Merge branch 'master' into rails-2.3.5

Conflicts: app/controllers/admin_controller.rb app/controllers/application.rb app/controllers/public/account_controller.rb app/controllers/public/content_viewer_controller.rb lib/noosfero/i18n.rb test/functional/account_controller_test.rb test/functional/admin_controller_test.rb test/unit/contact_test.rb test/unit/profile_test.rb

Merge branch 'master' into rails-2.3.5
Conflicts: app/controllers/admin_controller.rb app/controllers/application.rb app/controllers/public/account_controller.rb app/controllers/public/content_viewer_controller.rb lib/noosfero/i18n.rb test/functional/account_controller_test.rb test/functional/admin_controller_test.rb test/unit/contact_test.rb test/unit/profile_test.rb
Antonio Terceiro
2 parents 1420310b af89dbce
Showing 842 changed files with 113986 additions and 21393 deletions Show diff stats
.mailmap
AUTHORS
HACKING
INSTALL
INSTALL.chat
INSTALL.multitenancy
INSTALL.varnish
RELEASING
app/controllers/admin/admin_panel_controller.rb
app/controllers/admin/categories_controller.rb
app/controllers/admin/plugins_controller.rb
app/controllers/admin/role_controller.rb
app/controllers/admin_controller.rb
app/controllers/box_organizer_controller.rb
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile/manage_products_controller.rb
app/controllers/my_profile/profile_design_controller.rb
app/controllers/my_profile/profile_editor_controller.rb
app/controllers/my_profile/profile_members_controller.rb
app/controllers/my_profile/tasks_controller.rb
@@ -3,7 +3,8 @@ Antonio Terceiro &lt;terceiro@colivre.coop.br&gt; &lt;terceiro@softwarelivre.org&gt;
 Aurelio A. Heckert <aurelio@colivre.coop.br> <AurelioAHeckert@3f533792-8f58-4932-b0fe-aaf55b0a4547>
 Aurelio A. Heckert <aurelio@colivre.coop.br> <aurelio@colivre.coop.br>
 Aurelio A. Heckert <aurelio@colivre.coop.br> <aurium@gmail.com>
-Caio SBA <caiosba@gmail.com> <caiosba@safernet.org.br>
+Caio SBA <caio@colivre.coop.br> <caiosba@gmail.com>
+Caio SBA <caio@colivre.coop.br> <caiosba@safernet.org.br>
 Daniela Soares Feitosa <danielafeitosa@colivre.coop.br> <DanielaFeitosa@3f533792-8f58-4932-b0fe-aaf55b0a4547>
 Daniela Soares Feitosa <danielafeitosa@colivre.coop.br> <danielafeitosa@colivre.coop.br>
 Daniela Soares Feitosa <danielafeitosa@colivre.coop.br> <daniela@sede.colivre.coop.br>
@@ -8,8 +8,9 @@ Developers
  
 Antonio Terceiro <terceiro@colivre.coop.br>
 Aurelio A. Heckert <aurelio@colivre.coop.br>
+Braulio Bhavamitra <brauliobo@gmail.com>
 Bráulio Bhavamitra <brauliobo@gmail.com>
-Caio SBA <caiosba@gmail.com>
+Caio SBA <caio@colivre.coop.br>
 Daniela Soares Feitosa <danielafeitosa@colivre.coop.br>
 Daniel Cunha <daniel@colivre.coop.br>
 Fernanda Lopes <nanda.listas+psl@gmail.com>
@@ -23,6 +24,7 @@ LinguÁgil 2010 &lt;linguagil.bahia@gmail.com&gt;
 Martín Olivera <molivera@solar.org.ar>
 Moises Machado <moises@colivre.coop.br>
 Nanda Lopes <nanda.listas+psl@gmail.com>
+Rafael Gomes <rafaelgomes@techfree.com.br>
 Raphaël Rousseau <raph@r4f.org>
 Raquel Lira <raquel.lira@gmail.com>
 Rodrigo Souto <rodrigo@colivre.coop.br>
@@ -31,11 +31,13 @@ You can copy and paste the commands below into a terminal (please review the
 commands and make sure you understand what you are doing):
  
  # checkout the code from repository
- git clone git://git.colivre.coop.br/noosfero.git
+ git clone git://gitorious.org/noosfero/noosfero.git
  # enter the directory
  cd noosfero
  # copy a sample config file
  cp config/database.yml.sqlite3 config/database.yml
+ # create tmp directory if it doesn't exist
+ mkdir tmp
  # create the development database
  rake db:schema:load
  # run pending migrations
@@ -59,8 +61,8 @@ another port than 3000, you can use the -p option of ./script/server:
  
 The above command makes the server available at http://localhost:9999/
  
-The sample-data data scripts creates one administrator user with login "ze" and
-password "test".
+The sample-data data scripts creates two administrator users with login "ze" and
+password "test" and login "adminuser" and password "admin".
  
 Note that some operations, like generating image thumbnails, sending e-mails,
 etc, are done in background in the context of a service independent from the
@@ -84,3 +86,7 @@ you want to enable it then you need to change some files:
  
 3) Add in config/noosfero.yml at development section:
    exception_recipients: [admin@example.com]
+
+== Releasing and building Debian package
+
+See RELEASING file.
@@ -43,6 +43,9 @@ case will need do install hicolor-icon-theme as well bacause tango-icon-theme
 depends on it.  After that you can try the command line above again, but
 without "tango-icon-theme".
  
+More Informations to install the tango-icon-theme on Debian Lenny:
+* http://packages.debian.org/en/lenny/all/tango-icon-theme/download
+
 If you manage to install Noosfero successfully on other systems than Debian,
 please feel free to contact the Noosfero development mailing with the
 instructions for doing so, and we'll include it here.
@@ -98,7 +101,7 @@ downloading from git
 Here we are cloning the noosfero repository from git. Note: you will need to
 install git before.
  
-$ git clone git://git.colivre.coop.br/noosfero.git current
+$ git clone git://gitorious.org/noosfero/noosfero.git current
 $ cd current
 $ git checkout -b stable origin/stable
  
@@ -221,16 +221,19 @@ Note: module proxy_http must be enabled:
  
 # a2enmod proxy_http
  
-
 8. DNS configuration
  
- * /etc/bind/db.colivre:
+For this point, we assume you are using BIND as your DNS server. You need to
+add the following entries to the DNS zone file corresponding to the domain
+of your noosfero site:
  
 _xmpp-client._tcp   SRV   5 100 5222 master
-(...)
 conference   CNAME master
 _xmpp-client._tcp.conference   SRV   5 100 5222 master
  
+If you are running a DNS server other than BIND, you will have to figure out
+how to create equivalente rules for your zone file. Patches to this
+documentation are welcome.
  
 9. Testing this Setup
  
@@ -0,0 +1,163 @@
+== Multitenancy support
+
+Multitenancy refers to a principle in software architecture where a
+single instance of the software runs on a server, serving multiple
+client organizations (tenants). Multitenancy is contrasted with a
+multi-instance architecture where separate software instances (or
+hardware systems) are set up for different client organizations. With
+a multitenant architecture, a software application is designed to
+virtually partition its data and configuration, and each client
+organization works with a customized virtual application instance.
+
+Today this feature is available only for PostgreSQL databases.
+
+This document assumes that you have a new fully PostgresSQL default Noosfero
+installation as explained at the INSTALL file.
+
+== Separated data
+
+The items below are separated for each hosted environment:
+
+* Uploaded files
+* Database
+* Ferret index
+* ActiveRecord#cache_key
+* Feed updater
+* Delayed Job Workers
+
+== Database configuration file
+
+The file config/database.yml must follow a structure in order to
+achieve multitenancy support. In this example, we will set 3
+different environments: env1, env2 and env3.
+
+Each "hosted" environment must have an entry like this:
+
+env1_production:
+  adapter: postgresql
+  encoding: unicode
+  database: noosfero
+  schema_search_path: public
+  username: noosfero
+  domains:
+    - env1.com
+    - env1.org
+
+env2_production:
+  adapter: postgresql
+  encoding: unicode
+  database: noosfero
+  schema_search_path: env2
+  username: noosfero
+  domains:
+    - env2.com
+    - env2.org
+
+env3_production:
+  adapter: postgresql
+  encoding: unicode
+  database: noosfero
+  schema_search_path: env3
+  username: noosfero
+  domains:
+    - env3.com
+    - env3.net
+
+The "hosted" environments define, besides the schema_search_path, a
+list of domains that, when accessed, tells which database the
+application should use. Also, the environment name must end with
+'_hosting', where 'hosting' is the name of the hosting environment.
+
+You must also tell the application which is the default environment.
+
+production:
+  env1_production
+
+On the example above there are only three hosted environments, but it
+can be more than three. The schemas 'env2' and 'env3' must already
+exist in the same database of the hosting environment. As postgres
+user, you can create them typing:
+
+$ psql database_name -c "CREATE SCHEMA env2 AUTHORIZATION database_user"
+$ psql database_name -c "CREATE SCHEMA env3 AUTHORIZATION database_user"
+
+Replace database_name and database_user above with your stuff.
+
+So, yet on this same example, when a user accesses http://env2.com or
+http://env2.org, the Noosfero application running on production will
+turn the database schema to 'env2'. When the access is from domains
+http://env3.com or http://env3.net, the schema to be loaded will be
+'env3'.
+
+There is an example of this file in config/database.yml.multitenancy
+
+== Preparing the database
+
+Now create the environments:
+
+$ RAILS_ENV=production rake multitenancy:create
+
+This command above will create the hosted environment files equal to
+their hosting environment, here called 'production'.
+
+Run db:schema:load for each other environment:
+
+$ RAILS_ENV=env2_production rake db:schema:load
+$ RAILS_ENV=env3_production rake db:schema:load
+
+Then run the migrations for the hosting environment, and it will
+run for each of its hosted environments:
+
+RAILS_ENV=production rake db:migrate
+
+== Start Noosfero
+
+Run Noosfero init file as root:
+
+# invoke-rc.d noosfero start
+
+== Ferret
+
+It's necessary to run only one instance of ferret_server. Don't worry
+about this, Noosfero initializer had already done this for you.
+
+== Feed updater & Delayed job
+
+Just for your information, a daemon of feed-updater and delayed_job
+must be running for each environment. Noosfero initializer do this,
+relax.
+
+== Uploaded files
+
+When running with PostgreSQL, Noosfero uploads stuff to a folder named
+the same way as the running schema. Inside the upload folder root, for
+example, will be public/image_uploads/env2 and public/image_uploads/env3.
+
+== Adding multitenancy support to an existing Noosfero environment
+
+If you already have a Noosfero environment, you can turn it multitenant
+by following the steps below in addition to the previous steps:
+
+1. Reindex your database
+
+Rebuild the Ferret index by running the following task just
+for your hosting environment, do this as noosfero user:
+
+$ RAILS_ENV=production rake multitenancy:reindex
+
+2. Move the uploaded files to the right place
+
+Add a directory with the same name as your schema name (by default this
+name is 'public') in the root of each upload directory, for example,
+public/articles/0000 will be moved to public/articles/public/0000. Do this
+with the directories public/image_uploads, public/articles and public/thumbnails.
+
+3. Fix paths on activities
+
+The profile activities store static paths to the images, so it's necessary to fix
+these paths. You can do this easily by setting an alias on your webserver.
+On Apache you can add the three rules below, where 'public' is the schema name:
+
+  RewriteRule ^/articles(.+) /articles/public$1
+  RewriteRule ^/image_uploads(.+) /image_uploads/public$1
+  RewriteRule ^/thumbnails(.+) /thumbnails/public$1
@@ -50,14 +50,22 @@ apache-compatible format. You should change your statistics generation software
  
   # invoke-rc.d varnish restart
  
-6) Configure varnish to store separate caches for each language
+6) Configure varnish to fit noosfero
+(assuming Noosfero is installed in /var/lib/noosfero)
  
-6a) Add the following line to your /etc/varnish/default.vcl file (assuming
-Noosfero is installed in /var/lib/noosfero):
+6a) Configure noosfero to do specific routines to varnish
+
+Add the following line to your /etc/varnish/default.vcl file:
+
+  include "/var/lib/noosfero/etc/noosfero/varnish-noosfero.vcl";
+
+6b) Configure varnish to store separate caches for each language
+
+Add the following line to your /etc/varnish/default.vcl file:
  
   include "/var/lib/noosfero/etc/noosfero/varnish-accept-language.vcl";
  
-6b) Restart Varnish
+7) Restart Varnish
  
   # invoke-rc.d varnish restart
  
@@ -12,28 +12,28 @@ This file documents release-related activities.
  
 == Releasing noosfero
  
+Considering you are on a Debian GNU/Linux or Debian-based system
+ # apt-get install devscripts debhelper
+
 To prepare a release of noosfero, you must follow the steps below:
  
-* finish all requirements and bugs assigned to the to-be-released version
-* make sure all tests pass
-* write release notes at the version's wiki topic.
-* generate package with <tt>rake package</tt>. Your tarball will be under the pkg/
-  directory, named as noosfero-${VERSION}.tar.gz
-* test that the package contains everything that is needed: explode the tarball
-  in a temporary directory, copy config/database.yml.sqlite3 to
-  config/database.yml, and make <tt>rake db:migrate</tt> and <tt>rake test</tt>. If
-  everything is ok, you are done. If not, maybe some files are not going into
-  the tarball. See lib/tasks/package.rake, probably you'll need to change it.
-* Go to the version's wiki topic and edit it to reflect the new reality.
-* Attach the generated package to that topic. Before attaching calculate the md5 of the package (with mu5sum and paste the MD5 hash as comment in the attachment form)
+* Finish all requirements and bugs assigned to the to-be-released version
+* Make sure all tests pass
+* Change the version in lib/noosfero.rb and debian/changelog to the
+  to-be-released version (e.g. 0.2.0, 0.3.1)
+* Write release notes at the version's wiki topic
+* Generate packages with <tt>rake noosfero:release</tt>. Your tarball and deb
+  pkg will be under the pkg/ directory. This task will create a git tag too.
+* Test that the tarball and deb package are ok
+* Go to the version's wiki topic and edit it to reflect the new reality
+* Edit the topic WebPreferences and update DEBIAN_REPOSITORY_TOPICS setting
+* Attach the generated packages to that topic. Before attaching calculate the
+  sha1 of the package (with sha1sum and paste the SHA1 hash as comment in the
+  attachment form)
 * Download the attached and verify the MD5 hash
-* create a git tag for the released version with <tt>git tag</tt>.
-* IMMEDIATELY change the version in lib/noosfero.rb to the next version. (e.g.
-  0.2.0 -> 0.3.0)
-* update an eventual demonstration version that you run.
-* write an announcement e-mail to the relevant maimling lists pointing to the release notes, and maybe to the demonstration version.
+* Update an eventual demonstration version that you run.
+* Write an announcement e-mail to the relevant mailing lists pointing to the
+  release notes, and maybe to the demonstration version.
  
 If you had any problem during these steps, you can do <tt>rake clobber_package</tt> to
 completely delete the generated packages and start the process again.
-
-
 class AdminPanelController < AdminController
  
-  before_filter :login_required
-  
   protect 'view_environment_admin_panel', :environment
  
   def boxes_holder
@@ -11,6 +9,7 @@ class AdminPanelController &lt; AdminController
   def site_info
     if request.post?
       if @environment.update_attributes(params[:environment])
+        session[:notice] = _('Environment settings updated')
         redirect_to :action => 'index'
       end
     end
@@ -10,11 +10,16 @@ class CategoriesController &lt; AdminController
     @product_categories = environment.product_categories.find(:all, :conditions => {:parent_id => nil})
   end
  
+  def get_children
+    children = Category.find(params[:id]).children
+    render :partial => 'category_children', :locals => {:children => children}
+  end
+
   ALLOWED_TYPES = CategoriesHelper::TYPES.map {|item| item[1] }
  
   # posts back
   def new
-    type = (params[:type] || 'Category')
+    type = (params[:type] || params[:parent_type] || 'Category')
     raise 'Type not allowed' unless ALLOWED_TYPES.include?(type)
  
     @category = type.constantize.new(params[:category])
 class PluginsController < AdminController
+  protect 'edit_environment_features', :environment
  
   def index
     @active_plugins = Noosfero::Plugin.all.map {|plugin_name| plugin_name.constantize }.compact
@@ -9,21 +9,6 @@ class RoleController &lt; AdminController
     @role = environment.roles.find(params[:id])
   end
  
-  def new
-    @role = Role.new
-  end
-
-  def create
-    @role = Role.new(params[:role])
-    @role.environment = environment
-    if @role.save
-      redirect_to :action => 'show', :id => @role
-    else
-      session[:notice] = _('Failed to create role')
-      render :action => 'new'
-    end
-  end
-
   def edit
     @role = environment.roles.find(params[:id])
   end
@@ -38,13 +23,4 @@ class RoleController &lt; AdminController
     end
   end
  
-  def destroy
-    @role = environment.roles.find(params[:id])
-    if @role.destroy
-      redirect_to :action => 'index'
-    else
-      session[:notice] = _('Failed to edit role')
-      redirect_to :action => 'index'
-    end
-  end
 end
 class AdminController < ApplicationController
+  before_filter :login_required
 end
@@ -82,7 +82,7 @@ class BoxOrganizerController &lt; ApplicationController
   def save
     @block = boxes_holder.blocks.find(params[:id])
     @block.update_attributes(params[:block])
-    expire_timeout_fragment(@block.cache_keys)
+    expire_timeout_fragment(@block.cache_key)
     redirect_to :action => 'index'
   end
  
@@ -93,7 +93,7 @@ class BoxOrganizerController &lt; ApplicationController
   def remove
     @block = Block.find(params[:id])
     if @block.destroy
-      expire_timeout_fragment(@block.cache_keys)
+      expire_timeout_fragment(@block.cache_key)
       redirect_to :action => 'index'
     else
       session[:notice] = _('Failed to remove block')
@@ -43,6 +43,9 @@ class CmsController &lt; MyProfileController
     if @parent && @parent.blog?
       articles -= Article.folder_types.map(&:constantize)
     end
+    if user.is_admin?(profile.environment)
+      articles << RawHTMLArticle
+    end
     articles
   end
  
@@ -168,8 +171,7 @@ class CmsController &lt; MyProfileController
     @article = @parent = check_parent(params[:parent_id])
     @target = @parent ? ('/%s/%s' % [profile.identifier, @parent.full_name]) : '/%s' % profile.identifier
     @folders = Folder.find(:all, :conditions => { :profile_id => profile })
-    @media_listing = params[:media_listing]
-    if @article && !@media_listing
+    if @article
       record_coming
     end
     if request.post? && params[:uploaded_files]
@@ -178,26 +180,14 @@ class CmsController &lt; MyProfileController
       end
       @errors = @uploaded_files.select { |f| f.errors.any? }
       if @errors.any?
-        if @media_listing
-          flash[:notice] = _('Could not upload all files')
-          redirect_to :action => 'media_listing'
-        else
-          render :action => 'upload_files', :parent_id => @parent_id
-        end
+        render :action => 'upload_files', :parent_id => @parent_id
       else
-        if @media_listing
-          flash[:notice] = _('All files were uploaded successfully')
-          redirect_to :action => 'media_listing'
+        if @back_to
+          redirect_to @back_to
+        elsif @parent
+          redirect_to :action => 'view', :id => @parent.id
         else
-          if @back_to
-            redirect_to @back_to
-          else
-            redirect_to( if @parent
-              {:action => 'view', :id => @parent.id}
-            else
-              {:action => 'index'}
-            end)
-          end
+          redirect_to :action => 'index'
         end
       end
     end
@@ -286,44 +276,28 @@ class CmsController &lt; MyProfileController
     @task = SuggestArticle.new(params[:task])
     if request.post?
        @task.target = profile
-      if @task.save
+      if verify_recaptcha(:model => @task, :message => _('Please type the words correctly')) && @task.save
         session[:notice] = _('Thanks for your suggestion. The community administrators were notified.')
         redirect_to @back_to
       end
     end
   end
  
-  def media_listing
-    if params[:image_folder_id]
-      folder = profile.articles.find(params[:image_folder_id]) if !params[:image_folder_id].blank?
-      @images = (folder ? folder.children : profile.top_level_articles).images
-    elsif params[:document_folder_id]
-      folder = profile.articles.find(params[:document_folder_id]) if !params[:document_folder_id].blank?
-      @documents = (folder ? folder.children : profile.top_level_articles)
-    else
-      @documents = profile.articles
-      @images = @documents.images
-      @documents -= @images
-    end
-
-    @images = @images.paginate(:per_page => per_page, :page => params[:ipage], :order => "updated_at desc") if @images
-    @documents = @documents.paginate(:per_page => per_page, :page => params[:dpage], :order => "updated_at desc", :conditions => {:is_image => false}) if @documents
-
-    @folders = profile.folders
-    @image_folders = @folders.select {|f| f.children.any? {|c| c.image?} }
-    @document_folders = @folders.select {|f| f.children.any? {|c| !c.image? && c.kind_of?(UploadedFile) } }
-
-    @media_listing = true
-
-    respond_to do |format|
-      format.html { render :layout => false}
-      format.js {
-        render :update do |page|
-          page.replace_html 'media-listing-folder-images', :partial => 'image_thumb', :locals => {:images => @images } if !@images.blank?
-          page.replace_html 'media-listing-folder-documents', :partial => 'document_link', :locals => {:documents => @documents } if !@documents.blank?
-        end
-      }
+  def search
+    query = params[:q]
+    results = query.blank? ? [] : profile.articles.published.find_by_contents(query)
+    render :text => article_list_to_json(results), :content_type => 'application/json'
+  end
+  def media_upload
+    files_uploaded = []
+    parent = check_parent(params[:parent_id])
+    files = [:file1,:file2, :file3].map { |f| params[f] }.compact
+    if request.post?
+      files.each do |file|
+        files_uploaded << UploadedFile.create(:uploaded_data => file, :profile => profile, :parent => parent) unless file == ''
+      end
     end
+    render :text => article_list_to_json(files_uploaded), :content_type => 'text/plain'
   end
  
   protected
@@ -353,7 +327,7 @@ class CmsController &lt; MyProfileController
   end
  
   def refuse_blocks
-    if ['TinyMceArticle', 'Event', 'EnterpriseHomepage'].include?(@type)
+    if ['TinyMceArticle', 'TextileArticle', 'Event', 'EnterpriseHomepage'].include?(@type)
       @no_design_blocks = true
     end
   end
@@ -367,5 +341,21 @@ class CmsController &lt; MyProfileController
     @selected_locale = @article.language || FastGettext.locale
   end
  
+  def article_list_to_json(list)
+    list.map do |item|
+      {
+        'title' => item.title,
+        'url' => item.image? ? item.public_filename(:uploaded) : url_for(item.url),
+        :icon => icon_for_article(item),
+        :content_type => item.mime_type,
+        :error => item.errors.any? ? _('%s could not be uploaded') % item.title : nil,
+      }
+    end.to_json
+  end
+  
+  def content_editor?
+    true
+  end
+
 end
  
@@ -4,6 +4,7 @@ class ManageProductsController &lt; ApplicationController
   protect 'manage_products', :profile, :except => [:show]
   before_filter :check_environment_feature
   before_filter :login_required, :except => [:show]
+  before_filter :create_product?, :only => [:new]
  
   protected  
  
@@ -14,6 +15,13 @@ class ManageProductsController &lt; ApplicationController
     end
   end
  
+  def create_product?
+    if !profile.create_product?
+      render_access_denied
+      return
+    end
+  end
+
   public
  
   def index
@@ -40,8 +48,8 @@ class ManageProductsController &lt; ApplicationController
   end
  
   def new
-    @product = @profile.products.build(:product_category_id => params[:selected_category_id])
-    @category = @product.product_category
+    @category = params[:selected_category_id] ? Category.find(params[:selected_category_id]) : nil
+    @product = @profile.products.build(:product_category => @category)
     @categories = ProductCategory.top_level_for(environment)
     @level = 0
     if request.post?
@@ -50,7 +58,7 @@ class ManageProductsController &lt; ApplicationController
         render :partial => 'shared/redirect_via_javascript',
           :locals => { :url => url_for(:controller => 'manage_products', :action => 'show', :id => @product) }
       else
-        render :partial => 'shared/dialog_error_messages', :locals => { :object_name => 'product' }
+        render_dialog_error_messages 'product'
       end
     end
   end
@@ -72,7 +80,7 @@ class ManageProductsController &lt; ApplicationController
  
   def edit_category
     @product = @profile.products.find(params[:id])
-    @category = @product.product_category
+    @category = @product.product_category || ProductCategory.first
     @categories = ProductCategory.top_level_for(environment)
     @edit = true
     @level = @category.level
@@ -81,7 +89,7 @@ class ManageProductsController &lt; ApplicationController
         render :partial => 'shared/redirect_via_javascript',
           :locals => { :url => url_for(:controller => 'manage_products', :action => 'show', :id => @product) }
       else
-        render :partial => 'shared/dialog_error_messages', :locals => { :object_name => 'product' }
+        render_dialog_error_messages 'product'
       end
     end
   end
@@ -96,7 +104,7 @@ class ManageProductsController &lt; ApplicationController
         @inputs = @product.inputs
         render :partial => 'display_inputs'
       else
-        render :partial => 'shared/dialog_error_messages', :locals => { :object_name => 'product' }
+        render_dialog_error_messages 'product'
       end
     else
       render :partial => 'add_input'
@@ -147,7 +155,7 @@ class ManageProductsController &lt; ApplicationController
         @inputs = @product.inputs
         render :partial => 'display_inputs'
       else
-        render :partial => 'shared/dialog_error_messages', :locals => { :object_name => 'input' }
+        render_dialog_error_messages 'input'
       end
     end
   end
@@ -25,6 +25,7 @@ class ProfileDesignController &lt; BoxOrganizerController
       blocks << DisabledEnterpriseMessageBlock
       blocks << HighlightsBlock
       blocks << FeaturedProductsBlock
+      blocks << FansBlock
     end
  
     # product block exclusive for enterprises in environments that permits it
@@ -37,6 +38,10 @@ class ProfileDesignController &lt; BoxOrganizerController
       blocks << BlogArchivesBlock
     end
  
+    if user.is_admin?(profile.environment)
+      blocks << RawHTMLBlock
+    end
+
     blocks
   end
  
@@ -4,7 +4,7 @@ class ProfileEditorController &lt; MyProfileController
   protect 'destroy_profile', :profile, :only => [:destroy_profile]
  
   def index
-    @pending_tasks = profile.all_pending_tasks.select{|i| user.has_permission?(i.permission, profile)}
+    @pending_tasks = Task.to(profile).pending.select{|i| user.has_permission?(i.permission, profile)}
   end
  
   helper :profile
 class ProfileMembersController < MyProfileController
   protect 'manage_memberships', :profile
-  no_design_blocks
  
   def index
     @members = profile.members
@@ -15,29 +14,25 @@ class ProfileMembersController &lt; MyProfileController
     rescue ActiveRecord::RecordNotFound
       @person = nil
     end
-    if !params[:confirmation] && @person && @person.is_last_admin_leaving?(profile, @roles)
-      redirect_to :action => :last_admin, :roles => params[:roles], :person => @person
-    else
-      if @person && @person.define_roles(@roles, profile)
+
+    if @person
+      if@person.is_last_admin_leaving?(profile, @roles)
+        redirect_to :action => :last_admin
+      elsif @person.define_roles(@roles, profile)
         session[:notice] = _('Roles successfuly updated')
+        redirect_to :controller => 'profile_editor'
       else
         session[:notice] = _('Couldn\'t change the roles')
+        redirect_to :action => 'index'
       end
-      if params[:confirmation]
-        redirect_to profile.url
-      else
-        redirect_to :action => :index
-      end
+    else
+      redirect_to :action => 'index'
     end
   end
-  
+
   def last_admin
-    @person = params[:person]
-    @roles = params[:roles] || []
-    @members = profile.members.select {|member| !profile.admins.include?(member)}
-    @title = _('Current admins')
-    @collection = :profile_admins
-    @remove_action = {:action => 'remove_admin'}
+    @roles = [Profile::Roles.admin(environment.id)]
+    @pre_population = [].to_json
   end
  
   def add_role
@@ -90,6 +85,7 @@ class ProfileMembersController &lt; MyProfileController
   end
  
   def add_members
+    @roles = Profile::Roles.organization_member_roles(environment.id)
   end
  
   def add_member
@@ -122,19 +118,42 @@ class ProfileMembersController &lt; MyProfileController
     render :layout => false
   end
  
-  def find_users
-    if !params[:query] || params[:query].length <= 2
-      @users_found = []
-    elsif params[:scope] == 'all_users'
-      @users_found = Person.find_by_contents(params[:query] + '*').select {|user| !profile.members.include?(user)}
-      @button_alt = _('Add member')
-      @add_action = {:action => 'add_member'}
-    elsif params[:scope] == 'new_admins'
-      @users_found = Person.find_by_contents(params[:query] + '*').select {|user| profile.members.include?(user) && !profile.admins.include?(user)}
-      @button_alt = _('Add member')
-      @add_action = {:action => 'add_admin'}
+  def search_user
+    role = Role.find(params[:role])
+    render :text => environment.people.find(:all, :conditions => ['LOWER(name) LIKE ? OR LOWER(identifier) LIKE ?', "%#{params['q_'+role.key]}%", "%#{params['q_'+role.key]}%"]).
+      select { |person| !profile.members_by_role(role).include?(person) }.
+      map {|person| {:id => person.id, :name => person.name} }.
+      to_json
+  end
+
+  def save_associations
+    error = false
+    roles = Profile::Roles.organization_member_roles(environment.id)
+    roles.select { |role| params['q_'+role.key] }.each do |role|
+      people = [Person.find(params['q_'+role.key].split(','))].flatten
+      to_remove = profile.members_by_role(role) - people
+      to_add = people - profile.members_by_role(role)
+
+      begin
+        to_remove.each { |person| profile.disaffiliate(person, role) }
+        to_add.each { |person| profile.affiliate(person, role) }
+      rescue Exception => ex
+        logger.info ex
+        error = true
+      end
+    end
+
+    if error
+      session[:notice] = _('The members list couldn\'t be updated. Please contact the administrator.')
+      redirect_to :action => 'add_members'
+    else
+      if profile.admins.blank? && !params[:last_admin]
+        redirect_to :action => 'last_admin'
+      else
+        session[:notice] = _('The members list was updated.')
+        redirect_to :controller => 'profile_editor'
+      end
     end
-    render :layout => false
   end
  
   def send_mail
@@ -3,12 +3,13 @@ class TasksController &lt; MyProfileController
   protect 'perform_task', :profile
  
   def index
-    @tasks = profile.all_pending_tasks.sort_by(&:created_at)
+    @filter = params[:filter_type].blank? ? nil : params[:filter_type]
+    @tasks = Task.to(profile).pending.of(@filter).order_by('created_at', 'asc').paginate(:per_page => Task.per_page, :page => params[:page])
     @failed = params ? params[:failed] : {}
   end
  
   def processed
-    @tasks = profile.all_finished_tasks.sort_by(&:created_at)
+    @tasks = Task.to(profile).finished.sort_by(&:created_at)
   end
  
   VALID_DECISIONS = [ 'finish', 'cancel', 'skip' ]
@@ -4,7 +4,6 @@ class AccountController &lt; ApplicationController
  
   inverse_captcha :field => 'e_mail'
  
-
   before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise]
   before_filter :redirect_if_logged_in, :only => [:login, :signup]
  
@@ -15,6 +14,17 @@ class AccountController &lt; ApplicationController
     end
   end
  
+  def activate
+    @user = User.find_by_activation_code(params[:activation_code]) if params[:activation_code]
+    if @user and @user.activate
+      @message = _("Your account has been activated, now you can log in!")
+      render :action => 'login', :userlogin => @user.login
+    else
+      session[:notice] = _("It looks like you're trying to activate an account. Perhaps have already activated this account?")
+      redirect_to :controller => :home
+    end
+  end
+
   # action to perform login to the application
   def login
     @user = User.new
@@ -57,9 +67,8 @@ class AccountController &lt; ApplicationController
       @user.person_data = params[:profile_data]
       @person = Person.new(params[:profile_data])
       @person.environment = @user.environment
-      if request.post? && params[self.icaptcha_field].blank?
+      if request.post?
         @user.signup!
-        self.current_user = @user
         owner_role = Role.find_by_name('owner')
         @user.person.affiliate(@user.person, [owner_role]) if owner_role
         invitation = Task.find_by_code(@invitation_code)
@@ -67,8 +76,7 @@ class AccountController &lt; ApplicationController
           invitation.update_attributes!({:friend => @user.person})
           invitation.finish
         end
-        session[:notice] = _("Thanks for signing up!")
-        go_to_initial_page if redirect?
+        @register_pending = true
       end
     rescue ActiveRecord::RecordInvalid
       @person.valid?
@@ -223,6 +231,8 @@ class AccountController &lt; ApplicationController
       session[:notice] = nil # consume the notice
     end
  
+    @plugins.enabled_plugins.each { |plugin| user_data.merge!(plugin.user_data_extras) }
+
     render :text => user_data.to_json, :layout => false, :content_type => "application/javascript"
   end
  
@@ -6,6 +6,8 @@ class BrowseController &lt; PublicController
     more_recent
     more_active
     more_popular
+    more_comments
+    more_views
   )
  
   def per_page
@@ -36,6 +38,18 @@ class BrowseController &lt; PublicController
     @results = @results.compact.paginate(:per_page => per_page, :page => params[:page])
   end
  
+  def contents
+    @filter = filter
+    @title = self.filter_description(params[:action] + '_' + @filter )
+
+    @results = @environment.articles.published.text_articles.send(@filter)
+
+    if !params[:query].blank?
+      @results = @results.find_by_contents(params[:query])
+    end
+    @results = @results.compact.paginate(:per_page => per_page, :page => params[:page])
+  end
+
   protected
  
   def filter
@@ -54,6 +68,9 @@ class BrowseController &lt; PublicController
       'communities_more_recent' => _('More recent communities'),  
       'communities_more_active' => _('More active communities'),  
       'communities_more_popular' => _('More popular communities'),
+      'contents_more_recent' => _('More recent contents'),
+      'contents_more_views' => _('Most viewed contents'),
+      'contents_more_comments' => _('Most commented contents'),
     }[str] || str
   end
  
@@ -4,10 +4,9 @@ class ContactController &lt; PublicController
  
   needs_profile
  
-  inverse_captcha :field => 'e_mail'
   def new
     @contact
-    if request.post? && params[self.icaptcha_field].blank? && params[:confirm] == 'true'
+    if request.post? && params[:confirm] == 'true'
       @contact = user.build_contact(profile, params[:contact])
       @contact.city = (!params[:city].blank? && City.exists?(params[:city])) ? City.find(params[:city]).name : nil
       @contact.state = (!params[:state].blank? && State.exists?(params[:state])) ? State.find(params[:state]).name : nil
@@ -2,8 +2,6 @@ class ContentViewerController &lt; ApplicationController
  
   needs_profile
  
-  inverse_captcha :field => 'e_mail'
-
   helper ProfileHelper
   helper TagsHelper
  
@@ -68,8 +66,13 @@ class ContentViewerController &lt; ApplicationController
  
     @form_div = params[:form]
  
-    if request.post? && params[:comment] && params[self.icaptcha_field].blank? && params[:confirm] == 'true' && @page.accept_comments?
-      add_comment
+    if params[:comment] && params[:confirm] == 'true'
+      @comment = Comment.new(params[:comment])
+      if request.post? && @page.accept_comments?
+        add_comment
+      end
+    else
+      @comment = Comment.new
     end
  
     if request.post? && params[:remove_comment]
@@ -106,11 +109,10 @@ class ContentViewerController &lt; ApplicationController
   protected
  
   def add_comment
-    @comment = Comment.new(params[:comment])
     @comment.author = user if logged_in?
     @comment.article = @page
-    if @comment.save
-      @page.update_attribute(:updated_at, Time.now)
+    if (logged_in? || verify_recaptcha(:model => @comment, :message => _('Please type the words correctly'))) && @comment.save
+      @page.touch
       @comment = nil # clear the comment form
       redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
     else
@@ -2,8 +2,8 @@ class ProfileController &lt; PublicController
  
   needs_profile
   before_filter :check_access_to_profile, :except => [:join, :join_not_logged, :index, :add]
-  before_filter :store_before_join, :only => [:join, :join_not_logged]
-  before_filter :login_required, :only => [:add, :join, :join_not_logged, :leave, :unblock, :leave_scrap, :remove_scrap, :remove_activity, :view_more_scraps, :view_more_activities, :view_more_network_activities]
+  before_filter :store_location, :only => [:join, :join_not_logged, :report_abuse]
+  before_filter :login_required, :only => [:add, :join, :join_not_logged, :leave, :unblock, :leave_scrap, :remove_scrap, :remove_activity, :view_more_scraps, :view_more_activities, :view_more_network_activities, :report_abuse, :register_report]
  
   helper TagsHelper
  
@@ -44,7 +44,7 @@ class ProfileController &lt; PublicController
       tagged,
       :title => _("%s's contents tagged with \"%s\"") % [profile.name, @tag],
       :description => _("%s's contents tagged with \"%s\"") % [profile.name, @tag],
-      :link => url_for(:action => 'tags')
+      :link => url_for(profile.url)
     )
     render :text => data, :content_type => "text/xml"
   end
@@ -71,6 +71,10 @@ class ProfileController &lt; PublicController
     end
   end
  
+  def fans
+    @fans = profile.fans
+  end
+
   def favorite_enterprises
     @favorite_enterprises = profile.favorite_enterprises
   end
@@ -96,7 +100,7 @@ class ProfileController &lt; PublicController
     if request.post?
       profile.add_member(user)
       session[:notice] = _('%s administrator still needs to accept you as member.') % profile.name if profile.closed?
-      redirect_to_before_join
+      redirect_to_previous_location
     else
       if user.memberships.include?(profile)
         session[:notice] = _('You are already a member of %s.') % profile.name
@@ -223,6 +227,52 @@ class ProfileController &lt; PublicController
     end
   end
  
+  def report_abuse
+    @abuse_report = AbuseReport.new
+    render :layout => false
+  end
+
+  def register_report
+    if !verify_recaptcha
+      render :text => {
+        :ok => false,
+        :error => {
+          :code => 1,
+          :message => _('You could not answer the captcha.')
+        }
+      }.to_json
+    else
+      begin
+        abuse_report = AbuseReport.new(params[:abuse_report])
+        if !params[:content_type].blank?
+          article = params[:content_type].constantize.find(params[:content_id])
+          abuse_report.content = instance_eval(&article.reported_version)
+        end
+
+        user.register_report(abuse_report, profile)
+
+        if !params[:content_type].blank?
+          abuse_report = AbuseReport.find_by_reporter_id_and_abuse_complaint_id(user.id, profile.opened_abuse_complaint.id)
+          Delayed::Job.enqueue DownloadReportedImagesJob.new(abuse_report, article)
+        end
+
+        render :text => {
+          :ok => true,
+          :message => _('Your abuse report was registered. The administrators are reviewing your report.'),
+        }.to_json
+      rescue Exception => exception
+        logger.error(exception.to_s)
+        render :text => {
+          :ok => false,
+          :error => {
+            :code => 2,
+            :message => _('Your report couldn\'t be saved due to some problem. Please contact the administrator.')
+          }
+        }.to_json
+      end
+    end
+  end
+
   protected
  
   def check_access_to_profile
@@ -231,16 +281,16 @@ class ProfileController &lt; PublicController
     end
   end
  
-  def store_before_join
-    if session[:before_join].nil?
-      session[:before_join] = request.referer
+  def store_location
+    if session[:previous_location].nil?
+      session[:previous_location] = request.referer
     end
   end
  
-  def redirect_to_before_join
-    back = session[:before_join]
+  def redirect_to_previous_location
+    back = session[:previous_location]
     if back
-      session[:before_join] = nil
+      session[:previous_location] = nil
       redirect_to back
     else
       redirect_to profile.url
@@ -259,7 +309,7 @@ class ProfileController &lt; PublicController
   end
  
   def invisible_profile
-    render_access_denied(_("Sorry, this profile was defined as private by its owner. You'll not be able to view content here unless the profile owner adds adds you."), _("Oops ... you cannot go ahead here"))
+    render_access_denied(_("This profile is inaccessible. You don't have the permission to view the content here."), _("Oops ... you cannot go ahead here"))
   end
  
   def per_page
@@ -209,7 +209,11 @@ module ApplicationHelper
       the_class << ' ' << html_options[:class]
     end
     the_title = html_options[:title] || label
-    link_to('&nbsp;'+content_tag('span', label), url, html_options.merge(:class => the_class, :title => the_title))
+    if html_options[:disabled]
+      content_tag('a', '&nbsp;'+content_tag('span', label), html_options.merge(:class => the_class, :title => the_title))
+    else
+      link_to('&nbsp;'+content_tag('span', label), url, html_options.merge(:class => the_class, :title => the_title))
+    end
   end
  
   def button_to_function(type, label, js_code, html_options = {}, &block)
@@ -257,30 +261,59 @@ module ApplicationHelper
     concat(content_tag('div', capture(&block) + tag('br', :style => 'clear: left;'), { :class => 'button-bar' }.merge(options)))
   end
  
-  def partial_for_class(klass)
-    if klass.nil?
-      raise ArgumentError, 'No partial for object. Is there a partial for any class in the inheritance hierarchy?'
-    end
+  VIEW_EXTENSIONS = %w[.rhtml .html.erb]
  
+  def partial_for_class_in_view_path(klass, view_path)
+    return nil if klass.nil?
     name = klass.name.underscore
-    if File.exists?(File.join(RAILS_ROOT, 'app', 'views', params[:controller], "_#{name}.rhtml"))
-      name
+
+    search_name = String.new(name)
+    if search_name.include?("/")
+      search_name.gsub!(/(\/)([^\/]*)$/,'\1_\2')
+      name = File.join(params[:controller], name) if defined?(params) && params[:controller]
     else
-      partial_for_class(klass.superclass)
+      search_name = "_" + search_name
+    end
+
+    VIEW_EXTENSIONS.each do |ext|
+      path = defined?(params) && params[:controller] ? File.join(view_path, params[:controller], search_name+ext) : File.join(view_path, search_name+ext)
+      return name if File.exists?(File.join(path))
     end
+
+    partial_for_class_in_view_path(klass.superclass, view_path)
   end
  
-  def partial_for_task_class(klass, action)
-    if klass.nil?
-      raise ArgumentError, 'No partial for object. Is there a partial for any class in the inheritance hierarchy?'
+  def partial_for_class(klass)
+    raise ArgumentError, 'No partial for object. Is there a partial for any class in the inheritance hierarchy?' if klass.nil?
+    name = klass.name.underscore
+    @controller.view_paths.each do |view_path|
+      partial = partial_for_class_in_view_path(klass, view_path)
+      return partial if partial
     end
  
+    raise ArgumentError, 'No partial for object. Is there a partial for any class in the inheritance hierarchy?'
+  end
+
+  def partial_for_task_class(klass, action)
+    raise ArgumentError, 'No partial for object. Is there a partial for any class in the inheritance hierarchy?' if klass.nil?
+
     name = "#{klass.name.underscore}_#{action.to_s}"
-    if File.exists?(File.join(RAILS_ROOT, 'app', 'views', params[:controller], "_#{name}.rhtml"))
-      name
-    else
-      partial_for_task_class(klass.superclass, action)
+    VIEW_EXTENSIONS.each do |ext|
+      return name if File.exists?(File.join(RAILS_ROOT, 'app', 'views', params[:controller], '_'+name+ext))
+    end
+
+    partial_for_task_class(klass.superclass, action)
+  end
+
+  def view_for_profile_actions(klass)
+    raise ArgumentError, 'No profile actions view for this class.' if klass.nil?
+
+    name = klass.name.underscore
+    VIEW_EXTENSIONS.each do |ext|
+      return "blocks/profile_info_actions/"+name+ext if File.exists?(File.join(RAILS_ROOT, 'app', 'views', 'blocks', 'profile_info_actions', name+ext))
     end
+
+    view_for_profile_actions(klass.superclass)
   end
  
   def user
@@ -556,17 +589,18 @@ module ApplicationHelper
  
   def gravatar_url_for(email, options = {})
     # Ta dando erro de roteamento
+    default = theme_option['gravatar'] || NOOSFERO_CONF['gravatar'] || nil
     url_for( { :gravatar_id => Digest::MD5.hexdigest(email),
                :host => 'www.gravatar.com',
                :protocol => 'http://',
                :only_path => false,
                :controller => 'avatar.php',
-               :d => NOOSFERO_CONF['gravatar'] ? NOOSFERO_CONF['gravatar'] : nil
+               :d => default
              }.merge(options) )
   end
  
   def str_gravatar_url_for(email, options = {})
-    default = NOOSFERO_CONF['gravatar'] ? NOOSFERO_CONF['gravatar'] : nil
+    default = theme_option['gravatar'] || NOOSFERO_CONF['gravatar'] || nil
     url = 'http://www.gravatar.com/avatar.php?gravatar_id=' +
            Digest::MD5.hexdigest(email)
     {
@@ -870,7 +904,7 @@ module ApplicationHelper
  
   def template_stylesheet_path
     if profile.nil?
-      '/designs/templates/default/stylesheets/style.css'
+      "/designs/templates/#{environment.layout_template}/stylesheets/style.css"
     else
       "/designs/templates/#{profile.layout_template}/stylesheets/style.css"
     end
@@ -947,8 +981,10 @@ module ApplicationHelper
       'thickbox',
       'lightbox',
       'colorpicker',
+      colorbox_stylesheet_path,
       pngfix_stylesheet_path,
-    ]
+    ] +
+    tokeninput_stylesheets
   end
  
   # DEPRECATED. Do not use this·
@@ -960,6 +996,14 @@ module ApplicationHelper
     'iepngfix/iepngfix.css'
   end
  
+  def colorbox_stylesheet_path
+    'colorbox/colorbox.css'
+  end
+
+  def tokeninput_stylesheets
+    ['token-input', 'token-input-facebook', 'token-input-mac']
+  end
+
   def noosfero_layout_features
     render :file => 'shared/noosfero_layout_features'
   end
@@ -975,7 +1019,10 @@ module ApplicationHelper
   def article_to_html(article, options = {})
     options.merge!(:page => params[:npage])
     content = article.to_html(options)
-    return self.instance_eval(&content) if content.kind_of?(Proc)
+    content = content.kind_of?(Proc) ? self.instance_eval(&content) : content
+    @plugins && @plugins.enabled_plugins.each do |plugin|
+      content = plugin.parse_content(content)
+    end
     content
   end
  
@@ -1083,6 +1130,17 @@ module ApplicationHelper
     link_to(content_tag(:span, _('Communities Menu')), '#', :onclick => "toggleSubmenu(this,'',#{links.to_json}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-communities-trigger')
   end
  
+  def browse_contents_menu
+     links = [
+       {s_('contents|More Comments') => {:href => url_for({:controller => 'browse', :action => 'contents', :filter => 'more_comments'})}},
+       {s_('contents|More Views') => {:href => url_for({:controller => 'browse', :action => 'contents', :filter => 'more_views'})}},
+       {s_('contents|More Recent') => {:href => url_for({:controller => 'browse', :action => 'contents', :filter => 'more_recent'})}}
+     ]
+
+    link_to(content_tag(:span, _('Contents'), :class => 'icon-blog'), {:controller => "browse", :action => 'contents'}, :id => 'submenu-contents') +
+    link_to(content_tag(:span, _('Contents Menu')), '#', :onclick => "toggleSubmenu(this,'',#{links.to_json}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-contents-trigger')
+  end
+
   def pagination_links(collection, options={})
     options = {:prev_label => '&laquo; ' + _('Previous'), :next_label => _('Next') + ' &raquo;'}.merge(options)
     will_paginate(collection, options)
@@ -1099,16 +1157,27 @@ module ApplicationHelper
     result
   end
  
+  def manage_enterprises
+    if user && !user.enterprises.empty?
+      enterprises_link = user.enterprises.map do |enterprise|
+        link_to(content_tag('strong', [_('<span>Manage</span> %s') % enterprise.short_name(25)]), @environment.top_url + "/myprofile/#{enterprise.identifier}", :class => "icon-menu-"+enterprise.class.identification.underscore, :title => [_('Manage %s') % enterprise.short_name])
+      end
+      render :partial => 'shared/manage_enterprises', :locals => {:enterprises_link => enterprises_link}
+    end
+  end
+
   def usermenu_logged_in
     pending_tasks_count = ''
-    if user && user.all_pending_tasks.count > 0
-      pending_tasks_count = link_to(user.all_pending_tasks.count.to_s, '/myprofile/{login}/tasks', :id => 'pending-tasks-count', :title => _("Manage your pending tasks"))
+    count = user ? Task.to(user).pending.count : -1
+    if count > 0
+      pending_tasks_count = link_to(count.to_s, @environment.top_url + '/myprofile/{login}/tasks', :id => 'pending-tasks-count', :title => _("Manage your pending tasks"))
     end
  
-    (_('Welcome, %s') % link_to('<i></i><strong>{login}</strong>', '/{login}', :id => "homepage-link", :title => _('Go to your homepage'))) +
+    (_("<span class='welcome'>Welcome,</span> %s") % link_to('<i></i><strong>{login}</strong>', @environment.top_url + '/{login}', :id => "homepage-link", :title => _('Go to your homepage'))) +
     render_environment_features(:usermenu) +
-    link_to('<i class="icon-menu-admin"></i><strong>' + _('Administration') + '</strong>', { :controller => 'admin_panel', :action => 'index' }, :id => "controlpanel", :title => _("Configure the environment"), :class => 'admin-link', :style => 'display: none') +
-    link_to('<i class="icon-menu-ctrl-panel"></i><strong>' + _('Control panel') + '</strong>', '/myprofile/{login}', :id => "controlpanel", :title => _("Configure your personal account and content")) +
+    link_to('<i class="icon-menu-admin"></i><strong>' + _('Administration') + '</strong>', @environment.top_url + '/admin', :id => "controlpanel", :title => _("Configure the environment"), :class => 'admin-link', :style => 'display: none') +
+    manage_enterprises.to_s +
+    link_to('<i class="icon-menu-ctrl-panel"></i><strong>' + _('Control panel') + '</strong>', @environment.top_url + '/myprofile/{login}', :id => "controlpanel", :title => _("Configure your personal account and content")) +
     pending_tasks_count +
     link_to('<i class="icon-menu-logout"></i><strong>' + _('Logout') + '</strong>', { :controller => 'account', :action => 'logout'} , :id => "logout", :title => _("Leave the system"))
   end
@@ -1206,4 +1275,39 @@ module ApplicationHelper
     end
   end
  
+  def render_dialog_error_messages(instance_name)
+    render :partial => 'shared/dialog_error_messages', :locals => { :object_name => instance_name }
+  end
+
+  def report_abuse(profile, type, content=nil)
+    return if !user || user == profile
+
+    url = { :controller => 'profile',
+            :action => 'report_abuse',
+            :profile => profile.identifier }
+    url.merge!({:content_type => content.class.name, :content_id => content.id}) if content
+    text = content_tag('span', _('Report abuse'))
+    klass = 'report-abuse-action'
+    already_reported_message = _('You already reported this profile.')
+    report_profile_message = _('Report this profile for abusive behaviour')
+
+    if type == :button
+      if user.already_reported?(profile)
+        button(:alert, text, url, :class => klass+' disabled', :disabled => true, :title => already_reported_message)
+      else
+        button(:alert, text, url, :class => klass, :title => report_profile_message)
+      end
+    elsif type == :link
+      if user.already_reported?(profile)
+        content_tag('a', text, :class => klass + ' disabled button with-text icon-alert', :title => already_reported_message)
+      else
+        link_to(text, url, :class => klass + ' button with-text icon-alert', :title => report_profile_message)
+      end
+    elsif type == :comment_link
+      (user.already_reported?(profile) ?
+        content_tag('a', text, :class => klass + ' disabled comment-footer comment-footer-link', :title => already_reported_message) :
+        link_to(text, url, :class => klass + ' comment-footer comment-footer-link', :title => report_profile_message)
+      ) + content_tag('span', ' | ', :class => 'comment-footer comment-footer-hide')
+    end
+  end
 end
@@ -99,7 +99,9 @@ module BoxesHelper
     unless block.visible?
       options[:title] = _("This block is invisible. Your visitors will not see it.")
     end
-
+    @controller.send(:content_editor?) || @plugins.enabled_plugins.each do |plugin|
+      result = plugin.parse_content(result)
+    end
     box_decorator.block_target(block.box, block) +
       content_tag('div',
        content_tag('div',
@@ -5,16 +5,24 @@ include ManageProductsHelper
  
   def display_products_list(profile, products)
     data = ''
+    extra_content = []
+    extra_content_list = []
     products.each { |product|
-
+      extra_content = @plugins.map(:catalog_item_extras, product).collect { |content| instance_eval(&content) } if @plugins
+      extra_content_list = @plugins.map(:catalog_list_item_extras, product).collect { |content| instance_eval(&content) } if @plugins
       data << content_tag('li',
-        link_to_product(product, :class => 'product-pic', :style => 'background-image:url(%s)' % ( product.image ? product.image.public_filename(:portrait) : '/images/icons-app/product-default-pic-portrait.png' )) +
+        link_to_product(product, :class => 'product-pic', :style => 'background-image:url(%s)' % product.default_image(:portrait) ) +
         content_tag('h3', link_to_product(product)) +
         content_tag('ul',
           (product.price ? content_tag('li', _('Price: %s') % ( "%.2f" % product.price), :class => 'product_price') : '') +
-          content_tag('li', product_category_name(profile, product.product_category), :class => 'product_category')
+          content_tag('li', product_category_name(profile, product.product_category), :class => 'product_category') +
+          extra_content_list.map { |content| content_tag('li', content)}.join("\n")
         ) +
-        (product.description ? content_tag('div', txt2html(product.description), :class => 'description') : tag('br', :style => 'clear:both')),
+        (product.description ? content_tag('div',
+                                           txt2html(product.description),
+                                           :class => 'description') : tag('br',
+                                           :style => 'clear:both')) +
+        extra_content.join("\n"),
         :class => 'product')
     }
     content_tag('h1', _('Products/Services')) + content_tag('ul', data, :id => 'product_list')
@@ -22,9 +22,14 @@ module ContentViewerHelper
       end
       comments = ''
       unless args[:no_comments] || !article.accept_comments
-        comments = ("- %s") % link_to_comments(article)
+        comments = (" - %s") % link_to_comments(article)
       end
-      title << content_tag('span', _("%s, by %s %s") % [show_date(article.published_at), link_to(article.author_name, article.author.url), comments], :class => 'created-at')
+      title << content_tag('span',
+        content_tag('span', show_date(article.published_at), :class => 'date') +
+        content_tag('span', [_(", by %s") % link_to(article.author_name, article.author.url)], :class => 'author') +
+        content_tag('span', comments, :class => 'comments'),
+        :class => 'created-at'
+      )
     end
     title
   end
@@ -46,4 +51,21 @@ module ContentViewerHelper
     end
   end
  
+  def addthis_facebook_url(article)
+    "http://www.facebook.com/sharer.php?s=100&p[title]=%{title}&p[summary]=%{summary}&p[url]=%{url}&p[images][0]=%{image}" % {
+      :title => CGI.escape(article.title),
+      :url => CGI.escape(url_for(article.url)),
+      :summary => CGI.escape(truncate(strip_tags(article.body.to_s), 300)),
+      :image => CGI.escape(article.body_images_paths.first.to_s)
+    }
+  end
+
+  def addthis_image_tag
+    if File.exists?(File.join(Rails.root, 'public', theme_path, 'images', 'addthis.gif'))
+      image_tag(File.join(theme_path, 'images', 'addthis.gif'), :border => 0, :alt => '')
+    else
+      image_tag("/images/bt-bookmark.gif", :width => 53, :height => 16, :border => 0, :alt => '')
+    end
+  end
+
 end
@@ -42,11 +42,11 @@ module DatesHelper
     end
   end
  
-  def show_period(date1, date2 = nil)
+  def show_period(date1, date2 = nil, use_numbers = false)
     if (date1 == date2) || (date2.nil?)
-      show_date(date1)
+      show_date(date1, use_numbers)
     else
-      _('from %{date1} to %{date2}') % {:date1 => show_date(date1), :date2 => show_date(date2)}
+      _('from %{date1} to %{date2}') % {:date1 => show_date(date1, use_numbers), :date2 => show_date(date2, use_numbers)}
     end
   end
  
@@ -27,14 +27,18 @@ module DisplayHelper
   end
  
   def txt2html(txt)
-    txt.
-      gsub( /\n\s*\n/, ' <p/> ' ).
-      gsub( /\n/, ' <br/> ' ).
-      gsub( /(^|\s)(www\.[^\s])/, '\1http://\2' ).
-      gsub( /(https?:\/\/([^\s]+))/ ) do
-        href, content = $1, $2.scan(/.{4}/).join('&#x200B;')
-        content_tag(:a, content, :href => href, :target => '_blank', :rel => 'nofolow',
-                    :onclick => "return confirm('%s')" % escape_javascript(_('Are you sure you want to visit this web site?')))
+    txt.strip.
+      gsub( /\s*\n\s*\n\s*/, "\r<p/>\r" ).
+      gsub( /\s*\n\s*/, "\n<br/>\n" ).
+      gsub( /\r/, "\n" ).
+      gsub( /(^|\s)(www\.[^\s]+|https?:\/\/[^\s]+)/ ) do
+        pre_char, href = $1, $2
+        href = 'http://'+href  if ! href.match /^https?:/
+        content = href.gsub(/^https?:\/\//, '').scan(/.{1,4}/).join('&#x200B;')
+        pre_char +
+        content_tag(:a, content, :href => href, :target => '_blank',
+                    :rel => 'nofolow', :onclick => "return confirm('%s')" %
+                      _('Are you sure you want to visit this web site?'))
       end
   end
 end
@@ -21,14 +21,13 @@ module EventsHelper
   end
  
   def populate_calendar(selected_date, events)
+    events.reject! {|event| !event.display_to?(user)}
     calendar = Event.date_range(selected_date.year, selected_date.month).map do |date|
       [
         # the day itself
         date,
         # is there any events in this date?
-        events.select {|event| event.display_to?(user)}.any? do |event|
-          event.date_range.include?(date)
-        end,
+        events.any? {|event| event.date_range.include?(date)},
         # is this date in the current month?
         true
       ]
@@ -104,8 +104,8 @@ module ProfileEditorHelper
     @country_helper ||= CountriesHelper.instance
   end
  
-  def select_country(title, object, method, options)
-    labelled_form_field(title, select(object, method, [[_('[Select ...]'), nil]] + country_helper.countries, {}, options))
+  def select_country(title, object, method, html_options = {}, options = {})
+    labelled_form_field(title, select(object, method, [[_('[Select ...]'), nil]] + country_helper.countries, options, html_options))
   end
  
   def select_schooling(object, method, options)
@@ -22,7 +22,7 @@ module SweeperHelper
  
     # friends blocks
     blocks = profile.blocks.select{|b| b.kind_of?(FriendsBlock)}
-    blocks.map(&:cache_keys).each{|ck|expire_timeout_fragment(ck)}
+    blocks.map(&:cache_key).each{|ck|expire_timeout_fragment(ck)}
   end
  
   def expire_communities(profile)
@@ -34,13 +34,13 @@ module SweeperHelper
  
     # communities block
     blocks = profile.blocks.select{|b| b.kind_of?(CommunitiesBlock)}
-    blocks.map(&:cache_keys).each{|ck|expire_timeout_fragment(ck)}
+    blocks.map(&:cache_key).each{|ck|expire_timeout_fragment(ck)}
   end
  
   def expire_enterprises(profile)
     # enterprises and favorite enterprises blocks
     blocks = profile.blocks.select {|b| [EnterprisesBlock, FavoriteEnterprisesBlock].any?{|klass| b.kind_of?(klass)} }
-    blocks.map(&:cache_keys).each{|ck|expire_timeout_fragment(ck)}
+    blocks.map(&:cache_key).each{|ck|expire_timeout_fragment(ck)}
   end
  
   def expire_profile_index(profile)
@@ -28,7 +28,6 @@ module TagsHelper
   # courtesy of Aurelio: http://www.colivre.coop.br/Aurium/Nuvem 
   # (pt_BR only).
   def tag_cloud(tags, tagname_option, url, options = {})
-  
  
     return content_tag('em', _('No tags yet.')) +
            ' <a href="' + _('http://en.wikipedia.org/wiki/Tag_%28metadata%29') +
@@ -42,7 +41,7 @@ module TagsHelper
     max = tags.values.max.to_f
     min = tags.values.min.to_f
  
-    tags.map do |tag,count|
+    tags.sort_by{ |k,v| k.downcase }.map do |tag,count|
       if ( max == min )
         v = 0.5
       else
@@ -0,0 +1,75 @@
+class AbuseComplaint < Task
+  has_many :abuse_reports, :dependent => :destroy
+  belongs_to :reported, :class_name => "Profile", :foreign_key => "requestor_id"
+
+  validates_presence_of :reported
+  alias :requestor :reported
+
+  def initialize(*args)
+    super
+    self.status = (args.first ? args.first[:status] : nil) || Task::Status::HIDDEN
+  end
+
+  after_update do |abuse_complaint|
+    if abuse_complaint.reported.environment.reports_lower_bound < abuse_complaint.abuse_reports.count && abuse_complaint.status == Task::Status::HIDDEN
+      abuse_complaint.activate
+    end
+  end
+
+  def target
+    reported.environment
+  end
+
+  def environment
+    target
+  end
+
+  def title
+    abuse_reports.count > 1 ? (_('Abuse complaint (%s)') % abuse_reports.count) :_('Abuse complaint')
+  end
+
+  def linked_subject
+    {:text => reported.name, :url => reported.url}
+  end
+
+  def information
+    {:message => _('%{linked_subject} was reported due to inappropriate behavior.')}
+  end
+
+  def accept_details
+    true
+  end
+
+  def reject_details
+    true
+  end
+
+  def icon
+    {:type => :profile_image, :profile => reported, :url => reported.url}
+  end
+
+  def default_decision
+    'skip'
+  end
+
+  def perform
+    reported.disable
+  end
+
+  def task_activated_message
+    _('Your profile was reported by the users of %s due to inappropriate behavior. The administrators of the environment are now reviewing the report. To solve this misunderstanding, please contact the administrators.') % environment.name
+  end
+
+  def task_finished_message
+    _('Your profile was disabled by the administrators of %s due to inappropriate behavior. To solve this misunderstanding please contact them.') % environment.name
+  end
+
+  def target_notification_description
+    _('%s was reported due to inappropriate behavior.') % reported.name
+  end
+
+  def target_notification_message
+    _('The users of %{environment} reported %{reported} due to inappropriate behavior. A task was created with all the reports including the reasons and contents reported by these users. Please verify the reports and decide whether this profile must be disabled or not.') % {:environment => environment.name, :reported => reported.name}
+  end
+
+end
@@ -0,0 +1,15 @@
+class AbuseReport < ActiveRecord::Base
+
+  belongs_to :reporter, :class_name => 'Person'
+  belongs_to :abuse_complaint
+  has_many :reported_images, :dependent => :destroy
+
+  validates_presence_of :reporter, :abuse_complaint, :reason
+  validates_uniqueness_of :reporter_id, :scope => :abuse_complaint_id
+
+  xss_terminate :sanitize => [:reason]
+
+  after_create do |abuse_report|
+    abuse_report.abuse_complaint.save!
+  end
+end
@@ -77,6 +77,10 @@ class ApproveArticle &lt; Task
     true
   end
  
+  def reject_details
+    true
+  end
+
   def default_decision
     if article
       'skip'
@@ -90,7 +94,11 @@ class ApproveArticle &lt; Task
   end
  
   def target_notification_description
-    _('%{requestor} wants to publish the article: %{article}.') % {:requestor => requestor.name, :article => article.name}
+    if article
+      _('%{requestor} wants to publish the article: %{article}.') % {:requestor => requestor.name, :article => article.name}
+    else
+      _('%{requestor} wanted to publish an article but it was removed.') % {:requestor => requestor.name}
+    end
   end
  
   def target_notification_message
@@ -107,4 +115,11 @@ class ApproveArticle &lt; Task
     end
   end
  
+  def task_cancelled_message
+    message = _('Your request for publishing the article "{article}" was rejected.')
+    if !reject_explanation.blank?
+      message += " " + _("Here is the reject explanation left by the administrator who rejected your article: \n\n%{reject_explanation}") % {:reject_explanation => reject_explanation}
+    end
+  end
+
 end
@@ -188,6 +188,14 @@ class Article &lt; ActiveRecord::Base
     body || ''
   end
  
+  include ApplicationHelper
+  def reported_version(options = {})
+    article = self
+    search_path = File.join(Rails.root, 'app', 'views', 'shared', 'reported_versions')
+    partial_path = File.join('shared', 'reported_versions', partial_for_class_in_view_path(article.class, search_path))
+    lambda { render_to_string(:partial => partial_path, :locals => {:article => article}) }
+  end
+
   # returns the data of the article. Must be overriden in each subclass to
   # provide the correct content for the article. 
   def data
@@ -265,6 +273,10 @@ class Article &lt; ActiveRecord::Base
     false
   end
  
+  def uploaded_file?
+    false
+  end
+
   def has_posts?
     false
   end
@@ -343,11 +355,20 @@ class Article &lt; ActiveRecord::Base
     ['Folder', 'Blog', 'Forum', 'Gallery']
   end
  
+  def self.text_article_types
+    ['TextArticle', 'TextileArticle', 'TinyMceArticle']
+  end
+
   named_scope :published, :conditions => { :published => true }
   named_scope :folders, :conditions => { :type => folder_types}
   named_scope :no_folders, :conditions => ['type NOT IN (?)', folder_types]
   named_scope :galleries, :conditions => { :type => 'Gallery' }
   named_scope :images, :conditions => { :is_image => true }
+  named_scope :text_articles, :conditions => [ 'articles.type IN (?)', text_article_types ]
+
+  named_scope :more_comments, :order => "comments_count DESC"
+  named_scope :more_views, :order => "hits DESC"
+  named_scope :more_recent, :order => "created_at DESC"
  
   def self.display_filter(user, profile)
     return {:conditions => ['published = ?', true]} if !user
@@ -509,6 +530,35 @@ class Article &lt; ActiveRecord::Base
     self.parent && self.parent.accept_uploads?
   end
  
+  def body_images_paths
+    require 'uri'
+    Hpricot(self.body.to_s).search('img[@src]').collect do |i|
+      (self.profile && self.profile.environment) ? URI.join(self.profile.environment.top_url, URI.escape(i.attributes['src'])).to_s : i.attributes['src']
+    end
+  end
+
+  def more_comments_label
+    amount = self.comments_count
+    {
+      0 => _('no comments'),
+      1 => _('one comment')
+    }[amount] || _("%s comments") % amount
+
+  end
+
+  def more_views_label
+    amount = self.hits
+    {
+      0 => _('no views'),
+      1 => _('one view')
+    }[amount] || _("%s views") % amount
+
+  end
+
+  def more_recent_label
+    _('Created at: ')
+  end
+
   private
  
   def sanitize_tag_list
@@ -34,6 +34,12 @@ class Block &lt; ActiveRecord::Base
         else
           return context[:request_path] == '/'
         end
+      elsif display == 'except_home_page'
+        if context[:article]
+          return context[:article] != owner.home_page
+        else
+          return context[:request_path] != '/' + owner.identifier
+        end
       end
     end
     true
@@ -45,6 +51,8 @@ class Block &lt; ActiveRecord::Base
   # * <tt>'never'</tt>: the block is hidden (it does not appear for visitors)
   # * <tt>'home_page_only'</tt> the block is displayed only when viewing the
   #   homepage of its owner.
+  # * <tt>'except_home_page'</tt> the block is displayed only when viewing
+  #   the homepage of its owner.
   settings_items :display, :type => :string, :default => 'always'
  
   # The block can be configured to be displayed in all languages or in just one language. It can assume any locale of the environment:
@@ -119,10 +127,6 @@ class Block &lt; ActiveRecord::Base
     true
   end
  
-  def cache_keys
-    "block-id-#{id}"
-  end
-
   def timeout
     4.hours
   end
@@ -72,4 +72,8 @@ class Blog &lt; Folder
  
   alias :display_posts_in_current_language? :display_posts_in_current_language
  
+  def empty?
+    posts.empty?
+  end
+
 end
@@ -2,7 +2,7 @@ class Comment &lt; ActiveRecord::Base
  
   track_actions :leave_comment, :after_create, :keep_params => ["article.title", "article.url", "title", "url", "body"], :custom_target => :action_tracker_target 
  
-  validates_presence_of :title, :body
+  validates_presence_of :body
   belongs_to :article, :counter_cache => true
   belongs_to :author, :class_name => 'Person', :foreign_key => 'author_id'
   has_many :children, :class_name => 'Comment', :foreign_key => 'reply_of_id', :dependent => :destroy
@@ -98,6 +98,16 @@ class Comment &lt; ActiveRecord::Base
     root
   end
  
+  include ApplicationHelper
+  def reported_version(options = {})
+    comment = self
+    lambda { render_to_string(:partial => 'shared/reported_versions/comment', :locals => {:comment => comment}) }
+  end
+
+  def to_html(option={})
+    body || ''
+  end
+
   class Notifier < ActionMailer::Base
     def mail(comment)
       profile = comment.article.profile
@@ -75,4 +75,8 @@ class Community &lt; Organization
     end
   end
  
+  def control_panel_settings_button
+    {:title => __('Community Info and settings'), :icon => 'edit-profile-group'}
+  end
+
 end
@@ -23,23 +23,26 @@ class Contact &lt; ActiveRecord::Base #WithoutTable
  
   class Sender < ActionMailer::Base
     def mail(contact)
+      content_type 'text/html'
       emails = contact.dest.notification_emails
       recipients emails
-      from "#{contact.name} <#{contact.email}>"
+      from "#{contact.name} <#{contact.dest.environment.contact_email}>"
+      reply_to contact.email
       if contact.sender
         headers 'X-Noosfero-Sender' => contact.sender.identifier
       end
       if contact.receive_a_copy
         cc "#{contact.name} <#{contact.email}>"
       end
-      subject contact.subject
+      subject "[#{contact.dest.short_name(30)}] " + contact.subject
       body :name => contact.name,
         :email => contact.email,
         :city => contact.city,
         :state => contact.state,
         :message => contact.message,
         :environment => contact.dest.environment.name,
-        :url => url_for(:host => contact.dest.environment.default_hostname, :controller => 'home')
+        :url => url_for(:host => contact.dest.environment.default_hostname, :controller => 'home'),
+        :target => contact.dest.name
     end
   end
  
@@ -10,7 +10,7 @@ class Domain &lt; ActiveRecord::Base
  
   # <tt>name</tt> must be a sequence of word characters (a to z, plus 0 to 9,
   # plus '_'). Letters must be lowercase
-  validates_format_of :name, :with => /^([a-z0-9_]+\.)+[a-z0-9_]+$/, :message => N_('%{fn} must be composed only of lowercase latters (a to z), numbers (0 to 9) and "_"')
+  validates_format_of :name, :with => /^([a-z0-9_-]+\.)+[a-z0-9_-]+$/, :message => N_('%{fn} must be composed only of lowercase latters (a to z), numbers (0 to 9), "_" and "-"')
  
   # checks validations that could not be expressed using Rails' predefined
   # validations. In particular:
@@ -7,6 +7,8 @@ class Enterprise &lt; Organization
   has_many :products, :dependent => :destroy, :order => 'name ASC'
   has_many :inputs, :through => :products
  
+  has_and_belongs_to_many :fans, :class_name => 'Person', :join_table => 'favorite_enteprises_people'
+
   extra_data_for_index :product_categories
  
   N_('Organization website'); N_('Historic and current context'); N_('Activities short description'); N_('City'); N_('State'); N_('Country'); N_('ZIP code')
@@ -145,6 +147,7 @@ class Enterprise &lt; Organization
   end
  
   before_create do |enterprise|
+    enterprise.validated = enterprise.environment.enabled?('enterprises_are_validated_when_created')
     if enterprise.environment.enabled?('enterprises_are_disabled_when_created')
       enterprise.enabled = false
     end
@@ -165,4 +168,12 @@ class Enterprise &lt; Organization
     enable_contact_us
   end
  
+  def control_panel_settings_button
+    {:title => __('Enterprise Info and settings'), :icon => 'edit-profile-enterprise'}
+  end
+
+  def create_product?
+    true
+  end
+
 end
@@ -9,6 +9,13 @@ class Environment &lt; ActiveRecord::Base
  
   has_many :tasks, :dependent => :destroy, :as => 'target'
  
+  IDENTIFY_SCRIPTS = /(php[0-9s]?|[sp]htm[l]?|pl|py|cgi|rb)/
+
+  def self.verify_filename(filename)
+    filename += '.txt' if File.extname(filename) =~ IDENTIFY_SCRIPTS
+    filename
+  end
+
   PERMISSIONS['Environment'] = {
     'view_environment_admin_panel' => N_('View environment admin panel'),
     'edit_environment_features' => N_('Edit environment features'),
@@ -67,6 +74,10 @@ class Environment &lt; ActiveRecord::Base
     self.affiliate(user, Environment::Roles.admin(self.id))
   end
  
+  def remove_admin(user)
+    self.disaffiliate(user, Environment::Roles.admin(self.id))
+  end
+
   def admins
     Person.members_of(self).all(:conditions => ['role_assignments.role_id = ?', Environment::Roles.admin(self).id])
   end
@@ -106,6 +117,7 @@ class Environment &lt; ActiveRecord::Base
       'enable_organization_url_change' => _("Allow organizations to change their URL"),
       'admin_must_approve_new_communities' => _("Admin must approve creation of communities"),
       'enterprises_are_disabled_when_created' => __('Enterprises are disabled when created'),
+      'enterprises_are_validated_when_created' => __('Enterprises are validated when created'),
       'show_balloon_with_profile_links_when_clicked' => _('Show a balloon with profile links when a profile image is clicked'),
       'xmpp_chat' => _('XMPP/Jabber based chat'),
       'show_zoom_button_on_article_images' => _('Show a zoom link on all article images')
@@ -218,7 +230,19 @@ class Environment &lt; ActiveRecord::Base
   settings_items :currency_separator, :type => String, :default => '.'
   settings_items :currency_delimiter, :type => String, :default => ','
  
-  settings_items :trusted_sites_for_iframe, :type => Array, :default => ['itheora.org', 'tv.softwarelivre.org', 'stream.softwarelivre.org']
+  settings_items :trusted_sites_for_iframe, :type => Array, :default => %w[
+    developer.myspace.com
+    itheora.org
+    maps.google.com
+    platform.twitter.com
+    player.vimeo.com
+    stream.softwarelivre.org
+    tv.softwarelivre.org
+    www.facebook.com
+    www.flickr.com
+    www.gmodules.com
+    www.youtube.com
+  ] + ('a' .. 'z').map{|i| "#{i}.yimg.com"}
  
   settings_items :enabled_plugins, :type => Array, :default => []
  
@@ -228,17 +252,28 @@ class Environment &lt; ActiveRecord::Base
  
   # Enables a feature identified by its name
   def enable(feature)
-    self.settings["#{feature}_enabled"] = true
+    self.settings["#{feature}_enabled".to_sym] = true
+  end
+
+  def enable_plugin(plugin)
+    self.enabled_plugins += [plugin]
+    self.enabled_plugins.uniq!
+    self.save!
   end
  
   # Disables a feature identified by its name
   def disable(feature)
-    self.settings["#{feature}_enabled"] = false
+    self.settings["#{feature}_enabled".to_sym] = false
+  end
+
+  def disable_plugin(plugin)
+    self.enabled_plugins.delete(plugin)
+    self.save!
   end
  
   # Tells if a feature, identified by its name, is enabled
   def enabled?(feature)
-    self.settings["#{feature}_enabled"] == true
+    self.settings["#{feature}_enabled".to_sym] == true
   end
  
   # enables the features identified by <tt>features</tt>, which is expected to
@@ -494,6 +529,7 @@ class Environment &lt; ActiveRecord::Base
   xss_terminate :only => [ :message_for_disabled_enterprise ], :with => 'white_list', :on => 'validation'
  
   validates_presence_of :theme
+  validates_numericality_of :reports_lower_bound, :allow_nil => false, :only_integer => true, :greater_than_or_equal_to => 0
  
   include WhiteListFilter
   filter_iframes :message_for_disabled_enterprise, :whitelist => lambda { trusted_sites_for_iframe }
@@ -517,12 +553,12 @@ class Environment &lt; ActiveRecord::Base
   # If #force_www is true, adds 'www.' at the beginning of the hostname. If the
   # environment has not associated domains, returns 'localhost'.
   def default_hostname(email_hostname = false)
-    if self.domains(true).empty?
-      'localhost'
-    else
+    domain = 'localhost'
+    unless self.domains(true).empty?
       domain = (self.domains.find_by_is_default(true) || self.domains.find(:first, :order => 'id')).name
-      email_hostname ? domain : (force_www ? ('www.' + domain) : domain)
+      domain = email_hostname ? domain : (force_www ? ('www.' + domain) : domain)
     end
+    domain
   end
  
   def top_url
@@ -671,13 +707,14 @@ class Environment &lt; ActiveRecord::Base
   def create_templates
     pre = self.name.to_slug + '_'
     ent_id = Enterprise.create!(:name => 'Enterprise template', :identifier => pre + 'enterprise_template', :environment => self, :visible => false).id
+    inactive_enterprise_tmpl = Enterprise.create!(:name => 'Inactive Enterprise template', :identifier => pre + 'inactive_enterprise_template', :environment => self, :visible => false)
     com_id = Community.create!(:name => 'Community template', :identifier => pre + 'community_template', :environment => self, :visible => false).id
     pass = Digest::MD5.hexdigest rand.to_s
     user = User.create!(:login => (pre + 'person_template'), :email => (pre + 'template@template.noo'), :password => pass, :password_confirmation => pass, :environment => self).person
-    user.visible = false
-    user.save!
+    user.update_attributes(:visible => false, :name => "Person template")
     usr_id = user.id
     self.settings[:enterprise_template_id] = ent_id
+    self.inactive_enterprise_template = inactive_enterprise_tmpl
     self.settings[:community_template_id] = com_id
     self.settings[:person_template_id] = usr_id
     self.save!
@@ -685,7 +722,7 @@ class Environment &lt; ActiveRecord::Base
  
   after_destroy :destroy_templates
   def destroy_templates
-    [enterprise_template, community_template, person_template].compact.each do |template|
+    [enterprise_template, inactive_enterprise_template, community_template, person_template].compact.each do |template|
       template.destroy
     end
   end
@@ -701,6 +738,4 @@ class Environment &lt; ActiveRecord::Base
   def image_galleries
     portal_community ? portal_community.image_galleries : []
   end
-
 end
-
@@ -0,0 +1,31 @@
+class FansBlock < ProfileListBlock
+
+  def self.description
+    _('Displays the people who like the enterprise')
+  end
+
+  def default_title
+    n__('{#} fan', '{#} fans', profile_count)
+  end
+
+  def help
+    _('This block presents the fans of an enterprise.')
+  end
+
+  def footer
+    profile = self.owner
+    lambda do
+      link_to _('View all'), :profile => profile.identifier, :controller =>
+      'profile', :action => 'fans'
+    end
+  end
+
+  def profiles
+    owner.fans
+  end
+
+  def profile_count
+    profiles.visible.count
+  end
+
+end
@@ -29,7 +29,7 @@ class Folder &lt; Article
   def to_html(options = {})
     folder = self
     lambda do
-      render :file => 'content_viewer/folder', :locals => { :folder => folder }
+      render :file => 'content_viewer/folder', :locals => {:folder => folder}
     end
   end
  
 class Image < ActiveRecord::Base
-  belongs_to :owner, :polymorphic => true
  
   def self.max_size
     Image.attachment_options[:max_size]
   end
  
+  sanitize_filename
+
   has_attachment :content_type => :image, 
                  :storage => :file_system, 
                  :path_prefix => 'public/image_uploads',
@@ -20,4 +21,6 @@ class Image &lt; ActiveRecord::Base
  
   delay_attachment_fu_thumbnails
  
+  postgresql_attachment_fu
+
 end
@@ -27,6 +27,10 @@ class Invitation &lt; Task
     TaskMailer.deliver_invitation_notification(task) unless task.friend
   end
  
+  def title
+    _('Invitation')
+  end
+
   def validate
     super
     email = friend ? friend.user.email : friend_email
@@ -8,7 +8,7 @@ class InviteFriend &lt; Invitation
   end
  
   def title
-    _("New friend")
+    _("Friend invitation")
   end
  
   def information
@@ -57,7 +57,7 @@ class LinkListBlock &lt; Block
   def link_html(link)
     klass = 'icon-' + link[:icon] if link[:icon]
     sanitize_link(
-      link_to(_(link[:name]), expand_address(link[:address]), :class => klass)
+      link_to(link[:name], expand_address(link[:address]), :class => klass)
     )
   end
  
@@ -95,12 +95,12 @@ class Organization &lt; Profile
     []
   end
  
-  N_('Display name'); N_('Description'); N_('Contact person'); N_('Contact email'); N_('Acronym'); N_('Foundation year'); N_('Legal form'); N_('Economic activity'); N_('Management information'); N_('Validated'); N_('Tag list')
-  settings_items :display_name, :description, :contact_person, :contact_email, :acronym, :foundation_year, :legal_form, :economic_activity, :management_information, :validated, :cnpj
+  N_('Display name'); N_('Description'); N_('Contact person'); N_('Contact email'); N_('Acronym'); N_('Foundation year'); N_('Legal form'); N_('Economic activity'); N_('Management information'); N_('Tag list')
+  settings_items :display_name, :description, :contact_person, :contact_email, :acronym, :foundation_year, :legal_form, :economic_activity, :management_information
  
   validates_format_of :foundation_year, :with => Noosfero::Constants::INTEGER_FORMAT
-
   validates_format_of :contact_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { |org| !org.contact_email.blank? })
+  validates_as_cnpj :cnpj
  
   xss_terminate :only => [ :acronym, :contact_person, :contact_email, :legal_form, :economic_activity, :management_information ], :on => 'validation'
  
@@ -149,4 +149,12 @@ class Organization &lt; Profile
     false
   end
  
+  def members_to_json
+    members.map { |member| {:id => member.id, :name => member.name} }.to_json
+  end
+
+  def members_by_role_to_json(role)
+    members_by_role(role).map { |member| {:id => member.id, :name => member.name} }.to_json
+  end
+
 end
@@ -17,6 +17,8 @@ class Person &lt; Profile
  
   has_many :requested_tasks, :class_name => 'Task', :foreign_key => :requestor_id, :dependent => :destroy
  
+  has_many :abuse_reports, :foreign_key => 'reporter_id', :dependent => :destroy
+
   has_many :mailings
  
   has_many :scraps_sent, :class_name => 'Scrap', :foreign_key => :sender_id, :dependent => :destroy
@@ -116,6 +118,8 @@ class Person &lt; Profile
   description
   ]
  
+  validates_multiparameter_assignments
+
   def self.fields
     FIELDS
   end
@@ -387,6 +391,21 @@ class Person &lt; Profile
     leave_hash.to_json
   end
  
+  def already_reported?(profile)
+    abuse_reports.any? { |report| report.abuse_complaint.reported == profile && report.abuse_complaint.opened? }
+  end
+
+  def register_report(abuse_report, profile)
+    AbuseComplaint.create!(:reported => profile, :target => profile.environment) if !profile.opened_abuse_complaint
+    abuse_report.abuse_complaint = profile.opened_abuse_complaint
+    abuse_report.reporter = self
+    abuse_report.save!
+  end
+
+  def control_panel_settings_button
+    {:title => _('Profile Info and settings'), :icon => 'edit-profile'}
+  end
+
   protected
  
   def followed_by?(profile)
@@ -66,7 +66,7 @@ class Product &lt; ActiveRecord::Base
   end
  
   def default_image(size='thumb')
-    '/images/icons-app/product-default-pic-%s.png' % size
+    image ? image.public_filename(size) : '/images/icons-app/product-default-pic-%s.png' % size
   end
  
   def category_full_name
@@ -149,4 +149,8 @@ class Product &lt; ActiveRecord::Base
     unit.blank? ? name : "#{name} - #{unit.name.downcase}"
   end
  
+  def display_supplier_on_search?
+    true
+  end
+
 end
@@ -20,7 +20,15 @@ class ProductsBlock &lt; Block
     block_title(title) +
     content_tag(
       'ul',
-      products.map {|product| content_tag('li', link_to(product.name, product.url, :style => 'background-image:url(%s)' % ( product.image ? product.image.public_filename(:minor) : product.default_image('minor'))), :class => 'product' )}
+      products.map {|product|
+        content_tag('li',
+          link_to( product.name,
+                   product.url,
+                   :style => 'background-image:url(%s)' % product.default_image('minor')
+                 ),
+          :class => 'product'
+        )
+      }
     )
   end
  
@@ -52,8 +52,9 @@ class Profile &lt; ActiveRecord::Base
   acts_as_accessible
  
   named_scope :memberships_of, lambda { |person| { :select => 'DISTINCT profiles.*', :joins => :role_assignments, :conditions => ['role_assignments.accessor_type = ? AND role_assignments.accessor_id = ?', person.class.base_class.name, person.id ] } }
-  named_scope :enterprises, :conditions => "profiles.type = 'Enterprise'"
-  named_scope :communities, :conditions => "profiles.type = 'Community'"
+  #FIXME: these will work only if the subclass is already loaded
+  named_scope :enterprises, lambda { {:conditions => (Enterprise.send(:subclasses).map(&:name) << 'Enterprise').map { |klass| "profiles.type = '#{klass}'"}.join(" OR ")} }
+  named_scope :communities, lambda { {:conditions => (Community.send(:subclasses).map(&:name) << 'Community').map { |klass| "profiles.type = '#{klass}'"}.join(" OR ")} }
  
   def members
     Person.members_of(self)
@@ -163,34 +164,19 @@ class Profile &lt; ActiveRecord::Base
  
   has_many :events, :source => 'articles', :class_name => 'Event', :order => 'name'
  
-  %w[ pending finished ].each do |status|
-    class_eval <<-CODE
-      def all_#{status}_tasks
-        env_tasks = []
-        if self.person?
-          env_tasks = Environment.find(:all).select{ |env| self.is_admin?(env) }.map{ |env| env.tasks.#{status} }.flatten
-        end
-        tasks.#{status} + env_tasks
-      end
-    CODE
-  end
-
   def find_in_all_tasks(task_id)
-    if tasks.exists?(task_id)
-      return tasks.find(task_id)
-    else
-      if self.person?
-        environments_admin = Environment.find(:all).select{ |env| self.is_admin?(env) }
-        task = environments_admin.select{ |env| env.tasks.exists?(task_id) }.map{ |i| i.tasks.find(task_id) }
-        return task.first unless task.empty?
-      end
+    begin
+      Task.to(self).find(task_id)
+    rescue
+      nil
     end
-    return nil
   end
  
   has_many :profile_categorizations, :conditions => [ 'categories_profiles.virtual = ?', false ]
   has_many :categories, :through => :profile_categorizations
  
+  has_many :abuse_complaints, :foreign_key => 'requestor_id'
+
   def interests
     categories.select {|item| !item.is_a?(Region)}
   end
@@ -564,9 +550,7 @@ private :generate_url, :url_options
       if self.closed? && members_count > 0
         AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
       else
-        if members_count == 0
-          self.affiliate(person, Profile::Roles.admin(environment.id))
-        end
+        self.affiliate(person, Profile::Roles.admin(environment.id)) if members_count == 0
         self.affiliate(person, Profile::Roles.member(environment.id))
       end
     else
@@ -809,6 +793,34 @@ private :generate_url, :url_options
     "#{jid(options)}/#{short_name}"
   end
  
+  def is_on_homepage?(url, page=nil)
+    if page
+      page == self.home_page
+    else
+      url == '/' + self.identifier
+    end
+  end
+
+  def opened_abuse_complaint
+    abuse_complaints.opened.first
+  end
+
+  def disable
+    self.visible = false
+    user.password = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{identifier}--")
+    user.password_confirmation = user.password
+    save!
+    user.save!
+  end
+
+  def control_panel_settings_button
+    {:title => _('Profile Info and settings'), :icon => 'edit-profile'}
+  end
+
+  def self.identification
+    name
+  end
+
   protected
  
     def followed_by?(person)
 class ProfileListBlock < Block
  
   settings_items :limit, :type => :integer, :default => 6
-  settings_items :prioritize_profiles_with_image, :type => :boolean, :default => false
+  settings_items :prioritize_profiles_with_image, :type => :boolean, :default => true
  
   def self.description
     _('Random profiles')
@@ -13,21 +13,21 @@ class ProfileListBlock &lt; Block
   end
  
   def profile_list
-    profiles.visible.all(:limit => limit, :select => 'DISTINCT profiles.*, ' + image_prioritizer + randomizer, :joins => "LEFT OUTER JOIN images ON images.owner_id = profiles.id", :order => image_prioritizer + randomizer)
+    result = nil
+    if !prioritize_profiles_with_image
+      result = profiles.visible.all(:limit => limit, :order => 'updated_at DESC').sort_by{ rand }
+    elsif profiles.visible.with_image.count >= limit
+      result = profiles.visible.with_image.all(:limit => limit * 5, :order => 'updated_at DESC').sort_by{ rand }
+    else
+      result = profiles.visible.with_image.sort_by{ rand } + profiles.visible.without_image.all(:limit => limit * 5, :order => 'updated_at DESC').sort_by{ rand }
+    end
+    result.slice(0..limit-1)
   end
  
   def profile_count
     profiles.visible.count('DISTINCT(profiles.id)')
   end
  
-  def randomizer
-    @randomizer ||= "(profiles.id % #{rand(profile_count) + 1})"
-  end
-
-  def image_prioritizer
-    prioritize_profiles_with_image ? '(images.id is null),' : ''
-  end
-
   # the title of the block. Probably will be overriden in subclasses.
   def default_title
     _('{#} People or Groups')
@@ -0,0 +1,13 @@
+class RawHTMLArticle < TextArticle
+
+  def self.short_description
+    _('Raw HTML text article.')
+  end
+
+  def self.description
+    _('Allows HTML without filter (only for admins)')
+  end
+
+  xss_terminate :only => [  ]
+
+end
@@ -0,0 +1,10 @@
+class ReportedImage < ActiveRecord::Base
+  belongs_to :abuse_report
+
+  validates_presence_of :abuse_report
+
+  has_attachment :content_type => :image,
+    :storage     => :file_system,
+    :max_size => 5.megabytes
+
+end
 class SuggestArticle < Task
  
-  has_captcha  
-
   validates_presence_of :target_id, :article_name, :email, :name, :article_body
  
   settings_items :email, :type => String
@@ -20,11 +20,14 @@ class Task &lt; ActiveRecord::Base
     # the status of a task that was cancelled.
     CANCELLED = 2
  
-    # the status os a task that was successfully finished
+    # the status of a task that was successfully finished
     FINISHED = 3
  
+    # the status of a task that was created but is not displayed yet
+    HIDDEN = 4
+
     def self.names
-      [nil, N_('Active'), N_('Cancelled'), N_('Finished')]
+      [nil, N_('Active'), N_('Cancelled'), N_('Finished'), N_('Hidden')]
     end
   end
  
@@ -38,7 +41,7 @@ class Task &lt; ActiveRecord::Base
  
   def initialize(*args)
     super
-    self.status ||= Task::Status::ACTIVE
+    self.status = (args.first ? args.first[:status] : nil) || Task::Status::ACTIVE
   end
  
   attr_accessor :code_length
@@ -52,20 +55,26 @@ class Task &lt; ActiveRecord::Base
   end
  
   after_create do |task|
-    begin
-      task.send(:send_notification, :created)
-    rescue NotImplementedError => ex
-      RAILS_DEFAULT_LOGGER.info ex.to_s
-    end
-    
-    begin
-      target_msg = task.target_notification_message
-      TaskMailer.deliver_target_notification(task, target_msg) if target_msg
-    rescue NotImplementedError => ex
-      RAILS_DEFAULT_LOGGER.info ex.to_s
+    unless task.status == Task::Status::HIDDEN
+      begin
+        task.send(:send_notification, :created)
+      rescue NotImplementedError => ex
+        RAILS_DEFAULT_LOGGER.info ex.to_s
+      end
+
+      begin
+        target_msg = task.target_notification_message
+        TaskMailer.deliver_target_notification(task, target_msg) if target_msg
+      rescue NotImplementedError => ex
+        RAILS_DEFAULT_LOGGER.info ex.to_s
+      end
     end
   end
  
+  def self.all_types
+    %w[Invitation EnterpriseActivation AddMember Ticket SuggestArticle  AddFriend CreateCommunity AbuseComplaint ApproveArticle CreateEnterprise ChangePassword EmailActivation InviteFriend InviteMember]
+  end
+
   # this method finished the task. It calls #perform, which must be overriden
   # by subclasses. At the end a message (as returned by #finish_message) is
   # sent to the requestor with #notify_requestor.
@@ -175,6 +184,12 @@ class Task &lt; ActiveRecord::Base
     raise NotImplementedError, "#{self} does not implement #task_cancelled_message"
   end
  
+  # The message that will be sent to the requestor of the task when its
+  # activated.
+  def task_activated_message
+    raise NotImplementedError, "#{self} does not implement #task_cancelled_message"
+  end
+
   # The message that will be sent to the *target* of the task when it is
   # created. The indent of this message is to notify the target about the
   # request that was just created for him/her. 
@@ -199,6 +214,23 @@ class Task &lt; ActiveRecord::Base
     self.target.environment unless self.target.nil?
   end
  
+  def activate
+    self.status = Task::Status::ACTIVE
+    save!
+    begin
+      self.send(:send_notification, :activated)
+    rescue NotImplementedError => ex
+      RAILS_DEFAULT_LOGGER.info ex.to_s
+    end
+
+    begin
+      target_msg = target_notification_message
+      TaskMailer.deliver_target_notification(self, target_msg) if target_msg
+    rescue NotImplementedError => ex
+      RAILS_DEFAULT_LOGGER.info ex.to_s
+    end
+  end
+
   protected
  
   # This method must be overrided in subclasses, and its implementation must do
@@ -232,6 +264,23 @@ class Task &lt; ActiveRecord::Base
  
   named_scope :pending, :conditions => { :status =>  Task::Status::ACTIVE }
   named_scope :finished, :conditions => { :status =>  [Task::Status::CANCELLED, Task::Status::FINISHED] }
+  named_scope :opened, :conditions => { :status =>  [Task::Status::ACTIVE, Task::Status::HIDDEN] }
+  named_scope :of, lambda { |type| conditions = type ? "type LIKE '#{type}'" : "1=1"; {:conditions =>  [conditions]} }
+  named_scope :order_by, lambda { |attribute, ord| {:order => "#{attribute} #{ord}"} }
+
+  named_scope :to, lambda { |profile|
+    environment_condition = nil
+    if profile.person?
+      envs_ids = Environment.find(:all).select{ |env| profile.is_admin?(env) }.map { |env| "target_id = #{env.id}"}.join(' OR ')
+      environment_condition = envs_ids.blank? ? nil : "(target_type = 'Environment' AND (#{envs_ids}))"
+    end
+    profile_condition = "(target_type = 'Profile' AND target_id = #{profile.id})"
+    { :conditions => [environment_condition, profile_condition].compact.join(' OR ') }
+  }
+
+  def opened?
+    status == Task::Status::ACTIVE || status == Task::Status::HIDDEN
+  end
  
   class << self
  
@@ -254,6 +303,10 @@ class Task &lt; ActiveRecord::Base
       self.find(:first, :conditions => { :code => code, :status => Task::Status::ACTIVE })
     end
  
+    def per_page
+      15
+    end
+
   end
  
 end
 # a base class for all text article types.  
 class TextArticle < Article
  
-  xss_terminate :only => [ :name, :abstract, :body ], :on => 'validation'
+  xss_terminate :only => [ :name ], :on => 'validation'
  
   include Noosfero::TranslatableContent
  
@@ -9,11 +9,28 @@ class TextileArticle &lt; TextArticle
   end
  
   def to_html(options ={})
-    RedCloth.new(self.body|| '').to_html
+    convert_to_html(body)
+  end
+
+  def lead
+    if abstract.blank?
+      super
+    else
+      convert_to_html(abstract)
+    end
   end
  
   def notifiable?
     true
   end
  
+  protected
+
+  def convert_to_html(textile)
+    @@sanitizer ||= HTML::WhiteListSanitizer.new
+    converter = RedCloth.new(textile|| '')
+    converter.hard_breaks = false
+    @@sanitizer.sanitize(converter.to_html)
+  end
+
 end
@@ -2,4 +2,8 @@ class Thumbnail &lt; ActiveRecord::Base
   has_attachment :storage => :file_system,
     :content_type => :image, :max_size => 5.megabytes
   validates_as_attachment
+
+  sanitize_filename
+
+  postgresql_attachment_fu
 end
 class Ticket < Task
-  settings_items :title, :message
+  settings_items :name, :message
+
+  def title
+    _('Ticket') + (name ? ': '+name : '')
+  end
 end
@@ -18,6 +18,8 @@ class UploadedFile &lt; Article
  
   validates_size_of :title, :maximum => 60, :if => (lambda { |file| !file.title.blank? })
  
+  sanitize_filename
+
   before_create do |uploaded_file|
     uploaded_file.is_image = true if uploaded_file.image?
   end
@@ -52,6 +54,8 @@ class UploadedFile &lt; Article
  
   delay_attachment_fu_thumbnails
  
+  postgresql_attachment_fu
+
   def self.icon_name(article = nil)
     if article
       article.image? ? article.public_filename(:icon) : (article.mime_type ? article.mime_type.gsub(/[\/+.]/, '-') : 'upload-file')
@@ -132,4 +136,8 @@ class UploadedFile &lt; Article
   def gallery?
     self.parent && self.parent.folder? && self.parent.gallery?
   end
+
+  def uploaded_file?
+    true
+  end
 end
@@ -21,6 +21,8 @@ class User &lt; ActiveRecord::Base
     end
   end
  
+  before_create :make_activation_code
+
   before_create do |user|
     if user.environment.nil?
       user.environment = Environment.default
@@ -31,8 +33,11 @@ class User &lt; ActiveRecord::Base
     user.person ||= Person.new
     user.person.attributes = user.person_data.merge(:identifier => user.login, :user_id => user.id, :environment_id => user.environment_id)
     user.person.name ||= user.login
+    user.person.visible = false unless user.activated?
     user.person.save!
   end
+  after_create :deliver_activation_code
+  after_create :delay_activation_check
  
   attr_writer :person_data
   def person_data
@@ -55,6 +60,17 @@ class User &lt; ActiveRecord::Base
         :environment => user.environment.name,
         :url => url_for(:host => user.environment.default_hostname, :controller => 'home')
     end
+
+    def activation_code(user)
+      recipients user.email
+
+      from "#{user.environment.name} <#{user.environment.contact_email}>"
+      subject _("[%s] Activate your account") % [user.environment.name]
+      body :recipient => user.name,
+        :activation_code => user.activation_code,
+        :environment => user.environment.name,
+        :url => user.environment.top_url
+    end
   end
  
   def signup!
@@ -67,6 +83,8 @@ class User &lt; ActiveRecord::Base
   has_one :person, :dependent => :destroy
   belongs_to :environment
  
+  attr_protected :activated_at
+
   # Virtual attribute for the unencrypted password
   attr_accessor :password
  
@@ -87,10 +105,22 @@ class User &lt; ActiveRecord::Base
   # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
   def self.authenticate(login, password, environment = nil)
     environment ||= Environment.default
-    u = find_by_login_and_environment_id(login, environment.id) # need to get the salt
+    u = first :conditions => ['login = ? AND environment_id = ? AND activated_at IS NOT NULL', login, environment.id] # need to get the salt
     u && u.authenticated?(password) ? u : nil
   end
  
+  # Activates the user in the database.
+  def activate
+    self.activated_at = Time.now.utc
+    self.activation_code = nil
+    self.person.visible = true
+    self.person.save! && self.save
+  end
+
+  def activated?
+    self.activation_code.nil? && !self.activated_at.nil?
+  end
+
   class UnsupportedEncryptionType < Exception; end
  
   def self.system_encryption_method
@@ -195,7 +225,7 @@ class User &lt; ActiveRecord::Base
   end
  
   def name
-    person.name
+    person ? person.name : login
   end
  
   def enable_email!
@@ -253,4 +283,16 @@ class User &lt; ActiveRecord::Base
     def password_required?
       crypted_password.blank? || !password.blank?
     end
+
+    def make_activation_code
+      self.activation_code = Digest::SHA1.hexdigest(Time.now.to_s.split(//).sort_by{rand}.join)
+    end
+
+    def deliver_activation_code
+      User::Mailer.deliver_activation_code(self) unless self.activation_code.blank?
+    end
+
+    def delay_activation_check
+      Delayed::Job.enqueue(UserActivationJob.new(self.id), 0, 72.hours.from_now)
+    end
 end
@@ -21,7 +21,7 @@ protected
     blocks = article.profile.blocks
     blocks += article.profile.environment.blocks if article.profile.environment
     blocks = blocks.select{|b|[RecentDocumentsBlock, BlogArchivesBlock].any?{|c| b.kind_of?(c)}}
-    blocks.map(&:cache_keys).each{|ck|expire_timeout_fragment(ck)}
+    blocks.map(&:cache_key).each{|ck|expire_timeout_fragment(ck)}
     env = article.profile.environment
     if env && (env.portal_community == article.profile)
       expire_fragment(env.portal_news_cache_key)
@@ -35,7 +35,7 @@ protected
     end
  
     blocks = profile.blocks.select{|b| b.kind_of?(FriendsBlock)}
-    blocks.map(&:cache_keys).each{|ck|expire_timeout_fragment(ck)}
+    blocks.map(&:cache_key).each{|ck|expire_timeout_fragment(ck)}
   end
  
 end
@@ -23,12 +23,25 @@ protected
     expire_profile_index(profile) if profile.person?
  
     profile.blocks.each do |block|
-      expire_timeout_fragment(block.cache_keys)
+      expire_timeout_fragment(block.cache_key)
     end
+
+    expire_blogs(profile) if profile.organization?
   end
  
   def expire_statistics_block_cache(profile)
     blocks = profile.environment.blocks.select { |b| b.kind_of?(EnvironmentStatisticsBlock) }
-    blocks.map(&:cache_keys).each{|ck|expire_timeout_fragment(ck)}
+    blocks.map(&:cache_key).each{|ck|expire_timeout_fragment(ck)}
   end
+
+  def expire_blogs(profile)
+    profile.blogs.select{|b| !b.empty?}.each do |blog|
+      pages = blog.posts.count / blog.posts_per_page + 1
+      ([nil] + (1..pages).to_a).each do |i|
+        expire_timeout_fragment(blog.cache_key({:npage => i}))
+        expire_timeout_fragment(blog.cache_key({:npage => i}, profile))
+      end
+    end
+  end
+
 end
@@ -25,7 +25,7 @@ protected
  
     profile.blocks_to_expire_cache.each { |block|
       blocks = profile.blocks.select{|b| b.kind_of?(block)}
-      blocks.map(&:cache_keys).each{|ck|expire_timeout_fragment(ck)}
+      blocks.map(&:cache_key).each{|ck|expire_timeout_fragment(ck)}
     }
   end
  
@@ -7,8 +7,7 @@
 </div>
 <% end %>
  
-<% labelled_form_for :user, @user do |f| %>
-<%= icaptcha_field() %>
+<% labelled_form_for :user, @user, :html => { :multipart => true } do |f| %>
  
 <%= hidden_field_tag :invitation_code, @invitation_code %>
  
@@ -5,9 +5,11 @@
 <% @user ||= User.new %>
 <% is_thickbox ||= false %>
  
+<%= @message %>
+
 <% labelled_form_for :user, @user, :url => login_url do |f| %>
  
-     <%= f.text_field :login, :id => 'main_user_login', :onchange => 'this.value = convToValidLogin( this.value )' %>
+     <%= f.text_field :login, :id => 'main_user_login', :onchange => 'this.value = convToValidLogin( this.value )', :value => params[:userlogin] %>
  
      <%= f.password_field :password %>
  
 <h1><%= _('Signup') %></h1>
-<%= render :partial => 'signup_form' %>
+<% if @register_pending %>
+  <%= _('Thanks for signing up! Now check your e-mail to activate your account!') %>
+  <p style="text-align: center"><%= link_to(_('Go to the homepage'), '/') %></p>
+<% else %>
+  <%= render :partial => 'signup_form' %>
+<% end %>
 <h1><%= _('Edit Templates') %></h1>
  
 <ul>
-<li><%= link_to _('Edit Person Template'), :controller => 'profile_editor', :profile => environment.person_template.identifier %></li>
-<li><%= link_to _('Edit Community Template'), :controller => 'profile_editor', :profile => environment.community_template.identifier %></li>
-<li><%= link_to __('Edit Enterprise Template'), :controller => 'profile_editor', :profile => environment.enterprise_template.identifier %></li>
+<% [[_('Edit Person Template'), environment.person_template],
+    [_('Edit Community Template'), environment.community_template],
+    [__('Edit Enterprise Template'), environment.enterprise_template],
+    [__('Edit Inactive Enterprise Template'), environment.inactive_enterprise_template]].select{|i| i[1]}.each do |row| %>
+<li><%= link_to row[0], :controller => 'profile_editor', :profile => row[1].identifier %></li>
+<% end %>
 </ul>
@@ -3,7 +3,7 @@
 <p><%= _('You, as an environment administrator, has the following options:')%></p>
  
 <table>
-  <tr><td><%= link_to _('Edit site info'), :action => 'site_info' %></td></tr>
+  <tr><td><%= link_to _('Edit environment settings'), :action => 'site_info' %></td></tr>
   <tr><td><%= link_to __('Edit message for disabled enterprises'), :action => 'message_for_disabled_enterprise' %></td></tr>
   <tr><td><%= link_to _('Enable/disable features'), :controller => 'features' %></td></tr>
   <tr><td><%= link_to _('Enable/disable plugins'), :controller => 'plugins' %></td></tr>
@@ -16,4 +16,7 @@
   <tr><td><%= link_to _('Manage Fields'), :controller => 'features', :action => 'manage_fields' %></td></tr>
   <tr><td><%= link_to _('Set Portal'), :action => 'set_portal_community' %></td></tr>
   <tr><td><%= link_to _('Terms of use'), :action => 'terms_of_use' %></td></tr>
+  <% @plugins.map(:admin_panel_links).each do |link| %>
+    <tr><td><%= link_to link[:title], link[:url] %></td></tr>
+  <% end %>
 </table>
-<h2><%= _('Site info') %></h2>
+<h2><%= _('Environment settings') %></h2>
  
-<%= render :file => 'shared/tiny_mce' %>
-
-<% labelled_form_for :environment, @environment do |f| %>
+<%= error_messages_for :environment %>
  
-  <%= labelled_form_field(_('Site name'), text_field(:environment, :name)) %>
+<%= render :file => 'shared/tiny_mce' %>
  
+<% labelled_form_for :environment, @environment, :url => {:host => @environment.default_hostname} do |f| %>
+  <%= required labelled_form_field(_('Site name'), text_field(:environment, :name)) %>
+  <%= required f.text_field(:reports_lower_bound, :size => 3) %>
   <%= labelled_form_field _('Homepage content'), text_area(:environment, :description, :cols => 40, :style => 'width: 90%', :class => 'mceEditor') %>
  
   <% button_bar do %>
-    <%= submit_button(:save, _('Save')) %>
-    <%= button(:cancel, _('Cancel'), :action => 'index') %>
+    <%= submit_button(:save, _('Save'), :cancel => {:action => 'index'}) %>
   <% end %>
-
 <% end %>
@@ -6,7 +6,7 @@
   <li><%= link_to(__('Homepage'), owner.url, :class => 'url') %></li>
   <li><%= link_to(_('View profile'), owner.public_profile_url) %></li>
   <% if !user.nil? and owner.organization? and user.has_permission?('edit_profile', profile) %>
-    <li><%= link_to _('Control panel'), :controller => 'profile_editor' %></li>
+    <li><%= link_to _('Control panel'), :controller => 'profile_editor', :profile => profile.identifier %></li>
   <% end %>
 </ul>
  
@@ -20,5 +20,5 @@
  
 </div><!-- end class="vcard" -->
 <script type="text/javascript">
-  <%= remote_function :url => { :controller => 'profile', :action => 'profile_info', :block_id => block.id } %>
+  <%= remote_function :url => { :controller => 'profile', :profile => profile.identifier, :action => 'profile_info', :block_id => block.id } %>
 </script>
@@ -41,5 +41,5 @@
  
 </div><!-- end class="vcard" -->
 <script type="text/javascript">
-  <%= remote_function :url => { :controller => 'profile', :action => 'profile_info', :block_id => block.id } %>
+  <%= remote_function :url => { :controller => 'profile', :profile => profile.identifier, :action => 'profile_info', :block_id => block.id } %>
 </script>
 <ul>
   <% if logged_in? %>
-
     <% if profile.members.include?(user) %>
       <li>
-        <%= button(:delete, content_tag('span', __('Leave')), profile.leave_url, :class => 'leave-community', :title => _("Leave community"), :style => 'position: relative;') %>
-        <%= button(:add, content_tag('span', __('Join')), profile.join_url, :class => 'join-community', :title => _("Join community"), :style => 'position: relative; display: none;') %>
+        <%= button(:delete, content_tag('span', __('Leave')), profile.leave_url,
+          :class => 'leave-community',
+          :title => _("Leave community"),
+          :style => 'position: relative;') %>
+        <%= button(:add, content_tag('span', __('Join')), profile.join_url,
+          :class => 'join-community',
+          :title => _("Join community"),
+          :style => 'position: relative; display: none;') %>
       </li>
     <% else %>
       <% unless profile.already_request_membership?(user) %>
         <li>
-          <%= button(:delete, content_tag('span', __('Leave')), profile.leave_url, :class => 'leave-community', :title => _("Leave community"), :style => 'position: relative; display: none;') %>
-          <%= button(:add, content_tag('span', __('Join')), profile.join_url, :class => 'join-community', :title => _("Join community"), :style => 'position: relative;') %>
+        <%= button(:delete, content_tag('span', __('Leave')), profile.leave_url,
+          :class => 'leave-community',
+          :title => _("Leave community"),
+          :style => 'position: relative; display: none;') %>
+        <%= button(:add, content_tag('span', __('Join')), profile.join_url,
+          :class => 'join-community',
+          :title => _("Join community"),
+          :style => 'position: relative;') %>
         </li>
       <% end %>
     <% end %>
+
     <% if profile.enable_contact? %>
       <li>
-        <%= link_to content_tag('span', _('Send an e-mail')), {:profile => profile.identifier, :controller => 'contact', :action => 'new'}, :class => 'button with-text icon-menu-mail' %>
+      <%= link_to content_tag('span', _('Send an e-mail')),
+        { :profile => profile.identifier,
+          :controller => 'contact',
+          :action => 'new' },
+        :class => 'button with-text icon-menu-mail' %>
       </li>
     <% end %>
-    <%= render_environment_features(:profile_actions) %>
  
-  <% else %>
+    <li><%= report_abuse(profile, :button) %></li>
  
+    <%= render_environment_features(:profile_actions) %>
+  <% else %>
     <li>
-      <%= link_to content_tag('span', _('Join')), profile.join_not_logged_url, :class => 'button with-text icon-add', :title => _('Join this community') %>
+    <%= link_to content_tag('span', _('Join')), profile.join_not_logged_url,
+      :class => 'button with-text icon-add',
+      :title => _('Join this community') %>
     </li>
-
   <% end %>
 </ul>
@@ -7,4 +7,6 @@
   <% if profile.enable_contact? %>
     <li> <%= link_to content_tag('span', _('Send an e-mail')), {:profile => profile.identifier, :controller => 'contact', :action => 'new'}, {:id => 'enterprise-contact-button', :class => 'button with-text icon-menu-mail'} %> </li>
   <% end %>
+
+  <li><%= report_abuse(profile, :button) %></li>
 </ul>
@@ -11,5 +11,6 @@
       <li> <%= link_to content_tag('span', _('Send an e-mail')), {:profile => profile.identifier, :controller => 'contact', :action => 'new'}, :class => 'button with-text icon-menu-mail' %> </li>
     <% end %>
  
+    <li><%= report_abuse(profile, :button) %></li>
   <% end %>
 </ul>
@@ -5,6 +5,6 @@
   </p>
 <% else %>
   <% articles = @block.available_articles.select {|article| !article.folder? } %>
-  <%= select_tag('block[article_id]', options_for_select_with_title(articles.map {|item| [item.path, item.id]})) %>
+  <%= select_tag('block[article_id]', options_for_select_with_title(articles.map {|item| [item.path, item.id]}, @block.article ? @block.article.id : nil)) %>
 <% end %>
 </div>
@@ -14,6 +14,9 @@
     <%= radio_button(:block, :display, 'home_page_only') %>
     <%= label_tag('block_display_home_page_only', _('Only in the homepage')) %>
     <br/>
+    <%= radio_button(:block, :display, 'except_home_page') %>
+    <%= label_tag('block_display_except_home_page', _('In all pages, except in the homepage')) %>
+    <br/>
     <%= radio_button(:block, :display, 'never') %>
     <%= label_tag('block_display_never', _("Don't display")) %>
   </div>
@@ -0,0 +1,11 @@
+<li class="<%= 'browse-results-type-content ' + icon_for_article(result) %>">
+  <strong><%= link_to(result.title, result.view_url) %></strong>
+  <div class="item_meta">
+    <span class="item_by">
+    <%= _('by %s') % link_to(result.author.name, result.author.url) %>
+    </span>
+    <span class="extra-info">
+      <%= (@filter == 'more_recent' ? result.send(@filter + '_label') + show_date(result.created_at) : result.send(@filter + '_label')) %>
+    </span>
+  </div>
+</li>
@@ -8,7 +8,7 @@
     <% end %>
     <ul class='common-profile-list-block'>
       <% @results.each do |result| %>
-        <%= render :partial => partial_for_class(result.class), :locals => {:profile => result} %>
+        <%= render :partial => partial_for_class(result.class), :locals => {:result => result} %>
       <% end %>
     </ul>
     <br style='clear: both;'>
-<%= profile_image_link profile, :portrait, 'li',
-                                "<span class='adr'>#{profile.city}</span>" +
-                                (@filter == 'more_recent' ? profile.send(@filter + '_label') + show_date(profile.created_at) : profile.send(@filter + '_label')) %>
+<%= profile_image_link result, :portrait, 'li',
+                                "<span class='adr'>#{result.city}</span>" +
+                                (@filter == 'more_recent' ? result.send(@filter + '_label') + show_date(result.created_at) : result.send(@filter + '_label')) %>
-<%= profile_image_link profile, :portrait, 'li', @filter == 'more_recent' ? profile.send(@filter + '_label') + show_date(profile.created_at) : profile.send(@filter + '_label') %>
+<%= profile_image_link result, :portrait, 'li', @filter == 'more_recent' ? result.send(@filter + '_label') + show_date(result.created_at) : result.send(@filter + '_label') %>
@@ -0,0 +1,9 @@
+<%= search_page_title( @title, { :query => @query} ) %>
+
+<%= render :partial => 'search_form', :locals => {:action => 'contents'} %>
+
+<%= render :partial => 'display_results' %>
+
+<%= pagination_links @results %>
+
+<br style="clear:both" />
@@ -2,12 +2,12 @@
 <div class='treeitem'>
   <%= display_color_for_category(category) %>
   <%= category.name %>
-  <div class='button' id="show_button_<%= category.id %>">
-    <%= link_to_function(_('Show'), "['category_#{category.id}','hide_button_#{category.id}'].each(Element.show); Element.hide('show_button_#{category.id}');") unless category.children.empty? %>
-  </div>
-  <div class='button' id="hide_button_<%= category.id %>" style='display:none;'>
-    <%= link_to_function(_('Hide'), "['category_#{category.id}','hide_button_#{category.id}'].each(Element.hide); Element.show('show_button_#{category.id}') ") %>
-  </div>
+  <% if category.children.count > 0 %>
+    <div class='button' id="category-loading-<%= category.id %>" style="position: relative;">
+      <a href="#" id="show-button-<%= category.id %>" class="show-button" onclick="return false;" data-category="<%= category.id %>"><%= _('Show') %></a>
+    </div>
+    <a href="#" id="hide-button-<%= category.id %>" class="hide-button" onclick="return false;" data-category="<%= category.id %>" style="display: none;"><%= _('Hide') %></a>
+  <% end %>
  
   <div>
     <%= link_to _('Add subcategory'), :action => 'new', :parent_id => category %>
@@ -16,12 +16,6 @@
   </div>
 </div>
  
-  <div id="category_<%= category.id %>" style='display:none;'>
-    <% unless category.children.empty? %>
-      <ul class='tree'>
-        <%= render :partial => 'category', :collection => category.children %>
-      </ul>
-    <% end %>
-  </div>
+<ul id="category-sub-items-<%= category.id %>" class="tree" style='display:none;'></ul>
  
 </li>
@@ -0,0 +1,3 @@
+<% children.each do |category| %>
+  <%= render :partial => 'category', :locals => {:category => category} %>
+<% end %>
@@ -25,3 +25,4 @@
   <%= link_to _('New category'), :action => 'new', :type => 'Region' %>
 </div>
  
+<%= javascript_include_tag 'manage-categories' %>
@@ -50,7 +50,7 @@
   %>
 </div>
  
-<%= labelled_form_field(_('Description:'), text_area(:article, :body, :cols => 64, :rows => 10)) %>
+<%= labelled_form_field(_('Description:'), text_area(:article, :body, :rows => 10)) %>
  
 <%= labelled_form_field(_('How to display posts:'), f.select(:visualization_format, [ [ _('Full post'), 'full'], [ _('First paragraph'), 'short'] ])) %>
  
@@ -1,10 +0,0 @@
-<div id='media-listing-folder-documents' >
-  <ul>
-    <% documents.each do |document| %>
-      <li><%= link_to(document.name, document.view_url, :class => icon_for_article(document)) %></li>
-    <% end %>
-  </ul>
-  <div id='pagination-documents'>
-    <%= pagination_links documents, :param_name => 'dpage', :params => {:document_folder_id => params[:document_folder_id]} %>
-  </div>
-</div>
@@ -0,0 +1,4 @@
+<p>
+<em><%= _('Drag images to add them to the text.') unless @article.is_a?(TextileArticle) %>
+<%= _('Drag item names to the text to add links.') %></em>
+</p>
@@ -1,10 +0,0 @@
-<div id='media-listing-folder-images' >
-  <ul>
-    <% images.each do |image| %>
-      <li><%= image_tag image.public_filename %></li>
-    <% end %>
-  </ul>
-  <div id='pagination-images'>
-    <%= pagination_links images, :param_name => 'ipage', :params => {:image_folder_id => params[:image_folder_id]} %>
-  </div>
-</div>
@@ -1,3 +0,0 @@
-<iframe id='media-listing-iframe' src="<%= url_for(:controller => 'cms', :action => 'media_listing', :profile => profile.identifier, :type => @type) %>">
-  <p><%= _('Your browser does not support iframes.') %></p>
-</iframe>
...	...	@@ -3,7 +3,8 @@ Antonio Terceiro <terceiro@colivre.coop.br> <terceiro@softwarelivre.org>
3	3	Aurelio A. Heckert <aurelio@colivre.coop.br> <AurelioAHeckert@3f533792-8f58-4932-b0fe-aaf55b0a4547>
4	4	Aurelio A. Heckert <aurelio@colivre.coop.br> <aurelio@colivre.coop.br>
5	5	Aurelio A. Heckert <aurelio@colivre.coop.br> <aurium@gmail.com>
6		-Caio SBA <caiosba@gmail.com> <caiosba@safernet.org.br>
	6	+Caio SBA <caio@colivre.coop.br> <caiosba@gmail.com>
	7	+Caio SBA <caio@colivre.coop.br> <caiosba@safernet.org.br>
7	8	Daniela Soares Feitosa <danielafeitosa@colivre.coop.br> <DanielaFeitosa@3f533792-8f58-4932-b0fe-aaf55b0a4547>
8	9	Daniela Soares Feitosa <danielafeitosa@colivre.coop.br> <danielafeitosa@colivre.coop.br>
9	10	Daniela Soares Feitosa <danielafeitosa@colivre.coop.br> <daniela@sede.colivre.coop.br>
...	...
...	...	@@ -8,8 +8,9 @@ Developers
8	8
9	9	Antonio Terceiro <terceiro@colivre.coop.br>
10	10	Aurelio A. Heckert <aurelio@colivre.coop.br>
	11	+Braulio Bhavamitra <brauliobo@gmail.com>
11	12	Bráulio Bhavamitra <brauliobo@gmail.com>
12		-Caio SBA <caiosba@gmail.com>
	13	+Caio SBA <caio@colivre.coop.br>
13	14	Daniela Soares Feitosa <danielafeitosa@colivre.coop.br>
14	15	Daniel Cunha <daniel@colivre.coop.br>
15	16	Fernanda Lopes <nanda.listas+psl@gmail.com>
...	...	@@ -23,6 +24,7 @@ LinguÁgil 2010 <linguagil.bahia@gmail.com>
23	24	Martín Olivera <molivera@solar.org.ar>
24	25	Moises Machado <moises@colivre.coop.br>
25	26	Nanda Lopes <nanda.listas+psl@gmail.com>
	27	+Rafael Gomes <rafaelgomes@techfree.com.br>
26	28	Raphaël Rousseau <raph@r4f.org>
27	29	Raquel Lira <raquel.lira@gmail.com>
28	30	Rodrigo Souto <rodrigo@colivre.coop.br>
...	...
...	...	@@ -31,11 +31,13 @@ You can copy and paste the commands below into a terminal (please review the
31	31	commands and make sure you understand what you are doing):
32	32
33	33	# checkout the code from repository
34		- git clone git://git.colivre.coop.br/noosfero.git
	34	+ git clone git://gitorious.org/noosfero/noosfero.git
35	35	# enter the directory
36	36	cd noosfero
37	37	# copy a sample config file
38	38	cp config/database.yml.sqlite3 config/database.yml
	39	+ # create tmp directory if it doesn't exist
	40	+ mkdir tmp
39	41	# create the development database
40	42	rake db:schema:load
41	43	# run pending migrations
...	...	@@ -59,8 +61,8 @@ another port than 3000, you can use the -p option of ./script/server:
59	61
60	62	The above command makes the server available at http://localhost:9999/
61	63
62		-The sample-data data scripts creates one administrator user with login "ze" and
63		-password "test".
	64	+The sample-data data scripts creates two administrator users with login "ze" and
	65	+password "test" and login "adminuser" and password "admin".
64	66
65	67	Note that some operations, like generating image thumbnails, sending e-mails,
66	68	etc, are done in background in the context of a service independent from the
...	...	@@ -84,3 +86,7 @@ you want to enable it then you need to change some files:
84	86
85	87	3) Add in config/noosfero.yml at development section:
86	88	exception_recipients: [admin@example.com]
	89	+
	90	+== Releasing and building Debian package
	91	+
	92	+See RELEASING file.
...	...
...	...	@@ -43,6 +43,9 @@ case will need do install hicolor-icon-theme as well bacause tango-icon-theme
43	43	depends on it. After that you can try the command line above again, but
44	44	without "tango-icon-theme".
45	45
	46	+More Informations to install the tango-icon-theme on Debian Lenny:
	47	+* http://packages.debian.org/en/lenny/all/tango-icon-theme/download
	48	+
46	49	If you manage to install Noosfero successfully on other systems than Debian,
47	50	please feel free to contact the Noosfero development mailing with the
48	51	instructions for doing so, and we'll include it here.
...	...	@@ -98,7 +101,7 @@ downloading from git
98	101	Here we are cloning the noosfero repository from git. Note: you will need to
99	102	install git before.
100	103
101		-$ git clone git://git.colivre.coop.br/noosfero.git current
	104	+$ git clone git://gitorious.org/noosfero/noosfero.git current
102	105	$ cd current
103	106	$ git checkout -b stable origin/stable
104	107
...	...
...	...	@@ -221,16 +221,19 @@ Note: module proxy_http must be enabled:
221	221
222	222	# a2enmod proxy_http
223	223
224		-
225	224	8. DNS configuration
226	225
227		- * /etc/bind/db.colivre:
	226	+For this point, we assume you are using BIND as your DNS server. You need to
	227	+add the following entries to the DNS zone file corresponding to the domain
	228	+of your noosfero site:
228	229
229	230	_xmpp-client._tcp SRV 5 100 5222 master
230		-(...)
231	231	conference CNAME master
232	232	_xmpp-client._tcp.conference SRV 5 100 5222 master
233	233
	234	+If you are running a DNS server other than BIND, you will have to figure out
	235	+how to create equivalente rules for your zone file. Patches to this
	236	+documentation are welcome.
234	237
235	238	9. Testing this Setup
236	239
...	...
...	...	@@ -0,0 +1,163 @@
	1	+== Multitenancy support
	2	+
	3	+Multitenancy refers to a principle in software architecture where a
	4	+single instance of the software runs on a server, serving multiple
	5	+client organizations (tenants). Multitenancy is contrasted with a
	6	+multi-instance architecture where separate software instances (or
	7	+hardware systems) are set up for different client organizations. With
	8	+a multitenant architecture, a software application is designed to
	9	+virtually partition its data and configuration, and each client
	10	+organization works with a customized virtual application instance.
	11	+
	12	+Today this feature is available only for PostgreSQL databases.
	13	+
	14	+This document assumes that you have a new fully PostgresSQL default Noosfero
	15	+installation as explained at the INSTALL file.
	16	+
	17	+== Separated data
	18	+
	19	+The items below are separated for each hosted environment:
	20	+
	21	+* Uploaded files
	22	+* Database
	23	+* Ferret index
	24	+* ActiveRecord#cache_key
	25	+* Feed updater
	26	+* Delayed Job Workers
	27	+
	28	+== Database configuration file
	29	+
	30	+The file config/database.yml must follow a structure in order to
	31	+achieve multitenancy support. In this example, we will set 3
	32	+different environments: env1, env2 and env3.
	33	+
	34	+Each "hosted" environment must have an entry like this:
	35	+
	36	+env1_production:
	37	+ adapter: postgresql
	38	+ encoding: unicode
	39	+ database: noosfero
	40	+ schema_search_path: public
	41	+ username: noosfero
	42	+ domains:
	43	+ - env1.com
	44	+ - env1.org
	45	+
	46	+env2_production:
	47	+ adapter: postgresql
	48	+ encoding: unicode
	49	+ database: noosfero
	50	+ schema_search_path: env2
	51	+ username: noosfero
	52	+ domains:
	53	+ - env2.com
	54	+ - env2.org
	55	+
	56	+env3_production:
	57	+ adapter: postgresql
	58	+ encoding: unicode
	59	+ database: noosfero
	60	+ schema_search_path: env3
	61	+ username: noosfero
	62	+ domains:
	63	+ - env3.com
	64	+ - env3.net
	65	+
	66	+The "hosted" environments define, besides the schema_search_path, a
	67	+list of domains that, when accessed, tells which database the
	68	+application should use. Also, the environment name must end with
	69	+'_hosting', where 'hosting' is the name of the hosting environment.
	70	+
	71	+You must also tell the application which is the default environment.
	72	+
	73	+production:
	74	+ env1_production
	75	+
	76	+On the example above there are only three hosted environments, but it
	77	+can be more than three. The schemas 'env2' and 'env3' must already
	78	+exist in the same database of the hosting environment. As postgres
	79	+user, you can create them typing:
	80	+
	81	+$ psql database_name -c "CREATE SCHEMA env2 AUTHORIZATION database_user"
	82	+$ psql database_name -c "CREATE SCHEMA env3 AUTHORIZATION database_user"
	83	+
	84	+Replace database_name and database_user above with your stuff.
	85	+
	86	+So, yet on this same example, when a user accesses http://env2.com or
	87	+http://env2.org, the Noosfero application running on production will
	88	+turn the database schema to 'env2'. When the access is from domains
	89	+http://env3.com or http://env3.net, the schema to be loaded will be
	90	+'env3'.
	91	+
	92	+There is an example of this file in config/database.yml.multitenancy
	93	+
	94	+== Preparing the database
	95	+
	96	+Now create the environments:
	97	+
	98	+$ RAILS_ENV=production rake multitenancy:create
	99	+
	100	+This command above will create the hosted environment files equal to
	101	+their hosting environment, here called 'production'.
	102	+
	103	+Run db:schema:load for each other environment:
	104	+
	105	+$ RAILS_ENV=env2_production rake db:schema:load
	106	+$ RAILS_ENV=env3_production rake db:schema:load
	107	+
	108	+Then run the migrations for the hosting environment, and it will
	109	+run for each of its hosted environments:
	110	+
	111	+RAILS_ENV=production rake db:migrate
	112	+
	113	+== Start Noosfero
	114	+
	115	+Run Noosfero init file as root:
	116	+
	117	+# invoke-rc.d noosfero start
	118	+
	119	+== Ferret
	120	+
	121	+It's necessary to run only one instance of ferret_server. Don't worry
	122	+about this, Noosfero initializer had already done this for you.
	123	+
	124	+== Feed updater & Delayed job
	125	+
	126	+Just for your information, a daemon of feed-updater and delayed_job
	127	+must be running for each environment. Noosfero initializer do this,
	128	+relax.
	129	+
	130	+== Uploaded files
	131	+
	132	+When running with PostgreSQL, Noosfero uploads stuff to a folder named
	133	+the same way as the running schema. Inside the upload folder root, for
	134	+example, will be public/image_uploads/env2 and public/image_uploads/env3.
	135	+
	136	+== Adding multitenancy support to an existing Noosfero environment
	137	+
	138	+If you already have a Noosfero environment, you can turn it multitenant
	139	+by following the steps below in addition to the previous steps:
	140	+
	141	+1. Reindex your database
	142	+
	143	+Rebuild the Ferret index by running the following task just
	144	+for your hosting environment, do this as noosfero user:
	145	+
	146	+$ RAILS_ENV=production rake multitenancy:reindex
	147	+
	148	+2. Move the uploaded files to the right place
	149	+
	150	+Add a directory with the same name as your schema name (by default this
	151	+name is 'public') in the root of each upload directory, for example,
	152	+public/articles/0000 will be moved to public/articles/public/0000. Do this
	153	+with the directories public/image_uploads, public/articles and public/thumbnails.
	154	+
	155	+3. Fix paths on activities
	156	+
	157	+The profile activities store static paths to the images, so it's necessary to fix
	158	+these paths. You can do this easily by setting an alias on your webserver.
	159	+On Apache you can add the three rules below, where 'public' is the schema name:
	160	+
	161	+ RewriteRule ^/articles(.+) /articles/public$1
	162	+ RewriteRule ^/image_uploads(.+) /image_uploads/public$1
	163	+ RewriteRule ^/thumbnails(.+) /thumbnails/public$1
...	...
...	...	@@ -50,14 +50,22 @@ apache-compatible format. You should change your statistics generation software
50	50
51	51	# invoke-rc.d varnish restart
52	52
53		-6) Configure varnish to store separate caches for each language
	53	+6) Configure varnish to fit noosfero
	54	+(assuming Noosfero is installed in /var/lib/noosfero)
54	55
55		-6a) Add the following line to your /etc/varnish/default.vcl file (assuming
56		-Noosfero is installed in /var/lib/noosfero):
	56	+6a) Configure noosfero to do specific routines to varnish
	57	+
	58	+Add the following line to your /etc/varnish/default.vcl file:
	59	+
	60	+ include "/var/lib/noosfero/etc/noosfero/varnish-noosfero.vcl";
	61	+
	62	+6b) Configure varnish to store separate caches for each language
	63	+
	64	+Add the following line to your /etc/varnish/default.vcl file:
57	65
58	66	include "/var/lib/noosfero/etc/noosfero/varnish-accept-language.vcl";
59	67
60		-6b) Restart Varnish
	68	+7) Restart Varnish
61	69
62	70	# invoke-rc.d varnish restart
63	71
...	...
...	...	@@ -12,28 +12,28 @@ This file documents release-related activities.
12	12
13	13	== Releasing noosfero
14	14
	15	+Considering you are on a Debian GNU/Linux or Debian-based system
	16	+ # apt-get install devscripts debhelper
	17	+
15	18	To prepare a release of noosfero, you must follow the steps below:
16	19
17		-* finish all requirements and bugs assigned to the to-be-released version
18		-* make sure all tests pass
19		-* write release notes at the version's wiki topic.
20		-* generate package with <tt>rake package</tt>. Your tarball will be under the pkg/
21		- directory, named as noosfero-${VERSION}.tar.gz
22		-* test that the package contains everything that is needed: explode the tarball
23		- in a temporary directory, copy config/database.yml.sqlite3 to
24		- config/database.yml, and make <tt>rake db:migrate</tt> and <tt>rake test</tt>. If
25		- everything is ok, you are done. If not, maybe some files are not going into
26		- the tarball. See lib/tasks/package.rake, probably you'll need to change it.
27		-* Go to the version's wiki topic and edit it to reflect the new reality.
28		-* Attach the generated package to that topic. Before attaching calculate the md5 of the package (with mu5sum and paste the MD5 hash as comment in the attachment form)
	20	+* Finish all requirements and bugs assigned to the to-be-released version
	21	+* Make sure all tests pass
	22	+* Change the version in lib/noosfero.rb and debian/changelog to the
	23	+ to-be-released version (e.g. 0.2.0, 0.3.1)
	24	+* Write release notes at the version's wiki topic
	25	+* Generate packages with <tt>rake noosfero:release</tt>. Your tarball and deb
	26	+ pkg will be under the pkg/ directory. This task will create a git tag too.
	27	+* Test that the tarball and deb package are ok
	28	+* Go to the version's wiki topic and edit it to reflect the new reality
	29	+* Edit the topic WebPreferences and update DEBIAN_REPOSITORY_TOPICS setting
	30	+* Attach the generated packages to that topic. Before attaching calculate the
	31	+ sha1 of the package (with sha1sum and paste the SHA1 hash as comment in the
	32	+ attachment form)
29	33	* Download the attached and verify the MD5 hash
30		-* create a git tag for the released version with <tt>git tag</tt>.
31		-* IMMEDIATELY change the version in lib/noosfero.rb to the next version. (e.g.
32		- 0.2.0 -> 0.3.0)
33		-* update an eventual demonstration version that you run.
34		-* write an announcement e-mail to the relevant maimling lists pointing to the release notes, and maybe to the demonstration version.
	34	+* Update an eventual demonstration version that you run.
	35	+* Write an announcement e-mail to the relevant mailing lists pointing to the
	36	+ release notes, and maybe to the demonstration version.
35	37
36	38	If you had any problem during these steps, you can do <tt>rake clobber_package</tt> to
37	39	completely delete the generated packages and start the process again.
38		-
39		-
...	...
1	1	class AdminPanelController < AdminController
2	2
3		- before_filter :login_required
4		-
5	3	protect 'view_environment_admin_panel', :environment
6	4
7	5	def boxes_holder
...	...	@@ -11,6 +9,7 @@ class AdminPanelController < AdminController
11	9	def site_info
12	10	if request.post?
13	11	if @environment.update_attributes(params[:environment])
	12	+ session[:notice] = _('Environment settings updated')
14	13	redirect_to :action => 'index'
15	14	end
16	15	end
...	...
...	...	@@ -10,11 +10,16 @@ class CategoriesController < AdminController
10	10	@product_categories = environment.product_categories.find(:all, :conditions => {:parent_id => nil})
11	11	end
12	12
	13	+ def get_children
	14	+ children = Category.find(params[:id]).children
	15	+ render :partial => 'category_children', :locals => {:children => children}
	16	+ end
	17	+
13	18	ALLOWED_TYPES = CategoriesHelper::TYPES.map {\|item\| item[1] }
14	19
15	20	# posts back
16	21	def new
17		- type = (params[:type] \|\| 'Category')
	22	+ type = (params[:type] \|\| params[:parent_type] \|\| 'Category')
18	23	raise 'Type not allowed' unless ALLOWED_TYPES.include?(type)
19	24
20	25	@category = type.constantize.new(params[:category])
...	...