Merge branch 'master' into staging

Ábner Oliveira
2 parents c22f58b9 8c9632f9
Showing 60 changed files with 486 additions and 130 deletions Show diff stats
app/api/entities.rb
app/api/helpers.rb
app/api/v1/activities.rb
app/api/v1/articles.rb
app/api/v1/profiles.rb
app/concerns/authenticated_system.rb
app/helpers/application_helper.rb
app/helpers/custom_fields_helper.rb
app/helpers/url_helper.rb
app/models/article.rb
app/models/comment_handler.rb
app/models/organization.rb
app/models/profile.rb
app/models/user.rb
app/views/blocks/profile_info.html.erb
app/views/features/custom_fields/_form.html.erb
config/initializers/00_dependencies.rb
config/initializers/active_record_extensions.rb
lib/noosfero/plugin.rb
plugins/analytics/lib/analytics_plugin/base.rb
@@ -121,6 +121,10 @@ module Api
       expose :type
       expose :custom_header
       expose :custom_footer
+      expose :permissions do |profile, options|
+        Entities.permissions_for_entity(profile, options[:current_person],
+        :allow_post_content?, :allow_edit?, :allow_destroy?)
+      end
     end
     class UserBasic < Entity
@@ -202,12 +206,21 @@ module Api
       expose :accept_comments?, as: :accept_comments
     end
+    def self.permissions_for_entity(entity, current_person, *method_names)
+      method_names.map { |method| entity.send(method, current_person) ? method.to_s.gsub(/\?/,'') : nil }.compact
+    end
+
     class Article < ArticleBase
       root 'articles', 'article'
       expose :parent, :using => ArticleBase
       expose :children, :using => ArticleBase do |article, options|
         article.children.published.limit(V1::Articles::MAX_PER_PAGE)
       end
+      expose :permissions do |article, options|
+        Entities.permissions_for_entity(article, options[:current_person],
+          :allow_edit?, :allow_post_content?, :allow_delete?, :allow_create?,
+          :allow_publish_content?)
+      end
     end
     class User < Entity
@@ -132,7 +132,7 @@ module Api
     def present_article(asset)
       article = find_article(asset.articles, params[:id])
-      present_partial article, :with => Entities::Article, :params => params
+      present_partial article, with: Entities::Article, params: params, current_person: current_person
     end
     def present_articles_for_asset(asset, method = 'articles')
@@ -141,7 +141,7 @@ module Api
     end
     def present_articles(articles)
-      present_partial paginate(articles), :with => Entities::Article, :params => params
+      present_partial paginate(articles), :with => Entities::Article, :params => params, current_person: current_person
     end
     def find_articles(asset, method = 'articles')
 module Api
   module V1
     class Activities < Grape::API
-      before { authenticate! }
       resource :profiles do
@@ -9,7 +8,7 @@ module Api
           profile = Profile.find_by id: params[:id]
           not_found! if profile.blank? || profile.secret || !profile.visible
-          forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person)
+          forbidden! if !profile.display_private_info_to?(current_person)
           activities = profile.activities.map(&:activity)
           present activities, :with => Entities::Activity, :current_person => current_person
@@ -288,7 +288,7 @@ module Api
                     article = forbidden!
                   end
-                  present_partial article, :with => Entities::Article
+                  present_partial article, :with => Entities::Article, current_person: current_person
                 else
                   present_articles_for_asset(profile)
@@ -27,7 +27,7 @@ module Api
         post ':id' do
           authenticate!
           profile = environment.profiles.find_by(id: params[:id])
-          return forbidden! unless current_person.has_permission?(:edit_profile, profile)
+          return forbidden! unless profile.allow_edit?(current_person)
           profile.update_attributes!(params[:profile])
           present profile, :with => Entities::Profile, :current_person => current_person
         end
@@ -39,7 +39,7 @@ module Api
           not_found! if profile.blank?
-          if current_person.has_permission?(:destroy_profile, profile)
+          if profile.allow_destroy?(current_person)
             profile.destroy
           else
             forbidden!
@@ -2,15 +2,18 @@ module AuthenticatedSystem
   protected
-    def self.included base
-      if base < ActionController::Base
-        base.around_filter :user_set_current
-        base.before_filter :login_from_cookie
+    extend ActiveSupport::Concern
+
+    included do
+      if self < ActionController::Base
+        around_filter :user_set_current
+        before_filter :override_user
+        before_filter :login_from_cookie
       end
       # Inclusion hook to make #current_user and #logged_in?
       # available as ActionView helper methods.
-      base.helper_method :current_user, :logged_in?
+      helper_method :current_user, :logged_in?
     end
     # Returns true or false if the user is logged in.
@@ -20,10 +23,9 @@ module AuthenticatedSystem
     end
     # Accesses the current user from the session.
-    def current_user
+    def current_user user_id = session[:user]
       @current_user ||= begin
-        id = session[:user]
-        user = User.where(id: id).first if id
+        user = User.find_by id: user_id if user_id
         user.session = session if user
         User.current = user
         user
@@ -141,6 +143,13 @@ module AuthenticatedSystem
       end
     end
+    def override_user
+      return if params[:override_user].blank?
+      return unless logged_in? and user.is_admin? environment
+      @current_user = nil
+      current_user params[:override_user]
+    end
+
     # When called with before_filter :login_from_cookie will check for an :auth_token
     # cookie and log the user back in if apropriate
     def login_from_cookie
@@ -725,11 +725,11 @@ module ApplicationHelper
   def display_short_format(article, options={})
     options[:comments_link] ||= true
     options[:read_more_link] ||= true
+    lead_links = (options[:comments_link] ? link_to_comments(article) : '') + (options[:read_more_link] ? reference_to_article( _('Read more'), article) : '')
     html = content_tag('div',
              article.lead +
              content_tag('div',
-               (options[:comments_link] ? link_to_comments(article) : '') +
-               (options[:read_more_link] ? reference_to_article( _('Read more'), article) : ''),
+               lead_links.html_safe,
                :class => 'read-more'
              ),
              :class => 'short-post'
@@ -1132,7 +1132,7 @@ module ApplicationHelper
     content_tag(:div, :class => 'errorExplanation', :id => 'errorExplanation') do
       content_tag(:h2, _('Errors while saving')) +
       content_tag(:ul) do
-        safe_join(errors.map { |err| content_tag(:li, err) })
+        safe_join(errors.map { |err| content_tag(:li, err.html_safe) })
       end
     end
   end
@@ -61,6 +61,6 @@ module CustomFieldsHelper
   def form_for_format(customized_type, format)
     field = CustomField.new(:format => format, :customized_type => customized_type, :environment => environment)
-    CGI::escapeHTML((render(:partial => 'features/custom_fields/form', :locals => {:field => field})))
+    CGI::escapeHTML((render(:partial => 'features/custom_fields/form', :locals => {:field => field}))).html_safe
   end
 end
@@ -4,4 +4,12 @@ module UrlHelper
     'javascript:history.back()'
   end
+  def default_url_options
+    options = {}
+
+    options[:override_user] = params[:override_user] if params[:override_user].present?
+
+    options
+  end
+
 end
@@ -567,7 +567,7 @@ class Article &lt; ApplicationRecord
   def allow_post_content?(user = nil)
     return true if allow_edit_topic?(user)
-    user && (user.has_permission?('post_content', profile) || allow_publish_content?(user) && (user == author))
+    user && (profile.allow_post_content?(user) || allow_publish_content?(user) && (user == author))
   end
   def allow_publish_content?(user = nil)
-class CommentHandler < Struct.new(:comment_id, :method)
+class CommentHandler < Struct.new(:comment_id, :method, :locale)
+  def initialize(*args)
+    super
+    self.locale ||= FastGettext.locale
+  end
   def perform
+    saved_locale = FastGettext.locale
+    FastGettext.locale = locale
+
     comment = Comment.find(comment_id)
     comment.send(method)
+    FastGettext.locale = saved_locale
   rescue ActiveRecord::RecordNotFound
     # just ignore non-existing comments
   end
@@ -238,4 +238,7 @@ class Organization &lt; Profile
     self.admins.where(:id => user.id).exists?
   end
+  def display_private_info_to?(user)
+    (public_profile && visible && !secret) || super
+  end
 end
@@ -1189,4 +1189,15 @@ private :generate_url, :url_options
     false
   end
+  def allow_post_content?(person = nil)
+    person.kind_of?(Profile) && person.has_permission?('post_content', self)
+  end
+
+  def allow_edit?(person = nil)
+    person.kind_of?(Profile) && person.has_permission?('edit_profile', self)
+  end
+
+  def allow_destroy?(person = nil)
+    person.kind_of?(Profile) && person.has_permission?('destroy_profile', self)
+  end
 end
 require 'digest/sha1'
-require 'user_activation_job'
 require 'securerandom'
 # User models the system users, and is generated by the acts_as_authenticated
@@ -30,7 +30,7 @@
   [ [ profile.city, 'locality' ],
     [ profile.state, 'region' ],
     [ profile.country_name, 'country-name' ]
-  ].map{ |s,c| s =~ /^\s*$/ ? nil : content_tag( 'span', s, :class => c ) }.compact.join ' - '
+  ].map{ |s,c| s =~ /^\s*$/ ? nil : content_tag( 'span', s, :class => c ) }.compact.safe_join ' - '
 %>
 </div>
 <% end %>
@@ -29,7 +29,7 @@
           </tr>
         </thead>
         <tfoot>
-          <tr><td colspan=3><%= button(:add, _('Add option'), 'javascript: void()', :id => "btn_opt_#{id}", :onclick => "add_content('##{id} .custom-field-extras', $('#btn_opt_#{id}').attr('value'), 'EXTRAS_ID');", :value => "#{render_extras_field(id)}") %></td></tr>
+          <tr><td colspan=3><%= button(:add, _('Add option'), 'javascript: void()', :id => "btn_opt_#{id}", :onclick => "add_content('##{id} .custom-field-extras', $('#btn_opt_#{id}').attr('value'), 'EXTRAS_ID');", :value => "#{render_extras_field(id)}".html_safe) %></td></tr>
         </tfoot>
         <tbody class="custom-field-extras">
           <% if !field.extras.blank?%>
@@ -25,7 +25,6 @@ require &#39;acts_as_customizable&#39;
 require 'route_if'
 require 'maybe_add_http'
 require 'set_profile_region_from_city_state'
-require 'authenticated_system'
 require 'needs_profile'
 require 'white_list_filter'
@@ -2,8 +2,6 @@ require &#39;upload_sanitizer&#39;
 module ActiveRecordExtension
-  extend ActiveSupport::Concern
-
   module ClassMethods
     def reflect_on_association(name)
       reflection = super
@@ -13,6 +13,10 @@ class Noosfero::Plugin
     context.environment if self.context
   end
+  def profile
+    context.send :profile if self.context
+  end
+
   class << self
     include Noosfero::Plugin::ParentMethods
@@ -42,7 +42,7 @@ class AnalyticsPlugin::Base &lt; Noosfero::Plugin
     {
       title: I18n.t('analytics_plugin.lib.plugin.panel_button'),
       icon: 'analytics-access',
-      url: {controller: 'analytics_plugin/stats', action: :index}
+      url: {controller: 'analytics_plugin/stats', profile: profile.identifier, action: :index}
     }
   end
@@ -13,7 +13,7 @@ class CustomFormsPlugin &lt; Noosfero::Plugin
   end
   def control_panel_buttons
-    {:title => _('Manage Forms'), :icon => 'custom-forms', :url => {:controller => 'custom_forms_plugin_myprofile'}}
+    {title: _('Manage Forms'), icon: 'custom-forms', url: {profile: profile.identifier, controller: 'custom_forms_plugin_myprofile'}}
   end
 end
@@ -656,6 +656,23 @@ class DisplayContentBlockViewTest &lt; ActionView::TestCase
     assert_match /#{a.published_at}/, render_block_content(block)
   end
+  should 'show image if defined by user' do
+    profile = create_user('testuser').person
+    a = create(TinyMceArticle, :name => 'test article 1', :profile_id => profile.id, :image_builder => { :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png')})
+    a.save!
+
+    process_delayed_job_queue
+
+    block = DisplayContentBlock.new
+    block.nodes = [a.id]
+    block.sections = [{:value => 'image', :checked => true}]
+    box = mock()
+    block.stubs(:box).returns(box)
+    box.stubs(:owner).returns(profile)
+
+    assert_tag_in_string render_block_content(block), :tag => 'div', :attributes => {:class => 'image'}
+  end
+
   should 'show articles in recent order' do
     profile = create_user('testuser').person
     Article.delete_all
@@ -13,7 +13,7 @@
     div class='body'
       = (item.body || '').html_safe
   - when 'image'
-    - unless item.image || item.image.public_filename
+    - if item.image && item.image.public_filename
       div class='image'
         = link_to(image_tag(item.image.public_filename), item.url)
   - when 'tags'
@@ -37,20 +37,17 @@ class OrganizationRatingsPluginProfileController &lt; ProfileController
   end
   def create_new_rate
-    rating = OrganizationRating.new(params[:organization_rating])
-    rating.person = current_user.person
-    rating.organization = profile
-    rating.value = params[:organization_rating_value] if params[:organization_rating_value]
+    @rating = OrganizationRating.new(params[:organization_rating])
+    @rating.person = current_user.person
+    @rating.organization = profile
+    @rating.value = params[:organization_rating_value] if params[:organization_rating_value]
-    if rating.save
-      @plugins.dispatch(:organization_ratings_plugin_rating_created, rating, params)
-      create_rating_comment(rating)
+    if @rating.save
+      @plugins.dispatch(:organization_ratings_plugin_rating_created, @rating, params)
+      create_rating_comment(@rating)
       session[:notice] = _("%s successfully rated!") % profile.name
-    else
-      session[:notice] = _("Sorry, there were problems rating this profile.")
+      redirect_to profile.url
     end
-
-    redirect_to profile.url
   end
   def create_rating_comment(rating)
@@ -19,7 +19,7 @@ Feature: rate_community
     And I am logged in as "joaosilva"
   @selenium
-  Scenario: display rate button inside average block
+  Scenario: display rate button and total ratings inside average block
     Given I am on mycommunity's homepage
     Then I should see "Rate this Community" within ".average-rating-block"
     And I should see "Be the first to rate" within ".average-rating-block"
@@ -34,3 +34,9 @@ Feature: rate_community
     When I follow "Rate this Community"
     Then I should see "Joao Silva" within ".star-profile-name"
     And I should see Joao Silva's profile image
+
+  Scenario: display total ratings inside average block
+    Given I am on mycommunity's homepage
+    When I follow "Rate this Community"
+    Then I follow "Save"
+    Then I should see "(1)" within ".total-ratings"
@@ -13,25 +13,26 @@ class OrganizationRating &lt; ApplicationRecord
   validates :organization_id, :person_id,
             :presence => true
-  def display_moderation_message person
-    if person.present?
-      task_active? && (person.is_admin? || person == self.person ||
+  def display_full_info_to? person
+      (person.is_admin? || person == self.person ||
       self.organization.is_admin?(person))
-    end
   end
-  def task_active?
-    tasks = CreateOrganizationRatingComment.where(:target_id => self.organization.id,
-                                                  :status => Task::Status::ACTIVE)
-    tasks.detect {|t| t.organization_rating_id == self.id}.present?
+  def task_status
+    tasks = CreateOrganizationRatingComment.where(:target_id => self.organization.id, :requestor_id => self.person.id)
+    task = tasks.detect{ |t| t.organization_rating_id == self.id }
+    task.status if task.present?
   end
-  def self.average_rating organization_id
-    average = OrganizationRating.where(organization_id: organization_id).average(:value)
+  def self.statistics_for_profile organization
+    ratings = OrganizationRating.where(organization_id: organization)
+    average = ratings.average(:value)
+    total = ratings.size
     if average
-      (average - average.truncate) >= 0.5 ? average.ceil : average.floor
+      average = (average - average.truncate) >= 0.5 ? average.ceil : average.floor
     end
+    { average: average, total: total }
   end
 end
@@ -12,4 +12,14 @@ module RatingsHelper
       ratings = OrganizationRating.where(organization_id: profile_id).order("created_at DESC")
     end
   end
-end
 \ No newline at end of file
+
+  def status_message_for(person, rating)
+    if person.present? && rating.display_full_info_to?(person)
+      if(rating.task_status == Task::Status::ACTIVE)
+        content_tag(:p, _("Report waiting for approval"), class: "moderation-msg")
+      elsif(rating.task_status == Task::Status::CANCELLED)
+        content_tag(:p, _("Report rejected"), class: "rejected-msg")
+      end
+    end
+  end
+end
 .star-container {
   width: 100%;
-  height: 20px;
+  height: 22px;
 }
 .star-negative, .star-positive {
@@ -80,7 +80,16 @@
 .organization-average-rating-container .star-container {
   float: left;
-  width: 120px;
+  display: inline-flex;
+  width: auto;
+  max-width: 190px;
+
+}
+
+.total-ratings {
+  font-size: 16px;
+  margin-left: 5px;
+  margin-right: 5px;
 }
 .organization-average-rating-container .rate-this-organization {
@@ -46,7 +46,7 @@ class OrganizationRatingsPluginProfileControllerTest &lt; ActionController::TestCas
   test "do not create community_rating without a rate value" do
     post :new_rating, profile: @community.identifier, :comments => {:body => ""}, :organization_rating_value => nil
-    assert_equal "Sorry, there were problems rating this profile.", session[:notice]
+    assert_tag :tag => 'div', :attributes => {:class => /errorExplanation/}, :content => /Value can't be blank/
   end
   test "do not create two ratings on Community when vote once config is true" do
@@ -188,4 +188,24 @@ class OrganizationRatingsPluginProfileControllerTest &lt; ActionController::TestCas
     assert_no_tag :tag => 'p', :content => /Report waiting for approva/, :attributes => {:class =>/comment-rejected-msg/}
     assert_tag :tag => 'p', :content => /comment accepted/, :attributes => {:class =>/comment-body/}
   end
+
+  test "should display ratings count in average block" do
+    average_block = AverageRatingBlock.new
+    average_block.box = @community.boxes.find_by_position(1)
+    average_block.save!
+
+    OrganizationRating.stubs(:statistics_for_profile).returns({:average => 5, :total => 42})
+    get :new_rating, profile: @community.identifier
+    assert_tag :tag => 'a', :content => /\(42\)/
+  end
+
+  test "should display maximum ratings count in average block" do
+    average_block = AverageRatingBlock.new
+    average_block.box = @community.boxes.find_by_position(1)
+    average_block.save!
+
+    OrganizationRating.stubs(:statistics_for_profile).returns({:average => 5, :total => 999000})
+    get :new_rating, profile: @community.identifier
+    assert_tag :tag => 'a', :content => /\(10000\+\)/
+  end
 end
@@ -35,55 +35,36 @@ class OrganizationRatingTest &lt; ActiveSupport::TestCase
     assert_equal false, organization_rating2.errors[:value].include?("must be between 1 and 5")
   end
-  test "false return when no active tasks for an Organization Rating" do
-    assert_not @rating.task_active?
-  end
-
-  test "true return when an active task exists for an Organization Rating" do
+  test "return rating task status" do
     CreateOrganizationRatingComment.create!(
                       :organization_rating_id => @rating.id,
                       :target => @community,
                       :requestor => @person)
-    assert_equal Task::Status::ACTIVE, CreateOrganizationRatingComment.last.status
-    assert @rating.task_active?
+    assert_equal Task::Status::ACTIVE, @rating.task_status
   end
-  test "return false when an cancelled task exists for an Organization Rating" do
+  test "return rating task status when task is cancelled" do
     CreateOrganizationRatingComment.create!(
                       :organization_rating_id => @rating.id,
                       :target => @community,
                       :requestor => @person)
     CreateOrganizationRatingComment.last.cancel
-    assert_not @rating.task_active?
+    assert_equal Task::Status::CANCELLED, @rating.task_status
   end
-  test "display report moderation message to community admin" do
-    moderator = create_user('moderator')
-    @community.add_admin(moderator.person)
-    @rating.stubs(:task_active?).returns(true)
-    assert @rating.display_moderation_message(@adminuser)
+  test "should display full info to admin" do
+    @person.stubs(:is_admin?).returns(true)
+    assert @rating.display_full_info_to?(@person)
   end
-  test "display report moderation message to owner" do
-    @rating.stubs(:task_active?).returns(true)
-    assert @rating.display_moderation_message(@person)
+  test "should display full info to owner" do
+    assert @rating.display_full_info_to?(@person)
   end
-  test "do not display report moderation message to regular user" do
+  test "should not display full info to regular user" do
     regular_person = fast_create(Person)
-    @rating.stubs(:task_active?).returns(true)
-    assert_not @rating.display_moderation_message(regular_person)
-  end
-
-  test "do not display report moderation message to not logged user" do
-    @rating.stubs(:task_active?).returns(true)
-    assert_not @rating.display_moderation_message(nil)
-  end
-
-  test "do not display report moderation message no active task exists" do
-    @rating.stubs(:task_active?).returns(false)
-    assert_not @rating.display_moderation_message(@person)
+    assert_not @rating.display_full_info_to?(regular_person)
   end
   test "Create task for create a rating comment" do
@@ -109,7 +90,7 @@ class OrganizationRatingTest &lt; ActiveSupport::TestCase
     assert community.tasks.include?(create_organization_rating_comment)
   end
-  test "Should calculate community's rating average" do
+  test "Should calculate community's rating statistics" do
     community = fast_create Community
     p1 = fast_create Person, :name=>"Person 1"
     p2 = fast_create Person, :name=>"Person 2"
@@ -119,11 +100,13 @@ class OrganizationRatingTest &lt; ActiveSupport::TestCase
     OrganizationRating.create! :value => 3, :organization => community, :person => p2
     OrganizationRating.create! :value => 5, :organization => community, :person => p3
-    assert_equal 3, OrganizationRating.average_rating(community)
+    assert_equal 3, OrganizationRating.statistics_for_profile(community)[:average]
+    assert_equal 3, OrganizationRating.statistics_for_profile(community)[:total]
     p4 = fast_create Person, :name=>"Person 4"
     OrganizationRating.create! :value => 4, :organization => community, :person => p4
-    assert_equal 4, OrganizationRating.average_rating(community)
+    assert_equal 4, OrganizationRating.statistics_for_profile(community)[:average]
+    assert_equal 4, OrganizationRating.statistics_for_profile(community)[:total]
   end
 end
@@ -3,6 +3,7 @@ require &#39;ratings_helper&#39;
 class RatingsHelperTest < ActiveSupport::TestCase
   include RatingsHelper
+  include ActionView::Helpers::TagHelper
   def setup
@@ -12,6 +13,12 @@ class RatingsHelperTest &lt; ActiveSupport::TestCase
     @person = create_user('testuser').person
     @community = Community.create(:name => "TestCommunity")
     @organization_ratings_config = OrganizationRatingsConfig.instance
+    @rating = fast_create(OrganizationRating, {:value => 1,
+                                               :person_id => @person.id,
+                                               :organization_id => @community.id,
+                                               :created_at => DateTime.now,
+                                               :updated_at => DateTime.now,
+                                              })
   end
   should "get the ratings of a community ordered by most recent ratings" do
@@ -32,6 +39,7 @@ class RatingsHelperTest &lt; ActiveSupport::TestCase
     ratings_array << most_recent_rating
     ratings_array << first_rating
+    ratings_array << @rating
     assert_equal @organization_ratings_config.order, "recent"
     assert_equal ratings_array, get_ratings(@community.id)
@@ -57,7 +65,42 @@ class RatingsHelperTest &lt; ActiveSupport::TestCase
     ratings_array << second_rating
     ratings_array << first_rating
+    ratings_array << @rating
     assert_equal ratings_array, get_ratings(@community.id)
   end
+
+  test "display report moderation message to community admin" do
+    @moderator = create_user('moderator').person
+    @community.add_admin(@moderator)
+    @rating.stubs(:task_status).returns(Task::Status::ACTIVE)
+    assert status_message_for(@moderator, @rating).include?("Report waiting for approval")
+  end
+
+  test "display report moderation message to owner" do
+    @rating.stubs(:task_status).returns(Task::Status::ACTIVE)
+    assert status_message_for(@person, @rating).include?("Report waiting for approval")
+  end
+
+  test "display report rejected message to owner" do
+    @rating.stubs(:task_status).returns(Task::Status::CANCELLED)
+    assert status_message_for(@person, @rating).include?("Report rejected")
+  end
+
+  test "do not display report moderation message to regular user" do
+    @regular_person = fast_create(Person)
+    @rating.stubs(:task_status).returns(Task::Status::ACTIVE)
+    assert_nil status_message_for(@regular_person, @rating)
+  end
+
+  test "return empty status message to not logged user" do
+    @rating.stubs(:task_status).returns(Task::Status::ACTIVE)
+    assert_nil status_message_for(nil, @rating)
+  end
+
+  test "do not display status message if report task is finished" do
+    @rating.stubs(:task_status).returns(Task::Status::FINISHED)
+    assert_nil status_message_for(@person, @rating)
+  end
+
 end
-<% average_rating = OrganizationRating.average_rating block.owner.id %>
+<% statistics = OrganizationRating.statistics_for_profile block.owner %>
 <div class="organization-average-rating-container">
-  <% if average_rating %>
+  <% if statistics[:average] %>
     <div class="star-rate-text">
       <%= _("Rating: ") %>
     </div>
     <div class="star-container">
       <% (1..5).each do |star_number| %>
-        <% if star_number <= average_rating %>
+        <% if star_number <= statistics[:average] %>
           <div class="medium-star-positive"></div>
         <% else %>
           <div class="medium-star-negative"></div>
         <% end %>
       <% end %>
+      <div class="total-ratings">
+        <%= link_to url_for(:controller => 'organization_ratings_plugin_profile', :action => 'new_rating', :anchor => 'ratings-list') do %>
+          <% if(statistics[:total] > 10000) %>
+            <%= "(10000+)" %>
+          <% else %>
+            <%= "(#{statistics[:total]})" %>
+          <% end %>
+        <% end %>
+      </div>
     </div>
   <% else %>
     <div class="rating-invitation">
@@ -24,4 +33,4 @@
   <div class="rate-this-organization">
     <%= link_to _("Rate this %s") % _(block.owner.class.name), url_for(:controller => "organization_ratings_plugin_profile", :action => "new_rating", :profile => block.owner.identifier) %>
   </div>
-</div>
 \ No newline at end of file
+</div>
@@ -14,7 +14,7 @@
       <%= render :partial => 'shared/make_report_block' %>
       <div class="see-more">
-        <%= link_to _('See more'), url_for(:controller => 'organization_ratings_plugin_profile', :action => 'new_rating'), :class => 'icon-arrow-right-p' %>
+        <%= link_to _('See more'), url_for(:controller => 'organization_ratings_plugin_profile', :action => 'new_rating', :anchor => 'ratings-list'), :class => 'icon-arrow-right-p' %>
       </div>
     </div>
   <% end %>
 <% min_rate = env_organization_ratings_config.minimum_ratings %>
 <% default_rating = env_organization_ratings_config.default_rating %>
-<div class="star-page-title">
-  <%= @plugins.dispatch(:organization_ratings_title).collect { |content| instance_exec(&content) }.join("") %>
-</div>
-
 <div class="star-rate-data">
   <div class="star-profile-information">
+<%= error_messages_for 'rating' %>
+
 <% config = env_organization_ratings_config %>
+<div class="star-page-title">
+  <%= @plugins.dispatch(:organization_ratings_title).collect { |content| instance_exec(&content) }.join("") %>
+</div>
 <% if logged_in? %>
   <%= render :partial => "new_rating_fields" %>
 <% else %>
@@ -7,7 +12,7 @@
   </div>
 <% end %>
-<div class="ratings-list">
+<div class="ratings-list" id="ratings-list">
   <% @users_ratings.each do |user_rate| %>
     <%= render :partial => "shared/user_rating_container", :locals => {:user_rate => user_rate} %>
   <% end %>
@@ -15,4 +20,4 @@
 <div id='pagination-profiles'>
   <%= pagination_links @users_ratings, :param_name => 'npage' %>
-</div>
 \ No newline at end of file
+</div>
 <% logged_in_image = link_to profile_image(current_user.person, :portrait), current_user.person.url if current_user %>
 <% logged_in_name = link_to current_user.person.name,  current_user.person.url if current_user %>
-<% logged_out_image = image_tag('plugins/organization_ratings/public/images/user-not-logged.png') %>
+<% logged_out_image = image_tag('plugins/organization_ratings/images/user-not-logged.png') %>
 <div class="make-report-block">
   <div class="star-profile-information">
+<% extend RatingsHelper %>
 <div class="user-rating-block">
   <div class="star-profile-information">
     <div class="star-profile-image">
@@ -25,9 +26,7 @@
     </div>
     <div class="user-testimony">
-      <% if user_rate.display_moderation_message(user) %>
-        <p class="moderation-msg"><%= _("Report waiting for approval") %></p>
-      <% end %>
+      <%= status_message_for(user, user_rate) %>
       <% if user_rate.comment.present? %>
         <p class="comment-body"> <%= user_rate.comment.body %> </p>
       <% end %>
@@ -0,0 +1,18 @@
+Feature: person tags
+
+Background:
+  Given the following users
+    | login   |
+    | joao    |
+  And I am logged in as "joao"
+  And "PersonTags" plugin is enabled
+
+Scenario: add tags to person
+  Given I am on joao's control panel
+  And I follow "Edit Profile"
+  When I fill in "profile_data_interest_list" with "linux,debian"
+  And I press "Save"
+  And I go to joao's control panel
+  And I follow "Edit Profile"
+  Then the "profile_data_interest_list" field should contain "linux"
+  And the "profile_data_interest_list" field should contain "debian"
@@ -0,0 +1,8 @@
+require_dependency 'person'
+
+class Person
+  attr_accessible :interest_list
+
+  acts_as_taggable_on :interests
+  N_('Fields of interest')
+end
@@ -0,0 +1,22 @@
+class PersonTagsPlugin < Noosfero::Plugin
+
+  include ActionView::Helpers::TagHelper
+  include ActionView::Helpers::FormTagHelper
+  include FormsHelper
+
+  def self.plugin_name
+    "PersonTagsPlugin"
+  end
+
+  def self.plugin_description
+    _("People can define tags that describe their interests.")
+  end
+
+  def profile_editor_extras
+    expanded_template('profile-editor-extras.html.erb').html_safe
+  end
+
+  def self.api_mount_points
+    [PersonTagsPlugin::API]
+  end
+end
@@ -0,0 +1,9 @@
+class PersonTagsPlugin::API < Grape::API
+  resource :people do
+    get ':id/tags' do
+      person = environment.people.visible.find_by(id: params[:id])
+      return not_found! if person.blank?
+      present person.interest_list
+    end
+  end
+end
@@ -0,0 +1 @@
+require_relative '../../../test/test_helper'
@@ -0,0 +1,27 @@
+require_relative '../test_helper'
+require_relative '../../../../test/api/test_helper'
+
+class APITest <  ActiveSupport::TestCase
+
+  def setup
+    create_and_activate_user
+    environment.enable_plugin(PersonTagsPlugin)
+  end
+
+  should 'return tags for a person' do
+    person = create_user('person').person
+    person.interest_list.add('linux')
+    person.save!
+    person.reload
+    get "/api/v1/people/#{person.id}/tags?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal ['linux'], json
+  end
+
+  should 'return empty list if person has no tags' do
+    person = create_user('person').person
+    get "/api/v1/people/#{person.id}/tags?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [], json
+  end
+end
@@ -0,0 +1,16 @@
+require 'test_helper'
+
+class PersonTagsPluginTest < ActiveSupport::TestCase
+
+  def setup
+    @environment = Environment.default
+    @environment.enable_plugin(PersonTagsPlugin)
+  end
+
+  should 'have interests' do
+    person = create_user('person').person
+    assert_equal [], person.interests
+    person.interest_list.add('linux')
+    assert_equal ['linux'], person.interest_list
+  end
+end
@@ -0,0 +1,8 @@
+<h2><%= _('Select your fields of interest') %></h2>
+<%= text_field_tag('profile_data[interest_list]', context.profile.interest_list.join(','), size: 64) %>
+<br />
+<%= content_tag( 'small', _('Separate tags with commas') ) %>
+
+<script>
+  jQuery('#profile_data_interest_list').inputosaurus();
+</script>
@@ -38,7 +38,7 @@ class RequireAuthToCommentPlugin &lt; Noosfero::Plugin
   end
   def body_beginning
-    "<meta name='profile.allow_unauthenticated_comments'/>" if allowed_by_profile
+    tag :meta, name: 'profile.allow_unauthenticated_comments' if allowed_by_profile
   end
   protected
@@ -5,8 +5,8 @@ li.dropdown
     = image_tag user.profile_custom_icon(gravatar_default), class: 'menu-user-gravatar'
     = content_tag :strong, user.identifier
     - if pending_tasks_count
-      span class='badge' onclick="document.location='#{url_for(user.tasks_url)}'" title="#{_("Manage your pending tasks")}"
-        count
+      span class='badge' onclick="document.location='#{url_for user.tasks_url}'" title="#{_("Manage your pending tasks")}"
+        = pending_tasks_count
   ul class='dropdown-menu' role='menu'
     li
@@ -36,7 +36,7 @@
     <%=
       @plugins.dispatch(:body_beginning).map do |content|
         if content.respond_to?(:call) then instance_exec(&content).to_s.html_safe else content.to_s.html_safe end
-      end.join("\n")
+      end.safe_join
     %>
     <div id="global-header">
       <%= global_header %>
@@ -20,7 +20,7 @@ class SubOrganizationsPlugin &lt; Noosfero::Plugin
   def control_panel_buttons
     if context.profile.organization? && Organization.parents(context.profile).blank?
-      { :title => _('Manage sub-groups'), :icon => 'groups', :url => {:controller => 'sub_organizations_plugin_myprofile'} }
+      { title: _('Manage sub-groups'), icon: 'groups', url: {profile: profile.identifier, controller: :sub_organizations_plugin_myprofile} }
     end
   end
@@ -2042,16 +2042,6 @@ table.cms-articles .article-name {
   font-weight: bold;
 }
-#theme-footer #language-chooser {
-  text-align: left;
-}
-
-/* armengue */
-/* didn't find why .no-boxes has bigger width than its parent */
-.no-boxes {
-  width: 96%;
-}
-
 @media screen and (min-width:1200px) {
   #top-bar a.icon-help {
     font-size: 0;
@@ -27,8 +27,8 @@ class ActivitiesTest &lt; ActiveSupport::TestCase
     assert_equal 403, last_response.status
   end
-  should 'not get community activities if not member' do
-    community = fast_create(Community)
+  should 'not get community activities if not member and community is private' do
+    community = fast_create(Community, public_profile: false)
     other_person = fast_create(Person)
     community.add_member(other_person) # so there is an activity in community
@@ -68,6 +68,15 @@ class ActivitiesTest &lt; ActiveSupport::TestCase
     assert_equivalent other_person.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]}
   end
+  should 'get activities for non logged user in a public community' do
+    community = fast_create(Community)
+    create_activity(community)
+    community.add_member(person)
+    get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent community.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]}
+  end
+
   def create_activity(target)
     activity = ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => target
     ProfileActivity.create! profile_id: target.id, activity: activity
@@ -810,4 +810,12 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     assert_equal json["articles"].map { |a| a["id"] }, [article2.id]
   end
+  should 'list article permissions when get an article' do
+    community = fast_create(Community)
+    give_permission(person, 'post_content', community)
+    article = fast_create(Article, :profile_id => community.id)
+    get "/api/v1/articles/#{article.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_includes json["article"]["permissions"], 'allow_post_content'
+  end
 end
@@ -191,4 +191,13 @@ class ProfilesTest &lt; ActiveSupport::TestCase
     post "/api/v1/profiles/#{profile.id}?#{params.to_query}"
     assert_equal 403, last_response.status
   end
+
+  should 'list profile permissions when get an article' do
+    login_api
+    profile = fast_create(Profile)
+    give_permission(person, 'post_content', profile)
+    get "/api/v1/profiles/#{profile.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_includes json["permissions"], 'allow_post_content'
+  end
 end
@@ -506,6 +506,21 @@ class ApplicationControllerTest &lt; ActionController::TestCase
     assert_redirected_to :controller => 'account', :action => 'login'
   end
+  should 'override user when current is an admin' do
+    user        = create_user
+    other_user  = create_user
+    environment = Environment.default
+    login_as user.login
+    @controller.stubs(:environment).returns(environment)
+
+    get :index, override_user: other_user.id
+    assert_equal user, assigns(:current_user)
+
+    environment.add_admin user.person
+    get :index, override_user: other_user.id
+    assert_equal other_user, assigns(:current_user)
+  end
+
   should 'do not allow member not included in whitelist to access an restricted environment' do
     user = create_user
     e = Environment.default
@@ -175,4 +175,15 @@ class SafeStringsTest &lt; ActionDispatch::IntegrationTest
     assert_select '.icon-selector .icon-edit'
   end
+  should 'not escape read more link to article on display short format' do
+    profile = fast_create Profile
+    blog = fast_create Blog, :name => 'Blog', :profile_id => profile.id
+    fast_create(TinyMceArticle, :name => "Post Test", :profile_id => profile.id, :parent_id => blog.id, :accept_comments => false, :body => '<p>Lorem ipsum dolor sit amet</p>')
+    blog.update_attribute(:visualization_format, 'short')
+
+    get "/#{profile.identifier}/blog"
+    assert_tag :tag => 'div', :attributes => {:class => 'read-more'}, :child => {:tag => 'a', :content => 'Read more'}
+  end
+
+
 end
@@ -8,7 +8,7 @@ require &#39;rails/test_help&#39;
 require 'mocha'
 require 'mocha/mini_test'
-
+require "minitest/spec"
 require "minitest/reporters"
 Minitest::Reporters.use! Minitest::Reporters::ProgressReporter.new, ENV, Minitest.backtrace_filter
@@ -52,19 +52,13 @@ class ActiveSupport::TestCase
   # then set this back to true.
   self.use_instantiated_fixtures  = false
-  # Add more helper methods to be used by all tests here...
+  extend Test::Should
-  # for fixture_file_upload
   include ActionDispatch::TestProcess
-
   include Noosfero::Factory
-
   include AuthenticatedTestHelper
-
   include PerformanceHelper
-  extend Test::Should
-
   fixtures :environments, :roles
   def self.all_fixtures
@@ -21,4 +21,14 @@ class CommentHandlerTest &lt; ActiveSupport::TestCase
     handler.perform
   end
+  should 'save locale from creation context and not change current locale' do
+    FastGettext.stubs(:locale).returns("pt")
+    handler = CommentHandler.new(5, :whatever_method)
+
+    FastGettext.stubs(:locale).returns("en")
+    assert_equal "pt", handler.locale
+
+    handler.perform
+    assert_equal "en", FastGettext.locale
+  end
 end
@@ -567,4 +567,24 @@ class OrganizationTest &lt; ActiveSupport::TestCase
     assert_not_includes person_orgs,    o7
     assert_includes     env_admin_orgs, o7
   end
+
+  should 'return true at display_private_info_to? when profile is public and user is nil' do
+    organization = fast_create(Organization, public_profile: true)
+    assert organization.display_private_info_to?(nil)
+  end
+
+  should 'return false at display_private_info_to? when profile is public and secret' do
+    organization = fast_create(Organization, public_profile: true, secret: true)
+    assert !organization.display_private_info_to?(nil)
+  end
+
+  should 'return false at display_private_info_to? when profile is public and not visible' do
+    organization = fast_create(Organization, public_profile: true, visible: false)
+    assert !organization.display_private_info_to?(nil)
+  end
+
+  should 'return false at display_private_info_to? when profile is private and user is nil' do
+    organization = fast_create(Organization, public_profile: false)
+    assert !organization.display_private_info_to?(nil)
+  end
 end
@@ -2204,4 +2204,24 @@ class ProfileTest &lt; ActiveSupport::TestCase
     assert_not_includes profiles, p3
     assert_not_includes profiles, p4
   end
+  
+  ['post_content', 'edit_profile', 'destroy_profile'].each do |permission|
+    should "return true in #{permission} when user has this permission" do
+      profile = fast_create(Profile)
+      person = fast_create(Person)
+      give_permission(person, permission, profile)
+      assert profile.send("allow_#{permission.gsub(/_profile/,'')}?", person)
+    end
+
+    should "return false in #{permission} when user doesn't have this permission" do
+      profile = fast_create(Profile)
+      person = fast_create(Person)
+      assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", person)
+    end
+
+    should "return false in #{permission} when user is nil" do
+      profile = fast_create(Profile)
+      assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)
+    end
+  end
 end
@@ -0,0 +1,15 @@
+require 'test_helper'
+
+class UrlHelperTest < ActionView::TestCase
+
+  include UrlHelper
+
+  def setup
+  end
+
+  should 'preserve override_user if present' do
+    params[:override_user] = 1
+    assert_equal default_url_options[:override_user], params[:override_user]
+  end
+
+end
	@@ -132,7 +132,7 @@ module Api		@@ -132,7 +132,7 @@ module Api
132		132
133	def present_article(asset)	133	def present_article(asset)
134	article = find_article(asset.articles, params[:id])	134	article = find_article(asset.articles, params[:id])
135	- present_partial article, :with => Entities::Article, :params => params	135	+ present_partial article, with: Entities::Article, params: params, current_person: current_person
136	end	136	end
137		137
138	def present_articles_for_asset(asset, method = 'articles')	138	def present_articles_for_asset(asset, method = 'articles')
	@@ -141,7 +141,7 @@ module Api		@@ -141,7 +141,7 @@ module Api
141	end	141	end
142		142
143	def present_articles(articles)	143	def present_articles(articles)
144	- present_partial paginate(articles), :with => Entities::Article, :params => params	144	+ present_partial paginate(articles), :with => Entities::Article, :params => params, current_person: current_person
145	end	145	end
146		146
147	def find_articles(asset, method = 'articles')	147	def find_articles(asset, method = 'articles')
	@@ -288,7 +288,7 @@ module Api		@@ -288,7 +288,7 @@ module Api
288	article = forbidden!	288	article = forbidden!
289	end	289	end
290		290
291	- present_partial article, :with => Entities::Article	291	+ present_partial article, :with => Entities::Article, current_person: current_person
292	else	292	else
293		293
294	present_articles_for_asset(profile)	294	present_articles_for_asset(profile)
	@@ -27,7 +27,7 @@ module Api		@@ -27,7 +27,7 @@ module Api
27	post ':id' do	27	post ':id' do
28	authenticate!	28	authenticate!
29	profile = environment.profiles.find_by(id: params[:id])	29	profile = environment.profiles.find_by(id: params[:id])
30	- return forbidden! unless current_person.has_permission?(:edit_profile, profile)	30	+ return forbidden! unless profile.allow_edit?(current_person)
31	profile.update_attributes!(params[:profile])	31	profile.update_attributes!(params[:profile])
32	present profile, :with => Entities::Profile, :current_person => current_person	32	present profile, :with => Entities::Profile, :current_person => current_person
33	end	33	end
	@@ -39,7 +39,7 @@ module Api		@@ -39,7 +39,7 @@ module Api
39		39
40	not_found! if profile.blank?	40	not_found! if profile.blank?
41		41
42	- if current_person.has_permission?(:destroy_profile, profile)	42	+ if profile.allow_destroy?(current_person)
43	profile.destroy	43	profile.destroy
44	else	44	else
45	forbidden!	45	forbidden!
	@@ -61,6 +61,6 @@ module CustomFieldsHelper		@@ -61,6 +61,6 @@ module CustomFieldsHelper
61		61
62	def form_for_format(customized_type, format)	62	def form_for_format(customized_type, format)
63	field = CustomField.new(:format => format, :customized_type => customized_type, :environment => environment)	63	field = CustomField.new(:format => format, :customized_type => customized_type, :environment => environment)
64	- CGI::escapeHTML((render(:partial => 'features/custom_fields/form', :locals => {:field => field})))	64	+ CGI::escapeHTML((render(:partial => 'features/custom_fields/form', :locals => {:field => field}))).html_safe
65	end	65	end
66	end	66	end
	@@ -4,4 +4,12 @@ module UrlHelper		@@ -4,4 +4,12 @@ module UrlHelper
4	'javascript:history.back()'	4	'javascript:history.back()'
5	end	5	end
6		6
		7	+ def default_url_options
		8	+ options = {}
		9	+
		10	+ options[:override_user] = params[:override_user] if params[:override_user].present?
		11	+
		12	+ options
		13	+ end
		14	+
7	end	15	end
	@@ -567,7 +567,7 @@ class Article < ApplicationRecord		@@ -567,7 +567,7 @@ class Article < ApplicationRecord
567		567
568	def allow_post_content?(user = nil)	568	def allow_post_content?(user = nil)
569	return true if allow_edit_topic?(user)	569	return true if allow_edit_topic?(user)
570	- user && (user.has_permission?('post_content', profile) \|\| allow_publish_content?(user) && (user == author))	570	+ user && (profile.allow_post_content?(user) \|\| allow_publish_content?(user) && (user == author))
571	end	571	end
572		572
573	def allow_publish_content?(user = nil)	573	def allow_publish_content?(user = nil)
	@@ -238,4 +238,7 @@ class Organization < Profile		@@ -238,4 +238,7 @@ class Organization < Profile
238	self.admins.where(:id => user.id).exists?	238	self.admins.where(:id => user.id).exists?
239	end	239	end
240		240
		241	+ def display_private_info_to?(user)
		242	+ (public_profile && visible && !secret) \|\| super
		243	+ end
241	end	244	end
	@@ -1189,4 +1189,15 @@ private :generate_url, :url_options		@@ -1189,4 +1189,15 @@ private :generate_url, :url_options
1189	false	1189	false
1190	end	1190	end
1191		1191
		1192	+ def allow_post_content?(person = nil)
		1193	+ person.kind_of?(Profile) && person.has_permission?('post_content', self)
		1194	+ end
		1195	+
		1196	+ def allow_edit?(person = nil)
		1197	+ person.kind_of?(Profile) && person.has_permission?('edit_profile', self)
		1198	+ end
		1199	+
		1200	+ def allow_destroy?(person = nil)
		1201	+ person.kind_of?(Profile) && person.has_permission?('destroy_profile', self)
		1202	+ end
1192	end	1203	end
1	require 'digest/sha1'	1	require 'digest/sha1'
2	-require 'user_activation_job'
3	require 'securerandom'	2	require 'securerandom'
4		3
5	# User models the system users, and is generated by the acts_as_authenticated	4	# User models the system users, and is generated by the acts_as_authenticated
	@@ -30,7 +30,7 @@		@@ -30,7 +30,7 @@
30	[ [ profile.city, 'locality' ],	30	[ [ profile.city, 'locality' ],
31	[ profile.state, 'region' ],	31	[ profile.state, 'region' ],
32	[ profile.country_name, 'country-name' ]	32	[ profile.country_name, 'country-name' ]
33	- ].map{ \|s,c\| s =~ /^\s*$/ ? nil : content_tag( 'span', s, :class => c ) }.compact.join ' - '	33	+ ].map{ \|s,c\| s =~ /^\s*$/ ? nil : content_tag( 'span', s, :class => c ) }.compact.safe_join ' - '
34	%>	34	%>
35	</div>	35	</div>
36	<% end %>	36	<% end %>