Merge branch 'plugins-routes' of git://gitorious.org/~diguliu/noosfero/digulius-…

…noosfero into refactoring_controllers

Merge branch 'plugins-routes' of git://gitorious.org/~diguliu/noosfero/digulius-…
…noosfero into refactoring_controllers
Paulo Meireles
2 parents 4b7a05d3 cd4a0e06
Showing 286 changed files with 8733 additions and 1124 deletions Show diff stats
INSTALL.varnish
app/controllers/admin/users_controller.rb
app/controllers/application_controller.rb
app/controllers/box_organizer_controller.rb
app/controllers/my_profile/profile_design_controller.rb
app/controllers/my_profile/profile_members_controller.rb
app/controllers/my_profile/spam_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/content_viewer_controller.rb
app/controllers/public/not_found_controller.rb
app/controllers/public/profile_controller.rb
app/controllers/public/search_controller.rb
app/helpers/application_helper.rb
app/helpers/article_helper.rb
app/helpers/boxes_helper.rb
app/helpers/cms_helper.rb
app/helpers/colorbox_helper.rb
app/helpers/content_viewer_helper.rb
app/helpers/folder_helper.rb
app/helpers/forms_helper.rb
@@ -15,6 +15,10 @@ Noosfero was tested with Varnish 2.x. If you are using a Debian Lenny (and you
 should, unless Debian already released Squeeze by now), make sure you install
 varnish from the lenny-backports suite.
  
+Install the RPAF apache module (or skip this step if not using apache):
+
+  # apt-get install libapache2-mod-rpaf
+
 3) Enable varnish logging:
  
 3a) Edit /etc/default/varnishncsa and uncomment the line that contains:
@@ -7,11 +7,12 @@ class UsersController &lt; AdminController
       format.html
       format.xml do
         @users = User.find(:all, :conditions => {:environment_id => environment.id}, :include => [:person])
-        render :xml => @users.to_xml(
-          :skip_types => true,
-          :only => %w[email login created_at updated_at],
-          :include => { :person => {:only => %w[name updated_at created_at address birth_date contact_phone identifier lat lng] } }
-        )
+        send_data @users.to_xml(
+            :skip_types => true,
+            :only => %w[email login created_at updated_at],
+            :include => { :person => {:only => %w[name updated_at created_at address birth_date contact_phone identifier lat lng] } }),
+          :type => 'text/xml',
+          :disposition => "attachment; filename=users.xml"
       end
       format.csv do
         @users = User.find(:all, :conditions => {:environment_id => environment.id}, :include => [:person])
@@ -101,9 +101,10 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
+  include Noosfero::Plugin::HotSpot
+
   def init_noosfero_plugins
-    @plugins = Noosfero::Plugin::Manager.new(self)
-    @plugins.each do |plugin|
+    plugins.each do |plugin|
       prepend_view_path(plugin.class.view_path)
     end
     init_noosfero_plugins_controller_filters
@@ -112,8 +113,10 @@ class ApplicationController &lt; ActionController::Base
   # This is a generic method that initialize any possible filter defined by a
   # plugin to the current controller being initialized.
   def init_noosfero_plugins_controller_filters
-    @plugins.each do |plugin|
-      plugin.send(self.class.name.underscore + '_filters').each do |plugin_filter|
+    plugins.each do |plugin|
+      filters = plugin.send(self.class.name.underscore + '_filters')
+      filters = [filters] if !filters.kind_of?(Array)
+      filters.each do |plugin_filter|
         self.class.send(plugin_filter[:type], plugin.class.name.underscore + '_' + plugin_filter[:method_name], (plugin_filter[:options] || {}))
         self.class.send(:define_method, plugin.class.name.underscore + '_' + plugin_filter[:method_name], plugin_filter[:block])
       end
@@ -68,7 +68,8 @@ class BoxOrganizerController &lt; ApplicationController
         raise ArgumentError.new("Type %s is not allowed. Go away." % type)
       end
     else
-      @block_types = available_blocks
+      @center_block_types = Box.acceptable_center_blocks & available_blocks
+      @side_block_types = Box.acceptable_side_blocks & available_blocks
       @boxes = boxes_holder.boxes
       render :action => 'add_block', :layout => false
     end
@@ -5,7 +5,7 @@ class ProfileDesignController &lt; BoxOrganizerController
   protect 'edit_profile_design', :profile
  
   def available_blocks
-    blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock, LinkListBlock, MyNetworkBlock, FeedReaderBlock, ProfileImageBlock, LocationBlock, SlideshowBlock, ProfileSearchBlock ]
+    blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock, LinkListBlock, MyNetworkBlock, FeedReaderBlock, ProfileImageBlock, LocationBlock, SlideshowBlock, ProfileSearchBlock, HighlightsBlock ]
  
     # blocks exclusive for organizations
     if profile.has_members?
@@ -156,18 +156,4 @@ class ProfileMembersController &lt; MyProfileController
     end
   end
  
-  def send_mail
-    @mailing = profile.mailings.build(params[:mailing])
-    if request.post?
-      @mailing.locale = locale
-      @mailing.person = user
-      if @mailing.save
-        session[:notice] = _('The e-mails are being sent')
-        redirect_to :action => 'index'
-      else
-        session[:notice] = _('Could not create the e-mail')
-      end
-    end
-  end
-
 end
@@ -0,0 +1,40 @@
+class SpamController < MyProfileController
+
+  protect :moderate_comments, :profile
+
+  def index
+    if request.post?
+      begin
+        # FIXME duplicated logic
+        #
+        # This logic more or less replicates what is already in
+        # ContentViewerController#view_page,
+        # ContentViewerController#remove_comment and
+        # ContentViewerController#mark_comment_as_spam
+        if params[:remove_comment]
+          profile.comments_received.find(params[:remove_comment]).destroy
+        end
+        if params[:mark_comment_as_ham]
+          profile.comments_received.find(params[:mark_comment_as_ham]).ham!
+        end
+        if request.xhr?
+          json_response(true)
+        else
+          redirect_to :action => :index
+        end
+      rescue
+        json_response(false)
+      end
+      return
+    end
+
+    @spam = profile.comments_received.spam.paginate({:page => params[:page]})
+  end
+
+  protected
+
+  def json_response(status)
+    render :text => {'ok' => status }.to_json, :content_type => 'application/json'
+  end
+
+end
@@ -25,11 +25,13 @@ class AccountController &lt; ApplicationController
  
   # action to perform login to the application
   def login
-    @user = User.new
-    @person = @user.build_person
     store_location(request.referer) unless session[:return_to]
     return unless request.post?
-    self.current_user = User.authenticate(params[:user][:login], params[:user][:password], environment) if params[:user]
+
+    self.current_user = plugins_alternative_authentication
+
+    self.current_user ||= User.authenticate(params[:user][:login], params[:user][:password], environment) if params[:user]
+
     if logged_in?
       if params[:remember_me] == "1"
         self.current_user.remember_me
@@ -41,7 +43,6 @@ class AccountController &lt; ApplicationController
       end
     else
       session[:notice] = _('Incorrect username or password') if redirect?
-      redirect_to :back if redirect?
     end
   end
  
@@ -56,6 +57,11 @@ class AccountController &lt; ApplicationController
  
   # action to register an user to the application
   def signup
+    if @plugins.dispatch(:allow_user_registration).include?(false)
+      redirect_back_or_default(:controller => 'home')
+      session[:notice] = _("This environment doesn't allow user registration.")
+    end
+
     @invitation_code = params[:invitation_code]
     begin
       if params[:user]
@@ -125,6 +131,10 @@ class AccountController &lt; ApplicationController
   #
   # Posts back.
   def forgot_password
+    if @plugins.dispatch(:allow_password_recovery).include?(false)
+      redirect_back_or_default(:controller => 'home')
+      session[:notice] = _("This environment doesn't allow password recovery.")
+    end
     @change_password = ChangePassword.new(params[:change_password])
  
     if request.post?
@@ -303,10 +313,27 @@ class AccountController &lt; ApplicationController
   end
  
   def go_to_initial_page
-    if environment == current_user.environment
-      redirect_back_or_default(user.admin_url)
+    if environment.enabled?('allow_change_of_redirection_after_login')
+      case user.preferred_login_redirection
+        when 'keep_on_same_page'
+          redirect_back_or_default(user.admin_url)
+        when 'site_homepage'
+          redirect_to :controller => :home
+        when 'user_profile_page'
+          redirect_to user.public_profile_url
+        when 'user_homepage'
+          redirect_to user.url
+        when 'user_control_panel'
+          redirect_to user.admin_url
+      else
+        redirect_back_or_default(user.admin_url)
+      end
     else
-      redirect_back_or_default(:controller => 'home')
+      if environment == current_user.environment
+        redirect_back_or_default(user.admin_url)
+      else
+        redirect_back_or_default(:controller => 'home')
+      end
     end
   end
  
@@ -316,4 +343,13 @@ class AccountController &lt; ApplicationController
     end
   end
  
+  def plugins_alternative_authentication
+    user = nil
+    @plugins.each do |plugin|
+      user = plugin.alternative_authentication
+      break unless user.nil?
+    end
+    user
+  end
+
 end
@@ -2,6 +2,8 @@ class ContentViewerController &lt; ApplicationController
  
   needs_profile
  
+  before_filter :comment_author, :only => :edit_comment
+
   helper ProfileHelper
   helper TagsHelper
  
@@ -19,7 +21,7 @@ class ContentViewerController &lt; ApplicationController
       unless @page
         page_from_old_path = profile.articles.find_by_old_path(path)
         if page_from_old_path
-          redirect_to :profile => profile.identifier, :page => page_from_old_path.explode_path
+          redirect_to profile.url.merge(:page => page_from_old_path.explode_path)
           return
         end
       end
@@ -75,8 +77,14 @@ class ContentViewerController &lt; ApplicationController
       @comment = Comment.new
     end
  
-    if request.post? && params[:remove_comment]
-      remove_comment
+    if request.post?
+      if params[:remove_comment]
+        remove_comment
+        return
+      elsif params[:mark_comment_as_spam]
+        mark_comment_as_spam
+        return
+      end
     end
  
     if @page.has_posts?
@@ -107,23 +115,46 @@ class ContentViewerController &lt; ApplicationController
       end
     end
  
-    @comments = @page.comments(true).as_thread
-    @comments_count = @page.comments.count
+    comments = @page.comments.without_spam
+    @comments = comments.as_thread
+    @comments_count = comments.count
     if params[:slideshow]
       render :action => 'slideshow', :layout => 'slideshow'
     end
   end
  
+  def edit_comment
+    path = params[:page].join('/')
+    @page = profile.articles.find_by_path(path)
+    @form_div = 'opened'
+    @comment = @page.comments.find_by_id(params[:id])
+    if @comment
+      if request.post?
+        begin
+          @comment.update_attributes(params[:comment])
+          session[:notice] = _('Comment succesfully updated')
+          redirect_to :action => 'view_page', :profile => profile.identifier, :page => @comment.article.explode_path
+        rescue
+          session[:notice] = _('Comment could not be updated')
+        end
+      end
+    else
+      redirect_to @page.view_url
+      session[:notice] = _('Could not find the comment in the article')
+    end
+  end
+
   protected
  
   def add_comment
     @comment.author = user if logged_in?
     @comment.article = @page
     @comment.ip_address = request.remote_ip
+    @comment.user_agent = request.user_agent
+    @comment.referrer = request.referrer
     plugins_filter_comment(@comment)
     return if @comment.rejected?
     if (pass_without_comment_captcha? || verify_recaptcha(:model => @comment, :message => _('Please type the words correctly'))) && @comment.save
-      plugins_comment_saved(@comment)
       @page.touch
       @comment = nil # clear the comment form
       redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
@@ -138,12 +169,6 @@ class ContentViewerController &lt; ApplicationController
     end
   end
  
-  def plugins_comment_saved(comment)
-    @plugins.each do |plugin|
-      plugin.comment_saved(comment)
-    end
-  end
-
   def pass_without_comment_captcha?
     logged_in? && !environment.enabled?('captcha_for_logged_users')
   end
@@ -153,9 +178,24 @@ class ContentViewerController &lt; ApplicationController
     @comment = @page.comments.find(params[:remove_comment])
     if (user == @comment.author || user == @page.profile || user.has_permission?(:moderate_comments, @page.profile))
       @comment.destroy
-      session[:notice] = _('Comment succesfully deleted')
     end
-    redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
+    finish_comment_handling
+  end
+
+  def mark_comment_as_spam
+    @comment = @page.comments.find(params[:mark_comment_as_spam])
+    if logged_in? && (user == @page.profile || user.has_permission?(:moderate_comments, @page.profile))
+      @comment.spam!
+    end
+    finish_comment_handling
+  end
+
+  def finish_comment_handling
+    if request.xhr?
+      render :text => {'ok' => true}.to_json, :content_type => 'application/json'
+    else
+      redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
+    end
   end
  
   def per_page
@@ -181,4 +221,13 @@ class ContentViewerController &lt; ApplicationController
     end
   end
  
+  def comment_author
+    comment = Comment.find_by_id(params[:id])
+    if comment
+      render_access_denied if comment.author.blank? || comment.author != user
+    else
+      render_not_found
+    end
+  end
+
 end
@@ -2,4 +2,8 @@ class NotFoundController &lt; ApplicationController
   def index
     render_not_found
   end
+
+  def nothing
+    render :nothing => true, :status => 404
+  end
 end
@@ -2,11 +2,13 @@ class ProfileController &lt; PublicController
  
   needs_profile
   before_filter :check_access_to_profile, :except => [:join, :join_not_logged, :index, :add]
-  before_filter :store_location, :only => [:join, :join_not_logged, :report_abuse]
-  before_filter :login_required, :only => [:add, :join, :join_not_logged, :leave, :unblock, :leave_scrap, :remove_scrap, :remove_activity, :view_more_activities, :view_more_network_activities, :report_abuse, :register_report, :leave_comment_on_activity]
+  before_filter :store_location, :only => [:join, :join_not_logged, :report_abuse, :send_mail]
+  before_filter :login_required, :only => [:add, :join, :join_not_logged, :leave, :unblock, :leave_scrap, :remove_scrap, :remove_activity, :view_more_activities, :view_more_network_activities, :report_abuse, :register_report, :leave_comment_on_activity, :send_mail]
  
   helper TagsHelper
  
+  protect 'send_mail_to_members', :profile, :only => [:send_mail]
+
   def index
     @network_activities = !@profile.is_a?(Person) ? @profile.tracked_notifications.visible.paginate(:per_page => 15, :page => params[:page]) : []
     if logged_in? && current_person.follows?(@profile)
@@ -49,36 +51,36 @@ class ProfileController &lt; PublicController
  
   def communities
     if is_cache_expired?(profile.communities_cache_key(params))
-      @communities = profile.communities.paginate(:per_page => per_page, :page => params[:npage])
+      @communities = profile.communities.includes(relations_to_include).paginate(:per_page => per_page, :page => params[:npage])
     end
   end
  
   def enterprises
-    @enterprises = profile.enterprises
+    @enterprises = profile.enterprises.includes(relations_to_include)
   end
  
   def friends
     if is_cache_expired?(profile.friends_cache_key(params))
-      @friends = profile.friends.paginate(:per_page => per_page, :page => params[:npage])
+      @friends = profile.friends.includes(relations_to_include).paginate(:per_page => per_page, :page => params[:npage])
     end
   end
  
   def members
     if is_cache_expired?(profile.members_cache_key(params))
-      @members = profile.members.paginate(:per_page => members_per_page, :page => params[:npage])
+      @members = profile.members.includes(relations_to_include).paginate(:per_page => members_per_page, :page => params[:npage])
     end
   end
  
   def fans
-    @fans = profile.fans
+    @fans = profile.fans.includes(relations_to_include)
   end
  
   def favorite_enterprises
-    @favorite_enterprises = profile.favorite_enterprises
+    @favorite_enterprises = profile.favorite_enterprises.includes(relations_to_include)
   end
  
   def sitemap
-    @articles = profile.top_level_articles
+    @articles = profile.top_level_articles.includes([:profile, :parent])
   end
  
   def join
@@ -212,9 +214,9 @@ class ProfileController &lt; PublicController
     begin
       scrap = current_user.person.scraps(params[:scrap_id])
       scrap.destroy
-      render :text => _('Scrap successfully removed.')
+      finish_successful_removal 'Scrap successfully removed.'
     rescue
-      render :text => _('You could not remove this scrap')
+      finish_unsuccessful_removal 'You could not remove this scrap.'
     end
   end
  
@@ -227,9 +229,9 @@ class ProfileController &lt; PublicController
       else
         activity.destroy
       end
-      render :text => _('Activity successfully removed.')
+      finish_successful_removal 'Activity successfully removed.'
     rescue
-      render :text => _('You could not remove this activity')
+      finish_unsuccessful_removal 'You could not remove this activity.'
     end
   end
  
@@ -244,6 +246,24 @@ class ProfileController &lt; PublicController
     end
   end
  
+  def finish_successful_removal(msg)
+    if request.xhr?
+      render :text => {'ok' => true}.to_json, :content_type => 'application/json'
+    else
+      session[:notice] = _(msg)
+      redirect_to :action => :index
+    end
+  end
+
+  def finish_unsuccessful_removal(msg)
+    session[:notice] = _(msg)
+    if request.xhr?
+      render :text => {'redirect' => url_for(:action => :index)}.to_json, :content_type => 'application/json'
+    else
+      redirect_to :action => :index
+    end
+  end
+
   def profile_info
     begin
       @block = profile.blocks.find(params[:block_id])
@@ -303,9 +323,24 @@ class ProfileController &lt; PublicController
     @comment = Comment.find(params[:comment_id])
     if (user == @comment.author || user == profile || user.has_permission?(:moderate_comments, profile))
       @comment.destroy
-      session[:notice] = _('Comment successfully deleted')
+      finish_successful_removal 'Comment successfully removed.'
+    else
+      finish_unsuccessful_removal 'You could not remove this comment.'
+    end
+  end
+
+  def send_mail
+    @mailing = profile.mailings.build(params[:mailing])
+    if request.post?
+      @mailing.locale = locale
+      @mailing.person = user
+      if @mailing.save
+        session[:notice] = _('The e-mails are being sent')
+        redirect_to_previous_location
+      else
+        session[:notice] = _('Could not create the e-mail')
+      end
     end
-    redirect_to :action => :index
   end
  
   protected
@@ -359,4 +394,8 @@ class ProfileController &lt; PublicController
     @can_edit_profile ||= user && user.has_permission?('edit_profile', profile)
   end
   helper_method :can_edit_profile
+
+  def relations_to_include
+    [:image, :domains, :preferred_domain, :environment]
+  end
 end
@@ -4,10 +4,17 @@ class SearchController &lt; PublicController
   include SearchHelper
   include ActionView::Helpers::NumberHelper
  
+  before_filter :redirect_asset_param, :except => [:facets_browse, :assets]
   before_filter :load_category
   before_filter :load_search_assets
   before_filter :load_query
  
+  # Backwards compatibility with old URLs
+  def redirect_asset_param
+    return unless params.has_key?(:asset)
+    redirect_to params.merge(:action => params.delete(:asset))
+  end
+
   no_design_blocks
  
   def facets_browse
@@ -39,7 +46,7 @@ class SearchController &lt; PublicController
     if !@empty_query
       full_text_search ['public:true']
     else
-      @results[@asset] = @environment.people.visible.send(@filter).paginate(paginate_options)
+      @results[@asset] = visible_profiles(Person).send(@filter).paginate(paginate_options)
     end
   end
  
@@ -69,7 +76,7 @@ class SearchController &lt; PublicController
       full_text_search ['public:true']
     else
       @filter_title = _('Enterprises from network')
-      @results[@asset] = @environment.enterprises.visible.paginate(paginate_options)
+      @results[@asset] = visible_profiles(Enterprise, [{:products => :product_category}]).paginate(paginate_options)
     end
   end
  
@@ -77,7 +84,7 @@ class SearchController &lt; PublicController
     if !@empty_query
       full_text_search ['public:true']
     else
-      @results[@asset] = @environment.communities.visible.send(@filter).paginate(paginate_options)
+      @results[@asset] = visible_profiles(Community).send(@filter).paginate(paginate_options)
     end
   end
  
@@ -250,10 +257,9 @@ class SearchController &lt; PublicController
   end
  
   def limit
-    searching = @searching.values.select{ |v| v }
-    if params[:display] == 'map'
+    if map_search?
       MAP_SEARCH_LIMIT
-    elsif searching.size <= 1
+    elsif !multiple_search?
       if [:people, :communities].include? @asset
         BLOCKS_SEARCH_LIMIT
       elsif @asset == :enterprises and @empty_query
@@ -267,31 +273,34 @@ class SearchController &lt; PublicController
   end
  
   def paginate_options(page = params[:page])
+    page = 1 if multiple_search? or params[:display] == 'map'
     { :per_page => limit, :page => page }
   end
  
   def full_text_search(filters = [], options = {})
     paginate_options = paginate_options(params[:page])
     asset_class = asset_class(@asset)
-
     solr_options = options
-    if !@results_only and asset_class.respond_to? :facets
-      solr_options.merge! asset_class.facets_find_options(params[:facet])
-      solr_options[:all_facets] = true
-      solr_options[:limit] = 0 if @facets_only
-    end
-    solr_options[:filter_queries] ||= []
-    solr_options[:filter_queries] += filters
-    solr_options[:filter_queries] << "environment_id:#{environment.id}"
-    solr_options[:filter_queries] << asset_class.facet_category_query.call(@category) if @category
-
-    solr_options[:boost_functions] ||= []
-    params[:order_by] = nil if params[:order_by] == 'none'
-    if params[:order_by]
-      order = SortOptions[@asset][params[:order_by].to_sym]
-      raise "Unknown order by" if order.nil?
-      order[:solr_opts].each do |opt, value|
-        solr_options[opt] = value.is_a?(Proc) ? instance_eval(&value) : value
+    pg_options = paginate_options(params[:page])
+
+    if !multiple_search?
+      if !@results_only and asset_class.respond_to? :facets
+        solr_options.merge! asset_class.facets_find_options(params[:facet])
+        solr_options[:all_facets] = true
+      end
+      solr_options[:filter_queries] ||= []
+      solr_options[:filter_queries] += filters
+      solr_options[:filter_queries] << "environment_id:#{environment.id}"
+      solr_options[:filter_queries] << asset_class.facet_category_query.call(@category) if @category
+
+      solr_options[:boost_functions] ||= []
+      params[:order_by] = nil if params[:order_by] == 'none'
+      if params[:order_by]
+        order = SortOptions[@asset][params[:order_by].to_sym]
+        raise "Unknown order by" if order.nil?
+        order[:solr_opts].each do |opt, value|
+          solr_options[opt] = value.is_a?(Proc) ? instance_eval(&value) : value
+        end
       end
     end
  
@@ -301,4 +310,12 @@ class SearchController &lt; PublicController
     @all_facets = ret[:all_facets]
   end
  
+  private
+
+  def visible_profiles(klass, *extra_relations)
+    relations = [:image, :domains, :environment, :preferred_domain]
+    relations += extra_relations
+    @environment.send(klass.name.underscore.pluralize).visible.includes(relations)
+  end
+
 end
@@ -265,9 +265,9 @@ module ApplicationHelper
  
   VIEW_EXTENSIONS = %w[.rhtml .html.erb]
  
-  def partial_for_class_in_view_path(klass, view_path)
+  def partial_for_class_in_view_path(klass, view_path, suffix = nil)
     return nil if klass.nil?
-    name = klass.name.underscore
+    name = [klass.name.underscore, suffix].compact.map(&:to_s).join('_')
  
     search_name = String.new(name)
     if search_name.include?("/")
@@ -282,31 +282,20 @@ module ApplicationHelper
       return name if File.exists?(File.join(path))
     end
  
-    partial_for_class_in_view_path(klass.superclass, view_path)
+    partial_for_class_in_view_path(klass.superclass, view_path, suffix)
   end
  
-  def partial_for_class(klass)
+  def partial_for_class(klass, suffix=nil)
     raise ArgumentError, 'No partial for object. Is there a partial for any class in the inheritance hierarchy?' if klass.nil?
     name = klass.name.underscore
     @controller.view_paths.each do |view_path|
-      partial = partial_for_class_in_view_path(klass, view_path)
+      partial = partial_for_class_in_view_path(klass, view_path, suffix)
       return partial if partial
     end
  
     raise ArgumentError, 'No partial for object. Is there a partial for any class in the inheritance hierarchy?'
   end
  
-  def partial_for_task_class(klass, action)
-    raise ArgumentError, 'No partial for object. Is there a partial for any class in the inheritance hierarchy?' if klass.nil?
-
-    name = "#{klass.name.underscore}_#{action.to_s}"
-    VIEW_EXTENSIONS.each do |ext|
-      return name if File.exists?(File.join(RAILS_ROOT, 'app', 'views', params[:controller], '_'+name+ext))
-    end
-
-    partial_for_task_class(klass.superclass, action)
-  end
-
   def view_for_profile_actions(klass)
     raise ArgumentError, 'No profile actions view for this class.' if klass.nil?
  
@@ -1336,6 +1325,19 @@ module ApplicationHelper
     end
   end
  
+  def expirable_link_to(expired, content, url, options = {})
+    if expired
+      options[:class] = (options[:class] || '') + ' disabled'
+      content_tag('a', '&nbsp;'+content_tag('span', content), options)
+    else
+      link_to content, url, options
+    end
+  end
+
+  def remove_content_button(action)
+    @plugins.dispatch("content_remove_#{action.to_s}", @page).include?(true)
+  end
+
   def template_options(klass, field_name)
     return '' if klass.templates.count == 0
     return hidden_field_tag("#{field_name}[template_id]", klass.templates.first.id) if klass.templates.count == 1
@@ -1401,4 +1403,19 @@ module ApplicationHelper
     result
   end
  
+  def expirable_content_reference(content, action, text, url, options = {})
+    reason = @plugins.dispatch("content_expire_#{action.to_s}", content).first
+    options[:title] = reason
+    expirable_link_to reason.present?, text, url, options
+  end
+
+  def expirable_button(content, action, text, url, options = {})
+    options[:class] = "button with-text icon-#{action.to_s}"
+    expirable_content_reference content, action, text, url, options
+  end
+
+  def expirable_comment_link(content, action, text, url, options = {})
+    options[:class] = "comment-footer comment-footer-link comment-footer-hide"
+    expirable_content_reference content, action, text, url, options
+  end
 end
@@ -2,14 +2,19 @@ module ArticleHelper
  
   def custom_options_for_article(article)
     @article = article
+    content_tag('h4', _('Visibility')) +
+    content_tag('div',
+      content_tag('div',
+        radio_button(:article, :published, true) +
+          content_tag('label', _('Public (visible to other people)'), :for => 'article_published_true')
+           ) +
+      content_tag('div',
+        radio_button(:article, :published, false) +
+          content_tag('label', _('Private'), :for => 'article_published_false')
+       )
+     ) +
     content_tag('h4', _('Options')) +
     content_tag('div',
-      content_tag(
-        'div',
-        check_box(:article, :published) +
-        content_tag('label', _('This article must be published (visible to other people)'), :for => 'article_published')
-      ) +
-
       (article.profile.has_members? ?
       content_tag(
         'div',
@@ -66,7 +66,7 @@ module BoxesHelper
  
   def display_box_content(box, main_content)
     context = { :article => @page, :request_path => request.path, :locale => locale }
-    box_decorator.select_blocks(box.blocks, context).map { |item| display_block(item, main_content) }.join("\n") + box_decorator.block_target(box)
+    box_decorator.select_blocks(box.blocks.includes(:box), context).map { |item| display_block(item, main_content) }.join("\n") + box_decorator.block_target(box)
   end
  
   def select_blocks(arr, context)
@@ -162,9 +162,6 @@ module BoxesHelper
   #
   # +box+ is always needed
   def block_target(box, block = nil)
-    # FIXME hardcoded
-    return '' if box.position == 1
-
     id =
       if block.nil?
         "end-of-box-#{box.id}"
@@ -172,14 +169,11 @@ module BoxesHelper
         "before-block-#{block.id}"
       end
  
-    content_tag('div', '&nbsp;', :id => id, :class => 'block-target' ) + drop_receiving_element(id, :url => { :action => 'move_block', :target => id }, :accept => 'block', :hoverclass => 'block-target-hover')
+    content_tag('div', '&nbsp;', :id => id, :class => 'block-target' ) + drop_receiving_element(id, :url => { :action => 'move_block', :target => id }, :accept => box.acceptable_blocks, :hoverclass => 'block-target-hover')
   end
  
   # makes the given block draggable so it can be moved away.
   def block_handle(block)
-    # FIXME hardcoded
-    return '' if block.box.position == 1
-
     draggable_element("block-#{block.id}", :revert => true)
   end
  
@@ -211,7 +205,7 @@ module BoxesHelper
     end
  
     if block.editable?
-      buttons << lightbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
+      buttons << colorbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
     end
  
     if !block.main?
@@ -42,13 +42,25 @@ module CmsHelper
  
   def display_spread_button(profile, article)
     if profile.person?
-      button_without_text :spread, _('Spread this'), :action => 'publish', :id => article.id
+      expirable_button article, :spread, _('Spread this'), :action => 'publish', :id => article.id
     elsif profile.community? && environment.portal_community
-      button_without_text :spread, _('Spread this'), :action => 'publish_on_portal_community', :id => article.id
+      expirable_button article, :spread, _('Spread this'), :action => 'publish_on_portal_community', :id => article.id
     end
   end
  
   def display_delete_button(article)
-    button_without_text :delete, _('Delete'), { :action => 'destroy', :id => article.id }, :method => :post, :confirm => delete_article_message(article)
+    expirable_button article, :delete, _('Delete'), { :action => 'destroy', :id => article.id }, :method => :post, :confirm => delete_article_message(article)
+  end
+
+  def expirable_button(content, action, title, url, options = {})
+    reason = @plugins.dispatch("content_expire_#{action.to_s}", content).first
+    if reason.present?
+      options[:class] = (options[:class] || '') + ' disabled'
+      options[:disabled] = 'disabled'
+      options.delete(:confirm)
+      options.delete(:method)
+      title = reason
+    end
+    button_without_text action.to_sym, title, url, options
   end
 end
@@ -8,6 +8,10 @@ module ColorboxHelper
     button(type, label, url, colorbox_options(options))
   end
  
+  def colorbox_icon_button(type, label, url, options = {})
+    icon_button(type, label, url, colorbox_options(options))
+  end
+
   # options must be an HTML options hash as passed to link_to etc.
   #
   # returns a new hash with colorbox class added. Keeps existing classes.
@@ -4,11 +4,11 @@ module ContentViewerHelper
   include ForumHelper
  
   def number_of_comments(article)
-    n = article.comments.size
+    n = article.comments.without_spam.count
     if n == 0
      _('No comments yet')
     else
-     n_('One comment', '%{comments} comments', n) % { :comments => n }
+     n_('One comment', '<span class="comment-count">%{comments}</span> comments', n) % { :comments => n }
     end
   end
  
@@ -58,18 +58,18 @@ module FolderHelper
  
   def custom_options_for_article(article)
     @article = article
-    content_tag('h4', _('Options')) +
+    content_tag('h4', _('Visibility')) +
+    content_tag('div',
+      content_tag('div',
+        radio_button(:article, :published, true) +
+          content_tag('label', _('Public (visible to other people)'), :for => 'article_published_true')
+           ) +
+      content_tag('div',
+        radio_button(:article, :published, false) +
+          content_tag('label', _('Private'), :for => 'article_published_false')
+       )
+     ) +
     content_tag('div',
-      content_tag(
-        'div',
-        check_box(:article, :published) +
-        content_tag('label', _('This article must be published (visible to other people)'), :for => 'article_published')
-      ) + (article.can_display_hits? ?
-      content_tag(
-        'div',
-        check_box(:article, :display_hits) +
-        content_tag('label', _('I want this article to display the number of hits it received'), :for => 'article_display_hits')
-      ) : '') +
       hidden_field_tag('article[accept_comments]', 0)
     )
   end
@@ -123,6 +123,119 @@ module FormsHelper
     options_for_select.join("\n")
   end
  
+  def date_field(name, value, format = '%Y-%m-%d', datepicker_options = {}, html_options = {})
+    datepicker_options[:disabled] ||= false
+    datepicker_options[:alt_field] ||= ''
+    datepicker_options[:alt_format] ||= ''
+    datepicker_options[:append_text] ||= ''
+    datepicker_options[:auto_size] ||= false
+    datepicker_options[:button_image] ||= ''
+    datepicker_options[:button_image_only] ||=  false
+    datepicker_options[:button_text] ||= '...'
+    datepicker_options[:calculate_week] ||= 'jQuery.datepicker.iso8601Week'
+    datepicker_options[:change_month] ||= false
+    datepicker_options[:change_year] ||= false
+    datepicker_options[:close_text] ||= _('Done')
+    datepicker_options[:constrain_input] ||= true
+    datepicker_options[:current_text] ||= _('Today')
+    datepicker_options[:date_format] ||= 'mm/dd/yy'
+    datepicker_options[:day_names] ||= [_('Sunday'), _('Monday'), _('Tuesday'), _('Wednesday'), _('Thursday'), _('Friday'), _('Saturday')]
+    datepicker_options[:day_names_min] ||= [_('Su'), _('Mo'), _('Tu'), _('We'), _('Th'), _('Fr'), _('Sa')]
+    datepicker_options[:day_names_short] ||= [_('Sun'), _('Mon'), _('Tue'), _('Wed'), _('Thu'), _('Fri'), _('Sat')]
+    datepicker_options[:default_date] ||= nil
+    datepicker_options[:duration] ||= 'normal'
+    datepicker_options[:first_day] ||= 0
+    datepicker_options[:goto_current] ||= false
+    datepicker_options[:hide_if_no_prev_next] ||= false
+    datepicker_options[:is_rtl] ||= false
+    datepicker_options[:max_date] ||= nil
+    datepicker_options[:min_date] ||= nil
+    datepicker_options[:month_names] ||= [_('January'), _('February'), _('March'), _('April'), _('May'), _('June'), _('July'), _('August'), _('September'), _('October'), _('November'), _('December')]
+    datepicker_options[:month_names_short] ||= [_('Jan'), _('Feb'), _('Mar'), _('Apr'), _('May'), _('Jun'), _('Jul'), _('Aug'), _('Sep'), _('Oct'), _('Nov'), _('Dec')]
+    datepicker_options[:navigation_as_date_format] ||= false
+    datepicker_options[:next_text] ||= _('Next')
+    datepicker_options[:number_of_months] ||= 1
+    datepicker_options[:prev_text] ||= _('Prev')
+    datepicker_options[:select_other_months] ||= false
+    datepicker_options[:short_year_cutoff] ||= '+10'
+    datepicker_options[:show_button_panel] ||= false
+    datepicker_options[:show_current_at_pos] ||= 0
+    datepicker_options[:show_month_after_year] ||= false
+    datepicker_options[:show_on] ||= 'focus'
+    datepicker_options[:show_options] ||= {}
+    datepicker_options[:show_other_months] ||= false
+    datepicker_options[:show_week] ||= false
+    datepicker_options[:step_months] ||= 1
+    datepicker_options[:week_header] ||= _('Wk')
+    datepicker_options[:year_range] ||= 'c-10:c+10'
+    datepicker_options[:year_suffix] ||= ''
+
+    element_id = html_options[:id] || 'datepicker-date'
+    value = value.strftime(format) if value.present?
+    method = datepicker_options[:time] ? 'datetimepicker' : 'datepicker'
+    result = text_field_tag(name, value, html_options)
+    result +=
+    "
+    <script type='text/javascript'>
+      jQuery('##{element_id}').#{method}({
+        disabled: #{datepicker_options[:disabled].to_json},
+        altField: #{datepicker_options[:alt_field].to_json},
+        altFormat: #{datepicker_options[:alt_format].to_json},
+        appendText: #{datepicker_options[:append_text].to_json},
+        autoSize: #{datepicker_options[:auto_size].to_json},
+        buttonImage: #{datepicker_options[:button_image].to_json},
+        buttonImageOnly: #{datepicker_options[:button_image_only].to_json},
+        buttonText: #{datepicker_options[:button_text].to_json},
+        calculateWeek: #{datepicker_options[:calculate_week].to_json},
+        changeMonth: #{datepicker_options[:change_month].to_json},
+        changeYear: #{datepicker_options[:change_year].to_json},
+        closeText: #{datepicker_options[:close_text].to_json},
+        constrainInput: #{datepicker_options[:constrain_input].to_json},
+        currentText: #{datepicker_options[:current_text].to_json},
+        dateFormat: #{datepicker_options[:date_format].to_json},
+        dayNames: #{datepicker_options[:day_names].to_json},
+        dayNamesMin: #{datepicker_options[:day_names_min].to_json},
+        dayNamesShort: #{datepicker_options[:day_names_short].to_json},
+        defaultDate: #{datepicker_options[:default_date].to_json},
+        duration: #{datepicker_options[:duration].to_json},
+        firstDay: #{datepicker_options[:first_day].to_json},
+        gotoCurrent: #{datepicker_options[:goto_current].to_json},
+        hideIfNoPrevNext: #{datepicker_options[:hide_if_no_prev_next].to_json},
+        isRTL: #{datepicker_options[:is_rtl].to_json},
+        maxDate: #{datepicker_options[:max_date].to_json},
+        minDate: #{datepicker_options[:min_date].to_json},
+        monthNames: #{datepicker_options[:month_names].to_json},
+        monthNamesShort: #{datepicker_options[:month_names_short].to_json},
+        navigationAsDateFormat: #{datepicker_options[:navigation_as_date_format].to_json},
+        nextText: #{datepicker_options[:next_text].to_json},
+        numberOfMonths: #{datepicker_options[:number_of_months].to_json},
+        prevText: #{datepicker_options[:prev_text].to_json},
+        selectOtherMonths: #{datepicker_options[:select_other_months].to_json},
+        shortYearCutoff: #{datepicker_options[:short_year_cutoff].to_json},
+        showButtonPanel: #{datepicker_options[:show_button_panel].to_json},
+        showCurrentAtPos: #{datepicker_options[:show_current_at_pos].to_json},
+        showMonthAfterYear: #{datepicker_options[:show_month_after_year].to_json},
+        showOn: #{datepicker_options[:show_on].to_json},
+        showOptions: #{datepicker_options[:show_options].to_json},
+        showOtherMonths: #{datepicker_options[:show_other_months].to_json},
+        showWeek: #{datepicker_options[:show_week].to_json},
+        stepMonths: #{datepicker_options[:step_months].to_json},
+        weekHeader: #{datepicker_options[:week_header].to_json},
+        yearRange: #{datepicker_options[:year_range].to_json},
+        yearSuffix: #{datepicker_options[:year_suffix].to_json}
+      })
+    </script>
+    "
+    result
+  end
+
+  def date_range_field(from_name, to_name, from_value, to_value, format = '%Y-%m-%d', datepicker_options = {}, html_options = {})
+    from_id = html_options[:from_id] || 'datepicker-from-date'
+    to_id = html_options[:to_id] || 'datepicker-to-date'
+    return _('From') +' '+ date_field(from_name, from_value, format, datepicker_options, html_options.merge({:id => from_id})) +
+    ' ' + _('until') +' '+ date_field(to_name, to_value, format, datepicker_options, html_options.merge({:id => to_id}))
+  end
+
 protected
   def self.next_id_number
     if defined? @@id_num
@@ -45,6 +45,14 @@ module SearchHelper
   # FIXME remove it after search_controler refactored
   include EventsHelper
  
+  def multiple_search?
+    ['index', 'category_index'].include?(params[:action]) or @results.size > 1
+  end
+
+  def map_search?
+    !@empty_query and !multiple_search? and params[:display] == 'map'
+  end
+
   def search_page_title(title, category = nil)
     title = "<h1>" + title
     title += '<small>' + category.name + '</small>' if category
@@ -58,8 +66,8 @@ module SearchHelper
       :align => 'center', :class => 'search-category-context') if category
   end
  
-  def display_results(use_map = false)
-    if params[:display] == 'map' && use_map
+  def display_results(map_capable = false)
+    if map_capable and map_search?
       partial = 'google_maps'
       klass = 'map'
     else
@@ -99,7 +107,7 @@ module SearchHelper
     @asset_class = asset_class(asset)
     render(:partial => 'facets_unselect_menu')
   end
-  
+
   def facet_javascript(input_id, facet, array)
     array = [] if array.nil?
     hintText = _('Type in an option')
@@ -148,6 +156,7 @@ module SearchHelper
     params = params.dup
     params[:facet].each do |id, value|
       facet = klass.facet_by_id(id.to_sym)
+      next unless facet
       if value.kind_of?(Hash)
         label_hash = facet[:label].call(environment)
         value.each do |label_id, value|
@@ -179,37 +179,23 @@ class Article &lt; ActiveRecord::Base
   end
  
   named_scope :more_popular, :order => 'hits DESC'
-
-  # retrieves the latest +limit+ articles, sorted from the most recent to the
-  # oldest.
-  #
-  # Only includes articles where advertise == true
-  def self.recent(limit = nil, extra_conditions = {})
-    # FIXME this method is a horrible hack
-    options = { :page => 1, :per_page => limit,
-                :conditions => [
-                  "advertise = ? AND
-                  published = ? AND
-                  profiles.visible = ? AND
-                  profiles.public_profile = ? AND
-                  ((articles.type != ? and articles.type != ? and articles.type != ?) OR articles.type is NULL)", true, true, true, true, 'UploadedFile', 'RssFeed', 'Blog'
-                ],
-                :include => 'profile',
-                :order => 'articles.published_at desc, articles.id desc'
-              }
-    if ( scoped_methods && scoped_methods.last &&
-         scoped_methods.last[:find] &&
-         scoped_methods.last[:find][:joins] &&
-         scoped_methods.last[:find][:joins].index('profiles') )
-      options.delete(:include)
-    end
-    if extra_conditions == {}
-      self.paginate(options)
-    else
-      with_scope :find => {:conditions => extra_conditions} do
-        self.paginate(options)
-      end
+  named_scope :relevant_as_recent, :conditions => ["(articles.type != 'UploadedFile' and articles.type != 'RssFeed' and articles.type != 'Blog') OR articles.type is NULL"]
+
+  def self.recent(limit = nil, extra_conditions = {}, pagination = true)
+    result = scoped({:conditions => extra_conditions}).
+      public.
+      relevant_as_recent.
+      limit(limit).
+      order(['articles.published_at desc', 'articles.id desc'])
+
+    if !( scoped_methods && scoped_methods.last &&
+        scoped_methods.last[:find] &&
+        scoped_methods.last[:find][:joins] &&
+        scoped_methods.last[:find][:joins].index('profiles') )
+      result = result.includes(:profile)
     end
+
+    pagination ? result.paginate({:page => 1, :per_page => limit}) : result
   end
  
   # produces the HTML code that is to be displayed as this article's contents.
@@ -2,4 +2,76 @@ class Box &lt; ActiveRecord::Base
   belongs_to :owner, :polymorphic => true
   acts_as_list :scope => 'owner_id = #{owner_id} and owner_type = \'#{owner_type}\''
   has_many :blocks, :dependent => :destroy, :order => 'position'
+
+  def acceptable_blocks
+    to_css_class_name central?  ? Box.acceptable_center_blocks : Box.acceptable_side_blocks
+  end
+
+  def central?
+    position == 1
+  end
+
+  def self.acceptable_center_blocks
+    [ ArticleBlock,
+      BlogArchivesBlock,
+      CategoriesBlock,
+      CommunitiesBlock,
+      EnterprisesBlock,
+      EnvironmentStatisticsBlock,
+      FansBlock,
+      FavoriteEnterprisesBlock,
+      FeedReaderBlock,
+      FriendsBlock,
+      HighlightsBlock,
+      LinkListBlock,
+      LoginBlock,
+      MainBlock,
+      MembersBlock,
+      MyNetworkBlock,
+      PeopleBlock,
+      ProfileImageBlock,
+      RawHTMLBlock,
+      RecentDocumentsBlock,
+      SellersSearchBlock,
+      TagsBlock ]
+  end
+
+  def self.acceptable_side_blocks
+    [ ArticleBlock,
+      BlogArchivesBlock,
+      CategoriesBlock,
+      CommunitiesBlock,
+      DisabledEnterpriseMessageBlock,
+      EnterprisesBlock,
+      EnvironmentStatisticsBlock,
+      FansBlock,
+      FavoriteEnterprisesBlock,
+      FeaturedProductsBlock,
+      FeedReaderBlock,
+      FriendsBlock,
+      HighlightsBlock,
+      LinkListBlock,
+      LocationBlock,
+      LoginBlock,
+      MembersBlock,
+      MyNetworkBlock,
+      PeopleBlock,
+      ProductsBlock,
+      ProfileImageBlock,
+      ProfileInfoBlock,
+      ProfileSearchBlock,
+      RawHTMLBlock,
+      RecentDocumentsBlock,
+      SellersSearchBlock,
+      SlideshowBlock,
+      TagsBlock
+    ]
+  end
+
+  private
+
+  def to_css_class_name(blocks)
+    blocks.map{ |block| block.to_s.underscore.tr('_', '-') }
+  end
+
 end
@@ -7,7 +7,7 @@ class ChangePassword &lt; Task
     when :login:
       _('Username')
     when :email
-      _('e-Mail')
+      _('e-mail')
     when :password
       _('Password')
     when :password_confirmation
@@ -20,9 +20,7 @@ class ChangePassword &lt; Task
   ###################################################
   # validations for creating a ChangePassword task 
  
-  validates_presence_of :login, :email, :environment_id, :on => :create
-
-  validates_presence_of :requestor_id
+  validates_presence_of :login, :email, :environment_id, :on => :create, :message => _('must be filled in')
  
   validates_format_of :email, :on => :create, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda { |obj| !obj.email.blank? })
  
@@ -30,10 +28,10 @@ class ChangePassword &lt; Task
     unless data.login.blank? || data.email.blank?
       user = User.find_by_login_and_environment_id(data.login, data.environment_id)
       if user.nil? 
-        data.errors.add(:login, _('%{fn} is not a valid username.').fix_i18n)
+        data.errors.add(:login, _('is invalid or user does not exists.'))
       else
         if user.email != data.email
-          data.errors.add(:email)
+          data.errors.add(:email, _('does not match the username you filled in'))
         end
       end
     end
@@ -10,6 +10,9 @@ class Comment &lt; ActiveRecord::Base
   has_many :children, :class_name => 'Comment', :foreign_key => 'reply_of_id', :dependent => :destroy
   belongs_to :reply_of, :class_name => 'Comment', :foreign_key => 'reply_of_id'
  
+  named_scope :without_spam, :conditions => ['spam IS NULL OR spam = ?', false]
+  named_scope :spam, :conditions => ['spam = ?', true]
+
   # unauthenticated authors:
   validates_presence_of :name, :if => (lambda { |record| !record.email.blank? })
   validates_presence_of :email, :if => (lambda { |record| !record.name.blank? })
@@ -25,6 +28,8 @@ class Comment &lt; ActiveRecord::Base
  
   xss_terminate :only => [ :body, :title, :name ], :on => 'validation'
  
+  delegate :environment, :to => :source
+
   def action_tracker_target
     self.article.profile
   end
@@ -85,7 +90,28 @@ class Comment &lt; ActiveRecord::Base
     end
   end
  
-  after_create :notify_by_mail
+  after_create :schedule_notification
+
+  def schedule_notification
+    Delayed::Job.enqueue CommentHandler.new(self.id, :verify_and_notify)
+  end
+
+  delegate :environment, :to => :profile
+  delegate :profile, :to => :source
+
+  include Noosfero::Plugin::HotSpot
+
+  def verify_and_notify
+    check_for_spam
+    unless spam?
+      notify_by_mail
+    end
+  end
+
+  def check_for_spam
+    plugins.dispatch(:check_comment_for_spam, self)
+  end
+
   def notify_by_mail
     if source.kind_of?(Article) && article.notify_comments?
       if !article.profile.notification_emails.empty?
@@ -123,10 +149,14 @@ class Comment &lt; ActiveRecord::Base
   def self.as_thread
     result = {}
     root = []
-    all.each do |c|
+    order(:id).each do |c|
       c.replies = []
       result[c.id] ||= c
-      c.reply_of_id.nil? ? root << c : result[c.reply_of_id].replies << c
+      if result[c.reply_of_id]
+        result[c.reply_of_id].replies << c
+      else
+        root << c
+      end
     end
     root
   end
@@ -183,4 +213,34 @@ class Comment &lt; ActiveRecord::Base
     @rejected = true
   end
  
+  def spam?
+    !spam.nil? && spam
+  end
+
+  def ham?
+    !spam.nil? && !spam
+  end
+
+  def spam!
+    self.spam = true
+    self.save!
+    Delayed::Job.enqueue(CommentHandler.new(self.id, :marked_as_spam))
+    self
+  end
+
+  def ham!
+    self.spam = false
+    self.save!
+    Delayed::Job.enqueue(CommentHandler.new(self.id, :marked_as_ham))
+    self
+  end
+
+  def marked_as_spam
+    plugins.dispatch(:comment_marked_as_spam, self)
+  end
+
+  def marked_as_ham
+    plugins.dispatch(:comment_marked_as_ham, self)
+  end
+
 end
@@ -0,0 +1,10 @@
+class CommentHandler < Struct.new(:comment_id, :method)
+
+  def perform
+    comment = Comment.find(comment_id)
+    comment.send(method)
+  rescue ActiveRecord::RecordNotFound
+    # just ignore non-existing comments
+  end
+
+end
@@ -88,7 +88,7 @@ class Community &lt; Organization
   end
  
   def activities
-    Scrap.find_by_sql("SELECT id, updated_at, '#{Scrap.to_s}' AS klass FROM #{Scrap.table_name} WHERE scraps.receiver_id = #{self.id} AND scraps.scrap_id IS NULL UNION SELECT id, updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} WHERE action_tracker.target_id = #{self.id} UNION SELECT at.id, at.updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} at INNER JOIN articles a ON at.target_id = a.id WHERE a.profile_id = #{self.id} AND at.target_type = 'Article' ORDER BY updated_at DESC")
+    Scrap.find_by_sql("SELECT id, updated_at, '#{Scrap.to_s}' AS klass FROM #{Scrap.table_name} WHERE scraps.receiver_id = #{self.id} AND scraps.scrap_id IS NULL UNION SELECT id, updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} WHERE action_tracker.target_id = #{self.id} and action_tracker.verb != 'join_community' and action_tracker.verb != 'leave_scrap' UNION SELECT at.id, at.updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} at INNER JOIN articles a ON at.target_id = a.id WHERE a.profile_id = #{self.id} AND at.target_type = 'Article' ORDER BY updated_at DESC")
   end
  
 end
@@ -17,7 +17,7 @@ class Enterprise &lt; Organization
   after_save_reindex [:products], :with => :delayed_job
   extra_data_for_index :product_categories
   def product_categories
-    products.map{|p| p.category_full_name}.compact
+    products.includes(:product_category).map{|p| p.category_full_name}.compact
   end
  
   N_('Organization website'); N_('Historic and current context'); N_('Activities short description'); N_('City'); N_('State'); N_('Country'); N_('ZIP code')
@@ -123,10 +123,23 @@ class Environment &lt; ActiveRecord::Base
       'xmpp_chat' => _('XMPP/Jabber based chat'),
       'show_zoom_button_on_article_images' => _('Show a zoom link on all article images'),
       'captcha_for_logged_users' => _('Ask captcha when a logged user comments too'),
-      'skip_new_user_email_confirmation' => _('Skip e-mail confirmation for new users')
+      'skip_new_user_email_confirmation' => _('Skip e-mail confirmation for new users'),
+      'send_welcome_email_to_new_users' => _('Send welcome e-mail to new users'),
+      'allow_change_of_redirection_after_login' => _('Allow users to set the page to redirect after login')
     }
   end
  
+  def self.login_redirection_options
+    {
+      'keep_on_same_page' => _('Stays on the same page the user was before login.'),
+      'site_homepage' => _('Redirects the user to the environment homepage.'),
+      'user_profile_page' => _('Redirects the user to his profile page.'),
+      'user_homepage' => _('Redirects the user to his homepage.'),
+      'user_control_panel' => _('Redirects the user to his control panel.')
+    }
+  end
+  validates_inclusion_of :redirection_after_login, :in => Environment.login_redirection_options.keys, :allow_nil => true
+
   # #################################################
   # Relationships and applied behaviour
   # #################################################
@@ -530,6 +543,31 @@ class Environment &lt; ActiveRecord::Base
     signup_fields
   end
  
+  serialize :signup_welcome_text, Hash
+  def signup_welcome_text
+    self[:signup_welcome_text] ||= {}
+  end
+
+  def signup_welcome_text_subject
+    self.signup_welcome_text[:subject]
+  end
+
+  def signup_welcome_text_subject=(subject)
+    self.signup_welcome_text[:subject] = subject
+  end
+
+  def signup_welcome_text_body
+    self.signup_welcome_text[:body]
+  end
+
+  def signup_welcome_text_body=(body)
+    self.signup_welcome_text[:body] = body
+  end
+
+  def has_signup_welcome_text?
+    signup_welcome_text && !signup_welcome_text_body.blank?
+  end
+
   # #################################################
   # Validations
   # #################################################
@@ -591,8 +629,8 @@ class Environment &lt; ActiveRecord::Base
   end
  
   has_many :articles, :through => :profiles
-  def recent_documents(limit = 10)
-    self.articles.recent(limit)
+  def recent_documents(limit = 10, options = {}, pagination = true)
+    self.articles.recent(limit, options, pagination)
   end
  
   has_many :events, :through => :profiles, :source => :articles, :class_name => 'Event'
@@ -19,9 +19,15 @@ class ExternalFeed &lt; ActiveRecord::Base
     article.valid?
   end
  
+  def address=(new_address)
+    self.fetched_at = nil unless address == new_address
+    super(new_address)
+  end
+
   def clear
     # do nothing
   end
+
   def finish_fetch
     if self.only_once && self.update_errors.zero?
       self.enabled = false
@@ -22,8 +22,6 @@ class Person &lt; Profile
     super
   end
  
-  acts_as_having_hotspots
-
   named_scope :members_of, lambda { |resources|
     resources = [resources] if !resources.kind_of?(Array)
     conditions = resources.map {|resource| "role_assignments.resource_type = '#{resource.class.base_class.name}' AND role_assignments.resource_id = #{resource.id || -1}"}.join(' OR ')
@@ -32,7 +30,7 @@ class Person &lt; Profile
  
   def has_permission_with_plugins?(permission, profile)
     permissions = [has_permission_without_plugins?(permission, profile)]
-    permissions += enabled_plugins.map do |plugin|
+    permissions += plugins.map do |plugin|
       plugin.has_permission?(self, permission, profile)
     end
     permissions.include?(true)
@@ -73,10 +71,7 @@ class Person &lt; Profile
     Friendship.find(:all, :conditions => { :friend_id => person.id}).each { |friendship| friendship.destroy }
   end
  
-  after_destroy :destroy_user
-  def destroy_user
-    self.user.destroy if self.user
-  end
+  belongs_to :user, :dependent => :delete
  
   def can_control_scrap?(scrap)
     begin
@@ -253,7 +248,7 @@ class Person &lt; Profile
  
   def is_admin?(environment = nil)
     environment ||= self.environment
-    role_assignments.select { |ra| ra.resource == environment }.map{|ra|ra.role.permissions}.any? do |ps|
+    role_assignments.includes([:role, :resource]).select { |ra| ra.resource == environment }.map{|ra|ra.role.permissions}.any? do |ps|
       ps.any? do |p|
         ActiveRecord::Base::PERMISSIONS['Environment'].keys.include?(p)
       end
@@ -458,7 +453,7 @@ class Person &lt; Profile
   end
  
   def activities
-    Scrap.find_by_sql("SELECT id, updated_at, '#{Scrap.to_s}' AS klass FROM #{Scrap.table_name} WHERE scraps.receiver_id = #{self.id} AND scraps.scrap_id IS NULL UNION SELECT id, updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} WHERE action_tracker.user_id = #{self.id} ORDER BY updated_at DESC")
+    Scrap.find_by_sql("SELECT id, updated_at, '#{Scrap.to_s}' AS klass FROM #{Scrap.table_name} WHERE scraps.receiver_id = #{self.id} AND scraps.scrap_id IS NULL UNION SELECT id, updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} WHERE action_tracker.user_id = #{self.id} and action_tracker.verb != 'leave_scrap_to_self' and action_tracker.verb != 'add_member_in_community' ORDER BY updated_at DESC")
   end
  
   protected
 class Product < ActiveRecord::Base
+
   belongs_to :enterprise
   has_one :region, :through => :enterprise
   validates_presence_of :enterprise
@@ -163,7 +164,7 @@ class Product &lt; ActiveRecord::Base
  
   def total_production_cost
     return inputs_cost if price_details.empty?
-    inputs_cost + price_details.map(&:price).inject { |sum,price| sum + price }
+    inputs_cost + price_details.map(&:price).inject(0){ |sum,price| sum + price }
   end
  
   def price_described?
@@ -57,10 +57,12 @@ class Profile &lt; ActiveRecord::Base
     'view_private_content' => N_('View private content'),
     'publish_content'      => N_('Publish content'),
     'invite_members'       => N_('Invite members'),
+    'send_mail_to_members' => N_('Send e-Mail to members'),
   }
  
   acts_as_accessible
-  acts_as_having_hotspots
+
+  include Noosfero::Plugin::HotSpot
  
   named_scope :memberships_of, lambda { |person| { :select => 'DISTINCT profiles.*', :joins => :role_assignments, :conditions => ['role_assignments.accessor_type = ? AND role_assignments.accessor_id = ?', person.class.base_class.name, person.id ] } }
   #FIXME: these will work only if the subclass is already loaded
@@ -69,7 +71,7 @@ class Profile &lt; ActiveRecord::Base
   named_scope :templates, :conditions => {:is_template => true}
  
   def members
-    scopes = dispatch_scopes(:organization_members, self)
+    scopes = plugins.dispatch_scopes(:organization_members, self)
     scopes << Person.members_of(self)
     scopes.size == 1 ? scopes.first : Person.or_scope(scopes)
   end
@@ -113,6 +115,8 @@ class Profile &lt; ActiveRecord::Base
   has_many :scraps_received, :class_name => 'Scrap', :foreign_key => :receiver_id, :order => "updated_at DESC", :dependent => :destroy
   belongs_to :template, :class_name => 'Profile', :foreign_key => 'template_id'
  
+  has_many :comments_received, :class_name => 'Comment', :through => :articles, :source => :comments
+
   # FIXME ugly workaround
   def self.human_attribute_name(attrib)
       _(self.superclass.human_attribute_name(attrib))
@@ -255,7 +259,7 @@ class Profile &lt; ActiveRecord::Base
       self.categories(true)
       self.solr_save
     end
-	 self.categories(reload)
+    self.categories(reload)
   end
  
   def category_ids=(ids)
@@ -395,8 +399,8 @@ class Profile &lt; ActiveRecord::Base
   #
   # +limit+ is the maximum number of documents to be returned. It defaults to
   # 10.
-  def recent_documents(limit = 10, options = {})
-    self.articles.recent(limit, options)
+  def recent_documents(limit = 10, options = {}, pagination = true)
+    self.articles.recent(limit, options, pagination)
   end
  
   def last_articles(limit = 10, options = {})
@@ -968,4 +972,8 @@ private :generate_url, :url_options
     end
   end
  
+  validates_inclusion_of :redirection_after_login, :in => Environment.login_redirection_options.keys, :allow_nil => true
+  def preferred_login_redirection
+    redirection_after_login.blank? ? environment.redirection_after_login : redirection_after_login
+  end
 end
@@ -14,12 +14,13 @@ class ProfileListBlock &lt; Block
  
   def profile_list
     result = nil
+    visible_profiles = profiles.visible.includes([:image,:domains,:preferred_domain,:environment])
     if !prioritize_profiles_with_image
-      result = profiles.visible.all(:limit => limit, :order => 'updated_at DESC').sort_by{ rand }
-    elsif profiles.visible.with_image.count >= limit
-      result = profiles.visible.with_image.all(:limit => limit * 5, :order => 'updated_at DESC').sort_by{ rand }
+      result = visible_profiles.all(:limit => limit, :order => 'updated_at DESC').sort_by{ rand }
+    elsif visible_profiles.with_image.count >= limit
+      result = visible_profiles.with_image.all(:limit => limit * 5, :order => 'updated_at DESC').sort_by{ rand }
     else
-      result = profiles.visible.with_image.sort_by{ rand } + profiles.visible.without_image.all(:limit => limit * 5, :order => 'updated_at DESC').sort_by{ rand }
+      result = visible_profiles.with_image.sort_by{ rand } + visible_profiles.without_image.all(:limit => limit * 5, :order => 'updated_at DESC').sort_by{ rand }
     end
     result.slice(0..limit-1)
   end
@@ -16,11 +16,9 @@ class RecentDocumentsBlock &lt; Block
  
   include ActionController::UrlWriter
   def content(args={})
-    docs = self.limit.nil? ? owner.recent_documents : owner.recent_documents(self.limit)
-
+    docs = self.limit.nil? ? owner.recent_documents(nil, {}, false) : owner.recent_documents(self.limit, {}, false)
     block_title(title) +
     content_tag('ul', docs.map {|item| content_tag('li', link_to(h(item.title), item.url))}.join("\n"))
-
   end
  
   def footer
@@ -31,7 +31,7 @@ class Task &lt; ActiveRecord::Base
     end
   end
  
-  belongs_to :requestor, :class_name => 'Person', :foreign_key => :requestor_id
+  belongs_to :requestor, :class_name => 'Profile', :foreign_key => :requestor_id
   belongs_to :target, :foreign_key => :target_id, :polymorphic => true
  
   validates_uniqueness_of :code, :on => :create
@@ -67,7 +67,7 @@ class UploadedFile &lt; Article
       'upload-file'
     end
   end
-  
+
   def mime_type
     content_type
   end
@@ -129,6 +129,12 @@ class UploadedFile &lt; Article
     end
   end
  
+  def extension
+    dotindex = self.filename.rindex('.')
+    return nil unless dotindex
+    self.filename[(dotindex+1)..-1].downcase
+  end
+
   def allow_children?
     false
   end
@@ -144,4 +150,5 @@ class UploadedFile &lt; Article
   def uploaded_file?
     true
   end
+
 end
@@ -30,7 +30,7 @@ class User &lt; ActiveRecord::Base
  
   after_create do |user|
     user.person ||= Person.new
-    user.person.attributes = user.person_data.merge(:identifier => user.login, :user_id => user.id, :environment_id => user.environment_id)
+    user.person.attributes = user.person_data.merge(:identifier => user.login, :user => user, :environment_id => user.environment_id)
     user.person.name ||= user.login
     user.person.visible = false unless user.activated?
     user.person.save!
@@ -73,6 +73,18 @@ class User &lt; ActiveRecord::Base
         :environment => user.environment.name,
         :url => user.environment.top_url
     end
+
+    def signup_welcome_email(user)
+      email_body = user.environment.signup_welcome_text_body.gsub('{user_name}', user.name)
+      email_subject = user.environment.signup_welcome_text_subject
+
+      content_type 'text/html'
+      recipients user.email
+
+      from "#{user.environment.name} <#{user.environment.contact_email}>"
+      subject email_subject.blank? ? _("Welcome to environment %s") % [user.environment.name] : email_subject
+      body email_body
+    end
   end
  
   def signup!
@@ -88,13 +100,13 @@ class User &lt; ActiveRecord::Base
   attr_protected :activated_at
  
   # Virtual attribute for the unencrypted password
-  attr_accessor :password
+  attr_accessor :password, :name
  
   validates_presence_of     :login, :email
   validates_format_of       :login, :with => Profile::IDENTIFIER_FORMAT, :if => (lambda {|user| !user.login.blank?})
   validates_presence_of     :password,                   :if => :password_required?
-  validates_presence_of     :password_confirmation,      :if => :password_required?, :if => (lambda {|user| !user.password.blank?})
-  validates_length_of       :password, :within => 4..40, :if => :password_required?, :if => (lambda {|user| !user.password.blank?})
+  validates_presence_of     :password_confirmation,      :if => :password_required?
+  validates_length_of       :password, :within => 4..40, :if => :password_required?
   validates_confirmation_of :password,                   :if => :password_required?
   validates_length_of       :login,    :within => 2..40, :if => (lambda {|user| !user.login.blank?})
   validates_length_of       :email,    :within => 3..100, :if => (lambda {|user| !user.email.blank?})
@@ -117,7 +129,17 @@ class User &lt; ActiveRecord::Base
     self.activated_at = Time.now.utc
     self.activation_code = nil
     self.person.visible = true
-    self.person.save! && self.save!
+    begin
+      self.person.save! && self.save!
+    rescue Exception => exception
+      logger.error(exception.to_s)
+      false
+    else
+      if environment.enabled?('send_welcome_email_to_new_users') && environment.has_signup_welcome_text?
+        User::Mailer.delay.deliver_signup_welcome_email(self)
+      end
+      true
+    end
   end
  
   def activated?
@@ -228,7 +250,12 @@ class User &lt; ActiveRecord::Base
   end
  
   def name
-    person ? person.name : login
+    name = (self[:name] || login)
+    person.nil? ? name : (person.name || name)
+  end
+
+  def name= name
+   self[:name] = name
   end
  
   def enable_email!
@@ -274,6 +301,11 @@ class User &lt; ActiveRecord::Base
     15 # in minutes
   end
  
+
+  def not_require_password!
+    @is_password_required = false
+  end
+
   protected
     # before filter 
     def encrypt_password
@@ -282,9 +314,13 @@ class User &lt; ActiveRecord::Base
       self.password_type ||= User.system_encryption_method.to_s
       self.crypted_password = encrypt(password)
     end
-    
+
     def password_required?
-      crypted_password.blank? || !password.blank?
+      (crypted_password.blank? || !password.blank?) && is_password_required?
+    end
+
+    def is_password_required?
+      @is_password_required.nil? ? true : @is_password_required
     end
  
     def make_activation_code
@@ -292,6 +328,7 @@ class User &lt; ActiveRecord::Base
     end
  
     def deliver_activation_code
+      return if person.is_template?
       User::Mailer.deliver_activation_code(self) unless self.activation_code.blank?
     end
  
 <h1><%= _('Forgot your password?') %></h1>
  
-<%= error_messages_for :change_password %>
+<%= error_messages_for :change_password, :header_message => _('Instructions to password recovery could not be sent'), :message => nil %>
  
 <% labelled_form_for :change_password, @change_password, :url => { :action => 'forgot_password' } do |f| %>
  
@@ -13,6 +13,8 @@
  
      <%= f.password_field :password %>
  
+     <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }.join("") %>
+
      <% button_bar do %>
        <%= submit_button( 'login', _('Log in') )%>
        <% if is_thickbox %>
@@ -23,8 +25,13 @@
 <% end %>
  
 <% button_bar do %>
-  <%= button :add, _("New user"), :controller => 'account', :action => 'signup' %>
-  <%= button :help, _("I forgot my password!"), :controller => 'account', :action => 'forgot_password' %>
+  <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
+    <%= button :add, _("New user"), :controller => 'account', :action => 'signup' %>
+  <% end %>
+
+  <% unless @plugins.dispatch(:allow_password_recovery).include?(false) %>
+    <%= button :help, _("I forgot my password!"), :controller => 'account', :action => 'forgot_password' %>
+  <% end %>
 <% end %>
  
 </div><!-- end class="login-box" -->
@@ -9,25 +9,30 @@
   @user ||= User.new
 %>
  
-    <% labelled_form_for :user, @user,
-       :url => login_url do |f| %>
+    <% labelled_form_for :user, @user, :url => login_url do |f| %>
  
-         <%= f.text_field :login, :onchange => 'this.value = convToValidLogin( this.value )' %>
+      <%= f.text_field :login, :onchange => 'this.value = convToValidLogin( this.value )' %>
  
-         <%= f.password_field :password %>
+      <%= f.password_field :password %>
+
+      <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }.join("") %>
  
       <% button_bar do %>
         <%= submit_button( 'login', _('Log in') )%>
-        <%= link_to content_tag( 'span', _('New user') ),
-            { :controller => 'account', :action => 'signup' },
-            :class => 'button with-text icon-add' %>
+        <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
+          <%= link_to content_tag( 'span', _('New user') ),
+              { :controller => 'account', :action => 'signup' },
+              :class => 'button with-text icon-add' %>
+        <% end %>
       <% end %>
  
     <% end %>
  
-    <p class="forgot-passwd">
-      <%= link_to _("I forgot my password!"), :controller => 'account', :action => 'forgot_password' %>
-    </p>
+    <% unless @plugins.dispatch(:allow_password_recovery).include?(false) %>
+      <p class="forgot-passwd">
+        <%= link_to _("I forgot my password!"), :controller => 'account', :action => 'forgot_password' %>
+      </p>
+    <% end %>
  
     </div>
  
@@ -0,0 +1,7 @@
+<div class='description'>
+  <%= _('This text will be sent to new users if the feature "Send welcome e-mail to new users" is enabled on environment.') %><br/><br/>
+  <%= _('Including %s on body, it will be replaced by the real name of the e-mail recipient.') % content_tag('code', '{user_name}') %>
+</div>
+
+<%= labelled_form_field(_('Subject'), text_field(:environment, :signup_welcome_text_subject, :style => 'width:100%')) %>
+<%= labelled_form_field(_('Body'), text_area(:environment, :signup_welcome_text_body, :cols => 40, :style => 'width: 100%', :class => 'mceEditor')) %>
 <h1><%= _('Administrator Panel') %></h1>
  
-<p><%= _('You, as an environment administrator, has the following options:')%></p>
+<h2><%= _('System settings') %></h2>
  
 <table>
-  <tr><td><%= link_to _('Edit environment settings'), :action => 'site_info' %></td></tr>
-  <tr><td><%= link_to __('Edit message for disabled enterprises'), :action => 'message_for_disabled_enterprise' %></td></tr>
-  <tr><td><%= link_to _('Enable/disable features'), :controller => 'features' %></td></tr>
-  <tr><td><%= link_to _('Enable/disable plugins'), :controller => 'plugins' %></td></tr>
-  <tr><td><%= link_to _('Edit sideboxes'), :controller => 'environment_design'%></td></tr>
-  <tr><td><%= link_to _('Manage Categories'), :controller => 'categories'%></td></tr>
-  <tr><td><%= link_to _('Manage User roles'), :controller => 'role' %></td></tr>
-  <tr><td><%= link_to _('Manage users'), :controller => 'users' %></td></tr>
-  <tr><td><%= link_to _('Manage Validators by region'), :controller => 'region_validators' %></td></tr>
-  <tr><td><%= link_to _('Edit Templates'), :controller => 'templates' %></td></tr>
-  <tr><td><%= link_to _('Manage Fields'), :controller => 'features', :action => 'manage_fields' %></td></tr>
-  <tr><td><%= link_to _('Set Portal'), :action => 'set_portal_community' %></td></tr>
-  <tr><td><%= link_to _('Manage Licenses'), :controller =>'licenses' %></td></tr>
-  <% @plugins.dispatch(:admin_panel_links).each do |link| %>
+  <tr><td><%= link_to _('Environment settings'), :action => 'site_info' %></td></tr>
+  <tr><td><%= link_to _('Features'), :controller => 'features' %></td></tr>
+  <tr><td><%= link_to _('Plugins'), :controller => 'plugins' %></td></tr>
+  <tr><td><%= link_to _('Sideboxes'), :controller => 'environment_design'%></td></tr>
+  <tr><td><%= link_to _('Homepage'), :action => 'set_portal_community' %></td></tr>
+  <tr><td><%= link_to _('Licenses'), :controller =>'licenses' %></td></tr>
+</table>
+
+<h2><%= _('Profiles') %></h2>
+
+<table>
+  <tr><td><%= link_to _('User roles'), :controller => 'role' %></td></tr>
+  <tr><td><%= link_to _('Users'), :controller => 'users' %></td></tr>
+  <tr><td><%= link_to _('Profile templates'), :controller => 'templates' %></td></tr>
+  <tr><td><%= link_to _('Fields'), :controller => 'features', :action => 'manage_fields' %></td></tr>
+</table>
+
+
+<%
+  plugin_links = @plugins.dispatch(:admin_panel_links)
+%>
+<% unless plugin_links.empty? %>
+  <h2><%= _('Plugins') %></h2>
+  <table>
+  <% plugin_links.each do |link| %>
     <tr><td><%= link_to link[:title], link[:url] %></td></tr>
   <% end %>
+  </table>
+<% end %>
+
+<h2><%= _('Enterprise-related settings') %></h2>
+
+<table>
+  <tr><td><%= link_to __('Message for disabled enterprises'), :action => 'message_for_disabled_enterprise' %></td></tr>
+  <tr><td><%= link_to _('Validators by region'), :controller => 'region_validators' %></td></tr>
+  <tr><td><%= link_to _('Categories'), :controller => 'categories'%></td></tr>
 </table>
@@ -10,6 +10,8 @@
     :content => (render :partial => 'site_info', :locals => {:f => f})} %>
   <% tabs << {:title => _('Terms of use'), :id => 'terms-of-use',
     :content => (render :partial => 'terms_of_use', :locals => {:f => f})} %>
+  <% tabs << {:title => _('Signup welcome text'), :id => 'signup-welcome-text',
+    :content => (render :partial => 'signup_welcome_text', :locals => {:f => f})} %>
   <%= render_tabs(tabs) %>
   <% button_bar do %>
     <%= submit_button(:save, _('Save'), :cancel => {:action => 'index'}) %>
@@ -32,7 +32,7 @@
         { :profile => profile.identifier,
           :controller => 'contact',
           :action => 'new' },
-        :class => 'button with-text icon-menu-mail' %>
+        {:class => 'button with-text icon-menu-mail', :title => _('Send an e-mail to the administrators')} %>
       </li>
     <% end %>
  
@@ -0,0 +1,10 @@
+<% block_types.in_groups_of(2) do |block1, block2| %>
+  <div style='float: left; width: 48%; padding-top: 2px;'>
+    <%= labelled_radio_button(block1.description, :type, block1.name) %>
+  </div>
+  <% if block2 %>
+    <div style='float: left; width: 48%; padding-top: 2px;'>
+      <%= labelled_radio_button(block2.description, :type, block2.name) %>
+    </div>
+  <% end %>
+<% end %>
 <strong><%= _('Highlights') %></strong>
-<div id='edit-highlights-block'>
+<div id='edit-highlights-block' style='width:450px'>
 <table id='highlights' class='noborder'>
   <tr><th><%= _('Image') %></th><th><%= _('Address') %></th><th><%= _('Position') %></th><th><%= _('Title') %></th></tr>
   <% for image in @block.images do %>
 <strong><%= _('Links') %></strong>
-<div id='edit-link-list-block'>
+<div id='edit-link-list-block' style='width:450px'>
 <table id='links' class='noborder'>
   <tr><th><%= _('Icon') %></th><th><%= _('Name') %></th><th><%= _('Address') %></th></tr>
   <% for link in @block.links do %>
-<%= labelled_form_field(_('HTML code'), text_area(:block, :html, :style => 'width: 100%', :rows => 15)) %>
+<%= labelled_form_field(_('HTML code'), text_area(:block, :html, :style => 'width: 90%', :rows => 15)) %>
-<% form_tag do %>
-
-  <p><%= _('In what area do you want to put your new block?') %></p>
-
-  <%# FIXME hardcoded stuff %>
-  <%= select_tag('box_id', options_for_select(@boxes.select { |item| item.position != 1 }.map {|item| [ _("Area %d") % item.position, item.id]})) %>
-  
-  <p><%= _('Select the type of block you want to add to your page.') %></p>
-  
-  <% @block_types.in_groups_of(2) do |block1, block2| %>
-    <div style='float: left; width: 48%; padding-top: 2px;'>
-      <%= radio_button_tag('type', block1.name) %>
-      <%= label_tag "type_#{block1.name.downcase}", block1.description %>
+<div style='height:350px'>
+  <% form_tag do %>
+
+    <p><%= _('In what area do you want to put your new block?') %></p>
+
+    <% @boxes.each do |box| %>
+      <%= labelled_radio_button(_("Area %d") % box.position, :box_id, box.id, box.central?, { :class => 'box-position', 'data-position' => box.position })  %>
+    <% end %>
+
+    <script type="text/javascript">
+      (function ($) {
+        $(document).ready(function () {
+          $(".box-position").live('change', function () {
+            if ($(this).attr('data-position') == '1') {
+              $('#center-block-types').show();
+              $('#side-block-types').hide();
+            } else {
+              $('#center-block-types').hide();
+              $('#side-block-types').show();
+            };
+          });
+      })})(jQuery);
+    </script>
+
+    <p><%= _('Select the type of block you want to add to your page.') %></p>
+
+    <div id='center-block-types'>
+      <%= render :partial => 'block_types', :locals => { :block_types => @center_block_types } %>
     </div>
-    <% if block2 %>
-      <div style='float: left; width: 48%; padding-top: 2px;'>
-        <%= radio_button_tag('type', block2.name) %>
-        <%= label_tag "type_#{block2.name.downcase}", block2.description %>
-      </div>
+
+    <div id='side-block-types' style='display:none'>
+      <%= render :partial => 'block_types', :locals => { :block_types => @side_block_types } %>
+    </div>
+
+    <br style='clear: both'/>
+
+    <% button_bar do %>
+      <%= submit_button(:add, _("Add")) %>
+      <%= colorbox_close_button(_('Close')) %>
     <% end %>
-  <% end %>
-  <br style='clear: both'/>
-  
-  <% button_bar do %>
-    <%= submit_button(:add, _("Add")) %>
-    <%= lightbox_close_button(_('Close')) %>
-  <% end %>
  
-<% end %>
+  <% end %>
+</div>
-<h2><%= _('Editing block') %></h2>
+<div style='width: 500px;'>
+  <h2><%= _('Editing block') %></h2>
  
-<% form_tag(:action => 'save', :id => @block.id) do %>
+  <% form_tag(:action => 'save', :id => @block.id) do %>
  
-  <%= labelled_form_field(_('Custom title for this block: '), text_field(:block, :title, :maxlength => 20)) %>
+    <%= labelled_form_field(_('Custom title for this block: '), text_field(:block, :title, :maxlength => 20)) %>
  
-  <%= render :partial => partial_for_class(@block.class) %>
+    <%= render :partial => partial_for_class(@block.class) %>
  
-  <%= labelled_form_field _('Display this block:'), '' %>
-  <div style='margin-left: 10px'>
-    <%= radio_button(:block, :display, 'always') %>
-    <%= label_tag('block_display_always', _('In all pages')) %>
-    <br/>
-    <%= radio_button(:block, :display, 'home_page_only') %>
-    <%= label_tag('block_display_home_page_only', _('Only in the homepage')) %>
-    <br/>
-    <%= radio_button(:block, :display, 'except_home_page') %>
-    <%= label_tag('block_display_except_home_page', _('In all pages, except in the homepage')) %>
-    <br/>
-    <%= radio_button(:block, :display, 'never') %>
-    <%= label_tag('block_display_never', _("Don't display")) %>
-  </div>
+    <%= labelled_form_field _('Display this block:'), '' %>
+    <div style='margin-left: 10px'>
+      <%= radio_button(:block, :display, 'always') %>
+      <%= label_tag('block_display_always', _('In all pages')) %>
+      <br/>
+      <%= radio_button(:block, :display, 'home_page_only') %>
+      <%= label_tag('block_display_home_page_only', _('Only in the homepage')) %>
+      <br/>
+      <%= radio_button(:block, :display, 'except_home_page') %>
+      <%= label_tag('block_display_except_home_page', _('In all pages, except in the homepage')) %>
+      <br/>
+      <%= radio_button(:block, :display, 'never') %>
+      <%= label_tag('block_display_never', _("Don't display")) %>
+    </div>
  
-  <%= labelled_form_field(_('Show for:'), select(:block, :language, [ [ _('all languages'), 'all']] + Noosfero.locales.map {|key, value| [value, key]} )) %>
+    <%= labelled_form_field(_('Show for:'), select(:block, :language, [ [ _('all languages'), 'all']] + Noosfero.locales.map {|key, value| [value, key]} )) %>
  
-  <% button_bar do %>
-    <%= submit_button(:save, _('Save')) %>
-    <%= lightbox_close_button(_('Cancel')) %>
-  <% end %>
+    <% button_bar do %>
+      <%= submit_button(:save, _('Save')) %>
+      <%= colorbox_close_button(_('Cancel')) %>
+    <% end %>
  
-<% end %>
+  <% end %>
+</div>
 <h1><%= _('Editing sideboxes')%></h1>
  
 <% button_bar do %>
-  <%= lightbox_button('add', _('Add a block'), { :action => 'add_block' }) %> 
+  <%= colorbox_button('add', _('Add a block'), { :action => 'add_block' }) %>
   <%= button(:back, _('Back to control panel'), :controller => (profile.nil? ? 'admin_panel': 'profile_editor')) %>
 <% end %>
@@ -49,13 +49,13 @@
         <%= article.class.short_description %>
       </td>
       <td class="article-controls">
-        <%= button_without_text :edit, _('Edit'), :action => 'edit', :id => article.id %>
+        <%= expirable_button article, :edit, _('Edit'), {:action => 'edit', :id => article.id} if !remove_content_button(:edit) %>
         <%= button_without_text :eyes, _('Public view'), article.view_url %>
-        <%= display_spread_button(profile, article) unless article.folder? %>
-        <% if !environment.enabled?('cant_change_homepage') %>
-          <%= button_without_text :home, _('Use as homepage'), { :action => 'set_home_page', :id => article.id }, :method => :post %>
+        <%= display_spread_button(profile, article) unless article.folder? || remove_content_button(:spread)%>
+        <% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+          <%= expirable_button article, :home, _('Use as homepage'), { :action => 'set_home_page', :id => article.id }, :method => :post %>
         <% end %>
-        <%= display_delete_button(article) %>
+        <%= display_delete_button(article) if !remove_content_button(:delete) %>
       </td>
     </tr>
   <% end %>
-<h1><%= _('Send an e-mail to %s') % profile.name %></h1>
+<% if profile.person? %>
+  <h1><%= _('Send an e-mail to %s') % profile.name %></h1>
+<% else %>
+  <h1><%= _('Send an e-mail to administrators') %></h1>
  
-<%= error_messages_for 'contact' %>
+  <div class='tooltip'><%= _("The e-mail will be sent to the administrators of '%s'") % profile.name %></div>
+<% end %>
  
+<%= error_messages_for 'contact' %>
  
 <% labelled_form_for :contact, @contact do |f| %>
   <%= hidden_field_tag(:confirm, 'false') %>
 <div<%= user && " class='logged-in'" %>>
   <div id="article-actions">
  
-    <% if @page.allow_edit?(user) %>
-      <%= link_to content_tag( 'span', label_for_edit_article(@page) ),
-          profile.admin_url.merge({ :controller => 'cms', :action => 'edit', :id => @page.id }),
-          :class => 'button with-text icon-edit' %>
+
+    <% if @page.allow_edit?(user) && !remove_content_button(:edit) %>
+      <% content = content_tag('span', label_for_edit_article(@page)) %>
+      <% url = profile.admin_url.merge({ :controller => 'cms', :action => 'edit', :id => @page.id }) %>
+      <%= expirable_button @page, :edit, content, url %>
     <% end %>
  
-    <% if @page != profile.home_page && !@page.has_posts?  && @page.allow_delete?(user) %>
-      <%= link_to content_tag( 'span', _('Delete') ),
-        profile.admin_url.merge({ :controller => 'cms', :action => 'destroy', :id => @page}),
-        :method => :post,
-        :class => 'button with-text icon-delete',
-        :confirm => delete_article_message(@page) %>
+    <% if @page != profile.home_page && !@page.has_posts?  && @page.allow_delete?(user) && !remove_content_button(:delete)%>
+      <% content = content_tag( 'span', _('Delete') ) %>
+      <% url = profile.admin_url.merge({ :controller => 'cms', :action => 'destroy', :id => @page}) %>
+      <% options = {:method => :post, :confirm => delete_article_message(@page)} %>
+      <%= expirable_button @page, :delete, content, url, options %>
     <% end %>
  
-    <% if !@page.folder? && @page.allow_spread?(user) %>
+    <% if !@page.folder? && @page.allow_spread?(user) && !remove_content_button(:spread) %>
+      <% content = content_tag( 'span', _('Spread this') ) %>
+      <% url = nil %>
       <% if profile.kind_of?(Person) %>
-        <%= link_to content_tag( 'span', _('Spread this') ),
-            profile.admin_url.merge({ :controller => 'cms', :action => 'publish', :id => @page }),
-            :class => 'button with-text icon-spread' %>
+        <% url = profile.admin_url.merge({ :controller => 'cms', :action => 'publish', :id => @page }) %>
       <% elsif profile.kind_of?(Community) && environment.portal_community %>
-        <%= link_to content_tag( 'span', _('Spread this') ),
-            profile.admin_url.merge({ :controller => 'cms', :action => 'publish_on_portal_community', :id => @page }),
-            :class => 'button with-text icon-spread' %>
+        <% url = profile.admin_url.merge({ :controller => 'cms', :action => 'publish_on_portal_community', :id => @page }) %>
       <% end %>
+      <%= expirable_button @page, :spread, content, url if url %>
     <% end %>
  
     <% if !@page.gallery? && @page.allow_create?(user) %>
-      <%= link_to _('Add translation'),
-          profile.admin_url.merge(:controller => 'cms', :action => 'new',
-                                  :parent_id => (@page.folder? ? @page : (@page.parent.nil? ? nil : @page.parent)),
-                                  :type => @page.type, :article => { :translation_of_id => @page.native_translation.id }),
-          :class => 'button with-text icon-locale' if @page.translatable? && !@page.native_translation.language.blank? %>
+      <% if @page.translatable? && !@page.native_translation.language.blank? && !remove_content_button(:locale) %>
+        <% content = _('Add translation') %>
+        <% parent_id = (@page.folder? ? @page : (@page.parent.nil? ? nil : @page.parent)) %>
+        <% url = profile.admin_url.merge(:controller => 'cms', :action => 'new', :parent_id => parent_id, :type => @page.type, :article => { :translation_of_id => @page.native_translation.id })%>
+        <%= expirable_button @page, :locale, content, url %>
+      <% end %>
+
       <%= colorbox_button(:new, label_for_new_article(@page), profile.admin_url.merge(:controller => 'cms', :action => 'new', :parent_id => (@page.folder? ? @page : (@page.parent.nil? ? nil : @page.parent)))) %>
     <% end %>
  
@@ -40,8 +41,11 @@
       <%= button('upload-file', _('Upload files'), profile.admin_url.merge(:controller => 'cms', :action => 'upload_files', :parent_id => (@page.folder? ? @page : @page.parent))) %>
     <% end %>
  
-    <% if !@page.allow_create?(user) && profile.community? && (@page.blog? || @page.parent && @page.parent.blog?) %>
-      <%= link_to content_tag( 'span', _('Suggest an article') ), profile.admin_url.merge({ :controller => 'cms', :action => 'suggest_an_article'}), :id => 'suggest-article-link', :class => 'button with-text icon-new' %>
+    <% if !@page.allow_create?(user) && profile.community? && (@page.blog? || @page.parent && @page.parent.blog?) && !remove_content_button(:suggest) %>
+      <% content = content_tag( 'span', _('Suggest an article') ) %>
+      <% url = profile.admin_url.merge({ :controller => 'cms', :action => 'suggest_an_article'}) %>
+      <% options = {:id => 'suggest-article-link'} %>
+      <%= expirable_button @page, :suggest, content, url, options %>
     <% end %>
  
     <%= report_abuse(profile, :link, @page) %>
 <li id="<%= comment.anchor %>" class="article-comment">
   <div class="article-comment-inner">
  
-  <div class="comment-content comment-logged-<%= comment.author ? 'in' : 'out' %> <%= 'comment-from-owner' if ( comment.author && (@page.profile.name == comment.author.name) ) %>">
+  <div class="comment-content comment-logged-<%= comment.author ? 'in' : 'out' %> <%= 'comment-from-owner' if ( comment.author && (profile == comment.author) ) %>">
  
   <% if comment.author %>
     <%= link_to image_tag(profile_icon(comment.author, :minor)) +
@@ -29,17 +29,12 @@
   <% end %>
  
   <% comment_balloon do %>
-    <% if logged_in? && (user == @page.profile || user == comment.author || user.has_permission?(:moderate_comments, @page.profile)) %>
-      <% button_bar(:style => 'float: right; margin-top: 0px;') do %>
-        <%= icon_button(:delete, _('Remove this comment and all its replies'), { :profile => params[:profile], :remove_comment => comment.id, :view => params[:view] }, :method => :post, :confirm => _('Are you sure you want to remove this comment and all its replies?')) %>
-      <% end %>
-    <% end %>
  
     <div class="comment-details">
       <div class="comment-created-at">
         <%= show_time(comment.created_at) %>
       </div>
-      <h4><%= comment.title %></h4>
+      <h4><%= comment.title.blank? && '&nbsp;' || comment.title %></h4>
       <div class="comment-text">
         <p/>
         <%= txt2html comment.body %>
@@ -57,18 +52,42 @@
         </script>
       <% end %>
       <%= report_abuse(comment.author, :comment_link, comment) if comment.author %>
-      <%= link_to_function _('Reply'),
-          "var f = add_comment_reply_form(this, %s); f.find('input[name=comment[title]], textarea').val(''); return false" % comment.id,
+
+      <% if comment.spam? %>
+        &nbsp;
+        <%= link_to_function(_('Mark as NOT SPAM'), 'remove_comment(this, %s); return false;' % url_for(:mark_comment_as_ham => comment.id).to_json, :class => 'comment-footer comment-footer-link comment-footer-hide')  %>
+      <% else %>
+        <% if (logged_in? && (user == profile || user.has_permission?(:moderate_comments, profile))) %>
+          &nbsp;
+          <%= link_to_function(_('Mark as SPAM'), 'remove_comment(this, %s, %s); return false;' % [url_for(:mark_comment_as_spam => comment.id).to_json, _('Are you sure you want to mark this comment as SPAM?').to_json], :class => 'comment-footer comment-footer-link comment-footer-hide')  %>
+        <% end %>
+      <% end %>
+
+      <% if comment.author && comment.author == user %>
+        &nbsp;
+        <%= expirable_comment_link comment, :edit, _('Edit'), {:action => 'edit_comment', :id => comment.id, :profile => profile.identifier} %>
+      <% end %>
+
+      <% if logged_in? && (user == profile || user == comment.author || user.has_permission?(:moderate_comments, profile)) %>
+        &nbsp;
+        <%= link_to_function(_('Remove'), 'remove_comment(this, %s, %s); return false ;' % [url_for(:profile => params[:profile], :remove_comment => comment.id, :view => params[:view]).to_json, _('Are you sure you want to remove this comment and all its replies?').to_json], :class => 'comment-footer comment-footer-link comment-footer-hide remove-children') %>
+      <% end %>
+
+      <% unless comment.spam? %>
+        &nbsp;
+        <%= link_to_function _('Reply'),
+          "var f = add_comment_reply_form(this, %s); f.find('comment_title, textarea').val(''); return false" % comment.id,
           :class => 'comment-footer comment-footer-link comment-footer-hide',
           :id => 'comment-reply-to-' + comment.id.to_s
-      %>
+        %>
+      <% end %>
     </div>
  
   <% end %>
  
   </div>
  
-  <% unless comment.replies.blank? %>
+  <% unless comment.replies.blank? || comment.spam? %>
   <ul class="comment-replies">
     <% comment.replies.each do |reply| %>
       <%= render :partial => 'comment', :locals => { :comment => reply } %>
@@ -32,15 +32,17 @@ function submit_comment_form(button) {
  
 <div class="post_comment_box <%= @form_div %>">
  
-<h4 onclick="var d = jQuery(this).parent('.post_comment_box');
-             if (d.hasClass('closed')) {
-               d.removeClass('closed');
-               d.addClass('opened');
-               d.find('input[name=comment[title]], textarea').val('');
-               d.find('.comment_form input[name=comment[<%= focus_on %>]]').focus();
-             }">
-  <%= content_tag('a', '', :name => 'comment_form') + _('Post a comment') %>
-</h4>
+<% if display_link %>
+  <h4 onclick="var d = jQuery(this).parent('.post_comment_box');
+               if (d.hasClass('closed')) {
+                 d.removeClass('closed');
+                 d.addClass('opened');
+                 d.find('input[name=comment[title]], textarea').val('');
+                 d.find('.comment_form input[name=comment[<%= focus_on %>]]').focus();
+               }">
+    <%= content_tag('a', '', :name => 'comment_form') + _('Post a comment') %>
+  </h4>
+<% end %>
  
 <% unless pass_without_comment_captcha? %>
   <div id="recaptcha-container" style="display: none">
@@ -59,7 +61,7 @@ function submit_comment_form(button) {
   </script>
 <% end %>
  
-<% form_tag( url_for(@page.view_url.merge({:only_path => true})), { :class => 'comment_form' } ) do %>
+<% form_tag( url, { :class => 'comment_form' } ) do %>
   <%= hidden_field_tag(:confirm, 'false') %>
  
   <%= required_fields_message %>
@@ -84,7 +86,11 @@ function submit_comment_form(button) {
  
   <% button_bar do %>
     <%= submit_button('add', _('Post comment'), :onclick => "submit_comment_form(this); return false") %>
-    <%= button_to_function :cancel, _('Cancel'), "f=jQuery(this).parents('.post_comment_box'); f.removeClass('opened'); f.addClass('closed'); return false" %>
+    <% if cancel_triggers_hide %>
+      <%= button_to_function :cancel, _('Cancel'), "f=jQuery(this).parents('.post_comment_box'); f.removeClass('opened'); f.addClass('closed'); return false" %>
+    <% else %>
+      <%= button('cancel', _('Cancel'), {:action => 'view_page', :profile => profile.identifier, :page => @comment.article.explode_path})%>
+    <% end %>
   <% end %>
 <% end %>
  
@@ -0,0 +1,3 @@
+<h1><%= _('Edit comment') %></h1>
+
+<%= render :partial => 'comment_form', :locals => {:url => {:action => 'edit_comment', :profile => profile.identifier}, :display_link => false, :cancel_triggers_hide => false} %>
@@ -98,13 +98,7 @@
   </ul>
  
   <% if @page.accept_comments? %>
-    <div id="page-comment-form"><%= render :partial => 'comment_form' %></div>
-    <script type="text/javascript">
-      jQuery( function() {
-        jQuery('.article-comment').live('mouseover', function() { jQuery(this).find('.icon-delete:first').show(); });
-        jQuery('.article-comment').live('mouseout', function() { jQuery(this).find('.icon-delete').hide(); });
-      });
-    </script>
+    <div id="page-comment-form"><%= render :partial => 'comment_form', :locals => {:url => url_for(@page.view_url.merge({:only_path => true})), :display_link => true, :cancel_triggers_hide => true}%></div>
   <% end %>
 </div><!-- end class="comments" -->
  
@@ -26,17 +26,12 @@ Check all the features you want to enable for your environment, uncheck all the 
  
 <h2><%= _('Configure features') %></h2>
  
-<table>
-  <tr>
-    <th><%= _('Option') %></th>
-    <th><%= _('Choice') %></th>
-  </tr>
-  <tr>
-    <td><%= _('Organization Approval Method') %></td>
-    <td><%= select_organization_approval_method('environment', 'organization_approval_method') %></td>
-  </tr>
-</table>
-
+<h3><%= _('Page to redirect after login') %></h3>
+  <%=  select 'environment', 'redirection_after_login', Environment.login_redirection_options.map{|key,value|[value,key]} %>
+<hr/>
+<h3><%= _('Organization Approval Method') %></h3>
+  <%= select_organization_approval_method('environment', 'organization_approval_method') %>
+<hr/>
  
 <div>
   <% button_bar do %>
@@ -31,7 +31,7 @@
               :class => 'button icon-remove',
               :title => _('remove') %>
         <%= link_to content_tag('span',_('contact')),
-              friend.url.merge(:controller => 'contact', :action => 'new'),
+              friend.url.merge(:controller => 'contact', :action => 'new', :profile => friend.identifier),
               :class => 'button icon-menu-mail',
               :title => _('contact') %>
       </div><!-- end class="controll" -->
@@ -2,7 +2,8 @@
 'jquery.noconflict.js', 'jquery.cycle.all.min.js', 'thickbox.js', 'lightbox', 'colorbox',
 'jquery-ui-1.8.2.custom.min', 'jquery.scrollTo', 'jquery.form.js', 'jquery-validation/jquery.validate',
 'jquery.cookie', 'jquery.ba-bbq.min.js', 'reflection', 'jquery.tokeninput',
-'add-and-join', 'report-abuse', 'catalog', 'manage-products', :cache => 'cache-general' %>
+'add-and-join', 'report-abuse', 'catalog', 'manage-products',
+'jquery-ui-timepicker-addon', :cache => 'cache-general' %>
  
 <% language = FastGettext.locale %>
 <% %w{messages methods}.each do |type| %>
@@ -56,10 +56,18 @@
             <%= usermenu_logged_in %>
           </span>
           <span class='not-logged-in' style='display: none'>
-              <%= _("<span class='login'>%s</span> <span class='or'>or</span> <span class='signup'>%s</span>") % [thickbox_inline_popup_link('<i class="icon-menu-login"></i><strong>' + _('Login') + '</strong>', login_url, 'inlineLoginBox', :id => 'link_login'), link_to('<strong>' + _('Sign up') + '</strong>', :controller => 'account', :action => 'signup') ] %>
+
+              <%= _("<span class='login'>%s</span>") % thickbox_inline_popup_link('<i class="icon-menu-login"></i><strong>' + _('Login') + '</strong>', login_url, 'inlineLoginBox', :id => 'link_login') %>
+              <%= @plugins.dispatch(:alternative_authentication_link).collect { |content| instance_eval(&content) }.join("") %>
+
               <div id='inlineLoginBox' style='display: none;'>
                 <%= render :file => 'account/login', :locals => { :is_thickbox => true } %>
               </div>
+
+              <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
+              <%= _("<span class='or'>or</span> <span class='signup'>%s</span>") % link_to('<strong>' + _('Sign up') + '</strong>', :controller => 'account', :action => 'signup')%>
+              <% end %>
+
           </span>
           <form action="/search" class="search_form" method="get" class="clean">
             <input name="query" size="15" title="<%=_('Search...')%>" onfocus="this.form.className='focused';" onblur="this.form.className=''" />
 <h1><%= _('Manage plugins') %></h1>
-<%= _('Here you can enable or disable any plugin of your environment.')%>
+
+<p>
+<%= _('Select which plugins you want to enable in your environment') %>
+</p>
  
 <% labelled_form_for(:environment, @environment, :url => {:action => 'update'}) do |f| %>
  
-<table>
-  <tr>
-    <th><%= _('Plugin') %></th>
-    <th><%= _('Description') %></th>
-    <th><%= _('Enabled?') %></th>
-  </tr>
-  <%= hidden_field_tag('environment[enabled_plugins][]', '') %>
-  <% @active_plugins.each do |plugin|   %>
-    <tr>
-      <td><%= plugin.has_admin_url? ? link_to(plugin.plugin_name, plugin.admin_url) : plugin.plugin_name %></td>
-      <td><%= plugin.plugin_description %></td>
-      <td><%= check_box_tag "environment[enabled_plugins][]", plugin, @environment.enabled_plugins.include?(plugin.to_s), :id => plugin.plugin_name %></td>
-    </tr>
-  <% end %>
-</table>
+  <table>
+    <% @active_plugins.sort_by(&:plugin_name).each do |plugin|   %>
+      <tr>
+        <td style='vertical-align: top'><%= check_box_tag "environment[enabled_plugins][]", plugin, @environment.enabled_plugins.include?(plugin.to_s), :id => plugin.plugin_name %></td>
+        <td>
+          <%= hidden_field_tag('environment[enabled_plugins][]', '') %>
+          <strong><%= plugin.plugin_name %></strong>
+          <br/>
+          <%= plugin.plugin_description %>
+          <% if plugin.has_admin_url? %>
+            <br/>
+            <br/>
+            <%= link_to(_('Configuration'), plugin.admin_url) %>
+          <% end %>
+        </td>
+      </tr>
+    <% end %>
+  </table>
  
 <div>
   <% button_bar do %>
@@ -5,19 +5,35 @@
 <li class="article-comment" style='border-bottom:none;'>
   <div class="article-comment-inner">
  
-  <div class="comment-content comment-logged-in">
+  <div class="comment-content comment-logged-<%= comment.author ? 'in' : 'out' %>">
  
   <% if comment.author %>
     <%= link_to image_tag(profile_icon(comment.author, :minor)),
-        Person.find(comment.author_id).url,
+        comment.author_url,
         :class => 'comment-picture',
         :title => comment.author_name
     %>
+  <% else %>
+    <% url_image, status_class = comment.author_id ?
+       [comment.removed_user_image, 'icon-user-removed'] :
+       [str_gravatar_url_for( comment.email ), 'icon-user-unknown'] %>
+
+    <%= link_to(
+          image_tag(url_image, :onerror=>'gravatarCommentFailback(this)',
+                   'data-gravatar'=>str_gravatar_url_for(comment.email)) +
+          content_tag('span', comment.author_name, :class => 'comment-info') +
+          content_tag('span', comment.message,
+                   :class => 'comment-user-status comment-user-status-wall ' + status_class),
+        gravatar_profile_url(comment.email),
+        :target => '_blank',
+        :class => 'comment-picture',
+        :title => '%s %s' % [comment.author_name, comment.message]
+    )%>
   <% end %>
  
   <div class="comment-details">
     <div class="comment-text">
-      <%= link_to(comment.author_name, comment.author.url) %>
+      <%= comment.author.present? ? link_to(comment.author_name, comment.author.url) : content_tag('strong', comment.author_name) %>
       <% unless comment.title.blank? %>
         <span class="comment-title"><%= comment.title %></span><br/>
       <% end %>
@@ -30,7 +46,7 @@
  
   <% if logged_in? && (user == profile || user == comment.author || user.has_permission?(:moderate_comments, profile)) %>
     <% button_bar(:style => 'float: right; margin-top: 0px;') do %>
-      <%= icon_button(:delete, _('Remove'), { :action => :remove_comment, :comment_id => comment.id }, :method => :get, :confirm => _('Are you sure you want to remove this comment and all its replies?')) %>
+      <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.article-comment'", url_for(:profile => params[:profile], :action => :remove_comment, :comment_id => comment.id, :view => params[:view]).to_json, _('Are you sure you want to remove this comment and all its replies?').to_json], :class => 'button icon-button icon-delete') %>
     <% end %>
   <% end %>
   <br style="clear: both;" />
@@ -46,6 +62,10 @@
       </script>
     <% end %>
     <%= report_abuse(comment.author, :comment_link, comment) if comment.author %>
+    <% if comment.author && comment.author == user %>
+      <%= expirable_comment_link comment, :edit, _('Edit'), {:action => 'edit_comment', :id => comment.id, :profile => profile.identifier} %>
+      <%= content_tag('span', ' | ', :class => 'comment-footer comment-footer-hide') %>
+    <% end %>
     <%= link_to_function _('Reply'),
         "var f = add_comment_reply_form(this, %s); f.find('input[name=comment[title]], textarea').val(''); return false" % comment.id,
         :class => 'comment-footer comment-footer-link comment-footer-hide',
-
-<script type="text/javascript">
-  jQuery( function() {
-    var parent_selector = '.profile-wall-description, .profile-activity-description, .profile-network-description';
-    var child_selector = '.icon-delete, .icon-reply';
-    jQuery(parent_selector).live('mouseover', function () { jQuery(this).find(child_selector).css('visibility', 'visible'); });
-    jQuery(parent_selector).live('mouseout', function () { jQuery(this).find(child_selector).css('visibility', 'hidden'); });
-  });
-</script>
-
 <% unless @action %>
   <% cache_timeout(profile.cache_key + '-profile-general-info', 4.hours) do %>
     <tr>
@@ -15,7 +15,7 @@
   <p class='profile-activity-time'><%= time_ago_as_sentence(activity.created_at) %></p>
   <div class='profile-wall-actions'>
     <%= link_to s_('profile|Comment'), '#', { :class => 'focus-on-comment'} %>
-    <%= link_to_remote(content_tag(:span, _('Remove')), :url =>{:action => 'remove_activity', :activity_id => activity.id, :only_hide => true}, :confirm => _('Are you sure?'), :update => "profile-activity-item-#{activity.id}") if logged_in? && current_person == @profile %>
+    <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :only_hide => true, :view => params[:view]).to_json, _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %>
   </div>
 </div>
  
@@ -6,7 +6,7 @@
   <p class='profile-activity-time'><%= time_ago_as_sentence(activity.created_at) %></p>
   <div class='profile-wall-actions'>
     <%= link_to s_('profile|Comment'), '#', { :class => 'focus-on-comment'} %>
-    <%= link_to_remote(content_tag(:span, _('Remove')), :confirm => _('Are you sure?'), :url =>{:action => 'remove_activity', :activity_id => activity.id}, :update => "profile-activity-item-#{activity.id}") if logged_in? && current_person == @profile %>
+    <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]).to_json, _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %>
   </div>
 </div>
  
@@ -5,7 +5,7 @@
   <p class='profile-activity-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p>
   <p class='profile-activity-time'><%= time_ago_as_sentence(activity.created_at) %></p>
   <div class='profile-wall-actions'>
-    <%= link_to_remote(content_tag(:span, _('Remove')), :confirm => _('Are you sure?'), :url =>{:action => 'remove_activity', :activity_id => activity.id}, :update => "profile-activity-item-#{activity.id}") if logged_in? && current_person == @profile %>
+    <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]).to_json, _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %>
   </div>
 </div>
  
@@ -37,7 +37,7 @@
       <tr>
         <th colspan='2'><%= __('Enterprises') %></th>
       </tr>
-      <% profile.enterprises.each do |item| %>
+      <% profile.enterprises.includes(:environment,:domains, :preferred_domain).each do |item| %>
         <tr>
           <td></td>
           <td><%= button 'menu-enterprise', item.name, item.url %></td>
@@ -12,7 +12,7 @@
         <%= link_to_function s_('profile|Comment'), "hide_and_show(['#profile-wall-message-response-#{scrap.id}'],['#profile-wall-reply-#{scrap.id}', '#profile-wall-reply-form-#{scrap.id}']);$('reply_content_#{scrap.id}').value='';$('reply_content_#{scrap.id}').focus();return false", :class => "profile-send-reply" %>
       </span>
     <% end %>
-    <%= link_to_remote(content_tag(:span, _('Remove')), :confirm => _('Are you sure?'), :url =>{:action => 'remove_scrap', :scrap_id => scrap.id}, :update => "profile-activity-item-#{scrap.id}") if logged_in? && user.can_control_scrap?(scrap) %>
+    <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_scrap, :scrap_id => scrap.id, :view => params[:view]).to_json, _('Are you sure you want to remove this scrap and all its replies?').to_json]) if logged_in? && user.can_control_scrap?(scrap) %>
     </div>
   </div>
  
@@ -6,7 +6,7 @@
     <p class='profile-activity-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p>
     <p class='profile-activity-time'><%= time_ago_as_sentence(activity.created_at) %></p>
     <div class='profile-wall-actions'>
-      <%= link_to_remote(content_tag(:span, _('Remove')), :confirm => _('Are you sure?'), :url =>{:action => 'remove_activity', :activity_id => activity.id}, :update => "profile-activity-item-#{activity.id}") if logged_in? && current_person == @profile %>
+      <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]).to_json, _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %>
     </div>
   </div>
 </div>
@@ -16,8 +16,13 @@
  
 <% button_bar do %>
   <%= button :back, _('Go back'), { :controller => 'profile' } %>
-  <% if profile.community? and user and user.has_permission?(:invite_members, profile) %>
-    <%= button :search, _('Invite your friends to join %s') % profile.name, :controller => 'invite', :action => 'select_address_book' %>
+  <% if profile.community? and user %>
+    <% if user.has_permission?(:invite_members, profile) %>
+      <%= button :search, _('Invite your friends to join %s') % profile.name, :controller => 'invite', :action => 'select_address_book' %>
+    <% end %>
+    <% if user.has_permission?(:send_mail_to_members, profile) %>
+      <%= button :send, _('Send e-mail to members'), :controller => 'profile', :action => 'send_mail' %>
+    <% end %>
   <% end %>
 <% end %>
  
@@ -0,0 +1,14 @@
+<h1><%= h profile.short_name(50) %></h1>
+
+<h2><%= _('Send e-mail to members') %></h2>
+
+<%= error_messages_for :mailing %>
+
+<%= render :file => 'shared/tiny_mce' %>
+
+<% form_for :mailing, :url => {:action => 'send_mail'}, :html => {:id => 'mailing-form'} do |f| %>
+  <%= labelled_form_field(_('Subject:'), f.text_field(:subject)) %>
+  <%= labelled_form_field(_('Body:'), f.text_area(:body, :class => 'mceEditor')) %>
+  <%= submit_button(:send, _('Send')) %>
+  <%= button :cancel, _('Cancel e-mail'), :back %>
+<% end %>
@@ -24,61 +24,24 @@
   <h2><%= _('Privacy options') %></h2>
  
   <% if profile.person? %>
-  <table>
-    <tr>
-      <th style='text-align: right;'>
-        <%= _('This profile is:') %>
-      </th>
-      <th>
-        <%= radio_button 'profile_data', 'public_profile', 'true' %>
-        <label for="profile_data_public_profile_true"><u><%= _('Public') %></u></label>
-      </th>
-      <th style='padding: 2px 10px 2px 2px;'>
-        <%= radio_button 'profile_data', 'public_profile', 'false' %>
-        <label for="profile_data_public_profile_false"><u><%= _('Private') %></u></label>
-      </th>
-    </tr>
-    <tr>
-      <td> <%= _('Activate Intranet access (restricted area only for me)') %> </td><td><%= _('Yes') %></td><td><%= _('Yes') %></td>
-    </tr>
-    <tr>
-      <td> <%= _('Include my contact in directory of people') %> </td><td><%= _('Yes') %></td><td><%= _('Yes') %></td>
-    </tr>
-    <tr>
-      <td> <%= _('Show my contents to all internet users') %> </td><td><%= _('Yes') %></td><td><%= _('No') %></td>
-    </tr>
-    <tr>
-      <td> <%= _('Show my contents to my friends (person)') %> </td><td><%= _('Yes') %></td><td><%= _('Yes') %></td>
-    </tr>
-  </table>
+    <div>
+      <%= labelled_radio_button _('Public &mdash; show my contents to all internet users'), 'profile_data[public_profile]', true, @profile.public_profile? %>
+    </div>
+    <div>
+      <%= labelled_radio_button _('Private &mdash; show my contents only to friends'), 'profile_data[public_profile]', false, !@profile.public_profile? %>
+    </div>
   <% else %>
-  <table>
-    <tr>
-      <th style='text-align: right;'>
-        <%= _('This profile is:') %>
-      </th>
-      <th>
-        <%= radio_button 'profile_data', 'public_profile', 'true' %>
-        <label for="profile_data_public_profile_true"><u><%= _('Public') %></u></label>
-      </th>
-      <th style='padding: 2px 10px 2px 2px;'>
-        <%= radio_button 'profile_data', 'public_profile', 'false' %>
-        <label for="profile_data_public_profile_false"><u><%= _('Private') %></u></label>
-      </th>
-    </tr>
-    <tr>
-      <td> <%= _('Activate Intranet access (restricted area only for members)') %> </td><td><%= _('Yes') %></td><td><%= _('Yes') %></td>
-    </tr>
-    <tr>
-      <td> <%= _('Include this group directory of groups') %> </td><td><%= _('Yes') %></td><td><%= _('Yes') %></td>
-    </tr>
-    <tr>
-      <td> <%= _('Show content of this group to all internet users') %> </td><td><%= _('Yes') %></td><td><%= _('No') %></td>
-    </tr>
-    <tr>
-      <td> <%= _('Show content of this group to members') %> </td><td><%= _('Yes') %></td><td><%= _('Yes') %></td>
-    </tr>
-  </table>
+    <div>
+      <%= labelled_radio_button _('Public &mdash; show content of this group to all internet users'), 'profile_data[public_profile]', true, @profile.public_profile? %>
+    </div>
+    <div>
+      <%= labelled_radio_button _('Private &mdash; show content of this group only to members'), 'profile_data[public_profile]', false, !@profile.public_profile? %>
+    </div>
+  <% end %>
+
+  <% if environment.enabled?('allow_change_of_redirection_after_login') %>
+    <h2><%= _('Page to redirect after login') %></h2>
+    <%=  select 'profile_data', 'redirection_after_login', Environment.login_redirection_options.map{|key,value|[value,key]}, { :selected => @profile.preferred_login_redirection} %>
   <% end %>
  
   <h2><%= _('Translations') %></h2>
@@ -66,6 +66,8 @@
  
   <%= control_panel_button(_('Manage my groups'), 'groups', :controller => 'memberships') if profile.person? %>
  
+  <%= control_panel_button(_('Manage SPAM'), 'manage-spam', :controller => 'spam', :action => 'index') %>
+
   <% @plugins.dispatch(:control_panel_buttons).each do |button| %>
     <%= control_panel_button(button[:title], button[:icon], button[:url]) %>
   <% end %>
@@ -4,7 +4,9 @@
   <% if profile.community? and user.has_permission?(:invite_members, profile) %>
     <%= button :search, _('Invite your friends to join %s') % profile.short_name, :controller => 'invite', :action => 'select_address_book' %>
   <% end %>
-  <%= button :send, _('Send e-mail to members'), :action => 'send_mail' %>
+  <% if profile.community? and user.has_permission?(:send_mail_to_members, profile) %>
+    <%= button :send, _('Send e-mail to members'), :controller => 'profile', :action => 'send_mail' %>
+  <% end %>
   <% @plugins.dispatch(:manage_members_extra_buttons).each do |plugin_button| %>
     <%= button plugin_button[:icon], plugin_button[:title], plugin_button[:url] %>
   <% end %>
@@ -1,14 +0,0 @@
-<h1><%= h profile.short_name(50) %></h1>
-
-<h2><%= _('Send e-mail to members') %></h2>
-
-<%= error_messages_for :mailing %>
-
-<%= render :file => 'shared/tiny_mce' %>
-
-<% form_for :mailing, :url => {:action => 'send_mail'}, :html => {:id => 'mailing-form'} do |f| %>
-  <%= labelled_form_field(_('Subject:'), f.text_field(:subject)) %>
-  <%= labelled_form_field(_('Body:'), f.text_area(:body, :class => 'mceEditor')) %>
-  <%= submit_button(:send, _('Send')) %>
-  <%= button :cancel, _('Cancel e-mail'), :action => 'index' %>
-<% end %>
-<div id="search-results" class="<%= @results.size == 1 ? 'only-one-result-box' : 'multiple-results-boxes' %>">
+<div id="search-results" class="<%= !multiple_search? ? 'only-one-result-box' : 'multiple-results-boxes' %>">
   <% @order.each do |name| %>
     <% results = @results[name] %>
     <% empty = results.nil? || results.empty? %>
@@ -7,7 +7,7 @@
       <% if not empty %>
         <% partial = partial_for_class(results.first.class.class_name.constantize) %>
  
-        <% if @results.size > 1 %>
+        <% if multiple_search? %>
           <h3><%= @names[name] %></h3>
           <% if results.total_entries > SearchController::MULTIPLE_SEARCH_LIMIT %>
             <%= link_to(_('see all (%d)') % results.total_entries, params.merge(:action => name), :class => 'see-more' ) %>
@@ -22,9 +22,10 @@
           </ul>
         </div>
       <% else %>
-        <% if @results.size > 1 %>
+        <% if multiple_search? %>
           <h3><%= @names[name] %></h3>
         <% end %>
+
         <div class="search-results-innerbox search-results-type-empty">
           <div> <%= _('None') %> </div>
         </div>
 <div class="search-image-container">
  
   <% if image.is_a? UploadedFile and image.filename %>
-    <% extension = image.filename[(image.filename.rindex('.')+1)..-1].downcase %>
+    <% extension = image.extension %>
     <% if ['jpg', 'jpeg', 'gif', 'png', 'tiff', 'svg'].include? extension %>
       <%= link_to '', image.view_url, :class => "search-image-pic", :style => 'background-image: url(%s)'% image.public_filename(:thumb) %>
       <% if image.width && image.height %>
 <li class="search-profile-item">
-<% if @empty_query or @results.size > 1 or !profile.enterprise?  %>
+<% if @empty_query or multiple_search? or !profile.enterprise?  %>
   <%= profile_image_link profile, :portrait, 'div',
     @filter == 'more_recent' ? profile.send(@filter + '_label') + show_date(profile.created_at) : profile.send(@filter + '_label') %>
 <% else %>
@@ -4,7 +4,7 @@
   <% if logged_in? %>
     <% button_bar do %>
       <%# FIXME shouldn't the user create the community in the current environment instead of going to its home environment? %>
-      <%= button(:add, __('New community'), user.url.merge(:controller => 'memberships', :action => 'new_community')) %>
+      <%= button(:add, __('New community'), user.url.merge(:controller => 'memberships', :action => 'new_community', :profile => user.identifier)) %>
     <% end %>
   <% end %>
  
@@ -0,0 +1,20 @@
+<h1><%= _('Manage SPAM') %></h1>
+
+<% button_bar do %>
+  <%= button :back, _('Back to control panel'), :controller => :profile_editor %>
+<% end %>
+
+<%# FIXME should not need to replicate the article structure like this to be able to use the same formatting as the comments listing %>
+<div id='article'>
+  <div class="comments" id="comments_list">
+    <ul class="article-comments-list">
+      <%= render :partial => 'content_viewer/comment', :collection => @spam %>
+    </ul>
+  </div>
+</div>
+
+<%= pagination_links @spam %>
+
+<% button_bar do %>
+  <%= button :back, _('Back to control panel'), :controller => :profile_editor %>
+<% end %>
@@ -50,13 +50,13 @@
   <% fields_for "tasks[#{task.id}][task]", task do |f| %>
     <% if task.accept_details %>
       <div id="on-accept-information-<%=task.id%>" style="display: none">
-        <%= render :partial => partial_for_task_class(task.class, :accept_details), :locals => {:task => task, :f => f} %>
+        <%= render :partial => partial_for_class(task.class, :accept_details), :locals => {:task => task, :f => f} %>
       </div>
     <% end %>
  
     <% if task.reject_details %>
       <div id="on-reject-information-<%=task.id%>" style="display: none">
-        <%= render :partial => partial_for_task_class(task.class, :reject_details), :locals => {:task => task, :f => f} %>
+        <%= render :partial => partial_for_class(task.class, :reject_details), :locals => {:task => task, :f => f} %>
       </div>
     <% end %>
   <% end %>
@@ -7,7 +7,7 @@
   <ul>
     <% @tasks.each do |item| %>
       <li>
-        <strong><%= item.information %></strong> <br/>
+        <strong><%= task_information(item) %></strong> <br/>
         <small>
           <%= _('Created:')   +' '+ show_date(item.created_at) %>
           &nbsp; &#151; &nbsp;
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+  </head>
+  <body>
+    <p><%= word_wrap @body %></p>
+  </body>
+</html>
@@ -23,7 +23,28 @@ ActionTrackerConfig.verbs = {
   },
  
   :upload_image => { 
-    :description => lambda { n_('uploaded 1 image<br />%{thumbnails}<br style="clear: both;" />', 'uploaded %{num} images<br />%{thumbnails}<br style="clear: both;" />', get_view_url.size) % { :num => get_view_url.size, :thumbnails => '{{ta.collect_group_with_index(:thumbnail_path){ |t,i| content_tag(:span, link_to(image_tag(t), ta.get_view_url[i]))}.last(3).join}}' } },
+    :description => lambda do
+      total = get_view_url.size
+      n_('uploaded 1 image', 'uploaded %d images', total) % total +
+      '<br />{{'+
+      'ta.collect_group_with_index(:thumbnail_path) { |t,i|' +
+      "  if ( #{total} == 1 );" +
+      '    link_to( image_tag(t), ta.get_view_url[i], :class => \'upimg\' );' +
+      '   else;' +
+      "    pos = #{total}-i;" +
+      '    morethen2 = pos>2 ? \'morethen2\' : \'\';' +
+      '    morethen5 = pos>5 ? \'morethen5\' : \'\';' +
+      '    t = t.gsub(/(.*)(display)(.*)/, \'\\1thumb\\3\');' +
+      '    link_to( \'&nbsp;\', ta.get_view_url[i],' +
+      '      :style => "background-image:url(#{t})",' +
+      '      :class => "upimg pos#{pos} #{morethen2} #{morethen5}" );' +
+      '  end' +
+      '}.reverse.join}}' +
+      ( total > 5 ?
+        '<span class="more" onclick="this.parentNode.className+=\' show-all\'">' +
+        '&hellip;</span>' : '' ) +
+      '<br style="clear: both;" />'
+    end,
     :type => :groupable
   },
  
 require 'noosfero/plugin'
-require 'noosfero/plugin/acts_as_having_hotspots'
+require 'noosfero/plugin/hot_spot'
 require 'noosfero/plugin/manager'
-require 'noosfero/plugin/context'
 require 'noosfero/plugin/active_record'
 require 'noosfero/plugin/mailer_base'
 Noosfero::Plugin.init_system if $NOOSFERO_LOAD_PLUGINS
@@ -19,16 +19,17 @@ ActionController::Routing::Routes.draw do |map|
  
   # -- just remember to delete public/index.html.
   # You can have the root of your site routed by hooking up ''
+  map.root :controller => "home", :conditions => { :if => lambda { |env| !Domain.hosting_profile_at(env[:host]) } }
   map.connect '', :controller => "home", :conditions => { :if => lambda { |env| !Domain.hosting_profile_at(env[:host]) } }
   map.home 'site/:action', :controller => 'home'
  
-  map.connect 'images/*stuff', :controller => 'not_found', :action => 'index'
-  map.connect 'stylesheets/*stuff', :controller => 'not_found', :action => 'index'
-  map.connect 'designs/*stuff', :controller => 'not_found', :action => 'index'
-  map.connect 'articles/*stuff', :controller => 'not_found', :action => 'index'
-  map.connect 'javascripts/*stuff', :controller => 'not_found', :action => 'index'
-  map.connect 'thumbnails/*stuff', :controller => 'not_found', :action => 'index'
-  map.connect 'user_themes/*stuff', :controller => 'not_found', :action => 'index'
+  map.connect 'images/*stuff', :controller => 'not_found', :action => 'nothing'
+  map.connect 'stylesheets/*stuff', :controller => 'not_found', :action => 'nothing'
+  map.connect 'designs/*stuff', :controller => 'not_found', :action => 'nothing'
+  map.connect 'articles/*stuff', :controller => 'not_found', :action => 'nothing'
+  map.connect 'javascripts/*stuff', :controller => 'not_found', :action => 'nothing'
+  map.connect 'thumbnails/*stuff', :controller => 'not_found', :action => 'nothing'
+  map.connect 'user_themes/*stuff', :controller => 'not_found', :action => 'nothing'
  
   # online documentation
   map.doc         'doc', :controller => 'doc', :action => 'index'
@@ -121,9 +122,12 @@ ActionController::Routing::Routes.draw do |map|
   # cache stuff - hack
   map.cache 'public/:action/:id', :controller => 'public'
  
+  map.connect ':profile/edit_comment/:id/*page', :controller => 'content_viewer', :action => 'edit_comment', :profile => /#{Noosfero.identifier_format}/
+
   # match requests for profiles that don't have a custom domain
   map.homepage ':profile/*page', :controller => 'content_viewer', :action => 'view_page', :profile => /#{Noosfero.identifier_format}/, :conditions => { :if => lambda { |env| !Domain.hosting_profile_at(env[:host]) } }
  
+
   # match requests for content in domains hosted for profiles
   map.connect '*page', :controller => 'content_viewer', :action => 'view_page'
  
@@ -0,0 +1,23 @@
+class AddPermissionForSendMailToMembersToAdminAndModeratorRoles < ActiveRecord::Migration
+  def self.up
+    Environment.all.map(&:id).each do |id|
+      role = Profile::Roles.admin(id)
+      role.permissions += ['send_mail_to_members']
+      role.save!
+      role = Profile::Roles.moderator(id)
+      role.permissions += ['send_mail_to_members']
+      role.save!
+    end
+  end
+
+  def self.down
+    Environment.all.map(&:id).each do |id|
+      role = Profile::Roles.admin(id)
+      role.permissions -= ['send_mail_to_members']
+      role.save!
+      role = Profile::Roles.moderator(id)
+      role.permissions -= ['send_mail_to_members']
+      role.save!
+    end
+  end
+end
@@ -0,0 +1,9 @@
+class AddRedirectionAfterLoginToEnvironment < ActiveRecord::Migration
+  def self.up
+    add_column :environments, :redirection_after_login, :string, :default => 'keep_on_same_page'
+  end
+
+  def self.down
+    remove_column :environments, :redirection_after_login
+  end
+end
@@ -0,0 +1,9 @@
+class AddRedirectionAfterLoginToProfiles < ActiveRecord::Migration
+  def self.up
+    add_column :profiles, :redirection_after_login, :string
+  end
+
+  def self.down
+    remove_column :profiles, :redirection_after_login
+  end
+end
@@ -0,0 +1,11 @@
+class AddUserAgentAndReferrerToComments < ActiveRecord::Migration
+  def self.up
+    add_column :comments, :user_agent, :string
+    add_column :comments, :referrer, :string
+  end
+
+  def self.down
+    remove_column :comments, :user_agent
+    remove_column :comments, :referrer
+  end
+end
@@ -0,0 +1,9 @@
+class AddSignupWelcomeText < ActiveRecord::Migration
+  def self.up
+    add_column :environments, :signup_welcome_text, :text
+  end
+
+  def self.down
+    remove_column :environments, :signup_welcome_text
+  end
+end
@@ -9,7 +9,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
  
-ActiveRecord::Schema.define(:version => 20120818030329) do
+ActiveRecord::Schema.define(:version => 20121008185303) do
  
   create_table "abuse_reports", :force => true do |t|
     t.integer  "reporter_id"
@@ -213,6 +213,8 @@ ActiveRecord::Schema.define(:version =&gt; 20120818030329) do
     t.string   "ip_address"
     t.boolean  "spam"
     t.string   "source_type"
+    t.string   "user_agent"
+    t.string   "referrer"
   end
  
   create_table "contact_lists", :force => true do |t|
@@ -259,6 +261,8 @@ ActiveRecord::Schema.define(:version =&gt; 20120818030329) do
     t.datetime "created_at"
     t.datetime "updated_at"
     t.integer  "reports_lower_bound",          :default => 0,         :null => false
+    t.string   "redirection_after_login",      :default => "keep_on_same_page"
+    t.text     "signup_welcome_text"
   end
  
   create_table "external_feeds", :force => true do |t|
@@ -436,6 +440,7 @@ ActiveRecord::Schema.define(:version =&gt; 20120818030329) do
     t.string   "national_region_code"
     t.boolean  "is_template",                        :default => false
     t.integer  "template_id"
+    t.string   "redirection_after_login"
   end
  
   add_index "profiles", ["environment_id"], :name => "index_profiles_on_environment_id"
+noosfero (0.39.0~1) UNRELEASED; urgency=low
+
+  * Pre-release to test the antispam mechanism.
+
+ -- Antonio Terceiro <terceiro@debian.org>  Thu, 30 Aug 2012 14:55:10 -0300
+
+noosfero (0.38.2) unstable; urgency=low
+
+  * Bugfixes release
+
+ -- Antonio Terceiro <terceiro@colivre.coop.br>  Wed, 05 Sep 2012 10:07:58 -0300
+
 noosfero (0.38.1) unstable; urgency=low
  
   * Bugfixes release
@@ -62,8 +62,7 @@ Description: free web-based platform for social networks
  
 Package: noosfero-apache
 Architecture: all
-Depends: apache2, debconf
-Suggests: noosfero
+Depends: apache2, debconf, noosfero
 Description: free web-based platform for social networks (apache frontend)
  Noosfero is a web platform for social and solidarity economy networks with
  blog, e-Porfolios, CMS, RSS, thematic discussion, events agenda and collective
@@ -2,4 +2,7 @@
  
 set -e
  
-cd /usr/share/noosfero && su noosfero -c "./script/console production"
+environment="$1"
+test -z "$environment" && environment=production
+
+cd /usr/share/noosfero && su noosfero -c "./script/console $environment"
 sub vcl_recv {
+  if (req.request == "GET" || req.request == "HEAD") {
     if (req.http.Cookie) {
-        # We only care about the "_noosfero_session.*" cookie, used for
-        # authentication.
-        if (req.http.Cookie ~ "_noosfero_session.*" ) {
-             return (pass);
-        }
-        # Else strip all cookies
+      # We only care about the "_noosfero_session.*" cookie, used for
+      # authentication.
+      if (req.http.Cookie !~ "_noosfero_session.*" ) {
+        # strip all cookies
         unset req.http.Cookie;
+      }
     }
+  }
 }
  
 sub vcl_error {
@@ -8,7 +8,7 @@ Feature: edit environment templates
   Scenario: See links to edit all templates
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Edit Templates"
+    And I follow "Profile templates"
     Then I should see "Person template" link
     And I should see "Community template" link
     And I should see "Enterprise template" link
@@ -17,28 +17,28 @@ Feature: edit environment templates
   Scenario: Go to control panel of person template
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Edit Templates"
+    And I follow "Profile templates"
     And I follow "Person template"
     Then I should be on Person template's control panel
  
   Scenario: Go to control panel of enterprise template
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Edit Templates"
+    And I follow "Profile templates"
     And I follow "Enterprise template"
     Then I should be on Enterprise template's control panel
  
   Scenario: Go to control panel of inactive enterprise template
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Edit Templates"
+    And I follow "Profile templates"
     And I follow "Inactive enterprise template"
     Then I should be on Inactive Enterprise template's control panel
  
   Scenario: Go to control panel of community template
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Edit Templates"
+    And I follow "Profile templates"
     And I follow "Community template"
     Then I should be on Community template's control panel
  
@@ -46,7 +46,7 @@ Feature: edit environment templates
     Given that the default environment have no Inactive Enterprise template
     And I am logged in as admin
     When I follow "Administration"
-    And I follow "Edit Templates"
+    And I follow "Profile templates"
     Then I should see "Person template" link
     And I should see "Community template" link
     And I should see "Enterprise template" link
...	...	@@ -15,6 +15,10 @@ Noosfero was tested with Varnish 2.x. If you are using a Debian Lenny (and you
15	15	should, unless Debian already released Squeeze by now), make sure you install
16	16	varnish from the lenny-backports suite.
17	17
	18	+Install the RPAF apache module (or skip this step if not using apache):
	19	+
	20	+ # apt-get install libapache2-mod-rpaf
	21	+
18	22	3) Enable varnish logging:
19	23
20	24	3a) Edit /etc/default/varnishncsa and uncomment the line that contains:
...	...
...	...	@@ -7,11 +7,12 @@ class UsersController < AdminController
7	7	format.html
8	8	format.xml do
9	9	@users = User.find(:all, :conditions => {:environment_id => environment.id}, :include => [:person])
10		- render :xml => @users.to_xml(
11		- :skip_types => true,
12		- :only => %w[email login created_at updated_at],
13		- :include => { :person => {:only => %w[name updated_at created_at address birth_date contact_phone identifier lat lng] } }
14		- )
	10	+ send_data @users.to_xml(
	11	+ :skip_types => true,
	12	+ :only => %w[email login created_at updated_at],
	13	+ :include => { :person => {:only => %w[name updated_at created_at address birth_date contact_phone identifier lat lng] } }),
	14	+ :type => 'text/xml',
	15	+ :disposition => "attachment; filename=users.xml"
15	16	end
16	17	format.csv do
17	18	@users = User.find(:all, :conditions => {:environment_id => environment.id}, :include => [:person])
...	...
...	...	@@ -101,9 +101,10 @@ class ApplicationController < ActionController::Base
101	101	end
102	102	end
103	103
	104	+ include Noosfero::Plugin::HotSpot
	105	+
104	106	def init_noosfero_plugins
105		- @plugins = Noosfero::Plugin::Manager.new(self)
106		- @plugins.each do \|plugin\|
	107	+ plugins.each do \|plugin\|
107	108	prepend_view_path(plugin.class.view_path)
108	109	end
109	110	init_noosfero_plugins_controller_filters
...	...	@@ -112,8 +113,10 @@ class ApplicationController < ActionController::Base
112	113	# This is a generic method that initialize any possible filter defined by a
113	114	# plugin to the current controller being initialized.
114	115	def init_noosfero_plugins_controller_filters
115		- @plugins.each do \|plugin\|
116		- plugin.send(self.class.name.underscore + '_filters').each do \|plugin_filter\|
	116	+ plugins.each do \|plugin\|
	117	+ filters = plugin.send(self.class.name.underscore + '_filters')
	118	+ filters = [filters] if !filters.kind_of?(Array)
	119	+ filters.each do \|plugin_filter\|
117	120	self.class.send(plugin_filter[:type], plugin.class.name.underscore + '_' + plugin_filter[:method_name], (plugin_filter[:options] \|\| {}))
118	121	self.class.send(:define_method, plugin.class.name.underscore + '_' + plugin_filter[:method_name], plugin_filter[:block])
119	122	end
...	...
...	...	@@ -68,7 +68,8 @@ class BoxOrganizerController < ApplicationController
68	68	raise ArgumentError.new("Type %s is not allowed. Go away." % type)
69	69	end
70	70	else
71		- @block_types = available_blocks
	71	+ @center_block_types = Box.acceptable_center_blocks & available_blocks
	72	+ @side_block_types = Box.acceptable_side_blocks & available_blocks
72	73	@boxes = boxes_holder.boxes
73	74	render :action => 'add_block', :layout => false
74	75	end
...	...
...	...	@@ -5,7 +5,7 @@ class ProfileDesignController < BoxOrganizerController
5	5	protect 'edit_profile_design', :profile
6	6
7	7	def available_blocks
8		- blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock, LinkListBlock, MyNetworkBlock, FeedReaderBlock, ProfileImageBlock, LocationBlock, SlideshowBlock, ProfileSearchBlock ]
	8	+ blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock, LinkListBlock, MyNetworkBlock, FeedReaderBlock, ProfileImageBlock, LocationBlock, SlideshowBlock, ProfileSearchBlock, HighlightsBlock ]
9	9
10	10	# blocks exclusive for organizations
11	11	if profile.has_members?
...	...
...	...	@@ -156,18 +156,4 @@ class ProfileMembersController < MyProfileController
156	156	end
157	157	end
158	158
159		- def send_mail
160		- @mailing = profile.mailings.build(params[:mailing])
161		- if request.post?
162		- @mailing.locale = locale
163		- @mailing.person = user
164		- if @mailing.save
165		- session[:notice] = _('The e-mails are being sent')
166		- redirect_to :action => 'index'
167		- else
168		- session[:notice] = _('Could not create the e-mail')
169		- end
170		- end
171		- end
172		-
173	159	end
...	...
...	...	@@ -0,0 +1,40 @@
	1	+class SpamController < MyProfileController
	2	+
	3	+ protect :moderate_comments, :profile
	4	+
	5	+ def index
	6	+ if request.post?
	7	+ begin
	8	+ # FIXME duplicated logic
	9	+ #
	10	+ # This logic more or less replicates what is already in
	11	+ # ContentViewerController#view_page,
	12	+ # ContentViewerController#remove_comment and
	13	+ # ContentViewerController#mark_comment_as_spam
	14	+ if params[:remove_comment]
	15	+ profile.comments_received.find(params[:remove_comment]).destroy
	16	+ end
	17	+ if params[:mark_comment_as_ham]
	18	+ profile.comments_received.find(params[:mark_comment_as_ham]).ham!
	19	+ end
	20	+ if request.xhr?
	21	+ json_response(true)
	22	+ else
	23	+ redirect_to :action => :index
	24	+ end
	25	+ rescue
	26	+ json_response(false)
	27	+ end
	28	+ return
	29	+ end
	30	+
	31	+ @spam = profile.comments_received.spam.paginate({:page => params[:page]})
	32	+ end
	33	+
	34	+ protected
	35	+
	36	+ def json_response(status)
	37	+ render :text => {'ok' => status }.to_json, :content_type => 'application/json'
	38	+ end
	39	+
	40	+end
...	...
...	...	@@ -25,11 +25,13 @@ class AccountController < ApplicationController
25	25
26	26	# action to perform login to the application
27	27	def login
28		- @user = User.new
29		- @person = @user.build_person
30	28	store_location(request.referer) unless session[:return_to]
31	29	return unless request.post?
32		- self.current_user = User.authenticate(params[:user][:login], params[:user][:password], environment) if params[:user]
	30	+
	31	+ self.current_user = plugins_alternative_authentication
	32	+
	33	+ self.current_user \|\|= User.authenticate(params[:user][:login], params[:user][:password], environment) if params[:user]
	34	+
33	35	if logged_in?
34	36	if params[:remember_me] == "1"
35	37	self.current_user.remember_me
...	...	@@ -41,7 +43,6 @@ class AccountController < ApplicationController
41	43	end
42	44	else
43	45	session[:notice] = _('Incorrect username or password') if redirect?
44		- redirect_to :back if redirect?
45	46	end
46	47	end
47	48
...	...	@@ -56,6 +57,11 @@ class AccountController < ApplicationController
56	57
57	58	# action to register an user to the application
58	59	def signup
	60	+ if @plugins.dispatch(:allow_user_registration).include?(false)
	61	+ redirect_back_or_default(:controller => 'home')
	62	+ session[:notice] = _("This environment doesn't allow user registration.")
	63	+ end
	64	+
59	65	@invitation_code = params[:invitation_code]
60	66	begin
61	67	if params[:user]
...	...	@@ -125,6 +131,10 @@ class AccountController < ApplicationController
125	131	#
126	132	# Posts back.
127	133	def forgot_password
	134	+ if @plugins.dispatch(:allow_password_recovery).include?(false)
	135	+ redirect_back_or_default(:controller => 'home')
	136	+ session[:notice] = _("This environment doesn't allow password recovery.")
	137	+ end
128	138	@change_password = ChangePassword.new(params[:change_password])
129	139
130	140	if request.post?
...	...	@@ -303,10 +313,27 @@ class AccountController < ApplicationController
303	313	end
304	314
305	315	def go_to_initial_page
306		- if environment == current_user.environment
307		- redirect_back_or_default(user.admin_url)
	316	+ if environment.enabled?('allow_change_of_redirection_after_login')
	317	+ case user.preferred_login_redirection
	318	+ when 'keep_on_same_page'
	319	+ redirect_back_or_default(user.admin_url)
	320	+ when 'site_homepage'
	321	+ redirect_to :controller => :home
	322	+ when 'user_profile_page'
	323	+ redirect_to user.public_profile_url
	324	+ when 'user_homepage'
	325	+ redirect_to user.url
	326	+ when 'user_control_panel'
	327	+ redirect_to user.admin_url
	328	+ else
	329	+ redirect_back_or_default(user.admin_url)
	330	+ end
308	331	else
309		- redirect_back_or_default(:controller => 'home')
	332	+ if environment == current_user.environment
	333	+ redirect_back_or_default(user.admin_url)
	334	+ else
	335	+ redirect_back_or_default(:controller => 'home')
	336	+ end
310	337	end
311	338	end
312	339
...	...	@@ -316,4 +343,13 @@ class AccountController < ApplicationController
316	343	end
317	344	end
318	345
	346	+ def plugins_alternative_authentication
	347	+ user = nil
	348	+ @plugins.each do \|plugin\|
	349	+ user = plugin.alternative_authentication
	350	+ break unless user.nil?
	351	+ end
	352	+ user
	353	+ end
	354	+
319	355	end
...	...
...	...	@@ -2,6 +2,8 @@ class ContentViewerController < ApplicationController
2	2
3	3	needs_profile
4	4
	5	+ before_filter :comment_author, :only => :edit_comment
	6	+
5	7	helper ProfileHelper
6	8	helper TagsHelper
7	9
...	...	@@ -19,7 +21,7 @@ class ContentViewerController < ApplicationController
19	21	unless @page
20	22	page_from_old_path = profile.articles.find_by_old_path(path)
21	23	if page_from_old_path
22		- redirect_to :profile => profile.identifier, :page => page_from_old_path.explode_path
	24	+ redirect_to profile.url.merge(:page => page_from_old_path.explode_path)
23	25	return
24	26	end
25	27	end
...	...	@@ -75,8 +77,14 @@ class ContentViewerController < ApplicationController
75	77	@comment = Comment.new
76	78	end
77	79
78		- if request.post? && params[:remove_comment]
79		- remove_comment
	80	+ if request.post?
	81	+ if params[:remove_comment]
	82	+ remove_comment
	83	+ return
	84	+ elsif params[:mark_comment_as_spam]
	85	+ mark_comment_as_spam
	86	+ return
	87	+ end
80	88	end
81	89
82	90	if @page.has_posts?
...	...	@@ -107,23 +115,46 @@ class ContentViewerController < ApplicationController
107	115	end
108	116	end
109	117
110		- @comments = @page.comments(true).as_thread
111		- @comments_count = @page.comments.count
	118	+ comments = @page.comments.without_spam
	119	+ @comments = comments.as_thread
	120	+ @comments_count = comments.count
112	121	if params[:slideshow]
113	122	render :action => 'slideshow', :layout => 'slideshow'
114	123	end
115	124	end
116	125
	126	+ def edit_comment
	127	+ path = params[:page].join('/')
	128	+ @page = profile.articles.find_by_path(path)
	129	+ @form_div = 'opened'
	130	+ @comment = @page.comments.find_by_id(params[:id])
	131	+ if @comment
	132	+ if request.post?
	133	+ begin
	134	+ @comment.update_attributes(params[:comment])
	135	+ session[:notice] = _('Comment succesfully updated')
	136	+ redirect_to :action => 'view_page', :profile => profile.identifier, :page => @comment.article.explode_path
	137	+ rescue
	138	+ session[:notice] = _('Comment could not be updated')
	139	+ end
	140	+ end
	141	+ else
	142	+ redirect_to @page.view_url
	143	+ session[:notice] = _('Could not find the comment in the article')
	144	+ end
	145	+ end
	146	+
117	147	protected
118	148
119	149	def add_comment
120	150	@comment.author = user if logged_in?
121	151	@comment.article = @page
122	152	@comment.ip_address = request.remote_ip
	153	+ @comment.user_agent = request.user_agent
	154	+ @comment.referrer = request.referrer
123	155	plugins_filter_comment(@comment)
124	156	return if @comment.rejected?
125	157	if (pass_without_comment_captcha? \|\| verify_recaptcha(:model => @comment, :message => _('Please type the words correctly'))) && @comment.save
126		- plugins_comment_saved(@comment)
127	158	@page.touch
128	159	@comment = nil # clear the comment form
129	160	redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
...	...	@@ -138,12 +169,6 @@ class ContentViewerController < ApplicationController
138	169	end
139	170	end
140	171
141		- def plugins_comment_saved(comment)
142		- @plugins.each do \|plugin\|
143		- plugin.comment_saved(comment)
144		- end
145		- end
146		-
147	172	def pass_without_comment_captcha?
148	173	logged_in? && !environment.enabled?('captcha_for_logged_users')
149	174	end
...	...	@@ -153,9 +178,24 @@ class ContentViewerController < ApplicationController
153	178	@comment = @page.comments.find(params[:remove_comment])
154	179	if (user == @comment.author \|\| user == @page.profile \|\| user.has_permission?(:moderate_comments, @page.profile))
155	180	@comment.destroy
156		- session[:notice] = _('Comment succesfully deleted')
157	181	end
158		- redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
	182	+ finish_comment_handling
	183	+ end
	184	+
	185	+ def mark_comment_as_spam
	186	+ @comment = @page.comments.find(params[:mark_comment_as_spam])
	187	+ if logged_in? && (user == @page.profile \|\| user.has_permission?(:moderate_comments, @page.profile))
	188	+ @comment.spam!
	189	+ end
	190	+ finish_comment_handling
	191	+ end
	192	+
	193	+ def finish_comment_handling
	194	+ if request.xhr?
	195	+ render :text => {'ok' => true}.to_json, :content_type => 'application/json'
	196	+ else
	197	+ redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
	198	+ end
159	199	end
160	200
161	201	def per_page
...	...	@@ -181,4 +221,13 @@ class ContentViewerController < ApplicationController
181	221	end
182	222	end
183	223
	224	+ def comment_author
	225	+ comment = Comment.find_by_id(params[:id])
	226	+ if comment
	227	+ render_access_denied if comment.author.blank? \|\| comment.author != user
	228	+ else
	229	+ render_not_found
	230	+ end
	231	+ end
	232	+
184	233	end
...	...
...	...	@@ -2,4 +2,8 @@ class NotFoundController < ApplicationController
2	2	def index
3	3	render_not_found
4	4	end
	5	+
	6	+ def nothing
	7	+ render :nothing => true, :status => 404
	8	+ end
5	9	end
...	...