Merge branch 'master' into AI3205-comment-paragraph

Leandro Santos
2 parents 6c96c297 c5b5a296
Showing 1052 changed files with 54048 additions and 21919 deletions Show diff stats
Gemfile
INSTALL.md
INSTALL.multitenancy.md
MIGRATION_ISSUES
SECURITY.md
app/controllers/admin/admin_panel_controller.rb
app/controllers/admin/region_validators_controller.rb
app/controllers/admin/users_controller.rb
app/controllers/application_controller.rb
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile/friends_controller.rb
app/controllers/my_profile/memberships_controller.rb
app/controllers/my_profile/profile_editor_controller.rb
app/controllers/my_profile/profile_members_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/chat_controller.rb
app/controllers/public/contact_controller.rb
app/controllers/public/events_controller.rb
app/controllers/public/home_controller.rb
app/controllers/public/invite_controller.rb
 source "https://rubygems.org"
-gem 'rails',                    '~> 3.2.19'
+gem 'rails',                    '~> 3.2.21'
+gem 'minitest',                 '~> 3.2.0'
 gem 'fast_gettext',             '~> 0.6.8'
-gem 'acts-as-taggable-on',      '~> 3.0.2'
-gem 'prototype-rails',          '~> 3.2.1'
-gem 'prototype_legacy_helper',  '0.0.0', :path => 'vendor/prototype_legacy_helper'
+gem 'acts-as-taggable-on',      '~> 3.4.2'
 gem 'rails_autolink',           '~> 1.1.5'
 gem 'pg',                       '~> 0.13.2'
 gem 'rmagick',                  '~> 2.13.1'
@@ -12,16 +11,14 @@ gem &#39;will_paginate&#39;,            &#39;~&gt; 3.0.3&#39;
 gem 'ruby-feedparser',          '~> 0.7'
 gem 'daemons',                  '~> 1.1.5'
 gem 'thin',                     '~> 1.3.1'
-gem 'hpricot',                  '~> 0.8.6'
 gem 'nokogiri',                 '~> 1.5.5'
 gem 'rake', :require => false
 gem 'rest-client',              '~> 1.6.7'
 gem 'exception_notification',   '~> 4.0.1'
 gem 'gettext',                  '~> 2.2.1', :require => false, :group => :development
 gem 'locale',                   '~> 2.0.5'
-
-# FIXME list here all actual dependencies (i.e. the ones in debian/control),
-# with their GEM names (not the Debian package names)
+gem 'whenever', :require => false
+gem 'eita-jrails', '>= 0.9.5', :require => 'jrails'
  
 group :production do
   gem 'dalli', '~> 2.7.0'
@@ -41,6 +38,9 @@ group :cucumber do
   gem 'selenium-webdriver',     '~> 2.39.0'
 end
  
+# Requires custom dependencies
+eval(File.read('config/Gemfile'), binding) rescue nil
+
 # include gemfiles from enabled plugins
 # plugins in baseplugins/ are not included on purpose. They should not have any
 # dependencies.
@@ -21,7 +21,7 @@ Noosfero is written in Ruby with the &quot;[Rails framework](http://www.rubyonrails.o
 You need to install some packages Noosfero depends on. On Debian GNU/Linux or Debian-based systems, all of these packages are available through the Debian archive. You can install them with the following command:
  
     # apt-get install ruby rake po4a libgettext-ruby-util libgettext-ruby1.8 \
-      libsqlite3-ruby rcov librmagick-ruby libredcloth-ruby libhpricot-ruby \
+      libsqlite3-ruby rcov librmagick-ruby libredcloth-ruby \
       libwill-paginate-ruby iso-codes libfeedparser-ruby libdaemons-ruby thin \
       tango-icon-theme
  
@@ -40,7 +40,6 @@ On other systems, they may or may not be available through your regular package 
 * Daemons - http://daemons.rubyforge.org
 * Thin: http://code.macournoyer.com/thin
 * tango-icon-theme: http://tango.freedesktop.org/Tango_Icon_Library
-* Hpricot: http://hpricot.com
  
 If you manage to install Noosfero successfully on other systems than Debian,
 please feel free to contact the Noosfero development mailing with the
@@ -26,7 +26,7 @@ The file config/database.yml must follow a structure in order to achieve multite
  
 Each "hosted" environment must have an entry like this:
  
-    env1_production:
+    env1_production: &DEFAULT
       adapter: postgresql
       encoding: unicode
       database: noosfero
@@ -61,7 +61,7 @@ The &quot;hosted&quot; environments define, besides the `schema_search_path`, a list of do
 You must also tell the application which is the default environment.
  
     production:
-      env1_production
+      <<: *DEFAULT
  
 On the example above there are only three hosted environments, but it can be more than three. The schemas `env2` and `env3` must already exist in the same database of the hosting environment. As postgres user, you can create them typing:
  
@@ -1,41 +0,0 @@
-* ruby-get-text incmopatible with rails3. Maybe we can use it's gem
-
-* all js code is inside miscellaneous.js. Would be nice to refactor this
-
-* rails 2 uses prototype instead of jquery
-
-* config/environment.rb maybe still have some code that should be on the initializers
-
-* initializers session_store.rb inflections.rb... don't exist
-
-* rails gems version have to be forced on Gemfile or it will use incompatible pre3vious versions (3.1.3)
-
-* Sweepers are now natively supported on Rails 3. Would be nice to refactor it
-
-* On Rails 3 it is no more possible to add allowed tags to avoid scape. The html_safe initializer is an option.
-
-* error when call sqlite_extensiosn
-
-* error related to action_tracker
-
-* check FIXME's in script/quick-start
-
-* check FIXME's in Gemfile
-
-* Check the FIXME in config/routes.rb
-
-* rewrite conditional routing. See FIXME in lib/route_if.rb and re-implement using the Rails 3 mechanism - http://guides.rubyonrails.org/routing.html#advanced-constraints
-
-* check FIXME's in config/environment.rb
-
-* xss_terminate sucks. We should replace it with the builtin mechanism in Rails 3
-
-* instance_eval on Ruby 1.9 yields self, so lambdas that are passed to instance_eval and do not accept exactly 1 argument will blow up. See http://www.ruby-forum.com/topic/213313 ... search for instance_eval and fix where necessary. In special, most of the blocks still need fixing.
-
-* all instances of <% *_form_for ... %> must be changed to <%= instead of <%
-
-* all ActiveRecord models have to declare explicitly which attributes must be allowed for mass assignment with attr_accessible.
-
-* check if we need to update config/locales/*
-
-* check observe_field and labelled_form_for in app/helpers/application_helper.rb
@@ -0,0 +1,10 @@
+# Noosfero security
+
+## Reporting security issues in Noosfero
+
+Security vulnerabilities should be reported via an email to
+noosfero-security@listas.softwarelivre.org, which ia a private mailing list.
+Reported problems will be published after fixes are available.
+
+The members of the mailing list are people who provide Noosfero (Noosfero
+committers, mainly).
@@ -87,6 +87,6 @@ class AdminPanelController &lt; AdminController
     scope = scope.order('name ASC')
  
     @q = params[:q]
-    @collection = find_by_contents(:organizations, scope, @q, {:per_page => 10, :page => params[:npage]})[:results]
+    @collection = find_by_contents(:organizations, environment, scope, @q, {:per_page => 10, :page => params[:npage]})[:results]
   end
 end
@@ -33,7 +33,7 @@ class RegionValidatorsController &lt; AdminController
   def load_region_and_search
     @region = environment.regions.find(params[:id])
     if params[:search]
-      @search = find_by_contents(:organizations, Organization, params[:search])[:results].reject {|item| @region.validator_ids.include?(item.id) }
+      @search = find_by_contents(:organizations, environment, Organization, params[:search])[:results].reject {|item| @region.validator_ids.include?(item.id) }
     end
   end
  
@@ -18,7 +18,7 @@ class UsersController &lt; AdminController
     end
     scope = scope.order('name ASC')
     @q = params[:q]
-    @collection = find_by_contents(:people, scope, @q, {:per_page => per_page, :page => params[:npage]})[:results]
+    @collection = find_by_contents(:people, environment, scope, @q, {:per_page => per_page, :page => params[:npage]})[:results]
   end
  
   def set_admin_role
@@ -28,6 +28,7 @@ class ApplicationController &lt; ActionController::Base
       unless environment.access_control_allow_methods.blank?
         response.headers["Access-Control-Allow-Methods"] = environment.access_control_allow_methods
       end
+      response.headers["Access-Control-Allow-Credentials"] = 'true'
     elsif environment.restrict_to_access_control_origins
       render_access_denied _('Origin not in allowed.')
     end
@@ -59,15 +60,7 @@ class ApplicationController &lt; ActionController::Base
   helper :document
   helper :language
  
-  def self.no_design_blocks
-    @no_design_blocks = true
-  end
-  def self.uses_design_blocks?
-    !@no_design_blocks
-  end
-  def uses_design_blocks?
-    !@no_design_blocks && self.class.uses_design_blocks?
-  end
+  include DesignHelper
  
   # Be sure to include AuthenticationSystem in Application Controller instead
   include AuthenticatedSystem
@@ -183,21 +176,19 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  def find_by_contents(asset, scope, query, paginate_options={:page => 1}, options={})
-    plugins.dispatch_first(:find_by_contents, asset, scope, query, paginate_options, options) ||
-    fallback_find_by_contents(asset, scope, query, paginate_options, options)
-  end
+  include SearchTermHelper
  
-  private
+  def find_by_contents(asset, context, scope, query, paginate_options={:page => 1}, options={})
+    search = plugins.dispatch_first(:find_by_contents, asset, scope, query, paginate_options, options)
+    register_search_term(query, scope.count, search[:results].count, context, asset)
+    search
+  end
  
-  def fallback_find_by_contents(asset, scope, query, paginate_options, options)
-    scope = scope.like_search(query) unless query.blank?
-    scope = scope.send(options[:filter]) unless options[:filter].blank?
-    {:results => scope.paginate(paginate_options)}
+  def find_suggestions(query, context, asset, options={})
+    plugins.dispatch_first(:find_suggestions, query, context, asset, options)
   end
  
   def private_environment?
     @environment.enabled?(:restrict_to_members)
   end
-
 end
@@ -23,6 +23,9 @@ class CmsController &lt; MyProfileController
   end
  
   before_filter :login_required, :except => [:suggest_an_article]
+  before_filter :load_recent_files, :only => [:new, :edit]
+
+  helper_method :file_types
  
   protect_if :only => :upload_files do |c, user, profile|
     article_id = c.params[:parent_id]
@@ -30,7 +33,7 @@ class CmsController &lt; MyProfileController
     (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
   end
  
-  protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new] do |c, user, profile|
+  protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :publish_on_portal_community, :publish_on_communities, :search_communities_to_publish, :upload_files, :new] do |c, user, profile|
     user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))
   end
  
@@ -40,7 +43,7 @@ class CmsController &lt; MyProfileController
     (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
   end
  
-  protect_if :only => [:destroy, :publish] do |c, user, profile|
+  protect_if :only => :destroy do |c, user, profile|
     profile.articles.find(c.params[:id]).allow_post_content?(user)
   end
  
@@ -117,7 +120,7 @@ class CmsController &lt; MyProfileController
     @success_back_to = params[:success_back_to]
     # user must choose an article type first
  
-    @parent = profile.articles.find(params[:parent_id]) if params && params[:parent_id]
+    @parent = profile.articles.find(params[:parent_id]) if params && params[:parent_id].present?
     record_coming
     @type = params[:type]
     if @type.blank?
@@ -163,7 +166,10 @@ class CmsController &lt; MyProfileController
         if continue
           redirect_to :action => 'edit', :id => @article
         else
-          success_redirect
+          respond_to do |format|
+            format.html { success_redirect }
+            format.json { render :text => {:id => @article.id, :full_name => profile.identifier + '/' + @article.full_name}.to_json }
+          end
         end
         return
       end
@@ -256,28 +262,53 @@ class CmsController &lt; MyProfileController
     render :template => 'shared/update_categories', :locals => { :category => @current_category, :object_name => 'article' }
   end
  
+  def search_communities_to_publish
+    render :text => find_by_contents(:profiles, environment, user.memberships, params['q'], {:page => 1}, {:fields => ['name']})[:results].map {|community| {:id => community.id, :name => community.name} }.to_json
+  end
+
   def publish
     @article = profile.articles.find(params[:id])
     record_coming
-    @groups = profile.memberships - [profile]
-    @marked_groups = []
-    groups_ids = profile.memberships.map{|m|m.id.to_s}
-    @marked_groups = params[:marked_groups].map do |key, item|
-      if groups_ids.include?(item[:group_id])
-        item.merge :group => Profile.find(item.delete(:group_id))
+    @failed = {}
+    if request.post?
+      article_name = params[:name]
+      task = ApproveArticle.create!(:article => @article, :name => article_name, :target => user, :requestor => user)
+      begin
+        task.finish
+      rescue Exception => ex
+         @failed[ex.message] ? @failed[ex.message] << @article.name : @failed[ex.message] = [@article.name]
+         task.cancel
+      end
+      if @failed.blank?
+        session[:notice] = _("Your publish request was sent successfully")
+        if @back_to
+          redirect_to @back_to
+        else
+          redirect_to @article.view_url
+        end
       end
-    end.compact unless params[:marked_groups].nil?
+    end
+  end
+
+  def publish_on_communities
     if request.post?
+      @back_to = params[:back_to]
+      @article = profile.articles.find(params[:id])
       @failed = {}
+      article_name = params[:name]
+      params_marked = (params['q'] || '').split(',').select { |marked| user.memberships.map(&:id).include? marked.to_i }
+      @marked_groups = Profile.find(params_marked)
       if @marked_groups.empty?
+        redirect_to @back_to
         return session[:notice] = _("Select some group to publish your article")
       end
       @marked_groups.each do |item|
-        task = ApproveArticle.create!(:article => @article, :name => item[:name], :target => item[:group], :requestor => profile)
+        task = ApproveArticle.create!(:article => @article, :name => article_name, :target => item, :requestor => user)
         begin
-          task.finish unless item[:group].moderated_articles?
+          task.finish unless item.moderated_articles?
         rescue Exception => ex
-          @failed[ex.message] ? @failed[ex.message] << item[:group].name : @failed[ex.message] = [item[:group].name]
+           @failed[ex.message] ? @failed[ex.message] << item.name : @failed[ex.message] = [item.name]
+           task.cancel
         end
       end
       if @failed.blank?
@@ -287,23 +318,27 @@ class CmsController &lt; MyProfileController
         else
           redirect_to @article.view_url
         end
+      else
+        session[:notice] = _("Some of your publish requests couldn't be sent.")
+        render :action => 'publish'
       end
     end
   end
  
   def publish_on_portal_community
-    @article = profile.articles.find(params[:id])
     if request.post?
-      if environment.portal_community
+      @article = profile.articles.find(params[:id])
+      if environment.portal_enabled
         task = ApproveArticle.create!(:article => @article, :name => params[:name], :target => environment.portal_community, :requestor => user)
         begin
           task.finish unless environment.portal_community.moderated_articles?
-          flash[:notice] = _("Your publish request was sent successfully")
+          session[:notice] = _("Your publish request was sent successfully")
         rescue
-          flash[:error] = _("Your publish request couldn't be sent.")
+          session[:notice] = _("Your publish request couldn't be sent.")
+          task.cancel
         end
       else
-        flash[:notice] = _("There is no portal community to publish your article.")
+        session[:notice] = _("There is no portal community to publish your article.")
       end
  
       if @back_to
@@ -331,7 +366,7 @@ class CmsController &lt; MyProfileController
  
   def search
     query = params[:q]
-    results = find_by_contents(:uploaded_files, profile.files.published, query)[:results]
+    results = find_by_contents(:uploaded_files, profile, profile.files.published, query)[:results]
     render :text => article_list_to_json(results), :content_type => 'application/json'
   end
  
@@ -342,15 +377,26 @@ class CmsController &lt; MyProfileController
   end
  
   def media_upload
-    files_uploaded = []
     parent = check_parent(params[:parent_id])
-    files = [:file1,:file2, :file3].map { |f| params[f] }.compact
     if request.post?
-      files.each do |file|
-        files_uploaded << UploadedFile.create(:uploaded_data => file, :profile => profile, :parent => parent) unless file == ''
+      begin
+        @file = UploadedFile.create!(:uploaded_data => params[:file], :profile => profile, :parent => parent) unless params[:file] == ''
+        @file = FilePresenter.for(@file)
+      rescue Exception => exception
+        render :text => exception.to_s, :status => :bad_request
       end
     end
-    render :text => article_list_to_json(files_uploaded), :content_type => 'text/plain'
+  end
+
+  def published_media_items
+    load_recent_files(params[:parent_id], params[:q])
+    render :partial => 'published_media_items'
+  end
+
+  def view_all_media
+    paginate_options = {:page => params[:page].blank? ? 1 : params[:page] }
+    @key = params[:key].to_sym
+    load_recent_files(params[:parent_id], params[:q], paginate_options)
   end
  
   protected
@@ -445,4 +491,36 @@ class CmsController &lt; MyProfileController
     end
   end
  
+  def file_types
+    {:images => _('Images'), :generics => _('Files')}
+  end
+
+  def load_recent_files(parent_id = nil, q = nil, paginate_options = {:page => 1, :per_page => 6})
+    #TODO Since we only have special support for images, I'm limiting myself to
+    #     consider generic files as non-images. In the future, with more supported
+    #     file types we'll need to have a smart way to fetch from the database
+    #     scopes of each supported type as well as the non-supported types as a
+    #     whole.
+    @recent_files = {}
+
+    parent = parent_id.present? ? profile.articles.find(parent_id) : nil
+    if parent.present?
+      files = parent.children.files
+    else
+      files = profile.files
+    end
+
+    files = files.reorder('created_at DESC')
+    images = files.images
+    generics = files.no_images
+
+    if q.present?
+      @recent_files[:images] = find_by_contents(:images, profile, images, q, paginate_options)[:results]
+      @recent_files[:generics] = find_by_contents(:generics, profile, generics, q, paginate_options)[:results]
+    else
+      @recent_files[:images] = images.paginate(paginate_options)
+      @recent_files[:generics] = generics.paginate(paginate_options)
+    end
+  end
+
 end
@@ -3,6 +3,7 @@ class FriendsController &lt; MyProfileController
   protect 'manage_friends', :profile
  
   def index
+    @suggestions = profile.profile_suggestions.of_person.enabled.includes(:suggestion).limit(per_page)
     if is_cache_expired?(profile.manage_friends_cache_key(params))
       @friends = profile.friends.paginate(:per_page => per_page, :page => params[:npage])
     end
@@ -16,6 +17,30 @@ class FriendsController &lt; MyProfileController
     end
   end
  
+  def suggest
+    @suggestions = profile.profile_suggestions.of_person.enabled.includes(:suggestion).limit(per_page)
+  end
+
+  def remove_suggestion
+    @person = profile.suggested_people.find_by_identifier(params[:id])
+    redirect_to :action => 'suggest' unless @person
+    if @person && request.post?
+      profile.remove_suggestion(@person)
+      @suggestions = profile.profile_suggestions.of_person.enabled.includes(:suggestion).limit(per_page)
+      render :partial => 'shared/profile_suggestions_list', :locals => { :suggestions => @suggestions, :collection => :friends_suggestions, :per_page => params[:per_page] || per_page }
+    end
+  end
+
+  def connections
+    @suggestion = profile.profile_suggestions.of_person.enabled.find_by_suggestion_id(params[:id])
+    if @suggestion
+      @tags = @suggestion.tag_connections
+      @profiles = @suggestion.profile_connections
+    else
+      redirect_to :action => 'suggest'
+    end
+  end
+
   protected
  
   class << self
@@ -20,12 +20,54 @@ class MembershipsController &lt; MyProfileController
     @community.environment = environment
     @back_to = params[:back_to] || url_for(:action => 'index')
     if request.post? && @community.valid?
-      @community = Community.create_after_moderation(user, params[:community].merge({:environment => environment}))
-      if @community.new_record?
+      begin
+        # Community was created
+        @community = Community.create_after_moderation(user, params[:community].merge({:environment => environment}))
+        @community.reload
+        redirect_to :action => 'welcome', :community_id => @community.id, :back_to => @back_to
+      rescue ActiveRecord::RecordNotFound
+        # Community pending approval
         session[:notice] = _('Your new community creation request will be evaluated by an administrator. You will be notified.')
+        redirect_to @back_to
       end
-      redirect_to @back_to
       return
     end
   end
+
+  def welcome
+    @community = Community.find(params[:community_id])
+    @back_to = params[:back_to]
+  end
+
+  def suggest
+    @suggestions = profile.profile_suggestions.of_community.enabled.includes(:suggestion).limit(per_page)
+  end
+
+  def remove_suggestion
+    @community = profile.suggested_communities.find_by_identifier(params[:id])
+    custom_per_page = params[:per_page] || per_page
+    redirect_to :action => 'suggest' unless @community
+    if @community && request.post?
+      profile.remove_suggestion(@community)
+      @suggestions = profile.profile_suggestions.of_community.enabled.includes(:suggestion).limit(custom_per_page)
+      render :partial => 'shared/profile_suggestions_list', :locals => { :suggestions => @suggestions, :collection => :communities_suggestions, :per_page => custom_per_page}
+    end
+  end
+
+  def connections
+    @suggestion = profile.profile_suggestions.of_community.enabled.find_by_suggestion_id(params[:id])
+    if @suggestion
+      @tags = @suggestion.tag_connections
+      @profiles = @suggestion.profile_connections
+    else
+      redirect_to :action => 'suggest'
+    end
+  end
+
+  protected
+
+  def per_page
+    12
+  end
+
 end
@@ -3,6 +3,10 @@ class ProfileEditorController &lt; MyProfileController
   protect 'edit_profile', :profile, :except => [:destroy_profile]
   protect 'destroy_profile', :profile, :only => [:destroy_profile]
  
+  before_filter :access_welcome_page, :only => [:welcome_page]
+  before_filter :back_to
+  helper_method :has_welcome_page
+
   def index
     @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)}
   end
@@ -85,6 +89,21 @@ class ProfileEditorController &lt; MyProfileController
     end
   end
  
+  def welcome_page
+    @welcome_page = profile.welcome_page || TinyMceArticle.new(:name => 'Welcome Page', :profile => profile, :published => false)
+    if request.post?
+      begin
+        @welcome_page.update_attributes!(params[:welcome_page])
+        profile.welcome_page = @welcome_page
+        profile.save!
+        session[:notice] = _('Welcome page saved successfully.')
+        redirect_to :action => 'index'
+      rescue Exception => exception
+        session[:notice] = _('Welcome page could not be saved.')
+      end
+    end
+  end
+
   def deactivate_profile
     if environment.admins.include?(current_person)
       profile = environment.profiles.find(params[:id])
@@ -116,9 +135,24 @@ class ProfileEditorController &lt; MyProfileController
   protected
  
   def redirect_to_previous_location
-    back = request.referer
-    back = "/" if back.nil?
+    redirect_to @back_to
+  end
  
-    redirect_to back
+  #TODO Consider using this as a general controller feature to be available on every action.
+  def back_to
+    @back_to = params[:back_to] || request.referer || "/"
   end
+
+  private
+
+  def has_welcome_page
+    profile.is_template
+  end
+
+  def access_welcome_page
+    unless has_welcome_page
+      render_access_denied
+    end
+  end
+
 end
@@ -20,7 +20,7 @@ class ProfileMembersController &lt; MyProfileController
         redirect_to :action => :last_admin
       elsif @person.define_roles(@roles, profile)
         session[:notice] = _('Roles successfuly updated')
-        redirect_to :controller => 'profile_editor'
+        redirect_to :action => 'index'
       else
         session[:notice] = _('Couldn\'t change the roles')
         redirect_to :action => 'index'
@@ -82,10 +82,12 @@ class AccountController &lt; ApplicationController
     if @plugins.dispatch(:allow_user_registration).include?(false)
       redirect_back_or_default(:controller => 'home')
       session[:notice] = _("This environment doesn't allow user registration.")
+      return
     end
  
     store_location(request.referer) unless params[:return_to] or session[:return_to]
  
+    # Tranforming to boolean
     @block_bot = !!session[:may_be_a_bot]
     @invitation_code = params[:invitation_code]
     begin
@@ -129,8 +131,8 @@ class AccountController &lt; ApplicationController
             check_join_in_community(@user)
             go_to_signup_initial_page
           else
+            redirect_to :controller => :home, :action => :welcome, :template_id => (@user.person.template && @user.person.template.id)
             session[:notice] = _('Thanks for registering!')
-            @register_pending = true
           end
         end
       end
@@ -461,6 +463,8 @@ class AccountController &lt; ApplicationController
         redirect_to user.url
       when 'user_control_panel'
         redirect_to user.admin_url
+      when 'welcome_page'
+        redirect_to :controller => :home, :action => :welcome, :template_id => (user.template && user.template.id)
     else
       redirect_back_or_default(default)
     end
@@ -6,6 +6,7 @@ class ChatController &lt; PublicController
   def start_session
     login = user.jid
     password = current_user.crypted_password
+    session[:chat] ||= {:rooms => []}
     begin
       jid, sid, rid = RubyBOSH.initialize_session(login, password, "http://#{environment.default_hostname}/http-bind",
                                                   :wait => 30, :hold => 1, :window => 5)
@@ -16,6 +17,31 @@ class ChatController &lt; PublicController
     end
   end
  
+  def toggle
+    session[:chat][:status] = session[:chat][:status] == 'opened' ? 'closed' : 'opened'
+    render :nothing => true
+  end
+
+  def tab
+    session[:chat][:tab_id] = params[:tab_id]
+    render :nothing => true
+  end
+
+  def join
+    session[:chat][:rooms] << params[:room_id]
+    session[:chat][:rooms].uniq!
+    render :nothing => true
+  end
+
+  def leave
+    session[:chat][:rooms].delete(params[:room_id])
+    render :nothing => true
+  end
+
+  def my_session
+    render :text => session[:chat].to_json, :layout => false
+  end
+
   def avatar
     profile = environment.profiles.find_by_identifier(params[:id])
     filename, mimetype = profile_icon(profile, :minor, true)
@@ -28,15 +54,6 @@ class ChatController &lt; PublicController
     end
   end
  
-  def index
-    presence = current_user.last_chat_status
-    if presence.blank? or presence == 'chat'
-      render :action => 'auto_connect_online'
-    else
-      render :action => 'auto_connect_busy'
-    end
-  end
-
   def update_presence_status
     if request.xhr?
       current_user.update_attributes({:chat_status_at => DateTime.now}.merge(params[:status] || {}))
@@ -44,6 +61,44 @@ class ChatController &lt; PublicController
     render :nothing => true
   end
  
+  def save_message
+    to = environment.profiles.find_by_identifier(params[:to])
+    body = params[:body]
+
+    ChatMessage.create!(:to => to, :from => user, :body => body)
+    render :text => 'ok'
+  end
+
+  def recent_messages
+    other = environment.profiles.find_by_identifier(params[:identifier])
+    if other.kind_of?(Organization)
+      messages = ChatMessage.where('to_id=:other', :other => other.id)
+    else
+      messages = ChatMessage.where('(to_id=:other and from_id=:me) or (to_id=:me and from_id=:other)', {:me => user.id, :other => other.id})
+    end
+
+    messages = messages.order('created_at DESC').includes(:to, :from).offset(params[:offset]).limit(20)
+    messages_json = messages.map do |message|
+      {
+        :body => message.body,
+        :to => {:id => message.to.identifier, :name => message.to.name},
+        :from => {:id => message.from.identifier, :name => message.from.name},
+        :created_at => message.created_at
+      }
+    end
+    render :json => messages_json.reverse
+  end
+
+  def recent_conversations
+    conversations_order = ActiveRecord::Base.connection.execute("select profiles.identifier from profiles inner join (select distinct r.id as id, MAX(r.created_at) as created_at from (select from_id, to_id, created_at, (case when from_id=#{user.id} then to_id else from_id end) as id from chat_messages where from_id=#{user.id} or to_id=#{user.id}) as r group by id order by created_at desc, id) as t on profiles.id=t.id order by t.created_at desc").entries.map {|e| e['identifier']}
+    render :json => {:order => conversations_order.reverse, :domain => environment.default_hostname.gsub('.','-')}.to_json
+  end
+
+  #TODO Ideally this is done through roster table on ejabberd.
+  def roster_groups
+    render :text => user.memberships.map {|m| {:jid => m.jid, :name => m.name}}.to_json
+  end
+
   protected
  
   def check_environment_feature
 class ContactController < PublicController
  
-  before_filter :login_required
-
   needs_profile
+  before_filter :allow_access_to_page
  
   def new
-    @contact
+    @contact = build_contact
     if request.post? && params[:confirm] == 'true'
-      @contact = user.build_contact(profile, params[:contact])
       @contact.city = (!params[:city].blank? && City.exists?(params[:city])) ? City.find(params[:city]).name : nil
       @contact.state = (!params[:state].blank? && State.exists?(params[:state])) ? State.find(params[:state]).name : nil
       if @contact.deliver
@@ -16,8 +14,17 @@ class ContactController &lt; PublicController
       else
         session[:notice] = _('Contact not sent')
       end
+    end
+  end
+
+  protected
+
+  def build_contact
+    params[:contact] ||= {}
+    if logged_in?
+      user.build_contact profile, params[:contact]
     else
-      @contact = user.build_contact(profile)
+      Contact.new params[:contact].merge(dest: profile)
     end
   end
  
 class EventsController < PublicController
  
   needs_profile
+  before_filter :allow_access_to_page
  
   def events
     @events = []
@@ -2,13 +2,13 @@ class HomeController &lt; PublicController
  
   def index
     @has_news = false
-    if environment.enabled?('use_portal_community') && environment.portal_community
+    if environment.portal_enabled
       @has_news = true
       @news_cache_key = environment.portal_news_cache_key(FastGettext.locale)
       if !read_fragment(@news_cache_key)
         portal_community = environment.portal_community
-        @highlighted_news = portal_community.news(2, true)
-        @portal_news = portal_community.news(7, true) - @highlighted_news
+        @highlighted_news = portal_community.news(environment.highlighted_news_amount, true)
+        @portal_news = portal_community.news(environment.portal_news_amount, true).offset(environment.highlighted_news_amount)
         @area_news = environment.portal_folders
       end
     end
@@ -18,4 +18,10 @@ class HomeController &lt; PublicController
     @no_design_blocks = true
   end
  
+  def welcome
+    @no_design_blocks = true
+    @display_confirmation_tips = !user.present? && !environment.enabled?(:skip_new_user_email_confirmation)
+    @person_template = user && user.template || params[:template_id] && Person.find(params[:template_id])
+  end
+
 end
@@ -4,8 +4,15 @@ class InviteController &lt; PublicController
   before_filter :login_required
   before_filter :check_permissions_to_invite
  
-  def select_address_book
+  def invite_friends
     @import_from = params[:import_from] || "manual"
+    @mail_template = params[:mail_template] || environment.invitation_mail_template(profile)
+
+    labels = Profile::SEARCHABLE_FIELDS.except(:nickname).merge(User::SEARCHABLE_FIELDS).map { |name,info| info[:label].downcase }
+    last = labels.pop
+    label = labels.join(', ')
+    @search_fields = "#{label} #{_('or')} #{last}"
+
     if request.post?
       contact_list = ContactList.create
       Delayed::Job.enqueue GetEmailContactsJob.new(@import_from, params[:login], params[:password], contact_list.id) if @import_from != 'manual'
@@ -22,7 +29,7 @@ class InviteController &lt; PublicController
       webmail_import_addresses = params[:webmail_import_addresses]
       contacts_to_invite = Invitation.join_contacts(manual_import_addresses, webmail_import_addresses)
       if !contacts_to_invite.empty?
-        Delayed::Job.enqueue InvitationJob.new(current_user.person.id, contacts_to_invite, params[:mail_template], profile.id, @contact_list.id, locale)
+        Delayed::Job.enqueue InvitationJob.new(user.id, contacts_to_invite, params[:mail_template], profile.id, @contact_list.id, locale)
         session[:notice] = _('Your invitations are being sent.')
         if profile.person?
           redirect_to :controller => 'profile', :action => 'friends'
@@ -52,16 +59,36 @@ class InviteController &lt; PublicController
   def cancel_fetching_emails
     contact_list = ContactList.find(params[:contact_list])
     contact_list.destroy
-    redirect_to :action => 'select_address_book'
+    redirect_to :action => 'invite_friends'
+  end
+
+  def invite_registered_friend
+    contacts_to_invite = params['q'].split(',')
+    if !contacts_to_invite.empty? && request.post?
+      Delayed::Job.enqueue InvitationJob.new(user.id, contacts_to_invite, '', profile.id, nil, locale)
+      session[:notice] = _('Your invitations are being sent.')
+      if profile.person?
+        redirect_to :controller => 'profile', :action => 'friends'
+      else
+        redirect_to :controller => 'profile', :action => 'members'
+      end
+    else
+      redirect_to :action => 'invite_friends'
+      session[:notice] = _('Please enter a valid profile.')
+    end
+  end
+
+  def search
+    scope = profile.invite_friends_only ? user.friends : environment.people
+    scope = scope.not_members_of(profile) if profile.organization?
+    scope = scope.not_friends_of(profile) if profile.person?
+    results = find_by_contents(:people, environment, scope, params['q'], {:page => 1}, {:joins => :user})[:results]
+    render :text => prepare_to_token_input(results).to_json
   end
  
   protected
  
   def check_permissions_to_invite
-    if profile.person? and !current_user.person.has_permission?(:manage_friends, profile) or
-      profile.community? and !current_user.person.has_permission?(:invite_members, profile)
-      render_access_denied
-    end
+    render_access_denied if !profile.allow_invitation_from?(user)
   end
-
 end
@@ -16,13 +16,7 @@ class ProfileController &lt; PublicController
       @activities = @profile.activities.paginate(:per_page => 15, :page => params[:page])
     end
     @tags = profile.article_tags
-    unless profile.display_info_to?(user)
-      if profile.visible?
-        private_profile
-      else
-        invisible_profile
-      end
-    end
+    allow_access_to_page
   end
  
   def tags
@@ -396,17 +390,6 @@ class ProfileController &lt; PublicController
     end
   end
  
-  def private_profile
-    private_profile_partial_parameters
-    render :action => 'index', :status => 403
-  end
-
-  def invisible_profile
-    unless profile.is_template?
-      render_access_denied(_("This profile is inaccessible. You don't have the permission to view the content here."), _("Oops ... you cannot go ahead here"))
-    end
-  end
-
   def per_page
     Noosfero::Constants::PROFILE_PER_PAGE
   end
@@ -9,9 +9,12 @@ class ProfileSearchController &lt; PublicController
     @q = params[:q]
     unless @q.blank?
       if params[:where] == 'environment'
-        redirect_to :controller => 'search', :query => @q
+        # user is using global search, redirects to the search controller with
+        # the query
+        search_path = url_for(:controller => 'search', :query => @q)
+        request.xhr? ? render(:js => "window.location.href = #{search_path.to_json}") : redirect_to(search_path)
       else
-        @results = find_by_contents(:articles, profile.articles.published, @q, {:per_page => 10, :page => params[:page]})[:results]
+        @results = find_by_contents(:articles, profile, profile.articles.published, @q, {:per_page => 10, :page => params[:page]})[:results]
       end
     end
   end
@@ -4,11 +4,11 @@ class SearchController &lt; PublicController
   include SearchHelper
   include ActionView::Helpers::NumberHelper
  
-  before_filter :redirect_asset_param, :except => :assets
-  before_filter :load_category
-  before_filter :load_search_assets
-  before_filter :load_query
-  before_filter :load_filter
+  before_filter :redirect_asset_param, :except => [:assets, :suggestions]
+  before_filter :load_category, :except => :suggestions
+  before_filter :load_search_assets, :except => :suggestions
+  before_filter :load_query, :except => :suggestions
+  before_filter :load_order, :except => :suggestions
  
   # Backwards compatibility with old URLs
   def redirect_asset_param
@@ -20,7 +20,7 @@ class SearchController &lt; PublicController
  
   def index
     @searches = {}
-    @order = []
+    @assets = []
     @names = {}
     @results_only = true
  
@@ -28,7 +28,7 @@ class SearchController &lt; PublicController
       load_query
       @asset = key
       send(key)
-      @order << key
+      @assets << key
       @names[key] = _(description)
     end
     @asset = nil
@@ -42,7 +42,7 @@ class SearchController &lt; PublicController
   # view the summary of one category
   def category_index
     @searches = {}
-    @order = []
+    @assets = []
     @names = {}
     limit = MULTIPLE_SEARCH_LIMIT
     [
@@ -53,7 +53,7 @@ class SearchController &lt; PublicController
       [ :communities, _('Communities'), :recent_communities ],
       [ :articles, _('Contents'), :recent_articles ]
     ].each do |asset, name, filter|
-      @order << asset
+      @assets << asset
       @searches[asset]= {:results => @category.send(filter, limit)}
       raise "No total_entries for: #{asset}" unless @searches[asset][:results].respond_to?(:total_entries)
       @names[asset] = name
@@ -147,12 +147,16 @@ class SearchController &lt; PublicController
     render :partial => 'events/events'
   end
  
+  def suggestions
+    render :text => find_suggestions(normalize_term(params[:term]), environment, params[:asset]).to_json
+  end
+
   #######################################################
   protected
  
   def load_query
     @asset = (params[:asset] || params[:action]).to_sym
-    @order ||= [@asset]
+    @assets ||= [@asset]
     @searches ||= {}
  
     @query = params[:query] || ''
@@ -173,13 +177,22 @@ class SearchController &lt; PublicController
     end
   end
  
+  AVAILABLE_SEARCHES = ActiveSupport::OrderedHash[
+    :articles, _('Contents'),
+    :people, _('People'),
+    :communities, _('Communities'),
+    :enterprises, _('Enterprises'),
+    :products, _('Products and Services'),
+    :events, _('Events'),
+  ]
+
   def load_search_assets
-    if SEARCHES.keys.include?(params[:action].to_sym) && environment.enabled?("disable_asset_#{params[:action]}")
+    if AVAILABLE_SEARCHES.keys.include?(params[:action].to_sym) && environment.enabled?("disable_asset_#{params[:action]}")
       render_not_found
       return
     end
  
-    @enabled_searches = SEARCHES.select {|key, name| environment.disabled?("disable_asset_#{key}") }
+    @enabled_searches = AVAILABLE_SEARCHES.select {|key, name| environment.disabled?("disable_asset_#{key}") }
     @searching = {}
     @titles = {}
     @enabled_searches.each do |key, name|
@@ -189,11 +202,11 @@ class SearchController &lt; PublicController
     @names = @titles if @names.nil?
   end
  
-  def load_filter
-    @filter = 'more_recent'
-    if SEARCHES.keys.include?(@asset.to_sym)
-      available_filters = asset_class(@asset)::SEARCH_FILTERS
-      @filter = params[:filter] if available_filters.include?(params[:filter])
+  def load_order
+    @order = 'more_recent'
+    if AVAILABLE_SEARCHES.keys.include?(@asset.to_sym)
+      available_orders = asset_class(@asset)::SEARCH_FILTERS[:order]
+      @order = params[:order] if available_orders.include?(params[:order])
     end
   end
  
@@ -217,7 +230,7 @@ class SearchController &lt; PublicController
   end
  
   def full_text_search
-    @searches[@asset] = find_by_contents(@asset, @scope, @query, paginate_options, {:category => @category, :filter => @filter})
+    @searches[@asset] = find_by_contents(@asset, environment, @scope, @query, paginate_options, {:category => @category, :filter => @order})
   end
  
   private
@@ -232,4 +245,14 @@ class SearchController &lt; PublicController
     20
   end
  
+  def available_assets
+    assets = ActiveSupport::OrderedHash[
+      :articles, _('Contents'),
+      :enterprises, _('Enterprises'),
+      :people, _('People'),
+      :communities, _('Communities'),
+      :products, _('Products and Services'),
+    ]
+  end
+
 end
 class PublicController < ApplicationController
+  protected
+
+  def allow_access_to_page
+    unless profile.display_info_to?(user)
+      if profile.visible?
+        private_profile
+      else
+        invisible_profile
+      end
+    end
+  end
+
+  def private_profile
+    private_profile_partial_parameters
+    render :template => 'profile/_private_profile', :status => 403, :formats => [:html]
+  end
+
+  def invisible_profile
+    unless profile.is_template?
+      render_access_denied(_("This profile is inaccessible. You don't have the permission to view the content here."), _("Oops ... you cannot go ahead here"))
+    end
+  end
 end
@@ -8,11 +8,7 @@ module ApplicationHelper
  
   include PermissionNameHelper
  
-  include LightboxHelper
-
-  include ThickboxHelper
-
-  include ColorboxHelper
+  include ModalHelper
  
   include BoxesHelper
  
@@ -46,6 +42,8 @@ module ApplicationHelper
  
   include CatalogHelper
  
+  include PluginsHelper
+
   def locale
     (@page && !@page.language.blank?) ? @page.language : FastGettext.locale
   end
@@ -594,7 +592,7 @@ module ApplicationHelper
     extra_info = extra_info.nil? ? '' : content_tag( 'span', extra_info, :class => 'extra_info' )
     links = links_for_balloon(profile)
     content_tag('div', content_tag(tag,
-                                   (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ? link_to( content_tag( 'span', _('Profile links')), '#', :onclick => "toggleSubmenu(this, '#{profile.short_name}', #{CGI::escapeHTML(links.to_json)}); return false", :class => "menu-submenu-trigger #{trigger_class}", :url => url) : "") +
+                                   (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ? popover_menu(_('Profile links'),profile.short_name,links,{:class => trigger_class, :url => url}) : "") +
     link_to(
       content_tag( 'span', profile_image( profile, size ), :class => 'profile-image' ) +
       content_tag( 'span', h(name), :class => ( profile.class == Person ? 'fn' : 'org' ) ) +
@@ -606,6 +604,14 @@ module ApplicationHelper
       :class => 'vcard'), :class => 'common-profile-list-block')
   end
  
+  def popover_menu(title,menu_title,links,html_options={})
+    html_options[:class] = "" unless html_options[:class]
+    html_options[:class] << " menu-submenu-trigger"
+    html_options[:onclick] = "toggleSubmenu(this, '#{menu_title}', #{CGI::escapeHTML(links.to_json)}); return false"
+
+    link_to(content_tag(:span, title), '#', html_options)
+  end
+
   def gravatar_default
     (respond_to?(:theme_option) && theme_option.present? && theme_option['gravatar']) || NOOSFERO_CONF['gravatar'] || 'mm'
   end
@@ -649,8 +655,8 @@ module ApplicationHelper
       ' onfocus="if(this.value==\''+s+'\'){this.value=\'\'} this.form.className=\'focus-in\'"'+
       ' onblur="if(/^\s*$/.test(this.value)){this.value=\''+s+'\'} this.form.className=\'focus-out\'">'+
       '</form>'
-    else #opt == 'lightbox_link' is default
-      lightbox_link_to '<span class="icon-menu-search"></span>'+ _('Search'), {
+    else
+      modal_link_to '<span class="icon-menu-search"></span>'+ _('Search'), {
                        :controller => 'search',
                        :action => 'popup',
                        :category_path => (@category ? @category.explode_path : nil)},
@@ -720,7 +726,7 @@ module ApplicationHelper
   class NoosferoFormBuilder < ActionView::Helpers::FormBuilder
     extend ActionView::Helpers::TagHelper
  
-    def self.output_field(text, field_html, field_id = nil)
+    def self.output_field(text, field_html, field_id = nil, options = {})
       # try to guess an id if none given
       if field_id.nil?
         field_html =~ /id=['"]([^'"]*)['"]/
@@ -862,8 +868,9 @@ module ApplicationHelper
   end
  
   def base_url
-    environment.top_url
+    environment.top_url(request.scheme)
   end
+  alias :top_url :base_url
  
   def helper_for_article(article)
     article_helper = ActionView::Base.new
@@ -1047,11 +1054,11 @@ module ApplicationHelper
       {s_('contents|Most commented') => {:href => url_for({:controller => 'search', :action => 'contents', :filter => 'more_comments'})}}
     ]
     if logged_in?
-      links.push(_('New content') => colorbox_options({:href => url_for({:controller => 'cms', :action => 'new', :profile => current_user.login, :cms => true})}))
+      links.push(_('New content') => modal_options({:href => url_for({:controller => 'cms', :action => 'new', :profile => current_user.login, :cms => true})}))
     end
  
     link_to(content_tag(:span, _('Contents'), :class => 'icon-menu-articles'), {:controller => "search", :action => 'contents', :category_path => nil}, :id => 'submenu-contents') +
-    link_to(content_tag(:span, _('Contents menu')), '#', :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-contents-trigger')
+    popover_menu(_('Contents menu'),'',links,:class => 'up', :id => 'submenu-contents-trigger')
   end
   alias :browse_contents_menu :search_contents_menu
  
@@ -1067,7 +1074,7 @@ module ApplicationHelper
      end
  
     link_to(content_tag(:span, _('People'), :class => 'icon-menu-people'), {:controller => "search", :action => 'people', :category_path => ''}, :id => 'submenu-people') +
-    link_to(content_tag(:span, _('People menu')), '#', :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-people-trigger')
+    popover_menu(_('People menu'),'',links,:class => 'up', :id => 'submenu-people-trigger')
   end
   alias :browse_people_menu :search_people_menu
  
@@ -1083,7 +1090,7 @@ module ApplicationHelper
      end
  
     link_to(content_tag(:span, _('Communities'), :class => 'icon-menu-community'), {:controller => "search", :action => 'communities'}, :id => 'submenu-communities') +
-    link_to(content_tag(:span, _('Communities menu')), '#', :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-communities-trigger')
+    popover_menu(_('Communities menu'),'',links,:class => 'up', :id => 'submenu-communities-trigger')
   end
   alias :browse_communities_menu :search_communities_menu
  
@@ -1306,8 +1313,19 @@ module ApplicationHelper
     end
   end
  
-  def remove_content_button(action)
-    @plugins.dispatch("content_remove_#{action.to_s}", @page).include?(true)
+  def content_remove_spread(content)
+    !content.public? || content.folder? || (profile == user && user.communities.blank? && !environment.portal_enabled)
+  end
+
+  def remove_content_button(action, content)
+    method_name = "content_remove_#{action.to_s}"
+    plugin_condition = @plugins.dispatch(method_name, content).include?(true)
+    begin
+      core_condition = self.send(method_name, content)
+    rescue NoMethodError
+      core_condition = false
+    end
+    core_condition || plugin_condition
   end
  
   def template_options(kind, field_name)
@@ -1384,16 +1402,16 @@ module ApplicationHelper
   end
  
   def convert_macro(html, source)
-    doc = Hpricot(html)
+    doc = Nokogiri::HTML.fragment html
     #TODO This way is more efficient but do not support macro inside of
     #     macro. You must parse them from the inside-out in order to enable
     #     that.
-    doc.search('.macro').each do |macro|
+    doc.css('.macro').each do |macro|
       macro_name = macro['data-macro']
       result = @plugins.parse_macro(macro_name, macro, source)
       macro.inner_html = result.kind_of?(Proc) ? self.instance_exec(&result) : result
     end
-    doc.html
+    doc.to_html
   end
  
   def default_folder_for_image_upload(profile)
@@ -1410,6 +1428,43 @@ module ApplicationHelper
     content_tag('ul', article.versions.map {|v| link_to("r#{v.version}", @page.url.merge(:version => v.version))})
   end
  
+  def search_input_with_suggestions(name, asset, default, options = {})
+    text_field_tag name, default, options.merge({:class => 'search-input-with-suggestions', 'data-asset' => asset})
+  end
+
+  def profile_suggestion_profile_connections(suggestion)
+    profiles = suggestion.profile_connections.first(4).map do |profile|
+      link_to(profile_image(profile, :icon, :title => profile.name), profile.url, :class => 'profile-suggestion-connection-icon')
+    end
+
+    controller_target = suggestion.suggestion_type == 'Person' ? :friends : :memberships
+    profiles << link_to("<big> +#{suggestion.profile_connections.count - 4}</big>", :controller => controller_target, :action => :connections, :id => suggestion.suggestion_id) if suggestion.profile_connections.count > 4
+
+    if profiles.present?
+      content_tag(:div, profiles.join , :class => 'profile-connections')
+    else
+      ''
+    end
+  end
+
+  def profile_suggestion_tag_connections(suggestion)
+    tags = suggestion.tag_connections.first(4).map do |tag|
+      tag.name + ', '
+    end
+    last_tag = tags.pop
+    tags << last_tag.strip.chop if last_tag.present?
+    title = tags.join
+
+    controller_target = suggestion.suggestion_type == 'Person' ? :friends : :memberships
+    tags << ' ' + link_to('...', {:controller => controller_target, :action => :connections, :id => suggestion.suggestion_id}, :class => 'more-tag-connections', :title => _('See all connections')) if suggestion.tag_connections.count > 4
+
+    if tags.present?
+      content_tag(:div, tags.join, :class => 'tag-connections', :title => title)
+    else
+      ''
+    end
+  end
+
   def labelled_colorpicker_field(human_name, object_name, method, options = {})
     options[:id] ||= 'text-field-' + FormsHelper.next_id_number
     content_tag('label', human_name, :for => options[:id], :class => 'formlabel') +
 module ArticleHelper
  
-  include PrototypeHelper
   include TokenHelper
  
   def article_reported_version(article)
@@ -35,7 +34,7 @@ module ArticleHelper
         'div',
         check_box(:article, :notify_comments) +
         content_tag('label', _('I want to receive a notification of each comment written by e-mail'), :for => 'article_notify_comments') +
-        observe_field(:article_accept_comments, :function => "$('article_notify_comments').disabled = ! $('article_accept_comments').checked;$('article_moderate_comments').disabled = ! $('article_accept_comments').checked")
+        observe_field(:article_accept_comments, :function => "jQuery('#article_notify_comments')[0].disabled = ! jQuery('#article_accept_comments')[0].checked;jQuery('#article_moderate_comments')[0].disabled = ! jQuery('#article_accept_comments')[0].checked")
       ) +
  
       content_tag(
@@ -19,7 +19,7 @@ module BlockHelper
         content_tag('span', _('Title')) +
         text_field_tag('block[images][][title]', image[:title], :class => 'highlight-title', :size => 45)
       }</label></td>
-      <td>#{link_to '', '#', :class=>'button icon-button icon-delete delete-highlight', :confirm=>_('Are you sure you want to remove this highlight')}</td>
+      <td>#{button_without_text(:delete, _('Remove'), '#', class: 'delete-highlight', :confirm=>_('Are you sure you want to remove this highlight'))}</td>
     </tr>
     "
   end
@@ -38,8 +38,12 @@ module BoxesHelper
     end
   end
  
+  def boxes_limit holder
+    controller.send(:custom_design)[:boxes_limit] || holder.boxes_limit(controller.send(:custom_design)[:layout_template])
+  end
+
   def display_boxes(holder, main_content)
-    boxes = holder.boxes.with_position.first(holder.boxes_limit)
+    boxes = holder.boxes.with_position.first(boxes_limit(holder))
     content = boxes.reverse.map { |item| display_box(item, main_content) }.join("\n")
     content = main_content if (content.blank?)
  
@@ -65,11 +69,13 @@ module BoxesHelper
   end
  
   def display_box_content(box, main_content)
-    context = { :article => @page, :request_path => request.path, :locale => locale, :params => request.params, :user => user }
-    box_decorator.select_blocks(box.blocks.includes(:box), context).map { |item| display_block(item, main_content) }.join("\n") + box_decorator.block_target(box)
+    context = { :article => @page, :request_path => request.path, :locale => locale, :params => request.params, :user => user, :controller => controller }
+    box_decorator.select_blocks(box, box.blocks.includes(:box), context).map do |item|
+      display_block item, main_content
+    end.join("\n") + box_decorator.block_target(box)
   end
  
-  def select_blocks(arr, context)
+  def select_blocks box, arr, context
     arr
   end
  
@@ -150,8 +156,22 @@ module BoxesHelper
     def self.block_edit_buttons(block)
       ''
     end
-    def self.select_blocks(arr, context)
-      arr.select { |block| block.visible?(context) }
+    def self.select_blocks box, arr, context
+      arr = arr.select{ |block| block.visible? context }
+
+      custom_design = context[:controller].send(:custom_design)
+      inserts = [custom_design[:insert]].flatten.compact
+      inserts.each do |insert_opts|
+        next unless box.position == insert_opts[:box]
+        position, block = insert_opts[:position], insert_opts[:block]
+        block = block.new box: box if block.is_a? Class
+
+        if not insert_opts[:uniq] or not box.blocks.map(&:class).include? block.klass
+          arr = arr.insert position, block
+        end
+      end
+
+      arr
     end
   end
  
@@ -211,7 +231,7 @@ module BoxesHelper
       end
  
       if block.editable?
-        buttons << colorbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
+        buttons << modal_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
       end
  
       if !block.main?
@@ -221,7 +241,7 @@ module BoxesHelper
     end
  
     if block.respond_to?(:help)
-      buttons << thickbox_inline_popup_icon(:help, _('Help on this block'), {}, "help-on-box-#{block.id}") << content_tag('div', content_tag('h2', _('Help')) + content_tag('div', block.help, :style => 'margin-bottom: 1em;') + thickbox_close_button(_('Close')), :style => 'display: none;', :id => "help-on-box-#{block.id}")
+      buttons << modal_inline_icon(:help, _('Help on this block'), {}, "#help-on-box-#{block.id}") << content_tag('div', content_tag('h2', _('Help')) + content_tag('div', block.help, :style => 'margin-bottom: 1em;') + modal_close_button(_('Close')), :style => 'display: none;', :id => "help-on-box-#{block.id}")
     end
  
     if block.embedable?
@@ -25,10 +25,13 @@ module CategoriesHelper
     )
   end
  
-  def update_categories_link(body, category_id=nil, html_options={})
+  #TODO: remove this function and, in views, use existing basic buttons
+  def update_categories_link(type, body, category_id=nil, html_options={})
+    html_class = 'select-subcategory-link'
+    html_class = " icon-#{type}  btn btn-primary btn-xs" if type.present?
     link_to body,
       { :action => "update_categories", :category_id => category_id, :id => @object },
-      {:id => category_id ? "select-category-#{category_id}-link" : nil, :remote => true, :class => 'select-subcategory-link'}.merge(html_options)
+      {:id => category_id ? "select-category-#{category_id}-link" : nil, :remote => true, :class => html_class}.merge(html_options)
   end
  
 end
@@ -6,8 +6,9 @@ module ChatHelper
       ['icon-menu-busy', _('Busy'), 'chat-busy'],
       ['icon-menu-offline', _('Sign out of chat'), 'chat-disconnect'],
     ]
+    avatar = profile_image(user, :portrait, :class => 'avatar')
     content_tag('span',
-      link_to(content_tag('span', status) + ui_icon('ui-icon-triangle-1-s'),
+      link_to(avatar + content_tag('span', user.name) + ui_icon('ui-icon-triangle-1-s'),
         '#',
         :onclick => 'toggleMenu(this); return false',
         :class => icon_class + ' simplemenu-trigger'
@@ -40,12 +40,8 @@ module CmsHelper
     end
   end
  
-  def display_spread_button(profile, article)
-    if profile.person?
-      expirable_button article, :spread, _('Spread this'), :action => 'publish', :id => article.id
-    elsif profile.community? && environment.portal_community
-      expirable_button article, :spread, _('Spread this'), :action => 'publish_on_portal_community', :id => article.id
-    end
+  def display_spread_button(article)
+    expirable_button article, :spread, _('Spread this'), {:action => 'publish', :id => article.id}, {:class => 'colorbox'}
   end
  
   def display_delete_button(article)
@@ -1,25 +0,0 @@
-module ColorboxHelper
-
-  def colorbox_close_button(text, options = {})
-    button(:close, text, '#', colorbox_options(options, :close))
-  end
-
-  def colorbox_button(type, label, url, options = {})
-    button(type, label, url, colorbox_options(options))
-  end
-
-  def colorbox_icon_button(type, label, url, options = {})
-    icon_button(type, label, url, colorbox_options(options))
-  end
-
-  # options must be an HTML options hash as passed to link_to etc.
-  #
-  # returns a new hash with colorbox class added. Keeps existing classes.
-  def colorbox_options(options, type=nil)
-    the_class = 'colorbox'
-    the_class += "-#{type.to_s}" unless type.nil?
-    the_class << " #{options[:class]}" if options.has_key?(:class)
-    options.merge(:class => the_class)
-  end
-
-end
@@ -65,7 +65,7 @@ module CommentHelper
  
   def link_for_edit(comment)
     if comment.can_be_updated_by?(user)
-      {:link => expirable_comment_link(comment, :edit, _('Edit'), url_for(:profile => profile.identifier, :controller => :comment, :action => :edit, :id => comment.id),:class => 'colorbox')}
+      {:link => expirable_comment_link(comment, :edit, _('Edit'), url_for(:profile => profile.identifier, :controller => :comment, :action => :edit, :id => comment.id),:class => 'modal')}
     end
   end
  
@@ -2,24 +2,14 @@ require &#39;noosfero/i18n&#39;
  
 module DatesHelper
  
-  # FIXME Date#strftime should translate this for us !!!!
-  MONTHS = [
-    N_('January'),
-    N_('February'),
-    N_('March'),
-    N_('April'),
-    N_('May'),
-    N_('June'),
-    N_('July'),
-    N_('August'),
-    N_('September'),
-    N_('October'),
-    N_('November'),
-    N_('December')
-  ]
-
-  def month_name(n)
-    _(MONTHS[n-1])
+  MONTHS = I18n.t('date.month_names')
+
+  def month_name(n, abbreviated = false)
+    if abbreviated
+      I18n.t('date.abbr_month_names')[n]
+    else
+      MONTHS[n]
+    end
   end
  
   # formats a date for displaying.
@@ -91,15 +81,7 @@ module DatesHelper
       _(date.strftime("%a"))
     else
       # FIXME Date#strftime should translate this for us !!!!
-      _([
-        N_('Sunday'),
-        N_('Monday'),
-        N_('Tuesday'),
-        N_('Wednesday'),
-        N_('Thursday'),
-        N_('Friday'),
-        N_('Saturday'),
-      ][date.wday])
+      I18n.t('date.day_names')[date.wday]
     end
   end
  
@@ -111,7 +93,7 @@ module DatesHelper
       date = date << 1
     end
     if opts[:only_month]
-      _('%{month}') % {:month => month_name(date.month.to_i) }
+      _('%{month}') % { :month => month_name(date.month.to_i) }
     else
       _('%{month} %{year}') % { :year => date.year, :month => month_name(date.month.to_i) }
     end
@@ -156,7 +138,7 @@ module DatesHelper
     else
       order = [:day, :month, :year]
     end
-    date_select(object, method, html_options.merge(options.merge(:include_blank => true, :order => order, :use_month_names => MONTHS.map {|item| gettext(item)})))
+    date_select(object, method, html_options.merge(options.merge(:include_blank => true, :order => order, :use_month_names => MONTHS)))
   end
  
 end
@@ -0,0 +1,50 @@
+module DesignHelper
+
+  extend ActiveSupport::Concern
+
+  included do
+    extend ClassMethods
+    include InstanceMethods
+    before_filter :load_custom_design if self.respond_to? :before_filter
+  end
+
+  module ClassMethods
+
+    def no_design_blocks
+      @no_design_blocks = true
+    end
+
+    def use_custom_design options = {}
+      @custom_design = options
+    end
+
+    def custom_design
+      @custom_design ||= {}
+    end
+
+    def uses_design_blocks?
+      !@no_design_blocks
+    end
+
+  end
+
+  module InstanceMethods
+
+    protected
+
+    def uses_design_blocks?
+      !@no_design_blocks && self.class.uses_design_blocks?
+    end
+
+    def load_custom_design
+      # see also: LayoutHelper#body_classes
+      @layout_template = self.class.custom_design[:layout_template]
+    end
+
+    def custom_design
+      @custom_design || self.class.custom_design
+    end
+
+  end
+
+end
@@ -265,7 +265,7 @@ module FormsHelper
     )
   end
  
-  def select_profile_folder(label_text, field_id, profile, default_value='', html_options = {}, js_options = {}, find_options = {})
+  def select_profile_folder(label_text, field_id, profile, default_value='', html_options = {}, js_options = {}, find_options = {}, extra_options = {})
     if find_options.empty?
       folders = profile.folders
     else
@@ -276,7 +276,7 @@ module FormsHelper
       select_tag(
         field_id,
         options_for_select(
-          [[profile.identifier, '']] +
+          [[(extra_options[:root_label] || profile.identifier), '']] +
           folders.collect {|f| [ profile.identifier + '/' +  f.full_name, f.id.to_s ] },
           default_value.to_s
         ),
 module LanguageHelper
   def language
-    locale
+    locale.to_s
   end
  
   def tinymce_language
@@ -20,7 +20,7 @@ module LanguageHelper
     separator = options[:separator] || ' &mdash; '
  
     if options[:element] == 'dropdown'
-      select_tag('lang', 
+      select_tag('lang',
         options_for_select(locales.map{|code,name| [name, code]}, current),
         :onchange => "document.location.href= #{url_for(params.merge(:lang => 'LANGUAGE'))}.replace(/LANGUAGE/, this.value) ;",
         :help => _('The language you choose here is the language used for options, buttons, etc. It does not affect the language of the content created by other users.')
@@ -31,12 +31,12 @@ module LayoutHelper
     plugins_javascripts = @plugins.map { |plugin| [plugin.js_files].flatten.map { |js| plugin.class.public_path(js) } }.flatten
  
     output = ''
-    output += render :file =>  'layouts/_javascript'
-    output += javascript_tag 'render_all_jquery_ui_widgets()'
+    output += render 'layouts/javascript'
     unless plugins_javascripts.empty?
       output += javascript_include_tag plugins_javascripts, :cache => "cache/plugins-#{Digest::MD5.hexdigest plugins_javascripts.to_s}"
     end
     output += theme_javascript_ng.to_s
+    output += javascript_tag 'render_all_jquery_ui_widgets()'
  
     output
   end
@@ -45,10 +45,10 @@ module LayoutHelper
     standard_stylesheets = [
       'application',
       'search',
-      'thickbox',
-      'lightbox',
       'colorbox',
+      'selectordie',
       'inputosaurus',
+      'chat',
       pngfix_stylesheet_path,
     ] + tokeninput_stylesheets
     plugins_stylesheets = @plugins.select(&:stylesheet?).map { |plugin| plugin.class.public_path('style.css') }
@@ -85,6 +85,7 @@ module LayoutHelper
     end
   end
  
+
   def icon_theme_stylesheet_path
     icon_themes = []
     theme_icon_themes = theme_option(:icon_theme) || []
@@ -115,8 +116,5 @@ module LayoutHelper
     end
   end
  
-  def meta_description_tag(article=nil)
-    article ? CGI.escapeHTML(truncate(strip_tags(article.body.to_s), :length => 200)) : environment.name
-  end
 end
  
@@ -1,36 +0,0 @@
-module LightboxHelper
-
-  def lightbox_link_to(text, url, options = {})
-    link_to(text, url, lightbox_options(options))
-  end
-
-  def lightbox_close_button(text, options = {})
-    button(:close, text, '#', lightbox_options(options, 'lbAction').merge(:rel => 'deactivate'))
-  end
-
-  def lightbox_button(type, label, url, options = {})
-    button(type, label, url, lightbox_options(options))
-  end
-
-  def lightbox_icon_button(type, label, url, options = {})
-    icon_button(type, label, url, lightbox_options(options))
-  end
-
-  # options must be an HTML options hash as passed to link_to etc.
-  #
-  # returns a new hash with lightbox class added. Keeps existing classes. 
-  def lightbox_options(options, lightbox_type = 'lbOn')
-    the_class = lightbox_type
-    the_class << " #{options[:class]}" if options.has_key?(:class)
-    options.merge(:class => the_class)
-  end
-
-  def lightbox?
-    request.xhr?
-  end
-
-  def lightbox_remote_button(type, label, url, options = {})
-    button(type, label, url, lightbox_options(options, 'remote-lbOn'))
-  end
-
-end
@@ -137,7 +137,7 @@ module ManageProductsHelper
     ui_button_to_remote(label,
                    {:update => "product-#{field}",
                    :url => { :controller => 'manage_products', :action => "edit", :id => product.id, :field => field },
-                   :complete => "$('edit-product-button-ui-#{field}').hide()",
+                   :complete => "jQuery('#edit-product-button-ui-#{field}').hide()",
                    :method => :get,
                    :loading => "loading_for_button('##{id}')"},
                    options)
@@ -0,0 +1,46 @@
+module ModalHelper
+
+  def modal_inline_link_to title, url, selector, options = {}
+    link_to title, url, modal_options(options.merge(:inline => selector))
+  end
+
+  def modal_inline_icon type, title, url, selector, options = {}
+    icon_button type, title, url, modal_options(options.merge(:inline => selector))
+  end
+
+  def modal_link_to title, url, options = {}
+    link_to title, url, modal_options(options)
+  end
+
+  def modal_close_link text, options = {}
+    link_to text, '#', modal_options(options, :close)
+  end
+
+  def modal_close_button(text, options = {})
+    button :close, text, '#', modal_options(options, :close).merge(:rel => 'deactivate')
+  end
+
+  def modal_button(type, label, url, options = {})
+    button type, label, url, modal_options(options)
+  end
+
+  def modal_icon_button(type, label, url, options = {})
+    icon_button type, label, url, modal_options(options)
+  end
+
+  # options must be an HTML options hash as passed to link_to etc.
+  #
+  # returns a new hash with modal class added. Keeps existing classes.
+  def modal_options(options, type=nil)
+    inline_selector = options.delete :inline
+    options[:onclick] = "return noosfero.modal.inline('#{inline_selector}')" if inline_selector
+
+    classes = if inline_selector then '' else 'modal-toggle' end
+    classes += " modal-#{type.to_s}" if type.present?
+    classes << " #{options[:class]}" if options.has_key? :class
+    options.merge!(:class => classes)
+
+    options
+  end
+
+end
@@ -1,15 +0,0 @@
-module PersonNotifierHelper
-
-  include ApplicationHelper
-
-  private
-
-  def path_to_image(source)
-    top_url + source
-  end
-
-  def top_url
-    top_url = @profile.environment ? @profile.environment.top_url : ''
-  end
-
-end
@@ -0,0 +1,9 @@
+module PluginsHelper
+
+  def plugins_product_tabs
+    @plugins.dispatch(:product_tabs, @product).map do |tab|
+      {:title => tab[:title], :id => tab[:id], :content => instance_eval(&tab[:content])}
+    end
+  end
+
+end
@@ -5,20 +5,23 @@ module SearchHelper
   BLOCKS_SEARCH_LIMIT = 24
   MULTIPLE_SEARCH_LIMIT = 8
  
-  SEARCHES = ActiveSupport::OrderedHash[
-    :articles, _('Contents'),
-    :enterprises, _('Enterprises'),
-    :people, _('People'),
-    :communities, _('Communities'),
-    :products, _('Products and Services'),
-    :events, _('Events'),
-  ]
+  FILTERS_TRANSLATIONS = {
+    :order => _('Order'),
+    :display => _('Display')
+  }
  
-  FILTER_TRANSLATION = {
-    'more_popular' => _('More popular'),
-    'more_active' => _('More active'),
-    'more_recent' => _('More recent'),
-    'more_comments' => _('More comments')
+  FILTERS_OPTIONS_TRANSLATION = {
+    :order => {
+      'more_popular' => _('More popular'),
+      'more_active' => _('More active'),
+      'more_recent' => _('More recent'),
+      'more_comments' => _('More comments')
+    },
+    :display => {
+      'map' => _('Map'),
+      'full' => _('Full'),
+      'compact' => _('Compact')
+    }
   }
  
   COMMON_PROFILE_LIST_BLOCK = [
@@ -56,7 +59,7 @@ module SearchHelper
   end
  
   def display?(asset, mode)
-    defined?(asset_class(asset)::SEARCH_DISPLAYS) && asset_class(asset)::SEARCH_DISPLAYS.include?(mode.to_s)
+    defined?(asset_class(asset)::SEARCH_FILTERS[:display]) && asset_class(asset)::SEARCH_FILTERS[:display].include?(mode.to_s)
   end
  
   def display_results(searches=nil, asset=nil)
@@ -93,6 +96,16 @@ module SearchHelper
     end
   end
  
+  def select_filter(name, options, default = nil)
+    if options.size <= 1
+      return
+    else
+      options = options.map {|option| [FILTERS_OPTIONS_TRANSLATION[name][option], option]}
+      options = options_for_select(options, :selected => (params[name] || default))
+      select_tag(name, options)
+    end
+  end
+
   def display_selector(asset, display, float = 'right')
     display = nil if display.blank?
     display ||= asset_class(asset).default_search_display
@@ -107,36 +120,32 @@ module SearchHelper
     end
   end
  
-  def filter_selector(asset, filter, float = 'right')
+  def filters(asset)
+    return if !asset
     klass = asset_class(asset)
-    if klass::SEARCH_FILTERS.count > 1
-      options = options_for_select(klass::SEARCH_FILTERS.map {|f| [FILTER_TRANSLATION[f], f]}, filter)
-      url_params = url_for(params.merge(:filter => 'FILTER'))
-      onchange = "document.location.href = '#{url_params}'.replace('FILTER', this.value)"
-      select_field = select_tag(:filter, options, :onchange => onchange)
-      content_tag('div',
-        content_tag('strong', _('Filter')) + ': ' + select_field,
-        :class => "search-customize-options"
-      )
-    end
+    content_tag('div', klass::SEARCH_FILTERS.map do |name, options|
+      default = klass.respond_to?("default_search_#{name}") ? klass.send("default_search_#{name}".to_s) : nil
+      select_filter(name, options, default)
+    end.join("\n"), :id => 'search-filters')
+  end
+
+  def assets_menu(selected)
+    assets = @enabled_searches.keys
+    #     Events is a search asset but do not have a good interface for
+    #TODO searching. When this is solved we may add it back again to the assets
+    #     menu.
+    assets.delete(:events)
+    content_tag('ul',
+      assets.map do |asset|
+        options = {}
+        options.merge!(:class => 'selected') if selected.to_s == asset.to_s
+        content_tag('li', asset_link(asset), options)
+      end.join("\n"),
+    :id => 'assets-menu')
   end
  
-  def filter_title(asset, filter)
-    {
-      'articles_more_recent' => _('More recent contents from network'),
-      'articles_more_popular' => _('More viewed contents from network'),
-      'articles_more_comments' => _('Most commented contents from network'),
-      'people_more_recent' => _('More recent people from network'),
-      'people_more_active' => _('More active people from network'),
-      'people_more_popular' => _('More popular people from network'),
-      'communities_more_recent' => _('More recent communities from network'),
-      'communities_more_active' => _('More active communities from network'),
-      'communities_more_popular' => _('More popular communities from network'),
-      'enterprises_more_recent' => _('More recent enterprises from network'),
-      'enterprises_more_active' => _('More active enterprises from network'),
-      'enterprises_more_popular' => _('More popular enterprises from network'),
-      'products_more_recent' => _('Highlights'),
-    }[asset.to_s + '_' + filter].to_s
+  def asset_link(asset)
+    link_to(@enabled_searches[asset], "/search/#{asset}")
   end
  
 end
@@ -0,0 +1,18 @@
+module SearchTermHelper
+  def register_search_term(term, total, indexed, context, asset='all')
+    normalized_term = normalize_term(term)
+    if normalized_term.present?
+      search_term = SearchTerm.find_or_create(normalized_term, context, asset)
+      SearchTermOccurrence.create!(:search_term => search_term, :total => total, :indexed => indexed)
+    end
+  end
+
+  #FIXME For some reason the job is created but nothing is ran.
+  #handle_asynchronously :register_search_term
+
+  #TODO Think smarter criteria to normalize search terms properly
+  def normalize_term(search_term)
+    search_term ||= ''
+    search_term.downcase
+  end
+end
@@ -1,11 +0,0 @@
-module ThickboxHelper
-  def thickbox_inline_popup_link(title, url, id, options = {})
-    link_to(title, url_for(url) + "#TB_inline?height=300&width=500&inlineId=#{id}&modal=true", {:class => 'thickbox'}.merge(options))
-  end
-  def thickbox_inline_popup_icon(type, title, url, id, options = {})
-    icon_button(type, title, url_for(url) + "#TB_inline?height=300&width=500&inlineId=#{id}&modal=true", {:class => "thickbox"}.merge(options))
-  end
-  def thickbox_close_button(title)
-    button_to_function(:close, title, 'tb_remove();')
-  end
-end
@@ -11,7 +11,7 @@ module TinymceHelper
   end
  
   def tinymce_init_js options = {}
-    options.merge! :document_base_url => environment.top_url,
+    options.merge! :document_base_url => top_url,
       :content_css => "/stylesheets/tinymce.css,#{macro_css_files}",
       :plugins => %w[compat3x advlist autolink lists link image charmap print preview hr anchor pagebreak
         searchreplace wordcount visualblocks visualchars code fullscreen
@@ -12,6 +12,7 @@ module TokenHelper
     options[:search_delay] ||= 1000
     options[:prevent_duplicates] ||=  true
     options[:backspace_delete_item] ||= false
+    options[:zindex] ||= 999
     options[:focus] ||= false
     options[:avoid_enter] ||= true
     options[:on_result] ||= 'null'
@@ -31,6 +32,7 @@ module TokenHelper
         searchDelay: #{options[:search_delay].to_json},
         preventDuplicates: #{options[:prevent_duplicates].to_json},
         backspaceDeleteItem: #{options[:backspace_delete_item].to_json},
+        zindex: #{options[:zindex].to_json},
         queryParam: #{options[:query_param].to_json},
         tokenLimit: #{options[:token_limit].to_json},
         onResult: #{options[:on_result]},
-class Comment::Notifier < ActionMailer::Base
+class CommentNotifier < ActionMailer::Base
   def notification(comment)
     profile = comment.article.profile
     @recipient = profile.nickname || profile.name
-class Scrap::Notifier < ActionMailer::Base
+class ScrapNotifier < ActionMailer::Base
   def notification(scrap)
     sender, receiver = scrap.sender, scrap.receiver
     @recipient = receiver.name
@@ -41,6 +41,23 @@ class UserMailer &lt; ActionMailer::Base
     )
   end
  
+  def profiles_suggestions_email(user)
+    @recipient = user.name
+    @environment = user.environment.name
+    @url = user.environment.top_url
+    @people_suggestions_url = user.people_suggestions_url
+    @people_suggestions = user.suggested_people.sample(3)
+    @communities_suggestions_url = user.communities_suggestions_url
+    @communities_suggestions = user.suggested_communities.sample(3)
+
+    mail(
+      content_type: 'text/html',
+      to: user.email,
+      from: "#{user.environment.name} <#{user.environment.contact_email}>",
+      subject: _("[%s] What about grow up your network?") % user.environment.name
+    )
+  end
+
   class Job < Struct.new(:user, :method)
     def perform
       UserMailer.send(method, user).deliver
@@ -14,6 +14,11 @@ class AddFriend &lt; Task
   alias :friend :target
   alias :friend= :target=
  
+  after_create do |task|
+    TaskMailer.invitation_notification(task).deliver unless task.friend
+    remove_from_suggestion_list(task)
+  end
+
   def perform
     target.add_friend(requestor, group_for_friend)
     requestor.add_friend(target, group_for_person)
@@ -48,4 +53,8 @@ class AddFriend &lt; Task
     {:type => :profile_image, :profile => requestor, :url => requestor.url}
   end
  
+  def remove_from_suggestion_list(task)
+    suggestion = task.requestor.profile_suggestions.find_by_suggestion_id task.target.id
+    suggestion.disable if suggestion
+  end
 end
@@ -10,6 +10,10 @@ class AddMember &lt; Task
  
   settings_items :roles
  
+  after_create do |task|
+    remove_from_suggestion_list(task)
+  end
+
   def perform
     if !self.roles or (self.roles.uniq.compact.length == 1 and self.roles.uniq.compact.first.to_i.zero?)
       self.roles = [Profile::Roles.member(organization.environment.id).id]
@@ -46,4 +50,9 @@ class AddMember &lt; Task
     _('You will need login to %{system} in order to accept or reject %{requestor} as a member of %{organization}.') % { :system => target.environment.name, :requestor => requestor.name, :organization => organization.name }
   end
  
+  def remove_from_suggestion_list(task)
+    suggestion = task.requestor.profile_suggestions.find_by_suggestion_id task.target.id
+    suggestion.disable if suggestion
+  end
+
 end
@@ -22,6 +22,7 @@ class ApproveArticle &lt; Task
   end
  
   settings_items :closing_statment, :article_parent_id, :highlighted
+  settings_items :create_link, :type => :boolean, :default => false
  
   def article_parent
     Article.find_by_id article_parent_id.to_i
@@ -48,7 +49,11 @@ class ApproveArticle &lt; Task
   end
  
   def perform
-    article.copy!(:name => name, :abstract => abstract, :body => body, :profile => target, :reference_article => article, :parent => article_parent, :highlighted => highlighted, :source => article.source, :last_changed_by_id => article.last_changed_by_id, :created_by_id => article.created_by_id)
+    if create_link
+      LinkArticle.create!(:reference_article => article, :profile => target, :parent => article_parent, :highlighted => highlighted)
+    else
+      article.copy!(:name => name, :abstract => abstract, :body => body, :profile => target, :reference_article => article, :parent => article_parent, :highlighted => highlighted, :source => article.source, :last_changed_by_id => article.last_changed_by_id, :created_by_id => article.created_by_id)
+    end
   end
  
   def title
-require 'hpricot'
  
 class Article < ActiveRecord::Base
  
@@ -14,20 +13,17 @@ class Article &lt; ActiveRecord::Base
   acts_as_having_image
  
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :abstract => 3,
-    :body => 2,
-    :slug => 1,
-    :filename => 1,
+    :name => {:label => _('Name'), :weight => 10},
+    :abstract => {:label => _('Abstract'), :weight => 3},
+    :body => {:label => _('Content'), :weight => 2},
+    :slug => {:label => _('Slug'), :weight => 1},
+    :filename => {:label => _('Filename'), :weight => 1},
   }
  
-  SEARCH_FILTERS = %w[
-    more_recent
-    more_popular
-    more_comments
-  ]
-
-  SEARCH_DISPLAYS = %w[full]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent more_popular more_comments],
+    :display => %w[full]
+  }
  
   def self.default_search_display
     'full'
@@ -110,6 +106,11 @@ class Article &lt; ActiveRecord::Base
     self.activity.destroy if self.activity
   end
  
+  after_destroy :destroy_link_article
+  def destroy_link_article
+    Article.where(:reference_article_id => self.id, :type => LinkArticle).destroy_all
+  end
+
   xss_terminate :only => [ :name ], :on => 'validation', :with => 'white_list'
  
   scope :in_category, lambda { |category|
@@ -388,6 +389,10 @@ class Article &lt; ActiveRecord::Base
     {}
   end
  
+  def alternate_languages
+    self.translations.map(&:language)
+  end
+
   scope :native_translations, :conditions => { :translation_of_id => nil }
  
   def translatable?
@@ -472,7 +477,9 @@ class Article &lt; ActiveRecord::Base
   scope :no_folders, lambda {|profile|{:conditions => ['articles.type NOT IN (?)', profile.folder_types]}}
   scope :galleries, :conditions => [ "articles.type IN ('Gallery')" ]
   scope :images, :conditions => { :is_image => true }
+  scope :no_images, :conditions => { :is_image => false }
   scope :text_articles, :conditions => [ 'articles.type IN (?)', text_article_types ]
+  scope :files, :conditions => { :type => 'UploadedFile' }
   scope :with_types, lambda { |types| { :conditions => [ 'articles.type IN (?)', types ] } }
  
   scope :more_popular, :order => 'hits DESC'
@@ -523,7 +530,10 @@ class Article &lt; ActiveRecord::Base
   end
  
   alias :allow_delete?  :allow_post_content?
-  alias :allow_spread?  :allow_post_content?
+
+  def allow_spread?(user = nil)
+    user && public?
+  end
  
   def allow_create?(user)
     allow_post_content?(user) || allow_publish_content?(user)
@@ -696,7 +706,7 @@ class Article &lt; ActiveRecord::Base
   end
  
   def first_paragraph
-    paragraphs = Hpricot(to_html).search('p')
+    paragraphs = Nokogiri::HTML.fragment(to_html).css('p')
     paragraphs.empty? ? '' : paragraphs.first.to_html
   end
  
@@ -718,8 +728,8 @@ class Article &lt; ActiveRecord::Base
  
   def body_images_paths
     require 'uri'
-    Hpricot(self.body.to_s).search('img[@src]').collect do |i|
-      (self.profile && self.profile.environment) ? URI.join(self.profile.environment.top_url, URI.escape(i.attributes['src'])).to_s : i.attributes['src']
+    Nokogiri::HTML.fragment(self.body.to_s).css('img[src]').collect do |i|
+      (self.profile && self.profile.environment) ? URI.join(self.profile.environment.top_url, URI.escape(i['src'])).to_s : i['src']
     end
   end
  
@@ -756,11 +766,11 @@ class Article &lt; ActiveRecord::Base
   end
  
   def first_image
-    img = Hpricot(self.lead.to_s).search('img[@src]').first || Hpricot(self.body.to_s).search('img').first
-    img.nil? ? '' : img.attributes['src']
+    img = Nokogiri::HTML.fragment(self.lead.to_s).css('img[src]').first || Nokogiri::HTML.fragment(self.body.to_s).search('img').first
+    img.nil? ? '' : img['src']
   end
  
-  delegate :region, :region_id, :environment, :environment_id, :to => :profile, :allow_nil => true
+  delegate :lat, :lng, :region, :region_id, :environment, :environment_id, :to => :profile, :allow_nil => true
  
   def has_macro?
     true
@@ -36,8 +36,7 @@ class BlogArchivesBlock &lt; Block
       results << content_tag('li', content_tag('strong', "#{year} (#{count})"))
       results << "<ul class='#{year}-archive'>"
       posts.except(:order).count(:all, :conditions => ['EXTRACT(YEAR FROM published_at)=?', year], :group => 'EXTRACT(MONTH FROM published_at)').sort_by {|month, count| -month.to_i}.each do |month, count|
-        month_name = gettext(MONTHS[month.to_i - 1])
-        results << content_tag('li', link_to("#{month_name} (#{count})", owner_blog.url.merge(:year => year, :month => month)))
+        results << content_tag('li', link_to("#{month_name(month.to_i)} (#{count})", owner_blog.url.merge(:year => year, :month => month)))
       end
       results << "</ul>"
     end
@@ -14,8 +14,8 @@ class Box &lt; ActiveRecord::Base
   end
  
   def acceptable_blocks
-    blocks_classes = central?  ? Box.acceptable_center_blocks + plugins.dispatch(:extra_blocks, :type => owner.class, :position => 1) : Box.acceptable_side_blocks + plugins.dispatch(:extra_blocks, :type => owner.class, :position => [2, 3])
-    to_css_class_name(blocks_classes)
+    blocks_classes = if central? then Box.acceptable_center_blocks + plugins.dispatch(:extra_blocks, :type => owner.class, :position => 1) else Box.acceptable_side_blocks + plugins.dispatch(:extra_blocks, :type => owner.class, :position => [2, 3]) end
+    to_css_selector blocks_classes
   end
  
   def central?
@@ -74,8 +74,8 @@ class Box &lt; ActiveRecord::Base
  
   private
  
-  def to_css_class_name(blocks_classes)
-    blocks_classes.map{ |block_class| block_class.name.to_css_class }
+  def to_css_selector(blocks_classes)
+    blocks_classes.map{ |block_class| ".#{block_class.name.to_css_class}" }.join(',')
   end
  
 end
@@ -3,10 +3,10 @@ class Category &lt; ActiveRecord::Base
   attr_accessible :name, :parent_id, :display_color, :display_in_menu, :image_builder, :environment, :parent
  
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :acronym => 5,
-    :abbreviation => 5,
-    :slug => 1,
+    :name => {:label => _('Name'), :weight => 10},
+    :acronym => {:label => _('Acronym'), :weight => 5},
+    :abbreviation => {:label => _('Abbreviation'), :weight => 5},
+    :slug => {:label => _('Slug'), :weight => 1},
   }
  
   validates_exclusion_of :slug, :in => [ 'index' ], :message => N_('{fn} cannot be like that.').fix_i18n
@@ -3,9 +3,9 @@ class Certifier &lt; ActiveRecord::Base
   attr_accessible :name, :environment
  
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :description => 3,
-    :link => 1,
+    :name => {:label => _('Name'), :weight => 10},
+    :description => {:label => _('Description'), :weight => 3},
+    :link => {:label => _('Link'), :weight => 1},
   }
  
   belongs_to :environment
@@ -0,0 +1,7 @@
+class ChatMessage < ActiveRecord::Base
+  attr_accessible :body, :from, :to
+
+  belongs_to :to, :class_name => 'Profile'
+  belongs_to :from, :class_name => 'Profile'
+
+end
 class Comment < ActiveRecord::Base
  
   SEARCHABLE_FIELDS = {
-    :title => 10,
-    :name => 4,
-    :body => 2,
+    :title => {:label => _('Title'), :weight => 10},
+    :name => {:label => _('Name'), :weight => 4},
+    :body => {:label => _('Content'), :weight => 2},
   }
  
   attr_accessible :body, :author, :name, :email, :title, :reply_of_id, :source
@@ -134,11 +134,11 @@ class Comment &lt; ActiveRecord::Base
   def notify_by_mail
     if source.kind_of?(Article) && article.notify_comments?
       if !notification_emails.empty?
-        Comment::Notifier.notification(self).deliver
+        CommentNotifier.notification(self).deliver
       end
       emails = article.followers - [author_email]
       if !emails.empty?
-        Comment::Notifier.mail_to_followers(self, emails).deliver
+        CommentNotifier.mail_to_followers(self, emails).deliver
       end
     end
   end
@@ -14,19 +14,17 @@ class CommunitiesBlock &lt; ProfileListBlock
     _('This block displays the communities in which the user is a member.')
   end
  
+  def suggestions
+    return nil unless owner.kind_of?(Profile)
+    owner.profile_suggestions.of_community.enabled.limit(3).includes(:suggestion)
+  end
+
   def footer
     owner = self.owner
-    case owner
-    when Profile
-      lambda do |context|
-        link_to s_('communities|View all'), :profile => owner.identifier, :controller => 'profile', :action => 'communities'
-      end
-    when Environment
-      lambda do |context|
-        link_to s_('communities|View all'), :controller => 'search', :action => 'communities'
-      end
-    else
-      ''
+    suggestions = self.suggestions
+    return '' unless owner.kind_of?(Profile) || owner.kind_of?(Environment)
+    proc do
+      render :file => 'blocks/communities', :locals => { :owner => owner, :suggestions => suggestions }
     end
   end
  
@@ -73,7 +73,13 @@ class CreateEnterprise &lt; Task
  
   # sets the associated region for the enterprise creation
   def region=(value)
-    raise ArgumentError.new("Region expected, but got #{value.class}") unless value.kind_of?(Region)
+    unless value.kind_of?(Region)
+      begin
+        value = Region.find(value)
+      rescue
+        raise ArgumentError.new("Could not find any region with the id #{value}")
+      end
+    end
  
     @region = value
     self.region_id = value.id
@@ -4,7 +4,10 @@ class Enterprise &lt; Organization
  
   attr_accessible :business_name, :address_reference, :district, :tag_list, :organization_website, :historic_and_current_context, :activities_short_description, :products_per_catalog_page
  
-  SEARCH_DISPLAYS += %w[map full]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent more_popular more_active],
+    :display => %w[compact full map]
+  }
  
   def self.type_name
     _('Enterprise')
@@ -16,7 +19,8 @@ class Enterprise &lt; Organization
   has_many :inputs, :through => :products
   has_many :production_costs, :as => :owner
  
-  has_and_belongs_to_many :fans, :class_name => 'Person', :join_table => 'favorite_enteprises_people'
+  has_many :favorite_enterprise_people
+  has_many :fans, through: :favorite_enterprise_people, source: :person
  
   def product_categories
     ProductCategory.by_enterprise(self)
@@ -3,13 +3,14 @@
 # domains.
 class Environment < ActiveRecord::Base
  
-  attr_accessible :name, :is_default, :signup_welcome_text_subject, :signup_welcome_text_body, :terms_of_use, :message_for_disabled_enterprise, :news_amount_by_folder, :default_language, :languages, :description, :organization_approval_method, :enabled_plugins, :enabled_features, :redirection_after_login, :redirection_after_signup, :contact_email, :theme, :reports_lower_bound, :noreply_email, :signup_welcome_screen_body, :members_whitelist_enabled, :members_whitelist
+  attr_accessible :name, :is_default, :signup_welcome_text_subject, :signup_welcome_text_body, :terms_of_use, :message_for_disabled_enterprise, :news_amount_by_folder, :default_language, :languages, :description, :organization_approval_method, :enabled_plugins, :enabled_features, :redirection_after_login, :redirection_after_signup, :contact_email, :theme, :reports_lower_bound, :noreply_email, :signup_welcome_screen_body, :members_whitelist_enabled, :members_whitelist, :highlighted_news_amount, :portal_news_amount
  
   has_many :users
  
   self.partial_updates = false
  
   has_many :tasks, :dependent => :destroy, :as => 'target'
+  has_many :search_terms, :as => :context
  
   IDENTIFY_SCRIPTS = /(php[0-9s]?|[sp]htm[l]?|pl|py|cgi|rb)/
  
@@ -85,7 +86,9 @@ class Environment &lt; ActiveRecord::Base
   end
  
   def admins
-    Person.members_of(self).all(:conditions => ['role_assignments.role_id = ?', Environment::Roles.admin(self).id])
+    admin_role = Environment::Roles.admin(self)
+    return [] if admin_role.blank?
+    Person.members_of(self).all(:conditions => ['role_assignments.role_id = ?', admin_role.id])
   end
  
   # returns the available features for a Environment, in the form of a
@@ -155,7 +158,8 @@ class Environment &lt; ActiveRecord::Base
       'site_homepage' => _('Redirects the user to the environment homepage.'),
       'user_profile_page' => _('Redirects the user to his profile page.'),
       'user_homepage' => _('Redirects the user to his homepage.'),
-      'user_control_panel' => _('Redirects the user to his control panel.')
+      'user_control_panel' => _('Redirects the user to his control panel.'),
+      'welcome_page' => _('Redirects the user to the environment welcome page.')
     }
   end
   validates_inclusion_of :redirection_after_signup, :in => Environment.signup_redirection_options.keys, :allow_nil => true
@@ -264,9 +268,12 @@ class Environment &lt; ActiveRecord::Base
   settings_items :description, :type => String, :default => '<div style="text-align: center"><a href="http://noosfero.org/"><img src="/images/noosfero-network.png" alt="Noosfero"/></a></div>'
   settings_items :local_docs, :type => Array, :default => []
   settings_items :news_amount_by_folder, :type => Integer, :default => 4
+  settings_items :highlighted_news_amount, :type => Integer, :default => 2
+  settings_items :portal_news_amount, :type => Integer, :default => 5
   settings_items :help_message_to_add_enterprise, :type => String, :default => ''
   settings_items :tip_message_enterprise_activation_question, :type => String, :default => ''
  
+  settings_items :currency_iso_unit, :type => String, :default => 'USD'
   settings_items :currency_unit, :type => String, :default => '$'
   settings_items :currency_separator, :type => String, :default => '.'
   settings_items :currency_delimiter, :type => String, :default => ','
@@ -657,8 +664,8 @@ class Environment &lt; ActiveRecord::Base
     { :controller => 'admin_panel', :action => 'index' }
   end
  
-  def top_url
-    url = 'http://'
+  def top_url(scheme = 'http')
+    url = scheme + '://'
     url << (Noosfero.url_options.key?(:host) ? Noosfero.url_options[:host] : default_hostname)
     url << ':' << Noosfero.url_options[:port].to_s if Noosfero.url_options.key?(:port)
     url << Noosfero.root('')
@@ -824,6 +831,10 @@ class Environment &lt; ActiveRecord::Base
     "home-page-news/#{cache_key}-#{language}"
   end
  
+  def portal_enabled
+    portal_community && enabled?('use_portal_community')
+  end
+
   def notification_emails
     [contact_email].select(&:present?) + admins.map(&:email)
   end
@@ -937,6 +948,10 @@ class Environment &lt; ActiveRecord::Base
     locales_list
   end
  
+  def has_license?
+    self.licenses.any?
+  end
+
   private
  
   def default_language_available
@@ -19,7 +19,7 @@ class Event &lt; Article
     maybe_add_http(self.setting[:link])
   end
  
-  xss_terminate :only => [ :body, :link, :address ], :with => 'white_list', :on => 'validation'
+  xss_terminate :only => [ :name, :body, :link, :address ], :with => 'white_list', :on => 'validation'
  
   def initialize(*args)
     super(*args)
@@ -141,6 +141,10 @@ class Event &lt; Article
     result
   end
  
+  def duration
+    ((self.end_date || self.start_date) - self.start_date).to_i
+  end
+
   def lead
     content_tag('div',
       show_period(start_date, end_date),
@@ -14,9 +14,9 @@ class ExternalFeed &lt; ActiveRecord::Base
  
   def add_item(title, link, date, content)
     return if content.blank?
-    doc = Hpricot(content)
-    doc.search('*').each do |p|
-      if p.instance_of? Hpricot::Elem
+    doc = Nokogiri::HTML.fragment content
+    doc.css('*').each do |p|
+      if p.instance_of? Nokogiri::XML::Element
         p.remove_attribute 'style'
         p.remove_attribute 'class'
       end
@@ -26,10 +26,10 @@ class ExternalFeed &lt; ActiveRecord::Base
     article = TinyMceArticle.new
     article.name = title
     article.profile = blog.profile
-    article.body = content 
-    article.published_at = date 
-    article.source = link 
-    article.profile = blog.profile 
+    article.body = content
+    article.published_at = date
+    article.source = link
+    article.profile = blog.profile
     article.parent = blog
     article.author_name = self.feed_title
     unless blog.children.exists?(:slug => article.slug)
@@ -0,0 +1,8 @@
+class FavoriteEnterprisePerson < ActiveRecord::Base
+
+  self.table_name = :favorite_enteprises_people
+
+  belongs_to :enterprise
+  belongs_to :person
+
+end
@@ -12,7 +12,7 @@ class Folder &lt; Article
  
   acts_as_having_settings :field => :setting
  
-  xss_terminate :only => [ :body ], :with => 'white_list', :on => 'validation'
+  xss_terminate :only => [ :name, :body ], :with => 'white_list', :on => 'validation'
  
   include WhiteListFilter
   filter_iframes :body
@@ -54,7 +54,7 @@ class Forum &lt; Folder
  
   def first_paragraph
     return '' if body.blank?
-    paragraphs = Hpricot(body).search('p')
+    paragraphs = Nokogiri::HTML.fragment(body).css('p')
     paragraphs.empty? ? '' : paragraphs.first.to_html
   end
  
 class Input < ActiveRecord::Base
  
-  attr_accessible :product, :product_category, :product_category_id, :amount_used, :unit_id, :price_per_unit, :relevant_to_price
+  attr_accessible :product, :product_id, :product_category, :product_category_id,
+    :amount_used, :unit_id, :price_per_unit, :relevant_to_price, :is_from_solidarity_economy
  
   belongs_to :product
   belongs_to :product_category
@@ -51,7 +51,10 @@ class Invitation &lt; Task
       next if contact_to_invite == _("Firstname Lastname <friend@email.com>")
  
       contact_to_invite.strip!
-      if match = contact_to_invite.match(/(.*)<(.*)>/) and match[2].match(Noosfero::Constants::EMAIL_FORMAT)
+      find_by_profile_id = false
+      if contact_to_invite.match(/^\d*$/)
+        find_by_profile_id = true
+      elsif match = contact_to_invite.match(/(.*)<(.*)>/) and match[2].match(Noosfero::Constants::EMAIL_FORMAT)
         friend_name = match[1].strip
         friend_email = match[2]
       elsif match = contact_to_invite.strip.match(Noosfero::Constants::EMAIL_FORMAT)
@@ -61,11 +64,15 @@ class Invitation &lt; Task
         next
       end
  
-      user = User.find_by_email(friend_email)
+      begin
+        user = find_by_profile_id ? Person.find_by_id(contact_to_invite).user : User.find_by_email(friend_email)
+      rescue
+        user = nil
+      end
  
-      task_args = if user.nil?
+      task_args = if user.nil? && !find_by_profile_id
         {:person => person, :friend_name => friend_name, :friend_email => friend_email, :message => message}
-      else
+      elsif user.present? && !(user.person.is_a_friend?(person) && profile.person?)
         {:person => person, :target => user.person}
       end
  
 class InviteFriend < Invitation
  
   settings_items :group_for_person, :group_for_friend
+  before_create :check_for_invitation_existence
  
   def perform
     person.add_friend(friend, group_for_person)
@@ -41,4 +42,11 @@ class InviteFriend &lt; Invitation
     ].join("\n\n")
   end
  
+  private
+  def check_for_invitation_existence
+    if friend
+      friend.tasks.pending.of("InviteFriend").find(:all, :conditions => {:requestor_id => person.id, :target_id => friend.id}).blank?
+    end
+  end
+
 end
@@ -2,6 +2,7 @@ class InviteMember &lt; Invitation
  
   settings_items :community_id, :type => :integer
   validates_presence_of :community_id
+  before_create :check_for_invitation_existence
  
   def community
     Community.find(community_id)
@@ -39,6 +40,14 @@ class InviteMember &lt; Invitation
     _('%{requestor} invited you to join %{community}.') % {:requestor => requestor.name, :community => community.name}
   end
  
+  def target_notification_message
+    if friend
+      _('%{requestor} is inviting you to join "%{community}" on %{system}.') % { :system => target.environment.name, :requestor => requestor.name, :community => community.name }
+    else
+      super
+    end
+  end
+
   def expanded_message
     super.gsub /<community>/, community.name
   end
@@ -53,4 +62,11 @@ class InviteMember &lt; Invitation
     ].join("\n\n")
   end
  
+  private
+  def check_for_invitation_existence
+    if friend
+      friend.tasks.pending.of("InviteMember").find(:all, :conditions => {:requestor_id => person.id}).select { |t| t.data[:community_id] == community_id }.blank?
+    end
+  end
+
 end
@@ -3,8 +3,8 @@ class License &lt; ActiveRecord::Base
   attr_accessible :name, :url
  
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :url => 5,
+    :name => {:label => _('Name'), :weight => 10},
+    :url => {:label => _('URL'), :weight => 5},
   }
  
   belongs_to :environment
@@ -0,0 +1,14 @@
+class LinkArticle < Article
+
+  attr_accessible :reference_article
+
+  def self.short_description
+    "Article link"
+  end
+
+  delegate :name, :to => :reference_article
+  delegate :body, :to => :reference_article
+  delegate :abstract, :to => :reference_article
+  delegate :url, :to => :reference_article
+
+end
 class NationalRegion < ActiveRecord::Base
  
   SEARCHABLE_FIELDS = {
-    :name => 1,
-    :national_region_code => 1,
+    :name => {:label => _('Name'), :weight => 1},
+    :national_region_code => {:label => _('Region Code'), :weight => 1},
   }
  
   def self.search_city(city_name, like = false, state = nil)
@@ -3,10 +3,11 @@ class Organization &lt; Profile
  
   attr_accessible :moderated_articles, :foundation_year, :contact_person, :acronym, :legal_form, :economic_activity, :management_information, :cnpj, :display_name, :enable_contact_us
  
-  SEARCH_FILTERS += %w[
-    more_popular
-    more_active
-  ]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent more_popular more_active],
+    :display => %w[compact]
+  }
+
  
   settings_items :closed, :type => :boolean, :default => false
   def closed?
@@ -176,4 +177,8 @@ class Organization &lt; Profile
     self.visible = false
     save!
   end
+
+  def allow_invitation_from?(person)
+    (followed_by?(person) && self.allow_members_to_invite) || person.has_permission?('invite-members', self)
+  end
 end
@@ -3,10 +3,11 @@ class Person &lt; Profile
  
   attr_accessible :organization, :contact_information, :sex, :birth_date, :cell_phone, :comercial_phone, :jabber_id, :personal_website, :nationality, :address_reference, :district, :schooling, :schooling_status, :formation, :custom_formation, :area_of_study, :custom_area_of_study, :professional_activity, :organization_website
  
-  SEARCH_FILTERS += %w[
-    more_popular
-    more_active
-  ]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent more_popular more_active],
+    :display => %w[compact]
+  }
+
  
   def self.type_name
     _('Person')
@@ -21,16 +22,34 @@ class Person &lt; Profile
     { :select => 'DISTINCT profiles.*', :joins => :role_assignments, :conditions => [conditions] }
   }
  
+  scope :not_members_of, lambda { |resources|
+    resources = [resources] if !resources.kind_of?(Array)
+    conditions = resources.map {|resource| "role_assignments.resource_type = '#{resource.class.base_class.name}' AND role_assignments.resource_id = #{resource.id || -1}"}.join(' OR ')
+    { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "role_assignments" ON "role_assignments"."accessor_id" = "profiles"."id" AND "role_assignments"."accessor_type" = (\'Profile\') WHERE "profiles"."type" IN (\'Person\') AND (%s))' % conditions] }
+  }
+
   scope :by_role, lambda { |roles|
     roles = [roles] unless roles.kind_of?(Array)
     { :select => 'DISTINCT profiles.*', :joins => :role_assignments, :conditions => ['role_assignments.role_id IN (?)',
 roles] }
   }
  
-  def has_permission_with_plugins?(permission, profile)
-    permissions = [has_permission_without_plugins?(permission, profile)]
+  scope :not_friends_of, lambda { |resources|
+    resources = Array(resources)
+    { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] }
+  }
+
+  def has_permission_with_admin?(permission, resource)
+    return true if resource.blank? || resource.admins.include?(self)
+    return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self)
+    has_permission_without_admin?(permission, resource)
+  end
+  alias_method_chain :has_permission?, :admin
+
+  def has_permission_with_plugins?(permission, resource)
+    permissions = [has_permission_without_plugins?(permission, resource)]
     permissions += plugins.map do |plugin|
-      plugin.has_permission?(self, permission, profile)
+      plugin.has_permission?(self, permission, resource)
     end
     permissions.include?(true)
   end
@@ -45,9 +64,9 @@ roles] }
     ScopeTool.union *scopes
   end
  
-   def memberships_by_role(role)
-     memberships.where('role_assignments.role_id = ?', role.id)
-   end
+  def memberships_by_role(role)
+    memberships.where('role_assignments.role_id = ?', role.id)
+  end
  
   has_many :friendships, :dependent => :destroy
   has_many :friends, :class_name => 'Person', :through => :friendships
@@ -65,6 +84,10 @@ roles] }
   has_and_belongs_to_many :acepted_forums, :class_name => 'Forum', :join_table => 'terms_forum_people'
   has_and_belongs_to_many :articles_with_access, :class_name => 'Article', :join_table => 'article_privacy_exceptions'
  
+  has_many :profile_suggestions, :foreign_key => :person_id, :order => 'score DESC', :dependent => :destroy
+  has_many :suggested_people, :through => :profile_suggestions, :source => :suggestion, :conditions => ['profile_suggestions.suggestion_type = ? AND profile_suggestions.enabled = ?', 'Person', true]
+  has_many :suggested_communities, :through => :profile_suggestions, :source => :suggestion, :conditions => ['profile_suggestions.suggestion_type = ? AND profile_suggestions.enabled = ?', 'Community', true]
+
   scope :more_popular, :order => 'friends_count DESC'
  
   scope :abusers, :joins => :abuse_complaints, :conditions => ['tasks.status = 3'], :select => 'DISTINCT profiles.*'
@@ -118,12 +141,12 @@ roles] }
   end
  
   def add_friend(friend, group = nil)
-   unless self.is_a_friend?(friend)
+    unless self.is_a_friend?(friend)
       friendship = self.friendships.build
       friendship.friend = friend
       friendship.group = group
       friendship.save
-   end
+    end
   end
  
   def already_request_friendship?(person)
@@ -497,6 +520,15 @@ roles] }
     person.notifier.reschedule_next_notification_mail
   end
  
+  def remove_suggestion(profile)
+    suggestion = profile_suggestions.find_by_suggestion_id profile.id
+    suggestion.disable if suggestion
+  end
+
+  def allow_invitation_from?(person)
+    person.has_permission?(:manage_friends, self)
+  end
+
   protected
  
   def followed_by?(profile)
@@ -22,12 +22,17 @@ class PersonNotifier
     schedule_next_notification_mail
   end
  
+  def notify_from
+    @person.last_notification || DateTime.now - @person.notification_time.hours
+  end
+
   def notify
     if @person.notification_time && @person.notification_time > 0
-      from = @person.last_notification || DateTime.now - @person.notification_time.hours
-      notifications = @person.tracked_notifications.find(:all, :conditions => ["created_at > ?", from])
+      notifications = @person.tracked_notifications.find(:all, :conditions => ["created_at > ?", notify_from])
+      tasks = Task.to(@person).without_spam.pending.where("created_at > ?", notify_from).order_by('created_at', 'asc')
+
       Noosfero.with_locale @person.environment.default_language do
-        Mailer::content_summary(@person, notifications).deliver unless notifications.empty?
+        Mailer::content_summary(@person, notifications, tasks).deliver unless notifications.empty? && tasks.empty?
       end
       @person.settings[:last_notification] = DateTime.now
       @person.save!
@@ -59,32 +64,42 @@ class PersonNotifier
     end
  
     def failure(job)
-      person = Person.find(person_id)
-      person.notifier.dispatch_notification_mail
+      begin
+        person = Person.find(person_id)
+        person.notifier.dispatch_notification_mail
+      rescue
+        Rails.logger.error "PersonNotifier::NotifyJob: Cannot recover from failure"
+      end
     end
  
   end
  
   class Mailer < ActionMailer::Base
  
-    add_template_helper(PersonNotifierHelper)
+    add_template_helper(ApplicationHelper)
  
     def session
       {:theme => nil}
     end
  
-    def content_summary(person, notifications)
+    def content_summary(person, notifications, tasks)
+      if person.environment
+        ActionMailer::Base.asset_host = person.environment.top_url
+        ActionMailer::Base.default_url_options[:host] = person.environment.default_hostname
+      end
+
       @current_theme = 'default'
       @profile = person
       @recipient = @profile.nickname || @profile.name
       @notifications = notifications
+      @tasks = tasks
       @environment = @profile.environment.name
       @url = @profile.environment.top_url
       mail(
         content_type: "text/html",
         from: "#{@profile.environment.name} <#{@profile.environment.noreply_email}>",
         to: @profile.email,
-        subject: _("[%s] Network Activity") % [@profile.environment.name]
+        subject: _("[%s] Notifications") % [@profile.environment.name]
       )
     end
   end
 class Product < ActiveRecord::Base
  
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :description => 1,
+    :name => {:label => _('Name'), :weight => 10},
+    :description => {:label => _('Description'), :weight => 1},
   }
  
-  SEARCH_FILTERS = %w[
-    more_recent
-  ]
-
-  SEARCH_DISPLAYS = %w[map full]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent],
+    :display => %w[full map]
+  }
  
-  attr_accessible :name, :product_category, :highlighted, :price, :enterprise, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs, :qualifiers_list
+  attr_accessible :name, :product_category, :profile, :profile_id, :enterprise,
+    :highlighted, :price, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs, :qualifiers_list
  
   def self.default_search_display
     'full'
@@ -237,7 +237,7 @@ class Product &lt; ActiveRecord::Base
  
   def percentage_from_solidarity_economy
     se_i = t_i = 0
-    self.inputs(true).each{ |i| t_i += 1; se_i += 1 if i.is_from_solidarity_economy }
+    self.inputs.each{ |i| t_i += 1; se_i += 1 if i.is_from_solidarity_economy }
     t_i = 1 if t_i == 0 # avoid division by 0
     p = case (se_i.to_f/t_i)*100
         when 0 then [0, '']
@@ -3,7 +3,7 @@
 # which by default is the one returned by Environment:default.
 class Profile < ActiveRecord::Base
  
-  attr_accessible :name, :identifier, :public_profile, :nickname, :custom_footer, :custom_header, :address, :zip_code, :contact_phone, :image_builder, :description, :closed, :template_id, :environment, :lat, :lng, :is_template, :fields_privacy, :preferred_domain_id, :category_ids, :country, :city, :state, :national_region_code, :email, :contact_email, :redirect_l10n, :notification_time, :redirection_after_login
+  attr_accessible :name, :identifier, :public_profile, :nickname, :custom_footer, :custom_header, :address, :zip_code, :contact_phone, :image_builder, :description, :closed, :template_id, :environment, :lat, :lng, :is_template, :fields_privacy, :preferred_domain_id, :category_ids, :country, :city, :state, :national_region_code, :email, :contact_email, :redirect_l10n, :notification_time, :redirection_after_login, :email_suggestions, :allow_members_to_invite, :invite_friends_only
  
   # use for internationalizable human type names in search facets
   # reimplement on subclasses
@@ -12,16 +12,15 @@ class Profile &lt; ActiveRecord::Base
   end
  
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :identifier => 5,
-    :nickname => 2,
+    :name => {:label => _('Name'), :weight => 10},
+    :identifier => {:label => _('Username'), :weight => 5},
+    :nickname => {:label => _('Nickname'), :weight => 2},
   }
  
-  SEARCH_FILTERS = %w[
-    more_recent
-  ]
-
-  SEARCH_DISPLAYS = %w[compact]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent],
+    :display => %w[compact]
+  }
  
   def self.default_search_display
     'compact'
@@ -123,6 +122,7 @@ class Profile &lt; ActiveRecord::Base
   scope :visible, :conditions => { :visible => true }
   scope :disabled, :conditions => { :visible => false }
   scope :public, :conditions => { :visible => true, :public_profile => true }
+  scope :enabled, :conditions => { :enabled => true }
  
   # Subclasses must override this method
   scope :more_popular
@@ -139,6 +139,17 @@ class Profile &lt; ActiveRecord::Base
  
   has_many :comments_received, :class_name => 'Comment', :through => :articles, :source => :comments
  
+  # Although this should be a has_one relation, there are no non-silly names for
+  # a foreign key on article to reference the template to which it is
+  # welcome_page... =P
+  belongs_to :welcome_page, :class_name => 'Article', :dependent => :destroy
+
+  def welcome_page_content
+    welcome_page && welcome_page.published ? welcome_page.body : nil
+  end
+
+  has_many :search_terms, :as => :context
+
   def scraps(scrap=nil)
     scrap = scrap.is_a?(Scrap) ? scrap.id : scrap
     scrap.nil? ? Scrap.all_scraps(self) : Scrap.all_scraps(self).find(scrap)
@@ -154,6 +165,7 @@ class Profile &lt; ActiveRecord::Base
   settings_items :public_content, :type => :boolean, :default => true
   settings_items :description
   settings_items :fields_privacy, :type => :hash, :default => {}
+  settings_items :email_suggestions, :type => :boolean, :default => false
  
   validates_length_of :description, :maximum => 550, :allow_nil => true
  
@@ -218,6 +230,8 @@ class Profile &lt; ActiveRecord::Base
  
   has_many :abuse_complaints, :foreign_key => 'requestor_id', :dependent => :destroy
  
+  has_many :profile_suggestions, :foreign_key => :suggestion_id, :dependent => :destroy
+
   def top_level_categorization
     ret = {}
     self.profile_categorizations.each do |c|
@@ -392,7 +406,7 @@ class Profile &lt; ActiveRecord::Base
   end
  
   xss_terminate :only => [ :name, :nickname, :address, :contact_phone, :description ], :on => 'validation'
-  xss_terminate :only => [ :custom_footer, :custom_header ], :with => 'white_list', :on => 'validation'
+  xss_terminate :only => [ :custom_footer, :custom_header ], :with => 'white_list'
  
   include WhiteListFilter
   filter_iframes :custom_header, :custom_footer
@@ -513,6 +527,14 @@ class Profile &lt; ActiveRecord::Base
     generate_url(:profile => identifier, :controller => 'profile', :action => 'index')
   end
  
+  def people_suggestions_url
+    generate_url(:profile => identifier, :controller => 'friends', :action => 'suggest')
+  end
+
+  def communities_suggestions_url
+    generate_url(:profile => identifier, :controller => 'memberships', :action => 'suggest')
+  end
+
   def generate_url(options)
     url_options.merge(options)
   end
@@ -602,7 +624,7 @@ private :generate_url, :url_options
   end
  
   def copy_article_tree(article, parent=nil)
-    return if article.is_a?(RssFeed)
+    return if !copy_article?(article)
     original_article = self.articles.find_by_name(article.name)
     if original_article
       num = 2
@@ -622,6 +644,11 @@ private :generate_url, :url_options
     end
   end
  
+  def copy_article?(article)
+    !article.is_a?(RssFeed) &&
+    !(is_template && article.slug=='welcome-page')
+  end
+
   # Adds a person as member of this Profile.
   def add_member(person)
     if self.has_members?
@@ -631,6 +658,8 @@ private :generate_url, :url_options
         self.affiliate(person, Profile::Roles.admin(environment.id)) if members.count == 0
         self.affiliate(person, Profile::Roles.member(environment.id))
       end
+      person.tasks.pending.of("InviteMember").select { |t| t.data[:community_id] == self.id }.each { |invite| invite.cancel }
+      remove_from_suggestion_list person
     else
       raise _("%s can't have members") % self.class.name
     end
@@ -768,7 +797,10 @@ private :generate_url, :url_options
   end
  
   def admins
-    self.members_by_role(Profile::Roles.admin(environment.id))
+    return [] if environment.blank?
+    admin_role = Profile::Roles.admin(environment.id)
+    return [] if admin_role.blank?
+    self.members_by_role(admin_role)
   end
  
   def enable_contact?
@@ -966,4 +998,14 @@ private :generate_url, :url_options
   def preferred_login_redirection
     redirection_after_login.blank? ? environment.redirection_after_login : redirection_after_login
   end
+
+  def remove_from_suggestion_list(person)
+    suggestion = person.profile_suggestions.find_by_suggestion_id self.id
+    suggestion.disable if suggestion
+  end
+
+  def allow_invitation_from(person)
+    false
+  end
+
 end
@@ -0,0 +1,290 @@
+class ProfileSuggestion < ActiveRecord::Base
+  belongs_to :person
+  belongs_to :suggestion, :class_name => 'Profile', :foreign_key => :suggestion_id
+
+  attr_accessible :person, :suggestion, :suggestion_type, :categories, :enabled
+
+  has_many :suggestion_connections, :foreign_key => 'suggestion_id'
+  has_many :profile_connections, :through => :suggestion_connections, :source => :connection, :source_type => 'Profile'
+  has_many :tag_connections, :through => :suggestion_connections, :source => :connection, :source_type => 'ActsAsTaggableOn::Tag'
+
+  before_create do |profile_suggestion|
+    profile_suggestion.suggestion_type = self.suggestion.class.to_s
+  end
+
+  after_destroy do |profile_suggestion|
+    self.class.generate_profile_suggestions(profile_suggestion.person)
+  end
+
+  acts_as_having_settings :field => :categories
+
+  validate :must_be_a_valid_category, :on => :create
+  def must_be_a_valid_category
+    if categories.keys.map { |cat| self.respond_to?(cat)}.include?(false)
+      errors.add(:categories, 'Category must be valid')
+    end
+  end
+
+  validates_uniqueness_of :suggestion_id, :scope => [ :person_id ]
+  scope :of_person, :conditions => { :suggestion_type => 'Person' }
+  scope :of_community, :conditions => { :suggestion_type => 'Community' }
+  scope :enabled, :conditions => { :enabled => true }
+
+  # {:category_type => ['category-icon', 'category-label']}
+  CATEGORIES = {
+    :people_with_common_friends => ['menu-people', _('Friends in common')],
+    :people_with_common_communities => ['menu-community',_('Communities in common')],
+    :people_with_common_tags => ['edit', _('Tags in common')],
+    :communities_with_common_friends => ['menu-people', _('Friends in common')],
+    :communities_with_common_tags => ['edit', _('Tags in common')]
+  }
+
+  def category_icon(category)
+    'icon-' + ProfileSuggestion::CATEGORIES[category][0]
+  end
+
+  def category_label(category)
+    ProfileSuggestion::CATEGORIES[category][1]
+  end
+
+  RULES = {
+    :people_with_common_communities => {
+      :threshold => 2, :weight => 1, :connection => 'Profile'
+    },
+    :people_with_common_friends => {
+      :threshold => 2, :weight => 1, :connection => 'Profile'
+    },
+    :people_with_common_tags => {
+      :threshold => 2, :weight => 1, :connection => 'ActsAsTaggableOn::Tag'
+    },
+    :communities_with_common_friends => {
+      :threshold => 2, :weight => 1, :connection => 'Profile'
+    },
+    :communities_with_common_tags => {
+      :threshold => 2, :weight => 1, :connection => 'ActsAsTaggableOn::Tag'
+    }
+  }
+
+  RULES.keys.each do |rule|
+    settings_items rule
+    attr_accessible rule
+  end
+
+  # Number of suggestions by rule
+  N_SUGGESTIONS = 30
+
+  # Minimum number of suggestions
+  MIN_LIMIT = 10
+
+  def self.profile_id(rule)
+    "#{rule}_profile_id"
+  end
+
+  def self.connections(rule)
+    "#{rule}_connections"
+  end
+
+  def self.counter(rule)
+    "#{rule}_count"
+  end
+
+  # If you are about to rewrite the following sql queries, think twice. After
+  # that make sure that whatever you are writing to replace it should be faster
+  # than how it is now. Yes, sqls are ugly but are fast! And fast is what we
+  # need here.
+  #
+  # The logic behind this code is to produce a table somewhat like this:
+  # profile_id | rule1_count | rule1_connections | rule2_count | rule2_connections | ... | score |
+  #     12     |      2      |      {32,54}      |      3      |     {8,22,27}     | ... |   13  |
+  #     13     |      4      |   {3,12,32,54}    |      2      |      {11,24}      | ... |   15  |
+  #     14     |             |                   |      2      |      {44,56}      | ... |   17  |
+  #                                        ...
+  #                                        ...
+  #
+  # This table has the suggested profile id and the count and connections of
+  # each rule that made this profile be suggested. Each suggestion has a score
+  # associated based on the rules' counts and rules' weights.
+  #
+  # From this table, we can sort suggestions by the score and save a small
+  # amount of them in the database. At this moment we also register the
+  # connections of each suggestion.
+
+  def self.calculate_suggestions(person)
+    suggested_profiles = all_suggestions(person)
+    return if suggested_profiles.nil?
+
+    already_suggested_profiles = person.profile_suggestions.map(&:suggestion_id).join(',')
+    suggested_profiles = suggested_profiles.where("profiles.id NOT IN (#{already_suggested_profiles})") if already_suggested_profiles.present?
+    #TODO suggested_profiles = suggested_profiles.order('score DESC')
+    suggested_profiles = suggested_profiles.limit(N_SUGGESTIONS)
+    return if suggested_profiles.blank?
+
+    suggested_profiles.each do |suggested_profile|
+      suggestion = person.profile_suggestions.find_or_initialize_by_suggestion_id(suggested_profile.id)
+      RULES.each do |rule, options|
+        begin
+          value = suggested_profile.send("#{rule}_count").to_i
+        rescue NoMethodError
+          next
+        end
+        connections = suggested_profile.send("#{rule}_connections")
+        if connections.present?
+          connections = connections[1..-2].split(',')
+        else
+          connections = []
+        end
+        suggestion.send("#{rule}=", value)
+        connections.each do |connection_id|
+          next if SuggestionConnection.where(:suggestion_id => suggestion.id, :connection_id => connection_id, :connection_type => options[:connection]).present?
+           SuggestionConnection.create!(:suggestion => suggestion, :connection_id => connection_id, :connection_type => options[:connection])
+        end
+        suggestion.score += value * options[:weight]
+      end
+      suggestion.save!
+    end
+  end
+
+  def self.people_with_common_friends(person)
+    person_friends = person.friends.map(&:id)
+    rule = "people_with_common_friends"
+    return if person_friends.blank?
+    "SELECT person_id as #{profile_id(rule)},
+            array_agg(friend_id) as #{connections(rule)},
+            count(person_id) as #{counter(rule)}
+     FROM friendships WHERE friend_id IN (#{person_friends.join(',')})
+     AND person_id NOT IN (#{(person_friends << person.id).join(',')})
+     GROUP BY person_id"
+  end
+
+  def self.people_with_common_communities(person)
+    person_communities = person.communities.map(&:id)
+    rule = "people_with_common_communities"
+    return if person_communities.blank?
+    "SELECT common_members.accessor_id as #{profile_id(rule)},
+            array_agg(common_members.resource_id) as #{connections(rule)},
+            count(common_members.accessor_id) as #{counter(rule)}
+     FROM
+       (SELECT DISTINCT accessor_id, resource_id FROM
+       role_assignments WHERE role_assignments.resource_id IN (#{person_communities.join(',')}) AND
+       role_assignments.accessor_id != #{person.id} AND role_assignments.resource_type = 'Profile' AND
+       role_assignments.accessor_type = 'Profile') AS common_members
+     GROUP BY common_members.accessor_id"
+  end
+
+  def self.people_with_common_tags(person)
+    profile_tags = person.articles.select('tags.id').joins(:tags).map(&:id)
+    rule = "people_with_common_tags"
+    return if profile_tags.blank?
+    "SELECT results.profiles_id as #{profile_id(rule)},
+            array_agg(results.tags_id) as #{connections(rule)},
+            count(results.profiles_id) as #{counter(rule)}
+     FROM (
+       SELECT DISTINCT tags.id as tags_id, profiles.id as profiles_id FROM profiles
+       INNER JOIN articles ON articles.profile_id = profiles.id
+       INNER JOIN taggings ON taggings.taggable_id = articles.id AND taggings.context = ('tags') AND taggings.taggable_type = 'Article'
+       INNER JOIN tags ON tags.id = taggings.tag_id
+       WHERE (tags.id in (#{profile_tags.join(',')}) AND profiles.id != #{person.id})) AS results
+     GROUP BY results.profiles_id"
+  end
+
+  def self.communities_with_common_friends(person)
+    person_friends = person.friends.map(&:id)
+    rule = "communities_with_common_friends"
+    return if person_friends.blank?
+    "SELECT common_communities.resource_id as #{profile_id(rule)},
+            array_agg(common_communities.accessor_id) as #{connections(rule)},
+            count(common_communities.resource_id) as #{counter(rule)}
+     FROM
+       (SELECT DISTINCT accessor_id, resource_id FROM
+       role_assignments WHERE role_assignments.accessor_id IN (#{person_friends.join(',')}) AND
+       role_assignments.accessor_id != #{person.id} AND role_assignments.resource_type = 'Profile' AND
+       role_assignments.accessor_type = 'Profile') AS common_communities
+     GROUP BY common_communities.resource_id"
+  end
+
+  def self.communities_with_common_tags(person)
+    profile_tags = person.articles.select('tags.id').joins(:tags).map(&:id)
+    rule = "communities_with_common_tags"
+    return if profile_tags.blank?
+    "SELECT results.profiles_id as #{profile_id(rule)},
+            array_agg(results.tags_id) as #{connections(rule)},
+            count(results.profiles_id) as #{counter(rule)}
+     FROM
+       (SELECT DISTINCT tags.id as tags_id, profiles.id AS profiles_id FROM profiles
+       INNER JOIN articles ON articles.profile_id = profiles.id
+       INNER JOIN taggings ON taggings.taggable_id = articles.id AND taggings.context = ('tags') AND taggings.taggable_type = 'Article'
+       INNER JOIN tags ON tags.id = taggings.tag_id
+       WHERE (tags.id IN (#{profile_tags.join(',')}) AND profiles.id != #{person.id})) AS results
+     GROUP BY results.profiles_id"
+  end
+
+  def self.all_suggestions(person)
+    select_string = ["profiles.*"]
+    suggestions_join = []
+    where_string = []
+    valid_rules = []
+    previous_rule = nil
+    join_column = nil
+    RULES.each do |rule, options|
+      rule_select = self.send(rule, person)
+      next if !rule_select.present?
+
+      valid_rules << rule
+      select_string << "suggestions.#{counter(rule)} as #{counter(rule)}, suggestions.#{connections(rule)} as #{connections(rule)}"
+      where_string << "#{counter(rule)} >= #{options[:threshold]}"
+      rule_select = "
+        (SELECT profiles.id as #{profile_id(rule)},
+                #{rule}_sub.#{counter(rule)} as #{counter(rule)},
+                #{rule}_sub.#{connections(rule)} as #{connections(rule)}
+        FROM profiles
+        LEFT OUTER JOIN (#{rule_select}) as #{rule}_sub
+        ON profiles.id = #{rule}_sub.#{profile_id(rule)}) AS #{rule}"
+
+      if previous_rule.nil?
+        result = rule_select
+      else
+        result = "INNER JOIN #{rule_select}
+         ON #{previous_rule}.#{profile_id(previous_rule)} = #{rule}.#{profile_id(rule)}"
+      end
+      previous_rule = rule
+      suggestions_join << result
+    end
+
+    return if valid_rules.blank?
+
+    select_string = select_string.compact.join(',')
+    join_string = "INNER JOIN (SELECT * FROM #{suggestions_join.compact.join(' ')}) AS suggestions ON profiles.id = suggestions.#{profile_id(valid_rules.first)}"
+    where_string = where_string.compact.join(' OR ')
+
+    person.environment.profiles.
+      select(select_string).
+      joins(join_string).
+      where(where_string)
+  end
+
+  def disable
+    self.enabled = false
+    self.save!
+    self.class.generate_profile_suggestions(self.person)
+  end
+
+  def self.generate_all_profile_suggestions
+    Delayed::Job.enqueue(ProfileSuggestion::GenerateAllJob.new) unless ProfileSuggestion::GenerateAllJob.exists?
+  end
+
+  def self.generate_profile_suggestions(person, force = false)
+    return if person.profile_suggestions.enabled.count >= MIN_LIMIT && !force
+    Delayed::Job.enqueue ProfileSuggestionsJob.new(person.id) unless ProfileSuggestionsJob.exists?(person.id)
+  end
+
+  class GenerateAllJob
+    def self.exists?
+      Delayed::Job.by_handler("--- !ruby/object:ProfileSuggestion::GenerateAllJob {}\n").count > 0
+    end
+
+    def perform
+      Person.find_each {|person| ProfileSuggestion.generate_profile_suggestions(person) }
+    end
+  end
+
+end
@@ -3,7 +3,7 @@ class Qualifier &lt; ActiveRecord::Base
   attr_accessible :name, :environment
  
   SEARCHABLE_FIELDS = {
-    :name => 1,
+    :name => {:label => _('Name'), :weight => 1},
   }
  
   belongs_to :environment
@@ -3,7 +3,7 @@ class Scrap &lt; ActiveRecord::Base
   attr_accessible :content, :sender_id, :receiver_id, :scrap_id
  
   SEARCHABLE_FIELDS = {
-    :content => 1,
+    :content => {:label => _('Content'), :weight => 1},
   }
   validates_presence_of :content
   validates_presence_of :sender_id, :receiver_id
@@ -25,7 +25,7 @@ class Scrap &lt; ActiveRecord::Base
  
   after_create do |scrap|
     scrap.root.update_attribute('updated_at', DateTime.now) unless scrap.root.nil?
-    Scrap::Notifier.notification(scrap).deliver if scrap.send_notification?
+    ScrapNotifier.notification(scrap).deliver if scrap.send_notification?
   end
  
   before_validation :strip_all_html_tags
@@ -0,0 +1,63 @@
+class SearchTerm < ActiveRecord::Base
+  validates_presence_of :term, :context
+  validates_uniqueness_of :term, :scope => [:context_id, :context_type, :asset]
+
+  belongs_to :context, :polymorphic => true
+  has_many :occurrences, :class_name => 'SearchTermOccurrence'
+
+  attr_accessible :term, :context, :asset
+
+  def self.calculate_scores
+    os = occurrences_scores
+    find_each { |search_term| search_term.calculate_score(os) }
+  end
+
+  def self.find_or_create(term, context, asset='all')
+    context.search_terms.where(:term => term, :asset => asset).first || context.search_terms.create!(:term => term, :asset=> asset)
+  end
+
+  # Fast way of getting the occurrences score for each search_term. Ugly but fast!
+  #
+  # Each occurrence of a search_term has a score that is smaller the older the
+  # occurrence happened. We subtract the amount of time between now and the
+  # moment it happened from the total time any occurrence is valid to happen. E.g.:
+  # The expiration time is 100 days and an occurrence happened 3 days ago.
+  # Therefore the score is 97. Them we sum every score to get the total score
+  # for a search term.
+  def self.occurrences_scores
+    ActiveSupport::OrderedHash[*ActiveRecord::Base.connection.execute(
+      joins(:occurrences).
+      select("search_terms.id, sum(#{SearchTermOccurrence::EXPIRATION_TIME.to_i} - extract(epoch from (now() - search_term_occurrences.created_at))) as value").
+      where("search_term_occurrences.created_at > ?", DateTime.now - SearchTermOccurrence::EXPIRATION_TIME).
+      group("search_terms.id").
+      order('value DESC').
+      to_sql
+    ).map {|result| [result['id'].to_i, result['value'].to_i]}.flatten]
+  end
+
+  def calculate_occurrence(occurrences_scores)
+    max_score = occurrences_scores.first[1]
+    (occurrences_scores[id]/max_score.to_f)*100
+  end
+
+  def calculate_relevance(valid_occurrences)
+    indexed = valid_occurrences.last.indexed.to_f
+    return 0 if indexed == 0
+    total = valid_occurrences.last.total.to_f
+    (1 - indexed/total)*100
+  end
+
+  def calculate_score(occurrences_scores)
+    valid_occurrences = occurrences.valid
+    if valid_occurrences.present?
+      # These scores vary from 1~100
+      self.occurrence_score = calculate_occurrence(occurrences_scores)
+      self.relevance_score = calculate_relevance(valid_occurrences)
+    else
+      self.occurrence_score = 0
+      self.relevance_score = 0
+    end
+    self.score = (occurrence_score * relevance_score)/100.0
+    self.save!
+  end
+end
@@ -0,0 +1,9 @@
+class SearchTermOccurrence < ActiveRecord::Base
+  belongs_to :search_term
+  validates_presence_of :search_term
+  attr_accessible :search_term, :created_at, :total, :indexed
+
+  EXPIRATION_TIME = 1.year
+
+  scope :valid, :conditions => ["search_term_occurrences.created_at > ?", DateTime.now - EXPIRATION_TIME]
+end
@@ -0,0 +1,6 @@
+class SuggestionConnection < ActiveRecord::Base
+  attr_accessible :suggestion, :connection_type, :connection_id
+
+  belongs_to :suggestion, :class_name => 'ProfileSuggestion', :foreign_key => 'suggestion_id'
+  belongs_to :connection, :polymorphic => true
+end
 require 'noosfero/translatable_content'
  
-# a base class for all text article types.  
+# a base class for all text article types.
 class TextArticle < Article
  
   xss_terminate :only => [ :name ], :on => 'validation'
@@ -26,10 +26,10 @@ class TextArticle &lt; Article
   before_save :set_relative_path
  
   def set_relative_path
-    parsed = Hpricot(self.body.to_s)
-    parsed.search('img[@src]').map { |i| change_element_path(i, 'src') }
-    parsed.search('a[@href]').map { |i| change_element_path(i, 'href') }
-    self.body = parsed.to_s
+    parsed = Nokogiri::HTML.fragment(self.body.to_s)
+    parsed.css('img[src]').each { |i| change_element_path(i, 'src') }
+    parsed.css('a[href]').each { |i| change_element_path(i, 'href') }
+    self.body = parsed.to_html
   end
  
   def change_element_path(el, attribute)
@@ -11,6 +11,10 @@ class User &lt; ActiveRecord::Base
   N_('Password confirmation')
   N_('Terms accepted')
  
+  SEARCHABLE_FIELDS = {
+    :email => {:label => _('Email'), :weight => 5},
+  }
+
   def self.[](login)
     self.find_by_login(login)
   end
@@ -50,7 +54,7 @@ class User &lt; ActiveRecord::Base
  
       user.person = p
     end
-    if user.environment.enabled?('skip_new_user_email_confirmation') 
+    if user.environment.enabled?('skip_new_user_email_confirmation')
       if user.environment.enabled?('admin_must_approve_new_users')
         create_moderate_task
       else
@@ -98,6 +102,7 @@ class User &lt; ActiveRecord::Base
   validates_length_of       :email,    :within => 3..100, :if => (lambda {|user| !user.email.blank?})
   validates_uniqueness_of   :login, :email, :case_sensitive => false, :scope => :environment_id
   before_save :encrypt_password
+  before_save :normalize_email, if: proc{ |u| u.email.present? }
   validates_format_of :email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda {|user| !user.email.blank?})
  
   validates_inclusion_of :terms_accepted, :in => [ '1' ], :if => lambda { |u| ! u.terms_of_use.blank? }, :message => N_('{fn} must be checked in order to signup.').fix_i18n
@@ -110,6 +115,10 @@ class User &lt; ActiveRecord::Base
     u && u.authenticated?(password) ? u : nil
   end
  
+  def register_login
+    self.update_attribute :last_login_at, Time.now
+  end
+
   # Activates the user in the database.
   def activate
     return false unless self.person
@@ -328,6 +337,11 @@ class User &lt; ActiveRecord::Base
   end
  
   protected
+
+    def normalize_email
+      self.email = self.email.squish.downcase
+    end
+
     # before filter
     def encrypt_password
       return if password.blank?
@@ -355,6 +369,6 @@ class User &lt; ActiveRecord::Base
  
     def delay_activation_check
       return if person.is_template?
-      Delayed::Job.enqueue(UserActivationJob.new(self.id), {:priority => 0, :run_at => 72.hours.from_now})
+      Delayed::Job.enqueue(UserActivationJob.new(self.id), {:priority => 0, :run_at => (NOOSFERO_CONF['hours_until_user_activation_check'] || 72).hours.from_now})
     end
 end
 <%= labelled_form_for :user,
    :url => { :controller => 'account', :action => (params[:enterprise_code] ? 'activate_enterprise' : 'login') }  do |f| %>
  
-<%= f.text_field :login,
-                 :id => ( lightbox? ? 'lightbox_' : '' ) + 'user_login',
-                 :onchange => 'this.value = convToValidLogin( this.value )' %>
+<%= f.text_field :login, :id => 'user_login', :onchange => 'this.value = convToValidLogin( this.value )' %>
  
-<%= f.password_field :password,
-                     :id => ( lightbox? ? 'lightbox_' : '' ) + 'user_password' %>
+<%= f.password_field :password, :id => 'user_password' %>
  
 <% if params[:enterprise_code] %>
   <%= hidden_field_tag :enterprise_code, params[:enterprise_code] %>
@@ -16,7 +13,7 @@
  
 <% button_bar do %>
   <%= submit_button( 'login', _('Log in') )%>
-  <%= lightbox_close_button(_('Cancel')) if lightbox? %>
+  <%= modal_close_button _('Cancel') if request.xhr? %>
 <% end %>
  
 <% end %>
@@ -16,7 +16,7 @@
 <input type="hidden" id="signup_time_key" name="signup_time_key" />
 <script type="text/javascript">
   jQuery.ajax({
-    type: "POST",
+    type: "GET",
     url: "<%= url_for :controller=>'account', :action=>'signup_time' %>",
     dataType: 'json',
     success: function(data) {
@@ -7,8 +7,8 @@
 <p><%= _('Do you have a personal user account in the system?') %></p>
  
 <div id="enterprise-activation-create-user-or-login-button">
-  <%= button_to_function 'login', _('Yes'), "$('enterprise-activation-create-user-form').hide(); $('enterprise-activation-login-form').show()" %> 
-  <%= button_to_function 'add', _('No'),  "$('enterprise-activation-login-form').hide(); $('enterprise-activation-create-user-form').show()" %>
+  <%= button_to_function 'login', _('Yes'), "jQuery('#enterprise-activation-create-user-form').hide(); jQuery('#enterprise-activation-login-form').show()" %>
+  <%= button_to_function 'add', _('No'),  "jQuery('#enterprise-activation-login-form').hide(); jQuery('#enterprise-activation-create-user-form').show()" %>
 </div>
  
 <div id="enterprise-activation-create-user-form" style="display: none">
 <h1><%= _('Identify yourself') %></h1>
  
 <p>
-<%= lightbox_link_to _('Login.'), { :controller => 'account', :action => 'login_popup' } %>
+<%= modal_link_to _('Login.'), { :controller => 'account', :action => 'login_popup' } %>
  
 <%= _('You need to login to be able to use all the features in this environment.') %>
 </p>
@@ -3,11 +3,11 @@
 <h2><%= _('Login') %></h2>
  
 <% @user ||= User.new %>
-<% is_thickbox ||= false %>
+<% is_popin ||= false %>
  
 <%= @message %>
  
-<%= labelled_form_for :user, :url => login_url do |f| %>
+<%= labelled_form_for :user, :url => login_url, :horizontal => true do |f| %>
  
      <%= f.text_field :login, :id => 'main_user_login', :onchange => 'this.value = convToValidLogin( this.value )', :value => params[:userlogin] %>
  
@@ -17,8 +17,8 @@
  
      <% button_bar do %>
        <%= submit_button( 'login', _('Log in') )%>
-       <% if is_thickbox %>
-         <%= thickbox_close_button(_('Cancel')) %>
+       <% if is_popin %>
+         <%= modal_close_button(_('Cancel')) %>
        <% end %>
      <% end %>
  
@@ -20,9 +20,7 @@
       <% button_bar do %>
         <%= submit_button( 'login', _('Log in') )%>
         <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
-          <%= link_to content_tag( 'span', _('New user') ),
-              { :controller => 'account', :action => 'signup' },
-              :class => 'button with-text icon-add' %>
+          <%= button(:add, _('New user'), { :controller => 'account', :action => 'signup' }) %>
         <% end %>
       <% end %>
  
@@ -2,6 +2,6 @@
 <p>
 <% button_bar do %>
   <%= button :ok, _('Yes'), { :controller => 'account', :action => 'logout' } %>
-  <%= lightbox_close_button _('No, I want to stay.') %>
+  <%= modal_close_button _('No, I want to stay.') %>
 <% end %>
 </p>
-<% if @register_pending %>
-  <div id='thanks-for-signing'>
-    <% if environment.has_custom_welcome_screen? %>
-      <%= environment.settings[:signup_welcome_screen_body].html_safe %>
-    <% elsif environment.enabled?('admin_must_approve_new_users')%>
-      <h1><%= _("Welcome to %s!") % environment.name %></h1>
-      <h3><%= _("Thanks for signing up, we're thrilled to have you on our social network!") %></h3>
-      <p><%= _("Firstly, some tips for getting started:") %></p>
-      <% unless environment.enabled?('skip_new_user_email_confirmation') %>
-        <h4><%= _("Confirm your account and wait for admin approvement!") %></h4>
-        <p><%= _("You should receive a welcome email from us shortly. Please take a second to follow the link within to confirm your account.") %></p>
-        <p><%= _("You won't appear as %s until your account is confirmed and approved.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
-      <% else %>
-        <h4><%= _("Wait for admin approvement!") %></h4>
-        <p><%= _("The administrators will evaluate your signup request for approvement.") %></p>
-        <p><%= _("You won't appear as %s until your account is approved.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
-      <% end %> 
-      <h4><%= _("What to do next?") %></h4>
-      <p><%= _("%s. Upload an avatar and let your friends find you easily :)") % link_to(_('Customize your profile'), {:controller => 'doc', :section => 'user', :topic => 'editing-person-info'}, :target => '_blank') %></p>
-      <p><%= _("Learn the guidelines. Read the %s for more details on how to use this social network!") % link_to(_('Documentation'), {:controller => 'doc'}, :target => '_blank') %></p>
-      <p><%= _("%s your Gmail, Yahoo and Hotmail contacts!") % link_to(_('Invite and find'), {:controller => 'doc', :section => 'user', :topic => 'invite-contacts'}, :target => '_blank') %></p>
-      <p><%= _("Start exploring and have fun!") %></p>
-    <% else %>
-      <h1><%= _("Welcome to %s!") % environment.name %></h1>
-      <h3><%= _("Thanks for signing up, we're thrilled to have you on our social network!") %></h3>
-      <p><%= _("Firstly, some tips for getting started:") %></p>
-      <h4><%= _("Confirm your account!") %></h4>
-      <p><%= _("You should receive a welcome email from us shortly. Please take a second to follow the link within to confirm your account.") %></p>
-      <p><%= _("You won't appear as %s until your account is confirmed.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
-      <h4><%= _("What to do next?") %></h4>
-      <p><%= _("%s. Upload an avatar and let your friends find you easily :)") % link_to(_('Customize your profile'), {:controller => 'doc', :section => 'user', :topic => 'editing-person-info'}, :target => '_blank') %></p>
-      <p><%= _("Learn the guidelines. Read the %s for more details on how to use this social network!") % link_to(_('Documentation'), {:controller => 'doc'}, :target => '_blank') %></p>
-      <p><%= _("%s your Gmail, Yahoo and Hotmail contacts!") % link_to(_('Invite and find'), {:controller => 'doc', :section => 'user', :topic => 'invite-contacts'}, :target => '_blank') %></p>
-      <p><%= _("Start exploring and have fun!") %></p>
-    <% end %>
-  </div>
-<% else %>
-  <h1><%= _('Sign up for %s!') % environment.name %></h1>
-  <%= render :partial => 'signup_form' %>
-<% end %>
+<h1><%= _('Sign up for %s!') % environment.name %></h1>
+<%= render :partial => 'signup_form' %>
 <div class='description'>
-  <%= _('This text will be showed as a welcome message to users after signup') %><br/><br/>
+  <%= _('If you enable this feature on the "Features" section of the Administration Panel, this text will be shown as a welcome message to users after signup.') %>
 </div>
-
 <%= labelled_form_field(_('Body'), text_area(:environment, :signup_welcome_screen_body, :cols => 40, :style => 'width: 100%', :class => 'mceEditor')) %>
+
+<div class='description'>
+  <%= _('If this content is left blank, the following page will be displayed to the user:') %>
+</div>
+
+<%= render :file => 'home/welcome', :locals => {:default_message => true} %>
@@ -18,7 +18,7 @@
       <%= button 'ok', _('Enable'), {:action => 'manage_portal_community', :activate => 1} %>
     <% end %>
     <%= button 'folder', _('Select Portal Folders'), {:action => 'set_portal_folders'} %>
-    <%= button 'edit', _('Define Amount by Folder'), {:action => 'set_portal_news_amount'} %>
+    <%= button 'edit', _('Define news amount on portal'), {:action => 'set_portal_news_amount'} %>
     <%= button 'delete', _('Remove'), { :action => 'unset_portal_community'} %>
   <% end %>
 <% end %>
1	1	source "https://rubygems.org"
2		-gem 'rails', '~> 3.2.19'
	2	+gem 'rails', '~> 3.2.21'
	3	+gem 'minitest', '~> 3.2.0'
3	4	gem 'fast_gettext', '~> 0.6.8'
4		-gem 'acts-as-taggable-on', '~> 3.0.2'
5		-gem 'prototype-rails', '~> 3.2.1'
6		-gem 'prototype_legacy_helper', '0.0.0', :path => 'vendor/prototype_legacy_helper'
	5	+gem 'acts-as-taggable-on', '~> 3.4.2'
7	6	gem 'rails_autolink', '~> 1.1.5'
8	7	gem 'pg', '~> 0.13.2'
9	8	gem 'rmagick', '~> 2.13.1'
...	...	@@ -12,16 +11,14 @@ gem 'will_paginate', '~> 3.0.3'
12	11	gem 'ruby-feedparser', '~> 0.7'
13	12	gem 'daemons', '~> 1.1.5'
14	13	gem 'thin', '~> 1.3.1'
15		-gem 'hpricot', '~> 0.8.6'
16	14	gem 'nokogiri', '~> 1.5.5'
17	15	gem 'rake', :require => false
18	16	gem 'rest-client', '~> 1.6.7'
19	17	gem 'exception_notification', '~> 4.0.1'
20	18	gem 'gettext', '~> 2.2.1', :require => false, :group => :development
21	19	gem 'locale', '~> 2.0.5'
22		-
23		-# FIXME list here all actual dependencies (i.e. the ones in debian/control),
24		-# with their GEM names (not the Debian package names)
	20	+gem 'whenever', :require => false
	21	+gem 'eita-jrails', '>= 0.9.5', :require => 'jrails'
25	22
26	23	group :production do
27	24	gem 'dalli', '~> 2.7.0'
...	...	@@ -41,6 +38,9 @@ group :cucumber do
41	38	gem 'selenium-webdriver', '~> 2.39.0'
42	39	end
43	40
	41	+# Requires custom dependencies
	42	+eval(File.read('config/Gemfile'), binding) rescue nil
	43	+
44	44	# include gemfiles from enabled plugins
45	45	# plugins in baseplugins/ are not included on purpose. They should not have any
46	46	# dependencies.
...	...
...	...	@@ -21,7 +21,7 @@ Noosfero is written in Ruby with the "[Rails framework](http://www.rubyonrails.o
21	21	You need to install some packages Noosfero depends on. On Debian GNU/Linux or Debian-based systems, all of these packages are available through the Debian archive. You can install them with the following command:
22	22
23	23	# apt-get install ruby rake po4a libgettext-ruby-util libgettext-ruby1.8 \
24		- libsqlite3-ruby rcov librmagick-ruby libredcloth-ruby libhpricot-ruby \
	24	+ libsqlite3-ruby rcov librmagick-ruby libredcloth-ruby \
25	25	libwill-paginate-ruby iso-codes libfeedparser-ruby libdaemons-ruby thin \
26	26	tango-icon-theme
27	27
...	...	@@ -40,7 +40,6 @@ On other systems, they may or may not be available through your regular package
40	40	* Daemons - http://daemons.rubyforge.org
41	41	* Thin: http://code.macournoyer.com/thin
42	42	* tango-icon-theme: http://tango.freedesktop.org/Tango_Icon_Library
43		-* Hpricot: http://hpricot.com
44	43
45	44	If you manage to install Noosfero successfully on other systems than Debian,
46	45	please feel free to contact the Noosfero development mailing with the
...	...
...	...	@@ -26,7 +26,7 @@ The file config/database.yml must follow a structure in order to achieve multite
26	26
27	27	Each "hosted" environment must have an entry like this:
28	28
29		- env1_production:
	29	+ env1_production: &DEFAULT
30	30	adapter: postgresql
31	31	encoding: unicode
32	32	database: noosfero
...	...	@@ -61,7 +61,7 @@ The "hosted" environments define, besides the `schema_search_path`, a list of do
61	61	You must also tell the application which is the default environment.
62	62
63	63	production:
64		- env1_production
	64	+ <<: *DEFAULT
65	65
66	66	On the example above there are only three hosted environments, but it can be more than three. The schemas `env2` and `env3` must already exist in the same database of the hosting environment. As postgres user, you can create them typing:
67	67
...	...
...	...	@@ -1,41 +0,0 @@
1		-* ruby-get-text incmopatible with rails3. Maybe we can use it's gem
2		-
3		-* all js code is inside miscellaneous.js. Would be nice to refactor this
4		-
5		-* rails 2 uses prototype instead of jquery
6		-
7		-* config/environment.rb maybe still have some code that should be on the initializers
8		-
9		-* initializers session_store.rb inflections.rb... don't exist
10		-
11		-* rails gems version have to be forced on Gemfile or it will use incompatible pre3vious versions (3.1.3)
12		-
13		-* Sweepers are now natively supported on Rails 3. Would be nice to refactor it
14		-
15		-* On Rails 3 it is no more possible to add allowed tags to avoid scape. The html_safe initializer is an option.
16		-
17		-* error when call sqlite_extensiosn
18		-
19		-* error related to action_tracker
20		-
21		-* check FIXME's in script/quick-start
22		-
23		-* check FIXME's in Gemfile
24		-
25		-* Check the FIXME in config/routes.rb
26		-
27		-* rewrite conditional routing. See FIXME in lib/route_if.rb and re-implement using the Rails 3 mechanism - http://guides.rubyonrails.org/routing.html#advanced-constraints
28		-
29		-* check FIXME's in config/environment.rb
30		-
31		-* xss_terminate sucks. We should replace it with the builtin mechanism in Rails 3
32		-
33		-* instance_eval on Ruby 1.9 yields self, so lambdas that are passed to instance_eval and do not accept exactly 1 argument will blow up. See http://www.ruby-forum.com/topic/213313 ... search for instance_eval and fix where necessary. In special, most of the blocks still need fixing.
34		-
35		-* all instances of <% *_form_for ... %> must be changed to <%= instead of <%
36		-
37		-* all ActiveRecord models have to declare explicitly which attributes must be allowed for mass assignment with attr_accessible.
38		-
39		-* check if we need to update config/locales/*
40		-
41		-* check observe_field and labelled_form_for in app/helpers/application_helper.rb
...	...	@@ -0,0 +1,10 @@
	1	+# Noosfero security
	2	+
	3	+## Reporting security issues in Noosfero
	4	+
	5	+Security vulnerabilities should be reported via an email to
	6	+noosfero-security@listas.softwarelivre.org, which ia a private mailing list.
	7	+Reported problems will be published after fixes are available.
	8	+
	9	+The members of the mailing list are people who provide Noosfero (Noosfero
	10	+committers, mainly).
...	...
...	...	@@ -87,6 +87,6 @@ class AdminPanelController < AdminController
87	87	scope = scope.order('name ASC')
88	88
89	89	@q = params[:q]
90		- @collection = find_by_contents(:organizations, scope, @q, {:per_page => 10, :page => params[:npage]})[:results]
	90	+ @collection = find_by_contents(:organizations, environment, scope, @q, {:per_page => 10, :page => params[:npage]})[:results]
91	91	end
92	92	end
...	...
...	...	@@ -33,7 +33,7 @@ class RegionValidatorsController < AdminController
33	33	def load_region_and_search
34	34	@region = environment.regions.find(params[:id])
35	35	if params[:search]
36		- @search = find_by_contents(:organizations, Organization, params[:search])[:results].reject {\|item\| @region.validator_ids.include?(item.id) }
	36	+ @search = find_by_contents(:organizations, environment, Organization, params[:search])[:results].reject {\|item\| @region.validator_ids.include?(item.id) }
37	37	end
38	38	end
39	39
...	...
...	...	@@ -18,7 +18,7 @@ class UsersController < AdminController
18	18	end
19	19	scope = scope.order('name ASC')
20	20	@q = params[:q]
21		- @collection = find_by_contents(:people, scope, @q, {:per_page => per_page, :page => params[:npage]})[:results]
	21	+ @collection = find_by_contents(:people, environment, scope, @q, {:per_page => per_page, :page => params[:npage]})[:results]
22	22	end
23	23
24	24	def set_admin_role
...	...
...	...	@@ -28,6 +28,7 @@ class ApplicationController < ActionController::Base
28	28	unless environment.access_control_allow_methods.blank?
29	29	response.headers["Access-Control-Allow-Methods"] = environment.access_control_allow_methods
30	30	end
	31	+ response.headers["Access-Control-Allow-Credentials"] = 'true'
31	32	elsif environment.restrict_to_access_control_origins
32	33	render_access_denied _('Origin not in allowed.')
33	34	end
...	...	@@ -59,15 +60,7 @@ class ApplicationController < ActionController::Base
59	60	helper :document
60	61	helper :language
61	62
62		- def self.no_design_blocks
63		- @no_design_blocks = true
64		- end
65		- def self.uses_design_blocks?
66		- !@no_design_blocks
67		- end
68		- def uses_design_blocks?
69		- !@no_design_blocks && self.class.uses_design_blocks?
70		- end
	63	+ include DesignHelper
71	64
72	65	# Be sure to include AuthenticationSystem in Application Controller instead
73	66	include AuthenticatedSystem
...	...	@@ -183,21 +176,19 @@ class ApplicationController < ActionController::Base
183	176	end
184	177	end
185	178
186		- def find_by_contents(asset, scope, query, paginate_options={:page => 1}, options={})
187		- plugins.dispatch_first(:find_by_contents, asset, scope, query, paginate_options, options) \|\|
188		- fallback_find_by_contents(asset, scope, query, paginate_options, options)
189		- end
	179	+ include SearchTermHelper
190	180
191		- private
	181	+ def find_by_contents(asset, context, scope, query, paginate_options={:page => 1}, options={})
	182	+ search = plugins.dispatch_first(:find_by_contents, asset, scope, query, paginate_options, options)
	183	+ register_search_term(query, scope.count, search[:results].count, context, asset)
	184	+ search
	185	+ end
192	186
193		- def fallback_find_by_contents(asset, scope, query, paginate_options, options)
194		- scope = scope.like_search(query) unless query.blank?
195		- scope = scope.send(options[:filter]) unless options[:filter].blank?
196		- {:results => scope.paginate(paginate_options)}
	187	+ def find_suggestions(query, context, asset, options={})
	188	+ plugins.dispatch_first(:find_suggestions, query, context, asset, options)
197	189	end
198	190
199	191	def private_environment?
200	192	@environment.enabled?(:restrict_to_members)
201	193	end
202		-
203	194	end
...	...
...	...	@@ -23,6 +23,9 @@ class CmsController < MyProfileController
23	23	end
24	24
25	25	before_filter :login_required, :except => [:suggest_an_article]
	26	+ before_filter :load_recent_files, :only => [:new, :edit]
	27	+
	28	+ helper_method :file_types
26	29
27	30	protect_if :only => :upload_files do \|c, user, profile\|
28	31	article_id = c.params[:parent_id]
...	...	@@ -30,7 +33,7 @@ class CmsController < MyProfileController
30	33	(user && (user.has_permission?('post_content', profile) \|\| user.has_permission?('publish_content', profile)))
31	34	end
32	35
33		- protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new] do \|c, user, profile\|
	36	+ protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :publish_on_portal_community, :publish_on_communities, :search_communities_to_publish, :upload_files, :new] do \|c, user, profile\|
34	37	user && (user.has_permission?('post_content', profile) \|\| user.has_permission?('publish_content', profile))
35	38	end
36	39
...	...	@@ -40,7 +43,7 @@ class CmsController < MyProfileController
40	43	(user && (user.has_permission?('post_content', profile) \|\| user.has_permission?('publish_content', profile)))
41	44	end
42	45
43		- protect_if :only => [:destroy, :publish] do \|c, user, profile\|
	46	+ protect_if :only => :destroy do \|c, user, profile\|
44	47	profile.articles.find(c.params[:id]).allow_post_content?(user)
45	48	end
46	49
...	...	@@ -117,7 +120,7 @@ class CmsController < MyProfileController
117	120	@success_back_to = params[:success_back_to]
118	121	# user must choose an article type first
119	122
120		- @parent = profile.articles.find(params[:parent_id]) if params && params[:parent_id]
	123	+ @parent = profile.articles.find(params[:parent_id]) if params && params[:parent_id].present?
121	124	record_coming
122	125	@type = params[:type]
123	126	if @type.blank?
...	...	@@ -163,7 +166,10 @@ class CmsController < MyProfileController
163	166	if continue
164	167	redirect_to :action => 'edit', :id => @article
165	168	else
166		- success_redirect
	169	+ respond_to do \|format\|
	170	+ format.html { success_redirect }
	171	+ format.json { render :text => {:id => @article.id, :full_name => profile.identifier + '/' + @article.full_name}.to_json }
	172	+ end
167	173	end
168	174	return
169	175	end
...	...	@@ -256,28 +262,53 @@ class CmsController < MyProfileController
256	262	render :template => 'shared/update_categories', :locals => { :category => @current_category, :object_name => 'article' }
257	263	end
258	264
	265	+ def search_communities_to_publish
	266	+ render :text => find_by_contents(:profiles, environment, user.memberships, params['q'], {:page => 1}, {:fields => ['name']})[:results].map {\|community\| {:id => community.id, :name => community.name} }.to_json
	267	+ end
	268	+
259	269	def publish
260	270	@article = profile.articles.find(params[:id])
261	271	record_coming
262		- @groups = profile.memberships - [profile]
263		- @marked_groups = []
264		- groups_ids = profile.memberships.map{\|m\|m.id.to_s}
265		- @marked_groups = params[:marked_groups].map do \|key, item\|
266		- if groups_ids.include?(item[:group_id])
267		- item.merge :group => Profile.find(item.delete(:group_id))
	272	+ @failed = {}
	273	+ if request.post?
	274	+ article_name = params[:name]
	275	+ task = ApproveArticle.create!(:article => @article, :name => article_name, :target => user, :requestor => user)
	276	+ begin
	277	+ task.finish
	278	+ rescue Exception => ex
	279	+ @failed[ex.message] ? @failed[ex.message] << @article.name : @failed[ex.message] = [@article.name]
	280	+ task.cancel
	281	+ end
	282	+ if @failed.blank?
	283	+ session[:notice] = _("Your publish request was sent successfully")
	284	+ if @back_to
	285	+ redirect_to @back_to
	286	+ else
	287	+ redirect_to @article.view_url
	288	+ end
268	289	end
269		- end.compact unless params[:marked_groups].nil?
	290	+ end
	291	+ end
	292	+
	293	+ def publish_on_communities
270	294	if request.post?
	295	+ @back_to = params[:back_to]
	296	+ @article = profile.articles.find(params[:id])
271	297	@failed = {}
	298	+ article_name = params[:name]
	299	+ params_marked = (params['q'] \|\| '').split(',').select { \|marked\| user.memberships.map(&:id).include? marked.to_i }
	300	+ @marked_groups = Profile.find(params_marked)
272	301	if @marked_groups.empty?
	302	+ redirect_to @back_to
273	303	return session[:notice] = _("Select some group to publish your article")
274	304	end
275	305	@marked_groups.each do \|item\|
276		- task = ApproveArticle.create!(:article => @article, :name => item[:name], :target => item[:group], :requestor => profile)
	306	+ task = ApproveArticle.create!(:article => @article, :name => article_name, :target => item, :requestor => user)
277	307	begin
278		- task.finish unless item[:group].moderated_articles?
	308	+ task.finish unless item.moderated_articles?
279	309	rescue Exception => ex
280		- @failed[ex.message] ? @failed[ex.message] << item[:group].name : @failed[ex.message] = [item[:group].name]
	310	+ @failed[ex.message] ? @failed[ex.message] << item.name : @failed[ex.message] = [item.name]
	311	+ task.cancel
281	312	end
282	313	end
283	314	if @failed.blank?
...	...	@@ -287,23 +318,27 @@ class CmsController < MyProfileController
287	318	else
288	319	redirect_to @article.view_url
289	320	end
	321	+ else
	322	+ session[:notice] = _("Some of your publish requests couldn't be sent.")
	323	+ render :action => 'publish'
290	324	end
291	325	end
292	326	end
293	327
294	328	def publish_on_portal_community
295		- @article = profile.articles.find(params[:id])
296	329	if request.post?
297		- if environment.portal_community
	330	+ @article = profile.articles.find(params[:id])
	331	+ if environment.portal_enabled
298	332	task = ApproveArticle.create!(:article => @article, :name => params[:name], :target => environment.portal_community, :requestor => user)
299	333	begin
300	334	task.finish unless environment.portal_community.moderated_articles?
301		- flash[:notice] = _("Your publish request was sent successfully")
	335	+ session[:notice] = _("Your publish request was sent successfully")
302	336	rescue
303		- flash[:error] = _("Your publish request couldn't be sent.")
	337	+ session[:notice] = _("Your publish request couldn't be sent.")
	338	+ task.cancel
304	339	end
305	340	else
306		- flash[:notice] = _("There is no portal community to publish your article.")
	341	+ session[:notice] = _("There is no portal community to publish your article.")
307	342	end
308	343
309	344	if @back_to
...	...	@@ -331,7 +366,7 @@ class CmsController < MyProfileController
331	366
332	367	def search
333	368	query = params[:q]
334		- results = find_by_contents(:uploaded_files, profile.files.published, query)[:results]
	369	+ results = find_by_contents(:uploaded_files, profile, profile.files.published, query)[:results]
335	370	render :text => article_list_to_json(results), :content_type => 'application/json'
336	371	end
337	372
...	...	@@ -342,15 +377,26 @@ class CmsController < MyProfileController
342	377	end
343	378
344	379	def media_upload
345		- files_uploaded = []
346	380	parent = check_parent(params[:parent_id])
347		- files = [:file1,:file2, :file3].map { \|f\| params[f] }.compact
348	381	if request.post?
349		- files.each do \|file\|
350		- files_uploaded << UploadedFile.create(:uploaded_data => file, :profile => profile, :parent => parent) unless file == ''
	382	+ begin
	383	+ @file = UploadedFile.create!(:uploaded_data => params[:file], :profile => profile, :parent => parent) unless params[:file] == ''
	384	+ @file = FilePresenter.for(@file)
	385	+ rescue Exception => exception
	386	+ render :text => exception.to_s, :status => :bad_request
351	387	end
352	388	end
353		- render :text => article_list_to_json(files_uploaded), :content_type => 'text/plain'
	389	+ end
	390	+
	391	+ def published_media_items
	392	+ load_recent_files(params[:parent_id], params[:q])
	393	+ render :partial => 'published_media_items'
	394	+ end
	395	+
	396	+ def view_all_media
	397	+ paginate_options = {:page => params[:page].blank? ? 1 : params[:page] }
	398	+ @key = params[:key].to_sym
	399	+ load_recent_files(params[:parent_id], params[:q], paginate_options)
354	400	end
355	401
356	402	protected
...	...	@@ -445,4 +491,36 @@ class CmsController < MyProfileController
445	491	end
446	492	end
447	493
	494	+ def file_types
	495	+ {:images => _('Images'), :generics => _('Files')}
	496	+ end
	497	+
	498	+ def load_recent_files(parent_id = nil, q = nil, paginate_options = {:page => 1, :per_page => 6})
	499	+ #TODO Since we only have special support for images, I'm limiting myself to
	500	+ # consider generic files as non-images. In the future, with more supported
	501	+ # file types we'll need to have a smart way to fetch from the database
	502	+ # scopes of each supported type as well as the non-supported types as a
	503	+ # whole.
	504	+ @recent_files = {}
	505	+
	506	+ parent = parent_id.present? ? profile.articles.find(parent_id) : nil
	507	+ if parent.present?
	508	+ files = parent.children.files
	509	+ else
	510	+ files = profile.files
	511	+ end
	512	+
	513	+ files = files.reorder('created_at DESC')
	514	+ images = files.images
	515	+ generics = files.no_images
	516	+
	517	+ if q.present?
	518	+ @recent_files[:images] = find_by_contents(:images, profile, images, q, paginate_options)[:results]
	519	+ @recent_files[:generics] = find_by_contents(:generics, profile, generics, q, paginate_options)[:results]
	520	+ else
	521	+ @recent_files[:images] = images.paginate(paginate_options)
	522	+ @recent_files[:generics] = generics.paginate(paginate_options)
	523	+ end
	524	+ end
	525	+
448	526	end
...	...