Merge branch 'master' into I4-Video-Gallery-Plugin

Conflicts: app/views/content_viewer/_article_toolbar.html.erb

Merge branch 'master' into I4-Video-Gallery-Plugin
Conflicts: app/views/content_viewer/_article_toolbar.html.erb
Evandro Junior
2 parents 880d6e8c c456fe22
Showing 1068 changed files with 44887 additions and 53175 deletions Show diff stats
AUTHORS.md
DEVELOPMENT.md
Gemfile
INSTALL.https.md
INSTALL.locales.md
MIGRATION_ISSUES
app/controllers/admin/admin_panel_controller.rb
app/controllers/admin/plugin_admin_controller.rb
app/controllers/admin/region_validators_controller.rb
app/controllers/admin/templates_controller.rb
app/controllers/admin/users_controller.rb
app/controllers/application_controller.rb
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile/friends_controller.rb
app/controllers/my_profile/memberships_controller.rb
app/controllers/my_profile/profile_design_controller.rb
app/controllers/my_profile/profile_editor_controller.rb
app/controllers/my_profile/profile_members_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/chat_controller.rb
@@ -40,6 +40,7 @@ Alessandro Palmeira + João M. M. Silva &lt;alessandro.palmeira@gmail.com&gt;
 Alessandro Palmeira + Paulo Meirelles <alessandro.palmeira@gmail.com>
 Alessandro Palmeira + Paulo Meirelles + João M. M. da Silva <alessandro.palmeira@gmail.com>
 Alessandro Palmeira + Rafael Manzo <alessandro.palmeira@gmail.com>
+analosnak <analosnak@gmail.com>
 Ana Losnak <analosnak@gmail.com>
 Andre Bernardes <andrebsguedes@gmail.com>
 Antonio Terceiro + Carlos Morais <terceiro@colivre.coop.br>
@@ -81,7 +82,6 @@ Carlos Morais + Diego Araújo &lt;diegoamc90@gmail.com&gt;
 Carlos Morais + Eduardo Morais <carlos88morais@gmail.com>
 Carlos Morais + Paulo Meirelles <carlos88morais@gmail.com>
 Carlos Morais + Pedro Leal <carlos88morais@gmail.com>
-Daniela Feitosa <dani@dohko.(none)>
 Daniel Alves + Diego Araújo <danpaulalves@gmail.com>
 Daniel Alves + Diego Araújo <diegoamc90@gmail.com>
 Daniel Alves + Diego Araújo + Guilherme Rojas <danpaulalves@gmail.com>
@@ -119,7 +119,6 @@ Diego Araújo + Renan Teruo &lt;diegoamc90@gmail.com&gt;
 Diego Araujo + Rodrigo Souto + Rafael Manzo <rr.manzo@gmail.com>
 Diego + Jefferson <diegoamc90@gmail.com>
 Diego Martinez <diegoamc90@gmail.com>
-Diego Martinez <diego@diego-K55A.(none)>
 Diego + Renan <renanteruoc@gmail.com>
 Eduardo Tourinho Edington <eduardo.edington@serpro.gov.br>
 Evandro Jr <evandrojr@gmail.com>
@@ -195,9 +194,11 @@ Luis David Aguilar Carlos &lt;ludwig9003@gmail.com&gt;
 Luiz Fernando de Freitas Matos <luiz@luizff.matos@gmail.com>
 Marcos Ramos <ms.ramos@outlook.com>
 Martín Olivera <molivera@solar.org.ar>
+Michal Čihař <michal@cihar.com>
 Moises Machado <moises@colivre.coop.br>
 Naíla Alves <naila@colivre.coop.br>
 Nanda Lopes <nanda.listas+psl@gmail.com>
+Parley Martins <parleypachecomartins@gmail.com>
 Paulo Meirelles + Alessandro Palmeira + João M. M. da Silva <paulo@softwarelivre.org>
 Paulo Meirelles + Alessandro Palmeira <paulo@softwarelivre.org>
 Paulo Meirelles + Carlos Morais <paulo@softwarelivre.org>
@@ -220,6 +221,7 @@ Rafael Reggiani Manzo + João M. M. da Silva &lt;rr.manzo@gmail.com&gt;
 Rafael Reggiani Manzo <rr.manzo@gmail.com>
 Raphaël Rousseau <raph@r4f.org>
 Raquel Lira <raquel.lira@gmail.com>
+Raquel <rcordioli@gmail.com>
 Renan Teruo + Caio Salgado <renanteruoc@gmail.com>
 Renan Teruoc + Diego Araujo <renanteruoc@gmail.com>
 Renan Teruo + Diego Araujo <renanteruoc@gmail.com>
@@ -227,13 +229,13 @@ Renan Teruo + Diego Araújo &lt;renanteruoc@gmail.com&gt;
 Renan Teruo + Paulo Meirelles <renanteruoc@gmail.com>
 Renan Teruo + Rafael Manzo <renanteruoc@gmail.com>
 Rodrigo Souto + Ana Losnak + Daniel Bucher + Caio Almeida + Leandro Nunes + Daniela Feitosa + Mariel Zasso <noosfero-br@listas.softwarelivre.org>
-Rodrigo Souto <diguliu@gmail.com>
 Rodrigo Souto <rodrigo@colivre.coop.br>
 Ronny Kursawe <kursawe.ronny@googlemail.com>
 root <root@debian.sdr.serpro>
 Samuel R. C. Vale <srcvale@holoscopio.com>
 Tallys Martins <tallysmartins@gmail.com>
 tallys <tallys@tallys.(none)>
+Thiago Zoroastro <thiago.zoroastro@bol.com.br>
 Valessio Brito <contato@valessiobrito.com.br>
 Valessio Brito <contato@valessiobrito.info>
 Valessio Brito <valessio@gmail.com>
@@ -0,0 +1,124 @@
+# Noosfero Development Policy
+
+## Developer Roles
+
+* *Developers* are everyone that is contributing code to Noosfero.
+* *Committers* are the people with direct commit access to the Noosfero source
+  code. They are responsible for reviewing contributions from other developers
+  and integrating them in the Noosfero code base. They are the members of the
+  [Noosfero group on Gitlab](https://gitlab.com/groups/noosfero/members).
+* *Release managers* are the people that are managing the release of a new
+  Noosfero version and/or the maintainance work of an existing Noosfero stable
+  branch. See MAINTAINANCE.md for details on the maintaince policy.
+
+## Development process
+
+* Every new feature or non-trivial bugfix should be reviewed by at least one
+  committer. This must be the case even if the original author is a committer.
+
+  * In the case the original author is a committer, he/she should feel free to
+    commit directly if after 1 week nobody has provided any kind of feedback.
+
+  * Developers who are not committers should feel free to ping committers if
+    they do not get feedback on their contributions after 1 week.
+
+    * On GitLab, one can just add a comment to the merge request; one can also
+      @-mention specific committers or other developers who have expertise on
+      the area of the contribution.
+
+  * Committers should follow the activity of the project, and try to help
+    reviewing contributions from others as much as possible.
+
+    * On GitLab one can get emails for all activity on a project by setting the
+      [notification settings](https://gitlab.com/profile/notifications) to
+      "watch".
+
+  * Anyone can help by reviewing contributions. Committers are the only ones
+    who can give the final approval to a contribution, but everyone is welcome
+    to help with code review, testing, etc.
+
+    * See note above about setting up notification on GitLab.
+
+* Committers should feel free to push trivial (or urgent) changes directly.
+  There are no strict rule on what makes a change trivial or urgent; committers
+  are expected to exercise good judgement on a case by case basis.
+
+  * Usually changes to the database are not trivial.
+
+* In the case of unsolvable conflict between commiters regarding any change to
+  the code, the current release manager(s) will have the final say in the
+  matter.
+
+* Release managers are responsible for stablishing a release schedule, and
+  about deciding when and what to release.
+
+  * Release managers should announce release schedules to the project mailing
+    lists in advance.
+
+  * The release schedule may include a period of feature freeze, during which
+    no new features or any other changes that are not pre-approved by the
+    release manager must be committed to the repository.
+
+  * Committers must respect the release schedule and feature freezes.
+
+## Maintainance process
+
+### Not all feature releases will be maintained as a stable release
+
+We will be choosing specific release series to be maintained as stable
+releases.
+
+This means that a given release is not guaranteed to be maintained as a stable
+release, but does *not* mean it won't be. Any committer (or anyone, really) can
+decide to maintain a given release as stable and seek help from others to do
+so.
+
+### No merges from stable branches to master
+
+*All* changes must be submitted against the master branch first, and when
+applicable, backported to the desired stable releases. Exceptions to this rules
+are bug fixes that only apply to a given stable branch and not to master.
+
+In the past we had non-trivial changes accepted into stable releases while
+master was way ahead (e.g. during the rails3 migration period), that made the
+merge back into master very painful.  By eliminating the need to do these
+merges, we save time for the people responsible for the release, and eliminate
+the possibility of human errors or oversights causing changes to be accepted
+into stable that will be a problem to merge back into master.
+
+By getting all fixes in master first, we improve the chances that  a future
+release will not present regressions against bugs that should already be fixed,
+but the fixes got lost in a big, complicated merge (and those won't exist
+anymore, at least not from stable branches to master).
+
+After a fix gets into master, backporting changes into a stable release branch
+is the responsibility of whoever is maintaing that branch, and those interested
+in it. The stable branch release manager(s) are entitled the final say on any
+matters related to that branch.
+
+## Apendix A: how to become a committer
+
+Every developer that wants to be a committer should create [an issue on
+Gitlab](https://gitlab.com/noosfero/noosfero/issues) requesting to be added as
+a committer. This request must include information about the requestor's
+previous contributions to the project.
+
+If 2 or more commiters consider second the request, the requestor is accepted
+as new commiter and added to the Noosfero group.
+
+The existing committers are free to choose whatever criteria they want to
+second the request, but they must be sure that the new committer is a
+responsible developer and knows what she/he is doing. They must be aware that
+seconding these requests means seconding the actions of the new committer: if
+the new committer screw up, her/his seconds screwed up.
+
+## Apendix B: how to become a release manager
+
+A new release manager for the development version of Noosfero (i.e. the one
+that includes new features, a.k.a. the master branch) is apointed by the
+current release manager, and must be a committer first.
+
+Release managers for stable branches are self-appointed, i.e. whoever takes the
+work takes the role. In case of a conflict (e.g. 2+ different people want to do
+the work but can't agree on working together), the development release manager
+decides.
 source "https://rubygems.org"
-gem 'rails',                    '~> 3.2.19'
+gem 'rails',                    '~> 3.2.21'
+gem 'minitest',                 '~> 3.2.0'
 gem 'fast_gettext',             '~> 0.6.8'
 gem 'acts-as-taggable-on',      '~> 3.0.2'
 gem 'prototype-rails',          '~> 3.2.1'
@@ -18,6 +19,9 @@ gem &#39;rake&#39;, :require =&gt; false
 gem 'rest-client',              '~> 1.6.7'
 gem 'exception_notification',   '~> 4.0.1'
 gem 'gettext',                  '~> 2.2.1', :require => false, :group => :development
+gem 'locale',                   '~> 2.0.5'
+
+gem 'whenever', :require => false
  
 # FIXME list here all actual dependencies (i.e. the ones in debian/control),
 # with their GEM names (not the Debian package names)
@@ -40,8 +44,9 @@ group :cucumber do
   gem 'selenium-webdriver',     '~> 2.39.0'
 end
  
-# include plugin gemfiles
-Dir.glob(File.join('config', 'plugins', '*')).each do |plugin|
-  plugin_gemfile = File.join(plugin, 'Gemfile')
-  eval File.read(plugin_gemfile) if File.exists?(plugin_gemfile)
+# include gemfiles from enabled plugins
+# plugins in baseplugins/ are not included on purpose. They should not have any
+# dependencies.
+Dir.glob('config/plugins/*/Gemfile').each do |gemfile|
+  eval File.read(gemfile)
 end
-Setup Noosfero to use HTTPS
-===========================
+# Setup Noosfero to use HTTPS
  
 This document assumes that you have a fully and clean Noosfero
 installation as explained at the `INSTALL.md` file.
  
-SSL certificate
-+++++++++++++++
+## Creating a self-signed SSL certificate
  
 You should get a valid SSL certificate, but if you want to test
 your setup before, you could generate a self-signed certificate
@@ -17,99 +15,106 @@ as below:
     # openssl req -new -x509 -nodes -sha1 -days $[10*365] -key noosfero.key > noosfero.cert
     # cat noosfero.key noosfero.cert > noosfero.pem
  
+## Web server configuration
+
 There are two ways of using SSL with Noosfero: 1) If you are not using
 Varnish; and 2) If you are using Varnish.
  
-1) If you are are not using Varnish
-+++++++++++++++++++++++++++++++++++
+### 1) If you are are not using Varnish
  
 Simply do a redirect in apache to force all connections with SSL:
  
-  <VirtualHost *:8080>
-    ServerName test.stoa.usp.br
-   
-    Redirect / https://example.com/
-  </VirtualHost>
+```
+<VirtualHost *:8080>
+  ServerName test.stoa.usp.br
+  Redirect / https://example.com/
+</VirtualHost>
+```
  
 And set a vhost to receive then:
  
-  <VirtualHost *:443>
-    ServerName example.com
-   
-    SSLEngine On
-    SSLCertificateFile    /etc/ssl/certs/cert.pem
-    SSLCertificateKeyFile /etc/ssl/private/cert.key
-   
-    Include /etc/noosfero/apache/virtualhost.conf
-  </VirtualHost>
+```
+<VirtualHost *:443>
+  ServerName example.com
+  SSLEngine On
+  SSLCertificateFile    /etc/ssl/certs/cert.pem
+  SSLCertificateKeyFile /etc/ssl/private/cert.key
+  Include /etc/noosfero/apache/virtualhost.conf
+</VirtualHost>
+```
  
 Be aware that if you had configured varnish, the requests won't reach
 it with this configuration.
  
-2) If you are using Varnish
-+++++++++++++++++++++++++++
-
-Varnish isn't able to communicate with the SSL protocol, so we will
-need some one who do this and Pound[1] can do the job. In order to
-install it in Debian based systems:
+### 2) If you are using Varnish
  
-  $ sudo apt-get install pound
+Varnish isn't able to communicate with the SSL protocol, so we will need some
+one else who do this and [Pound](http://www.apsis.ch/pound) can do the job. In
+order to install it in Debian based systems:
  
-Set Varnish to listen in other port than 80:
+```
+$ sudo apt-get install pound
+```
  
-/etc/defaults/varnish
----------------------
+Set Varnish to listen in other port than 80 in `/etc/defaults/varnish`:
  
-  DAEMON_OPTS="-a localhost:6081 \
-               -T localhost:6082 \ 
-               -f /etc/varnish/default.vcl \ 
-               -S /etc/varnish/secret \ 
-               -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
+```
+DAEMON_OPTS="-a localhost:6081 \
+             -T localhost:6082 \
+             -f /etc/varnish/default.vcl \
+             -S /etc/varnish/secret \
+             -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
+```
  
 Configure Pound:
  
-    # cp /usr/share/noosfero/etc/pound.cfg /etc/pound/
-
-Edit /etc/pound.cfg and set the IP and domain of your server.
+```
+# cp /usr/share/noosfero/etc/pound.cfg /etc/pound/
+```
  
-Configure Pound to start at system initialization:
+Edit `/etc/pound.cfg` and set the IP and domain of your server.
  
-/etc/default/pound
+Configure Pound to start at system initialization. At `/etc/default/pound`:
 ------------------
  
-  startup=1
+```
+startup=1
+```
  
-Set Apache to only listen to localhost:
+Set Apache to only listen to localhost, at `/etc/apache2/ports.conf`:
  
-/etc/apache2/ports.conf
------------------------
-
-  Listen 127.0.0.1:8080
+```
+Listen 127.0.0.1:8080
+```
  
 Restart the services:
  
-  $ sudo service apache2 restart
-  $ sudo service varnish restart
+```
+$ sudo service apache2 restart
+$ sudo service varnish restart
+```
  
 Start pound:
  
-  $ sudo service pound start
-
-[1] http://www.apsis.ch/pound
+```
+$ sudo service pound start
+```
  
-Noosfero XMPP chat
-++++++++++++++++++
+## Noosfero XMPP chat
  
 If you want to use chat over HTTPS, then you should add the domain
-and IP of your server in the /etc/hosts file, example:
+and IP of your server in the /etc/hosts file, example
  
-/etc/hosts
-----------
+`/etc/hosts:`
  
-  192.168.1.86	mydomain.example.com
+```
+192.168.1.86	mydomain.example.com
+```
  
-Also, it's recomended that you remove lines above from the file
+Also, it's recomended that you remove the lines below from the file
 `/etc/apache2/sites-enabled/noosfero`:
  
-    RewriteEngine On
-    Include /usr/share/noosfero/util/chat/apache/xmpp.conf
+```
+RewriteEngine On
+Include /usr/share/noosfero/util/chat/apache/xmpp.conf
+```
@@ -0,0 +1,29 @@
+Using custom locales
+====================
+
+Personalized translations go into the `config/custom_locales/` directory.
+Custom locales can be identified by the rails environment, schema name in a
+multitenancy setup or domain name until the first dot (e.g env1.coop.br for the
+example below).
+
+Currently, the only filename prefix for the localization file which is
+processed is "environment". For instance, a POT file would be called
+"environment.pot".
+
+The structure of an environment named env1 with custom translations for both
+Portuguese and Spanish and an environment named env2 with custom Russian
+translation would be:
+
+    config/
+      custom_locales/
+        env1/
+          environment.pot
+          pt/
+            environment.po
+          es/
+            environment.po
+        env2/
+          environment.pot
+          ru/
+            environment.po
+
@@ -1,41 +0,0 @@
-* ruby-get-text incmopatible with rails3. Maybe we can use it's gem
-
-* all js code is inside miscellaneous.js. Would be nice to refactor this
-
-* rails 2 uses prototype instead of jquery
-
-* config/environment.rb maybe still have some code that should be on the initializers
-
-* initializers session_store.rb inflections.rb... don't exist
-
-* rails gems version have to be forced on Gemfile or it will use incompatible pre3vious versions (3.1.3)
-
-* Sweepers are now natively supported on Rails 3. Would be nice to refactor it
-
-* On Rails 3 it is no more possible to add allowed tags to avoid scape. The html_safe initializer is an option.
-
-* error when call sqlite_extensiosn
-
-* error related to action_tracker
-
-* check FIXME's in script/quick-start
-
-* check FIXME's in Gemfile
-
-* Check the FIXME in config/routes.rb
-
-* rewrite conditional routing. See FIXME in lib/route_if.rb and re-implement using the Rails 3 mechanism - http://guides.rubyonrails.org/routing.html#advanced-constraints
-
-* check FIXME's in config/environment.rb
-
-* xss_terminate sucks. We should replace it with the builtin mechanism in Rails 3
-
-* instance_eval on Ruby 1.9 yields self, so lambdas that are passed to instance_eval and do not accept exactly 1 argument will blow up. See http://www.ruby-forum.com/topic/213313 ... search for instance_eval and fix where necessary. In special, most of the blocks still need fixing.
-
-* all instances of <% *_form_for ... %> must be changed to <%= instead of <%
-
-* all ActiveRecord models have to declare explicitly which attributes must be allowed for mass assignment with attr_accessible.
-
-* check if we need to update config/locales/*
-
-* check observe_field and labelled_form_for in app/helpers/application_helper.rb
@@ -71,4 +71,22 @@ class AdminPanelController &lt; AdminController
       end
     end
   end
+
+  def manage_organizations_status
+    scope = environment.organizations
+    @filter = params[:filter] || 'any'
+    @title = "Organization profiles"
+    @title = @title+" - "+@filter if @filter != 'any'
+
+    if @filter == 'enabled'
+      scope = scope.visible
+    elsif @filter == 'disabled'
+      scope = scope.disabled
+    end
+
+    scope = scope.order('name ASC')
+
+    @q = params[:q]
+    @collection = find_by_contents(:organizations, scope, @q, {:per_page => 10, :page => params[:npage]})[:results]
+  end
 end
@@ -0,0 +1,5 @@
+class PluginAdminController < AdminController
+
+  protect 'edit_environment_features', :environment
+
+end
@@ -33,7 +33,7 @@ class RegionValidatorsController &lt; AdminController
   def load_region_and_search
     @region = environment.regions.find(params[:id])
     if params[:search]
-      @search = find_by_contents(:organizations, Organization, params[:search])[:results].reject {|item| @region.validator_ids.include?(item.id) }
+      @search = find_by_contents(:organizations, environment, Organization, params[:search])[:results].reject {|item| @region.validator_ids.include?(item.id) }
     end
   end
  
@@ -40,8 +40,67 @@ class TemplatesController &lt; AdminController
     end
   end
  
+  def set_community_as_default
+    begin
+      community = environment.communities.find(params[:template_id])
+    rescue ActiveRecord::RecordNotFound
+      message = _('Community not found. The template could no be changed.')
+      community = nil
+    end
+
+    message = _('%s defined as default') % community.name if set_as_default(community)
+    session[:notice] = message
+
+    redirect_to :action => 'index'
+  end
+
+  def set_person_as_default
+    begin
+      person = environment.people.find(params[:template_id])
+    rescue ActiveRecord::RecordNotFound
+      message = _('Person not found. The template could no be changed.')
+      person = nil
+    end
+
+    message = _('%s defined as default') % person.name if set_as_default(person)
+    session[:notice] = message
+
+    redirect_to :action => 'index'
+  end
+
+  def set_enterprise_as_default
+    begin
+      enterprise = environment.enterprises.find(params[:template_id])
+    rescue ActiveRecord::RecordNotFound
+      message = _('Enterprise not found. The template could no be changed.')
+      enterprise = nil
+    end
+
+    message = _('%s defined as default') % enterprise.name if set_as_default(enterprise)
+    session[:notice] = message
+
+    redirect_to :action => 'index'
+  end
+
   private
  
+  def set_as_default(obj)
+    return nil if obj.nil?
+    case obj.class.name
+      when 'Community' then
+        environment.community_default_template = obj
+        environment.save!
+      when 'Person' then
+        environment.person_default_template = obj
+        environment.save!
+      when 'Enterprise' then
+        environment.enterprise_default_template = obj
+        environment.save!
+      else
+        nil
+    end
+  end
+
   def create_organization_template(klass)
     identifier = params[:name].to_slug
     template = klass.new(:name => params[:name], :identifier => identifier, :is_template => true)
@@ -18,7 +18,7 @@ class UsersController &lt; AdminController
     end
     scope = scope.order('name ASC')
     @q = params[:q]
-    @collection = find_by_contents(:people, scope, @q, {:per_page => per_page, :page => params[:npage]})[:results]
+    @collection = find_by_contents(:people, environment, scope, @q, {:per_page => per_page, :page => params[:npage]})[:results]
   end
  
   def set_admin_role
@@ -127,6 +127,9 @@ class ApplicationController &lt; ActionController::Base
  
   # TODO: move this logic somewhere else (Domain class?)
   def detect_stuff_by_domain
+    # Sets text domain based on request host for custom internationalization
+    FastGettext.text_domain = Domain.custom_locale(request.host)
+
     @domain = Domain.find_by_name(request.host)
     if @domain.nil?
       @environment = Environment.default
@@ -180,21 +183,19 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  def find_by_contents(asset, scope, query, paginate_options={:page => 1}, options={})
-    plugins.dispatch_first(:find_by_contents, asset, scope, query, paginate_options, options) ||
-    fallback_find_by_contents(asset, scope, query, paginate_options, options)
-  end
+  include SearchTermHelper
  
-  private
+  def find_by_contents(asset, context, scope, query, paginate_options={:page => 1}, options={})
+    search = plugins.dispatch_first(:find_by_contents, asset, scope, query, paginate_options, options)
+    register_search_term(query, scope.count, search[:results].count, context, asset)
+    search
+  end
  
-  def fallback_find_by_contents(asset, scope, query, paginate_options, options)
-    scope = scope.like_search(query) unless query.blank?
-    scope = scope.send(options[:filter]) unless options[:filter].blank?
-    {:results => scope.paginate(paginate_options)}
+  def find_suggestions(query, context, asset, options={})
+    plugins.dispatch_first(:find_suggestions, query, context, asset, options)
   end
  
   def private_environment?
     @environment.enabled?(:restrict_to_members)
   end
-
 end
@@ -23,6 +23,9 @@ class CmsController &lt; MyProfileController
   end
  
   before_filter :login_required, :except => [:suggest_an_article]
+  before_filter :load_recent_files, :only => [:new, :edit]
+
+  helper_method :file_types
  
   protect_if :only => :upload_files do |c, user, profile|
     article_id = c.params[:parent_id]
@@ -30,7 +33,7 @@ class CmsController &lt; MyProfileController
     (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
   end
  
-  protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new] do |c, user, profile|
+  protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :publish_on_portal_community, :publish_on_communities, :search_communities_to_publish, :upload_files, :new] do |c, user, profile|
     user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))
   end
  
@@ -40,7 +43,7 @@ class CmsController &lt; MyProfileController
     (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
   end
  
-  protect_if :only => [:destroy, :publish] do |c, user, profile|
+  protect_if :only => :destroy do |c, user, profile|
     profile.articles.find(c.params[:id]).allow_post_content?(user)
   end
  
@@ -117,7 +120,7 @@ class CmsController &lt; MyProfileController
     @success_back_to = params[:success_back_to]
     # user must choose an article type first
  
-    @parent = profile.articles.find(params[:parent_id]) if params && params[:parent_id]
+    @parent = profile.articles.find(params[:parent_id]) if params && params[:parent_id].present?
     record_coming
     @type = params[:type]
     if @type.blank?
@@ -163,7 +166,10 @@ class CmsController &lt; MyProfileController
         if continue
           redirect_to :action => 'edit', :id => @article
         else
-          success_redirect
+          respond_to do |format|
+            format.html { success_redirect }
+            format.json { render :text => {:id => @article.id, :full_name => profile.identifier + '/' + @article.full_name}.to_json }
+          end
         end
         return
       end
@@ -174,6 +180,8 @@ class CmsController &lt; MyProfileController
  
   post_only :set_home_page
   def set_home_page
+    return render_access_denied unless user.can_change_homepage?
+
     article = params[:id].nil? ? nil : profile.articles.find(params[:id])
     profile.update_attribute(:home_page, article)
  
@@ -212,6 +220,7 @@ class CmsController &lt; MyProfileController
       if @errors.any?
         render :action => 'upload_files', :parent_id => @parent_id
       else
+        session[:notice] = _('File(s) successfully uploaded') 
         if @back_to
           redirect_to @back_to
         elsif @parent
@@ -253,28 +262,53 @@ class CmsController &lt; MyProfileController
     render :template => 'shared/update_categories', :locals => { :category => @current_category, :object_name => 'article' }
   end
  
+  def search_communities_to_publish
+    render :text => find_by_contents(:profiles, environment, user.memberships, params['q'], {:page => 1}, {:fields => ['name']})[:results].map {|community| {:id => community.id, :name => community.name} }.to_json
+  end
+
   def publish
     @article = profile.articles.find(params[:id])
     record_coming
-    @groups = profile.memberships - [profile]
-    @marked_groups = []
-    groups_ids = profile.memberships.map{|m|m.id.to_s}
-    @marked_groups = params[:marked_groups].map do |key, item|
-      if groups_ids.include?(item[:group_id])
-        item.merge :group => Profile.find(item.delete(:group_id))
+    @failed = {}
+    if request.post?
+      article_name = params[:name]
+      task = ApproveArticle.create!(:article => @article, :name => article_name, :target => user, :requestor => user)
+      begin
+        task.finish
+      rescue Exception => ex
+         @failed[ex.message] ? @failed[ex.message] << @article.name : @failed[ex.message] = [@article.name]
+         task.cancel
+      end
+      if @failed.blank?
+        session[:notice] = _("Your publish request was sent successfully")
+        if @back_to
+          redirect_to @back_to
+        else
+          redirect_to @article.view_url
+        end
       end
-    end.compact unless params[:marked_groups].nil?
+    end
+  end
+
+  def publish_on_communities
     if request.post?
+      @back_to = params[:back_to]
+      @article = profile.articles.find(params[:id])
       @failed = {}
+      article_name = params[:name]
+      params_marked = (params['q'] || '').split(',').select { |marked| user.memberships.map(&:id).include? marked.to_i }
+      @marked_groups = Profile.find(params_marked)
       if @marked_groups.empty?
+        redirect_to @back_to
         return session[:notice] = _("Select some group to publish your article")
       end
       @marked_groups.each do |item|
-        task = ApproveArticle.create!(:article => @article, :name => item[:name], :target => item[:group], :requestor => profile)
+        task = ApproveArticle.create!(:article => @article, :name => article_name, :target => item, :requestor => user)
         begin
-          task.finish unless item[:group].moderated_articles?
+          task.finish unless item.moderated_articles?
         rescue Exception => ex
-          @failed[ex.message] ? @failed[ex.message] << item[:group].name : @failed[ex.message] = [item[:group].name]
+           @failed[ex.message] ? @failed[ex.message] << item.name : @failed[ex.message] = [item.name]
+           task.cancel
         end
       end
       if @failed.blank?
@@ -284,23 +318,27 @@ class CmsController &lt; MyProfileController
         else
           redirect_to @article.view_url
         end
+      else
+        session[:notice] = _("Some of your publish requests couldn't be sent.")
+        render :action => 'publish'
       end
     end
   end
  
   def publish_on_portal_community
-    @article = profile.articles.find(params[:id])
     if request.post?
-      if environment.portal_community
+      @article = profile.articles.find(params[:id])
+      if environment.portal_enabled
         task = ApproveArticle.create!(:article => @article, :name => params[:name], :target => environment.portal_community, :requestor => user)
         begin
           task.finish unless environment.portal_community.moderated_articles?
-          flash[:notice] = _("Your publish request was sent successfully")
+          session[:notice] = _("Your publish request was sent successfully")
         rescue
-          flash[:error] = _("Your publish request couldn't be sent.")
+          session[:notice] = _("Your publish request couldn't be sent.")
+          task.cancel
         end
       else
-        flash[:notice] = _("There is no portal community to publish your article.")
+        session[:notice] = _("There is no portal community to publish your article.")
       end
  
       if @back_to
@@ -328,7 +366,7 @@ class CmsController &lt; MyProfileController
  
   def search
     query = params[:q]
-    results = find_by_contents(:uploaded_files, profile.files.published, query)[:results]
+    results = find_by_contents(:uploaded_files, profile, profile.files.published, query)[:results]
     render :text => article_list_to_json(results), :content_type => 'application/json'
   end
  
@@ -339,15 +377,26 @@ class CmsController &lt; MyProfileController
   end
  
   def media_upload
-    files_uploaded = []
     parent = check_parent(params[:parent_id])
-    files = [:file1,:file2, :file3].map { |f| params[f] }.compact
     if request.post?
-      files.each do |file|
-        files_uploaded << UploadedFile.create(:uploaded_data => file, :profile => profile, :parent => parent) unless file == ''
+      begin
+        @file = UploadedFile.create!(:uploaded_data => params[:file], :profile => profile, :parent => parent) unless params[:file] == ''
+        @file = FilePresenter.for(@file)
+      rescue Exception => exception
+        render :text => exception.to_s, :status => :bad_request
       end
     end
-    render :text => article_list_to_json(files_uploaded), :content_type => 'text/plain'
+  end
+
+  def published_media_items
+    load_recent_files(params[:parent_id], params[:q])
+    render :partial => 'published_media_items'
+  end
+
+  def view_all_media
+    paginate_options = {:page => params[:page].blank? ? 1 : params[:page] }
+    @key = params[:key].to_sym
+    load_recent_files(params[:parent_id], params[:q], paginate_options)
   end
  
   protected
@@ -442,4 +491,36 @@ class CmsController &lt; MyProfileController
     end
   end
  
+  def file_types
+    {:images => _('Images'), :generics => _('Files')}
+  end
+
+  def load_recent_files(parent_id = nil, q = nil, paginate_options = {:page => 1, :per_page => 6})
+    #TODO Since we only have special support for images, I'm limiting myself to
+    #     consider generic files as non-images. In the future, with more supported
+    #     file types we'll need to have a smart way to fetch from the database
+    #     scopes of each supported type as well as the non-supported types as a
+    #     whole.
+    @recent_files = {}
+
+    parent = parent_id.present? ? profile.articles.find(parent_id) : nil
+    if parent.present?
+      files = parent.children.files
+    else
+      files = profile.files
+    end
+
+    files = files.reorder('created_at DESC')
+    images = files.images
+    generics = files.no_images
+
+    if q.present?
+      @recent_files[:images] = find_by_contents(:images, profile, images, q, paginate_options)[:results]
+      @recent_files[:generics] = find_by_contents(:generics, profile, generics, q, paginate_options)[:results]
+    else
+      @recent_files[:images] = images.paginate(paginate_options)
+      @recent_files[:generics] = generics.paginate(paginate_options)
+    end
+  end
+
 end
@@ -3,6 +3,7 @@ class FriendsController &lt; MyProfileController
   protect 'manage_friends', :profile
  
   def index
+    @suggestions = profile.profile_suggestions.of_person.enabled.includes(:suggestion).limit(per_page)
     if is_cache_expired?(profile.manage_friends_cache_key(params))
       @friends = profile.friends.paginate(:per_page => per_page, :page => params[:npage])
     end
@@ -16,6 +17,30 @@ class FriendsController &lt; MyProfileController
     end
   end
  
+  def suggest
+    @suggestions = profile.profile_suggestions.of_person.enabled.includes(:suggestion).limit(per_page)
+  end
+
+  def remove_suggestion
+    @person = profile.suggested_people.find_by_identifier(params[:id])
+    redirect_to :action => 'suggest' unless @person
+    if @person && request.post?
+      profile.remove_suggestion(@person)
+      @suggestions = profile.profile_suggestions.of_person.enabled.includes(:suggestion).limit(per_page)
+      render :partial => 'shared/profile_suggestions_list', :locals => { :suggestions => @suggestions, :collection => :friends_suggestions, :per_page => params[:per_page] || per_page }
+    end
+  end
+
+  def connections
+    @suggestion = profile.profile_suggestions.of_person.enabled.find_by_suggestion_id(params[:id])
+    if @suggestion
+      @tags = @suggestion.tag_connections
+      @profiles = @suggestion.profile_connections
+    else
+      redirect_to :action => 'suggest'
+    end
+  end
+
   protected
  
   class << self
@@ -20,12 +20,54 @@ class MembershipsController &lt; MyProfileController
     @community.environment = environment
     @back_to = params[:back_to] || url_for(:action => 'index')
     if request.post? && @community.valid?
-      @community = Community.create_after_moderation(user, params[:community].merge({:environment => environment}))
-      if @community.new_record?
+      begin
+        # Community was created
+        @community = Community.create_after_moderation(user, params[:community].merge({:environment => environment}))
+        @community.reload
+        redirect_to :action => 'welcome', :community_id => @community.id, :back_to => @back_to
+      rescue ActiveRecord::RecordNotFound
+        # Community pending approval
         session[:notice] = _('Your new community creation request will be evaluated by an administrator. You will be notified.')
+        redirect_to @back_to
       end
-      redirect_to @back_to
       return
     end
   end
+
+  def welcome
+    @community = Community.find(params[:community_id])
+    @back_to = params[:back_to]
+  end
+
+  def suggest
+    @suggestions = profile.profile_suggestions.of_community.enabled.includes(:suggestion).limit(per_page)
+  end
+
+  def remove_suggestion
+    @community = profile.suggested_communities.find_by_identifier(params[:id])
+    custom_per_page = params[:per_page] || per_page
+    redirect_to :action => 'suggest' unless @community
+    if @community && request.post?
+      profile.remove_suggestion(@community)
+      @suggestions = profile.profile_suggestions.of_community.enabled.includes(:suggestion).limit(custom_per_page)
+      render :partial => 'shared/profile_suggestions_list', :locals => { :suggestions => @suggestions, :collection => :communities_suggestions, :per_page => custom_per_page}
+    end
+  end
+
+  def connections
+    @suggestion = profile.profile_suggestions.of_community.enabled.find_by_suggestion_id(params[:id])
+    if @suggestion
+      @tags = @suggestion.tag_connections
+      @profiles = @suggestion.profile_connections
+    else
+      redirect_to :action => 'suggest'
+    end
+  end
+
+  protected
+
+  def per_page
+    12
+  end
+
 end
@@ -3,7 +3,16 @@ class ProfileDesignController &lt; BoxOrganizerController
   needs_profile
  
   protect 'edit_profile_design', :profile
-  
+
+  before_filter :protect_fixed_block, :only => [:save, :move_block]
+
+  def protect_fixed_block
+    block = boxes_holder.blocks.find(params[:id].gsub(/^block-/, ''))
+    if block.fixed && !current_person.is_admin?
+      render_access_denied
+    end
+  end
+
   def available_blocks
     blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock, LinkListBlock, MyNetworkBlock, FeedReaderBlock, ProfileImageBlock, LocationBlock, SlideshowBlock, ProfileSearchBlock, HighlightsBlock ]
  
@@ -3,6 +3,10 @@ class ProfileEditorController &lt; MyProfileController
   protect 'edit_profile', :profile, :except => [:destroy_profile]
   protect 'destroy_profile', :profile, :only => [:destroy_profile]
  
+  before_filter :access_welcome_page, :only => [:welcome_page]
+  before_filter :back_to
+  helper_method :has_welcome_page
+
   def index
     @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)}
   end
@@ -16,14 +20,16 @@ class ProfileEditorController &lt; MyProfileController
     if request.post?
       params[:profile_data][:fields_privacy] ||= {} if profile.person? && params[:profile_data].is_a?(Hash)
       Profile.transaction do
-      Image.transaction do
-        if @profile_data.update_attributes(params[:profile_data])
-          redirect_to :action => 'index', :profile => profile.identifier
-        else
-          profile.identifier = params[:profile] if profile.identifier.blank?
+        Image.transaction do
+          begin
+            @plugins.dispatch(:profile_editor_transaction_extras)
+            @profile_data.update_attributes!(params[:profile_data])
+            redirect_to :action => 'index', :profile => profile.identifier
+          rescue Exception => ex
+            profile.identifier = params[:profile] if profile.identifier.blank?
+          end
         end
       end
-      end
     end
   end
  
@@ -72,10 +78,81 @@ class ProfileEditorController &lt; MyProfileController
     if request.post?
       if @profile.destroy
         session[:notice] = _('The profile was deleted.')
-        redirect_to :controller => 'home'
+        if(params[:return_to])
+          redirect_to params[:return_to]
+        else
+          redirect_to :controller => 'home'
+        end
       else
         session[:notice] = _('Could not delete profile')
       end
     end
   end
+
+  def welcome_page
+    @welcome_page = profile.welcome_page || TinyMceArticle.new(:name => 'Welcome Page', :profile => profile, :published => false)
+    if request.post?
+      begin
+        @welcome_page.update_attributes!(params[:welcome_page])
+        profile.welcome_page = @welcome_page
+        profile.save!
+        session[:notice] = _('Welcome page saved successfully.')
+        redirect_to :action => 'index'
+      rescue Exception => exception
+        session[:notice] = _('Welcome page could not be saved.')
+      end
+    end
+  end
+
+  def deactivate_profile
+    if environment.admins.include?(current_person)
+      profile = environment.profiles.find(params[:id])
+      if profile.disable
+        profile.save
+        session[:notice] = _("The profile '#{profile.name}' was deactivated.")
+      else
+        session[:notice] = _('Could not deactivate profile.')
+      end
+    end
+
+    redirect_to_previous_location
+  end
+
+  def activate_profile
+    if environment.admins.include?(current_person)
+      profile = environment.profiles.find(params[:id])
+
+      if profile.enable
+        session[:notice] = _("The profile '#{profile.name}' was activated.")
+      else
+        session[:notice] = _('Could not activate the profile.')
+      end
+    end
+
+    redirect_to_previous_location
+  end
+
+  protected
+
+  def redirect_to_previous_location
+    redirect_to @back_to
+  end
+
+  #TODO Consider using this as a general controller feature to be available on every action.
+  def back_to
+    @back_to = params[:back_to] || request.referer || "/"
+  end
+
+  private
+
+  def has_welcome_page
+    profile.is_template
+  end
+
+  def access_welcome_page
+    unless has_welcome_page
+      render_access_denied
+    end
+  end
+
 end
@@ -20,7 +20,7 @@ class ProfileMembersController &lt; MyProfileController
         redirect_to :action => :last_admin
       elsif @person.define_roles(@roles, profile)
         session[:notice] = _('Roles successfuly updated')
-        redirect_to :controller => 'profile_editor'
+        redirect_to :action => 'index'
       else
         session[:notice] = _('Couldn\'t change the roles')
         redirect_to :action => 'index'
@@ -82,10 +82,12 @@ class AccountController &lt; ApplicationController
     if @plugins.dispatch(:allow_user_registration).include?(false)
       redirect_back_or_default(:controller => 'home')
       session[:notice] = _("This environment doesn't allow user registration.")
+      return
     end
  
     store_location(request.referer) unless params[:return_to] or session[:return_to]
  
+    # Tranforming to boolean
     @block_bot = !!session[:may_be_a_bot]
     @invitation_code = params[:invitation_code]
     begin
@@ -129,8 +131,8 @@ class AccountController &lt; ApplicationController
             check_join_in_community(@user)
             go_to_signup_initial_page
           else
+            redirect_to :controller => :home, :action => :welcome, :template_id => (@user.person.template && @user.person.template.id)
             session[:notice] = _('Thanks for registering!')
-            @register_pending = true
           end
         end
       end
@@ -193,7 +195,7 @@ class AccountController &lt; ApplicationController
         else
           @change_password.errors[:base] << _('Could not find any user with %s equal to "%s".') % [fields_label, params[:value]]
         end
-      rescue ActiveRecord::RecordInvald
+      rescue ActiveRecord::RecordInvalid
         @change_password.errors[:base] << _('Could not perform password recovery for the user.')
       end
     end
@@ -461,6 +463,8 @@ class AccountController &lt; ApplicationController
         redirect_to user.url
       when 'user_control_panel'
         redirect_to user.admin_url
+      when 'welcome_page'
+        redirect_to :controller => :home, :action => :welcome, :template_id => (user.template && user.template.id)
     else
       redirect_back_or_default(default)
     end
@@ -19,7 +19,7 @@ class ChatController &lt; PublicController
   def avatar
     profile = environment.profiles.find_by_identifier(params[:id])
     filename, mimetype = profile_icon(profile, :minor, true)
-    if filename =~ /^https?:/
+    if filename =~ /^(https?:)?\/\//
       redirect_to filename
     else
       data = File.read(File.join(Rails.root, 'public', filename))
 class ContactController < PublicController
  
-  before_filter :login_required
-
   needs_profile
  
   def new
-    @contact
+    @contact = build_contact
     if request.post? && params[:confirm] == 'true'
-      @contact = user.build_contact(profile, params[:contact])
       @contact.city = (!params[:city].blank? && City.exists?(params[:city])) ? City.find(params[:city]).name : nil
       @contact.state = (!params[:state].blank? && State.exists?(params[:state])) ? State.find(params[:state]).name : nil
       if @contact.deliver
@@ -16,8 +13,17 @@ class ContactController &lt; PublicController
       else
         session[:notice] = _('Contact not sent')
       end
+    end
+  end
+
+  protected
+
+  def build_contact
+    params[:contact] ||= {}
+    if logged_in?
+      user.build_contact profile, params[:contact]
     else
-      @contact = user.build_contact(profile)
+      Contact.new params[:contact].merge(dest: profile)
     end
   end
  
@@ -126,7 +126,7 @@ class ContentViewerController &lt; ApplicationController
     elsif !@page.display_to?(user)
       if !profile.public?
         private_profile_partial_parameters
-        render :template => 'profile/_private_profile', :status => 403
+        render :template => 'profile/_private_profile', :status => 403, :formats => [:html]
         allowed = false
       else #if !profile.visible?
         render_access_denied
@@ -18,4 +18,10 @@ class HomeController &lt; PublicController
     @no_design_blocks = true
   end
  
+  def welcome
+    @no_design_blocks = true
+    @display_confirmation_tips = !user.present? && !environment.enabled?(:skip_new_user_email_confirmation)
+    @person_template = user && user.template || params[:template_id] && Person.find(params[:template_id])
+  end
+
 end
@@ -4,8 +4,15 @@ class InviteController &lt; PublicController
   before_filter :login_required
   before_filter :check_permissions_to_invite
  
-  def select_address_book
+  def invite_friends
     @import_from = params[:import_from] || "manual"
+    @mail_template = params[:mail_template] || environment.invitation_mail_template(profile)
+
+    labels = Profile::SEARCHABLE_FIELDS.except(:nickname).merge(User::SEARCHABLE_FIELDS).map { |name,info| info[:label].downcase }
+    last = labels.pop
+    label = labels.join(', ')
+    @search_fields = "#{label} #{_('or')} #{last}"
+
     if request.post?
       contact_list = ContactList.create
       Delayed::Job.enqueue GetEmailContactsJob.new(@import_from, params[:login], params[:password], contact_list.id) if @import_from != 'manual'
@@ -22,7 +29,7 @@ class InviteController &lt; PublicController
       webmail_import_addresses = params[:webmail_import_addresses]
       contacts_to_invite = Invitation.join_contacts(manual_import_addresses, webmail_import_addresses)
       if !contacts_to_invite.empty?
-        Delayed::Job.enqueue InvitationJob.new(current_user.person.id, contacts_to_invite, params[:mail_template], profile.id, @contact_list.id, locale)
+        Delayed::Job.enqueue InvitationJob.new(user.id, contacts_to_invite, params[:mail_template], profile.id, @contact_list.id, locale)
         session[:notice] = _('Your invitations are being sent.')
         if profile.person?
           redirect_to :controller => 'profile', :action => 'friends'
@@ -52,16 +59,36 @@ class InviteController &lt; PublicController
   def cancel_fetching_emails
     contact_list = ContactList.find(params[:contact_list])
     contact_list.destroy
-    redirect_to :action => 'select_address_book'
+    redirect_to :action => 'invite_friends'
+  end
+
+  def invite_registered_friend
+    contacts_to_invite = params['q'].split(',')
+    if !contacts_to_invite.empty? && request.post?
+      Delayed::Job.enqueue InvitationJob.new(user.id, contacts_to_invite, '', profile.id, nil, locale)
+      session[:notice] = _('Your invitations are being sent.')
+      if profile.person?
+        redirect_to :controller => 'profile', :action => 'friends'
+      else
+        redirect_to :controller => 'profile', :action => 'members'
+      end
+    else
+      redirect_to :action => 'invite_friends'
+      session[:notice] = _('Please enter a valid profile.')
+    end
+  end
+
+  def search
+    scope = profile.invite_friends_only ? user.friends : environment.people
+    scope = scope.not_members_of(profile) if profile.organization?
+    scope = scope.not_friends_of(profile) if profile.person?
+    results = find_by_contents(:people, environment, scope, params['q'], {:page => 1}, {:joins => :user})[:results]
+    render :text => prepare_to_token_input(results).to_json
   end
  
   protected
  
   def check_permissions_to_invite
-    if profile.person? and !current_user.person.has_permission?(:manage_friends, profile) or
-      profile.community? and !current_user.person.has_permission?(:invite_members, profile)
-      render_access_denied
-    end
+    render_access_denied if !profile.allow_invitation_from?(user)
   end
-
 end
@@ -17,8 +17,11 @@ class ProfileController &lt; PublicController
     end
     @tags = profile.article_tags
     unless profile.display_info_to?(user)
-      profile.visible? ? private_profile : invisible_profile
-      render :action => 'index', :status => 403
+      if profile.visible?
+        private_profile
+      else
+        invisible_profile
+      end
     end
   end
  
@@ -62,13 +65,13 @@ class ProfileController &lt; PublicController
  
   def friends
     if is_cache_expired?(profile.friends_cache_key(params))
-      @friends = profile.friends.includes(relations_to_include).paginate(:per_page => per_page, :page => params[:npage])
+      @friends = profile.friends.includes(relations_to_include).paginate(:per_page => per_page, :page => params[:npage], :total_entries => profile.friends.count)
     end
   end
  
   def members
     if is_cache_expired?(profile.members_cache_key(params))
-      @members = profile.members_by_name.includes(relations_to_include).paginate(:per_page => members_per_page, :page => params[:npage])
+      @members = profile.members_by_name.includes(relations_to_include).paginate(:per_page => members_per_page, :page => params[:npage], :total_entries => profile.members.count)
     end
   end
  
@@ -316,7 +319,7 @@ class ProfileController &lt; PublicController
         abuse_report = AbuseReport.new(params[:abuse_report])
         if !params[:content_type].blank?
           article = params[:content_type].constantize.find(params[:content_id])
-          abuse_report.content = instance_eval(&article.reported_version)
+          abuse_report.content = article_reported_version(article)
         end
  
         user.register_report(abuse_report, profile)
@@ -395,6 +398,7 @@ class ProfileController &lt; PublicController
  
   def private_profile
     private_profile_partial_parameters
+    render :action => 'index', :status => 403
   end
  
   def invisible_profile
@@ -9,9 +9,12 @@ class ProfileSearchController &lt; PublicController
     @q = params[:q]
     unless @q.blank?
       if params[:where] == 'environment'
-        redirect_to :controller => 'search', :query => @q
+        # user is using global search, redirects to the search controller with
+        # the query
+        search_path = url_for(:controller => 'search', :query => @q)
+        request.xhr? ? render(:js => "window.location.href = #{search_path.to_json}") : redirect_to(search_path)
       else
-        @results = find_by_contents(:articles, profile.articles.published, @q, {:per_page => 10, :page => params[:page]})[:results]
+        @results = find_by_contents(:articles, profile, profile.articles.published, @q, {:per_page => 10, :page => params[:page]})[:results]
       end
     end
   end
@@ -4,11 +4,11 @@ class SearchController &lt; PublicController
   include SearchHelper
   include ActionView::Helpers::NumberHelper
  
-  before_filter :redirect_asset_param, :except => :assets
-  before_filter :load_category
-  before_filter :load_search_assets
-  before_filter :load_query
-  before_filter :load_filter
+  before_filter :redirect_asset_param, :except => [:assets, :suggestions]
+  before_filter :load_category, :except => :suggestions
+  before_filter :load_search_assets, :except => :suggestions
+  before_filter :load_query, :except => :suggestions
+  before_filter :load_order, :except => :suggestions
  
   # Backwards compatibility with old URLs
   def redirect_asset_param
@@ -20,7 +20,7 @@ class SearchController &lt; PublicController
  
   def index
     @searches = {}
-    @order = []
+    @assets = []
     @names = {}
     @results_only = true
  
@@ -28,7 +28,7 @@ class SearchController &lt; PublicController
       load_query
       @asset = key
       send(key)
-      @order << key
+      @assets << key
       @names[key] = _(description)
     end
     @asset = nil
@@ -42,7 +42,7 @@ class SearchController &lt; PublicController
   # view the summary of one category
   def category_index
     @searches = {}
-    @order = []
+    @assets = []
     @names = {}
     limit = MULTIPLE_SEARCH_LIMIT
     [
@@ -53,7 +53,7 @@ class SearchController &lt; PublicController
       [ :communities, _('Communities'), :recent_communities ],
       [ :articles, _('Contents'), :recent_articles ]
     ].each do |asset, name, filter|
-      @order << asset
+      @assets << asset
       @searches[asset]= {:results => @category.send(filter, limit)}
       raise "No total_entries for: #{asset}" unless @searches[asset][:results].respond_to?(:total_entries)
       @names[asset] = name
@@ -90,10 +90,14 @@ class SearchController &lt; PublicController
   end
  
   def events
-    year = (params[:year] ? params[:year].to_i : Date.today.year)
-    month = (params[:month] ? params[:month].to_i : Date.today.month)
-    day = (params[:day] ? params[:day].to_i : Date.today.day)
-    @date = build_date(year, month, day)
+    if params[:year].blank? && params[:year].blank? && params[:day].blank?
+      @date = Date.today
+    else
+      year = (params[:year] ? params[:year].to_i : Date.today.year)
+      month = (params[:month] ? params[:month].to_i : Date.today.month)
+      day = (params[:day] ? params[:day].to_i : 1)
+      @date = build_date(year, month, day)
+    end
     date_range = (@date - 1.month).at_beginning_of_month..(@date + 1.month).at_end_of_month
  
     @events = []
@@ -143,12 +147,16 @@ class SearchController &lt; PublicController
     render :partial => 'events/events'
   end
  
+  def suggestions
+    render :text => find_suggestions(normalize_term(params[:term]), environment, params[:asset]).to_json
+  end
+
   #######################################################
   protected
  
   def load_query
     @asset = (params[:asset] || params[:action]).to_sym
-    @order ||= [@asset]
+    @assets ||= [@asset]
     @searches ||= {}
  
     @query = params[:query] || ''
@@ -169,13 +177,22 @@ class SearchController &lt; PublicController
     end
   end
  
+  AVAILABLE_SEARCHES = ActiveSupport::OrderedHash[
+    :articles, _('Contents'),
+    :people, _('People'),
+    :communities, _('Communities'),
+    :enterprises, _('Enterprises'),
+    :products, _('Products and Services'),
+    :events, _('Events'),
+  ]
+
   def load_search_assets
-    if SEARCHES.keys.include?(params[:action].to_sym) && environment.enabled?("disable_asset_#{params[:action]}")
+    if AVAILABLE_SEARCHES.keys.include?(params[:action].to_sym) && environment.enabled?("disable_asset_#{params[:action]}")
       render_not_found
       return
     end
  
-    @enabled_searches = SEARCHES.select {|key, name| environment.disabled?("disable_asset_#{key}") }
+    @enabled_searches = AVAILABLE_SEARCHES.select {|key, name| environment.disabled?("disable_asset_#{key}") }
     @searching = {}
     @titles = {}
     @enabled_searches.each do |key, name|
@@ -185,11 +202,11 @@ class SearchController &lt; PublicController
     @names = @titles if @names.nil?
   end
  
-  def load_filter
-    @filter = 'more_recent'
-    if SEARCHES.keys.include?(@asset.to_sym)
-      available_filters = asset_class(@asset)::SEARCH_FILTERS
-      @filter = params[:filter] if available_filters.include?(params[:filter])
+  def load_order
+    @order = 'more_recent'
+    if AVAILABLE_SEARCHES.keys.include?(@asset.to_sym)
+      available_orders = asset_class(@asset)::SEARCH_FILTERS[:order]
+      @order = params[:order] if available_orders.include?(params[:order])
     end
   end
  
@@ -213,7 +230,7 @@ class SearchController &lt; PublicController
   end
  
   def full_text_search
-    @searches[@asset] = find_by_contents(@asset, @scope, @query, paginate_options, {:category => @category, :filter => @filter})
+    @searches[@asset] = find_by_contents(@asset, environment, @scope, @query, paginate_options, {:category => @category, :filter => @order})
   end
  
   private
@@ -228,4 +245,14 @@ class SearchController &lt; PublicController
     20
   end
  
+  def available_assets
+    assets = ActiveSupport::OrderedHash[
+      :articles, _('Contents'),
+      :enterprises, _('Enterprises'),
+      :people, _('People'),
+      :communities, _('Communities'),
+      :products, _('Products and Services'),
+    ]
+  end
+
 end
@@ -433,19 +433,19 @@ module ApplicationHelper
   end
  
   def theme_site_title
-    theme_include('site_title')
+    @theme_site_title ||= theme_include 'site_title'
   end
  
   def theme_header
-    theme_include('header')
+    @theme_header ||= theme_include 'header'
   end
  
   def theme_footer
-    theme_include('footer')
+    @theme_footer ||= theme_include 'footer'
   end
  
   def theme_extra_navigation
-    theme_include('navigation')
+    @theme_extra_navigation ||= theme_include 'navigation'
   end
  
   def is_testing_theme
@@ -674,13 +674,14 @@ module ApplicationHelper
     html.join "\n"
   end
  
+  def theme_javascript_src
+    script = File.join theme_path, 'theme.js'
+    script if File.exists? File.join(Rails.root, 'public', script)
+  end
+
   def theme_javascript_ng
-    script = File.join(theme_path, 'theme.js')
-    if File.exists?(File.join(Rails.root, 'public', script))
-      javascript_include_tag script
-    else
-      nil
-    end
+    script = theme_javascript_src
+    javascript_include_tag script if script
   end
  
   def file_field_or_thumbnail(label, image, i)
@@ -861,8 +862,9 @@ module ApplicationHelper
   end
  
   def base_url
-    environment.top_url
+    environment.top_url(request.scheme)
   end
+  alias :top_url :base_url
  
   def helper_for_article(article)
     article_helper = ActionView::Base.new
@@ -907,13 +909,15 @@ module ApplicationHelper
   end
  
   def page_title
-    (@page ? @page.title + ' - ' : '') +
-    (@topic ? @topic.title + ' - ' : '') +
-    (@section ? @section.title + ' - ' : '') +
-    (@toc ? _('Online Manual') + ' - ' : '') +
-    (controller.controller_name == 'chat' ? _('Chat') + ' - ' : '') +
-    (profile ? profile.short_name : environment.name) +
-    (@category ? " - #{@category.full_name}" : '')
+    CGI.escapeHTML(
+      (@page ? @page.title + ' - ' : '') +
+      (@topic ? @topic.title + ' - ' : '') +
+      (@section ? @section.title + ' - ' : '') +
+      (@toc ? _('Online Manual') + ' - ' : '') +
+      (controller.controller_name == 'chat' ? _('Chat') + ' - ' : '') +
+      (profile ? profile.short_name : environment.name) +
+      (@category ? " - #{@category.full_name}" : '')
+    )
   end
  
   # DEPRECATED. Do not use this.
@@ -942,9 +946,9 @@ module ApplicationHelper
   # from Article model for an ArticleBlock.
   def reference_to_article(text, article, anchor=nil)
     if article.profile.domains.empty?
-      href = "/#{article.url[:profile]}/"
+      href = "#{Noosfero.root}/#{article.url[:profile]}/"
     else
-      href = "http://#{article.profile.domains.first.name}/"
+      href = "http://#{article.profile.domains.first.name}#{Noosfero.root}/"
     end
     href += article.url[:page].join('/')
     href += '#' + anchor if anchor
@@ -1285,11 +1289,13 @@ module ApplicationHelper
   end
  
   def delete_article_message(article)
-    if article.folder?
-      _("Are you sure that you want to remove the folder \"%s\"? Note that all the items inside it will also be removed!") % article.name
-    else
-      _("Are you sure that you want to remove the item \"%s\"?") % article.name
-    end
+    CGI.escapeHTML(
+      if article.folder?
+        _("Are you sure that you want to remove the folder \"%s\"? Note that all the items inside it will also be removed!") % article.name
+      else
+        _("Are you sure that you want to remove the item \"%s\"?") % article.name
+      end
+    )
   end
  
   def expirable_link_to(expired, content, url, options = {})
@@ -1301,8 +1307,19 @@ module ApplicationHelper
     end
   end
  
-  def remove_content_button(action)
-    @plugins.dispatch("content_remove_#{action.to_s}", @page).include?(true)
+  def content_remove_spread(content)
+    !content.public? || content.folder? || (profile == user && user.communities.blank? && !environment.portal_enabled)
+  end
+
+  def remove_content_button(action, content)
+    method_name = "content_remove_#{action.to_s}"
+    plugin_condition = @plugins.dispatch(method_name, content).include?(true)
+    begin
+      core_condition = self.send(method_name, content)
+    rescue NoMethodError
+      core_condition = false
+    end
+    core_condition || plugin_condition
   end
  
   def template_options(kind, field_name)
@@ -1310,10 +1327,8 @@ module ApplicationHelper
     return '' if templates.count == 0
     return hidden_field_tag("#{field_name}[template_id]", templates.first.id) if templates.count == 1
  
-    counter = 0
     radios = templates.map do |template|
-      counter += 1
-      content_tag('li', labelled_radio_button(link_to(template.name, template.url, :target => '_blank'), "#{field_name}[template_id]", template.id, counter==1))
+      content_tag('li', labelled_radio_button(link_to(template.name, template.url, :target => '_blank'), "#{field_name}[template_id]", template.id, environment.is_default_template?(template)))
     end.join("\n")
  
     content_tag('div', content_tag('label', _('Profile organization'), :for => 'template-options', :class => 'formlabel') +
@@ -1377,7 +1392,7 @@ module ApplicationHelper
       #     are old things that do not support it we are keeping this hot spot.
       html = @plugins.pipeline(:parse_content, html, source).first
     end
-    html
+    html && html.html_safe
   end
  
   def convert_macro(html, source)
@@ -1407,6 +1422,43 @@ module ApplicationHelper
     content_tag('ul', article.versions.map {|v| link_to("r#{v.version}", @page.url.merge(:version => v.version))})
   end
  
+  def search_input_with_suggestions(name, asset, default, options = {})
+    text_field_tag name, default, options.merge({:class => 'search-input-with-suggestions', 'data-asset' => asset})
+  end
+
+  def profile_suggestion_profile_connections(suggestion)
+    profiles = suggestion.profile_connections.first(4).map do |profile|
+      link_to(profile_image(profile, :icon, :title => profile.name), profile.url, :class => 'profile-suggestion-connection-icon')
+    end
+
+    controller_target = suggestion.suggestion_type == 'Person' ? :friends : :memberships
+    profiles << link_to("<big> +#{suggestion.profile_connections.count - 4}</big>", :controller => controller_target, :action => :connections, :id => suggestion.suggestion_id) if suggestion.profile_connections.count > 4
+
+    if profiles.present?
+      content_tag(:div, profiles.join , :class => 'profile-connections')
+    else
+      ''
+    end
+  end
+
+  def profile_suggestion_tag_connections(suggestion)
+    tags = suggestion.tag_connections.first(4).map do |tag|
+      tag.name + ', '
+    end
+    last_tag = tags.pop
+    tags << last_tag.strip.chop if last_tag.present?
+    title = tags.join
+
+    controller_target = suggestion.suggestion_type == 'Person' ? :friends : :memberships
+    tags << ' ' + link_to('...', {:controller => controller_target, :action => :connections, :id => suggestion.suggestion_id}, :class => 'more-tag-connections', :title => _('See all connections')) if suggestion.tag_connections.count > 4
+
+    if tags.present?
+      content_tag(:div, tags.join, :class => 'tag-connections', :title => title)
+    else
+      ''
+    end
+  end
+
   def labelled_colorpicker_field(human_name, object_name, method, options = {})
     options[:id] ||= 'text-field-' + FormsHelper.next_id_number
     content_tag('label', human_name, :for => options[:id], :class => 'formlabel') +
@@ -3,6 +3,12 @@ module ArticleHelper
   include PrototypeHelper
   include TokenHelper
  
+  def article_reported_version(article)
+    search_path = Rails.root.join('app', 'views', 'shared', 'reported_versions')
+    partial_path = File.join('shared', 'reported_versions', 'profile', partial_for_class_in_view_path(article.class, search_path))
+    render_to_string(:partial => partial_path, :locals => {:article => article})
+  end
+
   def custom_options_for_article(article, tokenized_children)
     @article = article
  
@@ -71,12 +77,59 @@ module ArticleHelper
       content_tag('div',
         radio_button(:article, :published, false) +
           content_tag('label', _('Private'), :for => 'article_published_false', :id => "label_private")
-       ) +
-      (article.profile.community? ? content_tag('div',
-        content_tag('label', _('Fill in the search field to add the exception users to see this content'), :id => "text-input-search-exception-users") +
-        token_input_field_tag(:q, 'search-article-privacy-exceptions', {:action => 'search_article_privacy_exceptions'},
-          {:focus => false, :hint_text => _('Type in a search term for a user'), :pre_populate => tokenized_children})) :
-          ''))
+      ) +
+      privacity_exceptions(article, tokenized_children)
+    )
+  end
+
+  def privacity_exceptions(article, tokenized_children)
+    content_tag('div',
+      content_tag('div',
+        (
+          if article.profile
+            add_option_to_followers(article, tokenized_children)
+          else
+            ''
+          end
+        )
+      ),
+      :style => "margin-left:10px"
+    )
+  end
+
+  def add_option_to_followers(article, tokenized_children)
+    label_message = article.profile.organization? ? _('For all community members') : _('For all your friends')
+
+    check_box(
+      :article,
+      :show_to_followers,
+      {:class => "custom_privacy_option"}
+    ) +
+    content_tag(
+      'label',
+      label_message,
+      :for => 'article_show_to_followers',
+      :id => 'label_show_to_followers'
+    ) +
+    (article.profile.community? ?
+      content_tag(
+        'div',
+        content_tag(
+          'label',
+          _('Fill in the search field to add the exception users to see this content'),
+          :id => "text-input-search-exception-users"
+        ) +
+        token_input_field_tag(
+          :q,
+          'search-article-privacy-exceptions',
+          {:action => 'search_article_privacy_exceptions'},
+          {
+            :focus => false,
+            :hint_text => _('Type in a search term for a user'),
+            :pre_populate => tokenized_children
+          }
+        )
+      ) : '')
   end
  
   def prepare_to_token_input(array)
@@ -170,49 +170,54 @@ module BoxesHelper
       else
         "before-block-#{block.id}"
       end
-
-    content_tag('div', '&nbsp;', :id => id, :class => 'block-target' ) + drop_receiving_element(id, :url => { :action => 'move_block', :target => id }, :accept => box.acceptable_blocks, :hoverclass => 'block-target-hover')
+    if block.nil? or modifiable?(block)
+      content_tag('div', '&nbsp;', :id => id, :class => 'block-target' ) + drop_receiving_element(id, :url => { :action => 'move_block', :target => id }, :accept => box.acceptable_blocks, :hoverclass => 'block-target-hover')
+    else
+      ""
+    end
   end
  
   # makes the given block draggable so it can be moved away.
   def block_handle(block)
-    draggable_element("block-#{block.id}", :revert => true)
+    modifiable?(block) ? draggable_element("block-#{block.id}", :revert => true) : ""
   end
  
   def block_edit_buttons(block)
     buttons = []
     nowhere = 'javascript: return false;'
  
-    if block.first?
-      buttons << icon_button('up-disabled', _("Can't move up anymore."), nowhere)
-    else
-      buttons << icon_button('up', _('Move block up'), { :action => 'move_block_up', :id => block.id }, { :method => 'post' })
-    end
+    if modifiable?(block)
+      if block.first?
+        buttons << icon_button('up-disabled', _("Can't move up anymore."), nowhere)
+      else
+        buttons << icon_button('up', _('Move block up'), { :action => 'move_block_up', :id => block.id }, { :method => 'post' })
+      end
  
-    if block.last?
-      buttons << icon_button('down-disabled', _("Can't move down anymore."), nowhere)
-    else
-      buttons << icon_button(:down, _('Move block down'), { :action => 'move_block_down' ,:id => block.id }, { :method => 'post'})
-    end
+      if block.last?
+        buttons << icon_button('down-disabled', _("Can't move down anymore."), nowhere)
+      else
+        buttons << icon_button(:down, _('Move block down'), { :action => 'move_block_down' ,:id => block.id }, { :method => 'post'})
+      end
  
-    holder = block.owner
-    # move to opposite side
-    # FIXME too much hardcoded stuff
-    if holder.layout_template == 'default'
-      if block.box.position == 2 # area 2, left side => move to right side
-        buttons << icon_button('right', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[2].id.to_s, :id => block.id }, :method => 'post' )
-      elsif block.box.position == 3 # area 3, right side => move to left side
-        buttons << icon_button('left', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[1].id.to_s, :id => block.id }, :method => 'post' )
+      holder = block.owner
+      # move to opposite side
+      # FIXME too much hardcoded stuff
+      if holder.layout_template == 'default'
+        if block.box.position == 2 # area 2, left side => move to right side
+          buttons << icon_button('right', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[2].id.to_s, :id => block.id }, :method => 'post' )
+        elsif block.box.position == 3 # area 3, right side => move to left side
+          buttons << icon_button('left', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[1].id.to_s, :id => block.id }, :method => 'post' )
+        end
       end
-    end
  
-    if block.editable?
-      buttons << colorbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
-    end
+      if block.editable?
+        buttons << colorbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
+      end
  
-    if !block.main?
-      buttons << icon_button(:delete, _('Remove block'), { :action => 'remove', :id => block.id }, { :method => 'post', :confirm => _('Are you sure you want to remove this block?')})
-      buttons << icon_button(:clone, _('Clone'), { :action => 'clone_block', :id => block.id }, { :method => 'post' })
+      if !block.main?
+        buttons << icon_button(:delete, _('Remove block'), { :action => 'remove', :id => block.id }, { :method => 'post', :confirm => _('Are you sure you want to remove this block?')})
+        buttons << icon_button(:clone, _('Clone'), { :action => 'clone_block', :id => block.id }, { :method => 'post' })
+      end
     end
  
     if block.respond_to?(:help)
@@ -248,5 +253,7 @@ module BoxesHelper
     classes
   end
  
-
+  def modifiable?(block)
+    return !block.fixed || environment.admins.include?(user)
+  end
 end
@@ -40,12 +40,8 @@ module CmsHelper
     end
   end
  
-  def display_spread_button(profile, article)
-    if profile.person?
-      expirable_button article, :spread, _('Spread this'), :action => 'publish', :id => article.id
-    elsif profile.community? && environment.portal_community
-      expirable_button article, :spread, _('Spread this'), :action => 'publish_on_portal_community', :id => article.id
-    end
+  def display_spread_button(article)
+    expirable_button article, :spread, _('Spread this'), {:action => 'publish', :id => article.id}, {:class => 'colorbox'}
   end
  
   def display_delete_button(article)
@@ -10,7 +10,7 @@ module ContentViewerHelper
   end
  
   def number_of_comments(article)
-    display_number_of_comments(article.comments_count - article.spam_comments_count)
+    display_number_of_comments(article.comments_count - article.spam_comments_count.to_i)
   end
  
   def article_title(article, args = {})
@@ -45,7 +45,7 @@ module ContentViewerHelper
         { article.environment.locales[translation.language] => { :href => url_for(translation.url) } }
       end
       content_tag(:div, link_to(_('Translations'), '#',
-                                :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{links.to_json}); return false",
+                                :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{CGI::escape_html(links.to_json)}); return false",
                                 :class => 'article-translations-menu simplemenu-trigger up'),
                   :class => 'article-translations')
     end
@@ -265,7 +265,7 @@ module FormsHelper
     )
   end
  
-  def select_profile_folder(label_text, field_id, profile, default_value='', html_options = {}, js_options = {}, find_options = {})
+  def select_profile_folder(label_text, field_id, profile, default_value='', html_options = {}, js_options = {}, find_options = {}, extra_options = {})
     if find_options.empty?
       folders = profile.folders
     else
@@ -276,7 +276,7 @@ module FormsHelper
       select_tag(
         field_id,
         options_for_select(
-          [[profile.identifier, '']] +
+          [[(extra_options[:root_label] || profile.identifier), '']] +
           folders.collect {|f| [ profile.identifier + '/' +  f.full_name, f.id.to_s ] },
           default_value.to_s
         ),
@@ -2,12 +2,31 @@ module LayoutHelper
  
   def body_classes
     # Identify the current controller and action for the CSS:
+    (logged_in? ? " logged-in" : "") +
     " controller-#{controller.controller_name}" +
     " action-#{controller.controller_name}-#{controller.action_name}" +
     " template-#{@layout_template || if profile.blank? then 'default' else profile.layout_template end}" +
     (!profile.nil? && profile.is_on_homepage?(request.path,@page) ? " profile-homepage" : "")
   end
  
+  def html_tag_classes
+    [
+      body_classes, (
+        profile.blank? ? nil : [
+          'profile-type-is-' + profile.class.name.downcase,
+          'profile-name-is-' + profile.identifier,
+        ]
+      ), 'theme-' + current_theme,
+      @plugins.dispatch(:html_tag_classes).map do |content|
+        if content.respond_to?(:call)
+          instance_exec(&content)
+        else
+          content.html_safe
+        end
+      end
+    ].flatten.compact.join(' ')
+  end
+
   def noosfero_javascript
     plugins_javascripts = @plugins.map { |plugin| [plugin.js_files].flatten.map { |js| plugin.class.public_path(js) } }.flatten
  
@@ -17,6 +36,8 @@ module LayoutHelper
     unless plugins_javascripts.empty?
       output += javascript_include_tag plugins_javascripts, :cache => "cache/plugins-#{Digest::MD5.hexdigest plugins_javascripts.to_s}"
     end
+    output += theme_javascript_ng.to_s
+
     output
   end
  
@@ -27,6 +48,7 @@ module LayoutHelper
       'thickbox',
       'lightbox',
       'colorbox',
+      'selectordie',
       'inputosaurus',
       pngfix_stylesheet_path,
     ] + tokeninput_stylesheets
@@ -84,6 +106,10 @@ module LayoutHelper
     theme_path + '/style.css'
   end
  
+  def layout_template
+    if profile then profile.layout_template else environment.layout_template end
+  end
+
   def addthis_javascript
     if NOOSFERO_CONF['addthis_enabled']
       '<script src="https://s7.addthis.com/js/152/addthis_widget.js"></script>'
@@ -91,7 +117,7 @@ module LayoutHelper
   end
  
   def meta_description_tag(article=nil)
-    article ? truncate(strip_tags(article.body.to_s), :length => 200) : environment.name
+    article ? CGI.escapeHTML(truncate(strip_tags(article.body.to_s), :length => 200)) : environment.name
   end
 end
  
@@ -1,15 +0,0 @@
-module PersonNotifierHelper
-
-  include ApplicationHelper
-
-  private
-
-  def path_to_image(source)
-    top_url + source
-  end
-
-  def top_url
-    top_url = @profile.environment ? @profile.environment.top_url : ''
-  end
-
-end
 module ProfileHelper
  
   COMMON_CATEGORIES = ActiveSupport::OrderedHash.new
-  COMMON_CATEGORIES[:content] = [:blogs, :image_galleries, :events, :tags]
+  COMMON_CATEGORIES[:content] = [:blogs, :image_galleries, :events, :article_tags]
   COMMON_CATEGORIES[:interests] = [:interests]
   COMMON_CATEGORIES[:general] = nil
  
@@ -41,6 +41,8 @@ module ProfileHelper
     :birth_date => _('Date of birth'),
     :created_at => _('Profile created at'),
     :members_count => _('Members'),
+    :privacy_setting => _('Privacy setting'),
+    :article_tags => _('Tags')
   }
  
   EXCEPTION = {
@@ -63,7 +65,7 @@ module ProfileHelper
  
   def title(field, entry = nil)
     return self.send("#{field}_custom_title", entry) if MULTIPLE[kind].include?(field) && entry.present?
-    CUSTOM_LABELS[field.to_sym] || field.to_s.humanize
+    CUSTOM_LABELS[field.to_sym] || _(field.to_s.humanize)
   end
  
   def display_field(field)
@@ -73,14 +75,18 @@ module ProfileHelper
       return ''
     end
     value = begin profile.send(field) rescue nil end
-    if !value.blank?
+    return '' if value.blank?
+    if value.kind_of?(Hash)
+      content = self.send("treat_#{field}", value)
+      content_tag('tr', content_tag('td', title(field), :class => 'field-name') + content_tag('td', content))
+    else
       entries = multiple ? value : [] << value
       entries.map do |entry|
         content = self.send("treat_#{field}", entry)
-        content_tag('tr', content_tag('td', title(field, entry), :class => 'field-name') + content_tag('td', content))
+        unless content.blank?
+          content_tag('tr', content_tag('td', title(field, entry), :class => 'field-name') + content_tag('td', content))
+        end
       end.join("\n")
-    else
-      ''
     end
   end
  
@@ -142,7 +148,7 @@ module ProfileHelper
     link_to events.published.count, :controller => 'events', :action => 'events'
   end
  
-  def treat_tags(tags)
+  def treat_article_tags(tags)
     tag_cloud @tags, :id, { :action => 'tags' }, :max_size => 18, :min_size => 10
   end
  
 module RoleHelper
+
+  def role_available_permissions(role)
+    role.kind == "Environment" ? ['Environment', 'Profile'] : [role.kind]
+  end
+
 end
@@ -5,22 +5,31 @@ module SearchHelper
   BLOCKS_SEARCH_LIMIT = 24
   MULTIPLE_SEARCH_LIMIT = 8
  
-  SEARCHES = ActiveSupport::OrderedHash[
-    :articles, _('Contents'),
-    :enterprises, _('Enterprises'),
-    :people, _('People'),
-    :communities, _('Communities'),
-    :products, _('Products and Services'),
-    :events, _('Events'),
-  ]
+  FILTERS_TRANSLATIONS = {
+    :order => _('Order'),
+    :display => _('Display')
+  }
  
-  FILTER_TRANSLATION = {
-    'more_popular' => _('More popular'),
-    'more_active' => _('More active'),
-    'more_recent' => _('More recent'),
-    'more_comments' => _('More comments')
+  FILTERS_OPTIONS_TRANSLATION = {
+    :order => {
+      'more_popular' => _('More popular'),
+      'more_active' => _('More active'),
+      'more_recent' => _('More recent'),
+      'more_comments' => _('More comments')
+    },
+    :display => {
+      'map' => _('Map'),
+      'full' => _('Full'),
+      'compact' => _('Compact')
+    }
   }
  
+  COMMON_PROFILE_LIST_BLOCK = [
+    :enterprises,
+    :people,
+    :communities
+  ]
+
   # FIXME remove it after search_controler refactored
   include EventsHelper
  
@@ -50,7 +59,7 @@ module SearchHelper
   end
  
   def display?(asset, mode)
-    defined?(asset_class(asset)::SEARCH_DISPLAYS) && asset_class(asset)::SEARCH_DISPLAYS.include?(mode.to_s)
+    defined?(asset_class(asset)::SEARCH_FILTERS[:display]) && asset_class(asset)::SEARCH_FILTERS[:display].include?(mode.to_s)
   end
  
   def display_results(searches=nil, asset=nil)
@@ -87,6 +96,16 @@ module SearchHelper
     end
   end
  
+  def select_filter(name, options, default = nil)
+    if options.size <= 1
+      return
+    else
+      options = options.map {|option| [FILTERS_OPTIONS_TRANSLATION[name][option], option]}
+      options = options_for_select(options, :selected => (params[name] || default))
+      select_tag(name, options)
+    end
+  end
+
   def display_selector(asset, display, float = 'right')
     display = nil if display.blank?
     display ||= asset_class(asset).default_search_display
@@ -94,43 +113,39 @@ module SearchHelper
       compact_link = display?(asset, :compact) ? (display == 'compact' ? _('Compact') : link_to(_('Compact'), params.merge(:display => 'compact'))) : nil
       map_link = display?(asset, :map) ? (display == 'map' ? _('Map') : link_to(_('Map'), params.merge(:display => 'map'))) : nil
       full_link = display?(asset, :full) ? (display == 'full' ? _('Full') : link_to(_('Full'), params.merge(:display => 'full'))) : nil
-      content_tag('div', 
+      content_tag('div',
         content_tag('strong', _('Display')) + ': ' + [compact_link, map_link, full_link].compact.join(' | ').html_safe,
         :class => 'search-customize-options'
       )
     end
   end
  
-  def filter_selector(asset, filter, float = 'right')
+  def filters(asset)
+    return if !asset
     klass = asset_class(asset)
-    if klass::SEARCH_FILTERS.count > 1
-      options = options_for_select(klass::SEARCH_FILTERS.map {|f| [FILTER_TRANSLATION[f], f]}, filter)
-      url_params = url_for(params.merge(:filter => 'FILTER'))
-      onchange = "document.location.href = '#{url_params}'.replace('FILTER', this.value)"
-      select_field = select_tag(:filter, options, :onchange => onchange)
-      content_tag('div',
-        content_tag('strong', _('Filter')) + ': ' + select_field,
-        :class => "search-customize-options"
-      )
-    end
+    content_tag('div', klass::SEARCH_FILTERS.map do |name, options|
+      default = klass.respond_to?("default_search_#{name}") ? klass.send("default_search_#{name}".to_s) : nil
+      select_filter(name, options, default)
+    end.join("\n"), :id => 'search-filters')
+  end
+
+  def assets_menu(selected)
+    assets = @enabled_searches.keys
+    #     Events is a search asset but do not have a good interface for
+    #TODO searching. When this is solved we may add it back again to the assets
+    #     menu.
+    assets.delete(:events)
+    content_tag('ul',
+      assets.map do |asset|
+        options = {}
+        options.merge!(:class => 'selected') if selected.to_s == asset.to_s
+        content_tag('li', asset_link(asset), options)
+      end.join("\n"),
+    :id => 'assets-menu')
   end
  
-  def filter_title(asset, filter)
-    {
-      'articles_more_recent' => _('More recent contents from network'),
-      'articles_more_popular' => _('More viewed contents from network'),
-      'articles_more_comments' => _('Most commented contents from network'),
-      'people_more_recent' => _('More recent people from network'),
-      'people_more_active' => _('More active people from network'),
-      'people_more_popular' => _('More popular people from network'),
-      'communities_more_recent' => _('More recent communities from network'),
-      'communities_more_active' => _('More active communities from network'),
-      'communities_more_popular' => _('More popular communities from network'),
-      'enterprises_more_recent' => _('More recent enterprises from network'),
-      'enterprises_more_active' => _('More active enterprises from network'),
-      'enterprises_more_popular' => _('More popular enterprises from network'),
-      'products_more_recent' => _('Highlights'),
-    }[asset.to_s + '_' + filter].to_s
+  def asset_link(asset)
+    link_to(@enabled_searches[asset], "/search/#{asset}")
   end
  
 end
@@ -0,0 +1,18 @@
+module SearchTermHelper
+  def register_search_term(term, total, indexed, context, asset='all')
+    normalized_term = normalize_term(term)
+    if normalized_term.present?
+      search_term = SearchTerm.find_or_create(normalized_term, context, asset)
+      SearchTermOccurrence.create!(:search_term => search_term, :total => total, :indexed => indexed)
+    end
+  end
+
+  #FIXME For some reason the job is created but nothing is ran.
+  #handle_asynchronously :register_search_term
+
+  #TODO Think smarter criteria to normalize search terms properly
+  def normalize_term(search_term)
+    search_term ||= ''
+    search_term.downcase
+  end
+end
@@ -56,12 +56,12 @@ module SweeperHelper
     if profile
       profile.blocks.each {|block|
         conditions = block.class.expire_on
-        blocks_to_expire << block unless (conditions[:profile] & causes).empty?
+        blocks_to_expire << block unless (conditions[:profile] & causes).blank?
       }
     end
     environment.blocks.each {|block|
       conditions = block.class.expire_on
-      blocks_to_expire << block unless (conditions[:environment] & causes).empty?
+      blocks_to_expire << block unless (conditions[:environment] & causes).blank?
     }
  
     blocks_to_expire.uniq!
@@ -11,7 +11,7 @@ module TinymceHelper
   end
  
   def tinymce_init_js options = {}
-    options.merge! :document_base_url => environment.top_url,
+    options.merge! :document_base_url => top_url,
       :content_css => "/stylesheets/tinymce.css,#{macro_css_files}",
       :plugins => %w[compat3x advlist autolink lists link image charmap print preview hr anchor pagebreak
         searchreplace wordcount visualblocks visualchars code fullscreen
@@ -12,6 +12,7 @@ module TokenHelper
     options[:search_delay] ||= 1000
     options[:prevent_duplicates] ||=  true
     options[:backspace_delete_item] ||= false
+    options[:zindex] ||= 999
     options[:focus] ||= false
     options[:avoid_enter] ||= true
     options[:on_result] ||= 'null'
@@ -31,6 +32,7 @@ module TokenHelper
         searchDelay: #{options[:search_delay].to_json},
         preventDuplicates: #{options[:prevent_duplicates].to_json},
         backspaceDeleteItem: #{options[:backspace_delete_item].to_json},
+        zindex: #{options[:zindex].to_json},
         queryParam: #{options[:query_param].to_json},
         tokenLimit: #{options[:token_limit].to_json},
         onResult: #{options[:on_result]},
@@ -41,6 +41,23 @@ class UserMailer &lt; ActionMailer::Base
     )
   end
  
+  def profiles_suggestions_email(user)
+    @recipient = user.name
+    @environment = user.environment.name
+    @url = user.environment.top_url
+    @people_suggestions_url = user.people_suggestions_url
+    @people_suggestions = user.suggested_people.sample(3)
+    @communities_suggestions_url = user.communities_suggestions_url
+    @communities_suggestions = user.suggested_communities.sample(3)
+
+    mail(
+      content_type: 'text/html',
+      to: user.email,
+      from: "#{user.environment.name} <#{user.environment.contact_email}>",
+      subject: _("[%s] What about grow up your network?") % user.environment.name
+    )
+  end
+
   class Job < Struct.new(:user, :method)
     def perform
       UserMailer.send(method, user).deliver
@@ -14,6 +14,11 @@ class AddFriend &lt; Task
   alias :friend :target
   alias :friend= :target=
  
+  after_create do |task|
+    TaskMailer.invitation_notification(task).deliver unless task.friend
+    remove_from_suggestion_list(task)
+  end
+
   def perform
     target.add_friend(requestor, group_for_friend)
     requestor.add_friend(target, group_for_person)
@@ -48,4 +53,8 @@ class AddFriend &lt; Task
     {:type => :profile_image, :profile => requestor, :url => requestor.url}
   end
  
+  def remove_from_suggestion_list(task)
+    suggestion = task.requestor.profile_suggestions.find_by_suggestion_id task.target.id
+    suggestion.disable if suggestion
+  end
 end
@@ -10,6 +10,10 @@ class AddMember &lt; Task
  
   settings_items :roles
  
+  after_create do |task|
+    remove_from_suggestion_list(task)
+  end
+
   def perform
     if !self.roles or (self.roles.uniq.compact.length == 1 and self.roles.uniq.compact.first.to_i.zero?)
       self.roles = [Profile::Roles.member(organization.environment.id).id]
@@ -46,4 +50,9 @@ class AddMember &lt; Task
     _('You will need login to %{system} in order to accept or reject %{requestor} as a member of %{organization}.') % { :system => target.environment.name, :requestor => requestor.name, :organization => organization.name }
   end
  
+  def remove_from_suggestion_list(task)
+    suggestion = task.requestor.profile_suggestions.find_by_suggestion_id task.target.id
+    suggestion.disable if suggestion
+  end
+
 end
@@ -22,6 +22,7 @@ class ApproveArticle &lt; Task
   end
  
   settings_items :closing_statment, :article_parent_id, :highlighted
+  settings_items :create_link, :type => :boolean, :default => false
  
   def article_parent
     Article.find_by_id article_parent_id.to_i
@@ -48,7 +49,11 @@ class ApproveArticle &lt; Task
   end
  
   def perform
-    article.copy!(:name => name, :abstract => abstract, :body => body, :profile => target, :reference_article => article, :parent => article_parent, :highlighted => highlighted, :source => article.source, :last_changed_by_id => article.last_changed_by_id, :created_by_id => article.created_by_id)
+    if create_link
+      LinkArticle.create!(:reference_article => article, :profile => target, :parent => article_parent, :highlighted => highlighted)
+    else
+      article.copy!(:name => name, :abstract => abstract, :body => body, :profile => target, :reference_article => article, :parent => article_parent, :highlighted => highlighted, :source => article.source, :last_changed_by_id => article.last_changed_by_id, :created_by_id => article.created_by_id)
+    end
   end
  
   def title
@@ -2,25 +2,29 @@ require &#39;hpricot&#39;
  
 class Article < ActiveRecord::Base
  
-  attr_accessible :name, :body, :abstract, :profile, :tag_list, :parent, :allow_members_to_edit, :translation_of_id, :language, :license_id, :parent_id, :display_posts_in_current_language, :category_ids, :posts_per_page, :moderate_comments, :accept_comments, :feed, :published, :source, :highlighted, :notify_comments, :display_hits, :slug, :external_feed_builder, :display_versions, :external_link, :image_builder
+  attr_accessible :name, :body, :abstract, :profile, :tag_list, :parent,
+                  :allow_members_to_edit, :translation_of_id, :language,
+                  :license_id, :parent_id, :display_posts_in_current_language,
+                  :category_ids, :posts_per_page, :moderate_comments,
+                  :accept_comments, :feed, :published, :source,
+                  :highlighted, :notify_comments, :display_hits, :slug,
+                  :external_feed_builder, :display_versions, :external_link,
+                  :image_builder, :show_to_followers
  
   acts_as_having_image
  
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :abstract => 3,
-    :body => 2,
-    :slug => 1,
-    :filename => 1,
+    :name => {:label => _('Name'), :weight => 10},
+    :abstract => {:label => _('Abstract'), :weight => 3},
+    :body => {:label => _('Content'), :weight => 2},
+    :slug => {:label => _('Slug'), :weight => 1},
+    :filename => {:label => _('Filename'), :weight => 1},
   }
  
-  SEARCH_FILTERS = %w[
-    more_recent
-    more_popular
-    more_comments
-  ]
-
-  SEARCH_DISPLAYS = %w[full]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent more_popular more_comments],
+    :display => %w[full]
+  }
  
   def self.default_search_display
     'full'
@@ -103,6 +107,11 @@ class Article &lt; ActiveRecord::Base
     self.activity.destroy if self.activity
   end
  
+  after_destroy :destroy_link_article
+  def destroy_link_article
+    Article.where(:reference_article_id => self.id, :type => LinkArticle).destroy_all
+  end
+
   xss_terminate :only => [ :name ], :on => 'validation', :with => 'white_list'
  
   scope :in_category, lambda { |category|
@@ -285,13 +294,6 @@ class Article &lt; ActiveRecord::Base
     end
   end
  
-  def reported_version(options = {})
-    article = self
-    search_path = Rails.root.join('app', 'views', 'shared', 'reported_versions')
-    partial_path = File.join('shared', 'reported_versions', partial_for_class_in_view_path(article.class, search_path))
-    lambda { render_to_string(:partial => partial_path, :locals => {:article => article}) }
-  end
-
   # returns the data of the article. Must be overriden in each subclass to
   # provide the correct content for the article.
   def data
@@ -340,7 +342,7 @@ class Article &lt; ActiveRecord::Base
   def belongs_to_blog?
     self.parent and self.parent.blog?
   end
-  
+
   def belongs_to_forum?
     self.parent and self.parent.forum?
   end
@@ -452,6 +454,7 @@ class Article &lt; ActiveRecord::Base
       if self.parent && !self.parent.published?
         return false
       end
+
       true
     else
       false
@@ -471,7 +474,9 @@ class Article &lt; ActiveRecord::Base
   scope :no_folders, lambda {|profile|{:conditions => ['articles.type NOT IN (?)', profile.folder_types]}}
   scope :galleries, :conditions => [ "articles.type IN ('Gallery')" ]
   scope :images, :conditions => { :is_image => true }
+  scope :no_images, :conditions => { :is_image => false }
   scope :text_articles, :conditions => [ 'articles.type IN (?)', text_article_types ]
+  scope :files, :conditions => { :type => 'UploadedFile' }
   scope :with_types, lambda { |types| { :conditions => [ 'articles.type IN (?)', types ] } }
  
   scope :more_popular, :order => 'hits DESC'
@@ -483,14 +488,17 @@ class Article &lt; ActiveRecord::Base
     {:conditions => ["  articles.published = ? OR
                         articles.last_changed_by_id = ? OR
                         articles.profile_id = ? OR
-                        ?",
-                        true, user.id, user.id, user.has_permission?(:view_private_content, profile)] }
+                        ? OR  articles.show_to_followers = ? AND ?",
+                        true, user.id, user.id, user.has_permission?(:view_private_content, profile),
+                        true, user.follows?(profile)]}
   end
  
+
   def display_unpublished_article_to?(user)
     user == author || allow_view_private_content?(user) || user == profile ||
     user.is_admin?(profile.environment) || user.is_admin?(profile) ||
-    article_privacy_exceptions.include?(user)
+    article_privacy_exceptions.include?(user) ||
+    (self.show_to_followers && user.follows?(profile))
   end
  
   def display_to?(user = nil)
@@ -519,7 +527,10 @@ class Article &lt; ActiveRecord::Base
   end
  
   alias :allow_delete?  :allow_post_content?
-  alias :allow_spread?  :allow_post_content?
+
+  def allow_spread?(user = nil)
+    user && public?
+  end
  
   def allow_create?(user)
     allow_post_content?(user) || allow_publish_content?(user)
 class Block < ActiveRecord::Base
  
-  attr_accessible :title, :display, :limit, :box_id, :posts_per_page, :visualization_format, :language, :display_user, :box
+  attr_accessible :title, :display, :limit, :box_id, :posts_per_page, :visualization_format, :language, :display_user, :box, :fixed
  
   # to be able to generate HTML
   include ActionView::Helpers::UrlHelper
@@ -64,7 +64,7 @@ class Block &lt; ActiveRecord::Base
   end
  
   def display_to_user?(user)
-    display_user == 'all' || (user.nil? && display_user == 'not_logged') || (user && display_user == 'logged')
+    display_user == 'all' || (user.nil? && display_user == 'not_logged') || (user && display_user == 'logged') || (user && display_user == 'followers' && user.follows?(owner))
   end
  
   def display_always(context)
@@ -75,7 +75,7 @@ class Block &lt; ActiveRecord::Base
     if context[:article]
       return context[:article] == owner.home_page
     else
-      return context[:request_path] == '/'
+      return home_page_path?(context[:request_path])
     end
   end
  
@@ -83,7 +83,7 @@ class Block &lt; ActiveRecord::Base
     if context[:article]
       return context[:article] != owner.home_page
     else
-      return context[:request_path] != '/' + (owner.kind_of?(Profile) ? owner.identifier : '')
+      return !home_page_path?(context[:request_path])
     end
   end
  
@@ -110,11 +110,14 @@ class Block &lt; ActiveRecord::Base
   # * <tt>'all'</tt>: the block is always displayed
   settings_items :language, :type => :string, :default => 'all'
  
+  # The block can be configured to be fixed. Only can be edited by environment admins
+  settings_items :fixed, :type => :boolean, :default => false
+
   # returns the description of the block, used when the user sees a list of
   # blocks to choose one to include in the design.
   #
   # Must be redefined in subclasses to match the description of each block
-  # type. 
+  # type.
   def self.description
     '(dummy)'
   end
@@ -124,13 +127,13 @@ class Block &lt; ActiveRecord::Base
   # This method can return several types of objects:
   #
   # * <tt>String</tt>: if the string starts with <tt>http://</tt> or <tt>https://</tt>, then it is assumed to be address of an IFRAME. Otherwise it's is used as regular HTML.
-  # * <tt>Hash</tt>: the hash is used to build an URL that is used as the address for a IFRAME. 
+  # * <tt>Hash</tt>: the hash is used to build an URL that is used as the address for a IFRAME.
   # * <tt>Proc</tt>: the Proc is evaluated in the scope of BoxesHelper. The
   # block can then use <tt>render</tt>, <tt>link_to</tt>, etc.
   #
   # The method can also return <tt>nil</tt>, which means "no content".
   #
-  # See BoxesHelper#extract_block_content for implementation details. 
+  # See BoxesHelper#extract_block_content for implementation details.
   def content(args={})
     "This is block number %d" % self.id
   end
@@ -221,6 +224,7 @@ class Block &lt; ActiveRecord::Base
       'all'            => _('All users'),
       'logged'         => _('Logged'),
       'not_logged'     => _('Not logged'),
+      'followers'      => owner.class != Environment && owner.organization? ? _('Members') : _('Friends')
     }
   end
  
@@ -239,4 +243,21 @@ class Block &lt; ActiveRecord::Base
     self.position = block.position
   end
  
+  private
+
+  def home_page_path
+    home_page_url = Noosfero.root('/')
+
+    if owner.kind_of?(Profile)
+      home_page_url += "profile/" if owner.home_page.nil?
+      home_page_url += owner.identifier
+    end
+
+    return home_page_url
+  end
+
+  def home_page_path? path
+    return path == home_page_path || path == (home_page_path + '/')
+  end
+
 end
@@ -53,7 +53,7 @@ class Blog &lt; Folder
   def prepare_external_feed
     unless self.external_feed_data.nil?
       if self.external_feed(true) && self.external_feed.id == self.external_feed_data[:id].to_i
-        self.external_feed.attributes = self.external_feed_data
+        self.external_feed.attributes = self.external_feed_data.except(:id)
       else
         self.build_external_feed(self.external_feed_data, :without_protection => true)
       end
@@ -3,10 +3,10 @@ class Category &lt; ActiveRecord::Base
   attr_accessible :name, :parent_id, :display_color, :display_in_menu, :image_builder, :environment, :parent
  
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :acronym => 5,
-    :abbreviation => 5,
-    :slug => 1,
+    :name => {:label => _('Name'), :weight => 10},
+    :acronym => {:label => _('Acronym'), :weight => 5},
+    :abbreviation => {:label => _('Abbreviation'), :weight => 5},
+    :slug => {:label => _('Slug'), :weight => 1},
   }
  
   validates_exclusion_of :slug, :in => [ 'index' ], :message => N_('{fn} cannot be like that.').fix_i18n
@@ -3,9 +3,9 @@ class Certifier &lt; ActiveRecord::Base
   attr_accessible :name, :environment
  
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :description => 3,
-    :link => 1,
+    :name => {:label => _('Name'), :weight => 10},
+    :description => {:label => _('Description'), :weight => 3},
+    :link => {:label => _('Link'), :weight => 1},
   }
  
   belongs_to :environment
 class Comment < ActiveRecord::Base
  
   SEARCHABLE_FIELDS = {
-    :title => 10,
-    :name => 4,
-    :body => 2,
+    :title => {:label => _('Title'), :weight => 10},
+    :name => {:label => _('Name'), :weight => 4},
+    :body => {:label => _('Content'), :weight => 2},
   }
  
   attr_accessible :body, :author, :name, :email, :title, :reply_of_id, :source
@@ -14,19 +14,17 @@ class CommunitiesBlock &lt; ProfileListBlock
     _('This block displays the communities in which the user is a member.')
   end
  
+  def suggestions
+    return nil unless owner.kind_of?(Profile)
+    owner.profile_suggestions.of_community.enabled.limit(3).includes(:suggestion)
+  end
+
   def footer
     owner = self.owner
-    case owner
-    when Profile
-      lambda do |context|
-        link_to s_('communities|View all'), :profile => owner.identifier, :controller => 'profile', :action => 'communities'
-      end
-    when Environment
-      lambda do |context|
-        link_to s_('communities|View all'), :controller => 'search', :action => 'communities'
-      end
-    else
-      ''
+    suggestions = self.suggestions
+    return '' unless owner.kind_of?(Profile) || owner.kind_of?(Environment)
+    proc do
+      render :file => 'blocks/communities', :locals => { :owner => owner, :suggestions => suggestions }
     end
   end
  
@@ -50,16 +50,6 @@ class Community &lt; Organization
     super + FIELDS
   end
  
-  validate :presence_of_required_fieds
-
-  def presence_of_required_fieds
-    self.required_fields.each do |field|
-      if self.send(field).blank?
-        self.errors.add_on_blank(field)
-      end
-    end
-  end
-
   def active_fields
     environment ? environment.active_community_fields : []
   end
@@ -78,7 +68,7 @@ class Community &lt; Organization
   end
  
   def default_template
-    environment.community_template
+    environment.community_default_template
   end
  
   def news(limit = 30, highlight = false)
@@ -73,7 +73,13 @@ class CreateEnterprise &lt; Task
  
   # sets the associated region for the enterprise creation
   def region=(value)
-    raise ArgumentError.new("Region expected, but got #{value.class}") unless value.kind_of?(Region)
+    unless value.kind_of?(Region)
+      begin
+        value = Region.find(value)
+      rescue
+        raise ArgumentError.new("Could not find any region with the id #{value}")
+      end
+    end
  
     @region = value
     self.region_id = value.id
@@ -92,4 +92,11 @@ class Domain &lt; ActiveRecord::Base
     @hosting = {}
   end
  
+  # Detects a domain's custom text domain chain if available based on a domain
+  # served on multitenancy configuration or a registered domain.
+  def self.custom_locale(domainname)
+    domain = Noosfero::MultiTenancy.mapping[domainname] || domainname[/(.*?)\./,1]
+    FastGettext.translation_repositories.keys.include?(domain) ? domain : FastGettext.default_text_domain
+  end
+
 end
@@ -4,7 +4,10 @@ class Enterprise &lt; Organization
  
   attr_accessible :business_name, :address_reference, :district, :tag_list, :organization_website, :historic_and_current_context, :activities_short_description, :products_per_catalog_page
  
-  SEARCH_DISPLAYS += %w[map full]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent more_popular more_active],
+    :display => %w[compact full map]
+  }
  
   def self.type_name
     _('Enterprise')
@@ -59,16 +62,6 @@ class Enterprise &lt; Organization
     super + FIELDS
   end
  
-  validate :presence_of_required_fieds
-
-  def presence_of_required_fieds
-    self.required_fields.each do |field|
-      if self.send(field).blank?
-        self.errors.add_on_blank(field)
-      end
-    end
-  end
-
   def active_fields
     environment ? environment.active_enterprise_fields : []
   end
@@ -107,7 +100,12 @@ class Enterprise &lt; Organization
     self.tasks.where(:type => 'EnterpriseActivation').first
   end
  
-  def enable(owner)
+  def enable(owner = nil)
+    if owner.nil?
+      self.visible = true
+      return self.save
+    end
+
     return if enabled
     # must be set first for the following to work
     self.enabled = true
@@ -169,7 +167,7 @@ class Enterprise &lt; Organization
   end
  
   def default_template
-    environment.enterprise_template
+    environment.enterprise_default_template
   end
  
   def template_with_inactive_enterprise
@@ -10,6 +10,7 @@ class Environment &lt; ActiveRecord::Base
   self.partial_updates = false
  
   has_many :tasks, :dependent => :destroy, :as => 'target'
+  has_many :search_terms, :as => :context
  
   IDENTIFY_SCRIPTS = /(php[0-9s]?|[sp]htm[l]?|pl|py|cgi|rb)/
  
@@ -85,7 +86,9 @@ class Environment &lt; ActiveRecord::Base
   end
  
   def admins
-    Person.members_of(self).all(:conditions => ['role_assignments.role_id = ?', Environment::Roles.admin(self).id])
+    admin_role = Environment::Roles.admin(self)
+    return [] if admin_role.blank?
+    Person.members_of(self).all(:conditions => ['role_assignments.role_id = ?', admin_role.id])
   end
  
   # returns the available features for a Environment, in the form of a
@@ -155,7 +158,8 @@ class Environment &lt; ActiveRecord::Base
       'site_homepage' => _('Redirects the user to the environment homepage.'),
       'user_profile_page' => _('Redirects the user to his profile page.'),
       'user_homepage' => _('Redirects the user to his homepage.'),
-      'user_control_panel' => _('Redirects the user to his control panel.')
+      'user_control_panel' => _('Redirects the user to his control panel.'),
+      'welcome_page' => _('Redirects the user to the environment welcome page.')
     }
   end
   validates_inclusion_of :redirection_after_signup, :in => Environment.signup_redirection_options.keys, :allow_nil => true
@@ -283,6 +287,7 @@ class Environment &lt; ActiveRecord::Base
     www.flickr.com
     www.gmodules.com
     www.youtube.com
+    openstreetmap.org
   ] + ('a' .. 'z').map{|i| "#{i}.yimg.com"}
  
   settings_items :enabled_plugins, :type => Array, :default => Noosfero::Plugin.available_plugin_names
@@ -656,8 +661,8 @@ class Environment &lt; ActiveRecord::Base
     { :controller => 'admin_panel', :action => 'index' }
   end
  
-  def top_url
-    url = 'http://'
+  def top_url(scheme = 'http')
+    url = scheme + '://'
     url << (Noosfero.url_options.key?(:host) ? Noosfero.url_options[:host] : default_hostname)
     url << ':' << Noosfero.url_options[:port].to_s if Noosfero.url_options.key?(:port)
     url << Noosfero.root('')
@@ -728,31 +733,50 @@ class Environment &lt; ActiveRecord::Base
     ]
   end
  
-  def community_template
+  def is_default_template?(template)
+    is_default = template == community_default_template 
+    is_default = is_default || template == person_default_template 
+    is_default = is_default || template == enterprise_default_template
+    is_default
+  end
+
+  def community_templates
+    self.communities.templates
+  end
+
+  def community_default_template
     template = Community.find_by_id settings[:community_template_id]
-    template if template && template.is_template
+    template if template && template.is_template?
+  end
+
+  def community_default_template=(value)
+    settings[:community_template_id] = value.kind_of?(Community) ? value.id : value
   end
  
-  def community_template=(value)
-    settings[:community_template_id] = value.id
+  def person_templates
+    self.people.templates
   end
  
-  def person_template
+  def person_default_template
     template = Person.find_by_id settings[:person_template_id]
-    template if template && template.is_template
+    template if template && template.is_template?
+  end
+
+  def person_default_template=(value)
+    settings[:person_template_id] = value.kind_of?(Person) ? value.id : value
   end
  
-  def person_template=(value)
-    settings[:person_template_id] = value.id
+  def enterprise_templates
+    self.enterprises.templates
   end
  
-  def enterprise_template
+  def enterprise_default_template
     template = Enterprise.find_by_id settings[:enterprise_template_id]
-    template if template && template.is_template
+    template if template && template.is_template?
   end
  
-  def enterprise_template=(value)
-    settings[:enterprise_template_id] = value.id
+  def enterprise_default_template=(value)
+    settings[:enterprise_template_id] = value.kind_of?(Enterprise) ? value.id : value
   end
  
   def inactive_enterprise_template
@@ -804,6 +828,10 @@ class Environment &lt; ActiveRecord::Base
     "home-page-news/#{cache_key}-#{language}"
   end
  
+  def portal_enabled
+    portal_community && enabled?('use_portal_community')
+  end
+
   def notification_emails
     [contact_email].select(&:present?) + admins.map(&:email)
   end
@@ -850,10 +878,10 @@ class Environment &lt; ActiveRecord::Base
     person_template.visible = false
     person_template.save!
  
-    self.enterprise_template = enterprise_template
+    self.enterprise_default_template = enterprise_template
     self.inactive_enterprise_template = inactive_enterprise_template
-    self.community_template = community_template
-    self.person_template = person_template
+    self.community_default_template = community_template
+    self.person_default_template = person_template
     self.save!
   end
  
@@ -917,6 +945,10 @@ class Environment &lt; ActiveRecord::Base
     locales_list
   end
  
+  def has_license?
+    self.licenses.any?
+  end
+
   private
  
   def default_language_available
@@ -19,7 +19,7 @@ class Event &lt; Article
     maybe_add_http(self.setting[:link])
   end
  
-  xss_terminate :only => [ :body, :link, :address ], :with => 'white_list', :on => 'validation'
+  xss_terminate :only => [ :name, :body, :link, :address ], :with => 'white_list', :on => 'validation'
  
   def initialize(*args)
     super(*args)
@@ -10,9 +10,10 @@ class ExternalFeed &lt; ActiveRecord::Base
     { :conditions => ['(fetched_at is NULL) OR (fetched_at < ?)', Time.now - FeedUpdater.update_interval] }
   }
  
-  attr_accessible :address, :enabled
+  attr_accessible :address, :enabled, :only_once
  
   def add_item(title, link, date, content)
+    return if content.blank?
     doc = Hpricot(content)
     doc.search('*').each do |p|
       if p.instance_of? Hpricot::Elem
@@ -12,7 +12,7 @@ class Folder &lt; Article
  
   acts_as_having_settings :field => :setting
  
-  xss_terminate :only => [ :body ], :with => 'white_list', :on => 'validation'
+  xss_terminate :only => [ :name, :body ], :with => 'white_list', :on => 'validation'
  
   include WhiteListFilter
   filter_iframes :body
@@ -51,7 +51,10 @@ class Invitation &lt; Task
       next if contact_to_invite == _("Firstname Lastname <friend@email.com>")
  
       contact_to_invite.strip!
-      if match = contact_to_invite.match(/(.*)<(.*)>/) and match[2].match(Noosfero::Constants::EMAIL_FORMAT)
+      find_by_profile_id = false
+      if contact_to_invite.match(/^\d*$/)
+        find_by_profile_id = true
+      elsif match = contact_to_invite.match(/(.*)<(.*)>/) and match[2].match(Noosfero::Constants::EMAIL_FORMAT)
         friend_name = match[1].strip
         friend_email = match[2]
       elsif match = contact_to_invite.strip.match(Noosfero::Constants::EMAIL_FORMAT)
@@ -61,22 +64,24 @@ class Invitation &lt; Task
         next
       end
  
-      user = User.find_by_email(friend_email)
+      begin
+        user = find_by_profile_id ? Person.find_by_id(contact_to_invite).user : User.find_by_email(friend_email)
+      rescue
+        user = nil
+      end
  
-      task_args = if user.nil?
+      task_args = if user.nil? && !find_by_profile_id
         {:person => person, :friend_name => friend_name, :friend_email => friend_email, :message => message}
-      elsif !user.person.is_a_friend?(person)
+      elsif user.present? && !(user.person.is_a_friend?(person) && profile.person?)
         {:person => person, :target => user.person}
       end
  
-      if !task_args.nil?
-        if profile.person?
-          InviteFriend.create(task_args)
-        elsif profile.community?
-          InviteMember.create(task_args.merge(:community_id => profile.id))
-        else
-          raise NotImplementedError, 'Don\'t know how to invite people to a %s' % profile.class.to_s
-        end
+      if profile.person?
+        InviteFriend.create(task_args) if user.nil? || !user.person.is_a_friend?(person)
+      elsif profile.community?
+        InviteMember.create(task_args.merge(:community_id => profile.id)) if user.nil? || !user.person.is_member_of?(profile)
+      else
+        raise NotImplementedError, 'Don\'t know how to invite people to a %s' % profile.class.to_s
       end
     end
   end
 class InviteFriend < Invitation
  
   settings_items :group_for_person, :group_for_friend
+  before_create :check_for_invitation_existence
  
   def perform
     person.add_friend(friend, group_for_person)
@@ -41,4 +42,11 @@ class InviteFriend &lt; Invitation
     ].join("\n\n")
   end
  
+  private
+  def check_for_invitation_existence
+    if friend
+      friend.tasks.pending.of("InviteFriend").find(:all, :conditions => {:requestor_id => person.id, :target_id => friend.id}).blank?
+    end
+  end
+
 end
@@ -2,6 +2,7 @@ class InviteMember &lt; Invitation
  
   settings_items :community_id, :type => :integer
   validates_presence_of :community_id
+  before_create :check_for_invitation_existence
  
   def community
     Community.find(community_id)
@@ -39,6 +40,14 @@ class InviteMember &lt; Invitation
     _('%{requestor} invited you to join %{community}.') % {:requestor => requestor.name, :community => community.name}
   end
  
+  def target_notification_message
+    if friend
+      _('%{requestor} is inviting you to join "%{community}" on %{system}.') % { :system => target.environment.name, :requestor => requestor.name, :community => community.name }
+    else
+      super
+    end
+  end
+
   def expanded_message
     super.gsub /<community>/, community.name
   end
@@ -53,4 +62,11 @@ class InviteMember &lt; Invitation
     ].join("\n\n")
   end
  
+  private
+  def check_for_invitation_existence
+    if friend
+      friend.tasks.pending.of("InviteMember").find(:all, :conditions => {:requestor_id => person.id}).select { |t| t.data[:community_id] == community_id }.blank?
+    end
+  end
+
 end
@@ -3,8 +3,8 @@ class License &lt; ActiveRecord::Base
   attr_accessible :name, :url
  
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :url => 5,
+    :name => {:label => _('Name'), :weight => 10},
+    :url => {:label => _('URL'), :weight => 5},
   }
  
   belongs_to :environment
@@ -0,0 +1,14 @@
+class LinkArticle < Article
+
+  attr_accessible :reference_article
+
+  def self.short_description
+    "Article link"
+  end
+
+  delegate :name, :to => :reference_article
+  delegate :body, :to => :reference_article
+  delegate :abstract, :to => :reference_article
+  delegate :url, :to => :reference_article
+
+end
 class NationalRegion < ActiveRecord::Base
  
   SEARCHABLE_FIELDS = {
-    :name => 1,
-    :national_region_code => 1,
+    :name => {:label => _('Name'), :weight => 1},
+    :national_region_code => {:label => _('Region Code'), :weight => 1},
   }
  
   def self.search_city(city_name, like = false, state = nil)
@@ -3,10 +3,11 @@ class Organization &lt; Profile
  
   attr_accessible :moderated_articles, :foundation_year, :contact_person, :acronym, :legal_form, :economic_activity, :management_information, :cnpj, :display_name, :enable_contact_us
  
-  SEARCH_FILTERS += %w[
-    more_popular
-    more_active
-  ]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent more_popular more_active],
+    :display => %w[compact]
+  }
+
  
   settings_items :closed, :type => :boolean, :default => false
   def closed?
@@ -30,6 +31,16 @@ class Organization &lt; Profile
  
   scope :more_popular, :order => 'members_count DESC'
  
+  validate :presence_of_required_fieds, :unless => :is_template
+
+  def presence_of_required_fieds
+    self.required_fields.each do |field|
+      if self.send(field).blank?
+        self.errors.add_on_blank(field)
+      end
+    end
+  end
+
   def validation_methodology
     self.validation_info ? self.validation_info.validation_methodology : nil
   end
@@ -166,4 +177,8 @@ class Organization &lt; Profile
     self.visible = false
     save!
   end
+
+  def allow_invitation_from?(person)
+    (followed_by?(person) && self.allow_members_to_invite) || person.has_permission?('invite-members', self)
+  end
 end
@@ -3,10 +3,11 @@ class Person &lt; Profile
  
   attr_accessible :organization, :contact_information, :sex, :birth_date, :cell_phone, :comercial_phone, :jabber_id, :personal_website, :nationality, :address_reference, :district, :schooling, :schooling_status, :formation, :custom_formation, :area_of_study, :custom_area_of_study, :professional_activity, :organization_website
  
-  SEARCH_FILTERS += %w[
-    more_popular
-    more_active
-  ]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent more_popular more_active],
+    :display => %w[compact]
+  }
+
  
   def self.type_name
     _('Person')
@@ -21,10 +22,34 @@ class Person &lt; Profile
     { :select => 'DISTINCT profiles.*', :joins => :role_assignments, :conditions => [conditions] }
   }
  
-  def has_permission_with_plugins?(permission, profile)
-    permissions = [has_permission_without_plugins?(permission, profile)]
+  scope :not_members_of, lambda { |resources|
+    resources = [resources] if !resources.kind_of?(Array)
+    conditions = resources.map {|resource| "role_assignments.resource_type = '#{resource.class.base_class.name}' AND role_assignments.resource_id = #{resource.id || -1}"}.join(' OR ')
+    { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "role_assignments" ON "role_assignments"."accessor_id" = "profiles"."id" AND "role_assignments"."accessor_type" = (\'Profile\') WHERE "profiles"."type" IN (\'Person\') AND (%s))' % conditions] }
+  }
+
+  scope :by_role, lambda { |roles|
+    roles = [roles] unless roles.kind_of?(Array)
+    { :select => 'DISTINCT profiles.*', :joins => :role_assignments, :conditions => ['role_assignments.role_id IN (?)',
+roles] }
+  }
+
+  scope :not_friends_of, lambda { |resources|
+    resources = Array(resources)
+    { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] }
+  }
+
+  def has_permission_with_admin?(permission, resource)
+    return true if resource.blank? || resource.admins.include?(self)
+    return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self)
+    has_permission_without_admin?(permission, resource)
+  end
+  alias_method_chain :has_permission?, :admin
+
+  def has_permission_with_plugins?(permission, resource)
+    permissions = [has_permission_without_plugins?(permission, resource)]
     permissions += plugins.map do |plugin|
-      plugin.has_permission?(self, permission, profile)
+      plugin.has_permission?(self, permission, resource)
     end
     permissions.include?(true)
   end
@@ -39,9 +64,9 @@ class Person &lt; Profile
     ScopeTool.union *scopes
   end
  
-   def memberships_by_role(role)
-     memberships.where('role_assignments.role_id = ?', role.id)
-   end
+  def memberships_by_role(role)
+    memberships.where('role_assignments.role_id = ?', role.id)
+  end
  
   has_many :friendships, :dependent => :destroy
   has_many :friends, :class_name => 'Person', :through => :friendships
@@ -59,6 +84,10 @@ class Person &lt; Profile
   has_and_belongs_to_many :acepted_forums, :class_name => 'Forum', :join_table => 'terms_forum_people'
   has_and_belongs_to_many :articles_with_access, :class_name => 'Article', :join_table => 'article_privacy_exceptions'
  
+  has_many :profile_suggestions, :foreign_key => :person_id, :order => 'score DESC', :dependent => :destroy
+  has_many :suggested_people, :through => :profile_suggestions, :source => :suggestion, :conditions => ['profile_suggestions.suggestion_type = ? AND profile_suggestions.enabled = ?', 'Person', true]
+  has_many :suggested_communities, :through => :profile_suggestions, :source => :suggestion, :conditions => ['profile_suggestions.suggestion_type = ? AND profile_suggestions.enabled = ?', 'Community', true]
+
   scope :more_popular, :order => 'friends_count DESC'
  
   scope :abusers, :joins => :abuse_complaints, :conditions => ['tasks.status = 3'], :select => 'DISTINCT profiles.*'
@@ -74,6 +103,10 @@ class Person &lt; Profile
  
   belongs_to :user, :dependent => :delete
  
+  def can_change_homepage?
+    !environment.enabled?('cant_change_homepage') || is_admin?
+  end
+
   def can_control_scrap?(scrap)
     begin
       !self.scraps(scrap).nil?
@@ -108,12 +141,12 @@ class Person &lt; Profile
   end
  
   def add_friend(friend, group = nil)
-   unless self.is_a_friend?(friend)
+    unless self.is_a_friend?(friend)
       friendship = self.friendships.build
       friendship.friend = friend
       friendship.group = group
       friendship.save
-   end
+    end
   end
  
   def already_request_friendship?(person)
@@ -161,7 +194,7 @@ class Person &lt; Profile
     FIELDS
   end
  
-  validate :presence_of_required_fields
+  validate :presence_of_required_fields, :unless => :is_template
  
   def presence_of_required_fields
     self.required_fields.each do |field|
@@ -300,7 +333,7 @@ class Person &lt; Profile
   end
  
   def default_template
-    environment.person_template
+    environment.person_default_template
   end
  
   def apply_type_specific_template(template)
@@ -487,6 +520,15 @@ class Person &lt; Profile
     person.notifier.reschedule_next_notification_mail
   end
  
+  def remove_suggestion(profile)
+    suggestion = profile_suggestions.find_by_suggestion_id profile.id
+    suggestion.disable if suggestion
+  end
+
+  def allow_invitation_from?(person)
+    person.has_permission?(:manage_friends, self)
+  end
+
   protected
  
   def followed_by?(profile)
@@ -67,7 +67,7 @@ class PersonNotifier
  
   class Mailer < ActionMailer::Base
  
-    add_template_helper(PersonNotifierHelper)
+    add_template_helper(ApplicationHelper)
  
     def session
       {:theme => nil}
 class Product < ActiveRecord::Base
  
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :description => 1,
+    :name => {:label => _('Name'), :weight => 10},
+    :description => {:label => _('Description'), :weight => 1},
   }
  
-  SEARCH_FILTERS = %w[
-    more_recent
-  ]
-
-  SEARCH_DISPLAYS = %w[map full]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent],
+    :display => %w[full map]
+  }
  
-  attr_accessible :name, :product_category, :highlighted, :price, :enterprise, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs
+  attr_accessible :name, :product_category, :highlighted, :price, :enterprise, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs, :qualifiers_list
  
   def self.default_search_display
     'full'
@@ -3,7 +3,7 @@
 # which by default is the one returned by Environment:default.
 class Profile < ActiveRecord::Base
  
-  attr_accessible :name, :identifier, :public_profile, :nickname, :custom_footer, :custom_header, :address, :zip_code, :contact_phone, :image_builder, :description, :closed, :template_id, :environment, :lat, :lng, :is_template, :fields_privacy, :preferred_domain_id, :category_ids, :country, :city, :state, :national_region_code, :email, :contact_email, :redirect_l10n, :notification_time, :redirection_after_login
+  attr_accessible :name, :identifier, :public_profile, :nickname, :custom_footer, :custom_header, :address, :zip_code, :contact_phone, :image_builder, :description, :closed, :template_id, :environment, :lat, :lng, :is_template, :fields_privacy, :preferred_domain_id, :category_ids, :country, :city, :state, :national_region_code, :email, :contact_email, :redirect_l10n, :notification_time, :redirection_after_login, :email_suggestions, :allow_members_to_invite, :invite_friends_only
  
   # use for internationalizable human type names in search facets
   # reimplement on subclasses
@@ -12,16 +12,15 @@ class Profile &lt; ActiveRecord::Base
   end
  
   SEARCHABLE_FIELDS = {
-    :name => 10,
-    :identifier => 5,
-    :nickname => 2,
+    :name => {:label => _('Name'), :weight => 10},
+    :identifier => {:label => _('Username'), :weight => 5},
+    :nickname => {:label => _('Nickname'), :weight => 2},
   }
  
-  SEARCH_FILTERS = %w[
-    more_recent
-  ]
-
-  SEARCH_DISPLAYS = %w[compact]
+  SEARCH_FILTERS = {
+    :order => %w[more_recent],
+    :display => %w[compact]
+  }
  
   def self.default_search_display
     'compact'
@@ -97,7 +96,7 @@ class Profile &lt; ActiveRecord::Base
   end
  
   def members_by_name
-    members.order(:name)
+    members.order('profiles.name')
   end
  
   class << self
@@ -108,8 +107,8 @@ class Profile &lt; ActiveRecord::Base
     alias_method_chain :count, :distinct
   end
  
-  def members_by_role(role)
-    Person.members_of(self).all(:conditions => ['role_assignments.role_id = ?', role.id])
+  def members_by_role(roles)
+    Person.members_of(self).by_role(roles)
   end
  
   acts_as_having_boxes
@@ -121,7 +120,9 @@ class Profile &lt; ActiveRecord::Base
   end
  
   scope :visible, :conditions => { :visible => true }
+  scope :disabled, :conditions => { :visible => false }
   scope :public, :conditions => { :visible => true, :public_profile => true }
+  scope :enabled, :conditions => { :enabled => true }
  
   # Subclasses must override this method
   scope :more_popular
@@ -138,6 +139,17 @@ class Profile &lt; ActiveRecord::Base
  
   has_many :comments_received, :class_name => 'Comment', :through => :articles, :source => :comments
  
+  # Although this should be a has_one relation, there are no non-silly names for
+  # a foreign key on article to reference the template to which it is
+  # welcome_page... =P
+  belongs_to :welcome_page, :class_name => 'Article', :dependent => :destroy
+
+  def welcome_page_content
+    welcome_page && welcome_page.published ? welcome_page.body : nil
+  end
+
+  has_many :search_terms, :as => :context
+
   def scraps(scrap=nil)
     scrap = scrap.is_a?(Scrap) ? scrap.id : scrap
     scrap.nil? ? Scrap.all_scraps(self) : Scrap.all_scraps(self).find(scrap)
@@ -153,6 +165,7 @@ class Profile &lt; ActiveRecord::Base
   settings_items :public_content, :type => :boolean, :default => true
   settings_items :description
   settings_items :fields_privacy, :type => :hash, :default => {}
+  settings_items :email_suggestions, :type => :boolean, :default => false
  
   validates_length_of :description, :maximum => 550, :allow_nil => true
  
@@ -217,6 +230,8 @@ class Profile &lt; ActiveRecord::Base
  
   has_many :abuse_complaints, :foreign_key => 'requestor_id', :dependent => :destroy
  
+  has_many :profile_suggestions, :foreign_key => :suggestion_id, :dependent => :destroy
+
   def top_level_categorization
     ret = {}
     self.profile_categorizations.each do |c|
@@ -391,7 +406,7 @@ class Profile &lt; ActiveRecord::Base
   end
  
   xss_terminate :only => [ :name, :nickname, :address, :contact_phone, :description ], :on => 'validation'
-  xss_terminate :only => [ :custom_footer, :custom_header ], :with => 'white_list', :on => 'validation'
+  xss_terminate :only => [ :custom_footer, :custom_header ], :with => 'white_list'
  
   include WhiteListFilter
   filter_iframes :custom_header, :custom_footer
@@ -512,6 +527,14 @@ class Profile &lt; ActiveRecord::Base
     generate_url(:profile => identifier, :controller => 'profile', :action => 'index')
   end
  
+  def people_suggestions_url
+    generate_url(:profile => identifier, :controller => 'friends', :action => 'suggest')
+  end
+
+  def communities_suggestions_url
+    generate_url(:profile => identifier, :controller => 'memberships', :action => 'suggest')
+  end
+
   def generate_url(options)
     url_options.merge(options)
   end
@@ -601,7 +624,7 @@ private :generate_url, :url_options
   end
  
   def copy_article_tree(article, parent=nil)
-    return if article.is_a?(RssFeed)
+    return if !copy_article?(article)
     original_article = self.articles.find_by_name(article.name)
     if original_article
       num = 2
@@ -621,6 +644,11 @@ private :generate_url, :url_options
     end
   end
  
+  def copy_article?(article)
+    !article.is_a?(RssFeed) &&
+    !(is_template && article.slug=='welcome-page')
+  end
+
   # Adds a person as member of this Profile.
   def add_member(person)
     if self.has_members?
@@ -630,6 +658,8 @@ private :generate_url, :url_options
         self.affiliate(person, Profile::Roles.admin(environment.id)) if members.count == 0
         self.affiliate(person, Profile::Roles.member(environment.id))
       end
+      person.tasks.pending.of("InviteMember").select { |t| t.data[:community_id] == self.id }.each { |invite| invite.cancel }
+      remove_from_suggestion_list person
     else
       raise _("%s can't have members") % self.class.name
     end
@@ -767,7 +797,10 @@ private :generate_url, :url_options
   end
  
   def admins
-    self.members_by_role(Profile::Roles.admin(environment.id))
+    return [] if environment.blank?
+    admin_role = Profile::Roles.admin(environment.id)
+    return [] if admin_role.blank?
+    self.members_by_role(admin_role)
   end
  
   def enable_contact?
@@ -775,7 +808,7 @@ private :generate_url, :url_options
   end
  
   include Noosfero::Plugin::HotSpot
-  
+
   def folder_types
     types = Article.folder_types
     plugins.dispatch(:content_types).each {|type|
@@ -899,6 +932,13 @@ private :generate_url, :url_options
   end
  
   def disable
+    self.visible = false
+    self.save
+  end
+
+  def enable
+    self.visible = true
+    self.save
   end
  
   def control_panel_settings_button
@@ -958,4 +998,14 @@ private :generate_url, :url_options
   def preferred_login_redirection
     redirection_after_login.blank? ? environment.redirection_after_login : redirection_after_login
   end
+
+  def remove_from_suggestion_list(person)
+    suggestion = person.profile_suggestions.find_by_suggestion_id self.id
+    suggestion.disable if suggestion
+  end
+
+  def allow_invitation_from(person)
+    false
+  end
+
 end
@@ -0,0 +1,290 @@
+class ProfileSuggestion < ActiveRecord::Base
+  belongs_to :person
+  belongs_to :suggestion, :class_name => 'Profile', :foreign_key => :suggestion_id
+
+  attr_accessible :person, :suggestion, :suggestion_type, :categories, :enabled
+
+  has_many :suggestion_connections, :foreign_key => 'suggestion_id'
+  has_many :profile_connections, :through => :suggestion_connections, :source => :connection, :source_type => 'Profile'
+  has_many :tag_connections, :through => :suggestion_connections, :source => :connection, :source_type => 'ActsAsTaggableOn::Tag'
+
+  before_create do |profile_suggestion|
+    profile_suggestion.suggestion_type = self.suggestion.class.to_s
+  end
+
+  after_destroy do |profile_suggestion|
+    self.class.generate_profile_suggestions(profile_suggestion.person)
+  end
+
+  acts_as_having_settings :field => :categories
+
+  validate :must_be_a_valid_category, :on => :create
+  def must_be_a_valid_category
+    if categories.keys.map { |cat| self.respond_to?(cat)}.include?(false)
+      errors.add(:categories, 'Category must be valid')
+    end
+  end
+
+  validates_uniqueness_of :suggestion_id, :scope => [ :person_id ]
+  scope :of_person, :conditions => { :suggestion_type => 'Person' }
+  scope :of_community, :conditions => { :suggestion_type => 'Community' }
+  scope :enabled, :conditions => { :enabled => true }
+
+  # {:category_type => ['category-icon', 'category-label']}
+  CATEGORIES = {
+    :people_with_common_friends => ['menu-people', _('Friends in common')],
+    :people_with_common_communities => ['menu-community',_('Communities in common')],
+    :people_with_common_tags => ['edit', _('Tags in common')],
+    :communities_with_common_friends => ['menu-people', _('Friends in common')],
+    :communities_with_common_tags => ['edit', _('Tags in common')]
+  }
+
+  def category_icon(category)
+    'icon-' + ProfileSuggestion::CATEGORIES[category][0]
+  end
+
+  def category_label(category)
+    ProfileSuggestion::CATEGORIES[category][1]
+  end
+
+  RULES = {
+    :people_with_common_communities => {
+      :threshold => 2, :weight => 1, :connection => 'Profile'
+    },
+    :people_with_common_friends => {
+      :threshold => 2, :weight => 1, :connection => 'Profile'
+    },
+    :people_with_common_tags => {
+      :threshold => 2, :weight => 1, :connection => 'ActsAsTaggableOn::Tag'
+    },
+    :communities_with_common_friends => {
+      :threshold => 2, :weight => 1, :connection => 'Profile'
+    },
+    :communities_with_common_tags => {
+      :threshold => 2, :weight => 1, :connection => 'ActsAsTaggableOn::Tag'
+    }
+  }
+
+  RULES.keys.each do |rule|
+    settings_items rule
+    attr_accessible rule
+  end
+
+  # Number of suggestions by rule
+  N_SUGGESTIONS = 30
+
+  # Minimum number of suggestions
+  MIN_LIMIT = 10
+
+  def self.profile_id(rule)
+    "#{rule}_profile_id"
+  end
+
+  def self.connections(rule)
+    "#{rule}_connections"
+  end
+
+  def self.counter(rule)
+    "#{rule}_count"
+  end
+
+  # If you are about to rewrite the following sql queries, think twice. After
+  # that make sure that whatever you are writing to replace it should be faster
+  # than how it is now. Yes, sqls are ugly but are fast! And fast is what we
+  # need here.
+  #
+  # The logic behind this code is to produce a table somewhat like this:
+  # profile_id | rule1_count | rule1_connections | rule2_count | rule2_connections | ... | score |
+  #     12     |      2      |      {32,54}      |      3      |     {8,22,27}     | ... |   13  |
+  #     13     |      4      |   {3,12,32,54}    |      2      |      {11,24}      | ... |   15  |
+  #     14     |             |                   |      2      |      {44,56}      | ... |   17  |
+  #                                        ...
+  #                                        ...
+  #
+  # This table has the suggested profile id and the count and connections of
+  # each rule that made this profile be suggested. Each suggestion has a score
+  # associated based on the rules' counts and rules' weights.
+  #
+  # From this table, we can sort suggestions by the score and save a small
+  # amount of them in the database. At this moment we also register the
+  # connections of each suggestion.
+
+  def self.calculate_suggestions(person)
+    suggested_profiles = all_suggestions(person)
+    return if suggested_profiles.nil?
+
+    already_suggested_profiles = person.profile_suggestions.map(&:suggestion_id).join(',')
+    suggested_profiles = suggested_profiles.where("profiles.id NOT IN (#{already_suggested_profiles})") if already_suggested_profiles.present?
+    #TODO suggested_profiles = suggested_profiles.order('score DESC')
+    suggested_profiles = suggested_profiles.limit(N_SUGGESTIONS)
+    return if suggested_profiles.blank?
+
+    suggested_profiles.each do |suggested_profile|
+      suggestion = person.profile_suggestions.find_or_initialize_by_suggestion_id(suggested_profile.id)
+      RULES.each do |rule, options|
+        begin
+          value = suggested_profile.send("#{rule}_count").to_i
+        rescue NoMethodError
+          next
+        end
+        connections = suggested_profile.send("#{rule}_connections")
+        if connections.present?
+          connections = connections[1..-2].split(',')
+        else
+          connections = []
+        end
+        suggestion.send("#{rule}=", value)
+        connections.each do |connection_id|
+          next if SuggestionConnection.where(:suggestion_id => suggestion.id, :connection_id => connection_id, :connection_type => options[:connection]).present?
+           SuggestionConnection.create!(:suggestion => suggestion, :connection_id => connection_id, :connection_type => options[:connection])
+        end
+        suggestion.score += value * options[:weight]
+      end
+      suggestion.save!
+    end
+  end
+
+  def self.people_with_common_friends(person)
+    person_friends = person.friends.map(&:id)
+    rule = "people_with_common_friends"
+    return if person_friends.blank?
+    "SELECT person_id as #{profile_id(rule)},
+            array_agg(friend_id) as #{connections(rule)},
+            count(person_id) as #{counter(rule)}
+     FROM friendships WHERE friend_id IN (#{person_friends.join(',')})
+     AND person_id NOT IN (#{(person_friends << person.id).join(',')})
+     GROUP BY person_id"
+  end
+
+  def self.people_with_common_communities(person)
+    person_communities = person.communities.map(&:id)
+    rule = "people_with_common_communities"
+    return if person_communities.blank?
+    "SELECT common_members.accessor_id as #{profile_id(rule)},
+            array_agg(common_members.resource_id) as #{connections(rule)},
+            count(common_members.accessor_id) as #{counter(rule)}
+     FROM
+       (SELECT DISTINCT accessor_id, resource_id FROM
+       role_assignments WHERE role_assignments.resource_id IN (#{person_communities.join(',')}) AND
+       role_assignments.accessor_id != #{person.id} AND role_assignments.resource_type = 'Profile' AND
+       role_assignments.accessor_type = 'Profile') AS common_members
+     GROUP BY common_members.accessor_id"
+  end
+
+  def self.people_with_common_tags(person)
+    profile_tags = person.articles.select('tags.id').joins(:tags).map(&:id)
+    rule = "people_with_common_tags"
+    return if profile_tags.blank?
+    "SELECT results.profiles_id as #{profile_id(rule)},
+            array_agg(results.tags_id) as #{connections(rule)},
+            count(results.profiles_id) as #{counter(rule)}
+     FROM (
+       SELECT DISTINCT tags.id as tags_id, profiles.id as profiles_id FROM profiles
+       INNER JOIN articles ON articles.profile_id = profiles.id
+       INNER JOIN taggings ON taggings.taggable_id = articles.id AND taggings.context = ('tags') AND taggings.taggable_type = 'Article'
+       INNER JOIN tags ON tags.id = taggings.tag_id
+       WHERE (tags.id in (#{profile_tags.join(',')}) AND profiles.id != #{person.id})) AS results
+     GROUP BY results.profiles_id"
+  end
+
+  def self.communities_with_common_friends(person)
+    person_friends = person.friends.map(&:id)
+    rule = "communities_with_common_friends"
+    return if person_friends.blank?
+    "SELECT common_communities.resource_id as #{profile_id(rule)},
+            array_agg(common_communities.accessor_id) as #{connections(rule)},
+            count(common_communities.resource_id) as #{counter(rule)}
+     FROM
+       (SELECT DISTINCT accessor_id, resource_id FROM
+       role_assignments WHERE role_assignments.accessor_id IN (#{person_friends.join(',')}) AND
+       role_assignments.accessor_id != #{person.id} AND role_assignments.resource_type = 'Profile' AND
+       role_assignments.accessor_type = 'Profile') AS common_communities
+     GROUP BY common_communities.resource_id"
+  end
+
+  def self.communities_with_common_tags(person)
+    profile_tags = person.articles.select('tags.id').joins(:tags).map(&:id)
+    rule = "communities_with_common_tags"
+    return if profile_tags.blank?
+    "SELECT results.profiles_id as #{profile_id(rule)},
+            array_agg(results.tags_id) as #{connections(rule)},
+            count(results.profiles_id) as #{counter(rule)}
+     FROM
+       (SELECT DISTINCT tags.id as tags_id, profiles.id AS profiles_id FROM profiles
+       INNER JOIN articles ON articles.profile_id = profiles.id
+       INNER JOIN taggings ON taggings.taggable_id = articles.id AND taggings.context = ('tags') AND taggings.taggable_type = 'Article'
+       INNER JOIN tags ON tags.id = taggings.tag_id
+       WHERE (tags.id IN (#{profile_tags.join(',')}) AND profiles.id != #{person.id})) AS results
+     GROUP BY results.profiles_id"
+  end
+
+  def self.all_suggestions(person)
+    select_string = ["profiles.*"]
+    suggestions_join = []
+    where_string = []
+    valid_rules = []
+    previous_rule = nil
+    join_column = nil
+    RULES.each do |rule, options|
+      rule_select = self.send(rule, person)
+      next if !rule_select.present?
+
+      valid_rules << rule
+      select_string << "suggestions.#{counter(rule)} as #{counter(rule)}, suggestions.#{connections(rule)} as #{connections(rule)}"
+      where_string << "#{counter(rule)} >= #{options[:threshold]}"
+      rule_select = "
+        (SELECT profiles.id as #{profile_id(rule)},
+                #{rule}_sub.#{counter(rule)} as #{counter(rule)},
+                #{rule}_sub.#{connections(rule)} as #{connections(rule)}
+        FROM profiles
+        LEFT OUTER JOIN (#{rule_select}) as #{rule}_sub
+        ON profiles.id = #{rule}_sub.#{profile_id(rule)}) AS #{rule}"
+
+      if previous_rule.nil?
+        result = rule_select
+      else
+        result = "INNER JOIN #{rule_select}
+         ON #{previous_rule}.#{profile_id(previous_rule)} = #{rule}.#{profile_id(rule)}"
+      end
+      previous_rule = rule
+      suggestions_join << result
+    end
+
+    return if valid_rules.blank?
+
+    select_string = select_string.compact.join(',')
+    join_string = "INNER JOIN (SELECT * FROM #{suggestions_join.compact.join(' ')}) AS suggestions ON profiles.id = suggestions.#{profile_id(valid_rules.first)}"
+    where_string = where_string.compact.join(' OR ')
+
+    person.environment.profiles.
+      select(select_string).
+      joins(join_string).
+      where(where_string)
+  end
+
+  def disable
+    self.enabled = false
+    self.save!
+    self.class.generate_profile_suggestions(self.person)
+  end
+
+  def self.generate_all_profile_suggestions
+    Delayed::Job.enqueue(ProfileSuggestion::GenerateAllJob.new) unless ProfileSuggestion::GenerateAllJob.exists?
+  end
+
+  def self.generate_profile_suggestions(person, force = false)
+    return if person.profile_suggestions.enabled.count >= MIN_LIMIT && !force
+    Delayed::Job.enqueue ProfileSuggestionsJob.new(person.id) unless ProfileSuggestionsJob.exists?(person.id)
+  end
+
+  class GenerateAllJob
+    def self.exists?
+      Delayed::Job.by_handler("--- !ruby/object:ProfileSuggestion::GenerateAllJob {}\n").count > 0
+    end
+
+    def perform
+      Person.find_each {|person| ProfileSuggestion.generate_profile_suggestions(person) }
+    end
+  end
+
+end
@@ -3,7 +3,7 @@ class Qualifier &lt; ActiveRecord::Base
   attr_accessible :name, :environment
  
   SEARCHABLE_FIELDS = {
-    :name => 1,
+    :name => {:label => _('Name'), :weight => 1},
   }
  
   belongs_to :environment
@@ -3,7 +3,7 @@ class Scrap &lt; ActiveRecord::Base
   attr_accessible :content, :sender_id, :receiver_id, :scrap_id
  
   SEARCHABLE_FIELDS = {
-    :content => 1,
+    :content => {:label => _('Content'), :weight => 1},
   }
   validates_presence_of :content
   validates_presence_of :sender_id, :receiver_id
@@ -0,0 +1,63 @@
+class SearchTerm < ActiveRecord::Base
+  validates_presence_of :term, :context
+  validates_uniqueness_of :term, :scope => [:context_id, :context_type, :asset]
+
+  belongs_to :context, :polymorphic => true
+  has_many :occurrences, :class_name => 'SearchTermOccurrence'
+
+  attr_accessible :term, :context, :asset
+
+  def self.calculate_scores
+    os = occurrences_scores
+    find_each { |search_term| search_term.calculate_score(os) }
+  end
+
+  def self.find_or_create(term, context, asset='all')
+    context.search_terms.where(:term => term, :asset => asset).first || context.search_terms.create!(:term => term, :asset=> asset)
+  end
+
+  # Fast way of getting the occurrences score for each search_term. Ugly but fast!
+  #
+  # Each occurrence of a search_term has a score that is smaller the older the
+  # occurrence happened. We subtract the amount of time between now and the
+  # moment it happened from the total time any occurrence is valid to happen. E.g.:
+  # The expiration time is 100 days and an occurrence happened 3 days ago.
+  # Therefore the score is 97. Them we sum every score to get the total score
+  # for a search term.
+  def self.occurrences_scores
+    ActiveSupport::OrderedHash[*ActiveRecord::Base.connection.execute(
+      joins(:occurrences).
+      select("search_terms.id, sum(#{SearchTermOccurrence::EXPIRATION_TIME.to_i} - extract(epoch from (now() - search_term_occurrences.created_at))) as value").
+      where("search_term_occurrences.created_at > ?", DateTime.now - SearchTermOccurrence::EXPIRATION_TIME).
+      group("search_terms.id").
+      order('value DESC').
+      to_sql
+    ).map {|result| [result['id'].to_i, result['value'].to_i]}.flatten]
+  end
+
+  def calculate_occurrence(occurrences_scores)
+    max_score = occurrences_scores.first[1]
+    (occurrences_scores[id]/max_score.to_f)*100
+  end
+
+  def calculate_relevance(valid_occurrences)
+    indexed = valid_occurrences.last.indexed.to_f
+    return 0 if indexed == 0
+    total = valid_occurrences.last.total.to_f
+    (1 - indexed/total)*100
+  end
+
+  def calculate_score(occurrences_scores)
+    valid_occurrences = occurrences.valid
+    if valid_occurrences.present?
+      # These scores vary from 1~100
+      self.occurrence_score = calculate_occurrence(occurrences_scores)
+      self.relevance_score = calculate_relevance(valid_occurrences)
+    else
+      self.occurrence_score = 0
+      self.relevance_score = 0
+    end
+    self.score = (occurrence_score * relevance_score)/100.0
+    self.save!
+  end
+end
@@ -0,0 +1,9 @@
+class SearchTermOccurrence < ActiveRecord::Base
+  belongs_to :search_term
+  validates_presence_of :search_term
+  attr_accessible :search_term, :created_at, :total, :indexed
+
+  EXPIRATION_TIME = 1.year
+
+  scope :valid, :conditions => ["search_term_occurrences.created_at > ?", DateTime.now - EXPIRATION_TIME]
+end
@@ -0,0 +1,6 @@
+class SuggestionConnection < ActiveRecord::Base
+  attr_accessible :suggestion, :connection_type, :connection_id
+
+  belongs_to :suggestion, :class_name => 'ProfileSuggestion', :foreign_key => 'suggestion_id'
+  belongs_to :connection, :polymorphic => true
+end
@@ -285,8 +285,9 @@ class Task &lt; ActiveRecord::Base
   # If
   def send_notification(action)
     if sends_email?
-      if self.requestor
-         TaskMailer.generic_message("task_#{action}", self)
+      if self.requestor && !self.requestor.notification_emails.empty?
+        message = TaskMailer.generic_message("task_#{action}", self)
+        message.deliver if message
       end
     end
   end
@@ -11,6 +11,10 @@ class User &lt; ActiveRecord::Base
   N_('Password confirmation')
   N_('Terms accepted')
  
+  SEARCHABLE_FIELDS = {
+    :email => {:label => _('Email'), :weight => 5},
+  }
+
   def self.[](login)
     self.find_by_login(login)
   end
@@ -201,6 +205,10 @@ class User &lt; ActiveRecord::Base
     Digest::MD5.hexdigest(password)
   end
  
+  add_encryption_method :salted_md5 do |password, salt|
+    Digest::MD5.hexdigest(password+salt)
+  end
+
   add_encryption_method :clear do |password, salt|
     password
   end
@@ -350,6 +358,7 @@ class User &lt; ActiveRecord::Base
     end
  
     def delay_activation_check
+      return if person.is_template?
       Delayed::Job.enqueue(UserActivationJob.new(self.id), {:priority => 0, :run_at => 72.hours.from_now})
     end
 end
@@ -13,7 +13,7 @@ class RoleAssignmentSweeper &lt; ActiveRecord::Observer
 protected
  
   def expire_caches(role_assignment)
-    expire_cache(role_assignment.accessor)
+    expire_cache(role_assignment.accessor) if role_assignment.accessor.kind_of?(Profile)
     expire_cache(role_assignment.resource) if role_assignment.resource.kind_of?(Profile)
   end
  
-<% if @register_pending %>
-  <div id='thanks-for-signing'>
-    <% if environment.has_custom_welcome_screen? %>
-      <%= environment.settings[:signup_welcome_screen_body].html_safe %>
-    <% elsif environment.enabled?('admin_must_approve_new_users')%>
-      <h1><%= _("Welcome to %s!") % environment.name %></h1>
-      <h3><%= _("Thanks for signing up, we're thrilled to have you on our social network!") %></h3>
-      <p><%= _("Firstly, some tips for getting started:") %></p>
-      <% unless environment.enabled?('skip_new_user_email_confirmation') %>
-        <h4><%= _("Confirm your account and wait for admin approvement!") %></h4>
-        <p><%= _("You should receive a welcome email from us shortly. Please take a second to follow the link within to confirm your account.") %></p>
-        <p><%= _("You won't appear as %s until your account is confirmed and approved.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
-      <% else %>
-        <h4><%= _("Wait for admin approvement!") %></h4>
-        <p><%= _("The administrators will evaluate your signup request for approvement.") %></p>
-        <p><%= _("You won't appear as %s until your account is approved.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
-      <% end %> 
-      <h4><%= _("What to do next?") %></h4>
-      <p><%= _("%s. Upload an avatar and let your friends find you easily :)") % link_to(_('Customize your profile'), {:controller => 'doc', :section => 'user', :topic => 'editing-person-info'}, :target => '_blank') %></p>
-      <p><%= _("Learn the guidelines. Read the %s for more details on how to use this social network!") % link_to(_('Documentation'), {:controller => 'doc'}, :target => '_blank') %></p>
-      <p><%= _("%s your Gmail, Yahoo and Hotmail contacts!") % link_to(_('Invite and find'), {:controller => 'doc', :section => 'user', :topic => 'invite-contacts'}, :target => '_blank') %></p>
-      <p><%= _("Start exploring and have fun!") %></p>
-    <% else %>
-      <h1><%= _("Welcome to %s!") % environment.name %></h1>
-      <h3><%= _("Thanks for signing up, we're thrilled to have you on our social network!") %></h3>
-      <p><%= _("Firstly, some tips for getting started:") %></p>
-      <h4><%= _("Confirm your account!") %></h4>
-      <p><%= _("You should receive a welcome email from us shortly. Please take a second to follow the link within to confirm your account.") %></p>
-      <p><%= _("You won't appear as %s until your account is confirmed.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
-      <h4><%= _("What to do next?") %></h4>
-      <p><%= _("%s. Upload an avatar and let your friends find you easily :)") % link_to(_('Customize your profile'), {:controller => 'doc', :section => 'user', :topic => 'editing-person-info'}, :target => '_blank') %></p>
-      <p><%= _("Learn the guidelines. Read the %s for more details on how to use this social network!") % link_to(_('Documentation'), {:controller => 'doc'}, :target => '_blank') %></p>
-      <p><%= _("%s your Gmail, Yahoo and Hotmail contacts!") % link_to(_('Invite and find'), {:controller => 'doc', :section => 'user', :topic => 'invite-contacts'}, :target => '_blank') %></p>
-      <p><%= _("Start exploring and have fun!") %></p>
-    <% end %>
-  </div>
-<% else %>
-  <h1><%= _('Sign up for %s!') % environment.name %></h1>
-  <%= render :partial => 'signup_form' %>
-<% end %>
+<h1><%= _('Sign up for %s!') % environment.name %></h1>
+<%= render :partial => 'signup_form' %>
 <div class='description'>
-  <%= _('This text will be showed as a welcome message to users after signup') %><br/><br/>
+  <%= _('If you enable this feature on the "Features" section of the Administration Panel, this text will be shown as a welcome message to users after signup.') %>
 </div>
-
 <%= labelled_form_field(_('Body'), text_area(:environment, :signup_welcome_screen_body, :cols => 40, :style => 'width: 100%', :class => 'mceEditor')) %>
+
+<div class='description'>
+  <%= _('If this content is left blank, the following page will be displayed to the user:') %>
+</div>
+
+<%= render :file => 'home/welcome', :locals => {:default_message => true} %>
@@ -20,6 +20,7 @@
   <tr><td><%= link_to _('Users'), :controller => 'users' %></td></tr>
   <tr><td><%= link_to _('Profile templates'), :controller => 'templates' %></td></tr>
   <tr><td><%= link_to _('Fields'), :controller => 'features', :action => 'manage_fields' %></td></tr>
+  <tr><td><%= link_to _('Manage organizations status'), :action => 'manage_organizations_status' %></td></tr>
 </table>
  
  
@@ -0,0 +1,69 @@
+<h1><%= _('Manage organizations') %></h1>
+
+<%= form_tag( { :action => 'manage_organizations_status' }, :method => 'get', :class => 'users-search' ) do %>
+
+  <div class="search-field">
+    <span class="formfield">
+      <%= text_field_tag 'q', @q, :title => _("Find profiles"), :style=>"width:85%" %>
+    </span>
+
+    <%= submit_button(:search, _('Search')) %>
+  </div>
+
+  <div class="environment-users-results-header">
+    <div id='environment-users-filter-title'><%= @title %></div>
+
+    <div id="environment-users-filter-filter">
+      <strong><%= _("Filter by: ") %></strong>
+
+      <select id="profile_filter_select">
+        <%= options_for_select([['Any', 'any'],["Disabled profiles", "disabled"], ["Enabled profiles", "enabled"]], @filter) %>
+      </select>
+    </div>
+    <div style="clear: both"></div>
+  </div>
+
+  <table>
+    <colgroup>
+      <col width="80%">
+      <col width="20%">
+    </colgroup>
+
+    <tr>
+      <th><%= _('Member') %></th>
+      <th><%= _('Actions') %></th>
+    </tr>
+
+    <% @collection.each do |p| %>
+      <tr title="<%= p.name %>">
+        <td><%= link_to_profile p.short_name, p.identifier, :title => p.name %> </td>
+
+        <td class='actions'>
+          <div class="members-buttons-cell">
+            <% if p.visible %>
+              <%= button_without_text :'deactivate-user', _('Deactivate'), {:controller => "profile_editor", :action => 'deactivate_profile', :profile => p.identifier, :id => p.id}, :confirm => _("Do you want to deactivate this profile ?") %>
+            <% else %>
+              <%= button_without_text :'activate-user', _('Activate'), {:controller => "profile_editor", :action => 'activate_profile', :profile => p.identifier, :id => p.id}, :confirm => _("Do you want to activate this profile ?") %>
+            <% end %>
+              <%= button_without_text :'delete', _('Remove'), {:controller => "profile_editor", :action => 'destroy_profile', :profile => p.identifier, :id => p.id, :return_to => "/admin/admin_panel/manage_organizations_status"}, :method => :post, :confirm => _("Do you want to deactivate this profile ?") %>
+         </div>
+        </td>
+      </tr>
+    <% end %>
+  </table>
+
+<% end %>
+
+<%= pagination_links @collection, {:param_name => 'npage', :page_links => true} %>
+
+<% button_bar do %>
+  <%= button :back, _('Back'), :controller => 'admin_panel' %>
+<% end %>
+
+<script type="text/javascript">
+  jQuery(document).ready(function(){
+    jQuery("#profile_filter_select").change(function(){
+      document.location.href = '/admin/admin_panel/manage_organizations_status?filter='+this.value;
+    });
+  });
+</script>
 \ No newline at end of file
@@ -10,9 +10,12 @@
     :content => (render :partial => 'site_info', :locals => {:f => f})} %>
   <% tabs << {:title => _('Terms of use'), :id => 'terms-of-use',
     :content => (render :partial => 'terms_of_use', :locals => {:f => f})} %>
-  <% tabs << {:title => _('Signup welcome text'), :id => 'signup-welcome-text',
+  <% #TODO I renamed the labels of signup-welcome-text and signup-welcome-page
+     # so texts more meaningful but I'm not rewriting every variable or reference to
+     # this. I leave this task to whoever thinks this is too annoying.%>
+  <% tabs << {:title => _('Signup welcome email'), :id => 'signup-welcome-text',
     :content => (render :partial => 'signup_welcome_text', :locals => {:f => f})} %>
-  <% tabs << {:title => _('Signup welcome message'), :id => 'signup-welcome-message',
+  <% tabs << {:title => _('Signup welcome page'), :id => 'signup-welcome-message',
     :content => (render :partial => 'signup_welcome_screen', :locals => {:f => f}) }%>
   <%= render_tabs(tabs) %>
   <% button_bar do %>
@@ -0,0 +1,17 @@
+<% if owner.kind_of?(Profile) %>
+  <%= link_to s_('communities|View all'), {:profile => owner.identifier, :controller => 'profile', :action => 'communities'}, :class => 'view-all' %>
+<% elsif owner.kind_of?(Environment) %>
+  <%= link_to s_('communities|View all'), {:controller => 'search', :action => 'communities'}, :class => 'view-all' %>
+<% end %>
+
+<% if user && user == profile && suggestions && !suggestions.empty? %>
+  <div class='suggestions-block common-profile-list-block'>
+    <h4 class='block-subtitle'><%= _('Some suggestions for you') %></h4>
+    <div class='profiles-suggestions'>
+      <%= render :partial => 'shared/profile_suggestions_list', :locals => { :suggestions => suggestions, :collection => :communities_suggestions, :per_page => 3 } %>
+    </div>
+    <div class='more-suggestions'>
+      <%= link_to _('See all suggestions'), profile.communities_suggestions_url %>
+    </div>
+  </div>
+<% end %>
 <%= block_title(title) %>
  
-<%= render_profile_actions owner.class %>
-
 <ul>
   <li><%= link_to(_('Homepage'), owner.url, :class => 'url') %></li>
   <li><%= link_to(_('View profile'), owner.public_profile_url) %></li>
@@ -11,5 +9,5 @@
 </ul>
  
 <div class="my-network-actions">
-  <%= render 'blocks/profile_info_actions/' + owner.class.name.underscore %>
+  <%= render_profile_actions owner.class %>
 </div>
@@ -5,6 +5,12 @@
  
     <%= labelled_form_field(_('Custom title for this block: '), text_field(:block, :title, :maxlength => 20)) %>
  
+    <% if environment.admins.include?(user) %>
+      <div class="fixed_block">
+        <%= labelled_check_box(_("Fixed"), "block[fixed]", value = "1", checked = @block.fixed) %>
+      </div>
+    <% end %>
+
     <%= render :partial => partial_for_class(@block.class) %>
  
     <div class="display">
 <p>
 <em>
   <%= _('Drag images to add them to the text.') %>
-  <%= _('Drag file names to the text to add links.') %>
+  <%= _('Click on file names to add links to the text.') %>
 </em>
 </p>
 <%= select_profile_folder(_('Parent folder:'), 'article[parent_id]', profile, @article.parent_id) %>
-<%= labelled_form_field(_('License'), select(:article, :license_id, options_for_select_with_title([[_('None'), nil]] + profile.environment.licenses.map {|license| [license.name, license.id]}, @article.license ? @article.license.id : nil))) %>
+<% if profile.environment.has_license? %>
+  <%= labelled_form_field(_('License'), select(:article, :license_id, options_for_select_with_title([[_('None'), nil]] + profile.environment.licenses.map {|license| [license.name, license.id]}, @article.license ? @article.license.id : nil))) %>
+<% end %>
@@ -0,0 +1,6 @@
+<div>
+  <%= labelled_form_field(_('Title'), @article.name) %>
+  <%= labelled_form_field(_('Reference'), link_to(url_for @article.view_url)) %>
+
+  <%= render :partial => 'general_fields' %>
+</div>
@@ -0,0 +1,15 @@
+<%= form_tag({:action => 'new', :profile => profile.identifier}, :id => 'new-folder-dialog', :title => _('Create new folder'), :style => 'display: none;') do %>
+  <%= select_profile_folder(
+    _('Choose parent folder:'),
+    :parent_id, profile, default_folder, {}, {},
+    "type='Folder' or type='Gallery'")
+  %>
+
+  <%= labelled_radio_button _('Gallery'), :folder_type, 'Gallery', true %>
+  <%= labelled_radio_button _('Folder'), :folder_type, 'Folder', false %>
+
+  <%= labelled_form_field _('Name:'), text_field_tag(:new_folder, nil, 'data-url' => url_for({:action => 'new', :profile => profile.identifier})) %>
+  <% button_bar do %>
+    <%= submit_button(:newfolder, _('Create')) %>
+  <% end %>
+<% end %>
@@ -0,0 +1,12 @@
+<% file_types.each do |key, header| %>
+  <% display = @recent_files[key].present? ? '' : 'none' %>
+  <div class='<%= key.to_s %>' style='display: <%= display%>;'>
+    <div class='section-title'>
+      <h3><%= header %></h3>
+      <% if @recent_files[key].total_pages > 1 %>
+        <%= link_to(_('View all'), {:controller => 'cms', :action => 'view_all_media', :profile => profile.identifier, :key => key}, :class => 'view-all colorbox', 'data-key' => key) %>
+      <% end %>
+    </div>
+    <%= render :partial => "cms/media_panel/list_published_media_items", :locals => { key: key, show_pagination_links: false } %>
+  </div>
+<% end %>
+<% default_folder = content_id_to_str default_folder_for_image_upload(profile) %>
+
 <div class='text-editor-sidebar'>
   <span class='button-add' data-value='<%= _('Add to the text') %>'></span>
   <span class='button-zoom' data-value='<%= _('Zoom in') %>'></span>
   <span class='button-close' data-value='<%= _('Close') %>'></span>
  
+  <div class='header'><strong><%= _('Insert media') %></strong><%= button('vertical-toggle', _('Show/Hide'), '#') %></div>
+
   <%= render(:partial => 'textile_quick_reference') if @article.is_a?(TextileArticle) %>
   <div class='text-editor-sidebar-box' id='media-upload-box'>
-    <div class='header'><strong><%= _('Insert media') %></strong></div>
     <div id='media-upload-form'>
       <%= form_tag({ :action => 'media_upload' }, :multipart => true) do %>
         <div class='formfield'>
-          <% default_folder = content_id_to_str default_folder_for_image_upload(profile) %>
           <%= select_profile_folder(
                 _('Choose folder to upload files:'),
                 :parent_id, profile, default_folder, {}, {},
                 "type='Folder' or type='Gallery'"
           ) %>
         </div>
-        <p><%= file_field_tag('file1') %></p>
-        <p><%= file_field_tag('file2') %></p>
-        <p><%= file_field_tag('file3') %></p>
-        <% button_bar do %>
-          <%= submit_button(:save, _('Upload')) %>
-        <% end %>
+        <%= button(:newfolder, _('New folder'), '#', :id => 'new-folder-button') %>
+        <p><%= file_field_tag('file', :multiple => true) %></p>
       <% end %>
     </div>
-    <div id='media-upload-results' style='display: none'>
-      <%= render :partial => 'drag_and_drop_note' %>
-      <div class='items'>
-      </div>
-      <p><%= link_to(_('Upload more files ...'), '#', :id => 'media-upload-more-files')%></p>
+    <div class='hide-and-show-uploads'>
+      <%= link_to(_('Hide all uploads'), nil, :id => 'hide-uploads', :style => 'display: none;', 'data-bootstraped' => false) %>
+      <%= link_to(_('Show all uploads'), nil, :id => 'show-uploads', :style => 'display: none;') %>
     </div>
   </div>
-  <div id='media-search-box' class='text-editor-sidebar-box'>
-    <div class='header'><strong><%= _('Media search') %></strong></div>
-    <p>
-    <%= form_tag({ :action => 'search' }) do %>
-      <span class='formfield'>
-        <input name='q' type='text' id='media-search-query' style='width: 250px;'/>
-      </span>
-      <%= submit_button :search, _('Search'), :id => 'media-search-button' %>
-    <% end %>
-    </p>
-    <div id='media-search-results' style='display: none'>
-      <%= render :partial => 'drag_and_drop_note' %>
-      <div class='items'>
-      </div>
+
+  <div id='published-media' class='text-editor-sidebar-box' data-url='<%= url_for({:controller => 'cms', :action => 'published_media_items', :profile => profile.identifier}) %>'>
+    <%= select_profile_folder(nil, :parent_id, profile, 'recent-media', {}, {},
+        "type='Folder' or type='Gallery'", {:root_label => _('Recent media')}) %>
+    <%= labelled_form_field _('Search'), text_field_tag('q') %>
+    <%= render :partial => 'drag_and_drop_note' %>
+    <div class='items'>
+      <%= render :partial => 'published_media_items' %>
     </div>
   </div>
 </div>
  
+<script id="template-upload" type="text/x-tmpl">
+  <div id="file-{%= o.id %}" class="upload" title="{%= o.name %}">
+    <div class="file-name">{%=o.name%}</div>
+    <div class="percentage"></div>
+    <div class="progress"><div class="bar" style="width: 0%;"></div></div>
+  </div>
+</script>
  
+<%= render :partial => 'media_new_folder', :locals => {:default_folder => default_folder} %>
+<%= javascript_include_tag 'jquery.fileupload.js', 'tmpl.js', 'media-panel.js' %>
@@ -15,6 +15,7 @@
     <pre># <%= _('first item') %>
 # <%= _('second item') %></pre>
     <p><%= h(_('For code, use HTML tags <pre> and <code>, and indent the code inside them:')) %>
+    </p>
     <pre>
 &lt;pre&gt;
 &lt;code&gt;
 <%= error_messages_for 'article' %>
  
-<div class='<%= (environment.enabled?('media_panel') ? 'with_media_panel' : 'no_media_panel') %>'>
+<% show_media_panel = environment.enabled?('media_panel') && [TinyMceArticle, TextileArticle, Event, EnterpriseHomepage].any?{|klass| @article.kind_of?(klass)} %>
+
+<div class='<%= (show_media_panel ? 'with_media_panel' : 'no_media_panel') %>'>
 <%= labelled_form_for 'article', :html => { :multipart => true, :class => @type } do |f| %>
  
   <%= hidden_field_tag("type", @type) if @type %>
@@ -66,7 +68,7 @@
 <% end %>
 </div>
  
-<% if environment.enabled?('media_panel') && [TinyMceArticle, TextileArticle, Event, EnterpriseHomepage].any?{|klass| @article.kind_of?(klass)} %>
+<% if show_media_panel %>
   <%= render :partial => 'text_editor_sidebar' %>
 <% end %>
  
@@ -0,0 +1,5 @@
+<div class="item file <%= icon_for_article(@file) %>" data-item="div">
+  <div>
+    <a class="add-to-text" href="<%= url_for(@file.url) %>" title="<%= @file.title %>"><%= @file.title %></a>
+  </div>
+</div>
@@ -0,0 +1,9 @@
+<div class="item image" data-item="span" title="<%= @file.name %>">
+  <span>
+    <img src="<%= @file.public_filename(:uploaded) %>"/>
+  </span>
+  <div class="controls image-controls">
+    <a class="button icon-add add-to-text" href="#"><span><%= _('Add to the text') %></span></a>
+    <a class="button icon-zoom zoom" href="#" title="<%= _('Zoom in') %>"><span><%= _('Zoom in') %></span></a>
+  </div>
+</div>
@@ -0,0 +1,5 @@
+<% @recent_files[key].each do |file| %>
+  <% @file = file %>
+  <%= render :partial => "cms/media_panel/#{key.to_s.singularize}" %>
+<% end %>
+<%= pagination_links @recent_files[key] if show_pagination_links %>
...	...	@@ -40,6 +40,7 @@ Alessandro Palmeira + João M. M. Silva <alessandro.palmeira@gmail.com>
40	40	Alessandro Palmeira + Paulo Meirelles <alessandro.palmeira@gmail.com>
41	41	Alessandro Palmeira + Paulo Meirelles + João M. M. da Silva <alessandro.palmeira@gmail.com>
42	42	Alessandro Palmeira + Rafael Manzo <alessandro.palmeira@gmail.com>
	43	+analosnak <analosnak@gmail.com>
43	44	Ana Losnak <analosnak@gmail.com>
44	45	Andre Bernardes <andrebsguedes@gmail.com>
45	46	Antonio Terceiro + Carlos Morais <terceiro@colivre.coop.br>
...	...	@@ -81,7 +82,6 @@ Carlos Morais + Diego Araújo <diegoamc90@gmail.com>
81	82	Carlos Morais + Eduardo Morais <carlos88morais@gmail.com>
82	83	Carlos Morais + Paulo Meirelles <carlos88morais@gmail.com>
83	84	Carlos Morais + Pedro Leal <carlos88morais@gmail.com>
84		-Daniela Feitosa <dani@dohko.(none)>
85	85	Daniel Alves + Diego Araújo <danpaulalves@gmail.com>
86	86	Daniel Alves + Diego Araújo <diegoamc90@gmail.com>
87	87	Daniel Alves + Diego Araújo + Guilherme Rojas <danpaulalves@gmail.com>
...	...	@@ -119,7 +119,6 @@ Diego Araújo + Renan Teruo <diegoamc90@gmail.com>
119	119	Diego Araujo + Rodrigo Souto + Rafael Manzo <rr.manzo@gmail.com>
120	120	Diego + Jefferson <diegoamc90@gmail.com>
121	121	Diego Martinez <diegoamc90@gmail.com>
122		-Diego Martinez <diego@diego-K55A.(none)>
123	122	Diego + Renan <renanteruoc@gmail.com>
124	123	Eduardo Tourinho Edington <eduardo.edington@serpro.gov.br>
125	124	Evandro Jr <evandrojr@gmail.com>
...	...	@@ -195,9 +194,11 @@ Luis David Aguilar Carlos <ludwig9003@gmail.com>
195	194	Luiz Fernando de Freitas Matos <luiz@luizff.matos@gmail.com>
196	195	Marcos Ramos <ms.ramos@outlook.com>
197	196	Martín Olivera <molivera@solar.org.ar>
	197	+Michal Čihař <michal@cihar.com>
198	198	Moises Machado <moises@colivre.coop.br>
199	199	Naíla Alves <naila@colivre.coop.br>
200	200	Nanda Lopes <nanda.listas+psl@gmail.com>
	201	+Parley Martins <parleypachecomartins@gmail.com>
201	202	Paulo Meirelles + Alessandro Palmeira + João M. M. da Silva <paulo@softwarelivre.org>
202	203	Paulo Meirelles + Alessandro Palmeira <paulo@softwarelivre.org>
203	204	Paulo Meirelles + Carlos Morais <paulo@softwarelivre.org>
...	...	@@ -220,6 +221,7 @@ Rafael Reggiani Manzo + João M. M. da Silva <rr.manzo@gmail.com>
220	221	Rafael Reggiani Manzo <rr.manzo@gmail.com>
221	222	Raphaël Rousseau <raph@r4f.org>
222	223	Raquel Lira <raquel.lira@gmail.com>
	224	+Raquel <rcordioli@gmail.com>
223	225	Renan Teruo + Caio Salgado <renanteruoc@gmail.com>
224	226	Renan Teruoc + Diego Araujo <renanteruoc@gmail.com>
225	227	Renan Teruo + Diego Araujo <renanteruoc@gmail.com>
...	...	@@ -227,13 +229,13 @@ Renan Teruo + Diego Araújo <renanteruoc@gmail.com>
227	229	Renan Teruo + Paulo Meirelles <renanteruoc@gmail.com>
228	230	Renan Teruo + Rafael Manzo <renanteruoc@gmail.com>
229	231	Rodrigo Souto + Ana Losnak + Daniel Bucher + Caio Almeida + Leandro Nunes + Daniela Feitosa + Mariel Zasso <noosfero-br@listas.softwarelivre.org>
230		-Rodrigo Souto <diguliu@gmail.com>
231	232	Rodrigo Souto <rodrigo@colivre.coop.br>
232	233	Ronny Kursawe <kursawe.ronny@googlemail.com>
233	234	root <root@debian.sdr.serpro>
234	235	Samuel R. C. Vale <srcvale@holoscopio.com>
235	236	Tallys Martins <tallysmartins@gmail.com>
236	237	tallys <tallys@tallys.(none)>
	238	+Thiago Zoroastro <thiago.zoroastro@bol.com.br>
237	239	Valessio Brito <contato@valessiobrito.com.br>
238	240	Valessio Brito <contato@valessiobrito.info>
239	241	Valessio Brito <valessio@gmail.com>
...	...
...	...	@@ -0,0 +1,124 @@
	1	+# Noosfero Development Policy
	2	+
	3	+## Developer Roles
	4	+
	5	+* Developers are everyone that is contributing code to Noosfero.
	6	+* Committers are the people with direct commit access to the Noosfero source
	7	+ code. They are responsible for reviewing contributions from other developers
	8	+ and integrating them in the Noosfero code base. They are the members of the
	9	+ [Noosfero group on Gitlab](https://gitlab.com/groups/noosfero/members).
	10	+* Release managers are the people that are managing the release of a new
	11	+ Noosfero version and/or the maintainance work of an existing Noosfero stable
	12	+ branch. See MAINTAINANCE.md for details on the maintaince policy.
	13	+
	14	+## Development process
	15	+
	16	+* Every new feature or non-trivial bugfix should be reviewed by at least one
	17	+ committer. This must be the case even if the original author is a committer.
	18	+
	19	+ * In the case the original author is a committer, he/she should feel free to
	20	+ commit directly if after 1 week nobody has provided any kind of feedback.
	21	+
	22	+ * Developers who are not committers should feel free to ping committers if
	23	+ they do not get feedback on their contributions after 1 week.
	24	+
	25	+ * On GitLab, one can just add a comment to the merge request; one can also
	26	+ @-mention specific committers or other developers who have expertise on
	27	+ the area of the contribution.
	28	+
	29	+ * Committers should follow the activity of the project, and try to help
	30	+ reviewing contributions from others as much as possible.
	31	+
	32	+ * On GitLab one can get emails for all activity on a project by setting the
	33	+ [notification settings](https://gitlab.com/profile/notifications) to
	34	+ "watch".
	35	+
	36	+ * Anyone can help by reviewing contributions. Committers are the only ones
	37	+ who can give the final approval to a contribution, but everyone is welcome
	38	+ to help with code review, testing, etc.
	39	+
	40	+ * See note above about setting up notification on GitLab.
	41	+
	42	+* Committers should feel free to push trivial (or urgent) changes directly.
	43	+ There are no strict rule on what makes a change trivial or urgent; committers
	44	+ are expected to exercise good judgement on a case by case basis.
	45	+
	46	+ * Usually changes to the database are not trivial.
	47	+
	48	+* In the case of unsolvable conflict between commiters regarding any change to
	49	+ the code, the current release manager(s) will have the final say in the
	50	+ matter.
	51	+
	52	+* Release managers are responsible for stablishing a release schedule, and
	53	+ about deciding when and what to release.
	54	+
	55	+ * Release managers should announce release schedules to the project mailing
	56	+ lists in advance.
	57	+
	58	+ * The release schedule may include a period of feature freeze, during which
	59	+ no new features or any other changes that are not pre-approved by the
	60	+ release manager must be committed to the repository.
	61	+
	62	+ * Committers must respect the release schedule and feature freezes.
	63	+
	64	+## Maintainance process
	65	+
	66	+### Not all feature releases will be maintained as a stable release
	67	+
	68	+We will be choosing specific release series to be maintained as stable
	69	+releases.
	70	+
	71	+This means that a given release is not guaranteed to be maintained as a stable
	72	+release, but does not mean it won't be. Any committer (or anyone, really) can
	73	+decide to maintain a given release as stable and seek help from others to do
	74	+so.
	75	+
	76	+### No merges from stable branches to master
	77	+
	78	+All changes must be submitted against the master branch first, and when
	79	+applicable, backported to the desired stable releases. Exceptions to this rules
	80	+are bug fixes that only apply to a given stable branch and not to master.
	81	+
	82	+In the past we had non-trivial changes accepted into stable releases while
	83	+master was way ahead (e.g. during the rails3 migration period), that made the
	84	+merge back into master very painful. By eliminating the need to do these
	85	+merges, we save time for the people responsible for the release, and eliminate
	86	+the possibility of human errors or oversights causing changes to be accepted
	87	+into stable that will be a problem to merge back into master.
	88	+
	89	+By getting all fixes in master first, we improve the chances that a future
	90	+release will not present regressions against bugs that should already be fixed,
	91	+but the fixes got lost in a big, complicated merge (and those won't exist
	92	+anymore, at least not from stable branches to master).
	93	+
	94	+After a fix gets into master, backporting changes into a stable release branch
	95	+is the responsibility of whoever is maintaing that branch, and those interested
	96	+in it. The stable branch release manager(s) are entitled the final say on any
	97	+matters related to that branch.
	98	+
	99	+## Apendix A: how to become a committer
	100	+
	101	+Every developer that wants to be a committer should create [an issue on
	102	+Gitlab](https://gitlab.com/noosfero/noosfero/issues) requesting to be added as
	103	+a committer. This request must include information about the requestor's
	104	+previous contributions to the project.
	105	+
	106	+If 2 or more commiters consider second the request, the requestor is accepted
	107	+as new commiter and added to the Noosfero group.
	108	+
	109	+The existing committers are free to choose whatever criteria they want to
	110	+second the request, but they must be sure that the new committer is a
	111	+responsible developer and knows what she/he is doing. They must be aware that
	112	+seconding these requests means seconding the actions of the new committer: if
	113	+the new committer screw up, her/his seconds screwed up.
	114	+
	115	+## Apendix B: how to become a release manager
	116	+
	117	+A new release manager for the development version of Noosfero (i.e. the one
	118	+that includes new features, a.k.a. the master branch) is apointed by the
	119	+current release manager, and must be a committer first.
	120	+
	121	+Release managers for stable branches are self-appointed, i.e. whoever takes the
	122	+work takes the role. In case of a conflict (e.g. 2+ different people want to do
	123	+the work but can't agree on working together), the development release manager
	124	+decides.
...	...
1	1	source "https://rubygems.org"
2		-gem 'rails', '~> 3.2.19'
	2	+gem 'rails', '~> 3.2.21'
	3	+gem 'minitest', '~> 3.2.0'
3	4	gem 'fast_gettext', '~> 0.6.8'
4	5	gem 'acts-as-taggable-on', '~> 3.0.2'
5	6	gem 'prototype-rails', '~> 3.2.1'
...	...	@@ -18,6 +19,9 @@ gem 'rake', :require => false
18	19	gem 'rest-client', '~> 1.6.7'
19	20	gem 'exception_notification', '~> 4.0.1'
20	21	gem 'gettext', '~> 2.2.1', :require => false, :group => :development
	22	+gem 'locale', '~> 2.0.5'
	23	+
	24	+gem 'whenever', :require => false
21	25
22	26	# FIXME list here all actual dependencies (i.e. the ones in debian/control),
23	27	# with their GEM names (not the Debian package names)
...	...	@@ -40,8 +44,9 @@ group :cucumber do
40	44	gem 'selenium-webdriver', '~> 2.39.0'
41	45	end
42	46
43		-# include plugin gemfiles
44		-Dir.glob(File.join('config', 'plugins', '*')).each do \|plugin\|
45		- plugin_gemfile = File.join(plugin, 'Gemfile')
46		- eval File.read(plugin_gemfile) if File.exists?(plugin_gemfile)
	47	+# include gemfiles from enabled plugins
	48	+# plugins in baseplugins/ are not included on purpose. They should not have any
	49	+# dependencies.
	50	+Dir.glob('config/plugins/*/Gemfile').each do \|gemfile\|
	51	+ eval File.read(gemfile)
47	52	end
...	...
1		-Setup Noosfero to use HTTPS
2		-===========================
	1	+# Setup Noosfero to use HTTPS
3	2
4	3	This document assumes that you have a fully and clean Noosfero
5	4	installation as explained at the `INSTALL.md` file.
6	5
7		-SSL certificate
8		-+++++++++++++++
	6	+## Creating a self-signed SSL certificate
9	7
10	8	You should get a valid SSL certificate, but if you want to test
11	9	your setup before, you could generate a self-signed certificate
...	...	@@ -17,99 +15,106 @@ as below:
17	15	# openssl req -new -x509 -nodes -sha1 -days $[10*365] -key noosfero.key > noosfero.cert
18	16	# cat noosfero.key noosfero.cert > noosfero.pem
19	17
	18	+## Web server configuration
	19	+
20	20	There are two ways of using SSL with Noosfero: 1) If you are not using
21	21	Varnish; and 2) If you are using Varnish.
22	22
23		-1) If you are are not using Varnish
24		-+++++++++++++++++++++++++++++++++++
	23	+### 1) If you are are not using Varnish
25	24
26	25	Simply do a redirect in apache to force all connections with SSL:
27	26
28		- <VirtualHost *:8080>
29		- ServerName test.stoa.usp.br
30		-
31		- Redirect / https://example.com/
32		- </VirtualHost>
	27	+```
	28	+<VirtualHost *:8080>
	29	+ ServerName test.stoa.usp.br
	30	+ Redirect / https://example.com/
	31	+</VirtualHost>
	32	+```
33	33
34	34	And set a vhost to receive then:
35	35
36		- <VirtualHost *:443>
37		- ServerName example.com
38		-
39		- SSLEngine On
40		- SSLCertificateFile /etc/ssl/certs/cert.pem
41		- SSLCertificateKeyFile /etc/ssl/private/cert.key
42		-
43		- Include /etc/noosfero/apache/virtualhost.conf
44		- </VirtualHost>
	36	+```
	37	+<VirtualHost *:443>
	38	+ ServerName example.com
	39	+ SSLEngine On
	40	+ SSLCertificateFile /etc/ssl/certs/cert.pem
	41	+ SSLCertificateKeyFile /etc/ssl/private/cert.key
	42	+ Include /etc/noosfero/apache/virtualhost.conf
	43	+</VirtualHost>
	44	+```
45	45
46	46	Be aware that if you had configured varnish, the requests won't reach
47	47	it with this configuration.
48	48
49		-2) If you are using Varnish
50		-+++++++++++++++++++++++++++
51		-
52		-Varnish isn't able to communicate with the SSL protocol, so we will
53		-need some one who do this and Pound[1] can do the job. In order to
54		-install it in Debian based systems:
	49	+### 2) If you are using Varnish
55	50
56		- $ sudo apt-get install pound
	51	+Varnish isn't able to communicate with the SSL protocol, so we will need some
	52	+one else who do this and [Pound](http://www.apsis.ch/pound) can do the job. In
	53	+order to install it in Debian based systems:
57	54
58		-Set Varnish to listen in other port than 80:
	55	+```
	56	+$ sudo apt-get install pound
	57	+```
59	58
60		-/etc/defaults/varnish
61		----------------------
	59	+Set Varnish to listen in other port than 80 in `/etc/defaults/varnish`:
62	60
63		- DAEMON_OPTS="-a localhost:6081 \
64		- -T localhost:6082 \
65		- -f /etc/varnish/default.vcl \
66		- -S /etc/varnish/secret \
67		- -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
	61	+```
	62	+DAEMON_OPTS="-a localhost:6081 \
	63	+ -T localhost:6082 \
	64	+ -f /etc/varnish/default.vcl \
	65	+ -S /etc/varnish/secret \
	66	+ -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
	67	+```
68	68
69	69	Configure Pound:
70	70
71		- # cp /usr/share/noosfero/etc/pound.cfg /etc/pound/
72		-
73		-Edit /etc/pound.cfg and set the IP and domain of your server.
	71	+```
	72	+# cp /usr/share/noosfero/etc/pound.cfg /etc/pound/
	73	+```
74	74
75		-Configure Pound to start at system initialization:
	75	+Edit `/etc/pound.cfg` and set the IP and domain of your server.
76	76
77		-/etc/default/pound
	77	+Configure Pound to start at system initialization. At `/etc/default/pound`:
78	78	------------------
79	79
80		- startup=1
	80	+```
	81	+startup=1
	82	+```
81	83
82		-Set Apache to only listen to localhost:
	84	+Set Apache to only listen to localhost, at `/etc/apache2/ports.conf`:
83	85
84		-/etc/apache2/ports.conf
85		------------------------
86		-
87		- Listen 127.0.0.1:8080
	86	+```
	87	+Listen 127.0.0.1:8080
	88	+```
88	89
89	90	Restart the services:
90	91
91		- $ sudo service apache2 restart
92		- $ sudo service varnish restart
	92	+```
	93	+$ sudo service apache2 restart
	94	+$ sudo service varnish restart
	95	+```
93	96
94	97	Start pound:
95	98
96		- $ sudo service pound start
97		-
98		-[1] http://www.apsis.ch/pound
	99	+```
	100	+$ sudo service pound start
	101	+```
99	102
100		-Noosfero XMPP chat
101		-++++++++++++++++++
	103	+## Noosfero XMPP chat
102	104
103	105	If you want to use chat over HTTPS, then you should add the domain
104		-and IP of your server in the /etc/hosts file, example:
	106	+and IP of your server in the /etc/hosts file, example
105	107
106		-/etc/hosts
107		-----------
	108	+`/etc/hosts:`
108	109
109		- 192.168.1.86 mydomain.example.com
	110	+```
	111	+192.168.1.86 mydomain.example.com
	112	+```
110	113
111		-Also, it's recomended that you remove lines above from the file
	114	+Also, it's recomended that you remove the lines below from the file
112	115	`/etc/apache2/sites-enabled/noosfero`:
113	116
114		- RewriteEngine On
115		- Include /usr/share/noosfero/util/chat/apache/xmpp.conf
	117	+```
	118	+RewriteEngine On
	119	+Include /usr/share/noosfero/util/chat/apache/xmpp.conf
	120	+```
...	...
...	...	@@ -0,0 +1,29 @@
	1	+Using custom locales
	2	+====================
	3	+
	4	+Personalized translations go into the `config/custom_locales/` directory.
	5	+Custom locales can be identified by the rails environment, schema name in a
	6	+multitenancy setup or domain name until the first dot (e.g env1.coop.br for the
	7	+example below).
	8	+
	9	+Currently, the only filename prefix for the localization file which is
	10	+processed is "environment". For instance, a POT file would be called
	11	+"environment.pot".
	12	+
	13	+The structure of an environment named env1 with custom translations for both
	14	+Portuguese and Spanish and an environment named env2 with custom Russian
	15	+translation would be:
	16	+
	17	+ config/
	18	+ custom_locales/
	19	+ env1/
	20	+ environment.pot
	21	+ pt/
	22	+ environment.po
	23	+ es/
	24	+ environment.po
	25	+ env2/
	26	+ environment.pot
	27	+ ru/
	28	+ environment.po
	29	+
...	...
...	...	@@ -1,41 +0,0 @@
1		-* ruby-get-text incmopatible with rails3. Maybe we can use it's gem
2		-
3		-* all js code is inside miscellaneous.js. Would be nice to refactor this
4		-
5		-* rails 2 uses prototype instead of jquery
6		-
7		-* config/environment.rb maybe still have some code that should be on the initializers
8		-
9		-* initializers session_store.rb inflections.rb... don't exist
10		-
11		-* rails gems version have to be forced on Gemfile or it will use incompatible pre3vious versions (3.1.3)
12		-
13		-* Sweepers are now natively supported on Rails 3. Would be nice to refactor it
14		-
15		-* On Rails 3 it is no more possible to add allowed tags to avoid scape. The html_safe initializer is an option.
16		-
17		-* error when call sqlite_extensiosn
18		-
19		-* error related to action_tracker
20		-
21		-* check FIXME's in script/quick-start
22		-
23		-* check FIXME's in Gemfile
24		-
25		-* Check the FIXME in config/routes.rb
26		-
27		-* rewrite conditional routing. See FIXME in lib/route_if.rb and re-implement using the Rails 3 mechanism - http://guides.rubyonrails.org/routing.html#advanced-constraints
28		-
29		-* check FIXME's in config/environment.rb
30		-
31		-* xss_terminate sucks. We should replace it with the builtin mechanism in Rails 3
32		-
33		-* instance_eval on Ruby 1.9 yields self, so lambdas that are passed to instance_eval and do not accept exactly 1 argument will blow up. See http://www.ruby-forum.com/topic/213313 ... search for instance_eval and fix where necessary. In special, most of the blocks still need fixing.
34		-
35		-* all instances of <% *_form_for ... %> must be changed to <%= instead of <%
36		-
37		-* all ActiveRecord models have to declare explicitly which attributes must be allowed for mass assignment with attr_accessible.
38		-
39		-* check if we need to update config/locales/*
40		-
41		-* check observe_field and labelled_form_for in app/helpers/application_helper.rb
...	...	@@ -71,4 +71,22 @@ class AdminPanelController < AdminController
71	71	end
72	72	end
73	73	end
	74	+
	75	+ def manage_organizations_status
	76	+ scope = environment.organizations
	77	+ @filter = params[:filter] \|\| 'any'
	78	+ @title = "Organization profiles"
	79	+ @title = @title+" - "+@filter if @filter != 'any'
	80	+
	81	+ if @filter == 'enabled'
	82	+ scope = scope.visible
	83	+ elsif @filter == 'disabled'
	84	+ scope = scope.disabled
	85	+ end
	86	+
	87	+ scope = scope.order('name ASC')
	88	+
	89	+ @q = params[:q]
	90	+ @collection = find_by_contents(:organizations, scope, @q, {:per_page => 10, :page => params[:npage]})[:results]
	91	+ end
74	92	end
...	...
...	...	@@ -0,0 +1,5 @@
	1	+class PluginAdminController < AdminController
	2	+
	3	+ protect 'edit_environment_features', :environment
	4	+
	5	+end
...	...
...	...	@@ -33,7 +33,7 @@ class RegionValidatorsController < AdminController
33	33	def load_region_and_search
34	34	@region = environment.regions.find(params[:id])
35	35	if params[:search]
36		- @search = find_by_contents(:organizations, Organization, params[:search])[:results].reject {\|item\| @region.validator_ids.include?(item.id) }
	36	+ @search = find_by_contents(:organizations, environment, Organization, params[:search])[:results].reject {\|item\| @region.validator_ids.include?(item.id) }
37	37	end
38	38	end
39	39
...	...
...	...	@@ -40,8 +40,67 @@ class TemplatesController < AdminController
40	40	end
41	41	end
42	42
	43	+ def set_community_as_default
	44	+ begin
	45	+ community = environment.communities.find(params[:template_id])
	46	+ rescue ActiveRecord::RecordNotFound
	47	+ message = _('Community not found. The template could no be changed.')
	48	+ community = nil
	49	+ end
	50	+
	51	+ message = _('%s defined as default') % community.name if set_as_default(community)
	52	+ session[:notice] = message
	53	+
	54	+ redirect_to :action => 'index'
	55	+ end
	56	+
	57	+ def set_person_as_default
	58	+ begin
	59	+ person = environment.people.find(params[:template_id])
	60	+ rescue ActiveRecord::RecordNotFound
	61	+ message = _('Person not found. The template could no be changed.')
	62	+ person = nil
	63	+ end
	64	+
	65	+ message = _('%s defined as default') % person.name if set_as_default(person)
	66	+ session[:notice] = message
	67	+
	68	+ redirect_to :action => 'index'
	69	+ end
	70	+
	71	+ def set_enterprise_as_default
	72	+ begin
	73	+ enterprise = environment.enterprises.find(params[:template_id])
	74	+ rescue ActiveRecord::RecordNotFound
	75	+ message = _('Enterprise not found. The template could no be changed.')
	76	+ enterprise = nil
	77	+ end
	78	+
	79	+ message = _('%s defined as default') % enterprise.name if set_as_default(enterprise)
	80	+ session[:notice] = message
	81	+
	82	+ redirect_to :action => 'index'
	83	+ end
	84	+
43	85	private
44	86
	87	+ def set_as_default(obj)
	88	+ return nil if obj.nil?
	89	+ case obj.class.name
	90	+ when 'Community' then
	91	+ environment.community_default_template = obj
	92	+ environment.save!
	93	+ when 'Person' then
	94	+ environment.person_default_template = obj
	95	+ environment.save!
	96	+ when 'Enterprise' then
	97	+ environment.enterprise_default_template = obj
	98	+ environment.save!
	99	+ else
	100	+ nil
	101	+ end
	102	+ end
	103	+
45	104	def create_organization_template(klass)
46	105	identifier = params[:name].to_slug
47	106	template = klass.new(:name => params[:name], :identifier => identifier, :is_template => true)
...	...