Merge branch 'master' into field-of-interest

Caio Almeida
2 parents cdd1f702 733814ea
Showing 310 changed files with 2575 additions and 1519 deletions Show diff stats
app/api/entities.rb
app/api/helpers.rb
app/api/v1/activities.rb
app/api/v1/articles.rb
app/api/v1/boxes.rb
app/api/v1/comments.rb
app/api/v1/profiles.rb
app/concerns/authenticated_system.rb
app/controllers/application_controller.rb
app/controllers/my_profile/profile_themes_controller.rb
app/controllers/public/content_viewer_controller.rb
app/helpers/application_helper.rb
app/helpers/article_helper.rb
app/helpers/boxes_helper.rb
app/helpers/buttons_helper.rb
app/helpers/custom_fields_helper.rb
app/helpers/theme_loader_helper.rb
app/helpers/url_helper.rb
app/helpers/users_helper.rb
app/jobs/download_reported_images_job.rb
@@ -93,7 +93,9 @@ module Api
     class Box < Entity
       root 'boxes', 'box'
       expose :id, :position
-      expose :blocks, :using => Block
+      expose :blocks, :using => Block do |box, options|
+        box.blocks.select {|block| block.visible_to_user?(options[:current_person]) }
+      end
     end
  
     class Profile < Entity
@@ -200,12 +202,21 @@ module Api
       expose :accept_comments?, as: :accept_comments
     end
  
+    def self.permissions_for_entity(entity, current_person, *method_names)
+      method_names.map { |method| entity.send(method, current_person) ? method.to_s.gsub(/\?/,'') : nil }.compact
+    end
+
     class Article < ArticleBase
       root 'articles', 'article'
       expose :parent, :using => ArticleBase
       expose :children, :using => ArticleBase do |article, options|
         article.children.published.limit(V1::Articles::MAX_PER_PAGE)
       end
+      expose :permissions do |article, options|
+        Entities.permissions_for_entity(article, options[:current_person],
+          :allow_edit?, :allow_post_content?, :allow_delete?, :allow_create?,
+          :allow_publish_content?)
+      end
     end
  
     class User < Entity
@@ -121,7 +121,7 @@ module Api
  
     def present_article(asset)
       article = find_article(asset.articles, params[:id])
-      present_partial article, :with => Entities::Article, :params => params
+      present_partial article, with: Entities::Article, params: params, current_person: current_person
     end
  
     def present_articles_for_asset(asset, method = 'articles')
@@ -130,7 +130,7 @@ module Api
     end
  
     def present_articles(articles)
-      present_partial paginate(articles), :with => Entities::Article, :params => params
+      present_partial paginate(articles), :with => Entities::Article, :params => params, current_person: current_person
     end
  
     def find_articles(asset, method = 'articles')
@@ -407,9 +407,11 @@ module Api
  
     def parse_content_type(content_type)
       return nil if content_type.blank?
-      content_type.split(',').map do |content_type|
-        content_type.camelcase
+      content_types = content_type.split(',').map do |content_type|
+        content_type = content_type.camelcase
+        content_type == 'TextArticle' ? Article.text_article_types : content_type
       end
+      content_types.flatten.uniq
     end
  
     def period(from_date, until_date)
 module Api
   module V1
     class Activities < Grape::API
-      before { authenticate! }
  
       resource :profiles do
  
@@ -9,7 +8,7 @@ module Api
           profile = Profile.find_by id: params[:id]
  
           not_found! if profile.blank? || profile.secret || !profile.visible
-          forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person)
+          forbidden! if !profile.display_private_info_to?(current_person)
  
           activities = profile.activities.map(&:activity)
           present activities, :with => Entities::Activity, :current_person => current_person
@@ -54,6 +54,17 @@ module Api
           present_partial article, :with => Entities::Article
         end
  
+        delete ':id' do
+          article = environment.articles.find(params[:id])
+          return forbidden! unless article.allow_delete?(current_person)
+          begin
+            article.destroy
+            { :success => true }
+          rescue Exception => exception
+            render_api_error!(_('The article couldn\'t be removed due to some problem. Please contact the administrator.'), 400)
+          end          
+        end
+
         desc 'Report a abuse and/or violent content in a article by id' do
           detail 'Submit a abuse (in general, a content violation) report about a specific article'
           params Entities::Article.documentation
@@ -262,7 +273,7 @@ module Api
                     article = forbidden!
                   end
  
-                  present_partial article, :with => Entities::Article
+                  present_partial article, :with => Entities::Article, current_person: current_person
                 else
  
                   present_articles_for_asset(profile)
@@ -12,7 +12,8 @@ module Api
             resource :boxes do
               get do
                 profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
-                present profile.boxes, :with => Entities::Box
+                return forbidden! unless profile.display_info_to?(current_person)
+                present profile.boxes, with: Entities::Box, current_person: current_person
               end
             end
           end
@@ -32,7 +33,7 @@ module Api
                 else
                   env = Environment.find(params[:environment_id])
                 end
-                present env.boxes, :with => Entities::Box
+                present env.boxes, with: Entities::Box, current_person: current_person
               end
             end
           end
@@ -34,6 +34,7 @@ module Api
         post ":id/comments" do
           authenticate!
           article = find_article(environment.articles, params[:id])
+          return forbidden! unless article.accept_comments?
           options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article)
           begin
             comment = Comment.create!(options)
@@ -42,6 +43,19 @@ module Api
           end
           present comment, :with => Entities::Comment, :current_person => current_person
         end
+
+        delete ":id/comments/:comment_id" do
+          article = find_article(environment.articles, params[:id])
+          comment = article.comments.find_by_id(params[:comment_id])
+          return not_found! if comment.nil?
+          return forbidden! unless comment.can_be_destroyed_by?(current_person)
+          begin
+            comment.destroy
+            present comment, with: Entities::Comment, :current_person => current_person
+          rescue => e
+            render_api_error!(e.message, 500)
+          end
+        end
       end
  
     end
@@ -22,6 +22,15 @@ module Api
             not_found!
           end
         end
+        
+        desc "Update profile information"
+        post ':id' do
+          authenticate!
+          profile = environment.profiles.find_by(id: params[:id])
+          return forbidden! unless current_person.has_permission?(:edit_profile, profile)
+          profile.update_attributes!(params[:profile])
+          present profile, :with => Entities::Profile, :current_person => current_person
+        end
  
         delete ':id' do
           authenticate!
@@ -0,0 +1,169 @@
+module AuthenticatedSystem
+
+  protected
+
+    extend ActiveSupport::Concern
+
+    included do
+      if self < ActionController::Base
+        around_filter :user_set_current
+        before_filter :override_user
+        before_filter :login_from_cookie
+      end
+
+      # Inclusion hook to make #current_user and #logged_in?
+      # available as ActionView helper methods.
+      helper_method :current_user, :logged_in?
+    end
+
+    # Returns true or false if the user is logged in.
+    # Preloads @current_user with the user model if they're logged in.
+    def logged_in?
+      current_user != nil
+    end
+
+    # Accesses the current user from the session.
+    def current_user user_id = session[:user]
+      @current_user ||= begin
+        user = User.find_by id: user_id if user_id
+        user.session = session if user
+        User.current = user
+        user
+      end
+    end
+
+    # Store the given user in the session.
+    def current_user=(new_user)
+      if new_user.nil?
+        session.delete(:user)
+      else
+        session[:user] = new_user.id
+        new_user.session = session
+        new_user.register_login
+      end
+      @current_user = User.current = new_user
+    end
+
+    # See impl. from http://stackoverflow.com/a/2513456/670229
+    def user_set_current
+      User.current = current_user
+      yield
+    ensure
+      # to address the thread variable leak issues in Puma/Thin webserver
+      User.current = nil
+    end
+
+    # Check if the user is authorized.
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the user
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorize?
+    #    current_user.login != "bob"
+    #  end
+    def authorized?
+      true
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      username, passwd = get_auth_data
+      if username && passwd
+        self.current_user ||= User.authenticate(username, passwd) || nil
+      end
+      if logged_in? && authorized?
+        true
+      else
+        if params[:require_login_popup]
+          render :json => { :require_login_popup => true }
+        else
+          access_denied
+        end
+      end
+    end
+
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the user is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |accepts|
+        accepts.html do
+          if request.xhr?
+            render :text => _('Access denied'), :status => 401
+          else
+            store_location
+            redirect_to :controller => '/account', :action => 'login'
+          end
+        end
+        accepts.xml do
+          headers["Status"]           = "Unauthorized"
+          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+          render :text => "Could't authenticate you", :status => '401 Unauthorized'
+        end
+      end
+      false
+    end
+
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location(location = request.url)
+      session[:return_to] = location
+    end
+
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      if session[:return_to]
+        redirect_to(session.delete(:return_to))
+      else
+        redirect_to(default)
+      end
+    end
+
+    def override_user
+      return if params[:override_user].blank?
+      return unless logged_in? and user.is_admin? environment
+      @current_user = nil
+      current_user params[:override_user]
+    end
+
+    # When called with before_filter :login_from_cookie will check for an :auth_token
+    # cookie and log the user back in if apropriate
+    def login_from_cookie
+      return if cookies[:auth_token].blank? or logged_in?
+      user = User.where(remember_token: cookies[:auth_token]).first
+      self.current_user = user if user and user.remember_token?
+    end
+
+  private
+    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+    # gets BASIC auth info
+    def get_auth_data
+      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
+    end
+end
@@ -13,6 +13,13 @@ class ApplicationController &lt; ActionController::Base
   before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
   before_filter :redirect_to_current_user
  
+  before_filter :set_session_theme
+  def set_session_theme
+    if params[:theme]
+      session[:theme] = environment.theme_ids.include?(params[:theme]) ? params[:theme] : nil
+    end
+  end
+
   def require_login_for_environment
     login_required
   end
@@ -63,12 +63,12 @@ class ProfileThemesController &lt; ThemesController
   end
  
   def start_test
-    session[:theme] = params[:id]
+    session[:user_theme] = params[:id]
     redirect_to :controller => 'content_viewer', :profile => profile.identifier, :action => 'view_page'
   end
  
   def stop_test
-    session[:theme] = nil
+    session[:user_theme] = nil
     redirect_to :action => 'index'
   end
  
@@ -209,7 +209,7 @@ class ContentViewerController &lt; ApplicationController
       end
  
       if @page.published && @page.uploaded_file?
-        redirect_to @page.public_filename
+        redirect_to "#{Noosfero.root}#{@page.public_filename}"
       else
         send_data data, @page.download_headers
       end
@@ -233,13 +233,6 @@ module ApplicationHelper
     link_to(content_tag('span', text), url, html_options.merge(:class => the_class, :title => text))
   end
  
-  def button_bar(options = {}, &block)
-    options[:class].nil? ?
-      options[:class]='button-bar' :
-      options[:class]+=' button-bar'
-    concat(content_tag('div', capture(&block).to_s + tag('br', :style => 'clear: left;'), options))
-  end
-
   def render_profile_actions klass
     name = klass.to_s.underscore
     begin
@@ -351,7 +344,7 @@ module ApplicationHelper
   end
  
   def is_testing_theme
-    !controller.session[:theme].nil?
+    !controller.session[:user_theme].nil?
   end
  
   def theme_owner
@@ -600,8 +593,8 @@ module ApplicationHelper
     end
  
     if block
-      field_html ||= ''
-      field_html += capture(&block)
+      field_html ||= ''.html_safe
+      field_html   = [field_html, capture(&block)].safe_join
     end
  
     if controller.action_name == 'signup' || controller.action_name == 'new_community' || (controller.controller_name == "enterprise_registration" && controller.action_name == 'index') || (controller.controller_name == 'home' && controller.action_name == 'index' && user.nil?)
@@ -610,7 +603,9 @@ module ApplicationHelper
       end
     else
       if profile.active_fields.include?(name)
-        result = content_tag('div', field_html + profile_field_privacy_selector(profile, name), :class => 'field-with-privacy-selector')
+        result = content_tag :div, class: 'field-with-privacy-selector' do
+          [field_html, profile_field_privacy_selector(profile, name)].safe_join
+        end
       end
     end
  
@@ -618,10 +613,6 @@ module ApplicationHelper
       result = required(result)
     end
  
-    if block
-      concat(result)
-    end
-
     result
   end
  
@@ -866,7 +857,7 @@ module ApplicationHelper
   alias :browse_communities_menu :search_communities_menu
  
   def pagination_links(collection, options={})
-    options = {:previous_label => content_tag(:span, '&laquo; ', :class => 'previous-arrow') + _('Previous'), :next_label => _('Next') + content_tag(:span, ' &raquo;', :class => 'next-arrow'), :inner_window => 1, :outer_window => 0 }.merge(options)
+    options = {:previous_label => content_tag(:span, '&laquo; '.html_safe, :class => 'previous-arrow') + _('Previous'), :next_label => _('Next') + content_tag(:span, ' &raquo;'.html_safe, :class => 'next-arrow'), :inner_window => 1, :outer_window => 0 }.merge(options)
     will_paginate(collection, options)
   end
  
@@ -988,6 +979,7 @@ module ApplicationHelper
     values = {}
     values.merge!(task.information[:variables]) if task.information[:variables]
     values.merge!({:requestor => link_to(task.requestor.name, task.requestor.url)}) if task.requestor
+    values.merge!({:target => link_to(task.target.name, task.target.url)}) if (task.target && task.target.respond_to?(:url))
     values.merge!({:subject => content_tag('span', task.subject, :class=>'task_target')}) if task.subject
     values.merge!({:linked_subject => link_to(content_tag('span', task.linked_subject[:text], :class => 'task_target'), task.linked_subject[:url])}) if task.linked_subject
     (task.information[:message] % values).html_safe
@@ -1138,7 +1130,7 @@ module ApplicationHelper
     content_tag(:div, :class => 'errorExplanation', :id => 'errorExplanation') do
       content_tag(:h2, _('Errors while saving')) +
       content_tag(:ul) do
-        safe_join(errors.map { |err| content_tag(:li, err) })
+        safe_join(errors.map { |err| content_tag(:li, err.html_safe) })
       end
     end
   end
@@ -187,9 +187,9 @@ module ArticleHelper
   def following_button(page, user)
     if !user.blank? and user != page.author
       if page.is_followed_by? user
-        button :cancel, unfollow_button_text(page), {:controller => 'profile', :action => 'unfollow_article', :article_id => page.id, :profile => page.profile.identifier}
+        button :cancel, unfollow_button_text(page), {controller: :profile, profile: page.profile.identifier, action: :unfollow_article, article_id: page.id}
       else
-        button :add, follow_button_text(page), {:controller => 'profile', :action => 'follow_article', :article_id => page.id, :profile => page.profile.identifier}
+        button :add, follow_button_text(page), {controller: :profile, profile: page.profile.identifier, action: :follow_article, article_id: page.id}
       end
     end
   end
@@ -99,15 +99,10 @@ module BoxesHelper
   end
  
   def render_block_content block
-    # FIXME: this conditional should be removed after all
-    # block footer from plugins methods get refactored into helpers and views.
-    # They are a failsafe until all of them are done.
-    return block.content if block.method(:content).owner != Block
     render_block block
   end
  
   def render_block_footer block
-    return block.footer if block.method(:footer).owner != Block
     render_block block, 'footers/'
   end
  
 module ButtonsHelper
+
+  def button_bar(options = {}, &block)
+    options[:class] ||= ''
+    options[:class] << ' button-bar'
+
+    content_tag :div, options do
+      [
+        capture(&block).to_s,
+        tag(:br, style: 'clear: left;'),
+      ].safe_join
+    end
+  end
+
   def button(type, label, url, html_options = {})
     html_options ||= {}
     the_class = 'with-text'
@@ -61,6 +61,6 @@ module CustomFieldsHelper
  
   def form_for_format(customized_type, format)
     field = CustomField.new(:format => format, :customized_type => customized_type, :environment => environment)
-    CGI::escapeHTML((render(:partial => 'features/custom_fields/form', :locals => {:field => field})))
+    CGI::escapeHTML((render(:partial => 'features/custom_fields/form', :locals => {:field => field}))).html_safe
   end
 end
@@ -2,8 +2,8 @@ module ThemeLoaderHelper
   def current_theme
     @current_theme ||=
       begin
-        if session[:theme]
-          session[:theme]
+        if session[:user_theme]
+          session[:user_theme]
         else
           # utility for developers: set the theme to 'random' in development mode and
           # you will get a different theme every request. This is interesting for
@@ -11,8 +11,8 @@ module ThemeLoaderHelper
           if Rails.env.development? && environment.theme == 'random'
             @random_theme ||= Dir.glob('public/designs/themes/*').map { |f| File.basename(f) }.rand
             @random_theme
-          elsif Rails.env.development? && respond_to?(:params) && params[:theme] && File.exists?(Rails.root.join('public/designs/themes', params[:theme]))
-            params[:theme]
+          elsif Rails.env.development? && respond_to?(:params) && params[:user_theme] && File.exists?(Rails.root.join('public/designs/themes', params[:user_theme]))
+            params[:user_theme]
           else
             if profile && !profile.theme.nil?
               profile.theme
@@ -34,8 +34,10 @@ module ThemeLoaderHelper
   end
  
   def theme_path
-    if session[:theme]
+    if session[:user_theme]
       '/user_themes/' + current_theme
+    elsif session[:theme]
+      '/designs/themes/' + session[:theme]
     else
       '/designs/themes/' + current_theme
     end
@@ -4,4 +4,12 @@ module UrlHelper
     'javascript:history.back()'
   end
  
+  def default_url_options
+    options = {}
+
+    options[:override_user] = params[:override_user] if params[:override_user].present?
+
+    options
+  end
+
 end
 module UsersHelper
  
-  FILTER_TRANSLATION = {
+  def filter_translation
+    {
       'all_users' => _('All users'),
       'admin_users' => _('Admin users'),
       'activated_users' => _('Activated users'),
       'deactivated_users' => _('Deativated users'),
-  }
+    }
+  end
  
   def filter_selector(filter, float = 'right')
-    options = options_for_select(FILTER_TRANSLATION.map {|key, name| [name, key]}, :selected => filter)
+    options = options_for_select(filter_translation.map {|key, name| [name, key]}, :selected => filter)
     url_params = url_for(params.merge(:filter => 'FILTER'))
     onchange = "document.location.href = '#{url_params}'.replace('FILTER', this.value)"
     select_field = select_tag(:filter, options, :onchange => onchange)
@@ -19,7 +21,7 @@ module UsersHelper
   end
  
   def users_filter_title(filter)
-    FILTER_TRANSLATION[filter]
+    filter_translation[filter]
   end
  
 end
@@ -0,0 +1,27 @@
+class DownloadReportedImagesJob < Struct.new(:abuse_report, :article)
+  def perform
+    images_paths = article.image? ? [File.join(article.profile.environment.top_url, article.public_filename(:display))] : article.body_images_paths
+    images_paths.each do |image_path|
+      image = get_image(image_path)
+      reported_image = ReportedImage.create!( :abuse_report => abuse_report,
+                                              :uploaded_data => image,
+                                              :filename => File.basename(image_path),
+                                              :size => image.size )
+      abuse_report.content = parse_content(abuse_report, image_path, reported_image)
+    end
+    abuse_report.save!
+  end
+
+  def get_image(image_path)
+    image = ActionController::UploadedTempfile.new('reported_image')
+    image.write(Net::HTTP.get(URI.parse(image_path)))
+    image.original_path = 'tmp/' + File.basename(image_path)
+    image.content_type = 'image/' + File.extname(image_path).gsub('.','')
+    image
+  end
+
+  def parse_content(report, old_path, image)
+    old_path = old_path.gsub(report.reporter.environment.top_url, '')
+    report.content.gsub(/#{old_path}/, image.public_filename)
+  end
+end
@@ -0,0 +1,11 @@
+class GetEmailContactsJob < Struct.new(:import_from, :login, :password, :contact_list_id)
+  def perform
+    begin
+      Invitation.get_contacts(import_from, login, password, contact_list_id)
+    rescue Contacts::AuthenticationError => ex
+      ContactList.exists?(contact_list_id) && ContactList.find(contact_list_id).register_auth_error
+    rescue Exception => ex
+      ContactList.exists?(contact_list_id) && ContactList.find(contact_list_id).register_error
+    end
+  end
+end
@@ -0,0 +1,10 @@
+class InvitationJob < Struct.new(:person_id, :contacts_to_invite, :message, :profile_id, :contact_list_id, :locale)
+  def perform
+    Noosfero.with_locale(locale) do
+      person = Person.find(person_id)
+      profile = Profile.find(profile_id)
+      Invitation.invite(person, contacts_to_invite, message, profile)
+      ContactList.exists?(contact_list_id) && ContactList.find(contact_list_id).destroy
+    end
+  end
+end
@@ -0,0 +1,22 @@
+class LogMemoryConsumptionJob < Struct.new(:last_stat)
+  # Number of entries do display
+  N = 20
+
+  def perform
+    logpath = File.join(Rails.root, 'log', "#{ENV['RAILS_ENV']}_memory_consumption.log")
+    logger = Logger.new(logpath)
+    stats = Hash.new(0)
+    ObjectSpace.each_object {|o| stats[o.class.to_s] += 1}
+    i = 1
+
+    logger << "[#{Time.now.strftime('%F %T %z')}]\n"
+    stats.sort {|(k1,v1),(k2,v2)| v2 <=> v1}.each do |k,v|
+      logger << (sprintf "%-60s %10d", k, v)
+      logger << (sprintf " | delta %10d", (v - last_stat[k])) if last_stat && last_stat[k]
+      logger << "\n"
+      break if i > N
+      i += 1
+    end
+    logger << "\n"
+  end
+end
@@ -0,0 +1,8 @@
+class MailingJob < Struct.new(:mailing_id)
+  def perform
+    mailing = Mailing.find(mailing_id)
+    Noosfero.with_locale(mailing.locale) do
+      mailing.deliver
+    end
+  end
+end
@@ -0,0 +1,44 @@
+class NotifyActivityToProfilesJob < Struct.new(:tracked_action_id)
+  NOTIFY_ONLY_COMMUNITY = [
+    'add_member_in_community'
+  ]
+
+  NOT_NOTIFY_COMMUNITY = [
+    'join_community'
+  ]
+  def perform
+    return unless ActionTracker::Record.exists?(tracked_action_id)
+    tracked_action = ActionTracker::Record.find(tracked_action_id)
+    return unless tracked_action.user.present?
+    target = tracked_action.target
+    if target.is_a?(Community) && ( NOTIFY_ONLY_COMMUNITY.include?(tracked_action.verb) || ! target.public_profile )
+      ActionTrackerNotification.create(:profile_id => target.id, :action_tracker_id => tracked_action.id)
+      return
+    end
+
+    # Notify the user
+    ActionTrackerNotification.create(:profile_id => tracked_action.user.id, :action_tracker_id => tracked_action.id)
+
+    # Notify all friends
+    ActionTrackerNotification.connection.execute("insert into action_tracker_notifications(profile_id, action_tracker_id) select f.friend_id, #{tracked_action.id} from friendships as f where person_id=#{tracked_action.user.id} and f.friend_id not in (select atn.profile_id from action_tracker_notifications as atn where atn.action_tracker_id = #{tracked_action.id})")
+
+    if tracked_action.user.is_a? Organization
+      ActionTrackerNotification.connection.execute "insert into action_tracker_notifications(profile_id, action_tracker_id) " +
+      "select distinct accessor_id, #{tracked_action.id} from role_assignments where resource_id = #{tracked_action.user.id} and resource_type='Profile' " +
+      if tracked_action.user.is_a? Enterprise then "union select distinct person_id, #{tracked_action.id} from favorite_enterprise_people where enterprise_id = #{tracked_action.user.id}" else "" end
+    end
+
+    if target.is_a?(Community)
+      ActionTrackerNotification.create(:profile_id => target.id, :action_tracker_id => tracked_action.id) unless NOT_NOTIFY_COMMUNITY.include?(tracked_action.verb)
+
+      ActionTrackerNotification.connection.execute("insert into action_tracker_notifications(profile_id, action_tracker_id) select distinct profiles.id, #{tracked_action.id} from role_assignments, profiles where profiles.type = 'Person' and profiles.id = role_assignments.accessor_id and profiles.id != #{tracked_action.user.id} and profiles.id not in (select atn.profile_id from action_tracker_notifications as atn where atn.action_tracker_id = #{tracked_action.id}) and role_assignments.resource_type = 'Profile' and role_assignments.resource_id = #{target.id}")
+    end
+
+    if target.is_a?(Article) && target.profile.is_a?(Community)
+      ActionTrackerNotification.create(:profile_id => target.profile.id, :action_tracker_id => tracked_action.id) unless NOT_NOTIFY_COMMUNITY.include?(tracked_action.verb)
+
+      ActionTrackerNotification.connection.execute("insert into action_tracker_notifications(profile_id, action_tracker_id) select distinct profiles.id, #{tracked_action.id} from role_assignments, profiles where profiles.type = 'Person' and profiles.id = role_assignments.accessor_id and profiles.id != #{tracked_action.user.id} and profiles.id not in (select atn.profile_id from action_tracker_notifications as atn where atn.action_tracker_id = #{tracked_action.id}) and role_assignments.resource_type = 'Profile' and role_assignments.resource_id = #{target.profile.id}")
+    end
+
+  end
+end
@@ -0,0 +1,22 @@
+class ProfileSuggestionsJob < Struct.new(:person_id)
+
+  def self.exists?(person_id)
+    !find(person_id).empty?
+  end
+
+  def self.find(person_id)
+    Delayed::Job.by_handler("--- !ruby/struct:ProfileSuggestionsJob\nperson_id: #{person_id}\n")
+  end
+
+  def perform
+    logger = Delayed::Worker.logger
+    begin
+      person = Person.find(person_id)
+      ProfileSuggestion.calculate_suggestions(person)
+      UserMailer.profiles_suggestions_email(person).deliver if person.email_suggestions
+    rescue Exception => exception
+      logger.error("Error with suggestions for person ID %d: %s" % [person_id, exception.to_s])
+    end
+  end
+
+end
@@ -0,0 +1,6 @@
+class UserActivationJob < Struct.new(:user_id)
+  def perform
+    user = User.find(user_id)
+    user.destroy unless user.activated? || user.person.is_template? || user.moderate_registration_pending?
+  end
+end
@@ -37,6 +37,10 @@ class AddMember &lt; Task
     true
   end
  
+  def reject_details
+    true
+  end
+
   def footer
     true
   end
@@ -72,8 +76,9 @@ class AddMember &lt; Task
   end
  
   def task_cancelled_message
-    _("Your request to enter community \"%{target} with the profile \"%{requestor}\" was not accepted. Please contact any profile admin from %{url} for more information.") %
-    {:target => self.target.name, :url => self.target.url,
-     :requestor => self.requestor.name}
+    _("Your request to enter community \"%{target}\" with the profile \"%{requestor}\" was not accepted. Please contact any profile admin from %{target} for more information. The following explanation was given: \n\n\"%{explanation}\"") %
+    {:target => self.target.name,
+     :requestor => self.requestor.name,
+     :explanation => self.reject_explanation}
   end
 end
@@ -29,6 +29,8 @@ class Article &lt; ApplicationRecord
     :display => %w[full]
   }
  
+  N_('article')
+
   def initialize(*params)
     super
     if params.present? && params.first.present?
@@ -181,30 +181,6 @@ class Block &lt; ApplicationRecord
     "/images/block_preview.png"
   end
  
-  # Returns the content to be used for this block.
-  #
-  # This method can return several types of objects:
-  #
-  # * <tt>String</tt>: if the string starts with <tt>http://</tt> or <tt>https://</tt>, then it is assumed to be address of an IFRAME. Otherwise it's is used as regular HTML.
-  # * <tt>Hash</tt>: the hash is used to build an URL that is used as the address for a IFRAME.
-  # * <tt>Proc</tt>: the Proc is evaluated in the scope of BoxesHelper. The
-  # block can then use <tt>render</tt>, <tt>link_to</tt>, etc.
-  #
-  # The method can also return <tt>nil</tt>, which means "no content".
-  #
-  # See BoxesHelper#extract_block_content for implementation details.
-  def content(args={})
-    "This is block number %d" % self.id
-  end
-
-  # A footer to be appended to the end of the block. Returns <tt>nil</tt>.
-  #
-  # Override in your subclasses. You can return the same types supported by
-  # #content.
-  def footer
-    nil
-  end
-
   # Is this block editable? (Default to <tt>true</tt>)
   def editable?(user=nil)
     self.edit_modes == "all"
-class CommentHandler < Struct.new(:comment_id, :method)
+class CommentHandler < Struct.new(:comment_id, :method, :locale)
+  def initialize(*args)
+    super
+    self.locale ||= FastGettext.locale
+  end
  
   def perform
+    saved_locale = FastGettext.locale
+    FastGettext.locale = locale
+
     comment = Comment.find(comment_id)
     comment.send(method)
+    FastGettext.locale = saved_locale
   rescue ActiveRecord::RecordNotFound
     # just ignore non-existing comments
   end
@@ -9,7 +9,7 @@ class Community &lt; Organization
     _('Community')
   end
  
-  N_('Community')
+  N_('community')
   N_('Language')
  
   settings_items :language
@@ -12,7 +12,7 @@ class Enterprise &lt; Organization
     _('Enterprise')
   end
  
-  N_('Enterprise')
+  N_('enterprise')
  
   acts_as_trackable after_add: proc{ |p, t| notify_activity t }
  
@@ -750,6 +750,10 @@ class Environment &lt; ApplicationRecord
     end
   end
  
+  def theme_ids
+    settings[:themes] || []
+  end
+
   def themes=(values)
     settings[:themes] = values
   end
@@ -81,10 +81,8 @@ class LinkListBlock &lt; Block
     end
   end
  
-  def icons_options
-    ICONS.map do |i|
-      "<span title=\"#{i[1]}\" class=\"icon-#{i[0]}\" onclick=\"changeIcon(this, '#{i[0]}')\"></span>".html_safe
-    end
+  def icons
+    ICONS
   end
  
 end
@@ -234,4 +234,7 @@ class Organization &lt; Profile
     self.admins.where(:id => user.id).exists?
   end
  
+  def display_private_info_to?(user)
+    (public_profile && visible && !secret) || super
+  end
 end
@@ -13,6 +13,8 @@ class Person &lt; Profile
     _('Person')
   end
  
+  N_('person')
+
   acts_as_trackable :after_add => Proc.new {|p,t| notify_activity(t)}
   acts_as_accessor
  
@@ -82,7 +82,7 @@ class PersonNotifier
     helper ActionTrackerHelper
  
     def session
-      {:theme => nil}
+      {:user_theme => nil}
     end
  
     def content_summary(person, notifications, tasks)
@@ -11,7 +11,7 @@
   <%= hidden_field_tag :terms_accepted, params[:terms_accepted] %>
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= submit_button( 'login', _('Log in') )%>
   <%= modal_close_button _('Cancel') if request.xhr? %>
 <% end %>
@@ -20,7 +20,7 @@
     <%= hidden_field_tag :answer, params[:answer] %>
  
     <%= labelled_check_box(environment.terms_of_use_acceptance_text.blank? ? _('I read the terms of use and accepted them') : environment.terms_of_use_acceptance_text, :terms_accepted, '1', false, :id => 'accept-terms') %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button 'cancel', _('Cancel'), :controller => 'home', :action => 'index' %>
       <%= submit_button 'forward', _('Continue'), {:disabled => true, :class => 'disabled', :id => 'submit-accept-terms'} %>
     <% end %>
@@ -24,7 +24,7 @@
  
 <div class='activation-box'>
   <h2><%= _('Enterprise activation') + ' - ' + (logged_in? ? _('part 1 of 2') : _('part 1 of 3')) %></h2>
-  <%= form_tag( {:action => 'accept_terms'}, {:method => 'get', :onsubmit => (@question == :foundation_year ? 'return check_valid_year(this)' : 'return check_valid_cnpj(this)')}) do %> 
+  <%= form_tag( {:action => 'accept_terms'}, {:method => 'get', :onsubmit => (@question == :foundation_year ? 'return check_valid_year(this)' : 'return check_valid_cnpj(this)')}) do %>
  
   <p>  <strong><%= _('Pay atention! You have only one chance!') %></strong> </p>
  
@@ -34,7 +34,7 @@
  
     <%= hidden_field_tag :enterprise_code, params[:enterprise_code] %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button 'cancel', _('Cancel'), :action => 'index' %>
       <%= submit_button 'forward', _('Continue') %>
     <% end %>
@@ -9,7 +9,7 @@
   <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %>
  
   <div>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button('send', _('Send instructions')) %>
     <% end %>
   </div>
@@ -22,7 +22,7 @@
  
      <%= safe_join(@plugins.dispatch(:login_extra_contents).collect { |content| instance_exec(&content) }, "") %>
  
-     <% button_bar do %>
+     <%= button_bar do %>
        <%= submit_button( 'login', _('Log in') )%>
        <% if is_popin %>
          <%= modal_close_button(_('Cancel')) %>
@@ -31,7 +31,7 @@
  
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
     <%= button :add, _("New user"), :controller => 'account', :action => 'signup' %>
   <% end %>
@@ -17,7 +17,7 @@
  
       <%= safe_join(@plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }, "") %>
  
-      <% button_bar do %>
+      <%= button_bar do %>
         <%= submit_button( 'login', _('Log in') )%>
         <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
           <%= button(:add, _('New user'), { :controller => 'account', :action => 'signup' }) %>
 <h2><%= _('Are you sure you want to get out?') %></h2>
 <p>
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :ok, _('Yes'), { :controller => 'account', :action => 'logout' } %>
   <%= modal_close_button _('No, I want to stay.') %>
 <% end %>
@@ -10,7 +10,7 @@
  
   <%= labelled_form_field(_('Enter new password'), (f.password_field :password)) %>
   <%= labelled_form_field(_('Confirm the new password'), (f.password_field :password_confirmation)) %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:ok, _('Change password')) %>
   <% end %>
  
@@ -3,8 +3,8 @@
  
   <%= _('%s was successfuly activated. Now you may go to your control panel or to the control panel of your enterprise') % @enterprise.name %>
  
-  <% button_bar do %>
-    <%= button 'forward', _('Go to my control panel'), :action => 'index', :controller => 'profile_editor', :profile => current_user.person.identifier %> 
+  <%= button_bar do %>
+    <%= button 'forward', _('Go to my control panel'), :action => 'index', :controller => 'profile_editor', :profile => current_user.person.identifier %>
     <%= button 'forward', _('Go to my enterprise control panel') % @enterprise.name, :action => 'index', :controller => 'profile_editor', :profile => @enterprise.identifier %>
   <% end %>
 <% end %>
@@ -6,7 +6,7 @@
  
   <%= f.text_area :message_for_disabled_enterprise, :cols => 40, :style => 'width: 90%' %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Save')) %>
     <%= button(:cancel, _('Cancel'), :action => 'index') %>
   <% end %>
@@ -4,14 +4,14 @@
   <%= form_tag do %>
     <%= labelled_form_field(_('Portal identifier'), text_field_tag('portal_community_identifier', @portal_community.identifier, :size => 40) ) %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button 'save', _('Save'), :cancel => { :action => 'index' }  %>
     <% end %>
   <% end %>
 <% else %>
   <%= _('Portal identifier: %s').html_safe % link_to(@portal_community.identifier, @portal_community.url) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%if @portal_community.environment.enabled?('use_portal_community') %>
       <%= button 'cancel', _('Disable'), {:action => 'manage_portal_community', :activate => 0} %>
     <% else %>
@@ -37,7 +37,7 @@
     <%= _('The same order in which you arrange the folders here will be used for arranging the boxes in the environment initial page.') %>
   </p>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button 'save', _('Save'), :cancel => {:action => 'index'} %>
   <% end %>
 <% end %>
@@ -6,7 +6,7 @@
   <%= labelled_form_field _('Number of portal news'), select(:environment, :portal_news_amount, (0..10).to_a) %>
   <%= labelled_form_field _('Number of news by folder'), select(:environment, :news_amount_by_folder, (1..10).to_a) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Save')) %>
     <%= button(:cancel, _('Cancel'), :action => 'index') %>
   <% end %>
@@ -20,7 +20,7 @@
   <% tabs << {:title => _('Signup introduction text'), :id => 'signup-intro',
     :content => (render :partial => 'signup_intro', :locals => {:f => f})} %>
   <%= render_tabs(tabs) %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Save'), :cancel => {:action => 'index'}) %>
   <% end %>
 <% end %>
@@ -2,6 +2,8 @@
   <%= hidden_field_tag 'block[links][][icon]', icon %>
   <span class='icon-<%= icon %>' style='display:block; width:16px; height:16px;'></span>
   <div class="icon-selector" style='display:none;'>
-     <%= @block.icons_options.join %>
+    <% @block.icons.map do |i| %>
+      <%= content_tag('span', '', :title => i[1], :class => "icon-#{i[0]}", :onclick => "changeIcon(this, '#{i[0]}')") %>
+    <% end %>
   </div>
 </div>
@@ -35,7 +35,7 @@
       </div>
     <% end %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button(:save, _('Save')) %>
       <%= modal_close_button(_('Cancel')) %>
     <% end %>
@@ -3,7 +3,7 @@
  
 <h1><%= _('Editing sideboxes')%></h1>
  
-<% button_bar :class=>'design-menu' do %>
+<%= button_bar :class=>'design-menu' do %>
   <%= button(:back, _('Back to control panel'), :controller => (profile.nil? ? 'admin_panel': 'profile_editor')) %>
 <% end %>
  
@@ -28,7 +28,7 @@
     <%= file_field_or_thumbnail(_('Image:'), @category.image, i) %>
   <% end %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save'), :cancel => {:action => 'index'}) %>
   <% end%>
 <% end %>
@@ -9,7 +9,7 @@
   <%= labelled_radio_button _('Folder'), :folder_type, 'Folder', false %>
  
   <%= labelled_form_field _('Name:'), text_field_tag(:new_folder, nil, 'data-url' => url_for({:action => 'new', :profile => profile.identifier})) %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:newfolder, _('Create')) %>
   <% end %>
 <% end %>
-<%= labelled_form_field(_('Publish date'), date_field('article[published_at]', @article.published_at || DateTime.current, {:max_date => '+0d', :date_format => 'yy-mm-dd'}, {:id => "article_published_at"})) %>
+<%= labelled_form_field(_('Publish date'), date_field('article[published_at]', @article.published_at || DateTime.current, {:max_date => '+0d', :time => true}, {:id => "article_published_at"})) %>
@@ -12,7 +12,7 @@
  
 <%= hidden_field_tag('back_to', @back_to) %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button_to_function :add, _('More files'), "add_new_file_fields()" %>
   <% if @back_to %>
     <%= submit_button :save, _('Upload'), :cancel => @back_to %>
@@ -12,7 +12,7 @@
     <% end %>
   </strong>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Yes, I want.') %>
     <%= button :cancel, _("No, I don't want."), @article.url %>
   <% end %>
@@ -21,7 +21,7 @@
     </div>
   <% end %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Save') %>
     <%= submit_button :save, _('Save and continue'), :name => "continue" %>
   <% end %>
@@ -48,7 +48,7 @@
     <%= options_for_article(@article, @tokenized_children) %>
   </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Save') %>
  
     <% if @back_to %>
@@ -25,7 +25,7 @@
         <%= hidden_field_tag :back_to, @back_to %>
         <%= labelled_form_field _('Title'), text_field_tag('name', @article.name) %>
  
-        <% button_bar do %>
+        <%= button_bar do %>
           <%= submit_button 'spread', _('Spread this') %>
         <% end %>
       <% end %>
@@ -41,7 +41,7 @@
         <% search_action = url_for(:action => 'search_communities_to_publish') %>
         <%= token_input_field_tag(:q, 'search-communities-to-publish', search_action, { :hint_text => _('Type in a search for your community'), :zindex => 10000, :focus => false }) %>
         <%= labelled_form_field _('Title'), text_field_tag('name', @article.name) %>
-        <% button_bar do %>
+        <%= button_bar do %>
           <%= submit_button 'spread', _('Spread this') %>
         <% end %>
       <% end %>
@@ -58,7 +58,7 @@
         <%= hidden_field_tag :back_to, @back_to %>
         <%= labelled_form_field _('Title'), text_field_tag('name', @article.name) %>
  
-        <% button_bar do %>
+        <%= button_bar do %>
           <%= submit_button 'spread', _('Spread this') %>
         <% end %>
       <% end %>
@@ -5,7 +5,7 @@
     <%= hidden_field_tag :back_to, @back_to %>
     <%= labelled_text_field _('Title') + ': ', :name, @article.name, :style => 'width: 100%' %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button 'spread', _('Spread this'), :cancel => @back_to %>
     <% end %>
   <% end %>
@@ -14,7 +14,7 @@
     <%= _("There is no portal community in this environment.") %>
   </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button :back, _('Back'), :controller => 'cms' %>
   <% end %>
 <% end %>
@@ -23,7 +23,7 @@
  
   <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) unless logged_in? %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Save') %>
     <%= button :cancel, _('Cancel'), @back_to %>
   <% end %>
@@ -14,7 +14,7 @@
   </div>
 <% end %>
  
-<% button_bar(:style => 'margin-bottom: 1em;') do %>
+<%= button_bar(:style => 'margin-bottom: 1em;') do %>
   <% parent_id = ((@article && @article.allow_children?) ? @article : nil) %>
  
   <%= modal_button('new', _('New content'), url_for({:action => 'new', :parent_id => parent_id, :cms => true}).html_safe) %>
@@ -4,6 +4,6 @@
 <%= _('By categorizing your content, you increase the possibility that other people access it. When they are looking for, say, articles about Bahia and you categorize your article in "Regions/Bahia", then there is a good change that your article is going to be found.') %>
 </p>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= modal_close_button _('Close') %>
 <% end %>
@@ -8,7 +8,7 @@
   <div id="recaptcha-container" style="display: none">
     <h3><%= _('Please type the two words below') %></h3>
     <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button_to_function :add, _('Confirm'), "return false", :id => "confirm-captcha" %>
       <%= button_to_function :cancel, _('Cancel'), "noosfero.modal.close()" %>
     <% end %>
@@ -87,7 +87,7 @@ function check_captcha(button, confirm_action) {
  
   <%= safe_join(@plugins.dispatch(:comment_form_extra_contents, local_assigns.merge(:comment => @comment)).collect { |content| instance_exec(&content) }, "") %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('add', _('Post comment'), :onclick => "if(check_captcha(this)) { save_comment(this) } else { check_captcha(this, save_comment)};return false;") %>
     <% if !edition_mode %>
       <%= button :cancel, _('Cancel'), '', :id => 'cancel-comment' %>
@@ -36,7 +36,7 @@ function submit_comment_form(button) {
   <div id="recaptcha-container" style="display: none">
     <h3><%= _('Please type the two words below') %></h3>
     <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button_to_function :add, _('Confirm'), "return false", :id => "confirm-captcha" %>
       <%= button_to_function :cancel, _('Cancel'), "noosfero.modal.close()" %>
     <% end %>
@@ -73,7 +73,7 @@ function submit_comment_form(button) {
   <%= hidden_field_tag(:confirm, 'false') %>
   <%= hidden_field_tag(:view, params[:view])%>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('add', _('Post comment'), :onclick => "submit_comment_form(this); return false") %>
     <% if cancel_triggers_hide %>
       <%= button :cancel, _('Cancel'), '', :id => 'cancel-comment' %>
@@ -5,7 +5,7 @@
   <%= form_tag(@page.view_url.merge({:only_path => true}), {:method => 'post', :class => 'comment_form'}) do %>
     <%= hidden_field_tag(:unfollow, 'commit') %>
     <%= labelled_form_field(_('Enter your e-Mail'), text_field_tag(:email, nil, {:size => 40})) %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button(:ok, _('Cancel notifications for e-mail above') ) %>
     <% end %>
   <% end %>
@@ -4,7 +4,7 @@
  
 <div>
   <div class='blog-description'>
-    <%= blog.body %>
+    <%= (blog.body || '').html_safe %>
   </div>
 </div>
 <hr class="pre-posts"/>
@@ -16,7 +16,7 @@
   <p><%= @page.terms_of_use %></p>
  
   <%= form_tag @page.url.merge(:terms_accepted => true) do %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <% if user %>
         <%= submit_button :save, _("Accept")  %>
       <% else %>
@@ -8,7 +8,7 @@
     <%= _('There are no validators to validate the registration of this new enterprise. Contact your administrator for instructions.') %>
   </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button :back, _('Go back'), { :profile => current_user.person.identifier, :action=>"enterprises", :controller=>"profile" }%>
   <% end %>
 <% else %>
@@ -36,7 +36,7 @@
  
     <%= template_options(:enterprises, 'create_enterprise')%>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button('next', _('Next'), :cancel => {:profile => current_user.person.identifier, :action=>"enterprises", :controller=>"profile"}) %>
     <% end %>
   <% end %>
@@ -4,7 +4,7 @@
  
 <%= render :partial => 'shared/template_welcome_page', :locals => {:template => @enterprise.template, :header => _("What can I do with a %s?")} %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Back'), {:controller => 'memberships', :action => 'index', :profile => user.identifier} %>
 <% end %>
  
@@ -22,7 +22,7 @@
   <% end %>
   </table>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button 'save', _('Confirm') %>
   <% end %>
 <% end %>
@@ -15,7 +15,7 @@
 <p><%= _('If this enterprise passes the criteria to be considered an solidarity enconomy enterprise, you can approve it by click the button below.') %></p>
  
 <%= form_tag :action => 'approve', :id => @pending.code do %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('approve', _('Approve')) %>
   <% end %>
 <% end %>
@@ -27,7 +27,7 @@
 <%= form_tag :action => 'reject', :id => @pending.code do %>
   <%= labelled_form_field(_('Please provide an explanation for the rejection. This explanation will be sent to the requestor (required).'), text_area_tag('reject_explanation'))%>
   <div>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button('reject', _('Reject')) %>
     <% end %>
   </div>
@@ -5,7 +5,7 @@
 <%= labelled_form_for :info do |f| %>
   <%= f.text_area(:validation_methodology, :cols => 50, :rows => 10) %>
   <%= f.text_area(:restrictions, :cols => 50, :rows => 7) %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save'), :cancel => {:action => 'index'}) %>
   <% end %>
 <% end %>
 <h1><%= _('Enterprise validations') %></h1>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:edit, _('Edit validation info'), { :action => 'edit_validation_info' }) %>
   <%= button(:back, _('Go Back'), { :controller => 'profile_editor' }) %>
 <% end %>
@@ -3,7 +3,7 @@
 <%= form_tag( {:action => 'give_role'}, {:method => :post}) do %>
   <%= select_tag 'role', options_for_select(@roles.map{|r|[r.name,r.id]})  %>
   <%= hidden_field_tag 'person', current_user.person.id %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('affiliate', _('Affiliate', :cancel => {:action => 'index'}) %>
   <% end %>
 <% end %>
@@ -7,7 +7,7 @@
   <% end %>
   <%= hidden_field_tag 'person', @admin.id %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save changes'), :cancel => {:action => 'index'})  %>
   <% end %>
 <% end %>
@@ -9,7 +9,7 @@
   <% @roles.each do |r| %>
     <%= labelled_form_field(r.name, (check_box_tag "roles[]", r.id)) %>
   <% end %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button( 'save', _('Make'), :cancel => {:action => 'index'} ) %>
   <% end %>
 <% end %>
@@ -3,6 +3,6 @@
  
 <br style="clear:both" />
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:back, _('Back'), :controller => 'admin_panel', :action => 'index') %>
 <% end %>
@@ -23,7 +23,7 @@
 </p>
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:back, _('Go back'), :controller => 'profile_editor') %>
 <% end %>
  
@@ -55,7 +55,7 @@
 </script>
  
 <div>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save changes'), :id=>"save_community_fields") %>
     <%= button :back, _('Back to admin panel'), :controller => 'admin_panel', :action => 'index' %>
   <% end %>
@@ -22,7 +22,7 @@
   </fieldset>
 </div>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:save, _('Save'), 'javascript: void()', :onClick => "submit_custom_field_form('##{format_values_id}', '##{form_id}');") %>
 <% end %>
  
@@ -55,7 +55,7 @@
 </script>
  
 <div>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save changes'), :id=>"save_enterprise_fields") %>
     <%= button :back, _('Back to admin panel'), :controller => 'admin_panel', :action => 'index' %>
   <% end %>
@@ -55,7 +55,7 @@
 </script>
  
 <div>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save changes'), :id=>"save_person_fields") %>
     <%= button :back, _('Back to admin panel'), :controller => 'admin_panel', :action => 'index' %>
   <% end %>
@@ -29,7 +29,7 @@
           </tr>
         </thead>
         <tfoot>
-          <tr><td colspan=3><%= button(:add, _('Add option'), 'javascript: void()', :id => "btn_opt_#{id}", :onclick => "add_content('##{id} .custom-field-extras', $('#btn_opt_#{id}').attr('value'), 'EXTRAS_ID');", :value => "#{render_extras_field(id)}") %></td></tr>
+          <tr><td colspan=3><%= button(:add, _('Add option'), 'javascript: void()', :id => "btn_opt_#{id}", :onclick => "add_content('##{id} .custom-field-extras', $('#btn_opt_#{id}').attr('value'), 'EXTRAS_ID');", :value => "#{render_extras_field(id)}".html_safe) %></td></tr>
         </tfoot>
         <tbody class="custom-field-extras">
           <% if !field.extras.blank?%>
@@ -69,7 +69,7 @@ Check all the features you want to enable for your environment, uncheck all the 
 <hr/>
  
 <div>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save changes')) %>
     <%= button :back, _('Back to admin panel'), :controller => 'admin_panel', :action => 'index' %>
   <% end %>
 <h1><%= _("Connections with %s") % @suggestion.suggestion.name %></h1>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:back, _('Go to friends list'), :controller => 'friends') %>
 <% end %>
  
@@ -12,7 +12,7 @@
     </p>
   <% end %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
     <%= button(:search, _('Find people'), :controller => 'search', :action => 'assets', :asset => 'people') %>
     <% unless @plugins.dispatch(:remove_invite_friends_button).include?(true) %>
 <h1><%= _("Friends suggestions for %s") % profile.name %></h1>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:back, _('Go to friends list'), :controller => 'friends') %>
 <% end %>
  
@@ -34,7 +34,7 @@
     <%= labelled_form_field(_("Password") + ":", password_field_tag(:password)) %>
   </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:forward, _("Next")) %>
   <% end %>
   <p><%= _("We won't store your password or contact anyone without your permission.") %></p>
@@ -24,7 +24,7 @@
       { :hint_text => _('Type in the person\'s %{search_fields}') % {:search_fields => @search_fields},
         :focus => false }) %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button('save', _('Invite'))%>
       <%= button('cancel', _('Cancel'), profile.url)%>
     <% end %>
@@ -32,7 +32,7 @@
  
   <%= render :partial => 'invite/personalize_invitation_mail', :locals => {:mail_template => @mail_template } %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:ok, _("Invite!")) %>
   <% end %>
 <% end %>
@@ -5,7 +5,7 @@
   <%= required labelled_form_field(_('Name'), f.text_field(:name)) %>
   <%= labelled_form_field(_('License url'), f.text_field(:url)) %>
  
- <% button_bar do %>
+ <%= button_bar do %>
    <%= submit_button('save', _('Save'))%>
    <%= button('cancel', _('Cancel'), {:action => 'index'})%>
   <% end %>
@@ -16,7 +16,7 @@
   <% end %>
 </table>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:add, _('Add a new license'), :action => 'create')%>
   <%= button :back, _('Back to admin panel'), :controller => 'admin_panel' %>
 <% end %>
@@ -6,7 +6,7 @@
  
   <p><%= _('You already request activation of your mailbox. Please wait until an administrator approves your request.') %></p>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button :back, _('Back to control panel'), :controller => 'profile_editor' %>
   <% end %>
  
@@ -21,10 +21,10 @@
     <h2><%= _('Configuration') %></h2>
     <ul>
       <li>
-      <%= link_to _('Mail configuration for POP and IMAP'), 'http://www.ynternet.org/move/infos-technique-pour-utiliser-multypass-pop3-smtp-imap-ftp-quotas...' %>  
+      <%= link_to _('Mail configuration for POP and IMAP'), 'http://www.ynternet.org/move/infos-technique-pour-utiliser-multypass-pop3-smtp-imap-ftp-quotas...' %>
       </li>
     </ul>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button :back, _('Back to control panel'), :controller => 'profile_editor' %>
     <% end %>
  
@@ -33,7 +33,7 @@
     <h2><%= _("Enable e-Mail account below:") %></h2>
     <ul><%= safe_join(profile.email_addresses.map{|i| content_tag('li', i)}, "\n") %></ul>
     <blockquote><%= _("You'll be able to access a webmail from your user menu.") %></blockquote>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button(:ok, _('Enable e-Mail'), { :action => 'enable' }, :method => 'post') %>
       <%= button :back, _('Back to control panel'), :controller => 'profile_editor' %>
     <% end %>
@@ -11,7 +11,7 @@
     <%= labelled_form_field _('City'), f.text_field(:city) %>
     <%= labelled_form_field _('ZIP code'), text_field(:profile_data, :zip_code) %>
     <%= labelled_form_field _('Address (street and number)'), text_field(:profile_data, :address) %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button_to_function :search, _('Locate in the map'), "addressToPoint()", :title => _("Locate the address informed above in the map below (note that you'll probably need to adjust the marker to get a precise position)")  %>
       <%= submit_button 'save', _('Save') %>
       <%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
 <h1><%= _("Connections with %s") % @suggestion.suggestion.name %></h1>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:back, _('Go to groups list'), :controller => 'memberships') %>
 <% end %>
  
@@ -2,7 +2,7 @@
  
 <h1><%= _('Manage my groups') %></h1>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:add, _('Create a new community'), :controller => 'memberships', :action => 'new_community') %>
   <%= button :add, _('Register a new enterprise'), :controller => 'enterprise_registration' if environment.enabled?('enterprise_registration') %>
   <%= button :back, _('Go back'), :controller => 'profile_editor' %>
@@ -48,7 +48,7 @@
  
   <%= hidden_field_tag('back_to', @back_to) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Create')) %>
     <%= button(:cancel, _('Cancel'), @back_to ) %>
   <% end %>
 <h1><%= _("Communities suggestions for %s") % profile.name %></h1>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:back, _('Go to groups list'), :controller => 'memberships') %>
 <% end %>
  
@@ -4,6 +4,6 @@
  
 <%= render :partial => 'shared/template_welcome_page', :locals => {:template => @community.template, :header => _("What can I do with a %s?")} %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Back'), @back_to %>
 <% end %>
@@ -22,7 +22,7 @@
  
   <%= render :partial => 'results' %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button :back, _('Back'), :controller => 'admin_panel' %>
   <% end %>
 <% end %>
@@ -26,7 +26,7 @@
   </table>
  
 <div>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save changes')) %>
     <%= button :back, _('Back to admin panel'), :controller => 'admin_panel', :action => 'index' %>
   <% end %>
@@ -45,7 +45,7 @@
   </div>
  
   <% if logged_in? && (user == profile || user == comment.author || user.has_permission?(:moderate_comments, profile)) %>
-    <% button_bar(:style => 'float: right; margin-top: 0px;') do %>
+    <%= button_bar(:style => 'float: right; margin-top: 0px;') do %>
       <%= link_to_function(_('Remove'), 'remove_item_wall(this, \'%s\', \'%s\', \'%s\'); return false ;' % [".article-comment", url_for(:profile => params[:profile], :action => :remove_comment, :comment_id => comment.id, :view => params[:view]), _('Are you sure you want to remove this comment and all its replies?')], :class => 'button icon-button icon-delete') %>
     <% end %>
   <% end %>
@@ -5,7 +5,7 @@
 <div class='private-profile-message'><%= @message %></div>
 <div class='private-profile-description'><%= profile.description %></div>
  
-<% button_bar do %>
+<%= button_bar do %>
   <% if @action == :join && logged_in? %>
     <%= join_community_button({:logged => true}) %>
   <% end %>
@@ -3,7 +3,7 @@
     <%= link_to(profile_image(activity.user, :minor), activity.user.url) %>
   </div>
   <div class='profile-activity-description'>
-    <p class='profile-activity-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p>
+    <p class='profile-activity-text'><%= link_to activity.user.name, activity.user.url %> <%= describe(activity).html_safe %></p>
     <p class='profile-activity-time'><%= time_ago_in_words(activity.created_at) %></p>
     <div class='profile-wall-actions'>
       <%= link_to_function(_('Remove'), 'remove_item_wall(this, \'%s\', \'%s\', \'%s\'); return false ;' % [".profile-activity-item", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]), _('Are you sure you want to remove this activity and all its replies?')]) if logged_in? && current_person == @profile %>
@@ -14,7 +14,7 @@
   </div>
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Go back'), { :controller => 'profile' } %>
   <%= button :add, _('Create a new community'),
       :controller => 'memberships', :action => 'new_community' if logged_in? && user == profile %>
@@ -8,7 +8,7 @@
 <% end %>
 </ul>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Go back'), { :controller => 'profile' } %>
   <%= button :add, _('Register a new enterprise'), :controller => 'enterprise_registration' if logged_in? && environment.enabled?('enterprise_registration') %>
 <% end %>
@@ -8,7 +8,7 @@
 <% end %>
 </ul>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Go back'), { :controller => 'profile' }%>
 <% end %>
  
@@ -8,7 +8,7 @@
 <% end %>
 </ul>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Go back'), { :controller => 'profile' }%>
 <% end %>
  
@@ -14,7 +14,7 @@
   </div>
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Go back'), { :controller => 'profile' } %>
   <% if user == profile %>
     <%= button :edit, _('Manage my friends'), :controller => 'friends', :action => 'index', :profile => profile.identifier %>
@@ -36,7 +36,7 @@
   </div><!-- end of class="profile-members-tabs-container" -->
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Go back'), { :controller => 'profile' } %>
   <% if profile.community? and user %>
     <% if user.has_permission?(:invite_members, profile) %>
@@ -3,7 +3,7 @@
 <p><%= _('Are you sure you want to delete this profile?') %></p>
 <p><%= _('You must be aware that all content of this profile (articles, events, files and pictures) will also be deleted.') %></p>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:remove, _('Yes, I am sure'), {:action => 'destroy_profile'}, :method => :post) %>
   <%= button(:cancel, _('No, I gave up'), profile.url) %>
 <% end %>
@@ -67,13 +67,13 @@
  
   <%= select_categories(:profile_data, _('Select the categories of your interest'), 2) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save'), :cancel => {:action => 'index'}) %>
     <%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
   <% end %>
  
   <% if user && user.has_permission?('destroy_profile', profile) %>
-    <% button_bar(:id => 'delete-profile') do %>
+    <%= button_bar(:id => 'delete-profile') do %>
  
       <% if !environment.enabled?('forbid_destroy_profile') || user.is_admin?(environment) %>
         <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %>
@@ -24,7 +24,7 @@
     <%= text_area_tag(:custom_header, @header, :style => 'width: 100%; height: 150px;', :class => 'mceEditor') %>
     <h2><%= _('Content for footer') %></h2>
     <%= text_area_tag(:custom_footer, @footer, :style => 'width: 100%; height: 150px;', :class => 'mceEditor') %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button(:save, _('Save')) %>
       <%= button(:cancel, _('Cancel'), :action => 'index') %>
     <% end %>
@@ -13,7 +13,7 @@
     <%= _('This page will be displayed to the user after his signup with this template.') %>
   </div>
  
-  <% button_bar do%>
+  <%= button_bar do%>
     <%= submit_button('save',  _('Save'), :cancel => @back_to) %>
   <% end %>
 <% end %>
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Back'), :controller => 'profile_editor' %>
   <%= button :add, _('Add members'), :action => 'add_members' if profile.enterprise? %>
   <% if profile.community? and user.has_permission?(:invite_members, profile) %>
@@ -5,7 +5,7 @@
     <%= hidden_field_tag(:last_admin, true) if from == 'last_admin'%>
   <% end %>
  
-  <% button_bar(:style => 'margin-top: 30px;') do %>
+  <%= button_bar(:style => 'margin-top: 30px;') do %>
     <%= submit_button('save', _('Save'))%>
     <%= button('cancel', _('Cancel'), {:controller => 'profile_editor'})%>
   <% end %>
@@ -3,7 +3,7 @@
 <%= form_tag( {:action => 'give_role'}, {:method => :post}) do %>
   <%= select_tag 'role', options_for_select(@roles.map{|r|[r.name,r.id]})  %>
   <%= hidden_field_tag 'person', current_user.person.id %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('affiliate', _('Affiliate'), :cancel => {:action => 'index'}) %>
   <% end %>
 <% end %>
@@ -24,7 +24,7 @@
   <% end %>
   <%= hidden_field_tag 'person', @member.id %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save',  _('Save changes'), :cancel => {:action => 'index'}) %>
   <% end %>
 <% end %>
@@ -16,7 +16,7 @@
   </div>
   <% end %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', (mode == :edit) ? _('Save changes') : _('Create role'), :cancel => {:action => 'index'} ) %>
   <% end %>
 <% end %>
@@ -17,7 +17,7 @@
     <%=token_input_field_tag(:person_id, 'search-profile-members', {:action => 'assign_role_by_members'},
     {:focus => false, :hint_text => _('Select members to assign the role')}) %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button(:forward, _("Confirm")) %>
     <% end %>
   </div>
@@ -28,7 +28,7 @@
     <% @roles_list.each do |role| %>
       <%= labelled_radio_button role.name , :selected_role, role.id , false, :class => "selected_role" %> <br>
     <% end %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button('save',_('Confirm'), :cancel => {:action => 'index'} ) %>
     <% end %>
   </div>
@@ -4,7 +4,7 @@
   <p><%= _('This role is not being currently used.')%></p>
   <p><%= _('Are you sure you want to delete this role?') %></p>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button(:remove, _('Yes, I am sure'), {:action => 'remove', :id => @role.id}, :method => :post) %>
     <%= button(:cancel, _('No, I gave up'), {:action => 'index'}) %>
   <% end %>
@@ -16,7 +16,7 @@
       <%= check_box_tag("roles[]", role.id, false ,{:id => role.key}) %>
       <%= content_tag(:label, role.name, { :for => role.key }) %><br/>
     <% end %>
-    <% button_bar do %>
+    <%= button_bar do %>
     <%= submit_button('save',_('Delete role'), :cancel => {:action => 'index'} ) %>
     <% end %>
   <% end %>
@@ -21,7 +21,7 @@
   <% end %>
 </table>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :add, _('Create a new role'), :action => 'new' %>
   <%= button :back, _('Back to control panel'), :controller => 'profile_editor' %>
 <% end %>
@@ -3,11 +3,11 @@
 <h3> <%= _('Permissions') %> </h3>
 <ul>
   <% @role.permissions.each do |p| %>
-    <li> <%= permission_name(p) %> </li> 
+    <li> <%= permission_name(p) %> </li>
   <% end %>
 </ul>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :edit, _('Edit'), :action => 'edit', :id => @role %>
   <%= button :back, _('Back to roles management'), :action => 'index' %>
 <% end %>
@@ -3,7 +3,7 @@
 <%= form_tag do %>
   <%= labelled_form_field(_('File name'), text_field_tag('css')) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:add, _('Add')) %>
     <%= modal_close_button _('Cancel') %>
   <% end %>
 <%= form_tag({:action => 'add_image', :id => @theme.id}, :multipart => true) do %>
   <%= labelled_form_field(_('Choose the image file'), file_field_tag(:image)) %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:add, _('Add image')) %>
   <% end %>
 <% end %>
@@ -3,7 +3,7 @@
 <%= form_tag({:action => 'update_css', :id => @theme.id }, :name => 'csscode_form') do %>
   <%= hidden_field_tag('css', @css) %>
   <%= text_area_tag('csscode', @code, :id => "codepressWindow", :class => 'codepress css') %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Save')) %>
   <% end %>
 <% end %>
@@ -15,7 +15,7 @@
       <li><%= link_to_remote(css, :url => { :action => 'css_editor', :id => @theme.id, :css => css }, :update => { :success => 'css-code' }) %></li>
     <% end %>
   </ul>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= modal_button :add, _('New CSS'), :action => 'add_css', :id => @theme.id %>
   <% end %>
 </div>
@@ -27,7 +27,7 @@
       <li><%= image_tag("/user_themes/#{@theme.id}/images/#{image}") %></li>
     <% end %>
   </ul>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= modal_button :add, _('Add image'), :action => 'add_image', :id =>  @theme.id %>
   <% end %>
 </div>
@@ -40,7 +40,7 @@
  
 <br style="clear:both" />
  
-<% button_bar do %>
+<%= button_bar do %>
   <% if environment.enabled?('user_themes')  %>
     <%= modal_button :add, _('New theme ...'), :action => 'new' %>
   <% end %>
@@ -4,7 +4,7 @@
  
   <%= labelled_form_field(_('Name of the new theme:'), text_field_tag(:name)) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Create')) %>
   <% end %>
 <% end %>
@@ -5,7 +5,7 @@
       <%= item.name %>
       <%= form_tag :action => 'add', :id => @region do %>
         <%= hidden_field_tag :validator_id, item.id %>
-        <% button_bar do %>
+        <%= button_bar do %>
           <%= submit_button('add', _('Add')) %>
         <% end %>
       <% end %>
@@ -19,7 +19,7 @@
  
 <%= form_tag({}, { :method => 'get' }) do %>
   <%= text_field_tag :search, nil, :id => 'search_validator' %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('search', _('Search')) %>
   <% end %>
 <% end %>
@@ -16,7 +16,7 @@
   </div>
   <% end %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', (mode == :edit) ? _('Save changes') : _('Create role'), :cancel => {:action => 'index'} ) %>
   <% end %>
 <% end %>
@@ -17,7 +17,7 @@
   <% end %>
 </table>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :add, _('Create a new role'), :action => 'new' %>
   <%= button :back, _('Back to admin panel'), :controller => 'admin_panel' %>
 <% end %>
@@ -3,11 +3,11 @@
 <h3> <%= _('Permissions') %> </h3>
 <ul>
   <% @role.permissions.each do |p| %>
-    <li> <%= permission_name(p) %> </li> 
+    <li> <%= permission_name(p) %> </li>
   <% end %>
 </ul>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :edit, _('Edit'), :action => 'edit', :id => @role %>
   <%= button :back, _('Back to roles management'), :action => 'index' %>
 <% end %>
-<%= render :partial => 'search_form', :locals => { :hint => _("Type words about the %s you're looking for") % @asset.to_s.singularize } %>
+<%= render :partial => 'search_form', :locals => { :hint => _("Type words about the %s you're looking for") % _(@asset.to_s.singularize) } %>
 <%= render :partial => 'search_content' %>
  
 <div style="clear: both"></div>
@@ -2,7 +2,7 @@
   <%= _('Tagged with "%s"').html_safe % content_tag('code', @tag) %>
 </h2>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button('back', _('Back to tag cloud'), :action => 'tags') %>
 <% end %>
  
@@ -11,7 +11,7 @@
         <%= raw _('Description: %s') % group.description  + '<br/>' if group.community? %>
         <%= _('Members: %s') % group.members_count.to_s %> <br/>
         <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/>
-        <% button_bar do %>
+        <%= button_bar do %>
           <% if user.has_permission?(:edit_profile, group) %>
             <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %>
           <% end %>
@@ -9,7 +9,7 @@
       <p><%= _("If you are supposed to have access to this area, you'll probably want to talk to the people responsible and ask them to give you access.") %></p>
     <% end %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button :back, _('Go back'), :back %>
       <%= button :home, _('Go to the site home page'), :controller => 'home' %>
     <% end %>
@@ -4,7 +4,7 @@
     <%= _('You may have clicked an expired link or mistyped the address.') %>
     <%= _('If you clicked a link that was in another site, or was given to you by someone else, it would be nice if you tell them that their link is not valid anymore.') %>
     </p>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button :back, _('Go back'), :back %>
       <%= button :home, _('Go to the home page'), '/' %>
     <% end %>
@@ -5,7 +5,7 @@
  
   <p><small><em><%= _('You can move this window away to have a better visualization of specific parts of screen.') %></em></small></p>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button(:ok, _('Finished testing'), :controller => 'profile_themes', :profile => theme_owner, :action => 'stop_test', :id => current_theme) %>
     <%= button(:edit, _('Edit theme'), :controller => 'profile_themes', :profile => theme_owner, :action => 'edit', :id => current_theme) %>
   <% end %>
@@ -7,7 +7,7 @@
  
   <%= yield %> <%# ??? %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button_to_function('new', _('Mark as NOT SPAM'), 'removeTaskBox(this, %s, "%s", "")' % [url_for(:mark_task_as_ham => task.id).to_json, "task-#{task.id}"]) %>
     <%= yield :extra_buttons %>
     <%= button_to_function('delete', _('Remove'), 'removeTaskBox(this, %s, "%s", %s)' % [url_for(:profile => params[:profile], :remove_task => task.id).to_json, "task-#{task.id}", _('Are you sure you want to remove this article suggestion?').to_json]) %>
@@ -6,7 +6,7 @@
  
 <%= _('There are no spams to review.') if no_tabs %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Back to control panel'), :controller => :profile_editor %>
 <% end %>
  
@@ -20,7 +20,7 @@
 <%= render_tabs(tabs) %>
  
 <% unless no_tabs %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button :back, _('Back to control panel'), :controller => :profile_editor %>
   <% end %>
 <% end %>
@@ -41,7 +41,7 @@
   </p>
 <% else %>
   <%= form_tag tasks_url(:action => 'close') do%>
-    <% button_bar(:class => 'task-actions') do %>
+    <%= button_bar(:class => 'task-actions') do %>
       <%# FiXME button(:edit, _('View my requests'), :action => 'list_requested') %>
       <%# FIXME button('menu-mail',  _('Send request'), :action => 'new') %>
       <%= submit_button :save, _("Apply!") %>
@@ -71,7 +71,7 @@
  
     <%= pagination_links(@tasks)%>
  
-    <% button_bar(:class => 'task-actions') do %>
+    <%= button_bar(:class => 'task-actions') do %>
       <%# FiXME button(:edit, _('View my requests'), :action => 'list_requested') %>
       <%# FIXME button('menu-mail',  _('Send request'), :action => 'new') %>
       <%= submit_button :save, _("Apply!") %>
@@ -13,6 +13,6 @@
   <% end %>
 </ul>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Back'), :action => 'index' %>
 <% end %>
@@ -11,7 +11,7 @@
   <%= f.text_field :title, :style => 'width:80%;' %>
   <%= f.text_area :message, :style => 'height:200px; width:80%;' %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:ok, _('Send'), :cancel => {:action => 'index'}) %>
   <% end %>
 <% end %>
@@ -48,7 +48,7 @@
 <% end %>
 </p>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:back, _('Back'), :action => 'index') %>
 <% end %>
  
@@ -14,6 +14,6 @@
   <p><%= _('Closing statement: %s') % @ticket.closing_statment %></p>
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Back'), :action => 'index' %>
 <% end %>
@@ -11,7 +11,7 @@
 <%= form_tag do %>
   <%= labelled_text_field(_('Name')+': ', :name)%>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save'))%>
     <%= button('cancel', _('Cancel'), {:action => 'index'})%>
   <% end %>
@@ -40,6 +40,6 @@
   </div>
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Back to admin panel'), :controller => 'admin_panel' %>
 <% end %>
@@ -5,7 +5,7 @@
   <%= text_field_tag :site, @site %>
   <%= hidden_field_tag :orig_site, @site %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save changes'), :cancel => {:action => 'index'} ) %>
   <% end %>
 <% end %>
@@ -22,7 +22,7 @@
   <% end %>
 </table>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :add, _('Add a trusted site'), :action => 'new' %>
   <%= button :back, _('Back to admin panel'), :controller => 'admin_panel' %>
 <% end %>
@@ -4,7 +4,7 @@
  
   <%= text_field_tag :site, @site %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Add trusted site'), :cancel => {:action => 'index'} ) %>
   <% end %>
 <% end %>
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :'text-plain', _('User list as [CSV]'), :action => 'download.csv' %>
   <%= button :'text-html', _('User list as [XML]'), :action => 'download.xml' %>
   <%= button :send, _('Send e-mail to users'), :action => 'send_mail' %>
@@ -40,7 +40,6 @@ module Noosfero
     # Custom directories with classes and modules you want to be autoloadable.
     config.autoload_paths << config.root.join('lib')
     config.autoload_paths << config.root.join('app')
-    config.autoload_paths << config.root.join('app/jobs')
     config.autoload_paths << config.root.join('app/sweepers')
     config.autoload_paths.concat Dir["#{config.root}/app/controllers/**/"]
     config.autoload_paths << config.root.join('test', 'mocks', Rails.env)
@@ -281,3 +281,16 @@ Feature: edit article
     And I press "Save"
     Then I should not see "Language must be choosen"
     And I should be on /joaosilva/article-in-portuguese
+
+  @selenium
+  Scenario: create an article with time
+    Given I am on joaosilva's control panel
+    And I follow "Manage Content"
+    And I follow "New content"
+    When I follow "Text article with visual editor"
+    And I fill in "Title" with "My time testing Article"
+    And I fill in "Publish date" with "1980-11-15 20:37"
+    And I press "Save"
+    And I go to /joaosilva/my-time-testing-article
+    Then I should see "November 15, 1980 20:37"
+
@@ -1,160 +0,0 @@
-module AuthenticatedSystem
-
-  protected
-
-    def self.included base
-      if base < ActionController::Base
-        base.around_filter :user_set_current
-        base.before_filter :login_from_cookie
-      end
-
-      # Inclusion hook to make #current_user and #logged_in?
-      # available as ActionView helper methods.
-      base.helper_method :current_user, :logged_in?
-    end
-
-    # Returns true or false if the user is logged in.
-    # Preloads @current_user with the user model if they're logged in.
-    def logged_in?
-      current_user != nil
-    end
-
-    # Accesses the current user from the session.
-    def current_user
-      @current_user ||= begin
-        id = session[:user]
-        user = User.where(id: id).first if id
-        user.session = session if user
-        User.current = user
-        user
-      end
-    end
-
-    # Store the given user in the session.
-    def current_user=(new_user)
-      if new_user.nil?
-        session.delete(:user)
-      else
-        session[:user] = new_user.id
-        new_user.session = session
-        new_user.register_login
-      end
-      @current_user = User.current = new_user
-    end
-
-    # See impl. from http://stackoverflow.com/a/2513456/670229
-    def user_set_current
-      User.current = current_user
-      yield
-    ensure
-      # to address the thread variable leak issues in Puma/Thin webserver
-      User.current = nil
-    end
-
-    # Check if the user is authorized.
-    #
-    # Override this method in your controllers if you want to restrict access
-    # to only a few actions or if you want to check if the user
-    # has the correct rights.
-    #
-    # Example:
-    #
-    #  # only allow nonbobs
-    #  def authorize?
-    #    current_user.login != "bob"
-    #  end
-    def authorized?
-      true
-    end
-
-    # Filter method to enforce a login requirement.
-    #
-    # To require logins for all actions, use this in your controllers:
-    #
-    #   before_filter :login_required
-    #
-    # To require logins for specific actions, use this in your controllers:
-    #
-    #   before_filter :login_required, :only => [ :edit, :update ]
-    #
-    # To skip this in a subclassed controller:
-    #
-    #   skip_before_filter :login_required
-    #
-    def login_required
-      username, passwd = get_auth_data
-      if username && passwd
-        self.current_user ||= User.authenticate(username, passwd) || nil
-      end
-      if logged_in? && authorized?
-        true
-      else
-        if params[:require_login_popup]
-          render :json => { :require_login_popup => true }
-        else
-          access_denied
-        end
-      end
-    end
-
-    # Redirect as appropriate when an access request fails.
-    #
-    # The default action is to redirect to the login screen.
-    #
-    # Override this method in your controllers if you want to have special
-    # behavior in case the user is not authorized
-    # to access the requested action.  For example, a popup window might
-    # simply close itself.
-    def access_denied
-      respond_to do |accepts|
-        accepts.html do
-          if request.xhr?
-            render :text => _('Access denied'), :status => 401
-          else
-            store_location
-            redirect_to :controller => '/account', :action => 'login'
-          end
-        end
-        accepts.xml do
-          headers["Status"]           = "Unauthorized"
-          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
-          render :text => "Could't authenticate you", :status => '401 Unauthorized'
-        end
-      end
-      false
-    end
-
-    # Store the URI of the current request in the session.
-    #
-    # We can return to this location by calling #redirect_back_or_default.
-    def store_location(location = request.url)
-      session[:return_to] = location
-    end
-
-    # Redirect to the URI stored by the most recent store_location call or
-    # to the passed default.
-    def redirect_back_or_default(default)
-      if session[:return_to]
-        redirect_to(session.delete(:return_to))
-      else
-        redirect_to(default)
-      end
-    end
-
-    # When called with before_filter :login_from_cookie will check for an :auth_token
-    # cookie and log the user back in if apropriate
-    def login_from_cookie
-      return if cookies[:auth_token].blank? or logged_in?
-      user = User.where(remember_token: cookies[:auth_token]).first
-      self.current_user = user if user and user.remember_token?
-    end
-
-  private
-    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
-    # gets BASIC auth info
-    def get_auth_data
-      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
-      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
-      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
-    end
-end
@@ -1,27 +0,0 @@
-class DownloadReportedImagesJob < Struct.new(:abuse_report, :article)
-  def perform
-    images_paths = article.image? ? [File.join(article.profile.environment.top_url, article.public_filename(:display))] : article.body_images_paths
-    images_paths.each do |image_path|
-      image = get_image(image_path)
-      reported_image = ReportedImage.create!( :abuse_report => abuse_report,
-                                              :uploaded_data => image,
-                                              :filename => File.basename(image_path),
-                                              :size => image.size )
-      abuse_report.content = parse_content(abuse_report, image_path, reported_image)
-    end
-    abuse_report.save!
-  end
-
-  def get_image(image_path)
-    image = ActionController::UploadedTempfile.new('reported_image')
-    image.write(Net::HTTP.get(URI.parse(image_path)))
-    image.original_path = 'tmp/' + File.basename(image_path)
-    image.content_type = 'image/' + File.extname(image_path).gsub('.','')
-    image
-  end
-
-  def parse_content(report, old_path, image)
-    old_path = old_path.gsub(report.reporter.environment.top_url, '')
-    report.content.gsub(/#{old_path}/, image.public_filename)
-  end
-end
-
 # on STI classes tike Article and Profile, plugins' extensions
 # on associations should be reflected on descendants
 module ActiveRecord
   module Reflection
-
-    class << self
-
-      def add_reflection_with_descendants(ar, name, reflection)
-        self.add_reflection_without_descendants ar, name, reflection
-        ar.descendants.each do |k|
-          k._reflections.merge!(name.to_s => reflection)
-        end if ar.base_class == ar
+    def self.add_reflection(ar, name, reflection)
+      (ar.descendants << ar).each do |klass|
+        klass.clear_reflections_cache
+        klass._reflections = klass._reflections.merge(name.to_s => reflection)
       end
-
-      alias_method_chain :add_reflection, :descendants
-
     end
   end
 end
@@ -1,11 +0,0 @@
-class GetEmailContactsJob < Struct.new(:import_from, :login, :password, :contact_list_id)
-  def perform
-    begin
-      Invitation.get_contacts(import_from, login, password, contact_list_id)
-    rescue Contacts::AuthenticationError => ex
-      ContactList.exists?(contact_list_id) && ContactList.find(contact_list_id).register_auth_error
-    rescue Exception => ex
-      ContactList.exists?(contact_list_id) && ContactList.find(contact_list_id).register_error
-    end
-  end
-end
@@ -1,10 +0,0 @@
-class InvitationJob < Struct.new(:person_id, :contacts_to_invite, :message, :profile_id, :contact_list_id, :locale)
-  def perform
-    Noosfero.with_locale(locale) do
-      person = Person.find(person_id)
-      profile = Profile.find(profile_id)
-      Invitation.invite(person, contacts_to_invite, message, profile)
-      ContactList.exists?(contact_list_id) && ContactList.find(contact_list_id).destroy
-    end
-  end
-end
@@ -1,22 +0,0 @@
-class LogMemoryConsumptionJob < Struct.new(:last_stat)
-  # Number of entries do display
-  N = 20
-
-  def perform
-    logpath = File.join(Rails.root, 'log', "#{ENV['RAILS_ENV']}_memory_consumption.log")
-    logger = Logger.new(logpath)
-    stats = Hash.new(0)
-    ObjectSpace.each_object {|o| stats[o.class.to_s] += 1}
-    i = 1
-
-    logger << "[#{Time.now.strftime('%F %T %z')}]\n"
-    stats.sort {|(k1,v1),(k2,v2)| v2 <=> v1}.each do |k,v|
-      logger << (sprintf "%-60s %10d", k, v)
-      logger << (sprintf " | delta %10d", (v - last_stat[k])) if last_stat && last_stat[k]
-      logger << "\n"
-      break if i > N
-      i += 1
-    end
-    logger << "\n"
-  end
-end
@@ -1,8 +0,0 @@
-class MailingJob < Struct.new(:mailing_id)
-  def perform
-    mailing = Mailing.find(mailing_id)
-    Noosfero.with_locale(mailing.locale) do
-      mailing.deliver
-    end
-  end
-end
@@ -1,44 +0,0 @@
-class NotifyActivityToProfilesJob < Struct.new(:tracked_action_id)
-  NOTIFY_ONLY_COMMUNITY = [
-    'add_member_in_community'
-  ]
-
-  NOT_NOTIFY_COMMUNITY = [
-    'join_community'
-  ]
-  def perform
-    return unless ActionTracker::Record.exists?(tracked_action_id)
-    tracked_action = ActionTracker::Record.find(tracked_action_id)
-    return unless tracked_action.user.present?
-    target = tracked_action.target
-    if target.is_a?(Community) && ( NOTIFY_ONLY_COMMUNITY.include?(tracked_action.verb) || ! target.public_profile )
-      ActionTrackerNotification.create(:profile_id => target.id, :action_tracker_id => tracked_action.id)
-      return
-    end
-
-    # Notify the user
-    ActionTrackerNotification.create(:profile_id => tracked_action.user.id, :action_tracker_id => tracked_action.id)
-
-    # Notify all friends
-    ActionTrackerNotification.connection.execute("insert into action_tracker_notifications(profile_id, action_tracker_id) select f.friend_id, #{tracked_action.id} from friendships as f where person_id=#{tracked_action.user.id} and f.friend_id not in (select atn.profile_id from action_tracker_notifications as atn where atn.action_tracker_id = #{tracked_action.id})")
-
-    if tracked_action.user.is_a? Organization
-      ActionTrackerNotification.connection.execute "insert into action_tracker_notifications(profile_id, action_tracker_id) " +
-      "select distinct accessor_id, #{tracked_action.id} from role_assignments where resource_id = #{tracked_action.user.id} and resource_type='Profile' " +
-      if tracked_action.user.is_a? Enterprise then "union select distinct person_id, #{tracked_action.id} from favorite_enterprise_people where enterprise_id = #{tracked_action.user.id}" else "" end
-    end
-
-    if target.is_a?(Community)
-      ActionTrackerNotification.create(:profile_id => target.id, :action_tracker_id => tracked_action.id) unless NOT_NOTIFY_COMMUNITY.include?(tracked_action.verb)
-
-      ActionTrackerNotification.connection.execute("insert into action_tracker_notifications(profile_id, action_tracker_id) select distinct profiles.id, #{tracked_action.id} from role_assignments, profiles where profiles.type = 'Person' and profiles.id = role_assignments.accessor_id and profiles.id != #{tracked_action.user.id} and profiles.id not in (select atn.profile_id from action_tracker_notifications as atn where atn.action_tracker_id = #{tracked_action.id}) and role_assignments.resource_type = 'Profile' and role_assignments.resource_id = #{target.id}")
-    end
-
-    if target.is_a?(Article) && target.profile.is_a?(Community)
-      ActionTrackerNotification.create(:profile_id => target.profile.id, :action_tracker_id => tracked_action.id) unless NOT_NOTIFY_COMMUNITY.include?(tracked_action.verb)
-
-      ActionTrackerNotification.connection.execute("insert into action_tracker_notifications(profile_id, action_tracker_id) select distinct profiles.id, #{tracked_action.id} from role_assignments, profiles where profiles.type = 'Person' and profiles.id = role_assignments.accessor_id and profiles.id != #{tracked_action.user.id} and profiles.id not in (select atn.profile_id from action_tracker_notifications as atn where atn.action_tracker_id = #{tracked_action.id}) and role_assignments.resource_type = 'Profile' and role_assignments.resource_id = #{target.profile.id}")
-    end
-
-  end
-end
@@ -1,22 +0,0 @@
-class ProfileSuggestionsJob < Struct.new(:person_id)
-
-  def self.exists?(person_id)
-    !find(person_id).empty?
-  end
-
-  def self.find(person_id)
-    Delayed::Job.by_handler("--- !ruby/struct:ProfileSuggestionsJob\nperson_id: #{person_id}\n")
-  end
-
-  def perform
-    logger = Delayed::Worker.logger
-    begin
-      person = Person.find(person_id)
-      ProfileSuggestion.calculate_suggestions(person)
-      UserMailer.profiles_suggestions_email(person).deliver if person.email_suggestions
-    rescue Exception => exception
-      logger.error("Error with suggestions for person ID %d: %s" % [person_id, exception.to_s])
-    end
-  end
-
-end
@@ -1,6 +0,0 @@
-class UserActivationJob < Struct.new(:user_id)
-  def perform
-    user = User.find(user_id)
-    user.destroy unless user.activated? || user.person.is_template? || user.moderate_registration_pending?
-  end
-end
@@ -10,7 +10,7 @@ class AdminNotificationsPluginMyprofileController &lt; MyProfileController
   end
  
   def admin_required
-    redirect_to :root unless target.is_admin?(current_person)
+    redirect_to :root unless (current_person.is_admin? || target.is_admin?(current_person))
   end
  
 end
@@ -0,0 +1,191 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2016-05-17 15:38-0300\n"
+"PO-Revision-Date: 2016-05-17 15:38-0300\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
+
+#: ../lib/admin_notifications_plugin.rb:8
+msgid "A plugin for notifications."
+msgstr ""
+
+#: ../lib/admin_notifications_plugin.rb:29
+msgid "Notification Manager"
+msgstr ""
+
+#: ../lib/admin_notifications_plugin.rb:35
+msgid "Manage Notifications"
+msgstr ""
+
+#: ../lib/admin_notifications_plugin/notification_manager.rb:14
+msgid "Notification successfully created"
+msgstr ""
+
+#: ../lib/admin_notifications_plugin/notification_manager.rb:17
+msgid "Notification couldn't be created"
+msgstr ""
+
+#: ../lib/admin_notifications_plugin/notification_manager.rb:26
+msgid "The notification was deleted."
+msgstr ""
+
+#: ../lib/admin_notifications_plugin/notification_manager.rb:28
+msgid "Could not remove the notification"
+msgstr ""
+
+#: ../lib/admin_notifications_plugin/notification_manager.rb:38
+msgid "The notification was edited."
+msgstr ""
+
+#: ../lib/admin_notifications_plugin/notification_manager.rb:40
+msgid "Could not edit the notification."
+msgstr ""
+
+#: ../lib/admin_notifications_plugin/notification_manager.rb:52
+msgid "The status of the notification was changed."
+msgstr ""
+
+#: ../lib/admin_notifications_plugin/notification_manager.rb:54
+msgid "Could not change the status of the notification."
+msgstr ""
+
+#: ../views/shared/_form.html.erb:5
+msgid "Back"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:11
+msgid "Optional Title:"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:13
+msgid "Enter your message here:"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:15
+msgid ""
+"Obs: You can use %{name} and %{email} variables to put the user's name and ema"
+"il in the message."
+msgstr ""
+
+#: ../views/shared/_form.html.erb:18
+msgid "Notifications Status"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:18
+msgid "Active"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:18
+msgid "Inactive"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:20
+msgid "Notifications Color/Type"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:20
+msgid "Blue - Information"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:20
+msgid "Yellow - Warning"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:20
+msgid "Green - Success"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:20
+msgid "Red - Danger"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:23
+msgid "Display only in the profile homepage"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:23
+msgid "Display only in the homepage"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:27
+msgid "Display to not logged users too"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:31
+msgid "Display popup until user close the notification"
+msgstr ""
+
+#: ../views/shared/_form.html.erb:35
+msgid "Save"
+msgstr ""
+
+#: ../views/shared/_notifications_list.html.erb:3
+#: ../views/shared/_notifications_list.html.erb:16
+msgid "Notifications"
+msgstr ""
+
+#: ../views/shared/_notifications_list.html.erb:7
+msgid "New Notification"
+msgstr ""
+
+#: ../views/shared/_notifications_list.html.erb:10
+msgid "Back to control panel"
+msgstr ""
+
+#: ../views/shared/_notifications_list.html.erb:19
+msgid "Actions"
+msgstr ""
+
+#: ../views/shared/_notifications_list.html.erb:30
+msgid "Deactivate"
+msgstr ""
+
+#: ../views/shared/_notifications_list.html.erb:30
+#: ../views/shared/_notifications_list.html.erb:32
+msgid "Do you want to change the status of this notification?"
+msgstr ""
+
+#: ../views/shared/_notifications_list.html.erb:32
+msgid "Activate"
+msgstr ""
+
+#: ../views/shared/_notifications_list.html.erb:34
+msgid "Edit"
+msgstr ""
+
+#: ../views/shared/_notifications_list.html.erb:35
+msgid "Delete"
+msgstr ""
+
+#: ../views/shared/_notifications_list.html.erb:35
+msgid "Do you want to delete this notification?"
+msgstr ""
+
+#: ../views/shared/show_notification.html.erb:8
+msgid "There are active notifications in this environment!"
+msgstr ""
+
+#: ../views/shared/show_notification.html.erb:9
+msgid "Manage all notifications here."
+msgstr ""
+
+#: ../views/shared/show_notification.html.erb:28
+msgid "Do not show anymore"
+msgstr ""
+
+#: ../views/shared/show_notification.html.erb:29
+msgid "Hide for now"
+msgstr ""
@@ -1,187 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the PACKAGE package.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
-#
-#, fuzzy
-msgid ""
-msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-03-31 15:02-0300\n"
-"PO-Revision-Date: 2016-03-31 15:02-0300\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
-
-#: ../lib/notification_plugin.rb:8
-msgid "A plugin for notifications."
-msgstr ""
-
-#: ../lib/notification_plugin.rb:29
-msgid "Notification Manager"
-msgstr ""
-
-#: ../lib/notification_plugin.rb:35
-msgid "Manage Notifications"
-msgstr ""
-
-#: ../lib/notification_plugin/notification_manager.rb:14
-msgid "Notification successfully created"
-msgstr ""
-
-#: ../lib/notification_plugin/notification_manager.rb:17
-msgid "Notification couldn't be created"
-msgstr ""
-
-#: ../lib/notification_plugin/notification_manager.rb:26
-msgid "The notification was deleted."
-msgstr ""
-
-#: ../lib/notification_plugin/notification_manager.rb:28
-msgid "Could not remove the notification"
-msgstr ""
-
-#: ../lib/notification_plugin/notification_manager.rb:38
-msgid "The notification was edited."
-msgstr ""
-
-#: ../lib/notification_plugin/notification_manager.rb:40
-msgid "Could not edit the notification."
-msgstr ""
-
-#: ../lib/notification_plugin/notification_manager.rb:52
-msgid "The status of the notification was changed."
-msgstr ""
-
-#: ../lib/notification_plugin/notification_manager.rb:54
-msgid "Could not change the status of the notification."
-msgstr ""
-
-#: ../views/shared/_form.html.erb:5
-msgid "Back"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:11
-msgid "Optional Title:"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:13
-msgid "Enter your message here:"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:15
-msgid ""
-"Obs: You can use %{name} and %{email} variables to put the user's name and ema"
-"il in the message."
-msgstr ""
-
-#: ../views/shared/_form.html.erb:18
-msgid "Notifications Status"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:18
-msgid "Active"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:18
-msgid "Inactive"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:20
-msgid "Notifications Color/Type"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:20
-msgid "Blue - Information"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:20
-msgid "Yellow - Warning"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:20
-msgid "Green - Success"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:20
-msgid "Red - Danger"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:23
-msgid "Display only in the homepage"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:27
-msgid "Display to not logged users too"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:31
-msgid "Display popup until user close the notification"
-msgstr ""
-
-#: ../views/shared/_form.html.erb:35
-msgid "Save"
-msgstr ""
-
-#: ../views/shared/_notifications_list.html.erb:3
-#: ../views/shared/_notifications_list.html.erb:16
-msgid "Notifications"
-msgstr ""
-
-#: ../views/shared/_notifications_list.html.erb:7
-msgid "New Notification"
-msgstr ""
-
-#: ../views/shared/_notifications_list.html.erb:10
-msgid "Back to control panel"
-msgstr ""
-
-#: ../views/shared/_notifications_list.html.erb:19
-msgid "Actions"
-msgstr ""
-
-#: ../views/shared/_notifications_list.html.erb:30
-msgid "Deactivate"
-msgstr ""
-
-#: ../views/shared/_notifications_list.html.erb:30
-#: ../views/shared/_notifications_list.html.erb:32
-msgid "Do you want to change the status of this notification?"
-msgstr ""
-
-#: ../views/shared/_notifications_list.html.erb:32
-msgid "Activate"
-msgstr ""
-
-#: ../views/shared/_notifications_list.html.erb:34
-msgid "Edit"
-msgstr ""
-
-#: ../views/shared/_notifications_list.html.erb:35
-msgid "Delete"
-msgstr ""
-
-#: ../views/shared/_notifications_list.html.erb:35
-msgid "Do you want to delete this notification?"
-msgstr ""
-
-#: ../views/shared/show_notification.html.erb:8
-msgid "There are active notifications in this environment!"
-msgstr ""
-
-#: ../views/shared/show_notification.html.erb:9
-msgid "Manage all notifications here."
-msgstr ""
-
-#: ../views/shared/show_notification.html.erb:28
-msgid "Do not show anymore"
-msgstr ""
-
-#: ../views/shared/show_notification.html.erb:29
-msgid "Hide for now"
-msgstr ""
@@ -0,0 +1,147 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"PO-Revision-Date: 2016-05-16 14:48-0300\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
+
+msgid "A plugin for notifications."
+msgstr "Plugin para notificações."
+
+msgid "Notification Manager"
+msgstr "Gerenciador de Notificações"
+
+msgid "Manage Notifications"
+msgstr "Gerenciar Notificações"
+
+msgid "Notification successfully created"
+msgstr "Notificação criada com sucesso"
+
+msgid "Notification couldn't be created"
+msgstr "Não foi possível criar notificação"
+
+msgid "The notification was deleted."
+msgstr "A notificação foi removida."
+
+msgid "Could not remove the notification"
+msgstr "Não foi possível remover a notificação"
+
+msgid "The notification was edited."
+msgstr "A notificação foi editada."
+
+msgid "Could not edit the notification."
+msgstr "Não foi possível editar a notificação."
+
+msgid "The status of the notification was changed."
+msgstr "O status da notificação foi modificado."
+
+msgid "Could not change the status of the notification."
+msgstr "Não foi possível alterar o status da notificação."
+
+msgid "Back"
+msgstr "Voltar"
+
+msgid "Optional Title:"
+msgstr "Título Opcional:"
+
+msgid "Enter your message here:"
+msgstr "Entre com sua mensagem aqui:"
+
+msgid ""
+"Obs: You can use %{name} and %{email} variables to put the user's name and ema"
+"il in the message."
+msgstr ""
+"Obs: Você pode usar as variáveis %{name} e %{email} para inserir o nome e emai"
+"l do usuário logado na mensagem."
+
+msgid "Notifications Status"
+msgstr "Status da Notificação"
+
+msgid "Active"
+msgstr "Ativa"
+
+msgid "Inactive"
+msgstr "Inativa"
+
+msgid "Notifications Color/Type"
+msgstr "Cor/Tipo de Notificação"
+
+msgid "Blue - Information"
+msgstr "Azul - Informação"
+
+msgid "Yellow - Warning"
+msgstr "Amarelo - Atenção"
+
+msgid "Green - Success"
+msgstr "Verde - Sucesso"
+
+msgid "Red - Danger"
+msgstr "Vermelho - Perigo"
+
+msgid "Display only in the profile homepage"
+msgstr "Apresentar apenas na página inicial do perfil"
+
+msgid "Display only in the homepage"
+msgstr "Apresentar apenas na página inicial"
+
+msgid "Display to not logged users too"
+msgstr "Apresentar também para usuários não logados"
+
+msgid "Display popup until user close the notification"
+msgstr "Apresentar popup da notificação até que o usuário a feche"
+
+msgid "Save"
+msgstr "Salvar"
+
+msgid "Notifications"
+msgstr "Notificações"
+
+msgid "New Notification"
+msgstr "Nova Notificação"
+
+msgid "Back to control panel"
+msgstr "Voltar ao painel de controle"
+
+msgid "Actions"
+msgstr "Ações"
+
+msgid "Deactivate"
+msgstr "Desativar"
+
+msgid "Do you want to change the status of this notification?"
+msgstr "Você quer alterar o status dessa notificação?"
+
+msgid "Activate"
+msgstr "Ativar"
+
+msgid "Edit"
+msgstr "Editar"
+
+msgid "Delete"
+msgstr "Remover"
+
+msgid "Do you want to delete this notification?"
+msgstr "Você quer remover essa notificação?"
+
+msgid "There are active notifications in this environment!"
+msgstr "Existem notificações ativas neste ambiente!"
+
+msgid "Manage all notifications here."
+msgstr "Gerencie todas as notificações aqui."
+
+msgid "Do not show anymore"
+msgstr "Não mostrar mais"
+
+msgid "Hide for now"
+msgstr "Ocultar momentaneamente"
@@ -20,7 +20,7 @@
     <%= labelled_form_field(_('Notifications Color/Type'), select(:notifications, :type, options_for_select_with_title({_("Blue - Information") => "AdminNotificationsPlugin::InformationNotification", _("Yellow - Warning") => "AdminNotificationsPlugin::WarningNotification", _("Green - Success") => "AdminNotificationsPlugin::SuccessNotification", _("Red - Danger") => "AdminNotificationsPlugin::DangerNotification"}, @notification.type))) %>
  
     <div>
-      <%= labelled_check_box(_("Display only in the homepage"), 'notifications[display_only_in_homepage]', '1', @notification.display_only_in_homepage?) %>
+      <%= labelled_check_box(profile.present? ? _("Display only in the profile homepage") : _("Display only in the homepage") , 'notifications[display_only_in_homepage]', '1', @notification.display_only_in_homepage?) %>
     </div>
  
     <div>
@@ -31,7 +31,7 @@
       <%= labelled_check_box(_("Display popup until user close the notification"), 'notifications[display_popup]', '1', @notification.display_popup?) %>
     </div>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button 'save', _('Save'), :cancel => { :action => 'index' }  %>
     <% end %>
  
 javascript:
-  analytics.timeOnPage.baseUrl = #{url_for(controller: 'analytics_plugin/time_on_page').to_json}
+  analytics.timeOnPage.baseUrl = #{url_for(profile: profile.identifier, controller: 'analytics_plugin/time_on_page').to_json}
   analytics.timeOnPage.updateInterval = #{AnalyticsPlugin::TimeOnPageUpdateIntervalMs.to_json}
   analytics.requestId = #{request.env['action_dispatch.request_id'].to_json}
   analytics.init()
@@ -6,7 +6,7 @@
  
   <%= labelled_form_field _('API key'), f.text_field(:api_key, :size => 40) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, c_('Save'), :cancel => {:controller => 'plugins', :action => 'index'}) %>
   <% end %>
  
@@ -15,7 +15,7 @@
     <%=_('salvador-ba: Soteropolitano')%>
   </fieldset>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Save'), :cancel => {:controller => 'plugins', :action => 'index'}) %>
   <% end %>
  
@@ -7,7 +7,7 @@
   <%= labelled_form_field(_('Color'), f.select(:color, @colors.map{|s|[s.capitalize,s]}))  %>
   <%= labelled_form_field(f.check_box(:enabled) + _('Enable this label?'),'') %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', c_('Save'), :cancel => {:action => 'index'}  ) %>
   <% end %>
 <% end %>
@@ -25,7 +25,7 @@
     </table>
   <% end %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button(:add, _('Add a new label'), :action => 'create')%>
     <%= button :back, c_('Back to admin panel'), :controller => 'admin_panel' %>
   <% end %>
@@ -6,7 +6,7 @@
   <%= labelled_form_field(_('Status'), f.select(:status_id, @statuses.map{|s|[s.name,s.id]}))  %>
   <%= labelled_form_field(_('Reason:'), f.text_area(:reason, :rows => 5)) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', c_('Save') ) %>
   <% end %>
 <% end %>
@@ -7,7 +7,7 @@
   <%= labelled_form_field(f.check_box(:enabled) + _('Enable this status?'),'') %>
   <%#= labelled_form_field(f.check_box(:enable_reason) + _('This status allows reason?'),'') %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', c_('Save'), :cancel => {:action => 'index'}  ) %>
   <% end %>
 <% end %>
@@ -25,7 +25,7 @@
     </table>
   <% end %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button(:add, _('Add a new status'), :action => 'create')%>
     <%= button :back, c_('Back to admin panel'), :controller => 'admin_panel' %>
   <% end %>
@@ -59,6 +59,12 @@ class CommentParagraphPlugin &lt; Noosfero::Plugin
     [CommentParagraphPlugin::API]
   end
  
+  def self.extra_blocks
+    {
+      CommentParagraphPlugin::DiscussionBlock => {:position => ['1','2','3'] }
+    }
+  end
+
   def content_types
     [CommentParagraphPlugin::Discussion]
   end
@@ -0,0 +1,59 @@
+class CommentParagraphPlugin::DiscussionBlock < Block
+
+  settings_items :presentation_mode, :type => String, :default => 'title_only'
+  settings_items :total_items, :type => Integer, :default => 5
+  settings_items :discussion_status, :type => Integer
+
+  attr_accessible :presentation_mode, :total_items, :discussion_status
+
+  VALID_CONTENT = ['CommentParagraphPlugin::Discussion']
+
+  STATUS_NOT_OPENED = 0
+  STATUS_AVAILABLE = 1
+  STATUS_CLOSED = 2
+
+  def self.description
+    c_('Discussion Articles')
+  end
+
+  def help
+    _("This block displays all profile's article discussion")
+  end
+
+  def discussions
+    current_time = Time.now
+    discussions = holder.articles.where(type: VALID_CONTENT).order('start_date ASC, end_date DESC, created_at DESC').limit(self.total_items)
+    case discussion_status
+    when STATUS_NOT_OPENED
+      discussions = discussions.where("start_date > ?", current_time)
+    when STATUS_AVAILABLE
+      discussions = discussions.where("start_date is null or start_date <= ?", current_time)
+      discussions = discussions.where("end_date is null or end_date >= ?", current_time)
+    when STATUS_CLOSED
+      discussions = discussions.where("end_date < ?", current_time)
+    end
+    discussions
+  end
+
+  def holder
+    return nil if self.box.nil? || self.box.owner.nil?
+    if self.box.owner.kind_of?(Environment)
+      return nil if self.box.owner.portal_community.nil?
+      self.box.owner.portal_community
+    else
+      self.box.owner
+    end
+  end
+
+  def mode?(attr)
+    attr == self.presentation_mode
+  end
+
+  def api_content
+    Api::Entities::ArticleBase.represent(self.discussions).as_json
+  end
+
+  def display_api_content_by_default?
+    false
+  end
+end
@@ -69,7 +69,7 @@ class CommentParagraphPluginTest &lt; ActiveSupport::TestCase
     article = fast_create(Article, :profile_id => profile.id)
     article.expects(:comment_paragraph_plugin_enabled?).returns(true)
     article.expects(:allow_edit?).with(user).returns(true)
-    article.expects(:comment_paragraph_plugin_activated?).returns(false)
+    article.expects(:comment_paragraph_plugin_activated?).at_least_once.returns(false)
  
     assert_equal 'Activate Comments', plugin.article_extra_toolbar_buttons(article)[:title]
   end
@@ -79,7 +79,7 @@ class CommentParagraphPluginTest &lt; ActiveSupport::TestCase
     article = fast_create(Article, :profile_id => profile.id)
     article.expects(:comment_paragraph_plugin_enabled?).returns(true)
     article.expects(:allow_edit?).with(user).returns(true)
-    article.expects(:comment_paragraph_plugin_activated?).returns(true)
+    article.expects(:comment_paragraph_plugin_activated?).at_least_once.returns(true)
  
     assert_equal 'Deactivate Comments', plugin.article_extra_toolbar_buttons(article)[:title]
   end
@@ -0,0 +1,204 @@
+require_relative '../test_helper'
+class DiscussionBlockTest < ActiveSupport::TestCase
+
+  def setup
+    @environment = Environment.default
+    @environment.enable_plugin(CommentParagraphPlugin)
+  end
+
+  attr_reader :environment
+
+  should 'describe itself' do
+    assert_not_equal Block.description, CommentParagraphPlugin::DiscussionBlock.description
+  end
+
+  should 'holder be nil if there is no box' do
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    assert_nil b.holder
+  end
+
+  should 'holder be nil if there is no box owner to the box' do
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    box = Box.new
+    b.box = box
+    assert_nil b.holder
+  end
+
+  should 'holder be nil if there is no portal community in environment' do
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    environment.boxes<< Box.new
+    b.box = environment.boxes.last
+    assert_nil environment.portal_community
+    assert_nil b.holder
+  end
+
+  should 'holder be the portal community for environments blocks' do
+    community = fast_create(Community)
+    environment.portal_community= community
+    environment.save!
+    environment.boxes<< Box.new
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    b.box = environment.boxes.last
+    assert_equal environment.portal_community, b.holder
+  end
+
+  should 'holder be the person for people blocks' do
+    person = fast_create(Person)
+    person.boxes << Box.new
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    b.box = person.boxes.last
+    assert_equal person, b.holder
+  end
+
+  should 'holder be the community for communities blocks' do
+    community = fast_create(Community)
+    community.boxes << Box.new
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    b.box = community.boxes.last
+    assert_equal community, b.holder
+  end
+
+  should 'holder be the enterprise for enterprises blocks' do
+    enterprise = fast_create(Enterprise)
+    enterprise.boxes << Box.new
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    b.box = enterprise.boxes.last
+    assert_equal enterprise, b.holder
+  end
+
+  should 'discussions return only discussion articles' do
+    community = fast_create(Community)
+    community.boxes << Box.new
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    b.box = community.boxes.last
+    b.save
+    a1 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id)
+    fast_create(Event, :profile_id => community.id)
+    fast_create(TinyMceArticle, :profile_id => community.id)
+    a2 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id)
+    assert_equivalent [a1, a2], b.discussions
+  end
+
+  should 'return only not opened discussions if discussion status is not opened' do
+    community = fast_create(Community)
+    community.boxes << Box.new
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    b.box = community.boxes.last
+    b.discussion_status = CommentParagraphPlugin::DiscussionBlock::STATUS_NOT_OPENED
+    b.save
+    a1 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, :start_date => DateTime.now + 1.day)
+    a2 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, :start_date => DateTime.now )
+    a3 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, :start_date => DateTime.now - 1.day)
+    a4 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, :start_date => DateTime.now - 2.day, :end_date => DateTime.now - 1.day)
+    assert_equivalent [a1], b.discussions
+  end
+
+  should 'return only available discussions if discussion status is available' do
+    community = fast_create(Community)
+    community.boxes << Box.new
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    b.box = community.boxes.last
+    b.discussion_status = CommentParagraphPlugin::DiscussionBlock::STATUS_AVAILABLE
+    b.save
+    a1 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, :start_date => DateTime.now + 1.day)
+    a2 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, :start_date => DateTime.now )
+    a3 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, :start_date => DateTime.now - 1.day)
+    a4 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, :start_date => DateTime.now - 2.day, :end_date => DateTime.now - 1.day)
+    a5 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, :end_date => DateTime.now + 1.day)
+    assert_equivalent [a2, a3, a5], b.discussions
+  end
+
+  should 'return only closed discussions if discussion status is closed' do
+    community = fast_create(Community)
+    community.boxes << Box.new
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    b.box = community.boxes.last
+    b.discussion_status = CommentParagraphPlugin::DiscussionBlock::STATUS_CLOSED
+    b.save
+    a1 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, :start_date => DateTime.now + 1.day)
+    a2 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, :start_date => DateTime.now )
+    a3 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, :start_date => DateTime.now - 1.day)
+    a4 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, :start_date => DateTime.now - 2.day, :end_date => DateTime.now - 1.day)
+    assert_equivalent [a4], b.discussions
+  end
+
+end
+
+require 'boxes_helper'
+
+class DiscussionBlockViewTest < ActionView::TestCase
+  include BoxesHelper
+
+  should 'show the title and the child titles when the block is set to title only mode' do
+    profile = create_user('testuser').person
+
+    block = CommentParagraphPlugin::DiscussionBlock.new
+    block.stubs(:holder).returns(profile)
+    block.presentation_mode = 'title_only'
+
+    ActionView::Base.any_instance.stubs(:block_title).returns("Block Title")
+    ActionView::Base.any_instance.stubs(:profile).returns(profile)
+
+    content = render_block_content(block)
+
+    assert_match /discussion-title/, content
+    assert_no_match /discussion-abstract/, content
+  end
+
+  should 'show the title and the child titles and abstracts when the block is set to title and abstract mode' do
+    profile = create_user('testuser').person
+
+    block = CommentParagraphPlugin::DiscussionBlock.new
+    block.stubs(:holder).returns(profile)
+    block.presentation_mode = 'title_and_abstract'
+
+    ActionView::Base.any_instance.stubs(:block_title).returns("Block Title")
+    ActionView::Base.any_instance.stubs(:profile).returns(profile)
+
+    content = render_block_content(block)
+
+    assert_match /discussion-abstract/, content
+  end
+
+  should 'show the title and the child full content when the block has no mode set' do
+    profile = create_user('testuser').person
+
+    block = CommentParagraphPlugin::DiscussionBlock.new
+    block.stubs(:holder).returns(profile)
+    block.presentation_mode = ''
+
+    ActionView::Base.any_instance.stubs(:block_title).returns("Block Title")
+    ActionView::Base.any_instance.stubs(:profile).returns(profile)
+
+    content = render_block_content(block)
+
+    assert_match /discussion-full/, content
+  end
+
+  should 'return discussions in api_content' do
+    community = fast_create(Community)
+    community.boxes << Box.new
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    b.box = community.boxes.last
+    b.save
+    a1 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id)
+    fast_create(Event, :profile_id => community.id)
+    fast_create(TinyMceArticle, :profile_id => community.id)
+    a2 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id)
+    assert_equivalent [a2.id, a1.id], b.api_content['articles'].map {|a| a[:id]}
+  end
+
+  should 'sort discussions by start_date, end_date and created_at' do
+    community = fast_create(Community)
+    community.boxes << Box.new
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    b.box = community.boxes.last
+    b.save
+    a1 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, start_date: Time.now)
+    a2 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, start_date: Time.now + 1, end_date: Time.now)
+    a3 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, start_date: Time.now + 1, end_date: Time.now + 1.day)
+    a4 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id, start_date: Time.now + 1, end_date: Time.now + 1.day)
+    assert_equal [a1.id, a2.id, a3.id, a4.id], b.discussions.map(&:id)
+  end
+
+end
@@ -0,0 +1,33 @@
+<div id="discussion-block">
+  <% children = block.discussions %>
+  <div class="discussion">
+    <%= block_title(block.title.blank? ? c_("Discussions") : block.title, block.subtitle ) %>
+  </div>
+  <% if block.mode?('title_only') %>
+    <div class="discussion-title">
+      <ul>
+        <% children.each do |item| %>
+          <li> <%= link_to(h(item.title), item.url)%></li>
+        <% end %>
+      </ul>
+    </div>
+  <% elsif block.mode?('title_and_abstract') %>
+    <div class="discussion-abstract">
+      <% children.each do |item| %>
+        <h2><%= link_to(item.title,item.url, :class => 'post-title')%></h2>
+        <span class="post-date"><%= show_date(item.published_at, true)%></span>
+        <div class="headline"><%=item.lead%></div>
+        <p class="highlighted-news-read-more"><%= link_to(_('Read more'), item.url) %></p>
+      <% end %>
+    </div>
+  <% else %>
+    <div class="discussion-full">
+     <% children.each do |item| %>
+        <h2><%= link_to(item.title,item.url, :class => 'post-title')%></h2>
+        <span class="post-date"><%= show_date(item.published_at, true)%></span>
+        <div class="headline"><%=item.body.html_safe %></div>
+        <p class="highlighted-news-read-more"><%= link_to(_('Read more'), item.url) %></p>
+    <% end %>
+    </div>
+  <% end %>
+</div>
@@ -0,0 +1,28 @@
+<%=
+labelled_form_field(_('Choose which blog should be displayed'),
+  select_tag(
+      'block[discussion_status]',
+      options_for_select([[_('Not Opened Discussions'), CommentParagraphPlugin::DiscussionBlock::STATUS_NOT_OPENED],[_('Available Discussions'), CommentParagraphPlugin::DiscussionBlock::STATUS_AVAILABLE], [_('Closed Discussions'), CommentParagraphPlugin::DiscussionBlock::STATUS_CLOSED]], @block.discussion_status)
+  )
+)
+%>
+<%=
+labelled_form_field(_('Choose how the content should be displayed'),
+  select_tag(
+      'block[presentation_mode]',
+      options_for_select(
+         {
+            _("Title only") => "title_only",
+            _("Title and abstract") => "title_and_abstract",
+            _("Full content") => "full_content"
+         },
+          @block.presentation_mode
+      )
+  )
+)
+%>
+<%= labelled_form_field(_('Choose how many items will be displayed'),
+      text_field_tag('block[total_items]',
+        @block.total_items, :size => 3, :maxlength => 5)
+    )
+%>
@@ -17,7 +17,7 @@
       </div>
     </div>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button(:save, _('Save'), :cancel => {:controller => 'plugins', :action => 'index'}) %>
     <% end %>
  
@@ -0,0 +1 @@
+box_organizer
 \ No newline at end of file
@@ -0,0 +1 @@
+box_organizer
 \ No newline at end of file
@@ -12,7 +12,7 @@
   </div>
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:add, c_('Create a new community'), :controller => 'memberships', :action => 'new_community', :profile => user.identifier, :back_to => @back_to) %>
 <% end %>
  
@@ -55,7 +55,7 @@
   <%= button(:add, _('Add a new select field'), '#', :onclick => "customFormsPlugin.addFields(this, 'fields', #{CGI::escapeHTML(html_for_field(f, :fields, CustomFormsPlugin::SelectField).to_json)}); return false")%>
 </div>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= submit_button :save, c_('Save'), :cancel => {:action => 'index'}%>
 <% end %>
  
@@ -22,6 +22,6 @@
   </table>
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Back to forms'), :action => 'index' %>
 <% end %>
@@ -44,7 +44,7 @@
 <% end %>
 </table>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Back to submissions'), :action => 'submissions', :id => @form.id %>
 <% end %>
  
@@ -27,7 +27,7 @@
   </table>
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Back to forms'), :action => 'index' %>
 <% end %>
  
@@ -22,7 +22,7 @@
  
     <%= render :partial => 'shared/form_submission', :locals => {:f => f} %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <% if @form.expired? %>
         <%= submit_button :save, c_('Save'), :disabled => '', :class => 'disabled', :cancel => {:controller => :profile, :profile => profile.identifier} %>
       <% else %>
@@ -118,69 +118,28 @@ class DisplayContentBlock &lt; Block
     holder.articles.where(type: types, parent_id: if parent.nil? then nil else parent end)
   end
  
-  def content(args={})
-    block = self
-
+  def docs
     order_string = "published_at"
     order_string += " DESC" if order_by_recent
  
     limit_final = [limit_to_show, 0].max
  
-    docs = owner.articles.order(order_string)
+    documents = owner.articles.order(order_string)
       .where(articles: {type: self.types})
       .includes(:profile, :image, :tags)
     if nodes.present?
       nodes_conditions  = 'articles.id IN(:nodes)'
       nodes_conditions << ' OR articles.parent_id IN(:nodes) ' if display_folder_children
-      docs = docs.where nodes_conditions, nodes: nodes
+      documents = documents.where nodes_conditions, nodes: nodes
     end
-    docs = docs.limit limit_final if display_folder_children
+    documents = documents.limit limit_final if display_folder_children
  
     if content_with_translations
-      docs = docs.native_translations
-      docs.replace docs.map{ |p| p.get_translation_to(FastGettext.locale) }.compact
+      documents = documents.native_translations
+      documents.replace documents.map{ |p| p.get_translation_to(FastGettext.locale) }.compact
     end
  
-    proc do
-      block.block_title(block.title, block.subtitle) +
-        content_tag('ul', docs.map {|item|
-        if !item.folder? && item.class != RssFeed
-          content_sections = ''
-          read_more_section = ''
-          tags_section = ''
-
-          block.sections.select { |section|
-            case section[:value]
-            when 'publish_date'
-              content_sections += (block.display_section?(section) ? (content_tag('div', show_date(item.published_at, false), :class => 'published-at') ) : '')
-            when 'title'
-              content_sections += (block.display_section?(section) ? (content_tag('div', link_to(h(item.title), item.url), :class => 'title') ) : '')
-            when 'abstract'
-              content_sections += (block.display_section?(section) ? (content_tag('div', item.abstract.html_safe , :class => 'lead')) : '' )
-              if block.display_section?(section)
-                read_more_section = content_tag('div', link_to(_('Read more'), item.url), :class => 'read_more')
-              end
-            when 'body'
-              content_sections += (block.display_section?(section) ? (content_tag('div', item.body.html_safe ,:class => 'body')) : '' )
-            when 'image'
-              image_section = image_tag item.image.public_filename if item.image
-              if !image_section.blank?
-                content_sections += (block.display_section?(section) ? (content_tag('div', link_to( image_section, item.url ) ,:class => 'image')) : '' )
-              end
-            when 'tags'
-              if !item.tags.empty?
-                tags_section = item.tags.map { |t| content_tag('span', t.name) }.join("")
-                content_sections += (block.display_section?(section) ? (content_tag('div', tags_section, :class => 'tags')) : '')
-              end
-            end
-          }
-
-          content_sections += read_more_section if !read_more_section.blank?
-#raise sections.inspect
-          content_tag('li', content_sections.html_safe)
-        end
-      }.join(" ").html_safe)
-    end
+    documents
   end
  
   def url_params
@@ -347,53 +347,6 @@ class DisplayContentBlockTest &lt; ActiveSupport::TestCase
  
   end
  
-  should 'list links for all articles title defined in nodes' do
-    profile = create_user('testuser').person
-    Article.delete_all
-    a1 = fast_create(TextileArticle, :name => 'test article 1', :profile_id => profile.id)
-    a2 = fast_create(TextileArticle, :name => 'test article 2', :profile_id => profile.id)
-
-    block = DisplayContentBlock.new
-    block.sections = [{:value => 'title', :checked => true}]
-    block.nodes = [a1.id, a2.id]
-    box = mock()
-    block.stubs(:box).returns(box)
-    box.stubs(:owner).returns(profile)
-
-    assert_match /.*<a.*>#{a1.title}<\/a>/, instance_eval(&block.content)
-    assert_match /.*<a.*>#{a2.title}<\/a>/, instance_eval(&block.content)
-  end
-
-  should 'list content for all articles lead defined in nodes' do
-    profile = create_user('testuser').person
-    Article.delete_all
-    a1 = fast_create(TinyMceArticle, :name => 'test article 1', :profile_id => profile.id, :abstract => 'abstract article 1')
-    a2 = fast_create(TinyMceArticle, :name => 'test article 2', :profile_id => profile.id, :abstract => 'abstract article 2')
-
-    block = DisplayContentBlock.new
-    block.sections = [{:value => 'abstract', :checked => true}]
-    block.nodes = [a1.id, a2.id]
-    box = mock()
-    block.stubs(:box).returns(box)
-    box.stubs(:owner).returns(profile)
-
-    assert_match /<div class="lead">#{a1.lead}<\/div>/, instance_eval(&block.content)
-    assert_match /<div class="lead">#{a2.lead}<\/div>/, instance_eval(&block.content)
-  end
-
-  should 'not crash when referenced article is removed' do
-    profile = create_user('testuser').person
-    a1 = fast_create(TextArticle, :name => 'test article 1', :profile_id => profile.id)
-
-    block = DisplayContentBlock.new
-    block.nodes = [a1.id]
-    box = mock()
-    block.stubs(:box).returns(box)
-    box.stubs(:owner).returns(profile)
-
-    Article.delete_all
-    assert_match /<ul><\/ul>/, instance_eval(&block.content)
-  end
   include ActionView::Helpers
   include Rails.application.routes.url_helpers
  
@@ -420,48 +373,6 @@ class DisplayContentBlockTest &lt; ActiveSupport::TestCase
     assert_equal params, block.url_params
   end
  
-  should 'show title if defined by user' do
-    profile = create_user('testuser').person
-    a = fast_create(TextileArticle, :name => 'test article 1', :profile_id => profile.id)
-
-    block = DisplayContentBlock.new
-    block.nodes = [a.id]
-    block.sections = [{:value => 'title', :checked => true}]
-    box = mock()
-    block.stubs(:box).returns(box)
-    box.stubs(:owner).returns(profile)
-
-    assert_match /.*<a.*>#{a.title}<\/a>/, instance_eval(&block.content)
-  end
-
-  should 'show abstract if defined by user' do
-    profile = create_user('testuser').person
-    a = fast_create(TextileArticle, :name => 'test article 1', :profile_id => profile.id, :abstract => 'some abstract')
-
-    block = DisplayContentBlock.new
-    block.nodes = [a.id]
-    block.sections = [{:value => 'abstract', :checked => true}]
-    box = mock()
-    block.stubs(:box).returns(box)
-    box.stubs(:owner).returns(profile)
-
-    assert_match /#{a.abstract}/, instance_eval(&block.content)
-  end
-
-  should 'show body if defined by user' do
-    profile = create_user('testuser').person
-    a = fast_create(TextileArticle, :name => 'test article 1', :profile_id => profile.id, :body => 'some body')
-
-    block = DisplayContentBlock.new
-    block.nodes = [a.id]
-    block.sections = [{:value => 'body', :checked => true}]
-    box = mock()
-    block.stubs(:box).returns(box)
-    box.stubs(:owner).returns(profile)
-
-    assert_match /#{a.body}/, instance_eval(&block.content)
-  end
-
   should 'display_attribute be true for title by default' do
     profile = create_user('testuser').person
  
@@ -489,20 +400,6 @@ class DisplayContentBlockTest &lt; ActiveSupport::TestCase
     assert block.display_section?({:value => 'publish_date', :checked => true})
   end
  
-  should 'show publishd date if defined by user' do
-    profile = create_user('testuser').person
-    a = fast_create(TextArticle, :name => 'test article 1', :profile_id => profile.id, :body => 'some body')
-
-    block = DisplayContentBlock.new
-    block.nodes = [a.id]
-    block.sections = [{:value => 'publish_date', :checked => true}]
-    box = mock()
-    block.stubs(:box).returns(box)
-    box.stubs(:owner).returns(profile)
-
-    assert_match /#{a.published_at}/, instance_eval(&block.content)
-  end
-
   should 'do not save children if a folder is checked' do
     profile = create_user('testuser').person
     Article.delete_all
@@ -648,6 +545,117 @@ class DisplayContentBlockTest &lt; ActiveSupport::TestCase
     assert_equal [], block.parent_nodes
   end
  
+end
+
+require 'boxes_helper'
+
+class DisplayContentBlockViewTest < ActionView::TestCase
+  include BoxesHelper
+
+  should 'list links for all articles title defined in nodes' do
+    profile = create_user('testuser').person
+    Article.delete_all
+    a1 = fast_create(TextileArticle, :name => 'test article 1', :profile_id => profile.id)
+    a2 = fast_create(TextileArticle, :name => 'test article 2', :profile_id => profile.id)
+
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'title', :checked => true}]
+    block.nodes = [a1.id, a2.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+
+    assert_match /.*<a.*>#{a1.title}<\/a>/, render_block_content(block)
+    assert_match /.*<a.*>#{a2.title}<\/a>/, render_block_content(block)
+  end
+
+  should 'list content for all articles lead defined in nodes' do
+    profile = create_user('testuser').person
+    Article.delete_all
+    a1 = fast_create(TinyMceArticle, :name => 'test article 1', :profile_id => profile.id, :abstract => 'abstract article 1')
+    a2 = fast_create(TinyMceArticle, :name => 'test article 2', :profile_id => profile.id, :abstract => 'abstract article 2')
+
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'abstract', :checked => true}]
+    block.nodes = [a1.id, a2.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+
+    assert_match /<div class="lead">#{a1.lead}<\/div>/, render_block_content(block)
+    assert_match /<div class="lead">#{a2.lead}<\/div>/, render_block_content(block)
+  end
+
+  should 'not crash when referenced article is removed' do
+    profile = create_user('testuser').person
+    a1 = fast_create(TextArticle, :name => 'test article 1', :profile_id => profile.id)
+
+    block = DisplayContentBlock.new
+    block.nodes = [a1.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+
+    Article.delete_all
+    assert_match /<ul><\/ul>/, render_block_content(block)
+  end
+
+  should 'show title if defined by user' do
+    profile = create_user('testuser').person
+    a = fast_create(TextileArticle, :name => 'test article 1', :profile_id => profile.id)
+
+    block = DisplayContentBlock.new
+    block.nodes = [a.id]
+    block.sections = [{:value => 'title', :checked => true}]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+
+    assert_match /.*<a.*>#{a.title}<\/a>/, render_block_content(block)
+  end
+
+  should 'show abstract if defined by user' do
+    profile = create_user('testuser').person
+    a = fast_create(TextileArticle, :name => 'test article 1', :profile_id => profile.id, :abstract => 'some abstract')
+
+    block = DisplayContentBlock.new
+    block.nodes = [a.id]
+    block.sections = [{:value => 'abstract', :checked => true}]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+
+    assert_match /#{a.abstract}/, render_block_content(block)
+  end
+
+  should 'show body if defined by user' do
+    profile = create_user('testuser').person
+    a = fast_create(TextileArticle, :name => 'test article 1', :profile_id => profile.id, :body => 'some body')
+
+    block = DisplayContentBlock.new
+    block.nodes = [a.id]
+    block.sections = [{:value => 'body', :checked => true}]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+
+    assert_match /#{a.body}/, render_block_content(block)
+  end
+
+  should 'show publishd date if defined by user' do
+    profile = create_user('testuser').person
+    a = fast_create(TextArticle, :name => 'test article 1', :profile_id => profile.id, :body => 'some body')
+
+    block = DisplayContentBlock.new
+    block.nodes = [a.id]
+    block.sections = [{:value => 'publish_date', :checked => true}]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+
+    assert_match /#{a.published_at}/, render_block_content(block)
+  end
+
   should 'show articles in recent order' do
     profile = create_user('testuser').person
     Article.delete_all
@@ -663,8 +671,8 @@ class DisplayContentBlockTest &lt; ActiveSupport::TestCase
  
     block.order_by_recent = true
  
-    a1_index = instance_eval(&block.content).index(a1.name)
-    a2_index = instance_eval(&block.content).index(a2.name)
+    a1_index = render_block_content(block).index(a1.name)
+    a2_index = render_block_content(block).index(a2.name)
  
     assert a2_index < a1_index
   end
@@ -684,8 +692,8 @@ class DisplayContentBlockTest &lt; ActiveSupport::TestCase
  
     block.order_by_recent = false
  
-    a1_index = instance_eval(&block.content).index(a1.name)
-    a2_index = instance_eval(&block.content).index(a2.name)
+    a1_index = render_block_content(block).index(a1.name)
+    a2_index = render_block_content(block).index(a2.name)
  
     assert a1_index < a2_index
   end
@@ -706,7 +714,7 @@ class DisplayContentBlockTest &lt; ActiveSupport::TestCase
     block.order_by_recent = true
     block.limit_to_show = 1
  
-    a1_index = instance_eval(&block.content).index(a1.name)
+    a1_index = render_block_content(block).index(a1.name)
  
     assert a1_index.nil?
   end
@@ -730,15 +738,15 @@ class DisplayContentBlockTest &lt; ActiveSupport::TestCase
     block.stubs(:box).returns(box)
     box.stubs(:owner).returns(profile)
  
-    assert_nil instance_eval(&block.content).index(en_article.name)
-    assert_nil instance_eval(&block.content).index(en_article2.name)
-    assert instance_eval(&block.content).index(pt_article.name).present?
+    assert_nil render_block_content(block).index(en_article.name)
+    assert_nil render_block_content(block).index(en_article2.name)
+    assert render_block_content(block).index(pt_article.name).present?
  
     FastGettext.stubs(:locale).returns('en')
  
-    assert instance_eval(&block.content).index(en_article.name)
-    assert instance_eval(&block.content).index(en_article2.name)
-    assert_nil instance_eval(&block.content).index(pt_article.name)
+    assert render_block_content(block).index(en_article.name)
+    assert render_block_content(block).index(en_article2.name)
+    assert_nil render_block_content(block).index(pt_article.name)
   end
  
   should 'replace article with its translation' do
@@ -758,12 +766,71 @@ class DisplayContentBlockTest &lt; ActiveSupport::TestCase
     block.stubs(:box).returns(box)
     box.stubs(:owner).returns(profile)
  
-    assert_nil instance_eval(&block.content).index(en_article.name)
-    assert instance_eval(&block.content).index(pt_article.name).present?
+    assert_nil render_block_content(block).index(en_article.name)
+    assert render_block_content(block).index(pt_article.name).present?
  
     FastGettext.stubs(:locale).returns('en')
  
-    assert instance_eval(&block.content).index(en_article.name).present?
-    assert_nil instance_eval(&block.content).index(pt_article.name)
+    assert render_block_content(block).index(en_article.name).present?
+    assert_nil render_block_content(block).index(pt_article.name)
   end
+
+  should 'not escape abstract html of articles' do
+    profile = create_user('testuser').person
+    a1 = fast_create(TextileArticle, abstract: "<p class='test-article-abstract'>Test</p>", name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
+    
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'abstract', :checked => true}] 
+    block.nodes = [a1.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+    assert_tag_in_string  render_block_content(block), tag: 'p', attributes: { class: 'test-article-abstract' }
+  end
+
+  should 'not raise if abstract of article is nil' do
+    profile = create_user('testuser').person
+    a1 = fast_create(TextileArticle, name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
+    
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'abstract', :checked => true}] 
+    block.nodes = [a1.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+    assert_nil a1.abstract
+    assert_nothing_raised do
+      render_block_content(block)
+    end
+  end
+
+  should 'not escape body html of articles' do
+    profile = create_user('testuser').person
+    a1 = fast_create(TextileArticle, body: "<p class='test-article-body'>Test</p>", name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
+    
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'body', :checked => true}] 
+    block.nodes = [a1.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+    assert_tag_in_string  render_block_content(block), tag: 'p', attributes: { class: 'test-article-body' }
+  end
+
+  should 'not raise if body of article is nil' do
+    profile = create_user('testuser').person
+    a1 = fast_create(TextileArticle, name: 'test article 1', profile_id: profile.id, published_at: DateTime.current)
+    
+    block = DisplayContentBlock.new
+    block.sections = [{:value => 'abstract', :checked => true}] 
+    block.nodes = [a1.id]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+    assert_nil a1.body
+    assert_nothing_raised do
+      render_block_content(block)
+    end
+  end
+
 end
@@ -0,0 +1,4 @@
+= block.block_title(block.title, block.subtitle)
+
+ul
+  = render partial: 'blocks/display_content/document', collection: block.docs, as: :item, locals: { block: block }
@@ -0,0 +1,4 @@
+li
+  - unless item.folder? || item.class == RssFeed
+    = render partial: 'blocks/display_content/section', collection: block.sections, locals: { block: block, item: item }
+    = render partial: 'blocks/display_content/read_more', locals: { item: item, abstract_section: block.sections.bsearch { |section| section[:value] == 'abstract' }, block: block }
@@ -0,0 +1,3 @@
+- if !abstract_section.nil? && block.display_section?(abstract_section)
+  div class='read_more'
+    = link_to(_('Read more'), item.url)
@@ -0,0 +1,22 @@
+- if block.display_section?(section)
+  - case section[:value]
+  - when 'publish_date'
+    div class='published-at'
+      = show_date(item.published_at, false)
+  - when 'title'
+    div class='title'
+      = link_to(h(item.title), item.url)
+  - when 'abstract'
+    div class='lead'
+      = (item.abstract || '').html_safe
+  - when 'body'
+    div class='body'
+      = (item.body || '').html_safe
+  - when 'image'
+    - unless item.image || item.image.public_filename
+      div class='image'
+        = link_to(image_tag(item.image.public_filename), item.url)
+  - when 'tags'
+    - unless item.tags.empty?
+      div class='tags'
+        = render partial: 'blocks/display_content/tag', collection: item.tags
@@ -0,0 +1,2 @@
+span
+  = tag.name
 \ No newline at end of file
@@ -73,7 +73,7 @@
 </table>
  
 <div>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', c_('Save changes')) %>
     <%= button :back, _('Back to plugins administration panel'), :controller => 'plugins' %>
   <% end %>
 require 'test_helper'
  
-class MarkCommentAsReadPluginTest < ActiveSupport::TestCase
-
-  include ActionView::Helpers::TagHelper
-  include NoosferoTestHelper
+class MarkCommentAsReadPluginTest < ActionView::TestCase
  
   def setup
     @plugin = MarkCommentAsReadPlugin.new
-
 class MetadataPlugin::Base < Noosfero::Plugin
  
   def self.plugin_name
@@ -71,6 +70,6 @@ end
  
 ActiveSupport.run_load_hooks :metadata_plugin, MetadataPlugin
 ActiveSupport.on_load :active_record do
-  ApplicationRecord.extend MetadataPlugin::Specs::ClassMethods
+  ActiveRecord::Base.extend MetadataPlugin::Specs::ClassMethods
 end
  
@@ -0,0 +1,31 @@
+require 'test_helper'
+
+class NewsletterPluginSafeStringsTest < ActionDispatch::IntegrationTest
+
+  should 'not escape HTML from newsletter pending task' do
+    environment = Environment.default
+    environment.enable_plugin('newsletter')
+    person = create_user('john', :environment_id => environment.id, :password => 'test', :password_confirmation => 'test').person
+    person.user.activate
+    environment.add_admin(person)
+
+    blog = fast_create(Blog, :profile_id => person.id)
+    post = fast_create(TextileArticle, :name => 'First post', :profile_id => person.id, :parent_id => blog.id, :body => 'Test')
+    newsletter = NewsletterPlugin::Newsletter.create!(:environment => environment, :person => person, :enabled => true)
+    newsletter.blog_ids = [blog.id]
+    newsletter.save!
+    task = NewsletterPlugin::ModerateNewsletter.create!(
+      :newsletter_id => newsletter.id,
+      :target => environment,
+      :post_ids => [post.id.to_s]
+    )
+
+    login 'john', 'test'
+    get '/myprofile/john/tasks'
+
+    assert_tag :tag => 'input',
+      :attributes => { :type => 'checkbox', :name => "tasks[#{task.id}][task][post_ids][]" },
+      :sibling => { :tag => 'span' }
+  end
+
+end
@@ -6,6 +6,6 @@
  
 <%= _('Send an email to %s requesting your unsubscription or click on the button below.') % link_to(environment.contact_email, "mailto:#{environment.contact_email}?subject=#{_('Cancel newsletter subscription')}") %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :ok, _('Confirm unsubscription'), {:action => 'confirm_unsubscription'}, :method => 'post' %>
 <% end %>
@@ -85,7 +85,7 @@
       :id => 'newsletter-footer-field'
     ))
   %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Save') %>
     <%= submit_button :save, _('Save and visualize'), :name => "visualize", :cancel => {:controller => 'plugins'}  %>
   <% end %>
@@ -9,9 +9,9 @@
     <% input_name = "tasks[#{task.id}][task][post_ids][]" %>
     <% post_check_box = hidden_field_tag(input_name, '0') +check_box_tag(input_name, post.id, true) %>
  
-    <% newsletter_content.gsub!(/<span([^>]*?) id="#{post.id}"/, post_check_box + '<span\\1')%>
-    <% newsletter_content.gsub!(/<img([^>]*?) id="#{post.id}"/, post_check_box + '<img\\1') %>
+    <% newsletter_content.gsub!(/<span([^>]*?) id="#{post.id}"/, post_check_box + '<span\\1'.html_safe) %>
+    <% newsletter_content.gsub!(/<img([^>]*?) id="#{post.id}"/, post_check_box + '<img\\1'.html_safe) %>
   <% end %>
  
-  <%= newsletter_content %>
+  <%= newsletter_content.html_safe %>
 </div>
@@ -33,7 +33,7 @@
     <% end %>
   </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Save'), :cancel => {:action => 'index'}) %>
   <% end %>
 <% end %>
@@ -37,20 +37,17 @@ class OrganizationRatingsPluginProfileController &lt; ProfileController
   end
  
   def create_new_rate
-    rating = OrganizationRating.new(params[:organization_rating])
-    rating.person = current_user.person
-    rating.organization = profile
-    rating.value = params[:organization_rating_value] if params[:organization_rating_value]
+    @rating = OrganizationRating.new(params[:organization_rating])
+    @rating.person = current_user.person
+    @rating.organization = profile
+    @rating.value = params[:organization_rating_value] if params[:organization_rating_value]
  
-    if rating.save
-      @plugins.dispatch(:organization_ratings_plugin_rating_created, rating, params)
-      create_rating_comment(rating)
+    if @rating.save
+      @plugins.dispatch(:organization_ratings_plugin_rating_created, @rating, params)
+      create_rating_comment(@rating)
       session[:notice] = _("%s successfully rated!") % profile.name
-    else
-      session[:notice] = _("Sorry, there were problems rating this profile.")
+      redirect_to profile.url
     end
-
-    redirect_to profile.url
   end
  
   def create_rating_comment(rating)
@@ -0,0 +1,9 @@
+class AddInitialPageToOrganizationRatingsConfig < ActiveRecord::Migration
+  def up
+    add_column :organization_ratings_configs, :ratings_on_initial_page, :integer, :default => 3
+  end
+
+  def down
+    remove_column :organization_ratings_configs, :ratings_on_initial_page
+  end
+end
@@ -19,7 +19,7 @@ Feature: rate_community
     And I am logged in as "joaosilva"
  
   @selenium
-  Scenario: display rate button inside average block
+  Scenario: display rate button and total ratings inside average block
     Given I am on mycommunity's homepage
     Then I should see "Rate this Community" within ".average-rating-block"
     And I should see "Be the first to rate" within ".average-rating-block"
@@ -34,3 +34,9 @@ Feature: rate_community
     When I follow "Rate this Community"
     Then I should see "Joao Silva" within ".star-profile-name"
     And I should see Joao Silva's profile image
+
+  Scenario: display total ratings inside average block
+    Given I am on mycommunity's homepage
+    When I follow "Rate this Community"
+    Then I follow "Save"
+    Then I should see "(1)" within ".total-ratings"
@@ -13,25 +13,26 @@ class OrganizationRating &lt; ApplicationRecord
   validates :organization_id, :person_id,
             :presence => true
  
-  def display_moderation_message person
-    if person.present?
-      task_active? && (person.is_admin? || person == self.person ||
+  def display_full_info_to? person
+      (person.is_admin? || person == self.person ||
       self.organization.is_admin?(person))
-    end
   end
  
-  def task_active?
-    tasks = CreateOrganizationRatingComment.where(:target_id => self.organization.id,
-                                                  :status => Task::Status::ACTIVE)
-    tasks.detect {|t| t.organization_rating_id == self.id}.present?
+  def task_status
+    tasks = CreateOrganizationRatingComment.where(:target_id => self.organization.id, :requestor_id => self.person.id)
+    task = tasks.detect{ |t| t.organization_rating_id == self.id }
+    task.status if task.present?
   end
  
-  def self.average_rating organization_id
-    average = OrganizationRating.where(organization_id: organization_id).average(:value)
+  def self.statistics_for_profile organization
+    ratings = OrganizationRating.where(organization_id: organization)
+    average = ratings.average(:value)
+    total = ratings.size
  
     if average
-      (average - average.truncate) >= 0.5 ? average.ceil : average.floor
+      average = (average - average.truncate) >= 0.5 ? average.ceil : average.floor
     end
+    { average: average, total: total }
   end
  
 end
@@ -13,6 +13,10 @@ class OrganizationRatingsBlock &lt; Block
     env_organization_ratings_config.per_page
   end
  
+  def ratings_on_initial_page
+    env_organization_ratings_config.ratings_on_initial_page
+  end
+
   def cacheable?
     false
   end
@@ -4,6 +4,7 @@ class OrganizationRatingsConfig &lt; ApplicationRecord
  
   attr_accessible :cooldown, :default_rating, :order, :per_page
   attr_accessible :vote_once, :are_moderated, :environment_id
+  attr_accessible :ratings_on_initial_page
  
   ORDER_OPTIONS = {recent: _('More Recent'), best: _('Best Ratings')}
  
@@ -12,4 +12,14 @@ module RatingsHelper
       ratings = OrganizationRating.where(organization_id: profile_id).order("created_at DESC")
     end
   end
-end
 \ No newline at end of file
+
+  def status_message_for(person, rating)
+    if person.present? && rating.display_full_info_to?(person)
+      if(rating.task_status == Task::Status::ACTIVE)
+        content_tag(:p, _("Report waiting for approval"), class: "moderation-msg")
+      elsif(rating.task_status == Task::Status::CANCELLED)
+        content_tag(:p, _("Report rejected"), class: "rejected-msg")
+      end
+    end
+  end
+end
 .star-container {
   width: 100%;
-  height: 20px;
+  height: 22px;
 }
  
 .star-negative, .star-positive {
@@ -80,7 +80,16 @@
  
 .organization-average-rating-container .star-container {
   float: left;
-  width: 120px;
+  display: inline-flex;
+  width: auto;
+  max-width: 190px;
+
+}
+
+.total-ratings {
+  font-size: 16px;
+  margin-left: 5px;
+  margin-right: 5px;
 }
  
 .organization-average-rating-container .rate-this-organization {
@@ -46,7 +46,7 @@ class OrganizationRatingsPluginProfileControllerTest &lt; ActionController::TestCas
   test "do not create community_rating without a rate value" do
     post :new_rating, profile: @community.identifier, :comments => {:body => ""}, :organization_rating_value => nil
  
-    assert_equal "Sorry, there were problems rating this profile.", session[:notice]
+    assert_tag :tag => 'div', :attributes => {:class => /errorExplanation/}, :content => /Value can't be blank/
   end
  
   test "do not create two ratings on Community when vote once config is true" do
@@ -188,4 +188,24 @@ class OrganizationRatingsPluginProfileControllerTest &lt; ActionController::TestCas
     assert_no_tag :tag => 'p', :content => /Report waiting for approva/, :attributes => {:class =>/comment-rejected-msg/}
     assert_tag :tag => 'p', :content => /comment accepted/, :attributes => {:class =>/comment-body/}
   end
+
+  test "should display ratings count in average block" do
+    average_block = AverageRatingBlock.new
+    average_block.box = @community.boxes.find_by_position(1)
+    average_block.save!
+
+    OrganizationRating.stubs(:statistics_for_profile).returns({:average => 5, :total => 42})
+    get :new_rating, profile: @community.identifier
+    assert_tag :tag => 'a', :content => /\(42\)/
+  end
+
+  test "should display maximum ratings count in average block" do
+    average_block = AverageRatingBlock.new
+    average_block.box = @community.boxes.find_by_position(1)
+    average_block.save!
+
+    OrganizationRating.stubs(:statistics_for_profile).returns({:average => 5, :total => 999000})
+    get :new_rating, profile: @community.identifier
+    assert_tag :tag => 'a', :content => /\(10000\+\)/
+  end
 end
@@ -29,15 +29,29 @@ class OrganizationRatingConfigTest &lt; ActiveSupport::TestCase
     assert_equal "must be greater than or equal to 0", @organization_ratings_config.errors[:cooldown].first
   end
  
-  # test "communities ratings per page validation" do
-  #   environment = Environment.new :communities_ratings_per_page => 4
-  #   environment.valid?
+  test "communities ratings per page validation" do
+    @organization_ratings_config.per_page = 4
  
-  #   assert_equal "must be greater than or equal to 5", environment.errors[:communities_ratings_per_page].first
+    refute @organization_ratings_config.valid?
  
-  #   environment.communities_ratings_per_page = 21
-  #   environment.valid?
+    assert_equal "must be greater than or equal to 5", @organization_ratings_config.errors[:per_page].first
  
-  #   assert_equal "must be less than or equal to 20", environment.errors[:communities_ratings_per_page].first
-  # end
+    @organization_ratings_config.per_page = 21
+    refute @organization_ratings_config.valid?
+
+    assert_equal "must be less than or equal to 20", @organization_ratings_config.errors[:per_page].first
+  end
+
+  should "ratings block use initial_page config" do
+    @organization_ratings_config.ratings_on_initial_page = 4
+    @organization_ratings_config.save!
+    block = OrganizationRatingsBlock.new
+    assert_equal block.ratings_on_initial_page, 4
+  end
+
+  should "ratings block show 3 ratings on initial page by default" do
+    @organization_ratings_config.save!
+    block = OrganizationRatingsBlock.new
+    assert_equal block.ratings_on_initial_page, 3
+  end
 end
@@ -35,55 +35,36 @@ class OrganizationRatingTest &lt; ActiveSupport::TestCase
     assert_equal false, organization_rating2.errors[:value].include?("must be between 1 and 5")
   end
  
-  test "false return when no active tasks for an Organization Rating" do
-    assert_not @rating.task_active?
-  end
-
-  test "true return when an active task exists for an Organization Rating" do
+  test "return rating task status" do
     CreateOrganizationRatingComment.create!(
                       :organization_rating_id => @rating.id,
                       :target => @community,
                       :requestor => @person)
  
-    assert_equal Task::Status::ACTIVE, CreateOrganizationRatingComment.last.status
-    assert @rating.task_active?
+    assert_equal Task::Status::ACTIVE, @rating.task_status
   end
  
-  test "return false when an cancelled task exists for an Organization Rating" do
+  test "return rating task status when task is cancelled" do
     CreateOrganizationRatingComment.create!(
                       :organization_rating_id => @rating.id,
                       :target => @community,
                       :requestor => @person)
     CreateOrganizationRatingComment.last.cancel
-    assert_not @rating.task_active?
+    assert_equal Task::Status::CANCELLED, @rating.task_status
   end
  
-  test "display report moderation message to community admin" do
-    moderator = create_user('moderator')
-    @community.add_admin(moderator.person)
-    @rating.stubs(:task_active?).returns(true)
-    assert @rating.display_moderation_message(@adminuser)
+  test "should display full info to admin" do
+    @person.stubs(:is_admin?).returns(true)
+    assert @rating.display_full_info_to?(@person)
   end
  
-  test "display report moderation message to owner" do
-    @rating.stubs(:task_active?).returns(true)
-    assert @rating.display_moderation_message(@person)
+  test "should display full info to owner" do
+    assert @rating.display_full_info_to?(@person)
   end
  
-  test "do not display report moderation message to regular user" do
+  test "should not display full info to regular user" do
     regular_person = fast_create(Person)
-    @rating.stubs(:task_active?).returns(true)
-    assert_not @rating.display_moderation_message(regular_person)
-  end
-
-  test "do not display report moderation message to not logged user" do
-    @rating.stubs(:task_active?).returns(true)
-    assert_not @rating.display_moderation_message(nil)
-  end
-
-  test "do not display report moderation message no active task exists" do
-    @rating.stubs(:task_active?).returns(false)
-    assert_not @rating.display_moderation_message(@person)
+    assert_not @rating.display_full_info_to?(regular_person)
   end
  
   test "Create task for create a rating comment" do
@@ -109,7 +90,7 @@ class OrganizationRatingTest &lt; ActiveSupport::TestCase
     assert community.tasks.include?(create_organization_rating_comment)
   end
  
-  test "Should calculate community's rating average" do
+  test "Should calculate community's rating statistics" do
     community = fast_create Community
     p1 = fast_create Person, :name=>"Person 1"
     p2 = fast_create Person, :name=>"Person 2"
@@ -119,11 +100,13 @@ class OrganizationRatingTest &lt; ActiveSupport::TestCase
     OrganizationRating.create! :value => 3, :organization => community, :person => p2
     OrganizationRating.create! :value => 5, :organization => community, :person => p3
  
-    assert_equal 3, OrganizationRating.average_rating(community)
+    assert_equal 3, OrganizationRating.statistics_for_profile(community)[:average]
+    assert_equal 3, OrganizationRating.statistics_for_profile(community)[:total]
  
     p4 = fast_create Person, :name=>"Person 4"
     OrganizationRating.create! :value => 4, :organization => community, :person => p4
  
-    assert_equal 4, OrganizationRating.average_rating(community)
+    assert_equal 4, OrganizationRating.statistics_for_profile(community)[:average]
+    assert_equal 4, OrganizationRating.statistics_for_profile(community)[:total]
   end
 end
@@ -3,6 +3,7 @@ require &#39;ratings_helper&#39;
  
 class RatingsHelperTest < ActiveSupport::TestCase
   include RatingsHelper
+  include ActionView::Helpers::TagHelper
  
   def setup
  
@@ -12,6 +13,12 @@ class RatingsHelperTest &lt; ActiveSupport::TestCase
     @person = create_user('testuser').person
     @community = Community.create(:name => "TestCommunity")
     @organization_ratings_config = OrganizationRatingsConfig.instance
+    @rating = fast_create(OrganizationRating, {:value => 1,
+                                               :person_id => @person.id,
+                                               :organization_id => @community.id,
+                                               :created_at => DateTime.now,
+                                               :updated_at => DateTime.now,
+                                              })
   end
  
   should "get the ratings of a community ordered by most recent ratings" do
@@ -32,6 +39,7 @@ class RatingsHelperTest &lt; ActiveSupport::TestCase
  
     ratings_array << most_recent_rating
     ratings_array << first_rating
+    ratings_array << @rating
  
     assert_equal @organization_ratings_config.order, "recent"
     assert_equal ratings_array, get_ratings(@community.id)
@@ -57,7 +65,42 @@ class RatingsHelperTest &lt; ActiveSupport::TestCase
  
     ratings_array << second_rating
     ratings_array << first_rating
+    ratings_array << @rating
  
     assert_equal ratings_array, get_ratings(@community.id)
   end
+
+  test "display report moderation message to community admin" do
+    @moderator = create_user('moderator').person
+    @community.add_admin(@moderator)
+    @rating.stubs(:task_status).returns(Task::Status::ACTIVE)
+    assert status_message_for(@moderator, @rating).include?("Report waiting for approval")
+  end
+
+  test "display report moderation message to owner" do
+    @rating.stubs(:task_status).returns(Task::Status::ACTIVE)
+    assert status_message_for(@person, @rating).include?("Report waiting for approval")
+  end
+
+  test "display report rejected message to owner" do
+    @rating.stubs(:task_status).returns(Task::Status::CANCELLED)
+    assert status_message_for(@person, @rating).include?("Report rejected")
+  end
+
+  test "do not display report moderation message to regular user" do
+    @regular_person = fast_create(Person)
+    @rating.stubs(:task_status).returns(Task::Status::ACTIVE)
+    assert_nil status_message_for(@regular_person, @rating)
+  end
+
+  test "return empty status message to not logged user" do
+    @rating.stubs(:task_status).returns(Task::Status::ACTIVE)
+    assert_nil status_message_for(nil, @rating)
+  end
+
+  test "do not display status message if report task is finished" do
+    @rating.stubs(:task_status).returns(Task::Status::FINISHED)
+    assert_nil status_message_for(@person, @rating)
+  end
+
 end
-<% average_rating = OrganizationRating.average_rating block.owner.id %>
+<% statistics = OrganizationRating.statistics_for_profile block.owner %>
  
 <div class="organization-average-rating-container">
-  <% if average_rating %>
+  <% if statistics[:average] %>
     <div class="star-rate-text">
       <%= _("Rating: ") %>
     </div>
  
     <div class="star-container">
       <% (1..5).each do |star_number| %>
-        <% if star_number <= average_rating %>
+        <% if star_number <= statistics[:average] %>
           <div class="medium-star-positive"></div>
         <% else %>
           <div class="medium-star-negative"></div>
         <% end %>
       <% end %>
+      <div class="total-ratings">
+        <%= link_to url_for(:controller => 'organization_ratings_plugin_profile', :action => 'new_rating', :anchor => 'ratings-list') do %>
+          <% if(statistics[:total] > 10000) %>
+            <%= "(10000+)" %>
+          <% else %>
+            <%= "(#{statistics[:total]})" %>
+          <% end %>
+        <% end %>
+      </div>
     </div>
   <% else %>
     <div class="rating-invitation">
@@ -24,4 +33,4 @@
   <div class="rate-this-organization">
     <%= link_to _("Rate this %s") % _(block.owner.class.name), url_for(:controller => "organization_ratings_plugin_profile", :action => "new_rating", :profile => block.owner.identifier) %>
   </div>
-</div>
 \ No newline at end of file
+</div>
@@ -7,14 +7,14 @@
   <% else %>
     <div class="ratings-list">
       <% block.get_ratings(block.owner.id).each_with_index do |r, index| %>
-        <% break if index >= block.limit_number_of_ratings %>
+        <% break if index >= block.ratings_on_initial_page %>
         <%= render :partial => "shared/user_rating_container", :locals => {:user_rate => r} %>
       <% end %>
  
       <%= render :partial => 'shared/make_report_block' %>
  
       <div class="see-more">
-        <%= link_to _('See more'), url_for(:controller => 'organization_ratings_plugin_profile', :action => 'new_rating'), :class => 'icon-arrow-right-p' %>
+        <%= link_to _('See more'), url_for(:controller => 'organization_ratings_plugin_profile', :action => 'new_rating', :anchor => 'ratings-list'), :class => 'icon-arrow-right-p' %>
       </div>
     </div>
   <% end %>
@@ -43,9 +43,15 @@
           <%= c.select :per_page, 5..20 %>
           </td>
       </tr>
+      <tr>
+        <td><%= _('Ratings amount on initial page') %></td>
+        <td>
+          <%= c.select :ratings_on_initial_page, 1..10 %>
+          </td>
+      </tr>
     </table>
     <div>
-      <% button_bar do %>
+      <%= button_bar do %>
         <%= submit_button('save', c_('Save changes')) %>
         <%= button :back, _('Back'), :controller => 'plugins' %>
       <% end %>
 <% min_rate = env_organization_ratings_config.minimum_ratings %>
 <% default_rating = env_organization_ratings_config.default_rating %>
  
-<div class="star-page-title">
-  <%= @plugins.dispatch(:organization_ratings_title).collect { |content| instance_exec(&content) }.join("") %>
-</div>
-
 <div class="star-rate-data">
  
   <div class="star-profile-information">
+<%= error_messages_for 'rating' %>
+
 <% config = env_organization_ratings_config %>
+<div class="star-page-title">
+  <%= @plugins.dispatch(:organization_ratings_title).collect { |content| instance_exec(&content) }.join("") %>
+</div>
 <% if logged_in? %>
   <%= render :partial => "new_rating_fields" %>
 <% else %>
@@ -7,7 +12,7 @@
   </div>
 <% end %>
  
-<div class="ratings-list">
+<div class="ratings-list" id="ratings-list">
   <% @users_ratings.each do |user_rate| %>
     <%= render :partial => "shared/user_rating_container", :locals => {:user_rate => user_rate} %>
   <% end %>
@@ -15,4 +20,4 @@
  
 <div id='pagination-profiles'>
   <%= pagination_links @users_ratings, :param_name => 'npage' %>
-</div>
 \ No newline at end of file
+</div>
 <% logged_in_image = link_to profile_image(current_user.person, :portrait), current_user.person.url if current_user %>
 <% logged_in_name = link_to current_user.person.name,  current_user.person.url if current_user %>
-<% logged_out_image = image_tag('plugins/organization_ratings/public/images/user-not-logged.png') %>
+<% logged_out_image = image_tag('plugins/organization_ratings/images/user-not-logged.png') %>
  
 <div class="make-report-block">
   <div class="star-profile-information">
-<% button_bar do %>
+<%= button_bar do %>
   <% if logged_in? %>
     <%= button(:new,_("Rate %s ") % _(profile.class.name),
               {:controller => "organization_ratings_plugin_profile",
+<% extend RatingsHelper %>
 <div class="user-rating-block">
   <div class="star-profile-information">
     <div class="star-profile-image">
@@ -25,9 +26,7 @@
     </div>
  
     <div class="user-testimony">
-      <% if user_rate.display_moderation_message(user) %>
-        <p class="moderation-msg"><%= _("Report waiting for approval") %></p>
-      <% end %>
+      <%= status_message_for(user, user_rate) %>
       <% if user_rate.comment.present? %>
         <p class="comment-body"> <%= user_rate.comment.body %> </p>
       <% end %>
@@ -8,7 +8,7 @@
  
   <%= labelled_form_field _('Piwik site id'), f.text_field(:piwik_site_id) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, c_('Save'), :cancel => {:controller => 'plugins', :action => 'index'}) %>
   <% end %>
  
 require_relative '../../test_helper'
  
-class EnterpriseHomepageHelperTest < ActiveSupport::TestCase
+class EnterpriseHomepageHelperTest < ActionView::TestCase
  
   include ProductsPlugin::EnterpriseHomepageHelper
  
@@ -57,7 +57,4 @@ class EnterpriseHomepageHelperTest &lt; ActiveSupport::TestCase
     assert_no_match /100.34/, result
   end
  
-  protected
-  include NoosferoTestHelper
-
 end
@@ -22,9 +22,8 @@ class ProfileTest &lt; ActiveSupport::TestCase
   end
  
   should 'collect the highlighted products with image' do
-    env = Environment.default
     e1 = fast_create(Enterprise)
-    p1 = create(Product, name: 'test_prod1', product_category_id: @product_category.id, enterprise: e1)
+    create(Product, name: 'test_prod1', product_category_id: @product_category.id, enterprise: e1)
     products = []
     3.times {|n|
       products.push(create(Product, name: "product #{n}", profile_id: e1.id,
@@ -36,7 +35,8 @@ class ProfileTest &lt; ActiveSupport::TestCase
     create(Product, name: "product 5", profile_id: e1.id, product_category_id: @product_category.id, image_builder: {
       uploaded_data: fixture_file_upload('/files/rails.png', 'image/png')
     })
-    assert_equal products, e1.highlighted_products_with_image
+
+    assert_equivalent products, e1.highlighted_products_with_image
   end
  
   should 'have many inputs through products' do
   <div class='input-informations input-form-closed'>
     <div class='input-name'> <%= input.name %> <%= input_icon(input) %> </div>
     <div class='input-details'>
-      <% button_bar do %>
+      <%= button_bar do %>
         <% if input.has_price_details? %>
           <%= edit_button(:edit, _('Edit'), {:action => 'edit_input', :id => input}, :class => 'edit-input', :id => "edit-input-#{input.id}") %>
         <% end %>
@@ -6,7 +6,7 @@
                    html: {id: 'product-description-form', method: 'post'}) do |f| %>
  
   <%= labelled_form_field(_('Description:'), f.text_area(:description, rows: 15, style: 'width: 90%;', class: 'mceEditor')) %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Save') %>
     <%= cancel_edit_product_link(@product, 'description') %>
   <% end %>
@@ -54,7 +54,7 @@
  
   <%= hidden_field_tag 'info-bar-update-url', @product.price_composition_bar_display_url, class: 'bar-update-url' %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Save') %>
     <%= cancel_edit_product_link(@product, 'info') %>
   <% end %>
@@ -6,7 +6,7 @@
   <%= f.text_field(:name, value: @product.name, class: 'name_edition') %>
   <%= select_unit(@product) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Save') %>
     <%= cancel_edit_product_link(@product, 'name') %>
   <% end %>
@@ -11,7 +11,7 @@
     <%= file_field_or_thumbnail(_('Image:'), @product.image, i) %>
   <% end %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', (mode == 'new' ? _('Create product') : _('Save changes')), :cancel => {:action => 'index'} ) %>
   <% end %>
 <% end %>
@@ -21,7 +21,7 @@
   <%= hidden_field(:product, :inputs_cost) %>
   <%= hidden_field(:product, :price) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Save'), :disabled => '', :class => 'disabled' %>
     <%= button :cancel, _('Cancel'), '#', class: 'cancel-price-details', data: {confirm: _('If you leave, you will lose all unsaved information. Are you sure you want to quit?')} %>
     <%= button(:add, _('New cost'), '#', :id => 'add-new-cost') %>
@@ -24,7 +24,7 @@
  
 <%= pagination_links @products %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :add, _('New product or service'), :action => 'new' if @profile.create_product? %>
   <%= button :back,  _('Back'), { :controller => 'profile_editor', :profile => @profile.identifier, :action => 'index' } %>
 <% end %>
@@ -68,7 +68,7 @@
  
 </div>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Back to the product listing'), controller: 'products_plugin/catalog', action: 'index' %>
   <%= button :delete, _('Remove product or service'), {action: 'destroy', id: @product}, class: 'requires-permission-manage_products', style: 'display:none;' %>
 <% end %>
@@ -0,0 +1,3 @@
+- if profile.enterprise?
+  h2= _('Products/Services catalog')
+  = labelled_form_field(_('Number of products/services displayed per page on catalog'), text_field(:profile_data, :products_per_catalog_page, size: 3))
@@ -1,3 +0,0 @@
-- if profile.enterprise?
-  h2= _('Products/Services catalog')
-  = labelled_form_field(_('Number of products/services displayed per page on catalog'), text_field(:profile_data, :products_per_catalog_page, size: 3))
@@ -39,7 +39,7 @@ class PushNotificationPlugin &lt; Noosfero::Plugin
   end
  
   def self.api_mount_points
-    [PushNotificationPlugin::Api]
+    [PushNotificationPlugin::API]
   end
  
   def self.plugin_description
-require_dependency 'api/helpers'
 require_relative 'api_entities'
  
-class PushNotificationPlugin::Api < Grape::API
+# Can't be called Api as will result in:
+# warning: toplevel constant Api referenced by PushNotificationPlugin::Api
+# To fix this PushNotificationPlugin should be a module
+class PushNotificationPlugin::API < Grape::API
  
   include Api::Helpers
  
@@ -7,7 +7,7 @@
   <h3><%= t('push_notification_plugin.lib.plugin.enabled_notifications')%></h3>
   <%= render partial: "notification_events_form", locals:{f: f, settings: @settings} %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, c_('Save'), :cancel => {:controller => 'plugins'}) %>
   <% end %>
  
@@ -18,7 +18,7 @@
 <%= form_for(:settings, :url => {:controller => "push_notification_plugin_myprofile", :action => "update_settings"}) do |f| %>
   <h1><%= t('push_notification_plugin.lib.plugin.enabled_notifications') %></h1>
   <%= render partial: "notification_events_form", locals: {f: f, settings: @settings} %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Save')) %>
     <%= button(:back, _('Back to control panel'), :controller => (profile.nil? ? 'admin_panel': 'profile_editor')) %>
   <% end %>
@@ -20,45 +20,8 @@ class RelevantContentPlugin::RelevantContentBlock &lt; Block
  
   attr_accessible :limit, :show_most_voted, :show_most_disliked, :show_most_liked, :show_most_commented, :show_most_read
  
-  include ActionView::Helpers
-  include Rails.application.routes.url_helpers
-
-  def content(args={})
-
-    content = block_title(title, subtitle)
-
-    if self.show_most_read
-      docs = Article.most_accessed(owner, self.limit)
-      content += subcontent(docs, _("Most read articles"), "mread") unless docs.blank?
-    end
-
-    if self.show_most_commented
-      docs = Article.most_commented_relevant_content(owner, self.limit)
-      content += subcontent(docs, _("Most commented articles"), "mcommented") unless docs.blank?
-    end
-
-    if owner.kind_of?(Environment)
-      env = owner
-    else
-      env =  owner.environment
-    end
-
-    if env.plugin_enabled?('VotePlugin')
-      if self.show_most_liked
-        docs = Article.more_positive_votes(owner, self.limit)
-        content += subcontent(docs, _("Most liked articles"), "mliked") unless docs.blank?
-      end
-      if self.show_most_disliked
-        docs = Article.more_negative_votes(owner, self.limit)
-        content += subcontent(docs, _("Most disliked articles"), "mdisliked") unless docs.blank?
-      end
-
-      if self.show_most_voted
-        docs = Article.most_voted(owner, self.limit)
-        content += subcontent(docs, _("Most voted articles"), "mvoted") unless docs.blank?
-      end
-    end
-    return content.html_safe
+  def env
+    owner.kind_of?(Environment) ? owner : owner.environment
   end
  
   def timeout
@@ -69,14 +32,4 @@ class RelevantContentPlugin::RelevantContentBlock &lt; Block
       { :profile => [:article], :environment => [:article] }
   end
  
-  protected
-
-  def subcontent(docs, title, html_class)
-    subcontent = safe_join([
-      content_tag(:span, title, class: "title #{html_class}"),
-      content_tag(:ul, safe_join(docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}, "\n"))
-    ], "\n")
-    content_tag(:div, subcontent, :class=>"block #{html_class}")
-  end
-
 end
@@ -42,20 +42,6 @@ class RelevantContentBlockTest &lt; ActiveSupport::TestCase
     assert_equal RelevantContentPlugin::RelevantContentBlock.expire_on, {:environment=>[:article], :profile=>[:article]}
   end
  
-  should 'not crash if vote plugin is not found' do
-    box = fast_create(Box, :owner_id => @profile.id, :owner_type => 'Profile')
-    block = RelevantContentPlugin::RelevantContentBlock.new(:box => box)
-
-    Environment.any_instance.stubs(:enabled_plugins).returns(['RelevantContent'])
-    # When the plugin is disabled from noosfero instance, its constant name is
-    # undefined.  To test this case, I have to manually undefine the constant
-    # if necessary.
-    Object.send(:remove_const, VotePlugin.to_s) if defined? VotePlugin
-
-    assert_nothing_raised do
-      block.content
-    end
-  end
  
   should 'check most voted articles from profile with relevant content block' do
     community = fast_create(Community)
@@ -77,11 +63,41 @@ class RelevantContentBlockTest &lt; ActiveSupport::TestCase
     assert_equal false, data.empty?
   end
  
+end
+
+require 'boxes_helper'
+
+class RelevantContentBlockViewTest < ActionView::TestCase
+  include BoxesHelper
+
+  def setup
+    @profile = create_user('testinguser').person
+  end
+
+  should 'not crash if vote plugin is not found' do
+    box = fast_create(Box, :owner_id => @profile.id, :owner_type => 'Profile')
+    block = RelevantContentPlugin::RelevantContentBlock.new(:box => box)
+
+    Environment.any_instance.stubs(:enabled_plugins).returns(['RelevantContent'])
+    ActionView::Base.any_instance.expects(:block_title).returns("")
+    # When the plugin is disabled from noosfero instance, its constant name is
+    # undefined.  To test this case, I have to manually undefine the constant
+    # if necessary.
+    Object.send(:remove_const, VotePlugin.to_s) if defined? VotePlugin
+
+    assert_nothing_raised do
+      render_block_content(block)
+    end
+  end
+
   should 'not escape html in block content' do
-    fast_create(Article, profile_id: profile.id, hits: 10)
-    box = fast_create(Box, :owner_id => profile.id, :owner_type => 'Profile')
+    fast_create(Article, profile_id: @profile.id, hits: 10)
+    box = fast_create(Box, :owner_id => @profile.id, :owner_type => 'Profile')
     block = RelevantContentPlugin::RelevantContentBlock.new(:box => box)
+
     Environment.any_instance.stubs(:enabled_plugins).returns(['RelevantContent'])
-    assert_tag_in_string block.content, tag: 'span', attributes: { class: 'title mread' }
+    ActionView::Base.any_instance.expects(:block_title).returns("")
+
+    assert_tag_in_string render_block_content(block), tag: 'span', attributes: { class: 'title mread' }
   end
 end
@@ -0,0 +1,14 @@
+= block_title(block.title, block.subtitle)
+
+- if block.show_most_read
+  = render partial: 'blocks/relevant_content/subcontent', locals: {docs: Article.most_accessed(block.owner, block.limit), title:  _("Most read articles"), html_class: 'mread'}
+- if block.show_most_commented
+  = render partial: 'blocks/relevant_content/subcontent', locals: {docs: Article.most_commented_relevant_content(block.owner, block.limit), title: _("Most commented articles"), html_class: 'mcommented'}
+
+- if block.env.plugin_enabled?('VotePlugin')
+  - if block.show_most_liked
+    = render partial: 'blocks/relevant_content/subcontent', locals: {docs: Article.more_positive_votes(block.owner, block.limit), title: _("Most liked articles"), html_class: 'mliked'}
+  - if block.show_most_disliked
+    = render partial: 'blocks/relevant_content/subcontent', locals: {docs: Article.more_negative_votes(block.owner, block.limit), title: _("Most disliked articles"), html_class: 'mdisliked'}
+  - if block.show_most_voted
+    = render partial: 'blocks/relevant_content/subcontent', locals: {docs: Article.most_voted(block.owner, block.limit), title: _("Most voted articles"), html_class: 'mvoted'}
@@ -0,0 +1,2 @@
+li
+  = link_to(h(doc.title), doc.url)
@@ -0,0 +1,6 @@
+- unless docs.blank?
+  div class="block #{html_class}"
+    span class="title #{html_class}"
+      = title
+    ul
+      = render partial: 'blocks/relevant_content/doc', collection: docs
@@ -13,7 +13,7 @@
     </strong>
   </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Save'), :cancel => {:controller => 'plugins', :action => 'index'}) %>
   <% end %>
  
@@ -5,7 +5,7 @@ module ApplicationHelper
   protected
  
   module ResponsiveMethods
-    FORM_CONTROL_CLASS = "form-control"
+    FORM_CONTROL_CLASS = 'form-control'
  
     def button(type, label, url, html_options = {})
       return super unless theme_responsive?
@@ -13,15 +13,14 @@ module ApplicationHelper
       option = html_options.delete(:option) || 'default'
       size = html_options.delete(:size) || 'xs'
       the_class = "with-text btn btn-#{size} btn-#{option} icon-#{type}"
-      if html_options.has_key?(:class)
-        the_class << ' ' << html_options[:class]
-      end
-      #button_without_text type, label, url, html_options.merge(:class => the_class)
+      the_class << ' ' << html_options[:class] if html_options.has_key?(:class)
+
+      #button_without_text type, label, url, html_options.merge(class: the_class)
       the_title = html_options[:title] || label
       if html_options[:disabled]
-        content_tag('a', content_tag('span', label), html_options.merge(class: the_class, title: the_title))
+        content_tag(:a, content_tag(:span, label), html_options.merge(class: the_class, title: the_title))
       else
-        link_to(content_tag('span', label), url, html_options.merge(class: the_class, title: the_title))
+        link_to(content_tag(:span, label), url, html_options.merge(class: the_class, title: the_title))
       end
     end
  
@@ -36,7 +35,7 @@ module ApplicationHelper
       end
       the_title = html_options[:title] || label
       if html_options[:disabled]
-        content_tag('a', '', html_options.merge(class: the_class, title: the_title))
+        content_tag(:a, '', html_options.merge(class: the_class, title: the_title))
       else
         link_to('', url, html_options.merge(class: the_class, title: the_title))
       end
@@ -91,7 +90,7 @@ module ApplicationHelper
       if html_options.has_key?(:class)
         the_class << ' ' << html_options[:class]
       end
-      content_tag('div', '', html_options.merge(class: the_class))
+      content_tag(:div, '', html_options.merge(class: the_class))
     end
  
     def icon_button(type, text, url, html_options = {})
@@ -104,16 +103,21 @@ module ApplicationHelper
         the_class << ' ' << html_options[:class]
       end
  
-      link_to(content_tag('span', text), url, html_options.merge(class: the_class, title: text))
+      link_to(content_tag(:span, text), url, html_options.merge(class: the_class, title: text))
     end
  
-    def button_bar(options = {}, &block)
+    def button_bar options = {}, &block
       return super unless theme_responsive?
  
-      options[:class].nil? ?
-          options[:class]='button-bar' :
-          options[:class]+=' button-bar'
-      concat(content_tag('div', capture(&block).to_s + tag('br', style: 'clear: left;'), options))
+      options[:class] ||= ''
+      options[:class] << 'button-bar'
+
+      content_tag :div, options do
+        [
+          capture(&block).to_s,
+          tag('br', style: 'clear: left;'),
+        ].safe_join
+      end
     end
  
     def expirable_button(content, action, text, url, html_options = {})
@@ -128,143 +132,93 @@ module ApplicationHelper
     def search_contents_menu
       return super unless theme_responsive?
  
-      host = environment.default_hostname
-
-      output = '<li class="dropdown">'
-      output += link_to(_('Contents'), '#', :class=>"dropdown-toggle icon-menu-articles", title: _('Contents'), :'data-toggle'=>"dropdown", :'data-hover'=>"dropdown")
-      output += '<ul class="dropdown-menu" role="menu">'
-
-      output += '<li>' + link_to(_('All contents'), {host: host, controller: "search", action: 'contents', category_path: ''}) + '</li>'
-
+      host  = environment.default_hostname
       links = [
-        {s_('contents|More recent') => {:href => url_for({host: host, :controller => 'search', :action => 'contents', :filter => 'more_recent'})}},
-        {s_('contents|More viewed') => {:href => url_for({host: host, :controller => 'search', :action => 'contents', :filter => 'more_popular'})}},
-        {s_('contents|Most commented') => {:href => url_for({host: host, :controller => 'search', :action => 'contents', :filter => 'more_comments'})}}
+        [_('All contents'),             {host: host, controller: :search, action: :contents, category_path: ''}],
+        [s_('contents|More recent'),    {host: host, controller: :search, action: :contents, filter: 'more_recent'}],
+        [s_('contents|More viewed'),    {host: host, controller: :search, action: :contents, filter: 'more_popular'}],
+        [s_('contents|Most commented'), {host: host, controller: :search, action: :contents, filter: 'more_comments'}],
       ]
       if logged_in?
-        links.push(_('New content') => modal_options({href: url_for({controller: 'cms', action: 'new', profile: current_user.login, cms: true})}))
+        links.push [_('New content'), '', modal_options({href: url_for({controller: 'cms', action: 'new', profile: current_user.login, cms: true})})]
       end
  
-      links.each do |link|
-        link.each do |name, options|
-          output += content_tag(:li,content_tag(:a,name,options))
-        end
+      content_tag :li, class: 'dropdown' do
+        [
+          link_to('#', class: 'dropdown-toggle icon-menu-articles', title: _('Contents'), data: {toggle: 'dropdown', hover: 'dropdown'}) do
+            content_tag :span, _('Contents')
+          end,
+          content_tag(:ul, class: 'dropdown-menu', role: 'menu') do
+            links.map do |(name, url)|
+              content_tag :li do
+                link_to name, url
+              end
+            end.safe_join
+          end,
+        ].safe_join
       end
-
-      output += '</ul>'
-      output += '</li>'
-      output
     end
  
     def search_people_menu
       return super unless theme_responsive?
  
-      host = environment.default_hostname
-
-      output = '<li class="dropdown">'
-      output += link_to(_('People'), '#', :class=>"dropdown-toggle icon-menu-people", title: _('People'), :'data-toggle'=>"dropdown", :'data-hover'=>"dropdown")
-      output += '<ul class="dropdown-menu" role="menu">'
-
-      output += '<li>' + link_to(_('All people'), {host: host, controller: "search", action: 'people', category_path: ''}) + '</li>'
-
+      host  = environment.default_hostname
       links = [
-        {s_('people|More recent') => {:href => url_for({host: host, :controller => 'search', :action => 'people', :filter => 'more_recent'})}},
-        {s_('people|More active') => {:href => url_for({host: host, :controller => 'search', :action => 'people', :filter => 'more_active'})}},
-        {s_('people|More popular') => {:href => url_for({host: host, :controller => 'search', :action => 'people', :filter => 'more_popular'})}}
+        [_('All people'),           {host: host, controller: :search, action: :people, category_path: ''}],
+        [s_('people|More recent'),  {host: host, controller: :search, action: :people, filter: 'more_recent'}],
+        [s_('people|More active'),  {host: host, controller: :search, action: :people, filter: 'more_active'}],
+        [s_('people|More popular'), {host: host, controller: :search, action: :people, filter: 'more_popular'}],
       ]
       if logged_in?
-        links.push(_('My friends') => {href: url_for({profile: current_user.login, controller: 'friends'})})
-        links.push(_('Invite friends') => {href: url_for({profile: current_user.login, controller: 'invite', action: 'friends'})})
+        links.push [_('My friends'),     {profile: current_user.login, controller: 'friends'}]
+        links.push [_('Invite friends'), {profile: current_user.login, controller: 'invite', action: 'friends'}]
       end
  
-      links.each do |link|
-        link.each do |name, url|
-          output += '<li><a href="'+url[:href]+'">' + name + '</a></li>'
-        end
+      content_tag :li, class: 'dropdown' do
+        [
+          link_to('#', class: "dropdown-toggle icon-menu-people", title: _('People'), data: {toggle: 'dropdown', hover: 'dropdown'}) do
+            content_tag :span, _('People')
+          end,
+          content_tag(:ul, class: 'dropdown-menu', role: 'menu') do
+            links.map do |params|
+              content_tag :li do
+                link_to *params
+              end
+            end.safe_join
+          end
+        ].safe_join
       end
-
-      output += '</ul>'
-      output += '</li>'
-      output
     end
  
     def search_communities_menu
       return super unless theme_responsive?
  
-      host = environment.default_hostname
-
-      output = '<li class="dropdown">'
-      output += link_to(_('Communities'), '#', :class=>"dropdown-toggle icon-menu-community", title: _('Communities'), :'data-toggle'=>"dropdown", :'data-hover'=>"dropdown")
-      output += '<ul class="dropdown-menu" role="menu">'
-
-      output += '<li>' + link_to(_('All communities'), {host: host, controller: "search", action: 'communities', category_path: ''}) + '</li>'
-
+      host  = environment.default_hostname
       links = [
-        {s_('communities|More recent') => {:href => url_for({host: host, :controller => 'search', :action => 'communities', :filter => 'more_recent'})}},
-        {s_('communities|More active') => {:href => url_for({host: host, :controller => 'search', :action => 'communities', :filter => 'more_active'})}},
-        {s_('communities|More popular') => {:href => url_for({host: host, :controller => 'search', :action => 'communities', :filter => 'more_popular'})}}
+        [_('All communities'),           {host: host, controller: :search, action: :communities, category_path: ''}],
+        [s_('communities|More recent'),  {host: host, controller: :search, action: :communities, filter: 'more_recent'}],
+        [s_('communities|More active'),  {host: host, controller: :search, action: :communities, filter: 'more_active'}],
+        [s_('communities|More popular'), {host: host, controller: :search, action: :communities, filter: 'more_popular'}],
       ]
       if logged_in?
-        links.push(_('My communities') => {href: url_for({profile: current_user.login, controller: 'memberships'})})
-        links.push(_('New community') => {href: url_for({profile: current_user.login, controller: 'memberships', action: 'new_community'})})
+        links.push [_('My communities'), {profile: current_user.login, controller: 'memberships'}]
+        links.push [_('New community'),  {profile: current_user.login, controller: 'memberships', action: 'new_community'}]
       end
  
-      links.each do |link|
-        link.each do |name, url|
-          output += '<li><a href="'+url[:href]+'">' + name + '</a></li>'
-        end
-      end
-
-      output += '</ul>'
-      output += '</li>'
-      output
-    end
-
-    def usermenu_logged_in
-      return super unless theme_responsive?
-
-      output = '<li class="dropdown">'
-
-      pending_tasks_count = ''
-      count = user ? Task.to(user).pending.count : -1
-      if count > 0
-        pending_tasks_count = "<span class=\"badge\" onclick=\"document.location='#{url_for(user.tasks_url)}'\" title=\"#{_("Manage your pending tasks")}\">" + count.to_s + '</span>'
+      content_tag :li, class: 'dropdown' do
+        [
+          link_to('#', class: 'dropdown-toggle icon-menu-community', title: _('Communities'), data: {toggle: 'dropdown', hover: 'dropdown'}) do
+            content_tag :span, _('Communities')
+          end,
+          content_tag(:ul, class: 'dropdown-menu', role: 'menu') do
+            links.map do |params|
+              content_tag :li do
+                link_to *params
+              end
+            end.safe_join
+          end
+        ].safe_join
       end
-
-      output += link_to("<img class=\"menu-user-gravatar\" src=\"#{user.profile_custom_icon(gravatar_default)}\"><strong>#{user.identifier}</strong> #{pending_tasks_count}", '#', id: "homepage-link", title: _('Go to your homepage'), :class=>"dropdown-toggle", :'data-toggle'=>"dropdown", :'data-target'=>"", :'data-hover'=>"dropdown")
-
-
-      output += '<ul class="dropdown-menu" role="menu">'
-      output += '<li>' + link_to('<span class="icon-person">'+_('Profile')+'</span>', user.public_profile_url, id: "homepage-link", title: _('Go to your homepage')) + '</li>'
-
-      output += '<li class="divider"></li>'
-
-      #TODO
-      #render_environment_features(:usermenu) +
-
-      #admin_link
-      admin_link_str = admin_link
-      output += admin_link_str.present? ? '<li>' + admin_link_str + '</li>' : ''
-
-      #control_panel link
-      output += '<li>' + link_to('<i class="icon-menu-ctrl-panel"></i><strong>' + _('Control panel') + '</strong>', user.admin_url, class: 'ctrl-panel', title: _("Configure your personal account and content")) + '</li>'
-
-      output += chat_user_status_menu('icon-menu-offline', _('Offline'))
-
-      #manage_enterprises
-      manage_enterprises_str = manage_enterprises
-      output += manage_enterprises_str.present? ? '<li>' + manage_enterprises_str + '</li>' : ''
-
-      #manage_communities
-      manage_communities_str = manage_communities
-      output += manage_communities_str.present? ? '<li>' + manage_communities_str + '</li>' : ''
-
-      output += '<li class="divider"></li>'
-
-      output += '<li>' + link_to('<i class="icon-menu-logout"></i><strong>' + _('Logout') + '</strong>', { controller: 'account', action: 'logout'} , id: "logout", title: _("Leave the system")) + '</li>'
-
-      output += '</ul>'
-      output
     end
  
     def manage_link(list, kind, title)
@@ -274,17 +228,22 @@ module ApplicationHelper
         link_to_all = nil
         if list.count > 5
           list = list.first(5)
-          link_to_all = link_to(content_tag('strong', _('See all')), :controller => 'memberships', :profile => user.identifier)
+          link_to_all = link_to(content_tag(:strong, _('See all')), controller: 'memberships', profile: user.identifier)
         end
         link = list.map do |element|
-          link_to(content_tag('strong', element.short_name(25)), element.admin_url, :class => "icon-menu-"+element.class.identification.underscore, :title => _('Manage %s') % element.short_name)
+          link_to(content_tag(:strong, element.short_name(25)), element.admin_url, class: "icon-menu-"+element.class.identification.underscore, title: _('Manage %s') % element.short_name)
         end
         if link_to_all
           link << link_to_all
         end
-        content_tag('li', nil, class: 'divider') +
-        content_tag('li', title, class: 'dropdown-header') +
-        link.map{ |l| content_tag 'li', l }.join
+
+        [
+          content_tag(:li, nil, class: 'divider'),
+          content_tag(:li, title, class: 'dropdown-header'),
+          link.map do |l|
+            content_tag :li, l
+          end.safe_join
+        ].safe_join
       end
     end
  
@@ -301,15 +260,24 @@ module ApplicationHelper
             unless html_options[:style].present? and html_options[:style] =~ /display *: *none/
               menu_content << '<br/>' unless first
               first = false
-              menu_content << content_tag(:a,link_label,html_options)
+              menu_content << content_tag(:a, link_label,html_options)
             end
           end
         end
       end
  
       option = html_options.delete(:option) || 'default'
-      size = html_options.delete(:size) || 'xs'
-      "<button class='btn btn-#{size} btn-#{option} btn-popover-menu icon-parent-folder' data-toggle='popover' data-html='true' data-placement='top' data-trigger='focus' data-content=\""+CGI::escapeHTML(menu_content)+'" data-title="'+menu_title+'"></button>'
+      size   = html_options.delete(:size) || 'xs'
+      button_tag '',
+        class: "btn btn-#{size} btn-#{option} btn-popover-menu icon-parent-folder",
+        data:  {
+          html:      'true',
+          toggle:    'popover',
+          placement: 'top',
+          trigger:   'focus',
+          content:   menu_content,
+          title:     menu_title,
+        }
     end
  
  
@@ -406,12 +374,7 @@ module ApplicationHelper
   end
  
   include ResponsiveChecks
-  if RUBY_VERSION >= '2.0.0'
-    prepend ResponsiveMethods
-  else
-    extend ActiveSupport::Concern
-    included { include ResponsiveMethods }
-  end
+  prepend ResponsiveMethods
  
   # TODO: apply theme_responsive? condition
   class NoosferoFormBuilder
@@ -440,13 +403,16 @@ module ApplicationHelper
  
       if options[:horizontal]
         label_html = content_tag :label, gettext(text), class: 'control-label col-sm-3 col-md-2 col-lg-2', for: field_id
-        result = content_tag :div, label_html + content_tag('div',field_html, class: 'col-sm-9 col-md-6 col-lg-6'), class: 'form-group'
+        content    = [
+          label_html,
+          content_tag(:div, field_html.html_safe, class: 'col-sm-9 col-md-6 col-lg-6'),
+        ].safe_join
+        content_tag :div, content, class: 'form-group'
       else
         label_html = content_tag :label, gettext(text), class: 'control-label', for: field_id
-        result = content_tag :div, label_html + field_html, class: 'form-group'
+        content    = [label_html, field_html.html_safe].safe_join
+        content_tag :div, content, class: 'form-group'
       end
-
-      result
     end
   end
  
@@ -62,12 +62,7 @@ module BoxesHelper
   end
  
   include ResponsiveChecks
-  if RUBY_VERSION >= '2.0.0'
-    prepend ResponsiveMethods
-  else
-    extend ActiveSupport::Concern
-    included { include ResponsiveMethods }
-  end
+  prepend ResponsiveMethods
  
 end
  
@@ -23,12 +23,7 @@ module ChatHelper
   end
  
   include ResponsiveChecks
-  if RUBY_VERSION >= '2.0.0'
-    prepend ResponsiveMethods
-  else
-    extend ActiveSupport::Concern
-    included { include ResponsiveMethods }
-  end
+  prepend ResponsiveMethods
  
 end
  
@@ -11,8 +11,15 @@ module FormsHelper
       return super unless theme_responsive?
  
       options[:id] ||= 'radio-' + FormsHelper.next_id_number
-      content_tag( 'label', radio_button_tag( name, value, checked, options ) + '  ' +
- human_name, for: options[:id], class: 'radio-inline' )
+      content_tag :div, class:'radio-inline' do
+        content_tag :label, for: options[:id] do
+          [
+            radio_button_tag(name, value, checked, options),
+            ' ',
+            human_name,
+          ].safe_join
+        end
+      end
     end
  
     # add -inline class
@@ -20,8 +27,18 @@ module FormsHelper
       return super unless theme_responsive?
  
       options[:id] ||= 'checkbox-' + FormsHelper.next_id_number
-      hidden_field_tag(name, '0') +
-        content_tag( 'label', check_box_tag( name, value, checked, options ) + '  ' + human_name, for: options[:id], class: 'checkbox-inline')
+      [
+        hidden_field_tag(name, '0'),
+        content_tag(:div, class:'checkbox-inline') do
+          content_tag :label, for: options[:id] do
+            [
+              check_box_tag(name, value, checked, options),
+              ' ',
+              human_name,
+            ].safe_join
+          end
+        end
+      ].safe_join
     end
  
     def submit_button(type, label, html_options = {})
@@ -43,42 +60,34 @@ module FormsHelper
       html_options.delete(:cancel)
       bt_submit = button_tag(label, html_options.merge(class: the_class))
  
-      bt_submit + bt_cancel
+      [bt_submit + bt_cancel].safe_join
     end
  
-    %w[select select_tag text_field_tag number_field_tag password_field_tag].each do |method|
-      define_method method do |*args, &block|
-        #return super(*args, &block) unless theme_responsive?
+      bt_submit + bt_cancel
+    end
  
-        options = args.extract_options!
-        if options['class']
-          options['class'] = "#{options['class']} form-control"
-        else
-          options[:class] = "#{options[:class]} form-control"
-        end
-        super(*(args << options), &block)
+    %w[
+      select_tag
+      text_field_tag text_area_tag
+      number_field_tag password_field_tag url_field_tag email_field_tag
+      month_field_tag date_field_tag
+    ].each do |method|
+      define_method method do |name, value=nil, options={}, &block|
+        responsive_add_field_class! options
+        super(name, value, options, &block).html_safe
       end
     end
     %w[select_month select_year].each do |method|
       define_method method do |date, options={}, html_options={}|
-        if html_options['class']
-          html_options['class'] = "#{html_options['class']} form-control"
-        else
-          html_options[:class] = "#{html_options[:class]} form-control"
-        end
-        super date, options, html_options
+        responsive_add_field_class! html_options
+        super(date, options, html_options).html_safe
       end
     end
  
   end
  
   include ResponsiveChecks
-  if RUBY_VERSION >= '2.0.0'
-    prepend ResponsiveMethods
-  else
-    extend ActiveSupport::Concern
-    included { include ResponsiveMethods }
-  end
+  prepend ResponsiveMethods
  
 end
  
@@ -4,16 +4,15 @@ module InputHelper
   protected
  
   def input_group_addon addon, options = {}, &block
-    content_tag :div,
-      content_tag(:span, addon, class: 'input-group-addon') + yield,
-    class: 'input-group'
+    content_tag :div, class: 'input-group' do
+      [
+        content_tag(:span, addon, class: 'input-group-addon'),
+        capture(&block),
+      ].safe_join
+    end
   end
  
 end
  
-module ApplicationHelper
-
-  include InputHelper
-
-end
+ApplicationHelper.include InputHelper
  
@@ -13,7 +13,7 @@ class ResponsivePlugin &lt; Noosfero::Plugin
   end
  
   def head_ending
-    '<meta name="viewport" content="width=device-width, initial-scale=1">'
+    '<meta name="viewport" content="width=device-width, initial-scale=1">'.html_safe
   end
  
   def body_ending
@@ -39,7 +39,7 @@
     <%= labelled_form_field(_('Invitation text:'), text_area_tag(:mail_template, @mail_template, :cols => 72, :rows => 8)) %>
   </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:ok, _("Invite my friends!")) %>
   <% end %>
 <% end %>
@@ -1,71 +0,0 @@
-<div>
-<nav id="top-bar" class="navbar navbar-default" role="navigation">
-  <div class="container">
-    <!-- Brand and toggle get grouped for better mobile display -->
-    <div class="navbar-header">
-      <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#navbar-user-collapse">
-        <span class="sr-only"><%= _('User menu') %></span>
-        <span class="fa fa-user navbar-toggle-icon"></span>
-      </button>
-      <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#navbar-search-collapse">
-        <span class="sr-only"><%= _('Search') %></span>
-        <span class="fa fa-search navbar-toggle-icon"></span>
-      </button>
-      <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#navbar-navigation-collapse">
-        <span class="sr-only"><%= _('Navigation') %></span>
-        <span class="icon-bar"></span>
-        <span class="icon-bar"></span>
-        <span class="icon-bar"></span>
-      </button>
-
-    </div>
-
-    <!-- Collect the nav links, forms, and other content for toggling -->
-    <div class="collapse navbar-collapse" id="navbar-navigation-collapse">
-      <ul class="nav navbar-nav menu-navigation">
-        <%= theme_extra_navigation %>
-        <li class="dropdown" id="search-dropdown-menu">
-          <a href="#" class="dropdown-toggle icon-search" data-hover="dropdown" data-toggle="dropdown" title="<%= _('Search') %>"><span><%= _('Search') %></span></a>
-          <ul class="dropdown-menu" role="menu">
-            <li>
-              <form action="/search" id="top-search" method="get" role="search">
-                <div class="form-group col-lg-12 col-md-12 col-sm-12">
-                  <input name="query" title="<%=_('Search...')%>" placeholder="<%=_('Search...')%>" type="text" class="form-control input-sm"/>
-                </div>
-              </form>
-            </li>
-          </ul>
-        </li>
-      </ul>
-    </div>
-    <div class="collapse navbar-collapse" id="navbar-search-collapse">
-      <form action="/search" id="top-search" class="navbar-form navbar-left" method="get" role="search">
-        <div class="form-group">
-          <input name="query" title="<%=_('Search...')%>" placeholder="<%=_('Search...')%>" type="text" class="form-control"/>
-        </div>
-      </form>
-    </div>
-    <div class="collapse navbar-collapse" id="navbar-user-collapse">
-      <ul class="nav navbar-nav pull-right">
-        <% if user.present? %>
-          <%= usermenu_logged_in %>
-        <% else %>
-            <li>
-              <%= modal_inline_link_to('<i class="icon-menu-login"></i><strong>' + _('Login') + '</strong>', login_url, '#inlineLoginBox', :id => 'link_login') %>
-              <%= @plugins.dispatch(:alternative_authentication_link).collect { |content| instance_exec(&content) }.join("") #TODO review this
-              %>
-            </li>
-            <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
-                <li>
-                <%= link_to('<strong>' + _('Sign up') + '</strong>', :controller => 'account', :action => 'signup')%>
-                </li>
-            <% end %>
-        <% end %>
-      </ul>
-    </div><!-- /.navbar-collapse -->
-  </div><!-- /.container-fluid -->
-</nav>
-</div>
-<div id='inlineLoginBox' style='display: none;'>
-  <%= render :file => 'account/login', :locals => { :is_thickbox => true } %>
-</div>
@@ -0,0 +1,54 @@
+div
+  nav#top-bar.navbar.navbar-default.navbar-static-top role="navigation"
+    .container
+      /! Brand and toggle get grouped for better mobile display
+      .navbar-header
+        button.navbar-toggle data-target="#navbar-user-collapse" data-toggle="collapse" type="button"
+          span.sr-only= _('User menu')
+          span.fa.fa-user.navbar-toggle-icon
+
+        button.navbar-toggle data-target="#navbar-search-collapse" data-toggle="collapse" type="button"
+          span.sr-only= _('Search')
+          span.fa.fa-search.navbar-toggle-icon
+
+        button.navbar-toggle data-target="#navbar-navigation-collapse" data-toggle="collapse" type="button"
+          span.sr-only= _('Navigation')
+          span.icon-bar
+          span.icon-bar
+          span.icon-bar
+        a.navbar-brand href="#{environment.top_url}"
+          = theme_site_title
+          span#navbar-brand-site-title
+            = h @environment.name
+
+      /! Collect the nav links, forms, and other content for toggling
+      #navbar-navigation-collapse.collapse.navbar-collapse
+        ul.nav.navbar-nav.menu-navigation
+          = theme_extra_navigation
+          li#search-dropdown-menu.dropdown
+            a.dropdown-toggle.icon-search data-hover="dropdown" data-toggle="dropdown" href="#" title="#{_('Search')}"
+              span= _('Search')
+            ul.dropdown-menu role="menu"
+              li
+                form#top-search action="/search" method="get" role="search"
+                  .form-group.col-lg-12.col-md-12.col-sm-12
+                    input.form-control.input-sm name="query" placeholder="#{_('Search...')}" title="#{_('Search...')}" type="text" /
+
+      #navbar-search-collapse.collapse.navbar-collapse
+        form#top-search.navbar-form.navbar-left action="/search" method="get" role="search"
+          .form-group
+            input.form-control name="query" placeholder="#{_('Search...')}" title="#{_('Search...')}" type="text" /
+
+      #navbar-user-collapse.collapse.navbar-collapse
+        ul.nav.navbar-nav.pull-right
+          - if user.present?
+            = render 'layouts/usermenu_logged_in'
+          - else
+            li
+              = modal_inline_link_to "<i class='icon-menu-login'></i><strong>#{_('Login')}</strong>".html_safe, login_url, '#inlineLoginBox', id: 'link_login'
+              = @plugins.dispatch(:alternative_authentication_link).collect{ |content| instance_exec(&content) }.safe_join
+            - unless @plugins.dispatch(:allow_user_registration).include? false
+              li= link_to content_tag(:strong, _('Sign up')), controller: :account, action: :signup
+
+#inlineLoginBox style="display: none;"
+  = render file: 'account/login', locals: {is_thickbox: true}
@@ -0,0 +1,39 @@
+- pending_tasks_count = Task.to(user).pending.count if user
+
+li.dropdown
+  = link_to '#', id: "homepage-link", title: _('Go to your homepage'), class: 'dropdown-toggle', data: {toggle: 'dropdown', hover: 'dropdown'}
+    = image_tag user.profile_custom_icon(gravatar_default), class: 'menu-user-gravatar'
+    = content_tag :strong, user.identifier
+    - if pending_tasks_count
+      span class='badge' onclick="document.location='#{url_for(user.tasks_url)}'" title="#{_("Manage your pending tasks")}"
+        count
+
+  ul class='dropdown-menu' role='menu'
+    li
+      = link_to user.public_profile_url, id: "homepage-link", title: _('Go to your homepage')
+        span class='icon-person' = _('Profile')
+    li.divider
+
+    /TODO
+    /= render_environment_features(:usermenu)
+
+    li = admin_link
+
+    li
+      = link_to user.admin_url, class: 'ctrl-panel', title: _("Configure your personal account and content")
+        i class='icon-menu-ctrl-panel'
+        strong = _('Control panel')
+
+    - if environment.enabled? 'xmpp_chat'
+      = responsive_chat_user_status_menu 'icon-menu-offline', _('Offline')
+
+    li = manage_enterprises
+    li = manage_communities
+
+    li.divider
+
+    li
+      = link_to({controller: 'account', action: 'logout'}, id: "logout", title: _("Leave the system"))
+        i class='icon-menu-logout'
+        strong = _('Logout')
+
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<%= html_language %>" lang="<%= html_language %>" class="<%= h html_tag_classes %>">
   <head>
-    <title><%= h page_title %></title>
+    <title><%= h page_title.html_safe %></title>
     <%= yield(:feeds) %>
     <!--<meta http-equiv="refresh" content="1"/>-->
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
@@ -22,7 +22,7 @@
     <%=
       @plugins.dispatch(:head_ending).map do |content|
         if content.respond_to?(:call) then instance_exec(&content).to_s.html_safe else content.to_s.html_safe end
-      end.join("\n")
+      end.safe_join
     %>
  
     <script type="text/javascript">
@@ -68,7 +68,7 @@
     <%=
       @plugins.dispatch(:body_ending).map do |content|
         if content.respond_to?(:call) then instance_exec(&content).html_safe else content.html_safe end
-      end.join("\n")
+      end.safe_join
     %>
   </body>
 </html>
@@ -12,7 +12,7 @@
       </div>
     </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Save') %>
     <%= cancel_edit_product_link(@product, 'name') %>
   <% end %>
@@ -3,7 +3,7 @@
 <%= form_for :environment, :url => {:action => 'index'}, :html => {:method => 'post'} do |f| %>
   <%= labelled_form_field(_("E-Mail addresses you want to allow to send"), f.text_area(:send_email_plugin_allow_to, :rows => 8)) %>
   <small><%= _('(list of email addresses separated by comma)') %></small>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button 'save', c_('Save'), :cancel => {:controller => 'plugins'} %>
   <% end %>
 <% end %>
@@ -5,7 +5,7 @@
   <%= labelled_form_field _('Tooltips (CSV format: language, group name, selector, description)'), f.text_area(:actions_csv, :style => 'width: 100%', :class => 'actions-csv') %>
   <%= labelled_form_field _('Group Triggers (CSV format: group name, selector, event (e.g. mouseenter, click))'), f.text_area(:group_triggers_csv, :style => 'width: 100%', :class => 'groups-csv', :rows => 7) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Save'), :cancel => {:controller => 'plugins', :action => 'index'}) %>
   <% end %>
  
@@ -16,7 +16,7 @@
  
   </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Save')) %>
     <%= button :back, _('Back to control panel'), controller: 'profile_editor' %>
   <% end %>
 require 'test_helper'
  
-class SocialSharePrivacyPluginTest < ActiveSupport::TestCase
+class SocialSharePrivacyPluginTest < ActionView::TestCase
  
   include NoosferoTestHelper
  
@@ -38,7 +38,7 @@
     <%= _('The same order in which you arrange the social networks here will be used for arranging the share buttons.') %>
   </p>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button 'save', _('Save'), :cancel => {:controller => 'plugins', :action => 'index'} %>
   <% end %>
 <% end %>
@@ -30,7 +30,7 @@
       <%= button(:cancel, _('Withhold'), {:action => 'withhold'}, :title => _('Cancel next scheduled scans')) if @settings.deployed %>
     <% end %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button(:save, c_('Save'), :cancel => {:controller => 'plugins', :action => 'index'}) %>
     <% end %>
   </div>
@@ -29,6 +29,6 @@
  
 <br style='clear: both'/>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:back, c_('Back'), :action => 'index') %>
 <% end %>
@@ -93,6 +93,7 @@ class StatisticsBlock &lt; Block
   end
  
   def products
+    return [] unless environment.plugin_enabled?('ProductsPlugin')
     if owner.kind_of?(Environment)
       owner.products.where("profiles.enabled = true and profiles.visible = true").count
     elsif owner.kind_of?(Enterprise)
@@ -145,6 +145,7 @@ class StatisticsBlockTest &lt; ActiveSupport::TestCase
  
     b = StatisticsBlock.new
     e = fast_create(Environment)
+    e.enable_plugin('ProductsPlugin')
  
     e1 = fast_create(Enterprise, :visible => true, :enabled => true, :environment_id => e.id)
     e2 = fast_create(Enterprise, :visible => true, :enabled => false, :environment_id => e.id)
@@ -168,6 +169,8 @@ class StatisticsBlockTest &lt; ActiveSupport::TestCase
     b = StatisticsBlock.new
  
     e = fast_create(Enterprise)
+    environment = e.environment
+    environment.enable_plugin('ProductsPlugin')
  
     fast_create(Product, :profile_id => e.id)
     fast_create(Product, :profile_id => e.id)
@@ -10,7 +10,7 @@
 <% end %>
  
 <%= form_tag do %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button(:add, _('Create a new sub-community'), :controller => 'memberships', :action => 'new_community', :profile => user.identifier, :sub_organizations_plugin_parent_to_be => profile.id) %>
     <%= button :add, _('Register a new sub-enterprise'), :controller => 'enterprise_registration', :sub_organizations_plugin_parent_to_be => profile.id if environment.enabled?('enterprise_registration') %>
   <% end %>
@@ -21,7 +21,7 @@
       :hint_text => _('Type in a search term for a group'),
       :pre_populate => @tokenized_children}) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', c_('Save'))%>
     <%= button('cancel', c_('Cancel'), {:controller => 'profile_editor'})%>
   <% end %>
@@ -51,7 +51,7 @@
     <%= pagination_links(organizations, {:param_name => 'npage', :page_links => true})  %>
   </div>
  
-  <% button_bar(:class => "related-organizations-button-bar") do %>
+  <%= button_bar(:class => "related-organizations-button-bar") do %>
     <%= button :back, c_('Go back'), { :controller => 'profile' } %>
     <%= button :add, _("Add a new %s") % organization_type, :controller => 'sub_organizations_plugin_myprofile', :action => 'index' if logged_in? && user.has_permission?(:edit_profile, profile) && !environment.enabled?("disable_asset_#{organization_type.pluralize}") %>
  
@@ -9,7 +9,7 @@
   <% if organizations.length == 0 %>
     <li><%= _("There are no sub-%s yet.")  % organization_type.pluralize %></li>
   <% end %>
-  <% button_bar(:class => "related-organizations-button-bar") do %>
+  <%= button_bar(:class => "related-organizations-button-bar") do %>
     <%= button :back, c_('Go back'), { :controller => 'profile' } %>
     <%= button :add, _("Add a new %s") % organization_type, :controller => 'sub_organizations_plugin_myprofile', :action => 'index' if logged_in? && user.has_permission?(:edit_profile, profile) && !environment.enabled?("disable_asset_#{organization_type.pluralize}") %>
  
@@ -10,5 +10,5 @@
       = check_box_tag "consumers[#{consumer.id}]", '1', distributed_consumers.include?(consumer.profile)
       = label_tag "consumers[#{consumer.id}]", consumer.name
  
-  - button_bar do
+  = button_bar do
     = submit_button :save, _('Save')
@@ -11,13 +11,13 @@
       f.text_field(:content_tolerance, :size => 2, :style => 'font-size: 14px; text-align: right') +
       select_tag(:content_tolerance_unit, options_for_select(time_units, @content_default_unit) )) %>
   <% end %>
-  <%= labelled_form_field(_('Comment edition tolerance time'), 
-    f.text_field(:comment_tolerance, :size => 2, :style => 'font-size: 14px; text-align: right') + 
+  <%= labelled_form_field(_('Comment edition tolerance time'),
+    f.text_field(:comment_tolerance, :size => 2, :style => 'font-size: 14px; text-align: right') +
     select_tag(:comment_tolerance_unit, options_for_select(time_units, @comment_default_unit) )) %>
  
   <%= content_tag( 'small', _('Empty means unlimited and zero means right away.') ) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', c_('Save'))%>
     <%= button('back', c_('Back'), {:controller => 'profile_editor'})%>
   <% end %>
@@ -13,7 +13,7 @@
     <%= labelled_form_field _('Limit of voters to display:'), f.text_field(:voters_limit, :size => 3) %>
   </strong>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, c_('Save'), :cancel => {:controller => 'plugins', :action => 'index'}) %>
   <% end %>
  
@@ -12,7 +12,7 @@
     <%= visibility_options(@article, @tokenized_children) %>
   </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Save') %>
     <%= button :cancel, _('Cancel'), @back_to %>
   <% end %>
@@ -27,8 +27,8 @@ class ActivitiesTest &lt; ActiveSupport::TestCase
     assert_equal 403, last_response.status
   end
  
-  should 'not get community activities if not member' do
-    community = fast_create(Community)
+  should 'not get community activities if not member and community is private' do
+    community = fast_create(Community, public_profile: false)
     other_person = fast_create(Person)
     community.add_member(other_person) # so there is an activity in community
  
@@ -68,6 +68,15 @@ class ActivitiesTest &lt; ActiveSupport::TestCase
     assert_equivalent other_person.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]}
   end
  
+  should 'get activities for non logged user in a public community' do
+    community = fast_create(Community)
+    create_activity(community)
+    community.add_member(person)
+    get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent community.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]}
+  end
+
   def create_activity(target)
     activity = ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => target
     ProfileActivity.create! profile_id: target.id, activity: activity
@@ -7,6 +7,26 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     login_api
   end
  
+  should 'remove article' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    delete "/api/v1/articles/#{article.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_not_equal 401, last_response.status
+    assert_equal true, json['success']
+
+    assert !Article.exists?(article.id)
+  end
+
+  should 'not remove article without permission' do
+    otherPerson = fast_create(Person, :name => "Other Person")
+    article = fast_create(Article, :profile_id => otherPerson.id, :name => "Some thing")
+    delete "/api/v1/articles/#{article.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 403, last_response.status
+    assert Article.exists?(article.id)
+  end
+
   should 'list articles' do
     article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
     get "/api/v1/articles/?#{params.to_query}"
@@ -14,6 +34,17 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     assert_includes json["articles"].map { |a| a["id"] }, article.id
   end
  
+  should 'list all text articles' do
+    profile = Community.create(identifier: 'my-community', name: 'name-my-community')
+    a1 = fast_create(TextArticle, :profile_id => profile.id)
+    a2 = fast_create(TextileArticle, :profile_id => profile.id)
+    a3 = fast_create(TinyMceArticle, :profile_id => profile.id)
+    params['content_type']='TextArticle'
+    get "api/v1/communities/#{profile.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 3, json['articles'].count
+  end
+
   should 'get profile homepage' do
     article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
     person.home_page=article
@@ -104,6 +135,17 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] }
   end
  
+  should 'list all text articles of children' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    child1 = fast_create(TextArticle, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing 1")
+    child2 = fast_create(TextileArticle, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing 2")
+    child3 = fast_create(TinyMceArticle, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing 3")
+    get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [child1.id, child2.id, child3.id], json["articles"].map { |a| a["id"] }
+  end
+
+
   should 'list public article children for not logged in access' do
     article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
     child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
@@ -744,4 +786,12 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     assert_not_includes json['article']['children'].map {|a| a['id']}, child.id
   end
  
+  should 'list article permissions when get an article' do
+    community = fast_create(Community)
+    give_permission(person, 'post_content', community)
+    article = fast_create(Article, :profile_id => community.id)
+    get "/api/v1/articles/#{article.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_includes json["article"]["permissions"], 'allow_post_content'
+  end
 end
@@ -47,4 +47,46 @@ class BoxesTest &lt; ActiveSupport::TestCase
     json = JSON.parse(last_response.body)
     assert !json["boxes"].first["blocks"].first.key?('api_content')
   end
+
+  should 'get blocks from boxes' do
+    Environment.delete_all
+    environment = fast_create(Environment, :is_default => true)
+    box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment')
+    block = fast_create(Block, box_id: box.id)
+    get "/api/v1/environments/default/boxes?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [block.id], json["boxes"].first["blocks"].map {|b| b['id']}
+  end
+
+  should 'not list a block for not logged users' do
+    logout_api
+    profile = fast_create(Profile)
+    box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name)
+    block = fast_create(Block, box_id: box.id)
+    block.display = 'never'
+    block.save!
+    get "/api/v1/profiles/#{profile.id}/boxes?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [], json["boxes"].first["blocks"].map {|b| b['id']}
+  end
+
+  should 'list a block with logged in display_user for a logged user' do
+    profile = fast_create(Profile)
+    box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name)
+    block = fast_create(Block, box_id: box.id)
+    block.display_user = 'logged'
+    block.save!
+    get "/api/v1/profiles/#{profile.id}/boxes?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [block.id], json["boxes"].first["blocks"].map {|b| b['id']}
+  end
+
+  should 'not list boxes for user without permission' do
+    profile = fast_create(Profile, public_profile: false)
+    box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name)
+    block = fast_create(Block, box_id: box.id)
+    get "/api/v1/profiles/#{profile.id}/boxes?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 403, last_response.status
+  end
 end
@@ -70,6 +70,16 @@ class CommentsTest &lt; ActiveSupport::TestCase
     assert_equal body, json['comment']['body']
   end
  
+  should 'not create comment when an article does not accept comments' do
+    login_api
+    article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing", accept_comments: false)
+    body = 'My comment'
+    params.merge!({:body => body})
+    post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 403, last_response.status
+  end
+
   should 'logged user not comment an archived article' do
     login_api
     article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :archived => true)
@@ -186,4 +196,53 @@ class CommentsTest &lt; ActiveSupport::TestCase
     assert_equal [comment1.id], json["comments"].map { |c| c['id'] }
   end
  
+  should 'delete comment successfully' do
+    login_api
+    article = fast_create(Article, profile_id: person.id, name: "Some thing")
+    comment = article.comments.create!(body: "some comment", author: person)
+    delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 200, last_response.status
+    assert_equal comment.id, json['comment']['id']
+    assert_not_includes article.comments, comment
+  end
+
+  should 'not delete a comment when user is not logged' do
+    article = fast_create(Article, profile_id: person.id, name: "Some thing")
+    comment = article.comments.create!(body: "some comment", author: person)
+    delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 403, last_response.status
+    assert_includes article.comments, comment
+  end
+
+  should 'not delete a comment when user does not have permission' do
+    login_api
+    article = fast_create(Article, profile_id: @local_person.id, name: "Some thing")
+    comment = article.comments.create!(body: "some comment", author: @local_person)
+    delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 403, last_response.status
+    assert_includes article.comments, comment
+  end
+
+  should 'return not found when delete a inexistent comment' do
+    article = fast_create(Article, profile_id: person.id, name: "Some thing")
+    comment = article.comments.create!(body: "some comment", author: person)
+    delete "api/v1/articles/#{article.id}/comments/0?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 404, last_response.status
+    assert_includes article.comments, comment
+  end
+
+  should 'return error when failed to delete comment' do
+    login_api
+    article = fast_create(Article, profile_id: person.id, name: "Some thing")
+    comment = article.comments.create!(body: "some comment", author: person)
+    Comment.any_instance.expects(:destroy).raises(StandardError)
+    delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 500, last_response.status
+    assert_includes article.comments, comment
+  end
 end
@@ -99,7 +99,7 @@ class Api::HelpersTest &lt; ActiveSupport::TestCase
   end
  
   should 'parse_content_type return all content types as an array' do
-    assert_equivalent ['TextArticle','TinyMceArticle'], parse_content_type("TextArticle,TinyMceArticle")
+    assert_equivalent ['TextileArticle','TinyMceArticle'], parse_content_type("TextileArticle,TinyMceArticle")
   end
  
   should 'find_article return article by id in list passed for user with permission' do
@@ -146,4 +146,49 @@ class ProfilesTest &lt; ActiveSupport::TestCase
     refute json.has_key?('Rating')
   end
  
+  [Community, Enterprise].each do |klass|
+    should "update #{klass.name}" do
+      login_api
+      profile = fast_create(klass)
+      profile.add_admin(person)
+      params[:profile] = {}
+      params[:profile][:custom_header] = "Another Header"
+      post "/api/v1/profiles/#{profile.id}?#{params.to_query}"
+      assert_equal "Another Header", profile.reload.custom_header
+    end
+
+    should "not update a #{klass.name} if user does not have permission" do
+      login_api
+      profile = fast_create(klass)
+      params[:profile] = {}
+      params[:profile][:custom_header] = "Another Header"
+      post "/api/v1/profiles/#{profile.id}?#{params.to_query}"
+      assert_equal 403, last_response.status
+    end
+
+    should "not update a #{klass.name} if user is not logged in" do
+      profile = fast_create(klass)
+      params[:profile] = {}
+      params[:profile][:custom_header] = "Another Header"
+      post "/api/v1/profiles/#{profile.id}?#{params.to_query}"
+      assert_equal 401, last_response.status
+    end
+  end
+
+  should 'update person' do
+    login_api
+    params[:profile] = {}
+    params[:profile][:custom_header] = "Another Header"
+    post "/api/v1/profiles/#{person.id}?#{params.to_query}"
+    assert_equal "Another Header", person.reload.custom_header
+  end
+
+  should 'not update person information if user does not have permission' do
+    login_api
+    profile = fast_create(Person)
+    params[:profile] = {}
+    params[:profile][:custom_header] = "Another Header"
+    post "/api/v1/profiles/#{profile.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
 end
@@ -224,7 +224,7 @@ class ApplicationControllerTest &lt; ActionController::TestCase
   end
  
   should 'display theme test panel when testing theme' do
-    @request.session[:theme] = 'my-test-theme'
+    @request.session[:user_theme] = 'my-test-theme'
     theme = mock
     profile = mock
     theme.expects(:owner).returns(profile).at_least_once
@@ -506,6 +506,21 @@ class ApplicationControllerTest &lt; ActionController::TestCase
     assert_redirected_to :controller => 'account', :action => 'login'
   end
  
+  should 'override user when current is an admin' do
+    user        = create_user
+    other_user  = create_user
+    environment = Environment.default
+    login_as user.login
+    @controller.stubs(:environment).returns(environment)
+
+    get :index, override_user: other_user.id
+    assert_equal user, assigns(:current_user)
+
+    environment.add_admin user.person
+    get :index, override_user: other_user.id
+    assert_equal other_user, assigns(:current_user)
+  end
+
   should 'do not allow member not included in whitelist to access an restricted environment' do
     user = create_user
     e = Environment.default
@@ -576,4 +591,36 @@ class ApplicationControllerTest &lt; ActionController::TestCase
     assert_redirected_to :controller => 'test', :action => 'index', :profile => profile.identifier
   end
  
+  should 'set session theme if a params theme is passed as parameter' do
+    current_theme = 'my-test-theme'
+    environment = Environment.default
+    Theme.stubs(:system_themes).returns([Theme.new(current_theme)])
+    environment.themes = [current_theme]
+    environment.save!
+    assert_nil @request.session[:theme]
+    get :index, :theme => current_theme
+    assert_equal current_theme, @request.session[:theme]
+  end
+
+  should 'set session theme only in environment available themes' do
+    environment = Environment.default
+    assert_nil @request.session[:theme]
+    environment.stubs(:theme_ids).returns(['another_theme'])
+    get :index, :theme => 'my-test-theme'
+    assert_nil @request.session[:theme]
+  end
+
+  should 'unset session theme if not environment available themes is defined' do
+    environment = Environment.default
+    current_theme = 'my-test-theme'
+    Theme.stubs(:system_themes).returns([Theme.new(current_theme)])
+    environment.themes = [current_theme]
+    environment.save!
+    get :index, :theme => current_theme
+    assert_equal current_theme, @request.session[:theme]
+
+    get :index, :theme => 'another_theme'
+    assert_nil @request.session[:theme]
+  end
+
 end
@@ -528,7 +528,7 @@ class CmsControllerTest &lt; ActionController::TestCase
     post :new, :type => TextileArticle.name, :profile => profile.identifier, :article => { :name => 'adding-categories-test', :category_ids => [ c1.id, c3.id, c3.id ] }
  
     saved = profile.articles.find_by(name: 'adding-categories-test')
-    assert_equal [c1, c3], saved.categories.all
+    assert_equivalent [c1, c3], saved.categories.all
   end
  
   should 'filter html with white_list from tiny mce article name' do
@@ -231,7 +231,7 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase
     theme = Theme.create('theme-under-test', :owner => profile)
     post :start_test, :profile => 'testinguser', :id => 'theme-under-test'
  
-    assert_equal 'theme-under-test', session[:theme]
+    assert_equal 'theme-under-test', session[:user_theme]
     assert_redirected_to :controller => 'content_viewer', :profile => 'testinguser', :action => 'view_page'
   end
  
@@ -239,7 +239,7 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase
     theme = Theme.create('theme-under-test', :owner => profile)
     post :stop_test, :profile => 'testinguser', :id => 'theme-under-test'
  
-    assert_nil session[:theme]
+    assert_nil session[:user_theme]
     assert_redirected_to :action => 'index'
   end
  
@@ -1,46 +0,0 @@
-require_relative "../test_helper"
-
-class BlocksTest < ActionDispatch::IntegrationTest
-
-  def blog_on_article_block_bootstrap
-    profile = fast_create(Profile)
-    blog = fast_create(Blog, :name => 'Blog', :profile_id => profile.id)
-    fast_create(TinyMceArticle, :name => "First Post", :profile_id => profile.id, :parent_id => blog.id, :body => '<p> Wasserstoffbombe </p>')
-    fast_create(TinyMceArticle, :name => "A Post", :profile_id => profile.id, :parent_id => blog.id, :body => '<p>Lorem ipsum dolor sit amet</p> <p>Second paragraph</p>')
-    block = ArticleBlock.new
-    block.article = blog
-    profile.boxes << Box.new
-    profile.boxes.first.blocks << block
-    return block
-  end
-
-  should 'allow blog as article block content' do
-    block = blog_on_article_block_bootstrap
-    get "/profile/#{block.owner.identifier}"
-    assert_match(/Lorem ipsum dolor sit amet/, @response.body)
-  end
-
-  should 'display short version for block posts on article block' do
-    block = blog_on_article_block_bootstrap
-    get "/profile/#{block.owner.identifier}"
-    assert_no_match(/Second paragraph/, @response.body)
-  end
-
-  should 'display full version for block posts on article block' do
-    block = blog_on_article_block_bootstrap
-    block.visualization_format = 'full'
-    block.save!
-    get "/profile/#{block.owner.identifier}"
-    assert_match(/Second paragraph/, @response.body)
-  end
-
-  should 'display configured number of blog posts on article block' do
-    block = blog_on_article_block_bootstrap
-    block.posts_per_page = 2
-    block.save!
-    get "/profile/#{block.owner.identifier}"
-    assert_match(/Lorem ipsum dolor sit amet/, @response.body)
-    assert_match(/Wasserstoffbombe/, @response.body)
-  end
-
-end
@@ -0,0 +1,46 @@
+require_relative "../test_helper"
+
+class ProfileBlocksTest < ActionDispatch::IntegrationTest
+
+  def blog_on_article_block_bootstrap
+    profile = fast_create(Profile)
+    blog = fast_create(Blog, :name => 'Blog', :profile_id => profile.id)
+    fast_create(TinyMceArticle, :name => "First Post", :profile_id => profile.id, :parent_id => blog.id, :body => '<p> Wasserstoffbombe </p>')
+    fast_create(TinyMceArticle, :name => "A Post", :profile_id => profile.id, :parent_id => blog.id, :body => '<p>Lorem ipsum dolor sit amet</p> <p>Second paragraph</p>')
+    block = ArticleBlock.new
+    block.article = blog
+    profile.boxes << Box.new
+    profile.boxes.first.blocks << block
+    return block
+  end
+
+  should 'allow blog as article block content' do
+    block = blog_on_article_block_bootstrap
+    get "/profile/#{block.owner.identifier}"
+    assert_match(/Lorem ipsum dolor sit amet/, @response.body)
+  end
+
+  should 'display short version for block posts on article block' do
+    block = blog_on_article_block_bootstrap
+    get "/profile/#{block.owner.identifier}"
+    assert_no_match(/Second paragraph/, @response.body)
+  end
+
+  should 'display full version for block posts on article block' do
+    block = blog_on_article_block_bootstrap
+    block.visualization_format = 'full'
+    block.save!
+    get "/profile/#{block.owner.identifier}"
+    assert_match(/Second paragraph/, @response.body)
+  end
+
+  should 'display configured number of blog posts on article block' do
+    block = blog_on_article_block_bootstrap
+    block.posts_per_page = 2
+    block.save!
+    get "/profile/#{block.owner.identifier}"
+    assert_match(/Lorem ipsum dolor sit amet/, @response.body)
+    assert_match(/Wasserstoffbombe/, @response.body)
+  end
+
+end
@@ -163,4 +163,16 @@ class SafeStringsTest &lt; ActionDispatch::IntegrationTest
     get url_for(action: :edit, controller: :profile_design, profile: person.identifier, id: block.id)
     assert_select '.block-config-options .image-data-line'
   end
+
+  should 'not escape icons options editing link_list block' do
+    create_user('jimi', :password => 'test', :password_confirmation => 'test').activate
+    profile = Person['jimi']
+    login 'jimi', 'test'
+    profile.blocks.each(&:destroy)
+    profile.boxes.first.blocks << LinkListBlock.new
+    block = profile.boxes.first.blocks.first
+    get "/myprofile/#{profile.identifier}/profile_design/edit/#{block.id}"
+    assert_select '.icon-selector .icon-edit'
+  end
+
 end
+##
+# DEPRECATED ActionView::TestCase already provide all needed
+#
 module NoosferoTestHelper
  
-  def link_to(content, url, options = {})
-    "<a href='#{url.inspect}'>#{content}</a>"
-  end
-
-  def content_tag(tag, content, options = {})
-    tag_attr = options.blank? ? '' : ' ' + options.collect{ |o| "#{o[0]}=\"#{o[1]}\"" }.join(' ')
-    "<#{tag}#{tag_attr}>#{content}</#{tag}>"
-  end
  
   def submit_tag(content, options = {})
     content
@@ -17,11 +12,6 @@ module NoosferoTestHelper
     ''
   end
  
-  def tag(tag, args = {})
-    attrs = args.map{|k,v| "#{k}='#{v}'"}.join(' ')
-    "<#{tag} #{attrs} />"
-  end
-
   def options_from_collection_for_select(collection, value_method, content_method)
     "<option value='fake value'>fake content</option>"
   end
@@ -149,4 +149,11 @@ class AddMemberTest &lt; ActiveSupport::TestCase
  
     assert_no_match(/\(#{task.requestor.email}\)/, task.target_notification_description)
   end
+
+  should 'have cancel notification message with explanation' do
+    explanation_message = 'some explanation'
+    task = AddMember.new(:person => person, :organization => community,
+                         :reject_explanation => explanation_message)
+    assert_match(/#{explanation_message}/, task.task_cancelled_message)
+  end
 end
@@ -466,7 +466,7 @@ class ApplicationHelperTest &lt; ActionView::TestCase
   should 'use theme passed via param when in development mode' do
     stubs(:environment).returns(build(Environment, :theme => 'environment-theme'))
     Rails.env.stubs(:development?).returns(true)
-    self.stubs(:params).returns({:theme => 'skyblue'})
+    self.stubs(:params).returns({:user_theme => 'skyblue'})
     assert_equal 'skyblue', current_theme
   end
  
@@ -682,29 +682,6 @@ class ApplicationHelperTest &lt; ActionView::TestCase
     assert_nil default_folder_for_image_upload(profile)
   end
  
-  should 'envelop a html with button-bar div' do
-    result = button_bar { '<b>foo</b>' }
-    assert_equal '<div class="button-bar"><b>foo</b>'+
-                 '<br style=\'clear: left;\' /></div>', result
-  end
-
-  should 'add more classes to button-bar envelope' do
-    result = button_bar :class=>'test' do
-      '<b>foo</b>'
-    end
-    assert_equal '<div class="test button-bar"><b>foo</b>'+
-                 '<br style=\'clear: left;\' /></div>', result
-  end
-
-  should 'add more attributes to button-bar envelope' do
-    result = button_bar :id=>'bt1' do
-      '<b>foo</b>'
-    end
-    assert_tag_in_string result, :tag =>'div', :attributes => {:class => 'button-bar', :id => 'bt1'}
-    assert_tag_in_string result, :tag =>'b', :content => 'foo', :parent => {:tag => 'div', :attributes => {:id => 'bt1'}}
-    assert_tag_in_string result, :tag =>'br', :parent => {:tag => 'div', :attributes => {:id => 'bt1'}}
-  end
-
   should 'not filter html if source does not have macros' do
     class Plugin1 < Noosfero::Plugin
     end
@@ -871,7 +848,7 @@ class ApplicationHelperTest &lt; ActionView::TestCase
     html = fullscreen_buttons("#article")
     assert html.include?("<script>fullscreenPageLoad('#article')</script>")
     assert html.include?("class=\"button with-text icon-fullscreen\"")
-    assert html.include?("onClick=\"toggle_fullwidth('#article')\"")
+    assert html.include?("onClick=\"toggle_fullwidth(&#39;#article&#39;)\"")
   end
  
   should "return the related class string" do
@@ -23,10 +23,6 @@ class BlockTest &lt; ActiveSupport::TestCase
     assert_nil Block.new.owner
   end
  
-  should 'provide no footer by default' do
-    assert_nil Block.new.footer
-  end
-
   should 'provide an empty default title' do
     assert_equal '', Block.new.default_title
   end
-# encoding: UTF-8
 require_relative "../test_helper"
  
 class ButtonsHelperTest < ActionView::TestCase
+
   include ButtonsHelper
  
   should 'append with-text class and keep existing classes' do
     expects(:button_without_text).with('type', 'label', 'url', { :class => 'with-text class1'})
     button('type', 'label', 'url', { :class => 'class1' })
   end
-end
 \ No newline at end of file
+
+  should 'envelop a html with button-bar div' do
+    result = button_bar { content_tag :b, 'foo' }
+    assert_equal '<div class=" button-bar"><b>foo</b>'+
+                 '<br style="clear: left;" /></div>', result
+  end
+
+  should 'add more classes to button-bar envelope' do
+    result = button_bar :class=>'test' do
+      content_tag :b, 'foo'
+    end
+    assert_equal '<div class="test button-bar"><b>foo</b>'+
+                 '<br style="clear: left;" /></div>', result
+  end
+
+  should 'add more attributes to button-bar envelope' do
+    result = button_bar :id=>'bt1' do
+      content_tag :b, 'foo'
+    end
+    assert_tag_in_string result, :tag =>'div', :attributes => {:class => ' button-bar', :id => 'bt1'}
+    assert_tag_in_string result, :tag =>'b', :content => 'foo', :parent => {:tag => 'div', :attributes => {:id => 'bt1'}}
+    assert_tag_in_string result, :tag =>'br', :parent => {:tag => 'div', :attributes => {:id => 'bt1'}}
+  end
+
+end
@@ -21,4 +21,14 @@ class CommentHandlerTest &lt; ActiveSupport::TestCase
     handler.perform
   end
  
+  should 'save locale from creation context and not change current locale' do
+    FastGettext.stubs(:locale).returns("pt")
+    handler = CommentHandler.new(5, :whatever_method)
+
+    FastGettext.stubs(:locale).returns("en")
+    assert_equal "pt", handler.locale
+
+    handler.perform
+    assert_equal "en", FastGettext.locale
+  end
 end
 require_relative "../test_helper"
  
-class CommentHelperTest < ActiveSupport::TestCase
+class CommentHelperTest < ActionView::TestCase
  
   include CommentHelper
-  include ActionView::Helpers::TagHelper
-  include NoosferoTestHelper
+
+  helper ApplicationHelper
  
   def setup
     @user = create_user('usertest').person
@@ -12,6 +12,7 @@ class CommentHelperTest &lt; ActiveSupport::TestCase
     self.stubs(:logged_in?).returns(true)
     self.stubs(:report_abuse).returns('<a href="#">link</a>')
     self.stubs(:expirable_comment_link).returns('<a href="#">link</a>')
+    self.stubs(:url_for)
     @plugins = mock
     @plugins.stubs(:dispatch).returns([])
   end
@@ -140,9 +141,5 @@ class CommentHelperTest &lt; ActiveSupport::TestCase
     assert_match /plugin_action/, Nokogiri::HTML.fragment(html).css('.comments-action-bar').to_html
   end
  
-  def link_to_function(content, url, options = {})
-    link_to(content, url, options)
-  end
-
 end
  
@@ -3,6 +3,8 @@ require_relative &quot;../test_helper&quot;
 class ContentViewerHelperTest < ActionView::TestCase
  
   include ActionView::Helpers::TagHelper
+  include ActionView::Helpers::TextHelper
+
   include ContentViewerHelper
   include DatesHelper
   include ApplicationHelper
@@ -99,14 +101,14 @@ class ContentViewerHelperTest &lt; ActionView::TestCase
   end
  
   should 'theme provides addthis custom icon' do
-    stubs(:session).returns({:theme => 'base'})
+    stubs(:session).returns({:user_theme => 'base'})
     File.expects(:exists?).with(anything).returns(true)
     Environment.any_instance.stubs(:default_hostname).returns('noosfero.org')
     assert_match 'addthis.gif', addthis_image_tag
   end
  
   should 'use default addthis icon if theme has no addthis.gif image' do
-    stubs(:session).returns({:theme => 'base'})
+    stubs(:session).returns({:user_theme => 'base'})
     File.expects(:exists?).with(anything).returns(false)
     Environment.any_instance.stubs(:default_hostname).returns('noosfero.org')
     assert_match 'bt-bookmark.gif', addthis_image_tag
@@ -148,11 +150,4 @@ class ContentViewerHelperTest &lt; ActionView::TestCase
     assert_match /February 1, 2007/, result
   end
  
-  protected
-  include NoosferoTestHelper
-  include ActionView::Helpers::TextHelper
-  def url_for(args = {})
-    ['http:/', args[:host], args[:profile], args[:page]].join('/')
-  end
-
 end
@@ -457,6 +457,22 @@ class EnvironmentTest &lt; ActiveSupport::TestCase
     assert_equal ['new-theme', 'other-theme'], Environment.default.themes.map(&:id)
   end
  
+  should 'return the theme ids' do
+    env = Environment.default
+    t1 = 'theme_1'
+    t2 = 'theme_2'
+    Theme.stubs(:system_themes).returns([Theme.new(t1), Theme.new(t2)])
+    env.themes = [t1, t2]
+    env.save!
+    assert_equivalent  [t1, t2], Environment.default.theme_ids
+  end
+  should 'theme_ids be an empty array if there is no settings themes defined' do
+    env = Environment.default
+    env.settings[:themes] = nil
+    env.save!
+    assert Environment.default.theme_ids.empty?
+  end
+
   should 'create templates' do
     e = create(Environment, :name => 'test_env')
     e.reload
 require_relative "../test_helper"
  
-class EventsHelperTest < ActiveSupport::TestCase
+class EventsHelperTest < ActionView::TestCase
  
   include EventsHelper
  
 require_relative "../test_helper"
  
-class ForumHelperTest < ActiveSupport::TestCase
+class ForumHelperTest < ActionView::TestCase
  
   include BlogHelper
   include ForumHelper
@@ -58,7 +58,7 @@ class ForumHelperTest &lt; ActiveSupport::TestCase
     assert_match result, out
     assert_match 'a2', out
  
-    assert_match(/#{result} by <a href='[^']+'>a2<\/a>/, last_topic_update(some_post))
+    assert_match(/#{result} by <a href="[^"]+">a2<\/a>/, last_topic_update(some_post))
   end
  
   should "return last comment author's name from unauthenticated user" do
@@ -79,13 +79,6 @@ class LinkListBlockTest &lt; ActiveSupport::TestCase
     assert_tag_in_string render_block_content(l), :tag => 'a', :attributes => { :href => '/prefix/bar' }
   end
  
-  should 'display options for icons' do
-    l = LinkListBlock.new
-    l.icons_options.each do |option|
-      assert_match(/<span title=\".+\" class=\"icon-.+\" onclick=\"changeIcon\(this, '.+'\)\"><\/span>/, option)
-    end
-  end
-
   should 'link with icon' do
     l = LinkListBlock.new(:links => [{:icon => 'save', :name => 'test', :address => 'test.com'}])
     assert_match /a class="icon-[^"]+"/, render_block_content(l)
@@ -567,4 +567,24 @@ class OrganizationTest &lt; ActiveSupport::TestCase
     assert_not_includes person_orgs,    o7
     assert_includes     env_admin_orgs, o7
   end
+
+  should 'return true at display_private_info_to? when profile is public and user is nil' do
+    organization = fast_create(Organization, public_profile: true)
+    assert organization.display_private_info_to?(nil)
+  end
+
+  should 'return false at display_private_info_to? when profile is public and secret' do
+    organization = fast_create(Organization, public_profile: true, secret: true)
+    assert !organization.display_private_info_to?(nil)
+  end
+
+  should 'return false at display_private_info_to? when profile is public and not visible' do
+    organization = fast_create(Organization, public_profile: true, visible: false)
+    assert !organization.display_private_info_to?(nil)
+  end
+
+  should 'return false at display_private_info_to? when profile is private and user is nil' do
+    organization = fast_create(Organization, public_profile: false)
+    assert !organization.display_private_info_to?(nil)
+  end
 end
@@ -20,7 +20,7 @@ class ThemeLoaderHelperTest &lt; ActionView::TestCase
   end
  
   should 'override theme with testing theme from session' do
-    stubs(:session).returns(:theme => 'theme-under-test')
+    stubs(:session).returns(:user_theme => 'theme-under-test')
     assert_equal 'theme-under-test', current_theme
   end
  
@@ -30,7 +30,17 @@ class ThemeLoaderHelperTest &lt; ActionView::TestCase
   end
  
   should 'point to user theme path when testing theme' do
-    stubs(:session).returns({:theme => 'theme-under-test'})
+    stubs(:session).returns({:user_theme => 'theme-under-test'})
     assert_equal '/user_themes/theme-under-test', theme_path
   end
-end
 \ No newline at end of file
+
+  should 'point to session theme is defined' do
+    session = mock
+    stubs(:session).returns(session)
+    my_session_theme = 'session_theme'
+    session.stubs(:[]).with(:user_theme).returns(nil)
+    session.stubs(:[]).with(:theme).returns(my_session_theme)
+    assert_equal '/designs/themes/' + my_session_theme, theme_path
+  end
+
+end
@@ -0,0 +1,15 @@
+require 'test_helper'
+
+class UrlHelperTest < ActionView::TestCase
+
+  include UrlHelper
+
+  def setup
+  end
+
+  should 'preserve override_user if present' do
+    params[:override_user] = 1
+    assert_equal default_url_options[:override_user], params[:override_user]
+  end
+
+end
...	...	@@ -93,7 +93,9 @@ module Api
93	93	class Box < Entity
94	94	root 'boxes', 'box'
95	95	expose :id, :position
96		- expose :blocks, :using => Block
	96	+ expose :blocks, :using => Block do \|box, options\|
	97	+ box.blocks.select {\|block\| block.visible_to_user?(options[:current_person]) }
	98	+ end
97	99	end
98	100
99	101	class Profile < Entity
...	...	@@ -200,12 +202,21 @@ module Api
200	202	expose :accept_comments?, as: :accept_comments
201	203	end
202	204
	205	+ def self.permissions_for_entity(entity, current_person, *method_names)
	206	+ method_names.map { \|method\| entity.send(method, current_person) ? method.to_s.gsub(/\?/,'') : nil }.compact
	207	+ end
	208	+
203	209	class Article < ArticleBase
204	210	root 'articles', 'article'
205	211	expose :parent, :using => ArticleBase
206	212	expose :children, :using => ArticleBase do \|article, options\|
207	213	article.children.published.limit(V1::Articles::MAX_PER_PAGE)
208	214	end
	215	+ expose :permissions do \|article, options\|
	216	+ Entities.permissions_for_entity(article, options[:current_person],
	217	+ :allow_edit?, :allow_post_content?, :allow_delete?, :allow_create?,
	218	+ :allow_publish_content?)
	219	+ end
209	220	end
210	221
211	222	class User < Entity
...	...
...	...	@@ -121,7 +121,7 @@ module Api
121	121
122	122	def present_article(asset)
123	123	article = find_article(asset.articles, params[:id])
124		- present_partial article, :with => Entities::Article, :params => params
	124	+ present_partial article, with: Entities::Article, params: params, current_person: current_person
125	125	end
126	126
127	127	def present_articles_for_asset(asset, method = 'articles')
...	...	@@ -130,7 +130,7 @@ module Api
130	130	end
131	131
132	132	def present_articles(articles)
133		- present_partial paginate(articles), :with => Entities::Article, :params => params
	133	+ present_partial paginate(articles), :with => Entities::Article, :params => params, current_person: current_person
134	134	end
135	135
136	136	def find_articles(asset, method = 'articles')
...	...	@@ -407,9 +407,11 @@ module Api
407	407
408	408	def parse_content_type(content_type)
409	409	return nil if content_type.blank?
410		- content_type.split(',').map do \|content_type\|
411		- content_type.camelcase
	410	+ content_types = content_type.split(',').map do \|content_type\|
	411	+ content_type = content_type.camelcase
	412	+ content_type == 'TextArticle' ? Article.text_article_types : content_type
412	413	end
	414	+ content_types.flatten.uniq
413	415	end
414	416
415	417	def period(from_date, until_date)
...	...
1	1	module Api
2	2	module V1
3	3	class Activities < Grape::API
4		- before { authenticate! }
5	4
6	5	resource :profiles do
7	6
...	...	@@ -9,7 +8,7 @@ module Api
9	8	profile = Profile.find_by id: params[:id]
10	9
11	10	not_found! if profile.blank? \|\| profile.secret \|\| !profile.visible
12		- forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person)
	11	+ forbidden! if !profile.display_private_info_to?(current_person)
13	12
14	13	activities = profile.activities.map(&:activity)
15	14	present activities, :with => Entities::Activity, :current_person => current_person
...	...
...	...	@@ -54,6 +54,17 @@ module Api
54	54	present_partial article, :with => Entities::Article
55	55	end
56	56
	57	+ delete ':id' do
	58	+ article = environment.articles.find(params[:id])
	59	+ return forbidden! unless article.allow_delete?(current_person)
	60	+ begin
	61	+ article.destroy
	62	+ { :success => true }
	63	+ rescue Exception => exception
	64	+ render_api_error!(_('The article couldn\'t be removed due to some problem. Please contact the administrator.'), 400)
	65	+ end
	66	+ end
	67	+
57	68	desc 'Report a abuse and/or violent content in a article by id' do
58	69	detail 'Submit a abuse (in general, a content violation) report about a specific article'
59	70	params Entities::Article.documentation
...	...	@@ -262,7 +273,7 @@ module Api
262	273	article = forbidden!
263	274	end
264	275
265		- present_partial article, :with => Entities::Article
	276	+ present_partial article, :with => Entities::Article, current_person: current_person
266	277	else
267	278
268	279	present_articles_for_asset(profile)
...	...
...	...	@@ -12,7 +12,8 @@ module Api
12	12	resource :boxes do
13	13	get do
14	14	profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
15		- present profile.boxes, :with => Entities::Box
	15	+ return forbidden! unless profile.display_info_to?(current_person)
	16	+ present profile.boxes, with: Entities::Box, current_person: current_person
16	17	end
17	18	end
18	19	end
...	...	@@ -32,7 +33,7 @@ module Api
32	33	else
33	34	env = Environment.find(params[:environment_id])
34	35	end
35		- present env.boxes, :with => Entities::Box
	36	+ present env.boxes, with: Entities::Box, current_person: current_person
36	37	end
37	38	end
38	39	end
...	...
...	...	@@ -34,6 +34,7 @@ module Api
34	34	post ":id/comments" do
35	35	authenticate!
36	36	article = find_article(environment.articles, params[:id])
	37	+ return forbidden! unless article.accept_comments?
37	38	options = params.select { \|key,v\| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article)
38	39	begin
39	40	comment = Comment.create!(options)
...	...	@@ -42,6 +43,19 @@ module Api
42	43	end
43	44	present comment, :with => Entities::Comment, :current_person => current_person
44	45	end
	46	+
	47	+ delete ":id/comments/:comment_id" do
	48	+ article = find_article(environment.articles, params[:id])
	49	+ comment = article.comments.find_by_id(params[:comment_id])
	50	+ return not_found! if comment.nil?
	51	+ return forbidden! unless comment.can_be_destroyed_by?(current_person)
	52	+ begin
	53	+ comment.destroy
	54	+ present comment, with: Entities::Comment, :current_person => current_person
	55	+ rescue => e
	56	+ render_api_error!(e.message, 500)
	57	+ end
	58	+ end
45	59	end
46	60
47	61	end
...	...
...	...	@@ -22,6 +22,15 @@ module Api
22	22	not_found!
23	23	end
24	24	end
	25	+
	26	+ desc "Update profile information"
	27	+ post ':id' do
	28	+ authenticate!
	29	+ profile = environment.profiles.find_by(id: params[:id])
	30	+ return forbidden! unless current_person.has_permission?(:edit_profile, profile)
	31	+ profile.update_attributes!(params[:profile])
	32	+ present profile, :with => Entities::Profile, :current_person => current_person
	33	+ end
25	34
26	35	delete ':id' do
27	36	authenticate!
...	...
...	...	@@ -0,0 +1,169 @@
	1	+module AuthenticatedSystem
	2	+
	3	+ protected
	4	+
	5	+ extend ActiveSupport::Concern
	6	+
	7	+ included do
	8	+ if self < ActionController::Base
	9	+ around_filter :user_set_current
	10	+ before_filter :override_user
	11	+ before_filter :login_from_cookie
	12	+ end
	13	+
	14	+ # Inclusion hook to make #current_user and #logged_in?
	15	+ # available as ActionView helper methods.
	16	+ helper_method :current_user, :logged_in?
	17	+ end
	18	+
	19	+ # Returns true or false if the user is logged in.
	20	+ # Preloads @current_user with the user model if they're logged in.
	21	+ def logged_in?
	22	+ current_user != nil
	23	+ end
	24	+
	25	+ # Accesses the current user from the session.
	26	+ def current_user user_id = session[:user]
	27	+ @current_user \|\|= begin
	28	+ user = User.find_by id: user_id if user_id
	29	+ user.session = session if user
	30	+ User.current = user
	31	+ user
	32	+ end
	33	+ end
	34	+
	35	+ # Store the given user in the session.
	36	+ def current_user=(new_user)
	37	+ if new_user.nil?
	38	+ session.delete(:user)
	39	+ else
	40	+ session[:user] = new_user.id
	41	+ new_user.session = session
	42	+ new_user.register_login
	43	+ end
	44	+ @current_user = User.current = new_user
	45	+ end
	46	+
	47	+ # See impl. from http://stackoverflow.com/a/2513456/670229
	48	+ def user_set_current
	49	+ User.current = current_user
	50	+ yield
	51	+ ensure
	52	+ # to address the thread variable leak issues in Puma/Thin webserver
	53	+ User.current = nil
	54	+ end
	55	+
	56	+ # Check if the user is authorized.
	57	+ #
	58	+ # Override this method in your controllers if you want to restrict access
	59	+ # to only a few actions or if you want to check if the user
	60	+ # has the correct rights.
	61	+ #
	62	+ # Example:
	63	+ #
	64	+ # # only allow nonbobs
	65	+ # def authorize?
	66	+ # current_user.login != "bob"
	67	+ # end
	68	+ def authorized?
	69	+ true
	70	+ end
	71	+
	72	+ # Filter method to enforce a login requirement.
	73	+ #
	74	+ # To require logins for all actions, use this in your controllers:
	75	+ #
	76	+ # before_filter :login_required
	77	+ #
	78	+ # To require logins for specific actions, use this in your controllers:
	79	+ #
	80	+ # before_filter :login_required, :only => [ :edit, :update ]
	81	+ #
	82	+ # To skip this in a subclassed controller:
	83	+ #
	84	+ # skip_before_filter :login_required
	85	+ #
	86	+ def login_required
	87	+ username, passwd = get_auth_data
	88	+ if username && passwd
	89	+ self.current_user \|\|= User.authenticate(username, passwd) \|\| nil
	90	+ end
	91	+ if logged_in? && authorized?
	92	+ true
	93	+ else
	94	+ if params[:require_login_popup]
	95	+ render :json => { :require_login_popup => true }
	96	+ else
	97	+ access_denied
	98	+ end
	99	+ end
	100	+ end
	101	+
	102	+ # Redirect as appropriate when an access request fails.
	103	+ #
	104	+ # The default action is to redirect to the login screen.
	105	+ #
	106	+ # Override this method in your controllers if you want to have special
	107	+ # behavior in case the user is not authorized
	108	+ # to access the requested action. For example, a popup window might
	109	+ # simply close itself.
	110	+ def access_denied
	111	+ respond_to do \|accepts\|
	112	+ accepts.html do
	113	+ if request.xhr?
	114	+ render :text => _('Access denied'), :status => 401
	115	+ else
	116	+ store_location
	117	+ redirect_to :controller => '/account', :action => 'login'
	118	+ end
	119	+ end
	120	+ accepts.xml do
	121	+ headers["Status"] = "Unauthorized"
	122	+ headers["WWW-Authenticate"] = %(Basic realm="Web Password")
	123	+ render :text => "Could't authenticate you", :status => '401 Unauthorized'
	124	+ end
	125	+ end
	126	+ false
	127	+ end
	128	+
	129	+ # Store the URI of the current request in the session.
	130	+ #
	131	+ # We can return to this location by calling #redirect_back_or_default.
	132	+ def store_location(location = request.url)
	133	+ session[:return_to] = location
	134	+ end
	135	+
	136	+ # Redirect to the URI stored by the most recent store_location call or
	137	+ # to the passed default.
	138	+ def redirect_back_or_default(default)
	139	+ if session[:return_to]
	140	+ redirect_to(session.delete(:return_to))
	141	+ else
	142	+ redirect_to(default)
	143	+ end
	144	+ end
	145	+
	146	+ def override_user
	147	+ return if params[:override_user].blank?
	148	+ return unless logged_in? and user.is_admin? environment
	149	+ @current_user = nil
	150	+ current_user params[:override_user]
	151	+ end
	152	+
	153	+ # When called with before_filter :login_from_cookie will check for an :auth_token
	154	+ # cookie and log the user back in if apropriate
	155	+ def login_from_cookie
	156	+ return if cookies[:auth_token].blank? or logged_in?
	157	+ user = User.where(remember_token: cookies[:auth_token]).first
	158	+ self.current_user = user if user and user.remember_token?
	159	+ end
	160	+
	161	+ private
	162	+ @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
	163	+ # gets BASIC auth info
	164	+ def get_auth_data
	165	+ auth_key = @@http_auth_headers.detect { \|h\| request.env.has_key?(h) }
	166	+ auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
	167	+ return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
	168	+ end
	169	+end
...	...
...	...	@@ -13,6 +13,13 @@ class ApplicationController < ActionController::Base
13	13	before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
14	14	before_filter :redirect_to_current_user
15	15
	16	+ before_filter :set_session_theme
	17	+ def set_session_theme
	18	+ if params[:theme]
	19	+ session[:theme] = environment.theme_ids.include?(params[:theme]) ? params[:theme] : nil
	20	+ end
	21	+ end
	22	+
16	23	def require_login_for_environment
17	24	login_required
18	25	end
...	...
...	...	@@ -63,12 +63,12 @@ class ProfileThemesController < ThemesController
63	63	end
64	64
65	65	def start_test
66		- session[:theme] = params[:id]
	66	+ session[:user_theme] = params[:id]
67	67	redirect_to :controller => 'content_viewer', :profile => profile.identifier, :action => 'view_page'
68	68	end
69	69
70	70	def stop_test
71		- session[:theme] = nil
	71	+ session[:user_theme] = nil
72	72	redirect_to :action => 'index'
73	73	end
74	74
...	...