    
+    ok('task should be finished') { t.status == Task::Status::FINISHED }
+
+    c.reload
+    assert_equal count + 1, c.members.size
   end
   should 'display a create ticket form' do
@@ -269,6 +277,7 @@ class TasksControllerTest &lt; ActionController::TestCase
     @controller.stubs(:profile).returns(c)
     c.affiliate(person, Profile::Roles.all_roles(c.environment))
     person = create_user('test_user').person
+    c.add_member(person)
     p_blog = Blog.create!(:profile => person, :name => 'Blog')
     c_blog1 = Blog.create!(:profile => c, :name => 'Blog')
     c_blog2 = Blog.new(:profile => c); c_blog2.name = 'blog2'; c_blog2.save!
@@ -31,7 +31,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   end
   should 'not return article if user has no permission to view it' do
-    person = fast_create(Person)
+    person = fast_create(Person, :environment_id => environment.id)
     article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
     assert !article.published?
@@ -58,7 +58,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   end
   should 'not list children of forbidden article' do
-    person = fast_create(Person)
+    person = fast_create(Person, :environment_id => environment.id)
     article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
     child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
     child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
@@ -67,7 +67,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   end
   should 'not return child of forbidden article' do
-    person = fast_create(Person)
+    person = fast_create(Person, :environment_id => environment.id)
     article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
     child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
     get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
@@ -75,7 +75,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   end
   should 'not return private child' do
-    person = fast_create(Person)
+    person = fast_create(Person, :environment_id => environment.id)
     article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
     child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
     get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
@@ -83,7 +83,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   end
   should 'not list private child' do
-    person = fast_create(Person)
+    person = fast_create(Person, :environment_id => environment.id)
     article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
     child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
     get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
@@ -98,7 +98,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   profile_kinds = %w(community person enterprise)
   profile_kinds.each do |kind|
     should "return article by #{kind}" do
-      profile = fast_create(kind.camelcase.constantize)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
       article = fast_create(Article, :profile_id => profile.id, :name => "Some thing")
       get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}"
       json = JSON.parse(last_response.body)
@@ -106,7 +106,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     end
     should "not return article by #{kind} if user has no permission to view it" do
-      profile = fast_create(kind.camelcase.constantize)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
       article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false)
       assert !article.published?
@@ -115,7 +115,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     end
     should "not list forbidden article when listing articles by #{kind}" do
-      profile = fast_create(kind.camelcase.constantize)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
       article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false)
       assert !article.published?
@@ -132,7 +132,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   group_kinds = %w(community enterprise)
   group_kinds.each do |kind|
     should "#{kind}: create article" do
-      profile = fast_create(kind.camelcase.constantize)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
       give_permission(user.person, 'post_content', profile)
       params[:article] = {:name => "Title"}
       post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
@@ -141,16 +141,16 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     end
     should "#{kind}: do not create article if user has no permission to post content" do
-      profile = fast_create(kind.camelcase.constantize)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
       give_permission(user.person, 'invite_members', profile)
       params[:article] = {:name => "Title"}
       post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
       assert_equal 403, last_response.status
     end
-    should "#{kind}: create article with parent" do
-      profile = fast_create(kind.camelcase.constantize)
-      profile.add_member(user.person)
+    should "#{kind} create article with parent" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
       article = fast_create(Article)
       params[:article] = {:name => "Title", :parent_id => article.id}
@@ -159,9 +159,9 @@ class ArticlesTest &lt; ActiveSupport::TestCase
       assert_equal article.id, json["article"]["parent"]["id"]
     end
-    should "#{kind}: create article with content type passed as parameter" do
-      profile = fast_create(kind.camelcase.constantize)
-      profile.add_member(user.person)
+    should "#{kind} create article with content type passed as parameter" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
       Article.delete_all
       params[:article] = {:name => "Title"}
@@ -173,8 +173,8 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     end
     should "#{kind}: create article of TinyMceArticle type if no content type is passed as parameter" do
-      profile = fast_create(kind.camelcase.constantize)
-      profile.add_member(user.person)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
       params[:article] = {:name => "Title"}
       post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
@@ -184,7 +184,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     end
     should "#{kind}: not create article with invalid article content type" do
-      profile = fast_create(kind.camelcase.constantize)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
       profile.add_member(user.person)
       params[:article] = {:name => "Title"}
@@ -195,20 +195,20 @@ class ArticlesTest &lt; ActiveSupport::TestCase
       assert_equal 403, last_response.status
     end
-    should "#{kind}: create article defining the correct profile" do
-      profile = fast_create(kind.camelcase.constantize)
-      profile.add_member(user.person)
+    should "#{kind} create article defining the correct profile" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
       params[:article] = {:name => "Title"}
       post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
       json = JSON.parse(last_response.body)
-      assert_equal profile, Article.last.profile
+      assert_equal profile.id, json['article']['profile']['id']
     end
     should "#{kind}: create article defining the created_by" do
-      profile = fast_create(kind.camelcase.constantize)
-      profile.add_member(user.person)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
       params[:article] = {:name => "Title"}
       post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
@@ -218,8 +218,8 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     end
     should "#{kind}: create article defining the last_changed_by" do
-      profile = fast_create(kind.camelcase.constantize)
-      profile.add_member(user.person)
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
       params[:article] = {:name => "Title"}
       post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
@@ -241,7 +241,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   end
   should 'person do not create article if user has no permission to post content' do
-    person = fast_create(Person)
+    person = fast_create(Person, :environment_id => environment.id)
     params[:article] = {:name => "Title"}
     post "/api/v1/people/#{person.id}/articles?#{params.to_query}"
     assert_equal 403, last_response.status
@@ -7,25 +7,25 @@ class CategoriesTest &lt; ActiveSupport::TestCase
   end
   should 'list categories' do
-    category = fast_create(Category)
+    category = fast_create(Category, :environment_id => environment.id)
     get "/api/v1/categories/?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_includes json["categories"].map { |c| c["name"] }, category.name
   end
   should 'get category by id' do
-    category = fast_create(Category)
+    category = fast_create(Category, :environment_id => environment.id)
     get "/api/v1/categories/#{category.id}/?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equal category.name, json["category"]["name"]
   end
   should 'list parent and children when get category by id' do
-    parent = fast_create(Category)
-    child_1 = fast_create(Category)
-    child_2 = fast_create(Category)
+    parent = fast_create(Category, :environment_id => environment.id)
+    child_1 = fast_create(Category, :environment_id => environment.id)
+    child_2 = fast_create(Category, :environment_id => environment.id)
-    category = fast_create(Category)
+    category = fast_create(Category, :environment_id => environment.id)
     category.parent = parent
     category.children << child_1
     category.children << child_2
@@ -38,11 +38,11 @@ class CategoriesTest &lt; ActiveSupport::TestCase
   end
   should 'include parent in categories list if params is true' do
-    parent_1 = fast_create(Category) # parent_1 has no parent category
-    child_1 = fast_create(Category)
-    child_2 = fast_create(Category)
+    parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category
+    child_1 = fast_create(Category, :environment_id => environment.id)
+    child_2 = fast_create(Category, :environment_id => environment.id)
-    parent_2 = fast_create(Category)
+    parent_2 = fast_create(Category, :environment_id => environment.id)
     parent_2.parent = parent_1
     parent_2.children << child_1
     parent_2.children << child_2
@@ -60,10 +60,10 @@ class CategoriesTest &lt; ActiveSupport::TestCase
   end
   should 'include children in categories list if params is true' do
-    category = fast_create(Category)
-    child_1 = fast_create(Category)
-    child_2 = fast_create(Category)
-    child_3 = fast_create(Category)
+    category = fast_create(Category, :environment_id => environment.id)
+    child_1 = fast_create(Category, :environment_id => environment.id)
+    child_2 = fast_create(Category, :environment_id => environment.id)
+    child_3 = fast_create(Category, :environment_id => environment.id)
     category.children << child_1
     category.children << child_2
@@ -8,8 +8,8 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
   should 'list only communities' do
-    community = fast_create(Community)
-    enterprise = fast_create(Enterprise) # should not list this enterprise
+    community = fast_create(Community, :environment_id => environment.id)
+    enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise
     get "/api/v1/communities?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id
@@ -17,16 +17,16 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
   should 'list all communities' do
-    community1 = fast_create(Community, :public_profile => true)
-    community2 = fast_create(Community)
+    community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true)
+    community2 = fast_create(Community, :environment_id => environment.id)
     get "/api/v1/communities?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']}
   end
   should 'not list invisible communities' do
-    community1 = fast_create(Community)
-    fast_create(Community, :visible => false)
+    community1 = fast_create(Community, :environment_id => environment.id)
+    fast_create(Community, :environment_id => environment.id, :visible => false)
     get "/api/v1/communities?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -34,8 +34,8 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
   should 'not list private communities without permission' do
-    community1 = fast_create(Community)
-    fast_create(Community, :public_profile => false)
+    community1 = fast_create(Community, :environment_id => environment.id)
+    fast_create(Community, :environment_id => environment.id, :public_profile => false)
     get "/api/v1/communities?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -43,8 +43,8 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
   should 'list private community for members' do
-    c1 = fast_create(Community)
-    c2 = fast_create(Community, :public_profile => false)
+    c1 = fast_create(Community, :environment_id => environment.id)
+    c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false)
     c2.add_member(person)
     get "/api/v1/communities?#{params.to_query}"
@@ -66,7 +66,7 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
   should 'get community' do
-    community = fast_create(Community)
+    community = fast_create(Community, :environment_id => environment.id)
     get "/api/v1/communities/#{community.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -74,7 +74,7 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
   should 'not get invisible community' do
-    community = fast_create(Community, :visible => false)
+    community = fast_create(Community, :environment_id => environment.id, :visible => false)
     get "/api/v1/communities/#{community.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -82,8 +82,8 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
   should 'not get private communities without permission' do
-    community = fast_create(Community)
-    fast_create(Community, :public_profile => false)
+    community = fast_create(Community, :environment_id => environment.id)
+    fast_create(Community, :environment_id => environment.id, :public_profile => false)
     get "/api/v1/communities/#{community.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -91,17 +91,18 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
   should 'get private community for members' do
-    community = fast_create(Community, :public_profile => false)
+    community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true)
     community.add_member(person)
+
     get "/api/v1/communities/#{community.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equal community.id, json['community']['id']
   end
   should 'list person communities' do
-    community = fast_create(Community)
-    fast_create(Community)
+    community = fast_create(Community, :environment_id => environment.id)
+    fast_create(Community, :environment_id => environment.id)
     community.add_member(person)
     get "/api/v1/people/#{person.id}/communities?#{params.to_query}"
@@ -110,8 +111,8 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
   end
   should 'not list person communities invisible' do
-    c1 = fast_create(Community)
-    c2 = fast_create(Community, :visible => false)
+    c1 = fast_create(Community, :environment_id => environment.id)
+    c2 = fast_create(Community, :environment_id => environment.id, :visible => false)
     c1.add_member(person)
     c2.add_member(person)
@@ -8,8 +8,8 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
   should 'list only enterprises' do
-    community = fast_create(Community) # should not list this community
-    enterprise = fast_create(Enterprise, :public_profile => true)
+    community = fast_create(Community, :environment_id => environment.id) # should not list this community
+    enterprise = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true)
     get "/api/v1/enterprises?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_includes json['enterprises'].map {|c| c['id']}, enterprise.id
@@ -17,15 +17,15 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
   should 'list all enterprises' do
-    enterprise1 = fast_create(Enterprise, :public_profile => true)
-    enterprise2 = fast_create(Enterprise)
+    enterprise1 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true)
+    enterprise2 = fast_create(Enterprise, :environment_id => environment.id)
     get "/api/v1/enterprises?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equivalent [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']}
   end
   should 'not list invisible enterprises' do
-    enterprise1 = fast_create(Enterprise)
+    enterprise1 = fast_create(Enterprise, :environment_id => environment.id)
     fast_create(Enterprise, :visible => false)
     get "/api/v1/enterprises?#{params.to_query}"
@@ -34,8 +34,8 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
   should 'not list private enterprises without permission' do
-    enterprise1 = fast_create(Enterprise)
-    fast_create(Enterprise, :public_profile => false)
+    enterprise1 = fast_create(Enterprise, :environment_id => environment.id)
+    fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
     get "/api/v1/enterprises?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -43,8 +43,8 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
   should 'list private enterprise for members' do
-    c1 = fast_create(Enterprise)
-    c2 = fast_create(Enterprise, :public_profile => false)
+    c1 = fast_create(Enterprise, :environment_id => environment.id)
+    c2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
     c2.add_member(person)
     get "/api/v1/enterprises?#{params.to_query}"
@@ -53,7 +53,7 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
   should 'get enterprise' do
-    enterprise = fast_create(Enterprise)
+    enterprise = fast_create(Enterprise, :environment_id => environment.id)
     get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -69,8 +69,8 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
   should 'not get private enterprises without permission' do
-    enterprise = fast_create(Enterprise)
-    fast_create(Enterprise, :public_profile => false)
+    enterprise = fast_create(Enterprise, :environment_id => environment.id)
+    fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
     get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -87,8 +87,8 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
   should 'list person enterprises' do
-    enterprise = fast_create(Enterprise)
-    fast_create(Enterprise)
+    enterprise = fast_create(Enterprise, :environment_id => environment.id)
+    fast_create(Enterprise, :environment_id => environment.id)
     enterprise.add_member(person)
     get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}"
@@ -97,8 +97,8 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
   end
   should 'not list person enterprises invisible' do
-    c1 = fast_create(Enterprise)
-    c2 = fast_create(Enterprise, :visible => false)
+    c1 = fast_create(Enterprise, :environment_id => environment.id)
+    c2 = fast_create(Enterprise, :environment_id => environment.id, :visible => false)
     c1.add_member(person)
     c2.add_member(person)
@@ -12,6 +12,7 @@ class TasksTest &lt; ActiveSupport::TestCase
   attr_accessor :person, :community, :environment
   should 'list tasks of environment' do
+    environment.add_admin(person)
     task = create(Task, :requestor => person, :target => environment)
     get "/api/v1/tasks?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -26,364 +27,147 @@ class TasksTest &lt; ActiveSupport::TestCase
     assert_equal task.id, json["task"]["id"]
   end
-#  should 'not return environmet task if user has no permission to view it' do
-#    person = fast_create(Person)
-#    task = create(Task, :requestor => person, :target => environment)
-#
-#    get "/api/v1/tasks/#{task.id}?#{params.to_query}"
-#    assert_equal 403, last_response.status
-#  end
-#
-#  #############################
-#  #     Community Tasks    #
-#  #############################
-#
-#  should 'return task by community' do
-#    community = fast_create(Community)
-#    task = create(Task, :requestor => person, :target => community)
-#    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
-#    json = JSON.parse(last_response.body)
-#    assert_equal task.id, json["task"]["id"]
-#  end
-#
-#  should 'not return task by community if user has no permission to view it' do
-#    community = fast_create(Community)
-#    task = create(Task, :requestor => person, :target => community)
-#    assert !person.is_member_of?(community)
-#
-#    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
-#    assert_equal 403, last_response.status
-#  end
-#
-##  should 'not list forbidden article when listing articles by community' do
-##    community = fast_create(Community)
-##    article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false)
-##    assert !article.published?
-##
-##    get "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_not_includes json['articles'].map {|a| a['id']}, article.id
-##  end
-#
-#  should 'create task in a community' do
-#    community = fast_create(Community)
-#    give_permission(person, 'post_content', community)
-#    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
-#    json = JSON.parse(last_response.body)
-#    assert_not_nil json["task"]["id"]
-#  end
-#
-#  should 'do not create article if user has no permission to post content' do
-#assert false
-##    community = fast_create(Community)
-##    give_permission(user.person, 'invite_members', community)
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
-##    assert_equal 403, last_response.status
-#  end
-#
-##  should 'create article with parent' do
-##    community = fast_create(Community)
-##    community.add_member(user.person)
-##    article = fast_create(Article)
-##
-##    params[:article] = {:name => "Title", :parent_id => article.id}
-##    post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal article.id, json["article"]["parent"]["id"]
-##  end
-#
-#  should 'create task defining the requestor as current profile logged in' do
-#    community = fast_create(Community)
-#    community.add_member(person)
-#
-#    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
-#    json = JSON.parse(last_response.body)
-#    
-#    assert_equal person, Task.last.requestor
-#  end
-#
-#  should 'create task defining the target as the community' do
-#    community = fast_create(Community)
-#    community.add_member(person)
-#
-#    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
-#    json = JSON.parse(last_response.body)
-#    
-#    assert_equal community, Task.last.target
-#  end
-#
-##  #############################
-##  #       Person Articles     #
-##  #############################
-##
-##  should 'return article by person' do
-##    person = fast_create(Person)
-##    article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
-##    get "/api/v1/people/#{person.id}/articles/#{article.id}?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal article.id, json["article"]["id"]
-##  end
-##
-##  should 'not return article by person if user has no permission to view it' do
-##    person = fast_create(Person)
-##    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
-##    assert !article.published?
-##
-##    get "/api/v1/people/#{person.id}/articles/#{article.id}?#{params.to_query}"
-##    assert_equal 403, last_response.status
-##  end
-##
-##  should 'not list forbidden article when listing articles by person' do
-##    person = fast_create(Person)
-##    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
-##    assert !article.published?
-##    get "/api/v1/people/#{person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_not_includes json['articles'].map {|a| a['id']}, article.id
-##  end
-##
-##  should 'create article in a person' do
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal "Title", json["article"]["title"]
-##  end
-##
-##  should 'person do not create article if user has no permission to post content' do
-##    person = fast_create(Person)
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/people/#{person.id}/articles?#{params.to_query}"
-##    assert_equal 403, last_response.status
-##  end
-##
-##  should 'person create article with parent' do
-##    article = fast_create(Article)
-##
-##    params[:article] = {:name => "Title", :parent_id => article.id}
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal article.id, json["article"]["parent"]["id"]
-##  end
-##
-##  should 'person create article with content type passed as parameter' do
-##    Article.delete_all
-##    params[:article] = {:name => "Title"}
-##    params[:content_type] = 'TextArticle'
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_kind_of TextArticle, Article.last
-##  end
-##  
-##  should 'person create article of TinyMceArticle type if no content type is passed as parameter' do
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_kind_of TinyMceArticle, Article.last
-##  end
-##
-##  should 'person not create article with invalid article content type' do
-##    params[:article] = {:name => "Title"}
-##    params[:content_type] = 'Person'
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal 403, last_response.status
-##  end
-##
-##  should 'person create article defining the correct profile' do
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal user.person, Article.last.profile
-##  end
-##
-##  should 'person create article defining the created_by' do
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal user.person, Article.last.created_by
-##  end
-##
-##  should 'person create article defining the last_changed_by' do
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal user.person, Article.last.last_changed_by
-##  end
-##
-##  #############################
-##  #     Enterprise Articles    #
-##  #############################
-##
-##  should 'return article by enterprise' do
-##    enterprise = fast_create(Enterprise)
-##    article = fast_create(Article, :profile_id => enterprise.id, :name => "Some thing")
-##    get "/api/v1/enterprises/#{enterprise.id}/articles/#{article.id}?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal article.id, json["article"]["id"]
-##  end
-##
-##  should 'not return article by enterprise if user has no permission to view it' do
-##    enterprise = fast_create(Enterprise)
-##    article = fast_create(Article, :profile_id => enterprise.id, :name => "Some thing", :published => false)
-##    assert !article.published?
-##
-##    get "/api/v1/enterprises/#{enterprise.id}/articles/#{article.id}?#{params.to_query}"
-##    assert_equal 403, last_response.status
-##  end
-##
-##  should 'not list forbidden article when listing articles by enterprise' do
-##    enterprise = fast_create(Enterprise)
-##    article = fast_create(Article, :profile_id => enterprise.id, :name => "Some thing", :published => false)
-##    assert !article.published?
-##
-##    get "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_not_includes json['articles'].map {|a| a['id']}, article.id
-##  end
-##
-##  should 'create article in a enterprise' do
-##    enterprise = fast_create(Enterprise)
-##    give_permission(user.person, 'post_content', enterprise)
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal "Title", json["article"]["title"]
-##  end
-##
-##  should 'enterprise: do not create article if user has no permission to post content' do
-##    enterprise = fast_create(Enterprise)
-##    give_permission(user.person, 'invite_members', enterprise)
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    assert_equal 403, last_response.status
-##  end
-##
-##  should 'enterprise: create article with parent' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##    article = fast_create(Article)
-##
-##    params[:article] = {:name => "Title", :parent_id => article.id}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal article.id, json["article"]["parent"]["id"]
-##  end
-##
-##  should 'enterprise: create article with content type passed as parameter' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##
-##    Article.delete_all
-##    params[:article] = {:name => "Title"}
-##    params[:content_type] = 'TextArticle'
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_kind_of TextArticle, Article.last
-##  end
-##  
-##  should 'enterprise: create article of TinyMceArticle type if no content type is passed as parameter' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_kind_of TinyMceArticle, Article.last
-##  end
-##
-##  should 'enterprise: not create article with invalid article content type' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##
-##    params[:article] = {:name => "Title"}
-##    params[:content_type] = 'Person'
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal 403, last_response.status
-##  end
-##
-##  should 'enterprise: create article defining the correct profile' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal enterprise, Article.last.profile
-##  end
-##
-##  should 'enterprise: create article defining the created_by' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal user.person, Article.last.created_by
-##  end
-##
-##  should 'enterprise: create article defining the last_changed_by' do
-##    enterprise = fast_create(Enterprise)
-##    enterprise.add_member(user.person)
-##
-##    params[:article] = {:name => "Title"}
-##    post "/api/v1/enterprises/#{enterprise.id}/articles?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    
-##    assert_equal user.person, Article.last.last_changed_by
-##  end
-##
-##  should 'list article children with partial fields' do
-##    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-##    child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
-##    params[:fields] = [:title]
-##    get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal ['title'], json['articles'].first.keys
-##  end
-##
-##  should 'suggest article children' do
-##    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-##    params[:target_id] = user.person.id
-##    params[:article] = {:name => "Article name", :body => "Article body"}
-##    assert_difference "SuggestArticle.count" do
-##      post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}"
-##    end
-##    json = JSON.parse(last_response.body)
-##    assert_equal 'SuggestArticle', json['type']
-##  end
-##
-##  should 'suggest event children' do
-##    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-##    params[:target_id] = user.person.id
-##    params[:article] = {:name => "Article name", :body => "Article body", :type => "Event"}
-##    assert_difference "SuggestArticle.count" do
-##      post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}"
-##    end
-##    json = JSON.parse(last_response.body)
-##    assert_equal 'SuggestArticle', json['type']
-##  end
-##
-##  should 'update hit attribute of article children' do
-##    a1 = fast_create(Article, :profile_id => user.person.id)
-##    a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)
-##    a3 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)
-##    get "/api/v1/articles/#{a1.id}/children?#{params.to_query}"
-##    json = JSON.parse(last_response.body)
-##    assert_equal [1, 1], json['articles'].map { |a| a['hits']}
-##    assert_equal [0, 1, 1], [a1.reload.hits, a2.reload.hits, a3.reload.hits]
-##  end
-##
+  should 'not return environmet task if user has no permission to view it' do
+    person = fast_create(Person)
+    task = create(Task, :requestor => person, :target => environment)
+
+    get "/api/v1/tasks/#{task.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+ #############################
+ #     Community Tasks    #
+ #############################
+
+  should 'return task by community' do
+    community = fast_create(Community)
+    community.add_admin(person)
+
+    task = create(Task, :requestor => person, :target => community)
+    assert person.is_member_of?(community)
+
+    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal task.id, json["task"]["id"]
+  end
+
+  should 'not return task by community if user has no permission to view it' do
+    community = fast_create(Community)
+    task = create(Task, :requestor => person, :target => community)
+    assert !person.is_member_of?(community)
+
+    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'create task in a community' do
+    community = fast_create(Community)
+    give_permission(person, 'perform_task', community)
+    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_not_nil json["task"]["id"]
+  end
+
+  should 'create task defining the requestor as current profile logged in' do
+    community = fast_create(Community)
+    community.add_member(person)
+
+    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal person, Task.last.requestor
+  end
+
+  should 'create task defining the target as the community' do
+    community = fast_create(Community)
+    community.add_member(person)
+
+    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal community, Task.last.target
+  end
+
+ #############################
+ #        Person Tasks       #
+ #############################
+
+  should 'return task by person' do
+    task = create(Task, :requestor => person, :target => person)
+    get "/api/v1/people/#{person.id}/tasks/#{task.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal task.id, json["task"]["id"]
+  end
+
+  should 'not return task by person if user has no permission to view it' do
+    some_person = fast_create(Person)
+    task = create(Task, :requestor => person, :target => some_person)
+
+    get "/api/v1/people/#{some_person.id}/tasks/#{task.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'create task for person' do
+    post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_not_nil json["task"]["id"]
+  end
+
+  should 'create task for another person' do
+    some_person = fast_create(Person)
+    post "/api/v1/people/#{some_person.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal some_person, Task.last.target
+  end
+
+  should 'create task defining the target as a person' do
+    post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal person, Task.last.target
+  end
+
+ #############################
+ #      Enterprise Tasks     #
+ #############################
+
+  should 'return task by enterprise' do
+    enterprise = fast_create(Enterprise)
+    enterprise.add_admin(person)
+
+    task = create(Task, :requestor => person, :target => enterprise)
+    assert person.is_member_of?(enterprise)
+
+    get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal task.id, json["task"]["id"]
+  end
+
+  should 'not return task by enterprise if user has no permission to view it' do
+    enterprise = fast_create(Enterprise)
+    task = create(Task, :requestor => person, :target => enterprise)
+    assert !person.is_member_of?(enterprise)
+
+    get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'create task in a enterprise' do
+    enterprise = fast_create(Enterprise)
+    give_permission(person, 'perform_task', enterprise)
+    post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_not_nil json["task"]["id"]
+  end
+
+  should 'create task defining the target as the enterprise' do
+    enterprise = fast_create(Enterprise)
+    enterprise.add_member(person)
+
+    post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal enterprise, Task.last.target
+  end
 end
@@ -9,7 +9,8 @@ class ActiveSupport::TestCase
   end
   def login_api
-    @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => Environment.default)
+    @environment = Environment.default
+    @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => @environment)
     @user.activate
     @person = @user.person
@@ -18,7 +19,7 @@ class ActiveSupport::TestCase
     @private_token = json["private_token"]
     @params = {:private_token => @private_token}
   end
-  attr_accessor :private_token, :user, :person, :params
+  attr_accessor :private_token, :user, :person, :params, :environment
   private
@@ -9,6 +9,7 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     @profile = create_user('test_user').person
     @article = fast_create(TextileArticle, :profile_id => @profile.id, :name => 'test name', :abstract => 'Lead of article', :body => 'This is my article')
     @community = fast_create(Community)
+    @community.add_member(@profile)
   end
   attr_reader :profile, :article, :community
@@ -251,6 +252,8 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
   end
   should 'not group trackers activity of article\'s creation' do
+    other_community = fast_create(Community)
+    other_community.add_member(profile)
     ActionTracker::Record.delete_all
     article = fast_create(TextileArticle)
@@ -262,20 +265,20 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     a.finish
     article = fast_create(TextileArticle)
-    other_community = fast_create(Community)
     a = create(ApproveArticle, :name => 'another bar', :article => article, :target => other_community, :requestor => profile)
     a.finish
     assert_equal 3, ActionTracker::Record.count
   end
   should 'not create trackers activity when updating articles' do
+    other_community = fast_create(Community)
+    other_community.add_member(profile)
     ActionTracker::Record.delete_all
     article1 = fast_create(TextileArticle)
     a = create(ApproveArticle, :name => 'bar', :article => article1, :target => community, :requestor => profile)
     a.finish
     article2 = fast_create(TinyMceArticle)
-    other_community = fast_create(Community)
     a = create(ApproveArticle, :name => 'another bar', :article => article2, :target => other_community, :requestor => profile)
     a.finish
     assert_equal 2, ActionTracker::Record.count
@@ -283,7 +286,7 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     assert_no_difference 'ActionTracker::Record.count' do
       published = article1.class.last
       published.name = 'foo';published.save!
-  
+
       published = article2.class.last
       published.name = 'another foo';published.save!
     end
@@ -307,7 +310,7 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     person = fast_create(Person)
     person.stubs(:notification_emails).returns(['target@example.org'])
-    a = create(ApproveArticle, :article => article, :target => person, :requestor => profile)
+    a = create(ApproveArticle, :article => article, :target => person, :requestor => person)
     a.finish
     approved_article = person.articles.find_by_name(article.name)
@@ -427,7 +430,7 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     article = fast_create(Article)
     profile.domains << create(Domain, :name => 'example.org')
     assert_nothing_raised do
-      create(ApproveArticle, :article => article, :target => profile, :requestor => community)
+      create(ApproveArticle, :article => article, :target => profile, :requestor => profile)
     end
   end
@@ -440,4 +443,47 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     assert_equal article, LinkArticle.last.reference_article
   end
+  should 'not allow non-person requestor' do
+    task = ApproveArticle.new(:requestor => Community.new)
+    task.valid?
+    assert task.invalid?(:requestor)
+  end
+
+  should 'allow only self requestors when the target is a person' do
+    person = fast_create(Person)
+    another_person = fast_create(Person)
+
+    t1 = ApproveArticle.new(:requestor => person, :target => person)
+    t2 = ApproveArticle.new(:requestor => another_person, :target => person)
+
+    assert t1.valid?
+    assert !t2.valid?
+    assert t2.invalid?(:requestor)
+  end
+
+  should 'allow only members to be requestors when target is a community' do
+    community = fast_create(Community)
+    member = fast_create(Person)
+    community.add_member(member)
+    non_member = fast_create(Person)
+
+    t1 = ApproveArticle.new(:requestor => member, :target => community)
+    t2 = ApproveArticle.new(:requestor => non_member, :target => community)
+
+    assert t1.valid?
+    assert !t2.valid?
+    assert t2.invalid?(:requestor)
+  end
+
+  should 'allow any user to be requestor whe the target is the portal community' do
+    community = fast_create(Community)
+    environment = community.environment
+    environment.portal_community = community
+    environment.save!
+    person = fast_create(Person)
+
+    task = ApproveArticle.new(:requestor => person, :target => community)
+
+    assert task.valid?
+  end
 end
@@ -913,6 +913,7 @@ class ArticleTest &lt; ActiveSupport::TestCase
   should 'not doubly escape quotes in the name' do
     person = fast_create(Person)
     community = fast_create(Community)
+    community.add_member(profile)
     article = fast_create(Article, :name => 'article name', :profile_id => person.id)
     a = create(ApproveArticle, :article => article, :target => community, :requestor => profile)
     a.finish
@@ -93,6 +93,7 @@ class FolderTest &lt; ActiveSupport::TestCase
     image = UploadedFile.create!(:profile => person, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'))
     community = fast_create(Community)
+    community.add_member(person)
     folder = fast_create(Folder, :profile_id => community.id)
     a = create(ApproveArticle, :article => image, :target => community, :requestor => person, :article_parent => folder)
     a.finish
@@ -101,6 +101,7 @@ class GalleryTest &lt; ActiveSupport::TestCase
     i = UploadedFile.create!(:profile => p, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'))
     c = fast_create(Community)
+    c.add_member(p)
     gallery = fast_create(Gallery, :profile_id => c.id)
     a = create(ApproveArticle, :article => i, :target => c, :requestor => p, :article_parent => gallery)
@@ -218,7 +218,7 @@ class ScrapTest &lt; ActiveSupport::TestCase
   should "update the scrap on reply creation" do
     person = create_user.person
     s = fast_create(Scrap, :updated_at => DateTime.parse('2010-01-01'))
-    assert_equal DateTime.parse('2010-01-01'), s.updated_at.strftime('%Y-%m-%d')
+    assert_equal DateTime.parse('2010-01-01'), s.updated_at
     DateTime.stubs(:now).returns(DateTime.parse('2010-09-07'))
     s1 = create(Scrap, :content => 'some content', :sender => person, :receiver => person, :scrap_id => s.id)
     s.reload
	@@ -1,269 +0,0 @@	@@ -1,269 +0,0 @@
1	-GEM
2	- remote: https://rubygems.org/
3	- specs:
4	- RedCloth (4.2.9)
5	- actionmailer (3.2.22)
6	- actionpack (= 3.2.22)
7	- mail (~> 2.5.4)
8	- actionpack (3.2.22)
9	- activemodel (= 3.2.22)
10	- activesupport (= 3.2.22)
11	- builder (~> 3.0.0)
12	- erubis (~> 2.7.0)
13	- journey (~> 1.0.4)
14	- rack (~> 1.4.5)
15	- rack-cache (~> 1.2)
16	- rack-test (~> 0.6.1)
17	- sprockets (~> 2.2.1)
18	- activemodel (3.2.22)
19	- activesupport (= 3.2.22)
20	- builder (~> 3.0.0)
21	- activerecord (3.2.22)
22	- activemodel (= 3.2.22)
23	- activesupport (= 3.2.22)
24	- arel (~> 3.0.2)
25	- tzinfo (~> 0.3.29)
26	- activeresource (3.2.22)
27	- activemodel (= 3.2.22)
28	- activesupport (= 3.2.22)
29	- activesupport (3.2.22)
30	- i18n (~> 0.6, >= 0.6.4)
31	- multi_json (~> 1.0)
32	- acts-as-taggable-on (3.4.4)
33	- activerecord (>= 3.2, < 5)
34	- api-pagination (4.1.1)
35	- arel (3.0.3)
36	- axiom-types (0.1.1)
37	- descendants_tracker (~> 0.0.4)
38	- ice_nine (~> 0.11.0)
39	- thread_safe (~> 0.3, >= 0.3.1)
40	- builder (3.0.4)
41	- capybara (2.1.0)
42	- mime-types (>= 1.16)
43	- nokogiri (>= 1.3.3)
44	- rack (>= 1.0.0)
45	- rack-test (>= 0.5.4)
46	- xpath (~> 2.0)
47	- childprocess (0.5.6)
48	- ffi (~> 1.0, >= 1.0.11)
49	- chronic (0.10.2)
50	- coercible (1.0.0)
51	- descendants_tracker (~> 0.0.1)
52	- cucumber (1.0.6)
53	- builder (>= 2.1.2)
54	- diff-lcs (>= 1.1.2)
55	- gherkin (~> 2.4.18)
56	- json (>= 1.4.6)
57	- term-ansicolor (>= 1.0.6)
58	- cucumber-rails (1.0.6)
59	- capybara (>= 1.1.1)
60	- cucumber (>= 1.0.6)
61	- nokogiri (>= 1.5.0)
62	- daemons (1.1.9)
63	- dalli (2.7.4)
64	- database_cleaner (1.2.0)
65	- descendants_tracker (0.0.4)
66	- thread_safe (~> 0.3, >= 0.3.1)
67	- diff-lcs (1.2.5)
68	- eita-jrails (0.9.5)
69	- actionpack (~> 3.2, >= 3.1.0)
70	- activesupport (~> 3.2, >= 3.0.0)
71	- equalizer (0.0.11)
72	- erubis (2.7.0)
73	- eventmachine (1.0.7)
74	- exception_notification (4.0.1)
75	- actionmailer (>= 3.0.4)
76	- activesupport (>= 3.0.4)
77	- execjs (2.5.2)
78	- fast_gettext (0.6.12)
79	- ffi (1.9.10)
80	- gettext (2.2.1)
81	- locale
82	- gherkin (2.4.21)
83	- json (>= 1.4.6)
84	- git-version-bump (0.15.1)
85	- grape (0.11.0)
86	- activesupport
87	- builder
88	- hashie (>= 2.1.0)
89	- multi_json (>= 1.3.2)
90	- multi_xml (>= 0.5.2)
91	- rack (>= 1.3.0)
92	- rack-accept
93	- rack-mount
94	- virtus (>= 1.0.0)
95	- grape-entity (0.4.5)
96	- activesupport
97	- multi_json (>= 1.3.2)
98	- grape-swagger (0.10.1)
99	- grape (>= 0.8.0)
100	- grape-entity
101	- grape_logging (1.1.2)
102	- grape
103	- hashie (3.4.2)
104	- hike (1.2.3)
105	- i18n (0.7.0)
106	- ice_nine (0.11.1)
107	- journey (1.0.4)
108	- json (1.8.3)
109	- locale (2.0.9)
110	- magic (0.2.9)
111	- ffi (>= 0.6.3)
112	- mail (2.5.4)
113	- mime-types (~> 1.16)
114	- treetop (~> 1.4.8)
115	- metaclass (0.0.4)
116	- mime-types (1.25.1)
117	- mini_portile (0.6.2)
118	- minitest (3.2.0)
119	- mocha (1.1.0)
120	- metaclass (~> 0.0.1)
121	- multi_json (1.11.2)
122	- multi_xml (0.5.5)
123	- nokogiri (1.6.6.2)
124	- mini_portile (~> 0.6.0)
125	- pg (0.13.2)
126	- polyglot (0.3.5)
127	- rack (1.4.7)
128	- rack-accept (0.4.5)
129	- rack (>= 0.4)
130	- rack-cache (1.2)
131	- rack (>= 0.4)
132	- rack-contrib (1.3.0)
133	- git-version-bump (~> 0.15)
134	- rack (~> 1.4)
135	- rack-cors (0.4.0)
136	- rack-mount (0.8.3)
137	- rack (>= 1.0.0)
138	- rack-ssl (1.3.4)
139	- rack
140	- rack-test (0.6.3)
141	- rack (>= 1.0)
142	- rails (3.2.22)
143	- actionmailer (= 3.2.22)
144	- actionpack (= 3.2.22)
145	- activerecord (= 3.2.22)
146	- activeresource (= 3.2.22)
147	- activesupport (= 3.2.22)
148	- bundler (~> 1.0)
149	- railties (= 3.2.22)
150	- rails_autolink (1.1.6)
151	- rails (> 3.1)
152	- railties (3.2.22)
153	- actionpack (= 3.2.22)
154	- activesupport (= 3.2.22)
155	- rack-ssl (~> 1.3.2)
156	- rake (>= 0.8.7)
157	- rdoc (~> 3.4)
158	- thor (>= 0.14.6, < 2.0)
159	- rake (10.4.2)
160	- rdoc (3.12.2)
161	- json (~> 1.4)
162	- rest-client (1.6.9)
163	- mime-types (~> 1.16)
164	- rmagick (2.13.4)
165	- rspec (2.14.1)
166	- rspec-core (~> 2.14.0)
167	- rspec-expectations (~> 2.14.0)
168	- rspec-mocks (~> 2.14.0)
169	- rspec-core (2.14.8)
170	- rspec-expectations (2.14.5)
171	- diff-lcs (>= 1.1.3, < 2.0)
172	- rspec-mocks (2.14.6)
173	- rspec-rails (2.14.2)
174	- actionpack (>= 3.0)
175	- activemodel (>= 3.0)
176	- activesupport (>= 3.0)
177	- railties (>= 3.0)
178	- rspec-core (~> 2.14.0)
179	- rspec-expectations (~> 2.14.0)
180	- rspec-mocks (~> 2.14.0)
181	- ruby-feedparser (0.9.3)
182	- magic
183	- rubyzip (1.1.7)
184	- sass (3.4.15)
185	- sass-rails (3.2.6)
186	- railties (~> 3.2.0)
187	- sass (>= 3.1.10)
188	- tilt (~> 1.3)
189	- selenium-webdriver (2.39.0)
190	- childprocess (>= 0.2.5)
191	- multi_json (~> 1.0)
192	- rubyzip (~> 1.0)
193	- websocket (~> 1.0.4)
194	- sprockets (2.2.3)
195	- hike (~> 1.2)
196	- multi_json (~> 1.0)
197	- rack (~> 1.0)
198	- tilt (~> 1.1, != 1.3.0)
199	- term-ansicolor (1.3.2)
200	- tins (~> 1.0)
201	- thin (1.3.1)
202	- daemons (>= 1.0.9)
203	- eventmachine (>= 0.12.6)
204	- rack (>= 1.0.0)
205	- thor (0.19.1)
206	- thread_safe (0.3.5)
207	- tilt (1.4.1)
208	- tins (1.5.4)
209	- treetop (1.4.15)
210	- polyglot
211	- polyglot (>= 0.3.1)
212	- tzinfo (0.3.44)
213	- uglifier (2.7.1)
214	- execjs (>= 0.3.0)
215	- json (>= 1.8.0)
216	- virtus (1.0.5)
217	- axiom-types (~> 0.1)
218	- coercible (~> 1.0)
219	- descendants_tracker (~> 0.0, >= 0.0.3)
220	- equalizer (~> 0.0, >= 0.0.9)
221	- websocket (1.0.7)
222	- whenever (0.9.4)
223	- chronic (>= 0.6.3)
224	- will_paginate (3.0.7)
225	- xpath (2.0.0)
226	- nokogiri (~> 1.3)
227	-
228	-PLATFORMS
229	- ruby
230	-
231	-DEPENDENCIES
232	- RedCloth (~> 4.2.9)
233	- acts-as-taggable-on (~> 3.4.2)
234	- api-pagination (~> 4.1.1)
235	- capybara (~> 2.1.0)
236	- cucumber (~> 1.0.6)
237	- cucumber-rails (~> 1.0.6)
238	- daemons (~> 1.1.5)
239	- dalli (~> 2.7.0)
240	- database_cleaner (~> 1.2.0)
241	- eita-jrails (~> 0.9.5)
242	- exception_notification (~> 4.0.1)
243	- fast_gettext (~> 0.6.8)
244	- gettext (~> 2.2.1)
245	- grape (~> 0.11.0)
246	- grape-entity
247	- grape-swagger
248	- grape_logging
249	- locale (~> 2.0.5)
250	- minitest (~> 3.2.0)
251	- mocha (~> 1.1.0)
252	- nokogiri (~> 1.6.0)
253	- pg (~> 0.13.2)
254	- rack-contrib
255	- rack-cors
256	- rails (~> 3.2.22)
257	- rails_autolink (~> 1.1.5)
258	- rake
259	- rest-client (~> 1.6.7)
260	- rmagick (~> 2.13.1)
261	- rspec (~> 2.14.0)
262	- rspec-rails (~> 2.14.1)
263	- ruby-feedparser (~> 0.7)
264	- sass-rails
265	- selenium-webdriver (~> 2.39.0)
266	- thin (~> 1.3.1)
267	- uglifier (>= 1.0.3)
268	- whenever
269	- will_paginate (~> 3.0.3)
	@@ -2,6 +2,9 @@ class AddMember < Task		@@ -2,6 +2,9 @@ class AddMember < Task
2		2
3	validates_presence_of :requestor_id, :target_id	3	validates_presence_of :requestor_id, :target_id
4		4
		5	+ validates :requestor, kind_of: {kind: Person}
		6	+ validates :target, kind_of: {kind: Organization}
		7	+
5	alias :person :requestor	8	alias :person :requestor
6	alias :person= :requestor=	9	alias :person= :requestor=
7		10
1	class ApproveArticle < Task	1	class ApproveArticle < Task
2	validates_presence_of :requestor_id, :target_id	2	validates_presence_of :requestor_id, :target_id
3		3
		4	+ validates :requestor, kind_of: {kind: Person}
		5	+ validate :allowed_requestor
		6	+
		7	+ def allowed_requestor
		8	+ if target
		9	+ if target.person? && requestor != target
		10	+ self.errors.add(:requestor, _('You can not post articles to other users.'))
		11	+ end
		12	+ if target.organization? && !target.members.include?(requestor) && target.environment.portal_community != target
		13	+ self.errors.add(:requestor, _('Only members can post articles on communities.'))
		14	+ end
		15	+ end
		16	+ end
		17	+
4	def article_title	18	def article_title
5	article ? article.title : _('(The original text was removed)')	19	article ? article.title : _('(The original text was removed)')
6	end	20	end
7	-	21	+
8	def article	22	def article
9	Article.find_by_id data[:article_id]	23	Article.find_by_id data[:article_id]
10	end	24	end
	@@ -124,4 +138,9 @@ class ApproveArticle < Task		@@ -124,4 +138,9 @@ class ApproveArticle < Task
124	message	138	message
125	end	139	end
126		140
		141	+ def request_is_member_of_target
		142	+ unless requestor.is_member_of?(target)
		143	+ errors.add(:approve_article, N_('Requestor must be a member of target.'))
		144	+ end
		145	+ end
127	end	146	end
	@@ -18,6 +18,8 @@ class ChangePassword < Task		@@ -18,6 +18,8 @@ class ChangePassword < Task
18		18
19	validates_presence_of :requestor	19	validates_presence_of :requestor
20		20
		21	+ validates :requestor, kind_of: {kind: Person}
		22	+
21	###################################################	23	###################################################
22	# validations for updating a ChangePassword task	24	# validations for updating a ChangePassword task
23		25
	@@ -8,6 +8,8 @@ class EnterpriseActivation < Task		@@ -8,6 +8,8 @@ class EnterpriseActivation < Task
8		8
9	validates_presence_of :enterprise	9	validates_presence_of :enterprise
10		10
		11	+ validates :target, kind_of: {kind: Enterprise}
		12	+
11	def perform	13	def perform
12	self.enterprise.enable self.requestor	14	self.enterprise.enable self.requestor
13	end	15	end
	@@ -7,6 +7,8 @@ class ModerateUserRegistration < Task		@@ -7,6 +7,8 @@ class ModerateUserRegistration < Task
7		7
8	after_create :schedule_spam_checking	8	after_create :schedule_spam_checking
9		9
		10	+ validates :target, kind_of: {kind: Environment}
		11	+
10	alias :environment :target	12	alias :environment :target
11	alias :environment= :target=	13	alias :environment= :target=
12		14
	@@ -203,9 +203,9 @@ class Profile < ActiveRecord::Base		@@ -203,9 +203,9 @@ class Profile < ActiveRecord::Base
203	Profile.column_names.map{\|n\| [Profile.table_name, n].join('.')}.join(',')	203	Profile.column_names.map{\|n\| [Profile.table_name, n].join('.')}.join(',')
204	end	204	end
205		205
206	- scope :visible, :conditions => { :visible => true }	206	+ scope :visible, :conditions => { :visible => true, :secret => false }
207	scope :disabled, :conditions => { :visible => false }	207	scope :disabled, :conditions => { :visible => false }
208	- scope :public, :conditions => { :visible => true, :public_profile => true }	208	+ scope :public, :conditions => { :visible => true, :public_profile => true, :secret => false }
209	scope :enabled, :conditions => { :enabled => true }	209	scope :enabled, :conditions => { :enabled => true }
210		210
211	# Subclasses must override this method	211	# Subclasses must override this method
	@@ -92,4 +92,5 @@ class SuggestArticle < Task		@@ -92,4 +92,5 @@ class SuggestArticle < Task
92	def after_ham!	92	def after_ham!
93	self.delay.marked_as_ham	93	self.delay.marked_as_ham
94	end	94	end
		95	+
95	end	96	end
	@@ -117,6 +117,51 @@ class Task < ActiveRecord::Base		@@ -117,6 +117,51 @@ class Task < ActiveRecord::Base
117	end	117	end
118	end	118	end
119		119
		120	+ class KindOfValidator < ActiveModel::EachValidator
		121	+ def validate_each(record, attribute, value)
		122	+ environment = record.environment \|\| Environment.default
		123	+ klass = options[:kind]
		124	+ group = klass.to_s.downcase.pluralize
		125	+ id = attribute.to_s + "_id"
		126	+ if environment.respond_to?(group)
		127	+ attrb = value \|\| environment.send(group).find_by_id(record.send(id))
		128	+ else
		129	+ attrb = value \|\| klass.find_by_id(record.send(id))
		130	+ end
		131	+ if attrb.respond_to?(klass.to_s.downcase + "?")
		132	+ unless attrb.send(klass.to_s.downcase + "?")
		133	+ record.errors[attribute] << (options[:message] \|\| "should be "+ klass.to_s.downcase)
		134	+ end
		135	+ else
		136	+ unless attrb.class == klass
		137	+ record.errors[attribute] << (options[:message] \|\| "should be "+ klass.to_s.downcase)
		138	+ end
		139	+ end
		140	+ end
		141	+ end
		142	+
		143	+ def requestor_is_of_kind(klass, message = nil)
		144	+ error_message = message \|\|= _('Task requestor must be '+klass.to_s.downcase)
		145	+ group = klass.to_s.downcase.pluralize
		146	+ if environment.respond_to?(group) and requestor_id
		147	+ requestor = requestor \|\|= environment.send(klass.to_s.downcase.pluralize).find_by_id(requestor_id)
		148	+ end
		149	+ unless requestor.class == klass
		150	+ errors.add(error_message)
		151	+ end
		152	+ end
		153	+
		154	+ def target_is_of_kind(klass, message = nil)
		155	+ error_message = message \|\|= _('Task target must be '+klass.to_s.downcase)
		156	+ group = klass.to_s.downcase.pluralize
		157	+ if environment.respond_to?(group) and target_id
		158	+ target = target \|\|= environment.send(klass.to_s.downcase.pluralize).find_by_id(target_id)
		159	+ end
		160	+ unless target.class == klass
		161	+ errors.add(error_message)
		162	+ end
		163	+ end
		164	+
120	def close(status, closed_by)	165	def close(status, closed_by)
121	self.status = status	166	self.status = status
122	self.end_date = Time.now	167	self.end_date = Time.now
	@@ -6,6 +6,13 @@ require ::File.expand_path('../config/environment', __FILE__)		@@ -6,6 +6,13 @@ require ::File.expand_path('../config/environment', __FILE__)
6	#use Rails::Rack::Static	6	#use Rails::Rack::Static
7	#run ActionController::Dispatcher.new	7	#run ActionController::Dispatcher.new
8		8
		9	+use Rack::Cors do
		10	+ allow do
		11	+ origins '*'
		12	+ resource '/api/*', :headers => :any, :methods => [:get, :post]
		13	+ end
		14	+end
		15	+
9	rails_app = Rack::Builder.new do	16	rails_app = Rack::Builder.new do
10	run Noosfero::Application	17	run Noosfero::Application
11	end	18	end