Merge branch 'master' into AI3205-comment-paragraph

Leandro Santos
2 parents 6c96c297 c5b5a296
Showing 1052 changed files with 54048 additions and 21919 deletions Show diff stats
Gemfile
INSTALL.md
INSTALL.multitenancy.md
MIGRATION_ISSUES
SECURITY.md
app/controllers/admin/admin_panel_controller.rb
app/controllers/admin/region_validators_controller.rb
app/controllers/admin/users_controller.rb
app/controllers/application_controller.rb
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile/friends_controller.rb
app/controllers/my_profile/memberships_controller.rb
app/controllers/my_profile/profile_editor_controller.rb
app/controllers/my_profile/profile_members_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/chat_controller.rb
app/controllers/public/contact_controller.rb
app/controllers/public/events_controller.rb
app/controllers/public/home_controller.rb
app/controllers/public/invite_controller.rb
 source "https://rubygems.org"
-gem 'rails',                    '~> 3.2.19'
+gem 'rails',                    '~> 3.2.21'
+gem 'minitest',                 '~> 3.2.0'
 gem 'fast_gettext',             '~> 0.6.8'
-gem 'acts-as-taggable-on',      '~> 3.0.2'
-gem 'prototype-rails',          '~> 3.2.1'
-gem 'prototype_legacy_helper',  '0.0.0', :path => 'vendor/prototype_legacy_helper'
+gem 'acts-as-taggable-on',      '~> 3.4.2'
 gem 'rails_autolink',           '~> 1.1.5'
 gem 'pg',                       '~> 0.13.2'
 gem 'rmagick',                  '~> 2.13.1'
@@ -12,16 +11,14 @@ gem &#39;will_paginate&#39;,            &#39;~&gt; 3.0.3&#39;
 gem 'ruby-feedparser',          '~> 0.7'
 gem 'daemons',                  '~> 1.1.5'
 gem 'thin',                     '~> 1.3.1'
-gem 'hpricot',                  '~> 0.8.6'
 gem 'nokogiri',                 '~> 1.5.5'
 gem 'rake', :require => false
 gem 'rest-client',              '~> 1.6.7'
 gem 'exception_notification',   '~> 4.0.1'
 gem 'gettext',                  '~> 2.2.1', :require => false, :group => :development
 gem 'locale',                   '~> 2.0.5'
-
-# FIXME list here all actual dependencies (i.e. the ones in debian/control),
-# with their GEM names (not the Debian package names)
+gem 'whenever', :require => false
+gem 'eita-jrails', '>= 0.9.5', :require => 'jrails'
 group :production do
   gem 'dalli', '~> 2.7.0'
@@ -41,6 +38,9 @@ group :cucumber do
   gem 'selenium-webdriver',     '~> 2.39.0'
 end
+# Requires custom dependencies
+eval(File.read('config/Gemfile'), binding) rescue nil
+
 # include gemfiles from enabled plugins
 # plugins in baseplugins/ are not included on purpose. They should not have any
 # dependencies.
@@ -21,7 +21,7 @@ Noosfero is written in Ruby with the &quot;[Rails framework](http://www.rubyonrails.o
 You need to install some packages Noosfero depends on. On Debian GNU/Linux or Debian-based systems, all of these packages are available through the Debian archive. You can install them with the following command:
     # apt-get install ruby rake po4a libgettext-ruby-util libgettext-ruby1.8 \
-      libsqlite3-ruby rcov librmagick-ruby libredcloth-ruby libhpricot-ruby \
+      libsqlite3-ruby rcov librmagick-ruby libredcloth-ruby \
       libwill-paginate-ruby iso-codes libfeedparser-ruby libdaemons-ruby thin \
       tango-icon-theme
@@ -40,7 +40,6 @@ On other systems, they may or may not be available through your regular package 
 * Daemons - http://daemons.rubyforge.org
 * Thin: http://code.macournoyer.com/thin
 * tango-icon-theme: http://tango.freedesktop.org/Tango_Icon_Library
-* Hpricot: http://hpricot.com
 If you manage to install Noosfero successfully on other systems than Debian,
 please feel free to contact the Noosfero development mailing with the
@@ -26,7 +26,7 @@ The file config/database.yml must follow a structure in order to achieve multite
 Each "hosted" environment must have an entry like this:
-    env1_production:
+    env1_production: &DEFAULT
       adapter: postgresql
       encoding: unicode
       database: noosfero
@@ -61,7 +61,7 @@ The &quot;hosted&quot; environments define, besides the `schema_search_path`, a list of do
 You must also tell the application which is the default environment.
     production:
-      env1_production
+      <<: *DEFAULT
 On the example above there are only three hosted environments, but it can be more than three. The schemas `env2` and `env3` must already exist in the same database of the hosting environment. As postgres user, you can create them typing:
@@ -1,41 +0,0 @@
-* ruby-get-text incmopatible with rails3. Maybe we can use it's gem
-
-* all js code is inside miscellaneous.js. Would be nice to refactor this
-
-* rails 2 uses prototype instead of jquery
-
-* config/environment.rb maybe still have some code that should be on the initializers
-
-* initializers session_store.rb inflections.rb... don't exist
-
-* rails gems version have to be forced on Gemfile or it will use incompatible pre3vious versions (3.1.3)
-
-* Sweepers are now natively supported on Rails 3. Would be nice to refactor it
-
-* On Rails 3 it is no more possible to add allowed tags to avoid scape. The html_safe initializer is an option.
-
-* error when call sqlite_extensiosn
-
-* error related to action_tracker
-
-* check FIXME's in script/quick-start
-
-* check FIXME's in Gemfile
-
-* Check the FIXME in config/routes.rb
-
-* rewrite conditional routing. See FIXME in lib/route_if.rb and re-implement using the Rails 3 mechanism - http://guides.rubyonrails.org/routing.html#advanced-constraints
-
-* check FIXME's in config/environment.rb
-
-* xss_terminate sucks. We should replace it with the builtin mechanism in Rails 3
-
-* instance_eval on Ruby 1.9 yields self, so lambdas that are passed to instance_eval and do not accept exactly 1 argument will blow up. See http://www.ruby-forum.com/topic/213313 ... search for instance_eval and fix where necessary. In special, most of the blocks still need fixing.
-
-* all instances of <% *_form_for ... %> must be changed to <%= instead of <%
-
-* all ActiveRecord models have to declare explicitly which attributes must be allowed for mass assignment with attr_accessible.
-
-* check if we need to update config/locales/*
-
-* check observe_field and labelled_form_for in app/helpers/application_helper.rb
@@ -0,0 +1,10 @@
+# Noosfero security
+
+## Reporting security issues in Noosfero
+
+Security vulnerabilities should be reported via an email to
+noosfero-security@listas.softwarelivre.org, which ia a private mailing list.
+Reported problems will be published after fixes are available.
+
+The members of the mailing list are people who provide Noosfero (Noosfero
+committers, mainly).
@@ -87,6 +87,6 @@ class AdminPanelController &lt; AdminController
     scope = scope.order('name ASC')
     @q = params[:q]
-    @collection = find_by_contents(:organizations, scope, @q, {:per_page => 10, :page => params[:npage]})[:results]
+    @collection = find_by_contents(:organizations, environment, scope, @q, {:per_page => 10, :page => params[:npage]})[:results]
   end
 end
@@ -33,7 +33,7 @@ class RegionValidatorsController &lt; AdminController
   def load_region_and_search
     @region = environment.regions.find(params[:id])
     if params[:search]
-      @search = find_by_contents(:organizations, Organization, params[:search])[:results].reject {|item| @region.validator_ids.include?(item.id) }
+      @search = find_by_contents(:organizations, environment, Organization, params[:search])[:results].reject {|item| @region.validator_ids.include?(item.id) }
     end
   end
@@ -18,7 +18,7 @@ class UsersController &lt; AdminController
     end
     scope = scope.order('name ASC')
     @q = params[:q]
-    @collection = find_by_contents(:people, scope, @q, {:per_page => per_page, :page => params[:npage]})[:results]
+    @collection = find_by_contents(:people, environment, scope, @q, {:per_page => per_page, :page => params[:npage]})[:results]
   end
   def set_admin_role
@@ -28,6 +28,7 @@ class ApplicationController &lt; ActionController::Base
       unless environment.access_control_allow_methods.blank?
         response.headers["Access-Control-Allow-Methods"] = environment.access_control_allow_methods
       end
+      response.headers["Access-Control-Allow-Credentials"] = 'true'
     elsif environment.restrict_to_access_control_origins
       render_access_denied _('Origin not in allowed.')
     end
@@ -59,15 +60,7 @@ class ApplicationController &lt; ActionController::Base
   helper :document
   helper :language
-  def self.no_design_blocks
-    @no_design_blocks = true
-  end
-  def self.uses_design_blocks?
-    !@no_design_blocks
-  end
-  def uses_design_blocks?
-    !@no_design_blocks && self.class.uses_design_blocks?
-  end
+  include DesignHelper
   # Be sure to include AuthenticationSystem in Application Controller instead
   include AuthenticatedSystem
@@ -183,21 +176,19 @@ class ApplicationController &lt; ActionController::Base
     end
   end
-  def find_by_contents(asset, scope, query, paginate_options={:page => 1}, options={})
-    plugins.dispatch_first(:find_by_contents, asset, scope, query, paginate_options, options) ||
-    fallback_find_by_contents(asset, scope, query, paginate_options, options)
-  end
+  include SearchTermHelper
-  private
+  def find_by_contents(asset, context, scope, query, paginate_options={:page => 1}, options={})
+    search = plugins.dispatch_first(:find_by_contents, asset, scope, query, paginate_options, options)
+    register_search_term(query, scope.count, search[:results].count, context, asset)
+    search
+  end
-  def fallback_find_by_contents(asset, scope, query, paginate_options, options)
-    scope = scope.like_search(query) unless query.blank?
-    scope = scope.send(options[:filter]) unless options[:filter].blank?
-    {:results => scope.paginate(paginate_options)}
+  def find_suggestions(query, context, asset, options={})
+    plugins.dispatch_first(:find_suggestions, query, context, asset, options)
   end
   def private_environment?
     @environment.enabled?(:restrict_to_members)
   end
-
 end
@@ -23,6 +23,9 @@ class CmsController &lt; MyProfileController
   end
   before_filter :login_required, :except => [:suggest_an_article]
+  before_filter :load_recent_files, :only => [:new, :edit]
+
+  helper_method :file_types
   protect_if :only => :upload_files do |c, user, profile|
     article_id = c.params[:parent_id]
@@ -30,7 +33,7 @@ class CmsController &lt; MyProfileController
     (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
   end
-  protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new] do |c, user, profile|
+  protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :publish_on_portal_community, :publish_on_communities, :search_communities_to_publish, :upload_files, :new] do |c, user, profile|
     user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))
   end
@@ -40,7 +43,7 @@ class CmsController &lt; MyProfileController
     (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
   end
-  protect_if :only => [:destroy, :publish] do |c, user, profile|
+  protect_if :only => :destroy do |c, user, profile|
     profile.articles.find(c.params[:id]).allow_post_content?(user)
   end
@@ -117,7 +120,7 @@ class CmsController &lt; MyProfileController
     @success_back_to = params[:success_back_to]
     # user must choose an article type first
-    @parent = profile.articles.find(params[:parent_id]) if params && params[:parent_id]
+    @parent = profile.articles.find(params[:parent_id]) if params && params[:parent_id].present?
     record_coming
     @type = params[:type]
     if @type.blank?
@@ -163,7 +166,10 @@ class CmsController &lt; MyProfileController
         if continue
           redirect_to :action => 'edit', :id => @article
         else
-          success_redirect
+          respond_to do |format|
+            format.html { success_redirect }
+            format.json { render :text => {:id => @article.id, :full_name => profile.identifier + '/' + @article.full_name}.to_json }
+          end
         end
         return
       end
@@ -256,28 +262,53 @@ class CmsController &lt; MyProfileController
     render :template => 'shared/update_categories', :locals => { :category => @current_category, :object_name => 'article' }
   end
+  def search_communities_to_publish
+    render :text => find_by_contents(:profiles, environment, user.memberships, params['q'], {:page => 1}, {:fields => ['name']})[:results].map {|community| {:id => community.id, :name => community.name} }.to_json
+  end
+
   def publish
     @article = profile.articles.find(params[:id])
     record_coming
-    @groups = profile.memberships - [profile]
-    @marked_groups = []
-    groups_ids = profile.memberships.map{|m|m.id.to_s}
-    @marked_groups = params[:marked_groups].map do |key, item|
-      if groups_ids.include?(item[:group_id])
-        item.merge :group => Profile.find(item.delete(:group_id))
+    @failed = {}
+    if request.post?
+      article_name = params[:name]
+      task = ApproveArticle.create!(:article => @article, :name => article_name, :target => user, :requestor => user)
+      begin
+        task.finish
+      rescue Exception => ex
+         @failed[ex.message] ? @failed[ex.message] << @article.name : @failed[ex.message] = [@article.name]
+         task.cancel
+      end
+      if @failed.blank?
+        session[:notice] = _("Your publish request was sent successfully")
+        if @back_to
+          redirect_to @back_to
+        else
+          redirect_to @article.view_url
+        end
       end
-    end.compact unless params[:marked_groups].nil?
+    end
+  end
+
+  def publish_on_communities
     if request.post?
+      @back_to = params[:back_to]
+      @article = profile.articles.find(params[:id])
       @failed = {}
+      article_name = params[:name]
+      params_marked = (params['q'] || '').split(',').select { |marked| user.memberships.map(&:id).include? marked.to_i }
+      @marked_groups = Profile.find(params_marked)
       if @marked_groups.empty?
+        redirect_to @back_to
         return session[:notice] = _("Select some group to publish your article")
       end
       @marked_groups.each do |item|
-        task = ApproveArticle.create!(:article => @article, :name => item[:name], :target => item[:group], :requestor => profile)
+        task = ApproveArticle.create!(:article => @article, :name => article_name, :target => item, :requestor => user)
         begin
-          task.finish unless item[:group].moderated_articles?
+          task.finish unless item.moderated_articles?
         rescue Exception => ex
-          @failed[ex.message] ? @failed[ex.message] << item[:group].name : @failed[ex.message] = [item[:group].name]
+           @failed[ex.message] ? @failed[ex.message] << item.name : @failed[ex.message] = [item.name]
+           task.cancel
         end
       end
       if @failed.blank?
@@ -287,23 +318,27 @@ class CmsController &lt; MyProfileController
         else
           redirect_to @article.view_url
         end
+      else
+        session[:notice] = _("Some of your publish requests couldn't be sent.")
+        render :action => 'publish'
       end
     end
   end
   def publish_on_portal_community
-    @article = profile.articles.find(params[:id])
     if request.post?
-      if environment.portal_community
+      @article = profile.articles.find(params[:id])
+      if environment.portal_enabled
         task = ApproveArticle.create!(:article => @article, :name => params[:name], :target => environment.portal_community, :requestor => user)
         begin
           task.finish unless environment.portal_community.moderated_articles?
-          flash[:notice] = _("Your publish request was sent successfully")
+          session[:notice] = _("Your publish request was sent successfully")
         rescue
-          flash[:error] = _("Your publish request couldn't be sent.")
+          session[:notice] = _("Your publish request couldn't be sent.")
+          task.cancel
         end
       else
-        flash[:notice] = _("There is no portal community to publish your article.")
+        session[:notice] = _("There is no portal community to publish your article.")
       end
       if @back_to
@@ -331,7 +366,7 @@ class CmsController &lt; MyProfileController
   def search
     query = params[:q]
-    results = find_by_contents(:uploaded_files, profile.files.published, query)[:results]
+    results = find_by_contents(:uploaded_files, profile, profile.files.published, query)[:results]
     render :text => article_list_to_json(results), :content_type => 'application/json'
   end
@@ -342,15 +377,26 @@ class CmsController &lt; MyProfileController
   end
   def media_upload
-    files_uploaded = []
     parent = check_parent(params[:parent_id])
-    files = [:file1,:file2, :file3].map { |f| params[f] }.compact
     if request.post?
-      files.each do |file|
-        files_uploaded << UploadedFile.create(:uploaded_data => file, :profile => profile, :parent => parent) unless file == ''
+      begin
+        @file = UploadedFile.create!(:uploaded_data => params[:file], :profile => profile, :parent => parent) unless params[:file] == ''
+        @file = FilePresenter.for(@file)
+      rescue Exception => exception
+        render :text => exception.to_s, :status => :bad_request
       end
     end
-    render :text => article_list_to_json(files_uploaded), :content_type => 'text/plain'
+  end
+
+  def published_media_items
+    load_recent_files(params[:parent_id], params[:q])
+    render :partial => 'published_media_items'
+  end
+
+  def view_all_media
+    paginate_options = {:page => params[:page].blank? ? 1 : params[:page] }
+    @key = params[:key].to_sym
+    load_recent_files(params[:parent_id], params[:q], paginate_options)
   end
   protected
@@ -445,4 +491,36 @@ class CmsController &lt; MyProfileController
     end
   end
+  def file_types
+    {:images => _('Images'), :generics => _('Files')}
+  end
+
+  def load_recent_files(parent_id = nil, q = nil, paginate_options = {:page => 1, :per_page => 6})
+    #TODO Since we only have special support for images, I'm limiting myself to
+    #     consider generic files as non-images. In the future, with more supported
+    #     file types we'll need to have a smart way to fetch from the database
+    #     scopes of each supported type as well as the non-supported types as a
+    #     whole.
+    @recent_files = {}
+
+    parent = parent_id.present? ? profile.articles.find(parent_id) : nil
+    if parent.present?
+      files = parent.children.files
+    else
+      files = profile.files
+    end
+
+    files = files.reorder('created_at DESC')
+    images = files.images
+    generics = files.no_images
+
+    if q.present?
+      @recent_files[:images] = find_by_contents(:images, profile, images, q, paginate_options)[:results]
+      @recent_files[:generics] = find_by_contents(:generics, profile, generics, q, paginate_options)[:results]
+    else
+      @recent_files[:images] = images.paginate(paginate_options)
+      @recent_files[:generics] = generics.paginate(paginate_options)
+    end
+  end
+
 end
@@ -3,6 +3,7 @@ class FriendsController &lt; MyProfileController
   protect 'manage_friends', :profile
   def index
+    @suggestions = profile.profile_suggestions.of_person.enabled.includes(:suggestion).limit(per_page)
     if is_cache_expired?(profile.manage_friends_cache_key(params))
       @friends = profile.friends.paginate(:per_page => per_page, :page => params[:npage])
     end
@@ -16,6 +17,30 @@ class FriendsController &lt; MyProfileController
     end
   end
+  def suggest
+    @suggestions = profile.profile_suggestions.of_person.enabled.includes(:suggestion).limit(per_page)
+  end
+
+  def remove_suggestion
+    @person = profile.suggested_people.find_by_identifier(params[:id])
+    redirect_to :action => 'suggest' unless @person
+    if @person && request.post?
+      profile.remove_suggestion(@person)
+      @suggestions = profile.profile_suggestions.of_person.enabled.includes(:suggestion).limit(per_page)
+      render :partial => 'shared/profile_suggestions_list', :locals => { :suggestions => @suggestions, :collection => :friends_suggestions, :per_page => params[:per_page] || per_page }
+    end
+  end
+
+  def connections
+    @suggestion = profile.profile_suggestions.of_person.enabled.find_by_suggestion_id(params[:id])
+    if @suggestion
+      @tags = @suggestion.tag_connections
+      @profiles = @suggestion.profile_connections
+    else
+      redirect_to :action => 'suggest'
+    end
+  end
+
   protected
   class << self
@@ -20,12 +20,54 @@ class MembershipsController &lt; MyProfileController
     @community.environment = environment
     @back_to = params[:back_to] || url_for(:action => 'index')
     if request.post? && @community.valid?
-      @community = Community.create_after_moderation(user, params[:community].merge({:environment => environment}))
-      if @community.new_record?
+      begin
+        # Community was created
+        @community = Community.create_after_moderation(user, params[:community].merge({:environment => environment}))
+        @community.reload
+        redirect_to :action => 'welcome', :community_id => @community.id, :back_to => @back_to
+      rescue ActiveRecord::RecordNotFound
+        # Community pending approval
         session[:notice] = _('Your new community creation request will be evaluated by an administrator. You will be notified.')
+        redirect_to @back_to
       end
-      redirect_to @back_to
       return
     end
   end
+
+  def welcome
+    @community = Community.find(params[:community_id])
+    @back_to = params[:back_to]
+  end
+
+  def suggest
+    @suggestions = profile.profile_suggestions.of_community.enabled.includes(:suggestion).limit(per_page)
+  end
+
+  def remove_suggestion
+    @community = profile.suggested_communities.find_by_identifier(params[:id])
+    custom_per_page = params[:per_page] || per_page
+    redirect_to :action => 'suggest' unless @community
+    if @community && request.post?
+      profile.remove_suggestion(@community)
+      @suggestions = profile.profile_suggestions.of_community.enabled.includes(:suggestion).limit(custom_per_page)
+      render :partial => 'shared/profile_suggestions_list', :locals => { :suggestions => @suggestions, :collection => :communities_suggestions, :per_page => custom_per_page}
+    end
+  end
+
+  def connections
+    @suggestion = profile.profile_suggestions.of_community.enabled.find_by_suggestion_id(params[:id])
+    if @suggestion
+      @tags = @suggestion.tag_connections
+      @profiles = @suggestion.profile_connections
+    else
+      redirect_to :action => 'suggest'
+    end
+  end
+
+  protected
+
+  def per_page
+    12
+  end
+
 end
@@ -3,6 +3,10 @@ class ProfileEditorController &lt; MyProfileController
   protect 'edit_profile', :profile, :except => [:destroy_profile]
   protect 'destroy_profile', :profile, :only => [:destroy_profile]
+  before_filter :access_welcome_page, :only => [:welcome_page]
+  before_filter :back_to
+  helper_method :has_welcome_page
+
   def index
     @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)}
   end
@@ -85,6 +89,21 @@ class ProfileEditorController &lt; MyProfileController
     end
   end
+  def welcome_page
+    @welcome_page = profile.welcome_page || TinyMceArticle.new(:name => 'Welcome Page', :profile => profile, :published => false)
+    if request.post?
+      begin
+        @welcome_page.update_attributes!(params[:welcome_page])
+        profile.welcome_page = @welcome_page
+        profile.save!
+        session[:notice] = _('Welcome page saved successfully.')
+        redirect_to :action => 'index'
+      rescue Exception => exception
+        session[:notice] = _('Welcome page could not be saved.')
+      end
+    end
+  end
+
   def deactivate_profile
     if environment.admins.include?(current_person)
       profile = environment.profiles.find(params[:id])
@@ -116,9 +135,24 @@ class ProfileEditorController &lt; MyProfileController
   protected
   def redirect_to_previous_location
-    back = request.referer
-    back = "/" if back.nil?
+    redirect_to @back_to
+  end
-    redirect_to back
+  #TODO Consider using this as a general controller feature to be available on every action.
+  def back_to
+    @back_to = params[:back_to] || request.referer || "/"
   end
+
+  private
+
+  def has_welcome_page
+    profile.is_template
+  end
+
+  def access_welcome_page
+    unless has_welcome_page
+      render_access_denied
+    end
+  end
+
 end
@@ -20,7 +20,7 @@ class ProfileMembersController &lt; MyProfileController
         redirect_to :action => :last_admin
       elsif @person.define_roles(@roles, profile)
         session[:notice] = _('Roles successfuly updated')
-        redirect_to :controller => 'profile_editor'
+        redirect_to :action => 'index'
       else
         session[:notice] = _('Couldn\'t change the roles')
         redirect_to :action => 'index'
@@ -82,10 +82,12 @@ class AccountController &lt; ApplicationController
     if @plugins.dispatch(:allow_user_registration).include?(false)
       redirect_back_or_default(:controller => 'home')
       session[:notice] = _("This environment doesn't allow user registration.")
+      return
     end
     store_location(request.referer) unless params[:return_to] or session[:return_to]
+    # Tranforming to boolean
     @block_bot = !!session[:may_be_a_bot]
     @invitation_code = params[:invitation_code]
     begin
@@ -129,8 +131,8 @@ class AccountController &lt; ApplicationController
             check_join_in_community(@user)
             go_to_signup_initial_page
           else
+            redirect_to :controller => :home, :action => :welcome, :template_id => (@user.person.template && @user.person.template.id)
             session[:notice] = _('Thanks for registering!')
-            @register_pending = true
           end
         end
       end
@@ -461,6 +463,8 @@ class AccountController &lt; ApplicationController
         redirect_to user.url
       when 'user_control_panel'
         redirect_to user.admin_url
+      when 'welcome_page'
+        redirect_to :controller => :home, :action => :welcome, :template_id => (user.template && user.template.id)
     else
       redirect_back_or_default(default)
     end
@@ -6,6 +6,7 @@ class ChatController &lt; PublicController
   def start_session
     login = user.jid
     password = current_user.crypted_password
+    session[:chat] ||= {:rooms => []}
     begin
       jid, sid, rid = RubyBOSH.initialize_session(login, password, "http://#{environment.default_hostname}/http-bind",
                                                   :wait => 30, :hold => 1, :window => 5)
@@ -16,6 +17,31 @@ class ChatController &lt; PublicController
     end
   end
+  def toggle
+    session[:chat][:status] = session[:chat][:status] == 'opened' ? 'closed' : 'opened'
+    render :nothing => true
+  end
+
+  def tab
+    session[:chat][:tab_id] = params[:tab_id]
+    render :nothing => true
+  end
+
+  def join
+    session[:chat][:rooms] << params[:room_id]
+    session[:chat][:rooms].uniq!
+    render :nothing => true
+  end
+
+  def leave
+    session[:chat][:rooms].delete(params[:room_id])
+    render :nothing => true
+  end
+
+  def my_session
+    render :text => session[:chat].to_json, :layout => false
+  end
+
   def avatar
     profile = environment.profiles.find_by_identifier(params[:id])
     filename, mimetype = profile_icon(profile, :minor, true)
@@ -28,15 +54,6 @@ class ChatController &lt; PublicController
     end
   end
-  def index
-    presence = current_user.last_chat_status
-    if presence.blank? or presence == 'chat'
-      render :action => 'auto_connect_online'
-    else
-      render :action => 'auto_connect_busy'
-    end
-  end
-
   def update_presence_status
     if request.xhr?
       current_user.update_attributes({:chat_status_at => DateTime.now}.merge(params[:status] || {}))
@@ -44,6 +61,44 @@ class ChatController &lt; PublicController
     render :nothing => true
   end
+  def save_message
+    to = environment.profiles.find_by_identifier(params[:to])
+    body = params[:body]
+
+    ChatMessage.create!(:to => to, :from => user, :body => body)
+    render :text => 'ok'
+  end
+
+  def recent_messages
+    other = environment.profiles.find_by_identifier(params[:identifier])
+    if other.kind_of?(Organization)
+      messages = ChatMessage.where('to_id=:other', :other => other.id)
+    else
+      messages = ChatMessage.where('(to_id=:other and from_id=:me) or (to_id=:me and from_id=:other)', {:me => user.id, :other => other.id})
+    end
+
+    messages = messages.order('created_at DESC').includes(:to, :from).offset(params[:offset]).limit(20)
+    messages_json = messages.map do |message|
+      {
+        :body => message.body,
+        :to => {:id => message.to.identifier, :name => message.to.name},
+        :from => {:id => message.from.identifier, :name => message.from.name},
+        :created_at => message.created_at
+      }
+    end
+    render :json => messages_json.reverse
+  end
+
+  def recent_conversations
+    conversations_order = ActiveRecord::Base.connection.execute("select profiles.identifier from profiles inner join (select distinct r.id as id, MAX(r.created_at) as created_at from (select from_id, to_id, created_at, (case when from_id=#{user.id} then to_id else from_id end) as id from chat_messages where from_id=#{user.id} or to_id=#{user.id}) as r group by id order by created_at desc, id) as t on profiles.id=t.id order by t.created_at desc").entries.map {|e| e['identifier']}
+    render :json => {:order => conversations_order.reverse, :domain => environment.default_hostname.gsub('.','-')}.to_json
+  end
+
+  #TODO Ideally this is done through roster table on ejabberd.
+  def roster_groups
+    render :text => user.memberships.map {|m| {:jid => m.jid, :name => m.name}}.to_json
+  end
+
   protected
   def check_environment_feature
 class ContactController < PublicController
-  before_filter :login_required
-
   needs_profile
+  before_filter :allow_access_to_page
   def new
-    @contact
+    @contact = build_contact
     if request.post? && params[:confirm] == 'true'
-      @contact = user.build_contact(profile, params[:contact])
       @contact.city = (!params[:city].blank? && City.exists?(params[:city])) ? City.find(params[:city]).name : nil
       @contact.state = (!params[:state].blank? && State.exists?(params[:state])) ? State.find(params[:state]).name : nil
       if @contact.deliver
@@ -16,8 +14,17 @@ class ContactController &lt; PublicController
       else
         session[:notice] = _('Contact not sent')
       end
+    end
+  end
+
+  protected
+
+  def build_contact
+    params[:contact] ||= {}
+    if logged_in?
+      user.build_contact profile, params[:contact]
     else
-      @contact = user.build_contact(profile)
+      Contact.new params[:contact].merge(dest: profile)
     end
   end
 class EventsController < PublicController
   needs_profile
+  before_filter :allow_access_to_page
   def events
     @events = []
@@ -2,13 +2,13 @@ class HomeController &lt; PublicController
   def index
     @has_news = false
-    if environment.enabled?('use_portal_community') && environment.portal_community
+    if environment.portal_enabled
       @has_news = true
       @news_cache_key = environment.portal_news_cache_key(FastGettext.locale)
       if !read_fragment(@news_cache_key)
         portal_community = environment.portal_community
-        @highlighted_news = portal_community.news(2, true)
-        @portal_news = portal_community.news(7, true) - @highlighted_news
+        @highlighted_news = portal_community.news(environment.highlighted_news_amount, true)
+        @portal_news = portal_community.news(environment.portal_news_amount, true).offset(environment.highlighted_news_amount)
         @area_news = environment.portal_folders
       end
     end
@@ -18,4 +18,10 @@ class HomeController &lt; PublicController
     @no_design_blocks = true
   end
+  def welcome
+    @no_design_blocks = true
+    @display_confirmation_tips = !user.present? && !environment.enabled?(:skip_new_user_email_confirmation)
+    @person_template = user && user.template || params[:template_id] && Person.find(params[:template_id])
+  end
+
 end
@@ -4,8 +4,15 @@ class InviteController &lt; PublicController
   before_filter :login_required
   before_filter :check_permissions_to_invite
-  def select_address_book
+  def invite_friends
     @import_from = params[:import_from] || "manual"
+    @mail_template = params[:mail_template] || environment.invitation_mail_template(profile)
+
+    labels = Profile::SEARCHABLE_FIELDS.except(:nickname).merge(User::SEARCHABLE_FIELDS).map { |name,info| info[:label].downcase }
+    last = labels.pop
+    label = labels.join(', ')
+    @search_fields = "#{label} #{_('or')} #{last}"
+
     if request.post?
       contact_list = ContactList.create
       Delayed::Job.enqueue GetEmailContactsJob.new(@import_from, params[:login], params[:password], contact_list.id) if @import_from != 'manual'
@@ -22,7 +29,7 @@ class InviteController &lt; PublicController
       webmail_import_addresses = params[:webmail_import_addresses]
       contacts_to_invite = Invitation.join_contacts(manual_import_addresses, webmail_import_addresses)
       if !contacts_to_invite.empty?
-        Delayed::Job.enqueue InvitationJob.new(current_user.person.id, contacts_to_invite, params[:mail_template], profile.id, @contact_list.id, locale)
+        Delayed::Job.enqueue InvitationJob.new(user.id, contacts_to_invite, params[:mail_template], profile.id, @contact_list.id, locale)
         session[:notice] = _('Your invitations are being sent.')
         if profile.person?
           redirect_to :controller => 'profile', :action => 'friends'
@@ -52,16 +59,36 @@ class InviteController &lt; PublicController
   def cancel_fetching_emails
     contact_list = ContactList.find(params[:contact_list])
     contact_list.destroy
-    redirect_to :action => 'select_address_book'
+    redirect_to :action => 'invite_friends'
+  end
+
+  def invite_registered_friend
+    contacts_to_invite = params['q'].split(',')
+    if !contacts_to_invite.empty? && request.post?
+      Delayed::Job.enqueue InvitationJob.new(user.id, contacts_to_invite, '', profile.id, nil, locale)
+      session[:notice] = _('Your invitations are being sent.')
+      if profile.person?
+        redirect_to :controller => 'profile', :action => 'friends'
+      else
+        redirect_to :controller => 'profile', :action => 'members'
+      end
+    else
+      redirect_to :action => 'invite_friends'
+      session[:notice] = _('Please enter a valid profile.')
+    end
+  end
+
+  def search
+    scope = profile.invite_friends_only ? user.friends : environment.people
+    scope = scope.not_members_of(profile) if profile.organization?
+    scope = scope.not_friends_of(profile) if profile.person?
+    results = find_by_contents(:people, environment, scope, params['q'], {:page => 1}, {:joins => :user})[:results]
+    render :text => prepare_to_token_input(results).to_json
   end
   protected
   def check_permissions_to_invite
-    if profile.person? and !current_user.person.has_permission?(:manage_friends, profile) or
-      profile.community? and !current_user.person.has_permission?(:invite_members, profile)
-      render_access_denied
-    end
+    render_access_denied if !profile.allow_invitation_from?(user)
   end
-
 end
@@ -16,13 +16,7 @@ class ProfileController &lt; PublicController
       @activities = @profile.activities.paginate(:per_page => 15, :page => params[:page])
     end
     @tags = profile.article_tags
-    unless profile.display_info_to?(user)
-      if profile.visible?
-        private_profile
-      else
-        invisible_profile
-      end
-    end
+    allow_access_to_page
   end
   def tags
@@ -396,17 +390,6 @@ class ProfileController &lt; PublicController
     end
   end
-  def private_profile
-    private_profile_partial_parameters
-    render :action => 'index', :status => 403
-  end
-
-  def invisible_profile
-    unless profile.is_template?
-      render_access_denied(_("This profile is inaccessible. You don't have the permission to view the content here."), _("Oops ... you cannot go ahead here"))
-    end
-  end
-
   def per_page
     Noosfero::Constants::PROFILE_PER_PAGE
   end
@@ -9,9 +9,12 @@ class ProfileSearchController &lt; PublicController
     @q = params[:q]
     unless @q.blank?
       if params[:where] == 'environment'
-        redirect_to :controller => 'search', :query => @q
+        # user is using global search, redirects to the search controller with
+        # the query
+        search_path = url_for(:controller => 'search', :query => @q)
+        request.xhr? ? render(:js => "window.location.href = #{search_path.to_json}") : redirect_to(search_path)
       else
-        @results = find_by_contents(:articles, profile.articles.published, @q, {:per_page => 10, :page => params[:page]})[:results]
+        @results = find_by_contents(:articles, profile, profile.articles.published, @q, {:per_page => 10, :page => params[:page]})[:results]
       end
     end
   end
@@ -4,11 +4,11 @@ class SearchController &lt; PublicController
   include SearchHelper
   include ActionView::Helpers::NumberHelper
-  before_filter :redirect_asset_param, :except => :assets
-  before_filter :load_category
-  before_filter :load_search_assets
-  before_filter :load_query
-  before_filter :load_filter
+  before_filter :redirect_asset_param, :except => [:assets, :suggestions]
+  before_filter :load_category, :except => :suggestions
+  before_filter :load_search_assets, :except => :suggestions
+  before_filter :load_query, :except => :suggestions
+  before_filter :load_order, :except => :suggestions
   # Backwards compatibility with old URLs
   def redirect_asset_param
@@ -20,7 +20,7 @@ class SearchController &lt; PublicController
   def index
     @searches = {}
-    @order = []
+    @assets = []
     @names = {}
     @results_only = true
@@ -28,7 +28,7 @@ class SearchController &lt; PublicController
       load_query
       @asset = key
       send(key)
-      @order << key
+      @assets << key
       @names[key] = _(description)
     end
     @asset = nil
@@ -42,7 +42,7 @@ class SearchController &lt; PublicController
   # view the summary of one category
   def category_index
     @searches = {}
-    @order = []
+    @assets = []
     @names = {}
     limit = MULTIPLE_SEARCH_LIMIT
     [
@@ -53,7 +53,7 @@ class SearchController &lt; PublicController
       [ :communities, _('Communities'), :recent_communities ],
       [ :articles, _('Contents'), :recent_articles ]
     ].each do |asset, name, filter|
-      @order << asset
+      @assets << asset
       @searches[asset]= {:results => @category.send(filter, limit)}
       raise "No total_entries for: #{asset}" unless @searches[asset][:results].respond_to?(:total_entries)
       @names[asset] = name
@@ -147,12 +147,16 @@ class SearchController &lt; PublicController
     render :partial => 'events/events'
   end
+  def suggestions
+    render :text => find_suggestions(normalize_term(params[:term]), environment, params[:asset]).to_json
+  end
+
   #######################################################
   protected
   def load_query
     @asset = (params[:asset] || params[:action]).to_sym
-    @order ||= [@asset]
+    @assets ||= [@asset]
     @searches ||= {}
     @query = params[:query] || ''
@@ -173,13 +177,22 @@ class SearchController &lt; PublicController
     end
   end
+  AVAILABLE_SEARCHES = ActiveSupport::OrderedHash[
+    :articles, _('Contents'),
+    :people, _('People'),
+    :communities, _('Communities'),
+    :enterprises, _('Enterprises'),
+    :products, _('Products and Services'),
+    :events, _('Events'),
+  ]
+
   def load_search_assets
-    if SEARCHES.keys.include?(params[:action].to_sym) && environment.enabled?("disable_asset_#{params[:action]}")
+    if AVAILABLE_SEARCHES.keys.include?(params[:action].to_sym) && environment.enabled?("disable_asset_#{params[:action]}")
       render_not_found
       return
     end
-    @enabled_searches = SEARCHES.select {|key, name| environment.disabled?("disable_asset_#{key}") }
+    @enabled_searches = AVAILABLE_SEARCHES.select {|key, name| environment.disabled?("disable_asset_#{key}") }
     @searching = {}
     @titles = {}
     @enabled_searches.each do |key, name|
@@ -189,11 +202,11 @@ class SearchController &lt; PublicController
     @names = @titles if @names.nil?
   end
-  def load_filter
-    @filter = 'more_recent'
-    if SEARCHES.keys.include?(@asset.to_sym)
-      available_filters = asset_class(@asset)::SEARCH_FILTERS
-      @filter = params[:filter] if available_filters.include?(params[:filter])
+  def load_order
+    @order = 'more_recent'
+    if AVAILABLE_SEARCHES.keys.include?(@asset.to_sym)
+      available_orders = asset_class(@asset)::SEARCH_FILTERS[:order]
+      @order = params[:order] if available_orders.include?(params[:order])
     end
   end
@@ -217,7 +230,7 @@ class SearchController &lt; PublicController
   end
   def full_text_search
-    @searches[@asset] = find_by_contents(@asset, @scope, @query, paginate_options, {:category => @category, :filter => @filter})
+    @searches[@asset] = find_by_contents(@asset, environment, @scope, @query, paginate_options, {:category => @category, :filter => @order})
   end
   private
@@ -232,4 +245,14 @@ class SearchController &lt; PublicController
     20
   end
+  def available_assets
+    assets = ActiveSupport::OrderedHash[
+      :articles, _('Contents'),
+      :enterprises, _('Enterprises'),
+      :people, _('People'),
+      :communities, _('Communities'),
+      :products, _('Products and Services'),
+    ]
+  end
+
 end
 class PublicController < ApplicationController
+  protected
+
+  def allow_access_to_page
+    unless profile.display_info_to?(user)
+      if profile.visible?
+        private_profile
+      else
+        invisible_profile
+      end
+    end
+  end
+
+  def private_profile
+    private_profile_partial_parameters
+    render :template => 'profile/_private_profile', :status => 403, :formats => [:html]
+  end
+
+  def invisible_profile
+    unless profile.is_template?
+      render_access_denied(_("This profile is inaccessible. You don't have the permission to view the content here."), _("Oops ... you cannot go ahead here"))
+    end
+  end
 end
@@ -8,11 +8,7 @@ module ApplicationHelper
   include PermissionNameHelper
-  include LightboxHelper
-
-  include ThickboxHelper
-
-  include ColorboxHelper
+  include ModalHelper
   include BoxesHelper
@@ -46,6 +42,8 @@ module ApplicationHelper
   include CatalogHelper
+  include PluginsHelper
+
   def locale
     (@page && !@page.language.blank?) ? @page.language : FastGettext.locale
   end
@@ -594,7 +592,7 @@ module ApplicationHelper
     extra_info = extra_info.nil? ? '' : content_tag( 'span', extra_info, :class => 'extra_info' )
     links = links_for_balloon(profile)
     content_tag('div', content_tag(tag,
-                                   (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ? link_to( content_tag( 'span', _('Profile links')), '#', :onclick => "toggleSubmenu(this, '#{profile.short_name}', #{CGI::escapeHTML(links.to_json)}); return false", :class => "menu-submenu-trigger #{trigger_class}", :url => url) : "") +
+                                   (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ? popover_menu(_('Profile links'),profile.short_name,links,{:class => trigger_class, :url => url}) : "") +
     link_to(
       content_tag( 'span', profile_image( profile, size ), :class => 'profile-image' ) +
       content_tag( 'span', h(name), :class => ( profile.class == Person ? 'fn' : 'org' ) ) +
@@ -606,6 +604,14 @@ module ApplicationHelper
       :class => 'vcard'), :class => 'common-profile-list-block')
   end
+  def popover_menu(title,menu_title,links,html_options={})
+    html_options[:class] = "" unless html_options[:class]
+    html_options[:class] << " menu-submenu-trigger"
+    html_options[:onclick] = "toggleSubmenu(this, '#{menu_title}', #{CGI::escapeHTML(links.to_json)}); return false"
+
+    link_to(content_tag(:span, title), '#', html_options)
+  end
+
   def gravatar_default
     (respond_to?(:theme_option) && theme_option.present? && theme_option['gravatar']) || NOOSFERO_CONF['gravatar'] || 'mm'
   end
@@ -649,8 +655,8 @@ module ApplicationHelper
       ' onfocus="if(this.value==\''+s+'\'){this.value=\'\'} this.form.className=\'focus-in\'"'+
       ' onblur="if(/^\s*$/.test(this.value)){this.value=\''+s+'\'} this.form.className=\'focus-out\'">'+
       '</form>'
-    else #opt == 'lightbox_link' is default
-      lightbox_link_to '<span class="icon-menu-search"></span>'+ _('Search'), {
+    else
+      modal_link_to '<span class="icon-menu-search"></span>'+ _('Search'), {
                        :controller => 'search',
                        :action => 'popup',
                        :category_path => (@category ? @category.explode_path : nil)},
@@ -720,7 +726,7 @@ module ApplicationHelper
   class NoosferoFormBuilder < ActionView::Helpers::FormBuilder
     extend ActionView::Helpers::TagHelper
-    def self.output_field(text, field_html, field_id = nil)
+    def self.output_field(text, field_html, field_id = nil, options = {})
       # try to guess an id if none given
       if field_id.nil?
         field_html =~ /id=['"]([^'"]*)['"]/
@@ -862,8 +868,9 @@ module ApplicationHelper
   end
   def base_url
-    environment.top_url
+    environment.top_url(request.scheme)
   end
+  alias :top_url :base_url
   def helper_for_article(article)
     article_helper = ActionView::Base.new
@@ -1047,11 +1054,11 @@ module ApplicationHelper
       {s_('contents|Most commented') => {:href => url_for({:controller => 'search', :action => 'contents', :filter => 'more_comments'})}}
     ]
     if logged_in?
-      links.push(_('New content') => colorbox_options({:href => url_for({:controller => 'cms', :action => 'new', :profile => current_user.login, :cms => true})}))
+      links.push(_('New content') => modal_options({:href => url_for({:controller => 'cms', :action => 'new', :profile => current_user.login, :cms => true})}))
     end
     link_to(content_tag(:span, _('Contents'), :class => 'icon-menu-articles'), {:controller => "search", :action => 'contents', :category_path => nil}, :id => 'submenu-contents') +
-    link_to(content_tag(:span, _('Contents menu')), '#', :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-contents-trigger')
+    popover_menu(_('Contents menu'),'',links,:class => 'up', :id => 'submenu-contents-trigger')
   end
   alias :browse_contents_menu :search_contents_menu
@@ -1067,7 +1074,7 @@ module ApplicationHelper
      end
     link_to(content_tag(:span, _('People'), :class => 'icon-menu-people'), {:controller => "search", :action => 'people', :category_path => ''}, :id => 'submenu-people') +
-    link_to(content_tag(:span, _('People menu')), '#', :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-people-trigger')
+    popover_menu(_('People menu'),'',links,:class => 'up', :id => 'submenu-people-trigger')
   end
   alias :browse_people_menu :search_people_menu
@@ -1083,7 +1090,7 @@ module ApplicationHelper
      end
     link_to(content_tag(:span, _('Communities'), :class => 'icon-menu-community'), {:controller => "search", :action => 'communities'}, :id => 'submenu-communities') +
-    link_to(content_tag(:span, _('Communities menu')), '#', :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-communities-trigger')
+    popover_menu(_('Communities menu'),'',links,:class => 'up', :id => 'submenu-communities-trigger')
   end
   alias :browse_communities_menu :search_communities_menu
@@ -1306,8 +1313,19 @@ module ApplicationHelper
     end
   end
-  def remove_content_button(action)
-    @plugins.dispatch("content_remove_#{action.to_s}", @page).include?(true)
+  def content_remove_spread(content)
+    !content.public? || content.folder? || (profile == user && user.communities.blank? && !environment.portal_enabled)
+  end
+
+  def remove_content_button(action, content)
+    method_name = "content_remove_#{action.to_s}"
+    plugin_condition = @plugins.dispatch(method_name, content).include?(true)
+    begin
+      core_condition = self.send(method_name, content)
+    rescue NoMethodError
+      core_condition = false
+    end
+    core_condition || plugin_condition
   end
   def template_options(kind, field_name)
@@ -1384,16 +1402,16 @@ module ApplicationHelper
   end
   def convert_macro(html, source)
-    doc = Hpricot(html)
+    doc = Nokogiri::HTML.fragment html
     #TODO This way is more efficient but do not support macro inside of
     #     macro. You must parse them from the inside-out in order to enable
     #     that.
-    doc.search('.macro').each do |macro|
+    doc.css('.macro').each do |macro|
       macro_name = macro['data-macro']
       result = @plugins.parse_macro(macro_name, macro, source)
       macro.inner_html = result.kind_of?(Proc) ? self.instance_exec(&result) : result
     end
-    doc.html
+    doc.to_html
   end
   def default_folder_for_image_upload(profile)
@@ -1410,6 +1428,43 @@ module ApplicationHelper
     content_tag('ul', article.versions.map {|v| link_to("r#{v.version}", @page.url.merge(:version => v.version))})
   end
+  def search_input_with_suggestions(name, asset, default, options = {})
+    text_field_tag name, default, options.merge({:class => 'search-input-with-suggestions', 'data-asset' => asset})
+  end
+
+  def profile_suggestion_profile_connections(suggestion)
+    profiles = suggestion.profile_connections.first(4).map do |profile|
+      link_to(profile_image(profile, :icon, :title => profile.name), profile.url, :class => 'profile-suggestion-connection-icon')
+    end
+
+    controller_target = suggestion.suggestion_type == 'Person' ? :friends : :memberships
+    profiles << link_to("<big> +#{suggestion.profile_connections.count - 4}</big>", :controller => controller_target, :action => :connections, :id => suggestion.suggestion_id) if suggestion.profile_connections.count > 4
+
+    if profiles.present?
+      content_tag(:div, profiles.join , :class => 'profile-connections')
+    else
+      ''
+    end
+  end
+
+  def profile_suggestion_tag_connections(suggestion)
+    tags = suggestion.tag_connections.first(4).map do |tag|
+      tag.name + ', '
+    end
+    last_tag = tags.pop
+    tags << last_tag.strip.chop if last_tag.present?
+    title = tags.join
+
+    controller_target = suggestion.suggestion_type == 'Person' ? :friends : :memberships
+    tags << ' ' + link_to('...', {:controller => controller_target, :action => :connections, :id => suggestion.suggestion_id}, :class => 'more-tag-connections', :title => _('See all connections')) if suggestion.tag_connections.count > 4
+
+    if tags.present?
+      content_tag(:div, tags.join, :class => 'tag-connections', :title => title)
+    else
+      ''
+    end
+  end
+
   def labelled_colorpicker_field(human_name, object_name, method, options = {})
     options[:id] ||= 'text-field-' + FormsHelper.next_id_number
     content_tag('label', human_name, :for => options[:id], :class => 'formlabel') +
 module ArticleHelper
-  include PrototypeHelper
   include TokenHelper
   def article_reported_version(article)
@@ -35,7 +34,7 @@ module ArticleHelper
         'div',
         check_box(:article, :notify_comments) +
         content_tag('label', _('I want to receive a notification of each comment written by e-mail'), :for => 'article_notify_comments') +
-        observe_field(:article_accept_comments, :function => "$('article_notify_comments').disabled = ! $('article_accept_comments').checked;$('article_moderate_comments').disabled = ! $('article_accept_comments').checked")
+        observe_field(:article_accept_comments, :function => "jQuery('#article_notify_comments')[0].disabled = ! jQuery('#article_accept_comments')[0].checked;jQuery('#article_moderate_comments')[0].disabled = ! jQuery('#article_accept_comments')[0].checked")
       ) +
       content_tag(
@@ -19,7 +19,7 @@ module BlockHelper
         content_tag('span', _('Title')) +
         text_field_tag('block[images][][title]', image[:title], :class => 'highlight-title', :size => 45)
       }</label></td>
-      <td>#{link_to '', '#', :class=>'button icon-button icon-delete delete-highlight', :confirm=>_('Are you sure you want to remove this highlight')}</td>
+      <td>#{button_without_text(:delete, _('Remove'), '#', class: 'delete-highlight', :confirm=>_('Are you sure you want to remove this highlight'))}</td>
     </tr>
     "
   end
@@ -38,8 +38,12 @@ module BoxesHelper
     end
   end
+  def boxes_limit holder
+    controller.send(:custom_design)[:boxes_limit] || holder.boxes_limit(controller.send(:custom_design)[:layout_template])
+  end
+
   def display_boxes(holder, main_content)
-    boxes = holder.boxes.with_position.first(holder.boxes_limit)
+    boxes = holder.boxes.with_position.first(boxes_limit(holder))
     content = boxes.reverse.map { |item| display_box(item, main_content) }.join("\n")
     content = main_content if (content.blank?)
@@ -65,11 +69,13 @@ module BoxesHelper
   end
   def display_box_content(box, main_content)
-    context = { :article => @page, :request_path => request.path, :locale => locale, :params => request.params, :user => user }
-    box_decorator.select_blocks(box.blocks.includes(:box), context).map { |item| display_block(item, main_content) }.join("\n") + box_decorator.block_target(box)
+    context = { :article => @page, :request_path => request.path, :locale => locale, :params => request.params, :user => user, :controller => controller }
+    box_decorator.select_blocks(box, box.blocks.includes(:box), context).map do |item|
+      display_block item, main_content
+    end.join("\n") + box_decorator.block_target(box)
   end
-  def select_blocks(arr, context)
+  def select_blocks box, arr, context
     arr
   end
@@ -150,8 +156,22 @@ module BoxesHelper
     def self.block_edit_buttons(block)
       ''
     end
-    def self.select_blocks(arr, context)
-      arr.select { |block| block.visible?(context) }
+    def self.select_blocks box, arr, context
+      arr = arr.select{ |block| block.visible? context }
+
+      custom_design = context[:controller].send(:custom_design)
+      inserts = [custom_design[:insert]].flatten.compact
+      inserts.each do |insert_opts|
+        next unless box.position == insert_opts[:box]
+        position, block = insert_opts[:position], insert_opts[:block]
+        block = block.new box: box if block.is_a? Class
+
+        if not insert_opts[:uniq] or not box.blocks.map(&:class).include? block.klass
+          arr = arr.insert position, block
+        end
+      end
+
+      arr
     end
   end
@@ -211,7 +231,7 @@ module BoxesHelper
       end
       if block.editable?
-        buttons << colorbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
+        buttons << modal_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
       end
       if !block.main?
@@ -221,7 +241,7 @@ module BoxesHelper
     end
     if block.respond_to?(:help)
-      buttons << thickbox_inline_popup_icon(:help, _('Help on this block'), {}, "help-on-box-#{block.id}") << content_tag('div', content_tag('h2', _('Help')) + content_tag('div', block.help, :style => 'margin-bottom: 1em;') + thickbox_close_button(_('Close')), :style => 'display: none;', :id => "help-on-box-#{block.id}")
+      buttons << modal_inline_icon(:help, _('Help on this block'), {}, "#help-on-box-#{block.id}") << content_tag('div', content_tag('h2', _('Help')) + content_tag('div', block.help, :style => 'margin-bottom: 1em;') + modal_close_button(_('Close')), :style => 'display: none;', :id => "help-on-box-#{block.id}")
     end
     if block.embedable?
@@ -25,10 +25,13 @@ module CategoriesHelper
     )
   end
-  def update_categories_link(body, category_id=nil, html_options={})
+  #TODO: remove this function and, in views, use existing basic buttons
+  def update_categories_link(type, body, category_id=nil, html_options={})
+    html_class = 'select-subcategory-link'
+    html_class = " icon-#{type}  btn btn-primary btn-xs" if type.present?
     link_to body,
       { :action => "update_categories", :category_id => category_id, :id => @object },
-      {:id => category_id ? "select-category-#{category_id}-link" : nil, :remote => true, :class => 'select-subcategory-link'}.merge(html_options)
+      {:id => category_id ? "select-category-#{category_id}-link" : nil, :remote => true, :class => html_class}.merge(html_options)
   end
 end
@@ -6,8 +6,9 @@ module ChatHelper
       ['icon-menu-busy', _('Busy'), 'chat-busy'],
       ['icon-menu-offline', _('Sign out of chat'), 'chat-disconnect'],
     ]
+    avatar = profile_image(user, :portrait, :class => 'avatar')
     content_tag('span',
-      link_to(content_tag('span', status) + ui_icon('ui-icon-triangle-1-s'),
+      link_to(avatar + content_tag('span', user.name) + ui_icon('ui-icon-triangle-1-s'),
         '#',
         :onclick => 'toggleMenu(this); return false',
         :class => icon_class + ' simplemenu-trigger'
@@ -40,12 +40,8 @@ module CmsHelper
     end
   end
-  def display_spread_button(profile, article)
-    if profile.person?
-      expirable_button article, :spread, _('Spread this'), :action => 'publish', :id => article.id
-    elsif profile.community? && environment.portal_community
-      expirable_button article, :spread, _('Spread this'), :action => 'publish_on_portal_community', :id => article.id
-    end
+  def display_spread_button(article)
+    expirable_button article, :spread, _('Spread this'), {:action => 'publish', :id => article.id}, {:class => 'colorbox'}
   end
   def display_delete_button(article)
@@ -1,25 +0,0 @@
-module ColorboxHelper
-
-  def colorbox_close_button(text, options = {})
-    button(:close, text, '#', colorbox_options(options, :close))
-  end
-
-  def colorbox_button(type, label, url, options = {})
-    button(type, label, url, colorbox_options(options))
-  end
-
-  def colorbox_icon_button(type, label, url, options = {})
-    icon_button(type, label, url, colorbox_options(options))
-  end
-
-  # options must be an HTML options hash as passed to link_to etc.
-  #
-  # returns a new hash with colorbox class added. Keeps existing classes.
-  def colorbox_options(options, type=nil)
-    the_class = 'colorbox'
-    the_class += "-#{type.to_s}" unless type.nil?
-    the_class << " #{options[:class]}" if options.has_key?(:class)
-    options.merge(:class => the_class)
-  end
-
-end
@@ -65,7 +65,7 @@ module CommentHelper
   def link_for_edit(comment)
     if comment.can_be_updated_by?(user)
-      {:link => expirable_comment_link(comment, :edit, _('Edit'), url_for(:profile => profile.identifier, :controller => :comment, :action => :edit, :id => comment.id),:class => 'colorbox')}
+      {:link => expirable_comment_link(comment, :edit, _('Edit'), url_for(:profile => profile.identifier, :controller => :comment, :action => :edit, :id => comment.id),:class => 'modal')}
     end
   end
@@ -2,24 +2,14 @@ require &#39;noosfero/i18n&#39;
 module DatesHelper
-  # FIXME Date#strftime should translate this for us !!!!
-  MONTHS = [
-    N_('January'),
-    N_('February'),
-    N_('March'),
-    N_('April'),
-    N_('May'),
-    N_('June'),
-    N_('July'),
-    N_('August'),
-    N_('September'),
-    N_('October'),
-    N_('November'),
-    N_('December')
-  ]
-
-  def month_name(n)
-    _(MONTHS[n-1])
+  MONTHS = I18n.t('date.month_names')
+
+  def month_name(n, abbreviated = false)
+    if abbreviated
+      I18n.t('date.abbr_month_names')[n]
+    else
+      MONTHS[n]
+    end
   end
   # formats a date for displaying.
@@ -91,15 +81,7 @@ module DatesHelper
       _(date.strftime("%a"))
     else
       # FIXME Date#strftime should translate this for us !!!!
-      _([
-        N_('Sunday'),
-        N_('Monday'),
-        N_('Tuesday'),
-        N_('Wednesday'),
-        N_('Thursday'),
-        N_('Friday'),
-        N_('Saturday'),
-      ][date.wday])
+      I18n.t('date.day_names')[date.wday]
     end
   end
@@ -111,7 +93,7 @@ module DatesHelper
       date = date << 1
     end
     if opts[:only_month]
-      _('%{month}') % {:month => month_name(date.month.to_i) }
+      _('%{month}') % { :month => month_name(date.month.to_i) }
     else
       _('%{month} %{year}') % { :year => date.year, :month => month_name(date.month.to_i) }
     end
@@ -156,7 +138,7 @@ module DatesHelper
     else
       order = [:day, :month, :year]
     end
-    date_select(object, method, html_options.merge(options.merge(:include_blank => true, :order => order, :use_month_names => MONTHS.map {|item| gettext(item)})))
+    date_select(object, method, html_options.merge(options.merge(:include_blank => true, :order => order, :use_month_names => MONTHS)))
   end
 end
@@ -0,0 +1,50 @@
+module DesignHelper
+
+  extend ActiveSupport::Concern
+
+  included do
+    extend ClassMethods
+    include InstanceMethods
+    before_filter :load_custom_design if self.respond_to? :before_filter
+  end
+
+  module ClassMethods
+
+    def no_design_blocks
+      @no_design_blocks = true
+    end
+
+    def use_custom_design options = {}
+      @custom_design = options
+    end
+
+    def custom_design
+      @custom_design ||= {}
+    end
+
+    def uses_design_blocks?
+      !@no_design_blocks
+    end
+
+  end
+
+  module InstanceMethods
+
+    protected
+
+    def uses_design_blocks?
+      !@no_design_blocks && self.class.uses_design_blocks?
+    end
+
+    def load_custom_design
+      # see also: LayoutHelper#body_classes
+      @layout_template = self.class.custom_design[:layout_template]
+    end
+
+    def custom_design
+      @custom_design || self.class.custom_design
+    end
+
+  end
+
+end
@@ -265,7 +265,7 @@ module FormsHelper
     )
   end
-  def select_profile_folder(label_text, field_id, profile, default_value='', html_options = {}, js_options = {}, find_options = {})
+  def select_profile_folder(label_text, field_id, profile, default_value='', html_options = {}, js_options = {}, find_options = {}, extra_options = {})
     if find_options.empty?
       folders = profile.folders
     else
@@ -276,7 +276,7 @@ module FormsHelper
       select_tag(
         field_id,
         options_for_select(
-          [[profile.identifier, '']] +
+          [[(extra_options[:root_label] || profile.identifier), '']] +
           folders.collect {|f| [ profile.identifier + '/' +  f.full_name, f.id.to_s ] },
           default_value.to_s
         ),
 module LanguageHelper
   def language
-    locale
+    locale.to_s
   end
   def tinymce_language
@@ -20,7 +20,7 @@ module LanguageHelper
     separator = options[:separator] || ' &mdash; '
     if options[:element] == 'dropdown'
-      select_tag('lang', 
+      select_tag('lang',
         options_for_select(locales.map{|code,name| [name, code]}, current),
         :onchange => "document.location.href= #{url_for(params.merge(:lang => 'LANGUAGE'))}.replace(/LANGUAGE/, this.value) ;",
         :help => _('The language you choose here is the language used for options, buttons, etc. It does not affect the language of the content created by other users.')
@@ -31,12 +31,12 @@ module LayoutHelper
     plugins_javascripts = @plugins.map { |plugin| [plugin.js_files].flatten.map { |js| plugin.class.public_path(js) } }.flatten
     output = ''
-    output += render :file =>  'layouts/_javascript'
-    output += javascript_tag 'render_all_jquery_ui_widgets()'
+    output += render 'layouts/javascript'
     unless plugins_javascripts.empty?
       output += javascript_include_tag plugins_javascripts, :cache => "cache/plugins-#{Digest::MD5.hexdigest plugins_javascripts.to_s}"
     end
     output += theme_javascript_ng.to_s
+    output += javascript_tag 'render_all_jquery_ui_widgets()'
     output
   end
@@ -45,10 +45,10 @@ module LayoutHelper
     standard_stylesheets = [
       'application',
       'search',
-      'thickbox',
-      'lightbox',
       'colorbox',
+      'selectordie',
       'inputosaurus',
+      'chat',
       pngfix_stylesheet_path,
     ] + tokeninput_stylesheets
     plugins_stylesheets = @plugins.select(&:stylesheet?).map { |plugin| plugin.class.public_path('style.css') }
@@ -85,6 +85,7 @@ module LayoutHelper
     end
   end
+
   def icon_theme_stylesheet_path
     icon_themes = []
     theme_icon_themes = theme_option(:icon_theme) || []
@@ -115,8 +116,5 @@ module LayoutHelper
     end
   end
-  def meta_description_tag(article=nil)
-    article ? CGI.escapeHTML(truncate(strip_tags(article.body.to_s), :length => 200)) : environment.name
-  end
 end
@@ -1,36 +0,0 @@
-module LightboxHelper
-
-  def lightbox_link_to(text, url, options = {})
-    link_to(text, url, lightbox_options(options))
-  end
-
-  def lightbox_close_button(text, options = {})
-    button(:close, text, '#', lightbox_options(options, 'lbAction').merge(:rel => 'deactivate'))
-  end
-
-  def lightbox_button(type, label, url, options = {})
-    button(type, label, url, lightbox_options(options))
-  end
-
-  def lightbox_icon_button(type, label, url, options = {})
-    icon_button(type, label, url, lightbox_options(options))
-  end
-
-  # options must be an HTML options hash as passed to link_to etc.
-  #
-  # returns a new hash with lightbox class added. Keeps existing classes. 
-  def lightbox_options(options, lightbox_type = 'lbOn')
-    the_class = lightbox_type
-    the_class << " #{options[:class]}" if options.has_key?(:class)
-    options.merge(:class => the_class)
-  end
-
-  def lightbox?
-    request.xhr?
-  end
-
-  def lightbox_remote_button(type, label, url, options = {})
-    button(type, label, url, lightbox_options(options, 'remote-lbOn'))
-  end
-
-end
@@ -137,7 +137,7 @@ module ManageProductsHelper
     ui_button_to_remote(label,
                    {:update => "product-#{field}",
                    :url => { :controller => 'manage_products', :action => "edit", :id => product.id, :field => field },
-                   :complete => "$('edit-product-button-ui-#{field}').hide()",
+                   :complete => "jQuery('#edit-product-button-ui-#{field}').hide()",
                    :method => :get,
                    :loading => "loading_for_button('##{id}')"},
                    options)
@@ -0,0 +1,46 @@
+module ModalHelper
+
+  def modal_inline_link_to title, url, selector, options = {}
+    link_to title, url, modal_options(options.merge(:inline => selector))
+  end
+
+  def modal_inline_icon type, title, url, selector, options = {}
+    icon_button type, title, url, modal_options(options.merge(:inline => selector))
+  end
+
+  def modal_link_to title, url, options = {}
+    link_to title, url, modal_options(options)
+  end
+
+  def modal_close_link text, options = {}
+    link_to text, '#', modal_options(options, :close)
+  end
+
+  def modal_close_button(text, options = {})
+    button :close, text, '#', modal_options(options, :close).merge(:rel => 'deactivate')
+  end
+
+  def modal_button(type, label, url, options = {})
+    button type, label, url, modal_options(options)
+  end
+
+  def modal_icon_button(type, label, url, options = {})
+    icon_button type, label, url, modal_options(options)
+  end
+
+  # options must be an HTML options hash as passed to link_to etc.
+  #
+  # returns a new hash with modal class added. Keeps existing classes.
+  def modal_options(options, type=nil)
+    inline_selector = options.delete :inline
+    options[:onclick] = "return noosfero.modal.inline('#{inline_selector}')" if inline_selector
+
+    classes = if inline_selector then '' else 'modal-toggle' end
+    classes += " modal-#{type.to_s}" if type.present?
+    classes << " #{options[:class]}" if options.has_key? :class
+    options.merge!(:class => classes)
+
+    options
+  end
+
+end
@@ -1,15 +0,0 @@
-module PersonNotifierHelper
-
-  include ApplicationHelper
-
-  private
-
-  def path_to_image(source)
-    top_url + source
-  end
-
-  def top_url
-    top_url = @profile.environment ? @profile.environment.top_url : ''
-  end
-
-end
@@ -0,0 +1,9 @@
+module PluginsHelper
+
+  def plugins_product_tabs
+    @plugins.dispatch(:product_tabs, @product).map do |tab|
+      {:title => tab[:title], :id => tab[:id], :content => instance_eval(&tab[:content])}
+    end
+  end
+
+end
@@ -5,20 +5,23 @@ module SearchHelper
   BLOCKS_SEARCH_LIMIT = 24
   MULTIPLE_SEARCH_LIMIT = 8
-  SEARCHES = ActiveSupport::OrderedHash[
-    :articles, _('Contents'),
-    :enterprises, _('Enterprises'),
-    :people, _('People'),
-    :communities, _('Communities'),
-    :products, _('Products and Services'),
-    :events, _('Events'),
-  ]
+  FILTERS_TRANSLATIONS = {
+    :order => _('Order'),
+    :display => _('Display')
+  }
-  FILTER_TRANSLATION = {
-    'more_popular' => _('More popular'),
-    'more_active' => _('More active'),
-    'more_recent' => _('More recent'),
-    'more_comments' => _('More comments')
+  FILTERS_OPTIONS_TRANSLATION = {
+    :order => {
+      'more_popular' => _('More popular'),
+      'more_active' => _('More active'),
+      'more_recent' => _('More recent'),
+      'more_comments' => _('More comments')
+    },
+    :display => {
+      'map' => _('Map'),
+      'full' => _('Full'),
+      'compact' => _('Compact')
+    }
   }
   COMMON_PROFILE_LIST_BLOCK = [
@@ -56,7 +59,7 @@ module SearchHelper
   end
   def display?(asset, mode)
-    defined?(asset_class(asset)::SEARCH_DISPLAYS) && asset_class(asset)::SEARCH_DISPLAYS.include?(mode.to_s)
+    defined?(asset_class(asset)::SEARCH_FILTERS[:display]) && asset_class(asset)::SEARCH_FILTERS[:display].include?(mode.to_s)
   end
   def display_results(searches=nil, asset=nil)
@@ -93,6 +96,16 @@ module SearchHelper
     end
   end
+  def select_filter(name, options, default = nil)
+    if options.size <= 1
+      return
+    else
+      options = options.map {|option| [FILTERS_OPTIONS_TRANSLATION[name][option], option]}
+      options = options_for_select(options, :selected => (params[name] || default))
+      select_tag(name, options)
+    end
+  end
+
   def display_selector(asset, display, float = 'right')
     display = nil if display.blank?
     display ||= asset_class(asset).default_search_display
@@ -107,36 +120,32 @@ module SearchHelper
     end
   end
-  def filter_selector(asset, filter, float = 'right')
+  def filters(asset)
+    return if !asset
     klass = asset_class(asset)
-    if klass::SEARCH_FILTERS.count > 1
-      options = options_for_select(klass::SEARCH_FILTERS.map {|f| [FILTER_TRANSLATION[f], f]}, filter)
-      url_params = url_for(params.merge(:filter => 'FILTER'))
-      onchange = "document.location.href = '#{url_params}'.replace('FILTER', this.value)"
-      select_field = select_tag(:filter, options, :onchange => onchange)
-      content_tag('div',
-        content_tag('strong', _('Filter')) + ': ' + select_field,
-        :class => "search-customize-options"
-      )
-    end
+    content_tag('div', klass::SEARCH_FILTERS.map do |name, options|
+      default = klass.respond_to?("default_search_#{name}") ? klass.send("default_search_#{name}".to_s) : nil
+      select_filter(name, options, default)
+    end.join("\n"), :id => 'search-filters')
+  end
+
+  def assets_menu(selected)
+    assets = @enabled_searches.keys
+    #     Events is a search asset but do not have a good interface for
+    #TODO searching. When this is solved we may add it back again to the assets
+    #     menu.
+    assets.delete(:events)
+    content_tag('ul',
+      assets.map do |asset|
+        options = {}
+        options.merge!(:class => 'selected') if selected.to_s == asset.to_s
+        content_tag('li', asset_link(asset), options)
+      end.join("\n"),
+    :id => 'assets-menu')
   end
-  def filter_title(asset, filter)
-    {
-      'articles_more_recent' => _('More recent contents from network'),
-      'articles_more_popular' => _('More viewed contents from network'),
-      'articles_more_comments' => _('Most commented contents from network'),
-      'people_more_recent' => _('More recent people from network'),
-      'people_more_active' => _('More active people from network'),
-      'people_more_popular' => _('More popular people from network'),
-      'communities_more_recent' => _('More recent communities from network'),
-      'communities_more_active' => _('More active communities from network'),
-      'communities_more_popular' => _('More popular communities from network'),
-      'enterprises_more_recent' => _('More recent enterprises from network'),
-      'enterprises_more_active' => _('More active enterprises from network'),
-      'enterprises_more_popular' => _('More popular enterprises from network'),
-      'products_more_recent' => _('Highlights'),
-    }[asset.to_s + '_' + filter].to_s
+  def asset_link(asset)
+    link_to(@enabled_searches[asset], "/search/#{asset}")
   end
 end
@@ -0,0 +1,18 @@
+module SearchTermHelper
+  def register_search_term(term, total, indexed, context, asset='all')
+    normalized_term = normalize_term(term)
+    if normalized_term.present?
+      search_term = SearchTerm.find_or_create(normalized_term, context, asset)
+      SearchTermOccurrence.create!(:search_term => search_term, :total => total, :indexed => indexed)
+    end
+  end
+
+  #FIXME For some reason the job is created but nothing is ran.
+  #handle_asynchronously :register_search_term
+
+  #TODO Think smarter criteria to normalize search terms properly
+  def normalize_term(search_term)
+    search_term ||= ''
+    search_term.downcase
+  end
+end
@@ -1,11 +0,0 @@
-module ThickboxHelper
-  def thickbox_inline_popup_link(title, url, id, options = {})
-    link_to(title, url_for(url) + "#TB_inline?height=300&width=500&inlineId=#{id}&modal=true", {:class => 'thickbox'}.merge(options))
-  end
-  def thickbox_inline_popup_icon(type, title, url, id, options = {})
-    icon_button(type, title, url_for(url) + "#TB_inline?height=300&width=500&inlineId=#{id}&modal=true", {:class => "thickbox"}.merge(options))
-  end
-  def thickbox_close_button(title)
-    button_to_function(:close, title, 'tb_remove();')
-  end
-end
@@ -11,7 +11,7 @@ module TinymceHelper
   end
   def tinymce_init_js options = {}
-    options.merge! :document_base_url => environment.top_url,
+    options.merge! :document_base_url => top_url,
       :content_css => "/stylesheets/tinymce.css,#{macro_css_files}",
       :plugins => %w[compat3x advlist autolink lists link image charmap print preview hr anchor pagebreak
         searchreplace wordcount visualblocks visualchars code fullscreen
@@ -12,6 +12,7 @@ module TokenHelper
     options[:search_delay] ||= 1000
     options[:prevent_duplicates] ||=  true
     options[:backspace_delete_item] ||= false
+    options[:zindex] ||= 999
     options[:focus] ||= false
     options[:avoid_enter] ||= true
     options[:on_result] ||= 'null'
@@ -31,6 +32,7 @@ module TokenHelper
         searchDelay: #{options[:search_delay].to_json},
         preventDuplicates: #{options[:prevent_duplicates].to_json},
         backspaceDeleteItem: #{options[:backspace_delete_item].to_json},
+        zindex: #{options[:zindex].to_json},
         queryParam: #{options[:query_param].to_json},
         tokenLimit: #{options[:token_limit].to_json},
         onResult: #{options[:on_result]},
-class Comment::Notifier < ActionMailer::Base
+class CommentNotifier < ActionMailer::Base
   def notification(comment)
     profile = comment.article.profile
     @recipient = profile.nickname || profile.name
-class Scrap::Notifier < ActionMailer::Base
+class ScrapNotifier < ActionMailer::Base
   def notification(scrap)
     sender, receiver = scrap.sender, scrap.receiver
     @recipient = receiver.name
@@ -41,6 +41,23 @@ class UserMailer &lt; ActionMailer::Base
     )
   end
+  def profiles_suggestions_email(user)
+    @recipient = user.name
+    @environment = user.environment.name
+    @url = user.environment.top_url
+    @people_suggestions_url = user.people_suggestions_url
+    @people_suggestions = user.suggested_people.sample(3)
+    @communities_suggestions_url = user.communities_suggestions_url
+    @communities_suggestions = user.suggested_communities.sample(3)
+
+    mail(
+      content_type: 'text/html',
+      to: user.email,
+      from: "#{user.environment.name} <#{user.environment.contact_email}>",
+      subject: _("[%s] What about grow up your network?") % user.environment.name
+    )
+  end
+
   class Job < Struct.new(:user, :method)
     def perform
       UserMailer.send(method, user).deliver
@@ -14,6 +14,11 @@ class AddFriend &lt; Task
   alias :friend :target
   alias :friend= :target=
+  after_create do |task|
+    TaskMailer.invitation_notification(task).deliver unless task.friend
+    remove_from_suggestion_list(task)
+  end
+
   def perform
     target.add_friend(requestor, group_for_friend)
     requestor.add_friend(target, group_for_person)
@@ -48,4 +53,8 @@ class AddFriend &lt; Task
     {:type => :profile_image, :profile => requestor, :url => requestor.url}
   end
+  def remove_from_suggestion_list(task)
+    suggestion = task.requestor.profile_suggestions.find_by_suggestion_id task.target.id
+    suggestion.disable if suggestion
+  end
 end
@@ -10,6 +10,10 @@ class AddMember &lt; Task
   settings_items :roles
+  after_create do |task|
+    remove_from_suggestion_list(task)
+  end
+
   def perform
     if !self.roles or (self.roles.uniq.compact.length == 1 and self.roles.uniq.compact.first.to_i.zero?)
       self.roles = [Profile::Roles.member(organization.environment.id).id]
@@ -46,4 +50,9 @@ class AddMember &lt; Task
     _('You will need login to %{system} in order to accept or reject %{requestor} as a member of %{organization}.') % { :system => target.environment.name, :requestor => requestor.name, :organization => organization.name }
   end
+  def remove_from_suggestion_list(task)
+    suggestion = task.requestor.profile_suggestions.find_by_suggestion_id task.target.id
+    suggestion.disable if suggestion
+  end
+
 end
@@ -22,6 +22,7 @@ class ApproveArticle &lt; Task
   end
   settings_items :closing_statment, :article_parent_id, :highlighted
+  settings_items :create_link, :type => :boolean, :default => false
   def article_parent
     Article.find_by_id article_parent_id.to_i
@@ -48,7 +49,11 @@ class ApproveArticle &lt; Task
   end
   def perform
-    article.copy!(:name => name, :abstract => abstract, :body => body, :profile => target, :reference_article => article, :parent => article_parent, :highlighted => highlighted, :source => article.source, :last_changed_by_id => article.last_changed_by_id, :created_by_id => article.created_by_id)
+    if create_link
+      LinkArticle.create!(:reference_article => article, :profile => target, :parent => article_parent, :highlighted => highlighted)
+    else
+      article.copy!(:name => name, :abstract => abstract, :body => body, :profile => target, :reference_article => article, :parent => article_parent, :highlighted => highlighted, :source => article.source, :last_changed_by_id => article.last_changed_by_id, :created_by_id => article.created_by_id)
+    end
   end
   def title
-require 'hpricot'
 class Article < ActiveRecord::Base
@@ -14,20 +13,17 @@ class Article &lt; ActiveRecord::Base
   acts_as_having_image
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :abstract => 3,
-    :body => 2,
-    :slug => 1,
-    :filename => 1,
+    :name => {:label => _('Name'), :weight => 10},
+    :abstract => {:label => _('Abstract'), :weight => 3},
+    :body => {:label => _('Content'), :weight => 2},
+    :slug => {:label => _('Slug'), :weight => 1},
+    :filename => {:label => _('Filename'), :weight => 1},
   }
-  SEARCH_FILTERS = %w[
-    more_recent
-    more_popular
-    more_comments
-  ]
-
-  SEARCH_DISPLAYS = %w[full]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent more_popular more_comments],
+    :display => %w[full]
+  }
   def self.default_search_display
     'full'
@@ -110,6 +106,11 @@ class Article &lt; ActiveRecord::Base
     self.activity.destroy if self.activity
   end
+  after_destroy :destroy_link_article
+  def destroy_link_article
+    Article.where(:reference_article_id => self.id, :type => LinkArticle).destroy_all
+  end
+
   xss_terminate :only => [ :name ], :on => 'validation', :with => 'white_list'
   scope :in_category, lambda { |category|
@@ -388,6 +389,10 @@ class Article &lt; ActiveRecord::Base
     {}
   end
+  def alternate_languages
+    self.translations.map(&:language)
+  end
+
   scope :native_translations, :conditions => { :translation_of_id => nil }
   def translatable?
@@ -472,7 +477,9 @@ class Article &lt; ActiveRecord::Base
   scope :no_folders, lambda {|profile|{:conditions => ['articles.type NOT IN (?)', profile.folder_types]}}
   scope :galleries, :conditions => [ "articles.type IN ('Gallery')" ]
   scope :images, :conditions => { :is_image => true }
+  scope :no_images, :conditions => { :is_image => false }
   scope :text_articles, :conditions => [ 'articles.type IN (?)', text_article_types ]
+  scope :files, :conditions => { :type => 'UploadedFile' }
   scope :with_types, lambda { |types| { :conditions => [ 'articles.type IN (?)', types ] } }
   scope :more_popular, :order => 'hits DESC'
@@ -523,7 +530,10 @@ class Article &lt; ActiveRecord::Base
   end
   alias :allow_delete?  :allow_post_content?
-  alias :allow_spread?  :allow_post_content?
+
+  def allow_spread?(user = nil)
+    user && public?
+  end
   def allow_create?(user)
     allow_post_content?(user) || allow_publish_content?(user)
@@ -696,7 +706,7 @@ class Article &lt; ActiveRecord::Base
   end
   def first_paragraph
-    paragraphs = Hpricot(to_html).search('p')
+    paragraphs = Nokogiri::HTML.fragment(to_html).css('p')
     paragraphs.empty? ? '' : paragraphs.first.to_html
   end
@@ -718,8 +728,8 @@ class Article &lt; ActiveRecord::Base
   def body_images_paths
     require 'uri'
-    Hpricot(self.body.to_s).search('img[@src]').collect do |i|
-      (self.profile && self.profile.environment) ? URI.join(self.profile.environment.top_url, URI.escape(i.attributes['src'])).to_s : i.attributes['src']
+    Nokogiri::HTML.fragment(self.body.to_s).css('img[src]').collect do |i|
+      (self.profile && self.profile.environment) ? URI.join(self.profile.environment.top_url, URI.escape(i['src'])).to_s : i['src']
     end
   end
@@ -756,11 +766,11 @@ class Article &lt; ActiveRecord::Base
   end
   def first_image
-    img = Hpricot(self.lead.to_s).search('img[@src]').first || Hpricot(self.body.to_s).search('img').first
-    img.nil? ? '' : img.attributes['src']
+    img = Nokogiri::HTML.fragment(self.lead.to_s).css('img[src]').first || Nokogiri::HTML.fragment(self.body.to_s).search('img').first
+    img.nil? ? '' : img['src']
   end
-  delegate :region, :region_id, :environment, :environment_id, :to => :profile, :allow_nil => true
+  delegate :lat, :lng, :region, :region_id, :environment, :environment_id, :to => :profile, :allow_nil => true
   def has_macro?
     true
@@ -36,8 +36,7 @@ class BlogArchivesBlock &lt; Block
       results << content_tag('li', content_tag('strong', "#{year} (#{count})"))
       results << "<ul class='#{year}-archive'>"
       posts.except(:order).count(:all, :conditions => ['EXTRACT(YEAR FROM published_at)=?', year], :group => 'EXTRACT(MONTH FROM published_at)').sort_by {|month, count| -month.to_i}.each do |month, count|
-        month_name = gettext(MONTHS[month.to_i - 1])
-        results << content_tag('li', link_to("#{month_name} (#{count})", owner_blog.url.merge(:year => year, :month => month)))
+        results << content_tag('li', link_to("#{month_name(month.to_i)} (#{count})", owner_blog.url.merge(:year => year, :month => month)))
       end
       results << "</ul>"
     end
@@ -14,8 +14,8 @@ class Box &lt; ActiveRecord::Base
   end
   def acceptable_blocks
-    blocks_classes = central?  ? Box.acceptable_center_blocks + plugins.dispatch(:extra_blocks, :type => owner.class, :position => 1) : Box.acceptable_side_blocks + plugins.dispatch(:extra_blocks, :type => owner.class, :position => [2, 3])
-    to_css_class_name(blocks_classes)
+    blocks_classes = if central? then Box.acceptable_center_blocks + plugins.dispatch(:extra_blocks, :type => owner.class, :position => 1) else Box.acceptable_side_blocks + plugins.dispatch(:extra_blocks, :type => owner.class, :position => [2, 3]) end
+    to_css_selector blocks_classes
   end
   def central?
@@ -74,8 +74,8 @@ class Box &lt; ActiveRecord::Base
   private
-  def to_css_class_name(blocks_classes)
-    blocks_classes.map{ |block_class| block_class.name.to_css_class }
+  def to_css_selector(blocks_classes)
+    blocks_classes.map{ |block_class| ".#{block_class.name.to_css_class}" }.join(',')
   end
 end
@@ -3,10 +3,10 @@ class Category &lt; ActiveRecord::Base
   attr_accessible :name, :parent_id, :display_color, :display_in_menu, :image_builder, :environment, :parent
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :acronym => 5,
-    :abbreviation => 5,
-    :slug => 1,
+    :name => {:label => _('Name'), :weight => 10},
+    :acronym => {:label => _('Acronym'), :weight => 5},
+    :abbreviation => {:label => _('Abbreviation'), :weight => 5},
+    :slug => {:label => _('Slug'), :weight => 1},
   }
   validates_exclusion_of :slug, :in => [ 'index' ], :message => N_('{fn} cannot be like that.').fix_i18n
@@ -3,9 +3,9 @@ class Certifier &lt; ActiveRecord::Base
   attr_accessible :name, :environment
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :description => 3,
-    :link => 1,
+    :name => {:label => _('Name'), :weight => 10},
+    :description => {:label => _('Description'), :weight => 3},
+    :link => {:label => _('Link'), :weight => 1},
   }
   belongs_to :environment
@@ -0,0 +1,7 @@
+class ChatMessage < ActiveRecord::Base
+  attr_accessible :body, :from, :to
+
+  belongs_to :to, :class_name => 'Profile'
+  belongs_to :from, :class_name => 'Profile'
+
+end
 class Comment < ActiveRecord::Base
   SEARCHABLE_FIELDS = {
-    :title => 10,
-    :name => 4,
-    :body => 2,
+    :title => {:label => _('Title'), :weight => 10},
+    :name => {:label => _('Name'), :weight => 4},
+    :body => {:label => _('Content'), :weight => 2},
   }
   attr_accessible :body, :author, :name, :email, :title, :reply_of_id, :source
@@ -134,11 +134,11 @@ class Comment &lt; ActiveRecord::Base
   def notify_by_mail
     if source.kind_of?(Article) && article.notify_comments?
       if !notification_emails.empty?
-        Comment::Notifier.notification(self).deliver
+        CommentNotifier.notification(self).deliver
       end
       emails = article.followers - [author_email]
       if !emails.empty?
-        Comment::Notifier.mail_to_followers(self, emails).deliver
+        CommentNotifier.mail_to_followers(self, emails).deliver
       end
     end
   end
@@ -14,19 +14,17 @@ class CommunitiesBlock &lt; ProfileListBlock
     _('This block displays the communities in which the user is a member.')
   end
+  def suggestions
+    return nil unless owner.kind_of?(Profile)
+    owner.profile_suggestions.of_community.enabled.limit(3).includes(:suggestion)
+  end
+
   def footer
     owner = self.owner
-    case owner
-    when Profile
-      lambda do |context|
-        link_to s_('communities|View all'), :profile => owner.identifier, :controller => 'profile', :action => 'communities'
-      end
-    when Environment
-      lambda do |context|
-        link_to s_('communities|View all'), :controller => 'search', :action => 'communities'
-      end
-    else
-      ''
+    suggestions = self.suggestions
+    return '' unless owner.kind_of?(Profile) || owner.kind_of?(Environment)
+    proc do
+      render :file => 'blocks/communities', :locals => { :owner => owner, :suggestions => suggestions }
     end
   end
@@ -73,7 +73,13 @@ class CreateEnterprise &lt; Task
   # sets the associated region for the enterprise creation
   def region=(value)
-    raise ArgumentError.new("Region expected, but got #{value.class}") unless value.kind_of?(Region)
+    unless value.kind_of?(Region)
+      begin
+        value = Region.find(value)
+      rescue
+        raise ArgumentError.new("Could not find any region with the id #{value}")
+      end
+    end
     @region = value
     self.region_id = value.id
@@ -4,7 +4,10 @@ class Enterprise &lt; Organization
   attr_accessible :business_name, :address_reference, :district, :tag_list, :organization_website, :historic_and_current_context, :activities_short_description, :products_per_catalog_page
-  SEARCH_DISPLAYS += %w[map full]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent more_popular more_active],
+    :display => %w[compact full map]
+  }
   def self.type_name
     _('Enterprise')
@@ -16,7 +19,8 @@ class Enterprise &lt; Organization
   has_many :inputs, :through => :products
   has_many :production_costs, :as => :owner
-  has_and_belongs_to_many :fans, :class_name => 'Person', :join_table => 'favorite_enteprises_people'
+  has_many :favorite_enterprise_people
+  has_many :fans, through: :favorite_enterprise_people, source: :person
   def product_categories
     ProductCategory.by_enterprise(self)
@@ -3,13 +3,14 @@
 # domains.
 class Environment < ActiveRecord::Base
-  attr_accessible :name, :is_default, :signup_welcome_text_subject, :signup_welcome_text_body, :terms_of_use, :message_for_disabled_enterprise, :news_amount_by_folder, :default_language, :languages, :description, :organization_approval_method, :enabled_plugins, :enabled_features, :redirection_after_login, :redirection_after_signup, :contact_email, :theme, :reports_lower_bound, :noreply_email, :signup_welcome_screen_body, :members_whitelist_enabled, :members_whitelist
+  attr_accessible :name, :is_default, :signup_welcome_text_subject, :signup_welcome_text_body, :terms_of_use, :message_for_disabled_enterprise, :news_amount_by_folder, :default_language, :languages, :description, :organization_approval_method, :enabled_plugins, :enabled_features, :redirection_after_login, :redirection_after_signup, :contact_email, :theme, :reports_lower_bound, :noreply_email, :signup_welcome_screen_body, :members_whitelist_enabled, :members_whitelist, :highlighted_news_amount, :portal_news_amount
   has_many :users
   self.partial_updates = false
   has_many :tasks, :dependent => :destroy, :as => 'target'
+  has_many :search_terms, :as => :context
   IDENTIFY_SCRIPTS = /(php[0-9s]?|[sp]htm[l]?|pl|py|cgi|rb)/
@@ -85,7 +86,9 @@ class Environment &lt; ActiveRecord::Base
   end
   def admins
-    Person.members_of(self).all(:conditions => ['role_assignments.role_id = ?', Environment::Roles.admin(self).id])
+    admin_role = Environment::Roles.admin(self)
+    return [] if admin_role.blank?
+    Person.members_of(self).all(:conditions => ['role_assignments.role_id = ?', admin_role.id])
   end
   # returns the available features for a Environment, in the form of a
@@ -155,7 +158,8 @@ class Environment &lt; ActiveRecord::Base
       'site_homepage' => _('Redirects the user to the environment homepage.'),
       'user_profile_page' => _('Redirects the user to his profile page.'),
       'user_homepage' => _('Redirects the user to his homepage.'),
-      'user_control_panel' => _('Redirects the user to his control panel.')
+      'user_control_panel' => _('Redirects the user to his control panel.'),
+      'welcome_page' => _('Redirects the user to the environment welcome page.')
     }
   end
   validates_inclusion_of :redirection_after_signup, :in => Environment.signup_redirection_options.keys, :allow_nil => true
@@ -264,9 +268,12 @@ class Environment &lt; ActiveRecord::Base
   settings_items :description, :type => String, :default => '<div style="text-align: center"><a href="http://noosfero.org/"><img src="/images/noosfero-network.png" alt="Noosfero"/></a></div>'
   settings_items :local_docs, :type => Array, :default => []
   settings_items :news_amount_by_folder, :type => Integer, :default => 4
+  settings_items :highlighted_news_amount, :type => Integer, :default => 2
+  settings_items :portal_news_amount, :type => Integer, :default => 5
   settings_items :help_message_to_add_enterprise, :type => String, :default => ''
   settings_items :tip_message_enterprise_activation_question, :type => String, :default => ''
+  settings_items :currency_iso_unit, :type => String, :default => 'USD'
   settings_items :currency_unit, :type => String, :default => '$'
   settings_items :currency_separator, :type => String, :default => '.'
   settings_items :currency_delimiter, :type => String, :default => ','
@@ -657,8 +664,8 @@ class Environment &lt; ActiveRecord::Base
     { :controller => 'admin_panel', :action => 'index' }
   end
-  def top_url
-    url = 'http://'
+  def top_url(scheme = 'http')
+    url = scheme + '://'
     url << (Noosfero.url_options.key?(:host) ? Noosfero.url_options[:host] : default_hostname)
     url << ':' << Noosfero.url_options[:port].to_s if Noosfero.url_options.key?(:port)
     url << Noosfero.root('')
@@ -824,6 +831,10 @@ class Environment &lt; ActiveRecord::Base
     "home-page-news/#{cache_key}-#{language}"
   end
+  def portal_enabled
+    portal_community && enabled?('use_portal_community')
+  end
+
   def notification_emails
     [contact_email].select(&:present?) + admins.map(&:email)
   end
@@ -937,6 +948,10 @@ class Environment &lt; ActiveRecord::Base
     locales_list
   end
+  def has_license?
+    self.licenses.any?
+  end
+
   private
   def default_language_available
@@ -19,7 +19,7 @@ class Event &lt; Article
     maybe_add_http(self.setting[:link])
   end
-  xss_terminate :only => [ :body, :link, :address ], :with => 'white_list', :on => 'validation'
+  xss_terminate :only => [ :name, :body, :link, :address ], :with => 'white_list', :on => 'validation'
   def initialize(*args)
     super(*args)
@@ -141,6 +141,10 @@ class Event &lt; Article
     result
   end
+  def duration
+    ((self.end_date || self.start_date) - self.start_date).to_i
+  end
+
   def lead
     content_tag('div',
       show_period(start_date, end_date),
@@ -14,9 +14,9 @@ class ExternalFeed &lt; ActiveRecord::Base
   def add_item(title, link, date, content)
     return if content.blank?
-    doc = Hpricot(content)
-    doc.search('*').each do |p|
-      if p.instance_of? Hpricot::Elem
+    doc = Nokogiri::HTML.fragment content
+    doc.css('*').each do |p|
+      if p.instance_of? Nokogiri::XML::Element
         p.remove_attribute 'style'
         p.remove_attribute 'class'
       end
@@ -26,10 +26,10 @@ class ExternalFeed &lt; ActiveRecord::Base
     article = TinyMceArticle.new
     article.name = title
     article.profile = blog.profile
-    article.body = content 
-    article.published_at = date 
-    article.source = link 
-    article.profile = blog.profile 
+    article.body = content
+    article.published_at = date
+    article.source = link
+    article.profile = blog.profile
     article.parent = blog
     article.author_name = self.feed_title
     unless blog.children.exists?(:slug => article.slug)
@@ -0,0 +1,8 @@
+class FavoriteEnterprisePerson < ActiveRecord::Base
+
+  self.table_name = :favorite_enteprises_people
+
+  belongs_to :enterprise
+  belongs_to :person
+
+end
@@ -12,7 +12,7 @@ class Folder &lt; Article
   acts_as_having_settings :field => :setting
-  xss_terminate :only => [ :body ], :with => 'white_list', :on => 'validation'
+  xss_terminate :only => [ :name, :body ], :with => 'white_list', :on => 'validation'
   include WhiteListFilter
   filter_iframes :body
@@ -54,7 +54,7 @@ class Forum &lt; Folder
   def first_paragraph
     return '' if body.blank?
-    paragraphs = Hpricot(body).search('p')
+    paragraphs = Nokogiri::HTML.fragment(body).css('p')
     paragraphs.empty? ? '' : paragraphs.first.to_html
   end
 class Input < ActiveRecord::Base
-  attr_accessible :product, :product_category, :product_category_id, :amount_used, :unit_id, :price_per_unit, :relevant_to_price
+  attr_accessible :product, :product_id, :product_category, :product_category_id,
+    :amount_used, :unit_id, :price_per_unit, :relevant_to_price, :is_from_solidarity_economy
   belongs_to :product
   belongs_to :product_category
@@ -51,7 +51,10 @@ class Invitation &lt; Task
       next if contact_to_invite == _("Firstname Lastname <friend@email.com>")
       contact_to_invite.strip!
-      if match = contact_to_invite.match(/(.*)<(.*)>/) and match[2].match(Noosfero::Constants::EMAIL_FORMAT)
+      find_by_profile_id = false
+      if contact_to_invite.match(/^\d*$/)
+        find_by_profile_id = true
+      elsif match = contact_to_invite.match(/(.*)<(.*)>/) and match[2].match(Noosfero::Constants::EMAIL_FORMAT)
         friend_name = match[1].strip
         friend_email = match[2]
       elsif match = contact_to_invite.strip.match(Noosfero::Constants::EMAIL_FORMAT)
@@ -61,11 +64,15 @@ class Invitation &lt; Task
         next
       end
-      user = User.find_by_email(friend_email)
+      begin
+        user = find_by_profile_id ? Person.find_by_id(contact_to_invite).user : User.find_by_email(friend_email)
+      rescue
+        user = nil
+      end
-      task_args = if user.nil?
+      task_args = if user.nil? && !find_by_profile_id
         {:person => person, :friend_name => friend_name, :friend_email => friend_email, :message => message}
-      else
+      elsif user.present? && !(user.person.is_a_friend?(person) && profile.person?)
         {:person => person, :target => user.person}
       end
 class InviteFriend < Invitation
   settings_items :group_for_person, :group_for_friend
+  before_create :check_for_invitation_existence
   def perform
     person.add_friend(friend, group_for_person)
@@ -41,4 +42,11 @@ class InviteFriend &lt; Invitation
     ].join("\n\n")
   end
+  private
+  def check_for_invitation_existence
+    if friend
+      friend.tasks.pending.of("InviteFriend").find(:all, :conditions => {:requestor_id => person.id, :target_id => friend.id}).blank?
+    end
+  end
+
 end
@@ -2,6 +2,7 @@ class InviteMember &lt; Invitation
   settings_items :community_id, :type => :integer
   validates_presence_of :community_id
+  before_create :check_for_invitation_existence
   def community
     Community.find(community_id)
@@ -39,6 +40,14 @@ class InviteMember &lt; Invitation
     _('%{requestor} invited you to join %{community}.') % {:requestor => requestor.name, :community => community.name}
   end
+  def target_notification_message
+    if friend
+      _('%{requestor} is inviting you to join "%{community}" on %{system}.') % { :system => target.environment.name, :requestor => requestor.name, :community => community.name }
+    else
+      super
+    end
+  end
+
   def expanded_message
     super.gsub /<community>/, community.name
   end
@@ -53,4 +62,11 @@ class InviteMember &lt; Invitation
     ].join("\n\n")
   end
+  private
+  def check_for_invitation_existence
+    if friend
+      friend.tasks.pending.of("InviteMember").find(:all, :conditions => {:requestor_id => person.id}).select { |t| t.data[:community_id] == community_id }.blank?
+    end
+  end
+
 end
@@ -3,8 +3,8 @@ class License &lt; ActiveRecord::Base
   attr_accessible :name, :url
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :url => 5,
+    :name => {:label => _('Name'), :weight => 10},
+    :url => {:label => _('URL'), :weight => 5},
   }
   belongs_to :environment
@@ -0,0 +1,14 @@
+class LinkArticle < Article
+
+  attr_accessible :reference_article
+
+  def self.short_description
+    "Article link"
+  end
+
+  delegate :name, :to => :reference_article
+  delegate :body, :to => :reference_article
+  delegate :abstract, :to => :reference_article
+  delegate :url, :to => :reference_article
+
+end
 class NationalRegion < ActiveRecord::Base
   SEARCHABLE_FIELDS = {
-    :name => 1,
-    :national_region_code => 1,
+    :name => {:label => _('Name'), :weight => 1},
+    :national_region_code => {:label => _('Region Code'), :weight => 1},
   }
   def self.search_city(city_name, like = false, state = nil)
@@ -3,10 +3,11 @@ class Organization &lt; Profile
   attr_accessible :moderated_articles, :foundation_year, :contact_person, :acronym, :legal_form, :economic_activity, :management_information, :cnpj, :display_name, :enable_contact_us
-  SEARCH_FILTERS += %w[
-    more_popular
-    more_active
-  ]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent more_popular more_active],
+    :display => %w[compact]
+  }
+
   settings_items :closed, :type => :boolean, :default => false
   def closed?
@@ -176,4 +177,8 @@ class Organization &lt; Profile
     self.visible = false
     save!
   end
+
+  def allow_invitation_from?(person)
+    (followed_by?(person) && self.allow_members_to_invite) || person.has_permission?('invite-members', self)
+  end
 end
@@ -3,10 +3,11 @@ class Person &lt; Profile
   attr_accessible :organization, :contact_information, :sex, :birth_date, :cell_phone, :comercial_phone, :jabber_id, :personal_website, :nationality, :address_reference, :district, :schooling, :schooling_status, :formation, :custom_formation, :area_of_study, :custom_area_of_study, :professional_activity, :organization_website
-  SEARCH_FILTERS += %w[
-    more_popular
-    more_active
-  ]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent more_popular more_active],
+    :display => %w[compact]
+  }
+
   def self.type_name
     _('Person')
@@ -21,16 +22,34 @@ class Person &lt; Profile
     { :select => 'DISTINCT profiles.*', :joins => :role_assignments, :conditions => [conditions] }
   }
+  scope :not_members_of, lambda { |resources|
+    resources = [resources] if !resources.kind_of?(Array)
+    conditions = resources.map {|resource| "role_assignments.resource_type = '#{resource.class.base_class.name}' AND role_assignments.resource_id = #{resource.id || -1}"}.join(' OR ')
+    { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "role_assignments" ON "role_assignments"."accessor_id" = "profiles"."id" AND "role_assignments"."accessor_type" = (\'Profile\') WHERE "profiles"."type" IN (\'Person\') AND (%s))' % conditions] }
+  }
+
   scope :by_role, lambda { |roles|
     roles = [roles] unless roles.kind_of?(Array)
     { :select => 'DISTINCT profiles.*', :joins => :role_assignments, :conditions => ['role_assignments.role_id IN (?)',
 roles] }
   }
-  def has_permission_with_plugins?(permission, profile)
-    permissions = [has_permission_without_plugins?(permission, profile)]
+  scope :not_friends_of, lambda { |resources|
+    resources = Array(resources)
+    { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] }
+  }
+
+  def has_permission_with_admin?(permission, resource)
+    return true if resource.blank? || resource.admins.include?(self)
+    return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self)
+    has_permission_without_admin?(permission, resource)
+  end
+  alias_method_chain :has_permission?, :admin
+
+  def has_permission_with_plugins?(permission, resource)
+    permissions = [has_permission_without_plugins?(permission, resource)]
     permissions += plugins.map do |plugin|
-      plugin.has_permission?(self, permission, profile)
+      plugin.has_permission?(self, permission, resource)
     end
     permissions.include?(true)
   end
@@ -45,9 +64,9 @@ roles] }
     ScopeTool.union *scopes
   end
-   def memberships_by_role(role)
-     memberships.where('role_assignments.role_id = ?', role.id)
-   end
+  def memberships_by_role(role)
+    memberships.where('role_assignments.role_id = ?', role.id)
+  end
   has_many :friendships, :dependent => :destroy
   has_many :friends, :class_name => 'Person', :through => :friendships
@@ -65,6 +84,10 @@ roles] }
   has_and_belongs_to_many :acepted_forums, :class_name => 'Forum', :join_table => 'terms_forum_people'
   has_and_belongs_to_many :articles_with_access, :class_name => 'Article', :join_table => 'article_privacy_exceptions'
+  has_many :profile_suggestions, :foreign_key => :person_id, :order => 'score DESC', :dependent => :destroy
+  has_many :suggested_people, :through => :profile_suggestions, :source => :suggestion, :conditions => ['profile_suggestions.suggestion_type = ? AND profile_suggestions.enabled = ?', 'Person', true]
+  has_many :suggested_communities, :through => :profile_suggestions, :source => :suggestion, :conditions => ['profile_suggestions.suggestion_type = ? AND profile_suggestions.enabled = ?', 'Community', true]
+
   scope :more_popular, :order => 'friends_count DESC'
   scope :abusers, :joins => :abuse_complaints, :conditions => ['tasks.status = 3'], :select => 'DISTINCT profiles.*'
@@ -118,12 +141,12 @@ roles] }
   end
   def add_friend(friend, group = nil)
-   unless self.is_a_friend?(friend)
+    unless self.is_a_friend?(friend)
       friendship = self.friendships.build
       friendship.friend = friend
       friendship.group = group
       friendship.save
-   end
+    end
   end
   def already_request_friendship?(person)
@@ -497,6 +520,15 @@ roles] }
     person.notifier.reschedule_next_notification_mail
   end
+  def remove_suggestion(profile)
+    suggestion = profile_suggestions.find_by_suggestion_id profile.id
+    suggestion.disable if suggestion
+  end
+
+  def allow_invitation_from?(person)
+    person.has_permission?(:manage_friends, self)
+  end
+
   protected
   def followed_by?(profile)
@@ -22,12 +22,17 @@ class PersonNotifier
     schedule_next_notification_mail
   end
+  def notify_from
+    @person.last_notification || DateTime.now - @person.notification_time.hours
+  end
+
   def notify
     if @person.notification_time && @person.notification_time > 0
-      from = @person.last_notification || DateTime.now - @person.notification_time.hours
-      notifications = @person.tracked_notifications.find(:all, :conditions => ["created_at > ?", from])
+      notifications = @person.tracked_notifications.find(:all, :conditions => ["created_at > ?", notify_from])
+      tasks = Task.to(@person).without_spam.pending.where("created_at > ?", notify_from).order_by('created_at', 'asc')
+
       Noosfero.with_locale @person.environment.default_language do
-        Mailer::content_summary(@person, notifications).deliver unless notifications.empty?
+        Mailer::content_summary(@person, notifications, tasks).deliver unless notifications.empty? && tasks.empty?
       end
       @person.settings[:last_notification] = DateTime.now
       @person.save!
@@ -59,32 +64,42 @@ class PersonNotifier
     end
     def failure(job)
-      person = Person.find(person_id)
-      person.notifier.dispatch_notification_mail
+      begin
+        person = Person.find(person_id)
+        person.notifier.dispatch_notification_mail
+      rescue
+        Rails.logger.error "PersonNotifier::NotifyJob: Cannot recover from failure"
+      end
     end
   end
   class Mailer < ActionMailer::Base
-    add_template_helper(PersonNotifierHelper)
+    add_template_helper(ApplicationHelper)
     def session
       {:theme => nil}
     end
-    def content_summary(person, notifications)
+    def content_summary(person, notifications, tasks)
+      if person.environment
+        ActionMailer::Base.asset_host = person.environment.top_url
+        ActionMailer::Base.default_url_options[:host] = person.environment.default_hostname
+      end
+
       @current_theme = 'default'
       @profile = person
       @recipient = @profile.nickname || @profile.name
       @notifications = notifications
+      @tasks = tasks
       @environment = @profile.environment.name
       @url = @profile.environment.top_url
       mail(
         content_type: "text/html",
         from: "#{@profile.environment.name} <#{@profile.environment.noreply_email}>",
         to: @profile.email,
-        subject: _("[%s] Network Activity") % [@profile.environment.name]
+        subject: _("[%s] Notifications") % [@profile.environment.name]
       )
     end
   end
 class Product < ActiveRecord::Base
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :description => 1,
+    :name => {:label => _('Name'), :weight => 10},
+    :description => {:label => _('Description'), :weight => 1},
   }
-  SEARCH_FILTERS = %w[
-    more_recent
-  ]
-
-  SEARCH_DISPLAYS = %w[map full]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent],
+    :display => %w[full map]
+  }
-  attr_accessible :name, :product_category, :highlighted, :price, :enterprise, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs, :qualifiers_list
+  attr_accessible :name, :product_category, :profile, :profile_id, :enterprise,
+    :highlighted, :price, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs, :qualifiers_list
   def self.default_search_display
     'full'
@@ -237,7 +237,7 @@ class Product &lt; ActiveRecord::Base
   def percentage_from_solidarity_economy
     se_i = t_i = 0
-    self.inputs(true).each{ |i| t_i += 1; se_i += 1 if i.is_from_solidarity_economy }
+    self.inputs.each{ |i| t_i += 1; se_i += 1 if i.is_from_solidarity_economy }
     t_i = 1 if t_i == 0 # avoid division by 0
     p = case (se_i.to_f/t_i)*100
         when 0 then [0, '']
@@ -3,7 +3,7 @@
 # which by default is the one returned by Environment:default.
 class Profile < ActiveRecord::Base
-  attr_accessible :name, :identifier, :public_profile, :nickname, :custom_footer, :custom_header, :address, :zip_code, :contact_phone, :image_builder, :description, :closed, :template_id, :environment, :lat, :lng, :is_template, :fields_privacy, :preferred_domain_id, :category_ids, :country, :city, :state, :national_region_code, :email, :contact_email, :redirect_l10n, :notification_time, :redirection_after_login
+  attr_accessible :name, :identifier, :public_profile, :nickname, :custom_footer, :custom_header, :address, :zip_code, :contact_phone, :image_builder, :description, :closed, :template_id, :environment, :lat, :lng, :is_template, :fields_privacy, :preferred_domain_id, :category_ids, :country, :city, :state, :national_region_code, :email, :contact_email, :redirect_l10n, :notification_time, :redirection_after_login, :email_suggestions, :allow_members_to_invite, :invite_friends_only
   # use for internationalizable human type names in search facets
   # reimplement on subclasses
@@ -12,16 +12,15 @@ class Profile &lt; ActiveRecord::Base
   end
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :identifier => 5,
-    :nickname => 2,
+    :name => {:label => _('Name'), :weight => 10},
+    :identifier => {:label => _('Username'), :weight => 5},
+    :nickname => {:label => _('Nickname'), :weight => 2},
   }
-  SEARCH_FILTERS = %w[
-    more_recent
-  ]
-
-  SEARCH_DISPLAYS = %w[compact]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent],
+    :display => %w[compact]
+  }
   def self.default_search_display
     'compact'
@@ -123,6 +122,7 @@ class Profile &lt; ActiveRecord::Base
   scope :visible, :conditions => { :visible => true }
   scope :disabled, :conditions => { :visible => false }
   scope :public, :conditions => { :visible => true, :public_profile => true }
+  scope :enabled, :conditions => { :enabled => true }
   # Subclasses must override this method
   scope :more_popular
@@ -139,6 +139,17 @@ class Profile &lt; ActiveRecord::Base
   has_many :comments_received, :class_name => 'Comment', :through => :articles, :source => :comments
+  # Although this should be a has_one relation, there are no non-silly names for
+  # a foreign key on article to reference the template to which it is
+  # welcome_page... =P
+  belongs_to :welcome_page, :class_name => 'Article', :dependent => :destroy
+
+  def welcome_page_content
+    welcome_page && welcome_page.published ? welcome_page.body : nil
+  end
+
+  has_many :search_terms, :as => :context
+
   def scraps(scrap=nil)
     scrap = scrap.is_a?(Scrap) ? scrap.id : scrap
     scrap.nil? ? Scrap.all_scraps(self) : Scrap.all_scraps(self).find(scrap)
@@ -154,6 +165,7 @@ class Profile &lt; ActiveRecord::Base
   settings_items :public_content, :type => :boolean, :default => true
   settings_items :description
   settings_items :fields_privacy, :type => :hash, :default => {}
+  settings_items :email_suggestions, :type => :boolean, :default => false
   validates_length_of :description, :maximum => 550, :allow_nil => true
@@ -218,6 +230,8 @@ class Profile &lt; ActiveRecord::Base
   has_many :abuse_complaints, :foreign_key => 'requestor_id', :dependent => :destroy
+  has_many :profile_suggestions, :foreign_key => :suggestion_id, :dependent => :destroy
+
   def top_level_categorization
     ret = {}
     self.profile_categorizations.each do |c|
@@ -392,7 +406,7 @@ class Profile &lt; ActiveRecord::Base
   end
   xss_terminate :only => [ :name, :nickname, :address, :contact_phone, :description ], :on => 'validation'
-  xss_terminate :only => [ :custom_footer, :custom_header ], :with => 'white_list', :on => 'validation'
+  xss_terminate :only => [ :custom_footer, :custom_header ], :with => 'white_list'
   include WhiteListFilter
   filter_iframes :custom_header, :custom_footer
@@ -513,6 +527,14 @@ class Profile &lt; ActiveRecord::Base
     generate_url(:profile => identifier, :controller => 'profile', :action => 'index')
   end
+  def people_suggestions_url
+    generate_url(:profile => identifier, :controller => 'friends', :action => 'suggest')
+  end
+
+  def communities_suggestions_url
+    generate_url(:profile => identifier, :controller => 'memberships', :action => 'suggest')
+  end
+
   def generate_url(options)
     url_options.merge(options)
   end
@@ -602,7 +624,7 @@ private :generate_url, :url_options
   end
   def copy_article_tree(article, parent=nil)
-    return if article.is_a?(RssFeed)
+    return if !copy_article?(article)
     original_article = self.articles.find_by_name(article.name)
     if original_article
       num = 2
@@ -622,6 +644,11 @@ private :generate_url, :url_options
     end
   end
+  def copy_article?(article)
+    !article.is_a?(RssFeed) &&
+    !(is_template && article.slug=='welcome-page')
+  end
+
   # Adds a person as member of this Profile.
   def add_member(person)
     if self.has_members?
@@ -631,6 +658,8 @@ private :generate_url, :url_options
         self.affiliate(person, Profile::Roles.admin(environment.id)) if members.count == 0
         self.affiliate(person, Profile::Roles.member(environment.id))
       end
+      person.tasks.pending.of("InviteMember").select { |t| t.data[:community_id] == self.id }.each { |invite| invite.cancel }
+      remove_from_suggestion_list person
     else
       raise _("%s can't have members") % self.class.name
     end
@@ -768,7 +797,10 @@ private :generate_url, :url_options
   end
   def admins
-    self.members_by_role(Profile::Roles.admin(environment.id))
+    return [] if environment.blank?
+    admin_role = Profile::Roles.admin(environment.id)
+    return [] if admin_role.blank?
+    self.members_by_role(admin_role)
   end
   def enable_contact?
@@ -966,4 +998,14 @@ private :generate_url, :url_options
   def preferred_login_redirection
     redirection_after_login.blank? ? environment.redirection_after_login : redirection_after_login
   end
+
+  def remove_from_suggestion_list(person)
+    suggestion = person.profile_suggestions.find_by_suggestion_id self.id
+    suggestion.disable if suggestion
+  end
+
+  def allow_invitation_from(person)
+    false
+  end
+
 end
@@ -0,0 +1,290 @@
+class ProfileSuggestion < ActiveRecord::Base
+  belongs_to :person
+  belongs_to :suggestion, :class_name => 'Profile', :foreign_key => :suggestion_id
+
+  attr_accessible :person, :suggestion, :suggestion_type, :categories, :enabled
+
+  has_many :suggestion_connections, :foreign_key => 'suggestion_id'
+  has_many :profile_connections, :through => :suggestion_connections, :source => :connection, :source_type => 'Profile'
+  has_many :tag_connections, :through => :suggestion_connections, :source => :connection, :source_type => 'ActsAsTaggableOn::Tag'
+
+  before_create do |profile_suggestion|
+    profile_suggestion.suggestion_type = self.suggestion.class.to_s
+  end
+
+  after_destroy do |profile_suggestion|
+    self.class.generate_profile_suggestions(profile_suggestion.person)
+  end
+
+  acts_as_having_settings :field => :categories
+
+  validate :must_be_a_valid_category, :on => :create
+  def must_be_a_valid_category
+    if categories.keys.map { |cat| self.respond_to?(cat)}.include?(false)
+      errors.add(:categories, 'Category must be valid')
+    end
+  end
+
+  validates_uniqueness_of :suggestion_id, :scope => [ :person_id ]
+  scope :of_person, :conditions => { :suggestion_type => 'Person' }
+  scope :of_community, :conditions => { :suggestion_type => 'Community' }
+  scope :enabled, :conditions => { :enabled => true }
+
+  # {:category_type => ['category-icon', 'category-label']}
+  CATEGORIES = {
+    :people_with_common_friends => ['menu-people', _('Friends in common')],
+    :people_with_common_communities => ['menu-community',_('Communities in common')],
+    :people_with_common_tags => ['edit', _('Tags in common')],
+    :communities_with_common_friends => ['menu-people', _('Friends in common')],
+    :communities_with_common_tags => ['edit', _('Tags in common')]
+  }
+
+  def category_icon(category)
+    'icon-' + ProfileSuggestion::CATEGORIES[category][0]
+  end
+
+  def category_label(category)
+    ProfileSuggestion::CATEGORIES[category][1]
+  end
+
+  RULES = {
+    :people_with_common_communities => {
+      :threshold => 2, :weight => 1, :connection => 'Profile'
+    },
+    :people_with_common_friends => {
+      :threshold => 2, :weight => 1, :connection => 'Profile'
+    },
+    :people_with_common_tags => {
+      :threshold => 2, :weight => 1, :connection => 'ActsAsTaggableOn::Tag'
+    },
+    :communities_with_common_friends => {
+      :threshold => 2, :weight => 1, :connection => 'Profile'
+    },
+    :communities_with_common_tags => {
+      :threshold => 2, :weight => 1, :connection => 'ActsAsTaggableOn::Tag'
+    }
+  }
+
+  RULES.keys.each do |rule|
+    settings_items rule
+    attr_accessible rule
+  end
+
+  # Number of suggestions by rule
+  N_SUGGESTIONS = 30
+
+  # Minimum number of suggestions
+  MIN_LIMIT = 10
+
+  def self.profile_id(rule)
+    "#{rule}_profile_id"
+  end
+
+  def self.connections(rule)
+    "#{rule}_connections"
+  end
+
+  def self.counter(rule)
+    "#{rule}_count"
+  end
+
+  # If you are about to rewrite the following sql queries, think twice. After
+  # that make sure that whatever you are writing to replace it should be faster
+  # than how it is now. Yes, sqls are ugly but are fast! And fast is what we
+  # need here.
+  #
+  # The logic behind this code is to produce a table somewhat like this:
+  # profile_id | rule1_count | rule1_connections | rule2_count | rule2_connections | ... | score |
+  #     12     |      2      |      {32,54}      |      3      |     {8,22,27}     | ... |   13  |
+  #     13     |      4      |   {3,12,32,54}    |      2      |      {11,24}      | ... |   15  |
+  #     14     |             |                   |      2      |      {44,56}      | ... |   17  |
+  #                                        ...
+  #                                        ...
+  #
+  # This table has the suggested profile id and the count and connections of
+  # each rule that made this profile be suggested. Each suggestion has a score
+  # associated based on the rules' counts and rules' weights.
+  #
+  # From this table, we can sort suggestions by the score and save a small
+  # amount of them in the database. At this moment we also register the
+  # connections of each suggestion.
+
+  def self.calculate_suggestions(person)
+    suggested_profiles = all_suggestions(person)
+    return if suggested_profiles.nil?
+
+    already_suggested_profiles = person.profile_suggestions.map(&:suggestion_id).join(',')
+    suggested_profiles = suggested_profiles.where("profiles.id NOT IN (#{already_suggested_profiles})") if already_suggested_profiles.present?
+    #TODO suggested_profiles = suggested_profiles.order('score DESC')
+    suggested_profiles = suggested_profiles.limit(N_SUGGESTIONS)
+    return if suggested_profiles.blank?
+
+    suggested_profiles.each do |suggested_profile|
+      suggestion = person.profile_suggestions.find_or_initialize_by_suggestion_id(suggested_profile.id)
+      RULES.each do |rule, options|
+        begin
+          value = suggested_profile.send("#{rule}_count").to_i
+        rescue NoMethodError
+          next
+        end
+        connections = suggested_profile.send("#{rule}_connections")
+        if connections.present?
+          connections = connections[1..-2].split(',')
+        else
+          connections = []
+        end
+        suggestion.send("#{rule}=", value)
+        connections.each do |connection_id|
+          next if SuggestionConnection.where(:suggestion_id => suggestion.id, :connection_id => connection_id, :connection_type => options[:connection]).present?
+           SuggestionConnection.create!(:suggestion => suggestion, :connection_id => connection_id, :connection_type => options[:connection])
+        end
+        suggestion.score += value * options[:weight]
+      end
+      suggestion.save!
+    end
+  end
+
+  def self.people_with_common_friends(person)
+    person_friends = person.friends.map(&:id)
+    rule = "people_with_common_friends"
+    return if person_friends.blank?
+    "SELECT person_id as #{profile_id(rule)},
+            array_agg(friend_id) as #{connections(rule)},
+            count(person_id) as #{counter(rule)}
+     FROM friendships WHERE friend_id IN (#{person_friends.join(',')})
+     AND person_id NOT IN (#{(person_friends << person.id).join(',')})
+     GROUP BY person_id"
+  end
+
+  def self.people_with_common_communities(person)
+    person_communities = person.communities.map(&:id)
+    rule = "people_with_common_communities"
+    return if person_communities.blank?
+    "SELECT common_members.accessor_id as #{profile_id(rule)},
+            array_agg(common_members.resource_id) as #{connections(rule)},
+            count(common_members.accessor_id) as #{counter(rule)}
+     FROM
+       (SELECT DISTINCT accessor_id, resource_id FROM
+       role_assignments WHERE role_assignments.resource_id IN (#{person_communities.join(',')}) AND
+       role_assignments.accessor_id != #{person.id} AND role_assignments.resource_type = 'Profile' AND
+       role_assignments.accessor_type = 'Profile') AS common_members
+     GROUP BY common_members.accessor_id"
+  end
+
+  def self.people_with_common_tags(person)
+    profile_tags = person.articles.select('tags.id').joins(:tags).map(&:id)
+    rule = "people_with_common_tags"
+    return if profile_tags.blank?
+    "SELECT results.profiles_id as #{profile_id(rule)},
+            array_agg(results.tags_id) as #{connections(rule)},
+            count(results.profiles_id) as #{counter(rule)}
+     FROM (
+       SELECT DISTINCT tags.id as tags_id, profiles.id as profiles_id FROM profiles
+       INNER JOIN articles ON articles.profile_id = profiles.id
+       INNER JOIN taggings ON taggings.taggable_id = articles.id AND taggings.context = ('tags') AND taggings.taggable_type = 'Article'
+       INNER JOIN tags ON tags.id = taggings.tag_id
+       WHERE (tags.id in (#{profile_tags.join(',')}) AND profiles.id != #{person.id})) AS results
+     GROUP BY results.profiles_id"
+  end
+
+  def self.communities_with_common_friends(person)
+    person_friends = person.friends.map(&:id)
+    rule = "communities_with_common_friends"
+    return if person_friends.blank?
+    "SELECT common_communities.resource_id as #{profile_id(rule)},
+            array_agg(common_communities.accessor_id) as #{connections(rule)},
+            count(common_communities.resource_id) as #{counter(rule)}
+     FROM
+       (SELECT DISTINCT accessor_id, resource_id FROM
+       role_assignments WHERE role_assignments.accessor_id IN (#{person_friends.join(',')}) AND
+       role_assignments.accessor_id != #{person.id} AND role_assignments.resource_type = 'Profile' AND
+       role_assignments.accessor_type = 'Profile') AS common_communities
+     GROUP BY common_communities.resource_id"
+  end
+
+  def self.communities_with_common_tags(person)
+    profile_tags = person.articles.select('tags.id').joins(:tags).map(&:id)
+    rule = "communities_with_common_tags"
+    return if profile_tags.blank?
+    "SELECT results.profiles_id as #{profile_id(rule)},
+            array_agg(results.tags_id) as #{connections(rule)},
+            count(results.profiles_id) as #{counter(rule)}
+     FROM
+       (SELECT DISTINCT tags.id as tags_id, profiles.id AS profiles_id FROM profiles
+       INNER JOIN articles ON articles.profile_id = profiles.id
+       INNER JOIN taggings ON taggings.taggable_id = articles.id AND taggings.context = ('tags') AND taggings.taggable_type = 'Article'
+       INNER JOIN tags ON tags.id = taggings.tag_id
+       WHERE (tags.id IN (#{profile_tags.join(',')}) AND profiles.id != #{person.id})) AS results
+     GROUP BY results.profiles_id"
+  end
+
+  def self.all_suggestions(person)
+    select_string = ["profiles.*"]
+    suggestions_join = []
+    where_string = []
+    valid_rules = []
+    previous_rule = nil
+    join_column = nil
+    RULES.each do |rule, options|
+      rule_select = self.send(rule, person)
+      next if !rule_select.present?
+
+      valid_rules << rule
+      select_string << "suggestions.#{counter(rule)} as #{counter(rule)}, suggestions.#{connections(rule)} as #{connections(rule)}"
+      where_string << "#{counter(rule)} >= #{options[:threshold]}"
+      rule_select = "
+        (SELECT profiles.id as #{profile_id(rule)},
+                #{rule}_sub.#{counter(rule)} as #{counter(rule)},
+                #{rule}_sub.#{connections(rule)} as #{connections(rule)}
+        FROM profiles
+        LEFT OUTER JOIN (#{rule_select}) as #{rule}_sub
+        ON profiles.id = #{rule}_sub.#{profile_id(rule)}) AS #{rule}"
+
+      if previous_rule.nil?
+        result = rule_select
+      else
+        result = "INNER JOIN #{rule_select}
+         ON #{previous_rule}.#{profile_id(previous_rule)} = #{rule}.#{profile_id(rule)}"
+      end
+      previous_rule = rule
+      suggestions_join << result
+    end
+
+    return if valid_rules.blank?
+
+    select_string = select_string.compact.join(',')
+    join_string = "INNER JOIN (SELECT * FROM #{suggestions_join.compact.join(' ')}) AS suggestions ON profiles.id = suggestions.#{profile_id(valid_rules.first)}"
+    where_string = where_string.compact.join(' OR ')
+
+    person.environment.profiles.
+      select(select_string).
+      joins(join_string).
+      where(where_string)
+  end
+
+  def disable
+    self.enabled = false
+    self.save!
+    self.class.generate_profile_suggestions(self.person)
+  end
+
+  def self.generate_all_profile_suggestions
+    Delayed::Job.enqueue(ProfileSuggestion::GenerateAllJob.new) unless ProfileSuggestion::GenerateAllJob.exists?
+  end
+
+  def self.generate_profile_suggestions(person, force = false)
+    return if person.profile_suggestions.enabled.count >= MIN_LIMIT && !force
+    Delayed::Job.enqueue ProfileSuggestionsJob.new(person.id) unless ProfileSuggestionsJob.exists?(person.id)
+  end
+
+  class GenerateAllJob
+    def self.exists?
+      Delayed::Job.by_handler("--- !ruby/object:ProfileSuggestion::GenerateAllJob {}\n").count > 0
+    end
+
+    def perform
+      Person.find_each {|person| ProfileSuggestion.generate_profile_suggestions(person) }
+    end
+  end
+
+end
@@ -3,7 +3,7 @@ class Qualifier &lt; ActiveRecord::Base
   attr_accessible :name, :environment
   SEARCHABLE_FIELDS = {
-    :name => 1,
+    :name => {:label => _('Name'), :weight => 1},
   }
   belongs_to :environment
@@ -3,7 +3,7 @@ class Scrap &lt; ActiveRecord::Base
   attr_accessible :content, :sender_id, :receiver_id, :scrap_id
   SEARCHABLE_FIELDS = {
-    :content => 1,
+    :content => {:label => _('Content'), :weight => 1},
   }
   validates_presence_of :content
   validates_presence_of :sender_id, :receiver_id
@@ -25,7 +25,7 @@ class Scrap &lt; ActiveRecord::Base
   after_create do |scrap|
     scrap.root.update_attribute('updated_at', DateTime.now) unless scrap.root.nil?
-    Scrap::Notifier.notification(scrap).deliver if scrap.send_notification?
+    ScrapNotifier.notification(scrap).deliver if scrap.send_notification?
   end
   before_validation :strip_all_html_tags
@@ -0,0 +1,63 @@
+class SearchTerm < ActiveRecord::Base
+  validates_presence_of :term, :context
+  validates_uniqueness_of :term, :scope => [:context_id, :context_type, :asset]
+
+  belongs_to :context, :polymorphic => true
+  has_many :occurrences, :class_name => 'SearchTermOccurrence'
+
+  attr_accessible :term, :context, :asset
+
+  def self.calculate_scores
+    os = occurrences_scores
+    find_each { |search_term| search_term.calculate_score(os) }
+  end
+
+  def self.find_or_create(term, context, asset='all')
+    context.search_terms.where(:term => term, :asset => asset).first || context.search_terms.create!(:term => term, :asset=> asset)
+  end
+
+  # Fast way of getting the occurrences score for each search_term. Ugly but fast!
+  #
+  # Each occurrence of a search_term has a score that is smaller the older the
+  # occurrence happened. We subtract the amount of time between now and the
+  # moment it happened from the total time any occurrence is valid to happen. E.g.:
+  # The expiration time is 100 days and an occurrence happened 3 days ago.
+  # Therefore the score is 97. Them we sum every score to get the total score
+  # for a search term.
+  def self.occurrences_scores
+    ActiveSupport::OrderedHash[*ActiveRecord::Base.connection.execute(
+      joins(:occurrences).
+      select("search_terms.id, sum(#{SearchTermOccurrence::EXPIRATION_TIME.to_i} - extract(epoch from (now() - search_term_occurrences.created_at))) as value").
+      where("search_term_occurrences.created_at > ?", DateTime.now - SearchTermOccurrence::EXPIRATION_TIME).
+      group("search_terms.id").
+      order('value DESC').
+      to_sql
+    ).map {|result| [result['id'].to_i, result['value'].to_i]}.flatten]
+  end
+
+  def calculate_occurrence(occurrences_scores)
+    max_score = occurrences_scores.first[1]
+    (occurrences_scores[id]/max_score.to_f)*100
+  end
+
+  def calculate_relevance(valid_occurrences)
+    indexed = valid_occurrences.last.indexed.to_f
+    return 0 if indexed == 0
+    total = valid_occurrences.last.total.to_f
+    (1 - indexed/total)*100
+  end
+
+  def calculate_score(occurrences_scores)
+    valid_occurrences = occurrences.valid
+    if valid_occurrences.present?
+      # These scores vary from 1~100
+      self.occurrence_score = calculate_occurrence(occurrences_scores)
+      self.relevance_score = calculate_relevance(valid_occurrences)
+    else
+      self.occurrence_score = 0
+      self.relevance_score = 0
+    end
+    self.score = (occurrence_score * relevance_score)/100.0
+    self.save!
+  end
+end
@@ -0,0 +1,9 @@
+class SearchTermOccurrence < ActiveRecord::Base
+  belongs_to :search_term
+  validates_presence_of :search_term
+  attr_accessible :search_term, :created_at, :total, :indexed
+
+  EXPIRATION_TIME = 1.year
+
+  scope :valid, :conditions => ["search_term_occurrences.created_at > ?", DateTime.now - EXPIRATION_TIME]
+end
@@ -0,0 +1,6 @@
+class SuggestionConnection < ActiveRecord::Base
+  attr_accessible :suggestion, :connection_type, :connection_id
+
+  belongs_to :suggestion, :class_name => 'ProfileSuggestion', :foreign_key => 'suggestion_id'
+  belongs_to :connection, :polymorphic => true
+end
 require 'noosfero/translatable_content'
-# a base class for all text article types.  
+# a base class for all text article types.
 class TextArticle < Article
   xss_terminate :only => [ :name ], :on => 'validation'
@@ -26,10 +26,10 @@ class TextArticle &lt; Article
   before_save :set_relative_path
   def set_relative_path
-    parsed = Hpricot(self.body.to_s)
-    parsed.search('img[@src]').map { |i| change_element_path(i, 'src') }
-    parsed.search('a[@href]').map { |i| change_element_path(i, 'href') }
-    self.body = parsed.to_s
+    parsed = Nokogiri::HTML.fragment(self.body.to_s)
+    parsed.css('img[src]').each { |i| change_element_path(i, 'src') }
+    parsed.css('a[href]').each { |i| change_element_path(i, 'href') }
+    self.body = parsed.to_html
   end
   def change_element_path(el, attribute)
@@ -11,6 +11,10 @@ class User &lt; ActiveRecord::Base
   N_('Password confirmation')
   N_('Terms accepted')
+  SEARCHABLE_FIELDS = {
+    :email => {:label => _('Email'), :weight => 5},
+  }
+
   def self.[](login)
     self.find_by_login(login)
   end
@@ -50,7 +54,7 @@ class User &lt; ActiveRecord::Base
       user.person = p
     end
-    if user.environment.enabled?('skip_new_user_email_confirmation') 
+    if user.environment.enabled?('skip_new_user_email_confirmation')
       if user.environment.enabled?('admin_must_approve_new_users')
         create_moderate_task
       else
@@ -98,6 +102,7 @@ class User &lt; ActiveRecord::Base
   validates_length_of       :email,    :within => 3..100, :if => (lambda {|user| !user.email.blank?})
   validates_uniqueness_of   :login, :email, :case_sensitive => false, :scope => :environment_id
   before_save :encrypt_password
+  before_save :normalize_email, if: proc{ |u| u.email.present? }
   validates_format_of :email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda {|user| !user.email.blank?})
   validates_inclusion_of :terms_accepted, :in => [ '1' ], :if => lambda { |u| ! u.terms_of_use.blank? }, :message => N_('{fn} must be checked in order to signup.').fix_i18n
@@ -110,6 +115,10 @@ class User &lt; ActiveRecord::Base
     u && u.authenticated?(password) ? u : nil
   end
+  def register_login
+    self.update_attribute :last_login_at, Time.now
+  end
+
   # Activates the user in the database.
   def activate
     return false unless self.person
@@ -328,6 +337,11 @@ class User &lt; ActiveRecord::Base
   end
   protected
+
+    def normalize_email
+      self.email = self.email.squish.downcase
+    end
+
     # before filter
     def encrypt_password
       return if password.blank?
@@ -355,6 +369,6 @@ class User &lt; ActiveRecord::Base
     def delay_activation_check
       return if person.is_template?
-      Delayed::Job.enqueue(UserActivationJob.new(self.id), {:priority => 0, :run_at => 72.hours.from_now})
+      Delayed::Job.enqueue(UserActivationJob.new(self.id), {:priority => 0, :run_at => (NOOSFERO_CONF['hours_until_user_activation_check'] || 72).hours.from_now})
     end
 end
 <%= labelled_form_for :user,
    :url => { :controller => 'account', :action => (params[:enterprise_code] ? 'activate_enterprise' : 'login') }  do |f| %>
-<%= f.text_field :login,
-                 :id => ( lightbox? ? 'lightbox_' : '' ) + 'user_login',
-                 :onchange => 'this.value = convToValidLogin( this.value )' %>
+<%= f.text_field :login, :id => 'user_login', :onchange => 'this.value = convToValidLogin( this.value )' %>
-<%= f.password_field :password,
-                     :id => ( lightbox? ? 'lightbox_' : '' ) + 'user_password' %>
+<%= f.password_field :password, :id => 'user_password' %>
 <% if params[:enterprise_code] %>
   <%= hidden_field_tag :enterprise_code, params[:enterprise_code] %>
@@ -16,7 +13,7 @@
 <% button_bar do %>
   <%= submit_button( 'login', _('Log in') )%>
-  <%= lightbox_close_button(_('Cancel')) if lightbox? %>
+  <%= modal_close_button _('Cancel') if request.xhr? %>
 <% end %>
 <% end %>
@@ -16,7 +16,7 @@
 <input type="hidden" id="signup_time_key" name="signup_time_key" />
 <script type="text/javascript">
   jQuery.ajax({
-    type: "POST",
+    type: "GET",
     url: "<%= url_for :controller=>'account', :action=>'signup_time' %>",
     dataType: 'json',
     success: function(data) {
@@ -7,8 +7,8 @@
 <p><%= _('Do you have a personal user account in the system?') %></p>
 <div id="enterprise-activation-create-user-or-login-button">
-  <%= button_to_function 'login', _('Yes'), "$('enterprise-activation-create-user-form').hide(); $('enterprise-activation-login-form').show()" %> 
-  <%= button_to_function 'add', _('No'),  "$('enterprise-activation-login-form').hide(); $('enterprise-activation-create-user-form').show()" %>
+  <%= button_to_function 'login', _('Yes'), "jQuery('#enterprise-activation-create-user-form').hide(); jQuery('#enterprise-activation-login-form').show()" %>
+  <%= button_to_function 'add', _('No'),  "jQuery('#enterprise-activation-login-form').hide(); jQuery('#enterprise-activation-create-user-form').show()" %>
 </div>
 <div id="enterprise-activation-create-user-form" style="display: none">
 <h1><%= _('Identify yourself') %></h1>
 <p>
-<%= lightbox_link_to _('Login.'), { :controller => 'account', :action => 'login_popup' } %>
+<%= modal_link_to _('Login.'), { :controller => 'account', :action => 'login_popup' } %>
 <%= _('You need to login to be able to use all the features in this environment.') %>
 </p>
@@ -3,11 +3,11 @@
 <h2><%= _('Login') %></h2>
 <% @user ||= User.new %>
-<% is_thickbox ||= false %>
+<% is_popin ||= false %>
 <%= @message %>
-<%= labelled_form_for :user, :url => login_url do |f| %>
+<%= labelled_form_for :user, :url => login_url, :horizontal => true do |f| %>
      <%= f.text_field :login, :id => 'main_user_login', :onchange => 'this.value = convToValidLogin( this.value )', :value => params[:userlogin] %>
@@ -17,8 +17,8 @@
      <% button_bar do %>
        <%= submit_button( 'login', _('Log in') )%>
-       <% if is_thickbox %>
-         <%= thickbox_close_button(_('Cancel')) %>
+       <% if is_popin %>
+         <%= modal_close_button(_('Cancel')) %>
        <% end %>
      <% end %>
@@ -20,9 +20,7 @@
       <% button_bar do %>
         <%= submit_button( 'login', _('Log in') )%>
         <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
-          <%= link_to content_tag( 'span', _('New user') ),
-              { :controller => 'account', :action => 'signup' },
-              :class => 'button with-text icon-add' %>
+          <%= button(:add, _('New user'), { :controller => 'account', :action => 'signup' }) %>
         <% end %>
       <% end %>
@@ -2,6 +2,6 @@
 <p>
 <% button_bar do %>
   <%= button :ok, _('Yes'), { :controller => 'account', :action => 'logout' } %>
-  <%= lightbox_close_button _('No, I want to stay.') %>
+  <%= modal_close_button _('No, I want to stay.') %>
 <% end %>
 </p>
-<% if @register_pending %>
-  <div id='thanks-for-signing'>
-    <% if environment.has_custom_welcome_screen? %>
-      <%= environment.settings[:signup_welcome_screen_body].html_safe %>
-    <% elsif environment.enabled?('admin_must_approve_new_users')%>
-      <h1><%= _("Welcome to %s!") % environment.name %></h1>
-      <h3><%= _("Thanks for signing up, we're thrilled to have you on our social network!") %></h3>
-      <p><%= _("Firstly, some tips for getting started:") %></p>
-      <% unless environment.enabled?('skip_new_user_email_confirmation') %>
-        <h4><%= _("Confirm your account and wait for admin approvement!") %></h4>
-        <p><%= _("You should receive a welcome email from us shortly. Please take a second to follow the link within to confirm your account.") %></p>
-        <p><%= _("You won't appear as %s until your account is confirmed and approved.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
-      <% else %>
-        <h4><%= _("Wait for admin approvement!") %></h4>
-        <p><%= _("The administrators will evaluate your signup request for approvement.") %></p>
-        <p><%= _("You won't appear as %s until your account is approved.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
-      <% end %> 
-      <h4><%= _("What to do next?") %></h4>
-      <p><%= _("%s. Upload an avatar and let your friends find you easily :)") % link_to(_('Customize your profile'), {:controller => 'doc', :section => 'user', :topic => 'editing-person-info'}, :target => '_blank') %></p>
-      <p><%= _("Learn the guidelines. Read the %s for more details on how to use this social network!") % link_to(_('Documentation'), {:controller => 'doc'}, :target => '_blank') %></p>
-      <p><%= _("%s your Gmail, Yahoo and Hotmail contacts!") % link_to(_('Invite and find'), {:controller => 'doc', :section => 'user', :topic => 'invite-contacts'}, :target => '_blank') %></p>
-      <p><%= _("Start exploring and have fun!") %></p>
-    <% else %>
-      <h1><%= _("Welcome to %s!") % environment.name %></h1>
-      <h3><%= _("Thanks for signing up, we're thrilled to have you on our social network!") %></h3>
-      <p><%= _("Firstly, some tips for getting started:") %></p>
-      <h4><%= _("Confirm your account!") %></h4>
-      <p><%= _("You should receive a welcome email from us shortly. Please take a second to follow the link within to confirm your account.") %></p>
-      <p><%= _("You won't appear as %s until your account is confirmed.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
-      <h4><%= _("What to do next?") %></h4>
-      <p><%= _("%s. Upload an avatar and let your friends find you easily :)") % link_to(_('Customize your profile'), {:controller => 'doc', :section => 'user', :topic => 'editing-person-info'}, :target => '_blank') %></p>
-      <p><%= _("Learn the guidelines. Read the %s for more details on how to use this social network!") % link_to(_('Documentation'), {:controller => 'doc'}, :target => '_blank') %></p>
-      <p><%= _("%s your Gmail, Yahoo and Hotmail contacts!") % link_to(_('Invite and find'), {:controller => 'doc', :section => 'user', :topic => 'invite-contacts'}, :target => '_blank') %></p>
-      <p><%= _("Start exploring and have fun!") %></p>
-    <% end %>
-  </div>
-<% else %>
-  <h1><%= _('Sign up for %s!') % environment.name %></h1>
-  <%= render :partial => 'signup_form' %>
-<% end %>
+<h1><%= _('Sign up for %s!') % environment.name %></h1>
+<%= render :partial => 'signup_form' %>
 <div class='description'>
-  <%= _('This text will be showed as a welcome message to users after signup') %><br/><br/>
+  <%= _('If you enable this feature on the "Features" section of the Administration Panel, this text will be shown as a welcome message to users after signup.') %>
 </div>
-
 <%= labelled_form_field(_('Body'), text_area(:environment, :signup_welcome_screen_body, :cols => 40, :style => 'width: 100%', :class => 'mceEditor')) %>
+
+<div class='description'>
+  <%= _('If this content is left blank, the following page will be displayed to the user:') %>
+</div>
+
+<%= render :file => 'home/welcome', :locals => {:default_message => true} %>
@@ -18,7 +18,7 @@
       <%= button 'ok', _('Enable'), {:action => 'manage_portal_community', :activate => 1} %>
     <% end %>
     <%= button 'folder', _('Select Portal Folders'), {:action => 'set_portal_folders'} %>
-    <%= button 'edit', _('Define Amount by Folder'), {:action => 'set_portal_news_amount'} %>
+    <%= button 'edit', _('Define news amount on portal'), {:action => 'set_portal_news_amount'} %>
     <%= button 'delete', _('Remove'), { :action => 'unset_portal_community'} %>
   <% end %>
 <% end %>
	@@ -26,7 +26,7 @@ The file config/database.yml must follow a structure in order to achieve multite		@@ -26,7 +26,7 @@ The file config/database.yml must follow a structure in order to achieve multite
26		26
27	Each "hosted" environment must have an entry like this:	27	Each "hosted" environment must have an entry like this:
28		28
29	- env1_production:	29	+ env1_production: &DEFAULT
30	adapter: postgresql	30	adapter: postgresql
31	encoding: unicode	31	encoding: unicode
32	database: noosfero	32	database: noosfero
	@@ -61,7 +61,7 @@ The "hosted" environments define, besides the `schema_search_path`, a list of do		@@ -61,7 +61,7 @@ The "hosted" environments define, besides the `schema_search_path`, a list of do
61	You must also tell the application which is the default environment.	61	You must also tell the application which is the default environment.
62		62
63	production:	63	production:
64	- env1_production	64	+ <<: *DEFAULT
65		65
66	On the example above there are only three hosted environments, but it can be more than three. The schemas `env2` and `env3` must already exist in the same database of the hosting environment. As postgres user, you can create them typing:	66	On the example above there are only three hosted environments, but it can be more than three. The schemas `env2` and `env3` must already exist in the same database of the hosting environment. As postgres user, you can create them typing:
67		67
	@@ -1,41 +0,0 @@	@@ -1,41 +0,0 @@
1	-* ruby-get-text incmopatible with rails3. Maybe we can use it's gem
2	-
3	-* all js code is inside miscellaneous.js. Would be nice to refactor this
4	-
5	-* rails 2 uses prototype instead of jquery
6	-
7	-* config/environment.rb maybe still have some code that should be on the initializers
8	-
9	-* initializers session_store.rb inflections.rb... don't exist
10	-
11	-* rails gems version have to be forced on Gemfile or it will use incompatible pre3vious versions (3.1.3)
12	-
13	-* Sweepers are now natively supported on Rails 3. Would be nice to refactor it
14	-
15	-* On Rails 3 it is no more possible to add allowed tags to avoid scape. The html_safe initializer is an option.
16	-
17	-* error when call sqlite_extensiosn
18	-
19	-* error related to action_tracker
20	-
21	-* check FIXME's in script/quick-start
22	-
23	-* check FIXME's in Gemfile
24	-
25	-* Check the FIXME in config/routes.rb
26	-
27	-* rewrite conditional routing. See FIXME in lib/route_if.rb and re-implement using the Rails 3 mechanism - http://guides.rubyonrails.org/routing.html#advanced-constraints
28	-
29	-* check FIXME's in config/environment.rb
30	-
31	-* xss_terminate sucks. We should replace it with the builtin mechanism in Rails 3
32	-
33	-* instance_eval on Ruby 1.9 yields self, so lambdas that are passed to instance_eval and do not accept exactly 1 argument will blow up. See http://www.ruby-forum.com/topic/213313 ... search for instance_eval and fix where necessary. In special, most of the blocks still need fixing.
34	-
35	-* all instances of <% *_form_for ... %> must be changed to <%= instead of <%
36	-
37	-* all ActiveRecord models have to declare explicitly which attributes must be allowed for mass assignment with attr_accessible.
38	-
39	-* check if we need to update config/locales/*
40	-
41	-* check observe_field and labelled_form_for in app/helpers/application_helper.rb
@@ -0,0 +1,10 @@		@@ -0,0 +1,10 @@
	1	+# Noosfero security
	2	+
	3	+## Reporting security issues in Noosfero
	4	+
	5	+Security vulnerabilities should be reported via an email to
	6	+noosfero-security@listas.softwarelivre.org, which ia a private mailing list.
	7	+Reported problems will be published after fixes are available.
	8	+
	9	+The members of the mailing list are people who provide Noosfero (Noosfero
	10	+committers, mainly).
	@@ -87,6 +87,6 @@ class AdminPanelController < AdminController		@@ -87,6 +87,6 @@ class AdminPanelController < AdminController
87	scope = scope.order('name ASC')	87	scope = scope.order('name ASC')
88		88
89	@q = params[:q]	89	@q = params[:q]
90	- @collection = find_by_contents(:organizations, scope, @q, {:per_page => 10, :page => params[:npage]})[:results]	90	+ @collection = find_by_contents(:organizations, environment, scope, @q, {:per_page => 10, :page => params[:npage]})[:results]
91	end	91	end
92	end	92	end
	@@ -33,7 +33,7 @@ class RegionValidatorsController < AdminController		@@ -33,7 +33,7 @@ class RegionValidatorsController < AdminController
33	def load_region_and_search	33	def load_region_and_search
34	@region = environment.regions.find(params[:id])	34	@region = environment.regions.find(params[:id])
35	if params[:search]	35	if params[:search]
36	- @search = find_by_contents(:organizations, Organization, params[:search])[:results].reject {\|item\| @region.validator_ids.include?(item.id) }	36	+ @search = find_by_contents(:organizations, environment, Organization, params[:search])[:results].reject {\|item\| @region.validator_ids.include?(item.id) }
37	end	37	end
38	end	38	end
39		39
	@@ -18,7 +18,7 @@ class UsersController < AdminController		@@ -18,7 +18,7 @@ class UsersController < AdminController
18	end	18	end
19	scope = scope.order('name ASC')	19	scope = scope.order('name ASC')
20	@q = params[:q]	20	@q = params[:q]
21	- @collection = find_by_contents(:people, scope, @q, {:per_page => per_page, :page => params[:npage]})[:results]	21	+ @collection = find_by_contents(:people, environment, scope, @q, {:per_page => per_page, :page => params[:npage]})[:results]
22	end	22	end
23		23
24	def set_admin_role	24	def set_admin_role
	@@ -3,6 +3,7 @@ class FriendsController < MyProfileController		@@ -3,6 +3,7 @@ class FriendsController < MyProfileController
3	protect 'manage_friends', :profile	3	protect 'manage_friends', :profile
4		4
5	def index	5	def index
		6	+ @suggestions = profile.profile_suggestions.of_person.enabled.includes(:suggestion).limit(per_page)
6	if is_cache_expired?(profile.manage_friends_cache_key(params))	7	if is_cache_expired?(profile.manage_friends_cache_key(params))
7	@friends = profile.friends.paginate(:per_page => per_page, :page => params[:npage])	8	@friends = profile.friends.paginate(:per_page => per_page, :page => params[:npage])
8	end	9	end
	@@ -16,6 +17,30 @@ class FriendsController < MyProfileController		@@ -16,6 +17,30 @@ class FriendsController < MyProfileController
16	end	17	end
17	end	18	end
18		19
		20	+ def suggest
		21	+ @suggestions = profile.profile_suggestions.of_person.enabled.includes(:suggestion).limit(per_page)
		22	+ end
		23	+
		24	+ def remove_suggestion
		25	+ @person = profile.suggested_people.find_by_identifier(params[:id])
		26	+ redirect_to :action => 'suggest' unless @person
		27	+ if @person && request.post?
		28	+ profile.remove_suggestion(@person)
		29	+ @suggestions = profile.profile_suggestions.of_person.enabled.includes(:suggestion).limit(per_page)
		30	+ render :partial => 'shared/profile_suggestions_list', :locals => { :suggestions => @suggestions, :collection => :friends_suggestions, :per_page => params[:per_page] \|\| per_page }
		31	+ end
		32	+ end
		33	+
		34	+ def connections
		35	+ @suggestion = profile.profile_suggestions.of_person.enabled.find_by_suggestion_id(params[:id])
		36	+ if @suggestion
		37	+ @tags = @suggestion.tag_connections
		38	+ @profiles = @suggestion.profile_connections
		39	+ else
		40	+ redirect_to :action => 'suggest'
		41	+ end
		42	+ end
		43	+
19	protected	44	protected
20		45
21	class << self	46	class << self
	@@ -20,12 +20,54 @@ class MembershipsController < MyProfileController		@@ -20,12 +20,54 @@ class MembershipsController < MyProfileController
20	@community.environment = environment	20	@community.environment = environment
21	@back_to = params[:back_to] \|\| url_for(:action => 'index')	21	@back_to = params[:back_to] \|\| url_for(:action => 'index')
22	if request.post? && @community.valid?	22	if request.post? && @community.valid?
23	- @community = Community.create_after_moderation(user, params[:community].merge({:environment => environment}))
24	- if @community.new_record?	23	+ begin
		24	+ # Community was created
		25	+ @community = Community.create_after_moderation(user, params[:community].merge({:environment => environment}))
		26	+ @community.reload
		27	+ redirect_to :action => 'welcome', :community_id => @community.id, :back_to => @back_to
		28	+ rescue ActiveRecord::RecordNotFound
		29	+ # Community pending approval
25	session[:notice] = _('Your new community creation request will be evaluated by an administrator. You will be notified.')	30	session[:notice] = _('Your new community creation request will be evaluated by an administrator. You will be notified.')
		31	+ redirect_to @back_to
26	end	32	end
27	- redirect_to @back_to
28	return	33	return
29	end	34	end
30	end	35	end
		36	+
		37	+ def welcome
		38	+ @community = Community.find(params[:community_id])
		39	+ @back_to = params[:back_to]
		40	+ end
		41	+
		42	+ def suggest
		43	+ @suggestions = profile.profile_suggestions.of_community.enabled.includes(:suggestion).limit(per_page)
		44	+ end
		45	+
		46	+ def remove_suggestion
		47	+ @community = profile.suggested_communities.find_by_identifier(params[:id])
		48	+ custom_per_page = params[:per_page] \|\| per_page
		49	+ redirect_to :action => 'suggest' unless @community
		50	+ if @community && request.post?
		51	+ profile.remove_suggestion(@community)
		52	+ @suggestions = profile.profile_suggestions.of_community.enabled.includes(:suggestion).limit(custom_per_page)
		53	+ render :partial => 'shared/profile_suggestions_list', :locals => { :suggestions => @suggestions, :collection => :communities_suggestions, :per_page => custom_per_page}
		54	+ end
		55	+ end
		56	+
		57	+ def connections
		58	+ @suggestion = profile.profile_suggestions.of_community.enabled.find_by_suggestion_id(params[:id])
		59	+ if @suggestion
		60	+ @tags = @suggestion.tag_connections
		61	+ @profiles = @suggestion.profile_connections
		62	+ else
		63	+ redirect_to :action => 'suggest'
		64	+ end
		65	+ end
		66	+
		67	+ protected
		68	+
		69	+ def per_page
		70	+ 12
		71	+ end
		72	+
31	end	73	end
	@@ -3,6 +3,10 @@ class ProfileEditorController < MyProfileController		@@ -3,6 +3,10 @@ class ProfileEditorController < MyProfileController
3	protect 'edit_profile', :profile, :except => [:destroy_profile]	3	protect 'edit_profile', :profile, :except => [:destroy_profile]
4	protect 'destroy_profile', :profile, :only => [:destroy_profile]	4	protect 'destroy_profile', :profile, :only => [:destroy_profile]
5		5
		6	+ before_filter :access_welcome_page, :only => [:welcome_page]
		7	+ before_filter :back_to
		8	+ helper_method :has_welcome_page
		9	+
6	def index	10	def index
7	@pending_tasks = Task.to(profile).pending.without_spam.select{\|i\| user.has_permission?(i.permission, profile)}	11	@pending_tasks = Task.to(profile).pending.without_spam.select{\|i\| user.has_permission?(i.permission, profile)}
8	end	12	end
	@@ -85,6 +89,21 @@ class ProfileEditorController < MyProfileController		@@ -85,6 +89,21 @@ class ProfileEditorController < MyProfileController
85	end	89	end
86	end	90	end
87		91
		92	+ def welcome_page
		93	+ @welcome_page = profile.welcome_page \|\| TinyMceArticle.new(:name => 'Welcome Page', :profile => profile, :published => false)
		94	+ if request.post?
		95	+ begin
		96	+ @welcome_page.update_attributes!(params[:welcome_page])
		97	+ profile.welcome_page = @welcome_page
		98	+ profile.save!
		99	+ session[:notice] = _('Welcome page saved successfully.')
		100	+ redirect_to :action => 'index'
		101	+ rescue Exception => exception
		102	+ session[:notice] = _('Welcome page could not be saved.')
		103	+ end
		104	+ end
		105	+ end
		106	+
88	def deactivate_profile	107	def deactivate_profile
89	if environment.admins.include?(current_person)	108	if environment.admins.include?(current_person)
90	profile = environment.profiles.find(params[:id])	109	profile = environment.profiles.find(params[:id])
	@@ -116,9 +135,24 @@ class ProfileEditorController < MyProfileController		@@ -116,9 +135,24 @@ class ProfileEditorController < MyProfileController
116	protected	135	protected
117		136
118	def redirect_to_previous_location	137	def redirect_to_previous_location
119	- back = request.referer
120	- back = "/" if back.nil?	138	+ redirect_to @back_to
		139	+ end
121		140
122	- redirect_to back	141	+ #TODO Consider using this as a general controller feature to be available on every action.
		142	+ def back_to
		143	+ @back_to = params[:back_to] \|\| request.referer \|\| "/"
123	end	144	end
		145	+
		146	+ private
		147	+
		148	+ def has_welcome_page
		149	+ profile.is_template
		150	+ end
		151	+
		152	+ def access_welcome_page
		153	+ unless has_welcome_page
		154	+ render_access_denied
		155	+ end
		156	+ end
		157	+
124	end	158	end
	@@ -20,7 +20,7 @@ class ProfileMembersController < MyProfileController		@@ -20,7 +20,7 @@ class ProfileMembersController < MyProfileController
20	redirect_to :action => :last_admin	20	redirect_to :action => :last_admin
21	elsif @person.define_roles(@roles, profile)	21	elsif @person.define_roles(@roles, profile)
22	session[:notice] = _('Roles successfuly updated')	22	session[:notice] = _('Roles successfuly updated')
23	- redirect_to :controller => 'profile_editor'	23	+ redirect_to :action => 'index'
24	else	24	else
25	session[:notice] = _('Couldn\'t change the roles')	25	session[:notice] = _('Couldn\'t change the roles')
26	redirect_to :action => 'index'	26	redirect_to :action => 'index'