Victor Costa · Leandro Santos · Leandro Santos · Leandro Santos · Victor Costa · Leandro Santos
Showing 341 changed files Show diff stats
app/api/app.rb
app/api/entities.rb
app/api/helpers.rb
app/api/v1/people.rb
app/api/v1/roles.rb
app/api/v1/tasks.rb
app/concerns/authenticated_system.rb
app/controllers/admin/categories_controller.rb
app/controllers/application_controller.rb
app/controllers/box_organizer_controller.rb
app/controllers/concerns/authenticated_system.rb
app/controllers/concerns/custom_design.rb
app/controllers/concerns/needs_profile.rb
app/controllers/my_profile/circles_controller.rb
app/controllers/my_profile/followers_controller.rb
app/controllers/my_profile/tasks_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/content_viewer_controller.rb
app/controllers/public/profile_controller.rb
app/helpers/action_tracker_helper.rb
@@ -54,6 +54,7 @@ module Api
     mount V1::Blocks
     mount V1::Profiles
     mount V1::Activities
+    mount V1::Roles
     # hook point which allow plugins to add Grape::API extensions to Api::App
     #finds for plugins which has api mount points classes defined (the class should extends Grape::API)
@@ -111,6 +111,10 @@ module Api
           hash[value.custom_field.name]=value.value
         end
+        profile.public_fields.each do |field|
+          hash[field] = profile.send(field.to_sym)
+        end
+
         private_values = profile.custom_field_values - profile.public_values
         private_values.each do |value|
           if Entities.can_display_profile_field?(profile,options)
@@ -124,6 +128,7 @@ module Api
       expose :type
       expose :custom_header
       expose :custom_footer
+      expose :layout_template
       expose :permissions do |profile, options|
         Entities.permissions_for_entity(profile, options[:current_person],
         :allow_post_content?, :allow_edit?, :allow_destroy?)
@@ -258,12 +263,28 @@ module Api
       root 'tasks', 'task'
       expose :id
       expose :type
+      expose :requestor, using: Profile
+      expose :status
+      expose :created_at
+      expose :data
+      expose :accept_details
+      expose :reject_details
+      expose :accept_disabled?, as: :accept_disabled
+      expose :reject_disabled?, as: :reject_disabled
+      expose :target do |task, options|
+        type_map = {Profile => ::Profile, Environment => ::Environment}.find {|h| task.target.kind_of?(h.last)}
+        type_map.first.represent(task.target) unless type_map.nil?
+      end
     end
     class Environment < Entity
       expose :name
       expose :id
       expose :description
+      expose :layout_template
+      expose :signup_intro
+      expose :terms_of_use
+      expose :top_url, as: :host
       expose :settings, if: lambda { |instance, options| options[:is_admin] }
     end
@@ -281,5 +302,12 @@ module Api
         type_map.first.represent(activity.target) unless type_map.nil?
       end
     end
+
+    class Role < Entity
+      root 'roles', 'role'
+      expose :id
+      expose :name
+      expose :key
+    end
   end
 end
@@ -4,7 +4,7 @@ require &#39;tempfile&#39;
 module Api
   module Helpers
     PRIVATE_TOKEN_PARAM = :private_token
-    DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id, :identifier, :archived]
+    ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id, :identifier, :archived, :status]
     include SanitizeParams
     include Noosfero::Plugin::HotSpot
@@ -124,8 +124,8 @@ module Api
       present_partial article, with: Entities::Article, params: params, current_person: current_person
     end
-    def present_articles_for_asset(asset, method = 'articles')
-      articles = find_articles(asset, method)
+    def present_articles_for_asset(asset, method_or_relation = 'articles')
+      articles = find_articles(asset, method_or_relation)
       present_articles(articles)
     end
@@ -133,8 +133,8 @@ module Api
       present_partial paginate(articles), :with => Entities::Article, :params => params, current_person: current_person
     end
-    def find_articles(asset, method = 'articles')
-      articles = select_filtered_collection_of(asset, method, params)
+    def find_articles(asset, method_or_relation = 'articles')
+      articles = select_filtered_collection_of(asset, method_or_relation, params)
       if current_person.present?
         articles = articles.display_filter(current_person, nil)
       else
@@ -143,14 +143,17 @@ module Api
       articles
     end
-    def find_task(asset, id)
-      task = asset.tasks.find(id)
+    def find_task(asset, method_or_relation, id)
+      task = is_a_relation?(method_or_relation) ? method_or_relation : asset.send(method_or_relation)
+      task = task.find_by_id(id)
+      not_found! if task.blank?
       current_person.has_permission?(task.permission, asset) ? task : forbidden!
     end
     def post_task(asset, params)
       klass_type= params[:content_type].nil? ? 'Task' : params[:content_type]
       return forbidden! unless klass_type.constantize <= Task
+      return forbidden! if !current_person.has_permission?(:perform_task, asset)
       task = klass_type.constantize.new(params[:task])
       task.requestor_id = current_person.id
@@ -163,15 +166,24 @@ module Api
       present_partial task, :with => Entities::Task
     end
-    def present_task(asset)
-      task = find_task(asset, params[:id])
+    def find_tasks(asset, method_or_relation = 'tasks')
+      return forbidden! if !current_person.has_permission?(:perform_task, asset)
+      tasks = select_filtered_collection_of(asset, method_or_relation, params)
+      tasks = tasks.select {|t| current_person.has_permission?(t.permission, asset)}
+      tasks
+    end
+
+    def present_task(asset, method_or_relation = 'tasks')
+      task = find_task(asset, method_or_relation, params[:id])
       present_partial task, :with => Entities::Task
     end
-    def present_tasks(asset)
-      tasks = select_filtered_collection_of(asset, 'tasks', params)
-      tasks = tasks.select {|t| current_person.has_permission?(t.permission, asset)}
-      return forbidden! if tasks.empty? && !current_person.has_permission?(:perform_task, asset)
+    def present_tasks_for_asset(asset, method_or_relation = 'tasks')
+      tasks = find_tasks(asset, method_or_relation)
+      present_tasks(tasks)
+    end
+
+    def present_tasks(tasks)
       present_partial tasks, :with => Entities::Task
     end
@@ -180,7 +192,6 @@ module Api
       conditions = {}
       from_date = DateTime.parse(parsed_params.delete(:from)) if parsed_params[:from]
       until_date = DateTime.parse(parsed_params.delete(:until)) if parsed_params[:until]
-
       conditions[:type] = parse_content_type(parsed_params.delete(:content_type)) unless parsed_params[:content_type].nil?
       conditions[:created_at] = period(from_date, until_date) if from_date || until_date
@@ -190,7 +201,7 @@ module Api
     end
     # changing make_order_with_parameters to avoid sql injection
-    def make_order_with_parameters(object, method, params)
+    def make_order_with_parameters(object, method_or_relation, params)
       order = "created_at DESC"
       unless params[:order].blank?
         if params[:order].include? '\'' or params[:order].include? '"'
@@ -199,9 +210,9 @@ module Api
           order = 'RANDOM()'
         else
           field_name, direction = params[:order].split(' ')
-          assoc = object.class.reflect_on_association(method.to_sym)
-          if !field_name.blank? and assoc
-            if assoc.klass.attribute_names.include? field_name
+          assoc_class = extract_associated_classname(method_or_relation)
+          if !field_name.blank? and assoc_class
+            if assoc_class.attribute_names.include? field_name
               if direction.present? and ['ASC','DESC'].include? direction.upcase
                 order = "#{field_name} #{direction.upcase}"
               end
@@ -212,12 +223,14 @@ module Api
       return order
     end
-    def make_timestamp_with_parameters_and_method(params, method)
+    def make_timestamp_with_parameters_and_method(params, method_or_relation)
       timestamp = nil
       if params[:timestamp]
         datetime = DateTime.parse(params[:timestamp])
-        table_name = method.to_s.singularize.camelize.constantize.table_name
-        timestamp = "#{table_name}.updated_at >= '#{datetime}'"
+        table_name = extract_associated_tablename(method_or_relation)
+        assoc_class = extract_associated_classname(method_or_relation)
+        date_atrr = assoc_class.attribute_names.include?('updated_at') ? 'updated_at' : 'created_at'
+        timestamp = "#{table_name}.#{date_atrr} >= '#{datetime}'"
       end
       timestamp
@@ -242,12 +255,12 @@ module Api
       end
     end
-    def select_filtered_collection_of(object, method, params)
+    def select_filtered_collection_of(object, method_or_relation, params)
       conditions = make_conditions_with_parameter(params)
-      order = make_order_with_parameters(object,method,params)
-      timestamp = make_timestamp_with_parameters_and_method(params, method)
+      order = make_order_with_parameters(object,method_or_relation,params)
+      timestamp = make_timestamp_with_parameters_and_method(params, method_or_relation)
-      objects = object.send(method)
+      objects = is_a_relation?(method_or_relation) ? method_or_relation : object.send(method_or_relation)
       objects = by_reference(objects, params)
       objects = by_categories(objects, params)
@@ -302,12 +315,12 @@ module Api
     end
     def cant_be_saved_request!(attribute)
-      message = _("(Invalid request) %s can't be saved") % attribute
+      message = _("(Invalid request) %s can't be saved").html_safe % attribute
       render_api_error!(message, 400)
     end
     def bad_request!(attribute)
-      message = _("(Invalid request) %s not given") % attribute
+      message = _("(Invalid request) %s not given").html_safe % attribute
       render_api_error!(message, 400)
     end
@@ -393,10 +406,27 @@ module Api
     end
     private
+    def extract_associated_tablename(method_or_relation)
+      extract_associated_classname(method_or_relation).table_name
+    end
+
+    def extract_associated_classname(method_or_relation)
+      if is_a_relation?(method_or_relation)
+        method_or_relation.blank? ? '' : method_or_relation.first.class
+      else
+        method_or_relation.to_s.singularize.camelize.constantize
+      end
+    end
+
+    def is_a_relation?(method_or_relation)
+      method_or_relation.kind_of?(ActiveRecord::Relation)
+    end
+  
+
     def parser_params(params)
       parsed_params = {}
       params.map do |k,v|
-        parsed_params[k.to_sym] = v if DEFAULT_ALLOWED_PARAMETERS.include?(k.to_sym)
+        parsed_params[k.to_sym] = v if ALLOWED_PARAMETERS.include?(k.to_sym)
       end
       parsed_params
     end
@@ -119,6 +119,20 @@ module Api
               members = select_filtered_collection_of(profile, 'members', params)
               present members, :with => Entities::Person, :current_person => current_person
             end
+
+            post do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.add_member(current_person) rescue forbidden!
+              {pending: !current_person.is_member_of?(profile)}
+            end
+
+            delete do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.remove_member(current_person)
+              present current_person, :with => Entities::Person, :current_person => current_person
+            end
           end
         end
       end
@@ -0,0 +1,25 @@
+module Api
+  module V1
+    class Roles < Grape::API
+      before { authenticate! }
+
+      MAX_PER_PAGE = 50
+
+      resource :profiles do
+        segment "/:profile_id" do
+          resource :roles do
+
+            paginate max_per_page: MAX_PER_PAGE
+            get do
+              profile = environment.profiles.find(params[:profile_id])
+              return forbidden! unless profile.kind_of?(Organization)
+              roles = Profile::Roles.organization_roles(profile.environment.id, profile.id)
+              present_partial paginate(roles), with: Entities::Role
+            end
+            
+          end
+        end
+      end
+    end
+  end
+end
 module Api
   module V1
     class Tasks < Grape::API
-#      before { authenticate! }
+      before { authenticate! }
-#      ARTICLE_TYPES = Article.descendants.map{|a| a.to_s}
+      MAX_PER_PAGE = 50
       resource :tasks do
-        # Collect tasks
+        paginate max_per_page: MAX_PER_PAGE
+        # Collect all tasks that current person has permission
         #
         # Parameters:
         #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
@@ -17,15 +18,27 @@ module Api
         # Example Request:
         #  GET host/api/v1/tasks?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317
         get do
-          tasks = select_filtered_collection_of(environment, 'tasks', params)
-          tasks = tasks.select {|t| current_person.has_permission?(t.permission, environment)}
-          present_partial tasks, :with => Entities::Task
+          tasks = Task.to(current_person)
+          present_tasks_for_asset(current_person, tasks)
         end
         desc "Return the task id"
         get ':id' do
-          task = find_task(environment, params[:id])
-          present_partial task, :with => Entities::Task
+          present_task(current_person, Task.to(current_person))
+        end
+
+        %w[finish cancel].each do |action|
+          desc "#{action.capitalize} a task"
+          put ":id/#{action}" do
+            task = find_task(current_person, Task.to(current_person), params[:id])
+            begin
+              task.update(params[:task])
+              task.send(action, current_person) if (task.status == Task::Status::ACTIVE)
+              present_partial task, :with => Entities::Task
+            rescue Exception => ex
+              render_api_error!(ex.message, 500)
+            end
+          end
         end
       end
@@ -36,7 +49,8 @@ module Api
             resource :tasks do
               get do
                 profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
-                present_tasks(profile)
+                tasks = Task.to(profile)
+                present_tasks_for_asset(profile, tasks)
               end
               get ':id' do
@@ -44,7 +44,7 @@ class CategoriesController &lt; AdminController
       if request.post?
         @category.update!(params[:category])
         @saved = true
-        session[:notice] = _("Category %s saved." % @category.name)
+        session[:notice] = _("Category %s saved." % @category.name).html_safe
         redirect_to :action => 'index'
       end
     rescue Exception => e
@@ -14,6 +14,20 @@ class ApplicationController &lt; ActionController::Base
   before_filter :redirect_to_current_user
   before_filter :set_session_theme
+
+  # FIXME: only include necessary methods
+  include ApplicationHelper
+
+  # concerns
+  include PermissionCheck
+  include CustomDesign
+  include NeedsProfile
+
+  # implementations
+  include FindByContents
+  include Noosfero::Plugin::HotSpot
+  include SearchTermHelper
+
   def set_session_theme
     if params[:theme]
       session[:theme] = environment.theme_ids.include?(params[:theme]) ? params[:theme] : nil
@@ -48,7 +62,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
-  include ApplicationHelper
   layout :get_layout
   def get_layout
     return false if request.format == :js or request.xhr?
@@ -74,9 +87,6 @@ class ApplicationController &lt; ActionController::Base
   helper :document
   helper :language
-  include DesignHelper
-  include PermissionCheck
-
   before_filter :set_locale
   def set_locale
     FastGettext.available_locales = environment.available_locales
@@ -89,8 +99,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
-  include NeedsProfile
-
   attr_reader :environment
   # declares that the given <tt>actions</tt> cannot be accessed by other HTTP
@@ -107,6 +115,10 @@ class ApplicationController &lt; ActionController::Base
   protected
+  def accept_only_post
+    return render_not_found if !request.post?
+  end
+
   def verified_request?
     super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
   end
@@ -151,8 +163,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
-  include Noosfero::Plugin::HotSpot
-
   # FIXME this filter just loads @plugins to children controllers and helpers
   def init_noosfero_plugins
     plugins
@@ -184,9 +194,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
-  include SearchTermHelper
-  include FindByContents
-
   def find_suggestions(query, context, asset, options={})
     plugins.dispatch_first(:find_suggestions, query, context, asset, options)
   end
@@ -109,7 +109,7 @@ class BoxOrganizerController &lt; ApplicationController
   def show_block_type_info
     type = params[:type]
     if type.blank? || !available_blocks.map(&:name).include?(type)
-      raise ArgumentError.new("Type %s is not allowed. Go away." % type)
+      raise ArgumentError.new("Type %s is not allowed. Go away.".html_safe % type)
     end
     @block = type.constantize.new
     @block.box = Box.new(:owner => boxes_holder)
@@ -122,7 +122,7 @@ class BoxOrganizerController &lt; ApplicationController
   def new_block(type, box)
     if !available_blocks.map(&:name).include?(type)
-      raise ArgumentError.new("Type %s is not allowed. Go away." % type)
+      raise ArgumentError.new("Type %s is not allowed. Go away.".html_safe % type)
     end
     block = type.constantize.new
     box.blocks << block
@@ -0,0 +1,169 @@
+module AuthenticatedSystem
+
+  protected
+
+    extend ActiveSupport::Concern
+
+    included do
+      if self < ActionController::Base
+        around_filter :user_set_current
+        before_filter :override_user
+        before_filter :login_from_cookie
+      end
+
+      # Inclusion hook to make #current_user and #logged_in?
+      # available as ActionView helper methods.
+      helper_method :current_user, :logged_in?
+    end
+
+    # Returns true or false if the user is logged in.
+    # Preloads @current_user with the user model if they're logged in.
+    def logged_in?
+      current_user != nil
+    end
+
+    # Accesses the current user from the session.
+    def current_user user_id = session[:user]
+      @current_user ||= begin
+        user = User.find_by id: user_id if user_id
+        user.session = session if user
+        User.current = user
+        user
+      end
+    end
+
+    # Store the given user in the session.
+    def current_user=(new_user)
+      if new_user.nil?
+        session.delete(:user)
+      else
+        session[:user] = new_user.id
+        new_user.session = session
+        new_user.register_login
+      end
+      @current_user = User.current = new_user
+    end
+
+    # See impl. from http://stackoverflow.com/a/2513456/670229
+    def user_set_current
+      User.current = current_user
+      yield
+    ensure
+      # to address the thread variable leak issues in Puma/Thin webserver
+      User.current = nil
+    end
+
+    # Check if the user is authorized.
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the user
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorize?
+    #    current_user.login != "bob"
+    #  end
+    def authorized?
+      true
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      username, passwd = get_auth_data
+      if username && passwd
+        self.current_user ||= User.authenticate(username, passwd) || nil
+      end
+      if logged_in? && authorized?
+        true
+      else
+        if params[:require_login_popup]
+          render :json => { :require_login_popup => true }
+        else
+          access_denied
+        end
+      end
+    end
+
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the user is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |accepts|
+        accepts.html do
+          if request.xhr?
+            render :text => _('Access denied'), :status => 401
+          else
+            store_location
+            redirect_to :controller => '/account', :action => 'login'
+          end
+        end
+        accepts.xml do
+          headers["Status"]           = "Unauthorized"
+          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+          render :text => "Could't authenticate you", :status => '401 Unauthorized'
+        end
+      end
+      false
+    end
+
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location(location = request.url)
+      session[:return_to] = location
+    end
+
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      if session[:return_to]
+        redirect_to(session.delete(:return_to))
+      else
+        redirect_to(default)
+      end
+    end
+
+    def override_user
+      return if params[:override_user].blank?
+      return unless logged_in? and user.is_admin? environment
+      @current_user = nil
+      current_user params[:override_user]
+    end
+
+    # When called with before_filter :login_from_cookie will check for an :auth_token
+    # cookie and log the user back in if apropriate
+    def login_from_cookie
+      return if cookies[:auth_token].blank? or logged_in?
+      user = User.where(remember_token: cookies[:auth_token]).first
+      self.current_user = user if user and user.remember_token?
+    end
+
+  private
+    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+    # gets BASIC auth info
+    def get_auth_data
+      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
+    end
+end
@@ -0,0 +1,50 @@
+module CustomDesign
+
+  extend ActiveSupport::Concern
+
+  included do
+    extend ClassMethods
+    include InstanceMethods
+    before_filter :load_custom_design if self.respond_to? :before_filter
+  end
+
+  module ClassMethods
+
+    def no_design_blocks
+      @no_design_blocks = true
+    end
+
+    def use_custom_design options = {}
+      @custom_design = options
+    end
+
+    def custom_design
+      @custom_design ||= {}
+    end
+
+    def uses_design_blocks?
+      !@no_design_blocks
+    end
+
+  end
+
+  module InstanceMethods
+
+    protected
+
+    def uses_design_blocks?
+      !@no_design_blocks && self.class.uses_design_blocks?
+    end
+
+    def load_custom_design
+      # see also: LayoutHelper#body_classes
+      @layout_template = self.class.custom_design[:layout_template]
+    end
+
+    def custom_design
+      @custom_design || self.class.custom_design
+    end
+
+  end
+
+end
@@ -0,0 +1,40 @@
+module NeedsProfile
+
+  module ClassMethods
+    def needs_profile
+      before_filter :load_profile
+    end
+  end
+
+  def self.included(including)
+    including.send(:extend, NeedsProfile::ClassMethods)
+  end
+
+  def boxes_holder
+    profile || environment # prefers profile, but defaults to environment
+  end
+
+  def profile
+    @profile
+  end
+
+  protected
+
+  def load_profile
+    if params[:profile]
+      params[:profile].downcase!
+      @profile ||= environment.profiles.where(identifier: params[:profile]).first
+    end
+
+    if @profile
+      profile_hostname = @profile.hostname
+      if profile_hostname && profile_hostname != request.host
+        params.delete(:profile)
+        redirect_to(Noosfero.url_options.merge(params).merge(:host => profile_hostname))
+      end
+    else
+      render_not_found
+    end
+  end
+
+end
@@ -0,0 +1,58 @@
+class CirclesController < MyProfileController
+
+  before_action :accept_only_post, :only => [:create, :update, :destroy]
+
+  def index
+    @circles = profile.circles
+  end
+
+  def new
+    @circle = Circle.new
+  end
+
+  def create
+    @circle = Circle.new(params[:circle].merge({ :person => profile }))
+    if @circle.save
+      redirect_to :action => 'index'
+    else
+      render :action => 'new'
+    end
+  end
+
+  def xhr_create
+    if request.xhr?
+      circle = Circle.new(params[:circle].merge({:person => profile }))
+      if circle.save
+        render :partial => "circle_checkbox", :locals => { :circle => circle },
+               :status => 201
+      else
+        render :text => _('The circle could not be saved'), :status => 400
+      end
+    else
+      render_not_found
+    end
+  end
+
+  def edit
+    @circle = Circle.find_by_id(params[:id])
+    render_not_found if @circle.nil?
+  end
+
+  def update
+    @circle = Circle.find_by_id(params[:id])
+    return render_not_found if @circle.nil?
+
+    if @circle.update(params[:circle])
+      redirect_to :action => 'index'
+    else
+      render :action => 'edit'
+    end
+  end
+
+  def destroy
+    @circle = Circle.find_by_id(params[:id])
+    return render_not_found if @circle.nil?
+    @circle.destroy
+    redirect_to :action => 'index'
+  end
+end
@@ -0,0 +1,43 @@
+class FollowersController < MyProfileController
+
+  before_action :only_for_person, :only => :index
+  before_action :accept_only_post, :only => [:update_category]
+
+  def index
+    @followed_people = profile.followed_profiles.order(:type)
+    @profile_types = {_('All profiles') => nil}.merge(Circle.profile_types).to_a
+
+    if params['filter'].present?
+      @followed_people = @followed_people.where(:type => params['filter'])
+      @active_filter = params['filter']
+    end
+
+    @followed_people = @followed_people.paginate(:per_page => 15, :page => params[:npage])
+  end
+
+  def set_category_modal
+    followed_profile = Profile.find(params[:followed_profile_id])
+    circles = Circle.where(:person => profile, :profile_type => followed_profile.class.name)
+    render :partial => 'followers/edit_circles_modal', :locals => { :circles => circles, :followed_profile => followed_profile }
+  end
+
+  def update_category
+    followed_profile = Profile.find_by(:id => params["followed_profile_id"])
+
+    selected_circles = params[:circles].map{ |circle_name, circle_id| Circle.find_by(:id => circle_id) }.select{ |c| c.present? }
+
+    if followed_profile
+      profile.update_profile_circles(followed_profile, selected_circles)
+      render :text => _("Circles of %s updated successfully") % followed_profile.name, :status => 200
+    else
+      render :text => _("Error: No profile to follow."), :status => 400
+    end
+  end
+
+  protected
+
+  def only_for_person
+    render_not_found unless profile.person?
+  end
+
+end
@@ -14,7 +14,7 @@ class TasksController &lt; MyProfileController
     @filter_text = params[:filter_text].presence
     @filter_responsible = params[:filter_responsible]
     @task_types = Task.pending_types_for(profile)
-    @tasks = Task.pending_all(profile, @filter_type, @filter_text).order_by('created_at', 'asc').paginate(:per_page => Task.per_page, :page => params[:page])
+    @tasks = Task.pending_all_by_filter(profile, @filter_type, @filter_text).order_by('created_at', 'asc').paginate(:per_page => Task.per_page, :page => params[:page])
     @tasks = @tasks.where(:responsible_id => @filter_responsible.to_i != -1 ? @filter_responsible : nil) if @filter_responsible.present?
     @tasks = @tasks.paginate(:per_page => Task.per_page, :page => params[:page])
     @failed = params ? params[:failed] : {}
@@ -101,7 +101,7 @@ class TasksController &lt; MyProfileController
   def search_tasks
     filter_type = params[:filter_type].presence
     filter_text = params[:filter_text].presence
-    result = Task.pending_all(profile,filter_type, filter_text)
+    result = Task.pending_all_by_filter(profile,filter_type, filter_text)
     render :json => result.map { |task| {:label => task.data[:name], :value => task.data[:name]} }
   end
@@ -205,7 +205,7 @@ class AccountController &lt; ApplicationController
         if params[:value].blank?
           @change_password.errors[:base] << _('Can not recover user password with blank value.')
         else
-          @change_password.errors[:base] << _('Could not find any user with %s equal to "%s".') % [fields_label, params[:value]]
+          @change_password.errors[:base] << _('Could not find any user with %s equal to "%s".').html_safe % [fields_label, params[:value]]
         end
       rescue ActiveRecord::RecordInvalid
         @change_password.errors[:base] << _('Could not perform password recovery for the user.')
@@ -128,9 +128,9 @@ class ContentViewerController &lt; ApplicationController
     end
     unless @page.display_to?(user)
-      if !profile.visible? || profile.secret? || (user && user.follows?(profile)) || user.blank?
+      if !profile.visible? || profile.secret? || (user && profile.in_social_circle?(user)) || user.blank?
         render_access_denied
-      else #!profile.public?
+      else
         private_profile_partial_parameters
         render :template => 'profile/_private_profile', :status => 403, :formats => [:html]
       end
@@ -3,7 +3,9 @@ class ProfileController &lt; PublicController
   needs_profile
   before_filter :check_access_to_profile, :except => [:join, :join_not_logged, :index, :add]
   before_filter :store_location, :only => [:join, :join_not_logged, :report_abuse, :send_mail]
-  before_filter :login_required, :only => [:add, :join, :leave, :unblock, :leave_scrap, :remove_scrap, :remove_activity, :view_more_activities, :view_more_network_activities, :report_abuse, :register_report, :leave_comment_on_activity, :send_mail]
+  before_filter :login_required, :only => [:add, :join, :leave, :unblock, :leave_scrap, :remove_scrap, :remove_activity, :view_more_activities, :view_more_network_activities, :report_abuse, :register_report, :leave_comment_on_activity, :send_mail, :follow, :unfollow]
+  before_filter :allow_followers?, :only => [:follow, :unfollow]
+  before_filter :accept_only_post, :only => [:follow, :unfollow]
   helper TagsHelper
   helper ActionTrackerHelper
@@ -42,8 +44,8 @@ class ProfileController &lt; PublicController
     feed_writer = FeedWriter.new
     data = feed_writer.write(
       tagged,
-      :title => _("%s's contents tagged with \"%s\"") % [profile.name, @tag],
-      :description => _("%s's contents tagged with \"%s\"") % [profile.name, @tag],
+      :title => _("%s's contents tagged with \"%s\"").html_safe % [profile.name, @tag],
+      :description => _("%s's contents tagged with \"%s\"").html_safe % [profile.name, @tag],
       :link => url_for(profile.url)
     )
     render :text => data, :content_type => "text/xml"
@@ -65,6 +67,14 @@ class ProfileController &lt; PublicController
     end
   end
+  def following
+    @followed_people = profile.followed_profiles.paginate(:per_page => per_page, :page => params[:npage], :total_entries => profile.followed_profiles.count)
+  end
+
+  def followed
+    @followed_by = profile.followers.paginate(:per_page => per_page, :page => params[:npage], :total_entries => profile.followers.count)
+  end
+
   def members
     if is_cache_expired?(profile.members_cache_key(params))
       sort = (params[:sort] == 'desc') ? params[:sort] : 'asc'
@@ -88,7 +98,7 @@ class ProfileController &lt; PublicController
   def join_modal
       profile.add_member(user)
-      session[:notice] = _('%s administrator still needs to accept you as member.') % profile.name
+      session[:notice] = _('%s administrator still needs to accept you as member.').html_safe % profile.name
       redirect_to :action => :index
   end
@@ -98,12 +108,12 @@ class ProfileController &lt; PublicController
       profile.add_member(user)
       if !profile.members.include?(user)
-        render :text => {:message => _('%s administrator still needs to accept you as member.') % profile.name}.to_json
+        render :text => {:message => _('%s administrator still needs to accept you as member.').html_safe % profile.name}.to_json
       else
-        render :text => {:message => _('You just became a member of %s.') % profile.name}.to_json
+        render :text => {:message => _('You just became a member of %s.').html_safe % profile.name}.to_json
       end
     else
-      render :text => {:message => _('You are already a member of %s.') % profile.name}.to_json
+      render :text => {:message => _('You are already a member of %s.').html_safe % profile.name}.to_json
     end
   end
@@ -125,7 +135,7 @@ class ProfileController &lt; PublicController
         render :text => current_person.leave(profile, params[:reload])
       end
     else
-      render :text => {:message => _('You are not a member of %s.') % profile.name}.to_json
+      render :text => {:message => _('You are not a member of %s.').html_safe % profile.name}.to_json
     end
   end
@@ -145,12 +155,41 @@ class ProfileController &lt; PublicController
     # FIXME this shouldn't be in Person model?
     if !user.memberships.include?(profile)
       AddFriend.create!(:person => user, :friend => profile)
-      render :text => _('%s still needs to accept being your friend.') % profile.name
+      render :text => _('%s still needs to accept being your friend.').html_safe % profile.name
     else
-      render :text => _('You are already a friend of %s.') % profile.name
+      render :text => _('You are already a friend of %s.').html_safe % profile.name
+    end
+  end
+
+  def follow
+    if profile.followed_by?(current_person)
+      render :text => _("You are already following %s.") % profile.name, :status => 400
+    else
+      selected_circles = params[:circles].map{ |circle_name, circle_id| Circle.find_by(:id => circle_id) }.select{ |c| c.present? }
+      if selected_circles.present?
+        current_person.follow(profile, selected_circles)
+        render :text => _("You are now following %s") % profile.name, :status => 200
+      else
+        render :text => _("Select at least one circle to follow %s.") % profile.name, :status => 400
+      end
     end
   end
+  def find_profile_circles
+    circles = Circle.where(:person => current_person, :profile_type => profile.class.name)
+    render :partial => 'blocks/profile_info_actions/circles', :locals => { :circles => circles, :profile_types => Circle.profile_types.to_a }
+  end
+
+  def unfollow
+    follower = params[:follower_id].present? ? Person.find_by(id: params[:follower_id]) : current_person
+
+    if follower && follower.follows?(profile)
+      follower.unfollow(profile)
+    end
+    redirect_url = params["redirect_to"] ? params["redirect_to"] : profile.url
+    redirect_to redirect_url
+  end
+
   def check_friendship
     unless logged_in?
       render :text => ''
@@ -178,7 +217,7 @@ class ProfileController &lt; PublicController
   def unblock
     if current_user.person.is_admin?(profile.environment)
       profile.unblock
-      session[:notice] = _("You have unblocked %s successfully. ") % profile.name
+      session[:notice] = _("You have unblocked %s successfully. ").html_safe % profile.name
       redirect_to :controller => 'profile', :action => 'index'
     else
       message = _('You are not allowed to unblock enterprises in this environment.')
@@ -437,4 +476,8 @@ class ProfileController &lt; PublicController
     [:image, :domains, :preferred_domain, :environment]
   end
+  def allow_followers?
+    render_not_found unless profile.allow_followers?
+  end
+
 end
@@ -14,13 +14,23 @@ module ActionTrackerHelper
     }
   end
+  def new_follower_description ta
+    n_('has 1 new follower:<br />%{name}', 'has %{num} new followers:<br />%{name}', ta.get_follower_name.size).html_safe % {
+      num: ta.get_follower_name.size,
+      name: safe_join(ta.collect_group_with_index(:follower_name) do |n,i|
+        link_to image_tag(ta.get_follower_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/person-icon.png")),
+          ta.get_follower_url[i], title: n
+      end)
+    }
+  end
+
   def join_community_description ta
-    n_('has joined 1 community:<br />%{name}'.html_safe, 'has joined %{num} communities:<br />%{name}'.html_safe, ta.get_resource_name.size) % {
+    n_('has joined 1 community:<br />%{name}', 'has joined %{num} communities:<br />%{name}', ta.get_resource_name.size).html_safe % {
       num: ta.get_resource_name.size,
-      name: ta.collect_group_with_index(:resource_name) do |n,i|
+      name: safe_join(ta.collect_group_with_index(:resource_name) do |n,i|
        link = link_to image_tag(ta.get_resource_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/community-icon.png")),
                 ta.get_resource_url[i], title: n
-      end.join.html_safe
+      end)
     }
   end
@@ -68,9 +78,9 @@ module ActionTrackerHelper
   end
   def favorite_enterprise_description ta
-    _('favorited enterprise %{title}') % {
+    (_('favorited enterprise %{title}') % {
       title: link_to(truncate(ta.get_enterprise_name), ta.get_enterprise_url),
-    }
+    }).html_safe
   end
 end
@@ -880,7 +880,7 @@ module ApplicationHelper
         link_to_all = link_to(content_tag('strong', _('See all')), :controller => 'memberships', :profile => user.identifier)
       end
       link = list.map do |element|
-        link_to(content_tag('strong', _('<span>Manage</span> %s') % element.short_name(25)), element.admin_url, :class => "icon-menu-"+element.class.identification.underscore, :title => _('Manage %s') % element.short_name)
+        link_to(content_tag('strong', _('<span>Manage</span> %s').html_safe % element.short_name(25)), element.admin_url, :class => "icon-menu-"+element.class.identification.underscore, :title => _('Manage %s').html_safe % element.short_name)
       end
       if link_to_all
         link << link_to_all
@@ -921,7 +921,7 @@ module ApplicationHelper
     logout_link = link_to(logout_icon.html_safe, { :controller => 'account', :action => 'logout'} , :id => "logout", :title => _("Leave the system"))
     join_result = safe_join(
       [welcome_span.html_safe, render_environment_features(:usermenu).html_safe, admin_link.html_safe,
-        manage_enterprises.html_safe, manage_communities.html_safe, ctrl_panel_link.html_safe,
+        manage_enterprises, manage_communities, ctrl_panel_link.html_safe,
         pending_tasks_count.html_safe, logout_link.html_safe], "")
     join_result
   end
@@ -285,7 +285,7 @@ module BoxesHelper
     end
     if block.respond_to?(:help)
-      buttons << modal_inline_icon(:help, _('Help on this block'), {}, "#help-on-box-#{block.id}") << content_tag('div', content_tag('h2', _('Help')) + content_tag('div', block.help, :style => 'margin-bottom: 1em;') + modal_close_button(_('Close')), :style => 'display: none;', :id => "help-on-box-#{block.id}")
+      buttons << modal_inline_icon(:help, _('Help on this block'), {}, "#help-on-box-#{block.id}") << content_tag('div', content_tag('h2', _('Help')) + content_tag('div', block.help.html_safe, :style => 'margin-bottom: 1em;') + modal_close_button(_('Close')), :style => 'display: none;', :id => "help-on-box-#{block.id}")
     end
     if block.embedable?
@@ -128,14 +128,14 @@ module FormsHelper
       counter += 1
       row << item
       if counter % per_row == 0
-        rows << content_tag('tr', row.join("\n"))
+        rows << content_tag('tr', row.join("\n").html_safe)
         counter = 0
         row = []
       end
     end
-    rows << content_tag('tr', row.join("\n"))
+    rows << content_tag('tr', row.join("\n").html_safe)
-    content_tag('table',rows.join("\n"))
+    content_tag('table',rows.join("\n").html_safe)
   end
   def date_field(name, value, datepicker_options = {}, html_options = {})
@@ -11,7 +11,7 @@ module ProfileHelper
   PERSON_CATEGORIES[:location] = [:address, :address_reference, :zip_code, :city, :state, :district, :country, :nationality]
   PERSON_CATEGORIES[:work] = [:organization, :organization_website, :professional_activity]
   PERSON_CATEGORIES[:study] = [:schooling, :formation, :area_of_study]
-  PERSON_CATEGORIES[:network] = [:friends, :communities, :enterprises]
+  PERSON_CATEGORIES[:network] = [:friends, :followers, :followed_profiles, :communities, :enterprises]
   PERSON_CATEGORIES.merge!(COMMON_CATEGORIES)
   ORGANIZATION_CATEGORIES = {}
@@ -42,7 +42,8 @@ module ProfileHelper
     :created_at => _('Profile created at'),
     :members_count => _('Members'),
     :privacy_setting => _('Privacy setting'),
-    :article_tags => _('Tags')
+    :article_tags => _('Tags'),
+    :followed_profiles => _('Following')
   }
   EXCEPTION = {
@@ -144,6 +145,14 @@ module ProfileHelper
     link_to(n_('One picture', '%{num} pictures', gallery.images.published.count) % { :num => gallery.images.published.count }, gallery.url)
   end
+  def treat_followers(followers)
+    link_to(profile.followers.count, {:action=>"followed", :controller=>"profile", :profile=>"#{profile.identifier}"})
+  end
+
+  def treat_followed_profiles(followed_profiles)
+    link_to(profile.followed_profiles.count, {:action=>"following", :controller=>"profile", :profile=>"#{profile.identifier}"})
+  end
+
   def treat_events(events)
     link_to events.published.count, :controller => 'events', :action => 'events'
   end
@@ -19,8 +19,8 @@ class NotifyActivityToProfilesJob &lt; Struct.new(:tracked_action_id)
     # Notify the user
     ActionTrackerNotification.create(:profile_id => tracked_action.user.id, :action_tracker_id => tracked_action.id)
-    # Notify all friends
-    ActionTrackerNotification.connection.execute("insert into action_tracker_notifications(profile_id, action_tracker_id) select f.friend_id, #{tracked_action.id} from friendships as f where person_id=#{tracked_action.user.id} and f.friend_id not in (select atn.profile_id from action_tracker_notifications as atn where atn.action_tracker_id = #{tracked_action.id})")
+    # Notify all followers
+    ActionTrackerNotification.connection.execute("INSERT INTO action_tracker_notifications(profile_id, action_tracker_id) SELECT DISTINCT c.person_id, #{tracked_action.id} FROM profiles_circles AS p JOIN circles as c ON c.id = p.circle_id WHERE p.profile_id = #{tracked_action.user.id} AND (c.person_id NOT IN (SELECT atn.profile_id FROM action_tracker_notifications AS atn WHERE atn.action_tracker_id = #{tracked_action.id}))")
     if tracked_action.user.is_a? Organization
       ActionTrackerNotification.connection.execute "insert into action_tracker_notifications(profile_id, action_tracker_id) " +
@@ -47,8 +47,8 @@ class Contact
         content_type: 'text/html',
         to: contact.dest.notification_emails,
         reply_to: contact.email,
-        subject: "[#{contact.dest.short_name(30)}] " + contact.subject,
-        from: "#{contact.name} <#{contact.dest.environment.noreply_email}>"
+        subject: "[#{contact.dest.short_name(30)}] #{contact.subject}".html_safe,
+        from: "#{contact.name} <#{contact.dest.environment.noreply_email}>".html_safe
       }
       if contact.sender
@@ -30,7 +30,7 @@ class EnvironmentMailing &lt; Mailing
   end
   def signature_message
-    _('Sent by %s.') % source.name
+    _('Sent by %s.').html_safe % source.name
   end
   def url
@@ -2,7 +2,8 @@ require_dependency &#39;mailing_job&#39;
 class Mailing < ApplicationRecord
-  acts_as_having_settings :field => :data
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :data
   attr_accessible :subject, :body, :data
@@ -23,11 +24,11 @@ class Mailing &lt; ApplicationRecord
   end
   def generate_from
-    "#{source.name} <#{if source.is_a? Environment then source.noreply_email else source.contact_email end}>"
+    "#{source.name} <#{if source.is_a? Environment then source.noreply_email else source.contact_email end}>".html_safe
   end
   def generate_subject
-    '[%s] %s' % [source.name, subject]
+    '[%s] %s'.html_safe % [source.name, subject]
   end
   def signature_message
@@ -30,7 +30,7 @@ class OrganizationMailing &lt; Mailing
   end
   def signature_message
-    _('Sent by community %s.') % source.name
+    _('Sent by community %s.').html_safe % source.name
   end
   include Rails.application.routes.url_helpers
@@ -12,8 +12,8 @@ class PendingTaskNotifier &lt; ApplicationMailer
     mail(
       to: person.email,
-      from: "#{person.environment.name} <#{person.environment.noreply_email}>",
-      subject: _("[%s] Pending tasks") % person.environment.name
+      from: "#{person.environment.name} <#{person.environment.noreply_email}>".html_safe,
+      subject: _("[%s] Pending tasks").html_safe % person.environment.name
     )
   end
@@ -14,8 +14,8 @@ class ScrapNotifier &lt; ApplicationMailer
     @url = sender.environment.top_url
     mail(
       to: receiver.email,
-      from: "#{sender.environment.name} <#{sender.environment.noreply_email}>",
-      subject: _("[%s] You received a scrap!") % [sender.environment.name]
+      from: "#{sender.environment.name} <#{sender.environment.noreply_email}>".html_safe,
+      subject: _("[%s] You received a scrap!").html_safe % [sender.environment.name]
     )
   end
 end
@@ -14,7 +14,7 @@ class TaskMailer &lt; ApplicationMailer
     mail(
       to: task.target.notification_emails.compact,
       from: self.class.generate_from(task),
-      subject: "[%s] %s" % [task.environment.name, task.target_notification_description]
+      subject: "[%s] %s".html_safe % [task.environment.name, task.target_notification_description]
     )
   end
@@ -27,7 +27,7 @@ class TaskMailer &lt; ApplicationMailer
     mail(
       to: task.friend_email,
       from: self.class.generate_from(task),
-      subject: '[%s] %s' % [ task.requestor.environment.name, task.target_notification_description ]
+      subject: '[%s] %s'.html_safe % [ task.requestor.environment.name, task.target_notification_description ]
     )
   end
@@ -43,7 +43,7 @@ class TaskMailer &lt; ApplicationMailer
     mail_with_template(
       to: task.requestor.notification_emails,
       from: self.class.generate_from(task),
-      subject: '[%s] %s' % [task.requestor.environment.name, task.target_notification_description],
+      subject: '[%s] %s'.html_safe % [task.requestor.environment.name, task.target_notification_description],
       email_template: task.email_template,
       template_params: {:environment => task.requestor.environment, :task => task, :message => @message, :url => @url, :requestor => task.requestor}
     )
@@ -13,8 +13,8 @@ class UserMailer &lt; ApplicationMailer
     mail(
       to: user_email,
-      from: "#{user.environment.name} <#{user.environment.contact_email}>",
-      subject: _("[%{environment}] Welcome to %{environment} mail!") % { :environment => user.environment.name }
+      from: "#{user.environment.name} <#{user.environment.contact_email}>".html_safe,
+      subject: _("[%{environment}] Welcome to %{environment} mail!").html_safe % { :environment => user.environment.name }
     )
   end
@@ -30,7 +30,7 @@ class UserMailer &lt; ApplicationMailer
     mail_with_template(
       from: "#{user.environment.name} <#{user.environment.contact_email}>",
       to: user.email,
-      subject: _("[%s] Activate your account") % [user.environment.name],
+      subject: _("[%s] Activate your account").html_safe % [user.environment.name],
       template_params: {:environment => user.environment, :activation_code => @activation_code, :redirection => @redirection, :join => @join, :person => user.person, :url => @url},
       email_template: user.environment.email_templates.find_by_template_type(:user_activation),
     )
@@ -44,8 +44,8 @@ class UserMailer &lt; ApplicationMailer
     mail(
       content_type: 'text/html',
       to: user.email,
-      from: "#{user.environment.name} <#{user.environment.contact_email}>",
-      subject: email_subject.blank? ? _("Welcome to environment %s") % [user.environment.name] : email_subject,
+      from: "#{user.environment.name} <#{user.environment.contact_email}>".html_safe,
+      subject: email_subject.blank? ? _("Welcome to environment %s").html_safe % [user.environment.name] : email_subject,
       body: @body
     )
   end
@@ -63,8 +63,8 @@ class UserMailer &lt; ApplicationMailer
     mail(
       content_type: 'text/html',
       to: user.email,
-      from: "#{user.environment.name} <#{user.environment.contact_email}>",
-      subject: _("[%s] What about grow up your network?") % user.environment.name
+      from: "#{user.environment.name} <#{user.environment.contact_email}>".html_safe,
+      subject: _("[%s] What about grow up your network?").html_safe % user.environment.name
     )
   end
@@ -25,7 +25,7 @@ class AbuseComplaint &lt; Task
   end
   def title
-    abuse_reports.count > 1 ? (_('Abuse complaint (%s)') % abuse_reports.count) :_('Abuse complaint')
+    abuse_reports.count > 1 ? (_('Abuse complaint (%s)').html_safe % abuse_reports.count) :_('Abuse complaint')
   end
   def linked_subject
@@ -57,15 +57,15 @@ class AbuseComplaint &lt; Task
   end
   def task_activated_message
-    _('Your profile was reported by the users of %s due to inappropriate behavior. The administrators of the environment are now reviewing the report. To solve this misunderstanding, please contact the administrators.') % environment.name
+    _('Your profile was reported by the users of %s due to inappropriate behavior. The administrators of the environment are now reviewing the report. To solve this misunderstanding, please contact the administrators.').html_safe % environment.name
   end
   def task_finished_message
-    _('Your profile was disabled by the administrators of %s due to inappropriate behavior. To solve this misunderstanding please contact them.') % environment.name
+    _('Your profile was disabled by the administrators of %s due to inappropriate behavior. To solve this misunderstanding please contact them.').html_safe % environment.name
   end
   def target_notification_description
-    _('%s was reported due to inappropriate behavior.') % reported.name
+    _('%s was reported due to inappropriate behavior.').html_safe % reported.name
   end
   def target_notification_message
@@ -22,6 +22,7 @@ class AddMember &lt; Task
       self.roles = [Profile::Roles.member(organization.environment.id).id]
     end
     target.affiliate(requestor, self.roles.select{|r| !r.to_i.zero? }.map{|i| Role.find(i)})
+    person.follow(organization, Circle.find_or_create_by(:person => person, :name =>_('memberships'), :profile_type => 'Community'))
   end
   def title
@@ -56,7 +57,7 @@ class AddMember &lt; Task
   def target_notification_description
     requestor_email = " (#{requestor.email})" if requestor.may_display_field_to?("email")
-    _("%{requestor}%{requestor_email} wants to be a member of '%{organization}'.") % {:requestor => requestor.name, :requestor_email => requestor_email, :organization => organization.name}
+    _("%{requestor}%{requestor_email} wants to be a member of '%{organization}'.").html_safe % {:requestor => requestor.name, :requestor_email => requestor_email, :organization => organization.name}
   end
   def target_notification_message
@@ -13,7 +13,9 @@ class Article &lt; ApplicationRecord
                   :image_builder, :show_to_followers, :archived,
                   :author, :display_preview, :published_at, :person_followers
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
+
   include Noosfero::Plugin::HotSpot
   SEARCHABLE_FIELDS = {
@@ -91,7 +93,8 @@ class Article &lt; ApplicationRecord
   has_many :article_categorizations_including_virtual, :class_name => 'ArticleCategorization'
   has_many :categories_including_virtual, :through => :article_categorizations_including_virtual, :source => :category
-  acts_as_having_settings :field => :setting
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :setting
   settings_items :display_hits, :type => :boolean, :default => true
   settings_items :author_name, :type => :string, :default => ""
@@ -242,6 +245,7 @@ class Article &lt; ApplicationRecord
   acts_as_taggable
   N_('Tag list')
+  extend ActsAsFilesystem::ActsMethods
   acts_as_filesystem
   acts_as_versioned
@@ -534,13 +538,13 @@ class Article &lt; ApplicationRecord
   scope :display_filter, lambda {|user, profile|
     return published if (user.nil? && profile && profile.public?)
-    return [] if user.nil? || (profile && !profile.public? && !user.follows?(profile))
+    return [] if user.nil? || (profile && !profile.public? && !profile.in_social_circle?(user))
     where(
       [
        "published = ? OR last_changed_by_id = ? OR profile_id = ? OR ?
         OR  (show_to_followers = ? AND ? AND profile_id IN (?))", true, user.id, user.id,
         profile.nil? ?  false : user.has_permission?(:view_private_content, profile),
-        true, (profile.nil? ? true : user.follows?(profile)),  ( profile.nil? ? (user.friends.select('profiles.id')) : [profile.id])
+        true, (profile.nil? ? true : profile.in_social_circle?(user)),  ( profile.nil? ? (user.friends.select('profiles.id')) : [profile.id])
       ]
     )
   }
@@ -17,6 +17,7 @@ class Block &lt; ApplicationRecord
   belongs_to :mirror_block, :class_name => "Block"
   has_many :observers, :class_name => "Block", :foreign_key => "mirror_block_id"
+  extend ActsAsHavingSettings::ClassMethods
   acts_as_having_settings
   scope :enabled, -> { where :enabled => true }
@@ -88,7 +89,7 @@ class Block &lt; ApplicationRecord
   end
   def display_to_user?(user)
-    display_user == 'all' || (user.nil? && display_user == 'not_logged') || (user && display_user == 'logged') || (user && display_user == 'followers' && user.follows?(owner))
+    display_user == 'all' || (user.nil? && display_user == 'not_logged') || (user && display_user == 'logged') || (user && display_user == 'followers' && owner.in_social_circle?(user))
   end
   def display_always(context)
@@ -2,7 +2,9 @@ class Blog &lt; Folder
   attr_accessible :visualization_format
+  extend ActsAsHavingPosts::ClassMethods
   acts_as_having_posts
+
   include PostsLimit
   #FIXME This should be used until there is a migration to fix all blogs that
@@ -21,6 +21,7 @@ class Category &lt; ApplicationRecord
   scope :on_level, -> parent { where :parent_id => parent }
+  extend ActsAsFilesystem::ActsMethods
   acts_as_filesystem
   has_many :article_categorizations
@@ -35,6 +36,7 @@ class Category &lt; ApplicationRecord
   has_many :people, :through => :profile_categorizations, :source => :profile, :class_name => 'Person'
   has_many :communities, :through => :profile_categorizations, :source => :profile, :class_name => 'Community'
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
   before_save :normalize_display_color
@@ -0,0 +1,37 @@
+class Circle < ApplicationRecord
+  has_many :profile_followers
+  belongs_to :person
+
+  attr_accessible :name, :person, :profile_type
+
+  validates :name, presence: true
+  validates :person_id, presence: true
+  validates :profile_type, presence: true
+  validates :person_id, :uniqueness => {:scope => :name, :message => "can't add two circles with the same name"}
+
+  validate :profile_type_must_be_in_list
+
+  scope :by_owner, -> person{
+    where(:person => person)
+  }
+
+  scope :with_name, -> name{
+    where(:name => name)
+  }
+
+  def self.profile_types
+    {
+      _("Person") => Person.name,
+      _("Community") => Community.name,
+      _("Enterprise") => Enterprise.name
+    }
+  end
+
+  def profile_type_must_be_in_list
+    valid_profile_types = Circle.profile_types.values
+    unless self.profile_type.in? valid_profile_types
+      self.errors.add(:profile_type, "invalid profile type")
+    end
+  end
+
+end
@@ -38,6 +38,7 @@ class Comment &lt; ApplicationRecord
   validate :article_archived?
+  extend ActsAsHavingSettings::ClassMethods
   acts_as_having_settings
   xss_terminate :only => [ :body, :title, :name ], :on => 'validation'
@@ -0,0 +1,265 @@
+module ActsAsFilesystem
+
+  module ActsMethods
+
+    # Declares the ActiveRecord model to acts like a filesystem: objects are
+    # arranged in a tree (liks acts_as_tree), and . The underlying table must
+    # have the following fields:
+    #
+    # * name (+:string+) - the title of the object
+    # * slug (+:string+)- the title turned in a URL-friendly string (downcased,
+    #   non-ascii chars transliterated into ascii, all sequences of
+    #   non-alphanumericd characters changed into dashed)
+    # * path (+:text+)- stores the full path of the object (the full path of
+    #   the parent, a "/" and the slug of the object)
+    # * children_count - a cache of the number of children elements.
+    def acts_as_filesystem
+      # a filesystem is a tree
+      acts_as_tree :counter_cache => :children_count
+
+      extend ClassMethods
+      include InstanceMethods
+      if self.has_path?
+        after_update :update_children_path
+        before_create :set_path
+        include InstanceMethods::PathMethods
+      end
+
+      before_save :set_ancestry
+    end
+
+  end
+
+  module ClassMethods
+
+    def build_ancestry(parent_id = nil, ancestry = '')
+      ActiveRecord::Base.transaction do
+        self.base_class.where(parent_id: parent_id).each do |node|
+          node.update_column :ancestry, ancestry
+
+          build_ancestry node.id, (ancestry.empty? ? "#{node.formatted_ancestry_id}" :
+                                   "#{ancestry}#{node.ancestry_sep}#{node.formatted_ancestry_id}")
+        end
+      end
+
+      #raise "Couldn't reach and set ancestry on every record" if self.base_class.where('ancestry is null').count != 0
+    end
+
+    def has_path?
+      (['name', 'slug', 'path'] - self.column_names).blank?
+    end
+
+  end
+
+  module InstanceMethods
+
+    def ancestry_column
+      'ancestry'
+    end
+    def ancestry_sep
+      '.'
+    end
+    def has_ancestry?
+      self.class.column_names.include? self.ancestry_column
+    end
+
+    def formatted_ancestry_id
+      "%010d" % self.id if self.id
+    end
+
+    def ancestry
+      self[ancestry_column]
+    end
+    def ancestor_ids
+      return nil if !has_ancestry? or ancestry.nil?
+      @ancestor_ids ||= ancestry.split(ancestry_sep).map{ |id| id.to_i }
+    end
+
+    def ancestry=(value)
+      self[ancestry_column] = value
+    end
+    def set_ancestry
+      return unless self.has_ancestry?
+      if self.ancestry.nil? or (new_record? or parent_id_changed?) or recalculate_path
+        self.ancestry = self.hierarchy(true)[0...-1].map{ |p| p.formatted_ancestry_id }.join(ancestry_sep)
+      end
+    end
+
+    def descendents_options
+      ["#{self.ancestry_column} LIKE ?", "%#{self.formatted_ancestry_id}%"]
+    end
+    def descendents
+      self.class.where descendents_options
+    end
+
+    # calculates the level of the record in the records hierarchy. Top-level
+    # records have level 0; the children of the top-level records have
+    # level 1; the children of records with level 1 have level 2, and so on.
+    #
+    #      A    level 0
+    #     / \
+    #    B   C  level 1
+    #   / \ / \
+    #   E F G H level 2
+    #     ...
+    def level
+      self.hierarchy.size - 1
+    end
+
+    # Is this record a top-level record?
+    def top_level?
+      self.parent.nil?
+    end
+
+    # Is this record a leaf in the hierarchy tree of records?
+    #
+    # Being a leaf means that this record has no subrecord.
+    def leaf?
+      self.children.empty?
+    end
+
+    def top_ancestor
+      if has_ancestry? and !ancestry.blank?
+        self.class.base_class.find_by id: self.top_ancestor_id
+      else
+        self.hierarchy.first
+      end
+    end
+    def top_ancestor_id
+      if has_ancestry? and !ancestry.nil?
+        self.ancestor_ids.first
+      else
+        self.hierarchy.first.id
+      end
+    end
+
+    # returns the full hierarchy from the top-level item to this one. For
+    # example, if item1 has a children item2 and item2 has a children item3,
+    # then item3's hierarchy would be [item1, item2, item3].
+    #
+    # If +reload+ is passed as +true+, then the hierarchy is reload (usefull
+    # when the ActiveRecord object was modified in some way, or just after
+    # changing parent)
+    def hierarchy(reload = false)
+      @hierarchy = nil if reload or recalculate_path
+
+      if @hierarchy.nil?
+        @hierarchy = []
+
+        if !reload and !recalculate_path and ancestor_ids
+          objects = self.class.base_class.where(id: ancestor_ids)
+          ancestor_ids.each{ |id| @hierarchy << objects.find{ |t| t.id == id } }
+          @hierarchy << self
+        else
+          item = self
+          while item
+            @hierarchy.unshift(item)
+            item = item.parent
+          end
+        end
+      end
+
+      @hierarchy
+    end
+
+    def map_traversal(&block)
+      result = []
+      current_level = [self]
+
+      while !current_level.empty?
+        result += current_level
+        ids = current_level.select {|item| item.children_count > 0}.map(&:id)
+        break if ids.empty?
+        current_level = self.class.base_class.where(parent_id: ids)
+      end
+      block ||= (lambda { |x| x })
+      result.map(&block)
+    end
+
+    def all_children
+      res = map_traversal
+      res.shift
+      res
+    end
+
+    #####
+    # Path methods
+    # These methods are used when _path_, _name_ and _slug_ attributes exist
+    # and should be calculated based on the tree
+    #####
+    module PathMethods
+      # used to know when to trigger batch renaming
+      attr_accessor :recalculate_path
+
+      # calculates the full path to this record using parent's path.
+      def calculate_path
+        self.hierarchy.map{ |obj| obj.slug }.join('/')
+      end
+      def set_path
+        if self.path == self.slug && !self.top_level?
+          self.path = self.calculate_path
+        end
+      end
+      def explode_path
+        path.split(/\//)
+      end
+
+      def update_children_path
+        if self.recalculate_path
+          self.children.each do |child|
+            child.path = child.calculate_path
+            child.recalculate_path = true
+            child.save!
+          end
+        end
+        self.recalculate_path = false
+      end
+
+      # calculates the full name of a record by accessing the name of all its
+      # ancestors.
+      #
+      # If you have this record hierarchy:
+      #   Record "A"
+      #     Record "B"
+      #       Record "C"
+      #
+      # Then Record "C" will have "A/B/C" as its full name.
+      def full_name(sep = '/')
+        self.hierarchy.map {|item| item.name || '?' }.join(sep)
+      end
+
+      # gets the name without leading parents. Useful when dividing records
+      # in top-level groups and full names must not include the top-level
+      # record which is already a emphasized label
+      def full_name_without_leading(count, sep = '/')
+        parts = self.full_name(sep).split(sep)
+        count.times { parts.shift }
+        parts.join(sep)
+      end
+
+      def set_name(value)
+        if self.name != value
+          self.recalculate_path = true
+        end
+        self[:name] = value
+      end
+
+      # sets the name of the record. Also sets #slug accordingly.
+      def name=(value)
+        self.set_name(value)
+        unless self.name.blank?
+          self.slug = self.name.to_slug
+        end
+      end
+
+      # sets the slug of the record. Also sets the path with the new slug value.
+      def slug=(value)
+        self[:slug] = value
+        unless self.slug.blank?
+          self.path = self.calculate_path
+        end
+      end
+    end
+  end
+end
+
@@ -0,0 +1,37 @@
+module ActsAsHavingBoxes
+
+  module ClassMethods
+    def acts_as_having_boxes
+      has_many :boxes, -> { order :position }, as: :owner, dependent: :destroy
+      self.send(:include, ActsAsHavingBoxes)
+    end
+  end
+
+  module BlockArray
+    def find(id)
+      select { |item| item.id == id.to_i }.first
+    end
+  end
+
+  def blocks(reload = false)
+    if (reload)
+      @blocks = nil
+    end
+    if @blocks.nil?
+      @blocks = boxes.includes(:blocks).inject([]) do |acc,obj|
+        acc.concat(obj.blocks)
+      end
+      @blocks.send(:extend, BlockArray)
+    end
+    @blocks
+  end
+
+  # returns 3 unless the class table has a boxes_limit column. In that case
+  # return the value of the column.
+  def boxes_limit layout_template = nil
+    layout_template ||= self.layout_template
+    @boxes_limit ||= LayoutTemplate.find(layout_template).number_of_boxes || 3
+  end
+
+end
+
@@ -0,0 +1,25 @@
+module ActsAsHavingImage
+
+  module ClassMethods
+    def acts_as_having_image
+      belongs_to :image, dependent: :destroy
+      scope :with_image, -> { where "#{table_name}.image_id IS NOT NULL" }
+      scope :without_image, -> { where "#{table_name}.image_id IS NULL" }
+      attr_accessible :image_builder
+      include ActsAsHavingImage
+    end
+  end
+
+  def image_builder=(img)
+    if image && image.id == img[:id]
+      image.attributes = img
+    else
+      build_image(img)
+    end unless img[:uploaded_data].blank?
+    if img[:remove_image] == 'true'
+      self.image_id = nil
+    end
+  end
+
+end
+
@@ -0,0 +1,49 @@
+module ActsAsHavingPosts
+
+  module ClassMethods
+    def acts_as_having_posts(scope = nil)
+      has_many :posts, -> {
+        s = order('published_at DESC, id DESC').where('articles.type != ?', 'RssFeed')
+        s = s.instance_exec(&scope) if scope
+        s
+      }, class_name: 'Article', foreign_key: 'parent_id', source: :children
+
+      attr_accessor :feed_attrs
+
+      after_create do |blog|
+        blog.children << RssFeed.new(:name => 'feed', :profile => blog.profile)
+        blog.feed = blog.feed_attrs
+      end
+
+      settings_items :posts_per_page, :type => :integer, :default => 5
+
+      self.send(:include, ActsAsHavingPosts)
+    end
+  end
+
+  def has_posts?
+    true
+  end
+
+  def feed
+    children.where(:type => 'RssFeed').first
+  end
+
+  def feed=(attrs)
+    if attrs
+      if self.feed
+        self.feed.update(attrs)
+      else
+        self.feed_attrs = attrs
+      end
+    end
+    self.feed
+  end
+
+  def name=(value)
+    self.set_name(value)
+    self.slug = self.slug.blank? ? self.name.to_slug : self.slug.to_slug
+  end
+
+end
+
@@ -0,0 +1,89 @@
+# declare missing types
+module ActiveRecord
+  module Type
+    class Symbol < Value
+      def cast_value value
+        value.to_sym
+      end
+    end
+    class Array < Value
+      def cast_value value
+        ::Array.wrap(value)
+      end
+    end
+    class Hash < Value
+      def cast_value value
+        h = ::Hash[value]
+        h.symbolize_keys!
+        h
+      end
+    end
+  end
+end
+
+module ActsAsHavingSettings
+
+  def self.type_cast value, type
+    # do not cast nil
+    return value if value.nil?
+    type.send :cast_value, value
+  end
+
+  module ClassMethods
+
+    def acts_as_having_settings(*args)
+      options = args.last.is_a?(Hash) ? args.pop : {}
+      field = (options[:field] || :settings).to_sym
+
+      serialize field, Hash
+      class_attribute :settings_field
+      self.settings_field = field
+
+      class_eval do
+        def settings_field
+          self[self.class.settings_field] ||= Hash.new
+        end
+
+        def setting_changed? setting_field
+          setting_field = setting_field.to_sym
+          changed_settings = self.changes[self.class.settings_field]
+          return false if changed_settings.nil?
+
+          old_setting_value = changed_settings.first.nil? ? nil : changed_settings.first[setting_field]
+          new_setting_value = changed_settings.last[setting_field]
+          old_setting_value != new_setting_value
+        end
+      end
+
+      settings_items *args
+    end
+
+    def settings_items *names
+
+      options = names.extract_options!
+      default = options[:default]
+      type = options[:type]
+      type = if type.present? then ActiveRecord::Type.const_get(type.to_s.camelize.to_sym).new else nil end
+
+      names.each do |setting|
+        # symbolize key
+        setting = setting.to_sym
+
+        define_method setting do
+          h = send self.class.settings_field
+          val = h[setting]
+          # translate default value if it is used
+          if not val.nil? then val elsif default.is_a? String then gettext default else default end
+        end
+
+        define_method "#{setting}=" do |value|
+          h = send self.class.settings_field
+          h[setting] = if type then ActsAsHavingSettings.type_cast value, type else value end
+        end
+      end
+    end
+
+  end
+
+end
+
@@ -0,0 +1,57 @@
+module CodeNumbering
+  module ClassMethods
+    def code_numbering field, options = {}
+      class_attribute :code_numbering_field
+      class_attribute :code_numbering_options
+
+      self.code_numbering_field = field
+      self.code_numbering_options = options
+
+      before_create :create_code_numbering
+
+      include CodeNumbering::InstanceMethods
+    end
+  end
+
+  module InstanceMethods
+
+    def code
+      self.attributes[self.code_numbering_field.to_s]
+    end
+
+    def code_scope
+      scope = self.code_numbering_options[:scope]
+      case scope
+      when Symbol
+        self.send scope
+      when Proc
+        instance_exec &scope
+      else
+        self.class
+      end
+    end
+
+    def code_maximum
+      self.code_scope.maximum(self.code_numbering_field) || 0
+    end
+
+    def create_code_numbering
+      max = self.code_numbering_options[:start].to_i - 1 if self.code_numbering_options[:start]
+      max = self.code_maximum
+      self.send "#{self.code_numbering_field}=", max+1
+    end
+
+    def reset_scope_code_numbering
+      max = self.code_numbering_options[:start].to_i - 1 if self.code_numbering_options[:start]
+      max ||= 1
+
+      self.code_scope.order(:created_at).each do |record|
+        record.update_column self.code_numbering_field, max
+        max += 1
+      end
+      self.reload
+    end
+
+  end
+end
+
@@ -0,0 +1,124 @@
+module Customizable
+
+  def self.included(base)
+    base.attr_accessible :custom_values
+    base.extend ClassMethods
+  end
+
+  module ClassMethods
+    def acts_as_customizable(options = {})
+      attr_accessor :custom_values
+      has_many :custom_field_values, :dependent => :delete_all, :as => :customized
+      send :include, Customizable::InstanceMethods
+      after_save :save_custom_values
+      validate :valid_custom_values?
+    end
+
+    def active_custom_fields environment
+      environment.custom_fields.select{|cf| customized_ancestors_list.include?(cf.customized_type) && cf.active}
+    end
+
+    def required_custom_fields environment
+      environment.custom_fields.select{|cf| customized_ancestors_list.include?(cf.customized_type) && cf.required}
+    end
+
+    def signup_custom_fields environment
+      environment.custom_fields.select{|cf| customized_ancestors_list.include?(cf.customized_type) && cf.signup}
+    end
+
+    def custom_fields environment
+      environment.custom_fields.select{|cf| customized_ancestors_list.include?(cf.customized_type)}
+    end
+
+    def customized_ancestors_list
+      current=self
+      result=[]
+      while current.instance_methods.include? :custom_value do
+        result << current.name
+        current=current.superclass
+      end
+      result
+    end
+
+  end
+
+  module InstanceMethods
+
+    def valid_custom_values?
+      is_valid = true
+      parse_custom_values.each do |cv|
+        unless cv.valid?
+          name = cv.custom_field.name
+          errors.add(name, cv.errors.messages[name.to_sym].first)
+          is_valid = false
+        end
+      end
+      is_valid
+    end
+
+    def customized_class
+      current=self.class
+      while current.instance_methods.include? :custom_fields do
+        result=current
+        current=current.superclass
+      end
+      result.name
+    end
+
+    def is_public(field_name)
+      cv = self.custom_field_values.detect{|cv| cv.custom_field.name==field_name}
+      cv.nil? ? false : cv.public
+    end
+
+    def public_values
+      self.custom_field_values.select{|cv| cv.public}
+    end
+
+    def custom_value(field_name)
+      cv = self.custom_field_values.detect{|cv| cv.custom_field.name==field_name}
+      cv.nil? ? default_value_for(field_name) : cv.value
+    end
+
+    def default_value_for(field_name)
+      field=self.class.custom_fields(environment).detect {|c| c.name == field_name}
+      field.nil? ? nil : field.default_value
+    end
+
+    def parse_custom_values
+      return_list = []
+      return return_list if custom_values.blank?
+      custom_values.each_pair do |key, value|
+        custom_field = environment.custom_fields.detect{|cf|cf.name==key}
+        next if custom_field.blank?
+        custom_field_value = self.custom_field_values(true).detect{|cv| cv.custom_field.name==key}
+
+        if custom_field_value.nil?
+          custom_field_value = CustomFieldValue.new
+          custom_field_value.custom_field = custom_field
+          custom_field_value.customized = self
+        end
+
+        if value.is_a?(Hash)
+          custom_field_value.value = value['value'].to_s
+          if value.has_key?('public')
+            is_public = value['public']=="true" || value['public']==true
+            custom_field_value.public = is_public
+          else
+            custom_field_value.public = false
+          end
+        else
+          custom_field_value.value = value.to_s
+          custom_field_value.public = false
+        end
+        return_list << custom_field_value
+      end
+      return_list
+    end
+
+    def save_custom_values
+      parse_custom_values.each(&:save)
+    end
+
+  end
+end
+
@@ -0,0 +1,55 @@
+module DelayedAttachmentFu
+
+  module ClassMethods
+    def delay_attachment_fu_thumbnails
+      include DelayedAttachmentFu::InstanceMethods
+      after_create do |file|
+        if file.thumbnailable?
+          Delayed::Job.enqueue CreateThumbnailsJob.new(file.class.name, file.id)
+        end
+      end
+    end
+  end
+
+  module InstanceMethods
+    # skip processing with RMagick
+    def process_attachment
+    end
+
+    def after_process_attachment
+      save_to_storage
+      @temp_paths.clear
+      @saved_attachment = nil
+      run_callbacks :after_attachment_saved
+    end
+
+    def create_thumbnails
+      if thumbnailable?
+        self.class.with_image(full_filename) do |img|
+          self.width = img.columns
+          self.height = img.rows
+          self.save!
+        end
+        self.class.attachment_options[:thumbnails].each do |suffix, size|
+          self.create_or_update_thumbnail(self.full_filename, suffix, size)
+        end
+        self.thumbnails_processed = true
+        self.save!
+      end
+    end
+
+    def public_filename(size=nil)
+      force, size = true, nil if size == :uploaded
+      if !self.thumbnailable? || self.thumbnails_processed || force
+        super size
+      else
+        size ||= :thumb
+        '/images/icons-app/image-loading-%s.png' % size
+      end
+    end
+
+
+  end
+end
+
+
@@ -0,0 +1,44 @@
+module SetProfileRegionFromCityState
+
+  module ClassMethods
+    def set_profile_region_from_city_state
+      before_save :region_from_city_and_state
+
+      include InstanceMethods
+      alias_method_chain :city=, :region
+      alias_method_chain :state=, :region
+    end
+  end
+
+  module InstanceMethods
+    include Noosfero::Plugin::HotSpot
+
+    def city_with_region=(value)
+      self.city_without_region = value
+      @change_region = true
+    end
+
+    def state_with_region=(value)
+      self.state_without_region = value
+      @change_region = true
+    end
+
+    def region_from_city_and_state
+      if @change_region
+        self.region = nil
+        state = search_region(State, self.state)
+        self.region = search_region(City.where(:parent_id => state.id), self.city) if state
+      end
+    end
+
+    private
+
+    def search_region(scope, query)
+      return nil if !query
+      query = query.downcase.strip
+      scope.where(['lower(name)=? OR lower(abbreviation)=? OR lower(acronym)=?', query, query, query]).first
+    end
+
+  end
+
+end
@@ -0,0 +1,8 @@
+module TranslatableContent
+
+  def translatable?
+    return false if self.profile && !self.profile.environment.languages.present?
+    parent.nil? || !parent.forum?
+  end
+
+end
@@ -0,0 +1,37 @@
+module WhiteListFilter
+
+  def check_iframe_on_content(content, trusted_sites)
+    if content.blank? || !content.include?('iframe')
+      return content
+    end
+    content.gsub!(/<iframe[^>]*>\s*<\/iframe>/i) do |iframe|
+      result = ''
+      unless iframe =~ /src=['"].*src=['"]/
+        trusted_sites.each do |trusted_site|
+          re_dom = trusted_site.gsub('.', '\.')
+          if iframe =~ /src=["'](https?:)?\/\/(www\.)?#{re_dom}\//
+            result = iframe
+          end
+        end
+      end
+      result
+    end
+    content
+  end
+
+  module ClassMethods
+    def filter_iframes(*opts)
+      options = opts.last.is_a?(Hash) && opts.pop || {}
+      white_list_method = options[:whitelist] || :iframe_whitelist
+      opts.each do |field|
+        before_validation do |obj|
+          obj.check_iframe_on_content(obj.send(field), obj.send(white_list_method))
+        end
+      end
+    end
+  end
+
+  def self.included(c)
+    c.send(:extend, WhiteListFilter::ClassMethods)
+  end
+end
@@ -12,6 +12,7 @@ class CreateCommunity &lt; Task
   attr_accessible :environment, :requestor, :target
   attr_accessible :reject_explanation, :template_id
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
   DATA_FIELDS = Community.fields + ['name', 'closed', 'description']
@@ -174,8 +174,4 @@ class Enterprise &lt; Organization
     ''
   end
-  def followed_by? person
-    super or self.fans.where(id: person.id).count > 0
-  end
-
 end
@@ -200,6 +200,7 @@ class Environment &lt; ApplicationRecord
   # Relationships and applied behaviour
   # #################################################
+  extend ActsAsHavingBoxes::ClassMethods
   acts_as_having_boxes
   after_create do |env|
@@ -251,7 +252,8 @@ class Environment &lt; ApplicationRecord
   # #################################################
   # store the Environment settings as YAML-serialized Hash.
-  acts_as_having_settings :field => :settings
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :settings
   # introduce and explain to users something about the signup
   settings_items :signup_intro, :type => String
-require 'noosfero/translatable_content'
 require 'builder'
 class Event < Article
@@ -138,7 +137,7 @@ class Event &lt; Article
     false
   end
-  include Noosfero::TranslatableContent
+  include TranslatableContent
   include MaybeAddHttp
 end
@@ -7,6 +7,10 @@ class FavoriteEnterprisePerson &lt; ApplicationRecord
   belongs_to :enterprise
   belongs_to :person
+  after_create do |favorite|
+    favorite.person.follow(favorite.enterprise, Circle.find_or_create_by(:person => favorite.person, :name =>_('favorites'), :profile_type => 'Enterprise'))
+  end
+
   protected
   def is_trackable?
@@ -10,7 +10,8 @@ class Folder &lt; Article
     errors.add(:parent, "A folder should not belong to a blog.") if parent && parent.blog?
   end
-  acts_as_having_settings :field => :setting
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :setting
   xss_terminate :only => [ :name, :body ], :with => 'white_list', :on => 'validation'
 class Forum < Folder
+  extend ActsAsHavingPosts::ClassMethods
   acts_as_having_posts -> { reorder 'updated_at DESC' }
+
   include PostsLimit
   attr_accessible :has_terms_of_use, :terms_of_use, :topic_creation
@@ -9,11 +9,22 @@ class Friendship &lt; ApplicationRecord
   after_create do |friendship|
     Friendship.update_cache_counter(:friends_count, friendship.person, 1)
     Friendship.update_cache_counter(:friends_count, friendship.friend, 1)
+
+    circles = friendship.group.blank? ? ['friendships'] : friendship.group.split(',').map(&:strip)
+    circles.each do |circle|
+      friendship.person.follow(friendship.friend, Circle.find_or_create_by(:person => friendship.person, :name => circle, :profile_type => 'Person'))
+    end
   end
   after_destroy do |friendship|
     Friendship.update_cache_counter(:friends_count, friendship.person, -1)
     Friendship.update_cache_counter(:friends_count, friendship.friend, -1)
+
+    groups = friendship.group.blank? ? ['friendships'] : friendship.group.split(',').map(&:strip)
+    groups.each do |group|
+      circle = Circle.find_by(:person => friendship.person, :name => group )
+      friendship.person.remove_profile_from_circle(friendship.friend, circle) if circle
+    end
   end
   def self.remove_friendship(person1, person2)
@@ -23,6 +23,7 @@ class Image &lt; ApplicationRecord
   validates_attachment :size => N_("{fn} of uploaded file was larger than the maximum size of 5.0 MB").fix_i18n
+  extend DelayedAttachmentFu::ClassMethods
   delay_attachment_fu_thumbnails
   postgresql_attachment_fu
@@ -8,7 +8,6 @@ class Person &lt; Profile
     :display => %w[compact]
   }
-
   def self.type_name
     _('Person')
   end
@@ -93,6 +92,7 @@ class Person &lt; Profile
   has_many :following_articles, :class_name => 'Article', :through => :article_followers, :source => :article
   has_many :friendships, :dependent => :destroy
   has_many :friends, :class_name => 'Person', :through => :friendships
+  has_many :circles
   scope :online, -> {
     joins(:user).where("users.chat_status != '' AND users.chat_status_at >= ?", DateTime.now - User.expires_chat_status_every.minutes)
@@ -200,6 +200,33 @@ class Person &lt; Profile
     end
   end
+  def follow(profile, circles)
+    circles = [circles] unless circles.is_a?(Array)
+    circles.each do |new_circle|
+      ProfileFollower.create(profile: profile, circle: new_circle)
+    end
+  end
+
+  def update_profile_circles(profile, new_circles)
+    profile_circles = ProfileFollower.with_profile(profile).with_follower(self).map(&:circle)
+    circles_to_add = new_circles - profile_circles
+    circles_to_remove = profile_circles - new_circles
+    circles_to_add.each do |new_circle|
+      ProfileFollower.create(profile: profile, circle: new_circle)
+    end
+
+    ProfileFollower.where('circle_id IN (?) AND profile_id = ?',
+                          circles_to_remove.map(&:id), profile.id).destroy_all
+  end
+
+  def unfollow(profile)
+    ProfileFollower.with_follower(self).with_profile(profile).destroy_all
+  end
+
+  def remove_profile_from_circle(profile, circle)
+    ProfileFollower.with_profile(profile).with_circle(circle).destroy_all
+  end
+
   def already_request_friendship?(person)
     person.tasks.where(requestor_id: self.id, type: 'AddFriend', status: Task::Status::ACTIVE).first
   end
@@ -580,9 +607,12 @@ class Person &lt; Profile
     person.has_permission?(:manage_friends, self)
   end
-  protected
+  def followed_profiles
+    Profile.followed_by self
+  end
-  def followed_by?(profile)
-    self == profile || self.is_a_friend?(profile)
+  def in_social_circle?(person)
+    self.is_a_friend?(person) || super
   end
+
 end
@@ -5,7 +5,7 @@ class Profile &lt; ApplicationRecord
   attr_accessible :name, :identifier, :public_profile, :nickname, :custom_footer, :custom_header, :address, :zip_code, :contact_phone, :image_builder, :description, :closed, :template_id, :environment, :lat, :lng, :is_template, :fields_privacy, :preferred_domain_id, :category_ids, :country, :city, :state, :national_region_code, :email, :contact_email, :redirect_l10n, :notification_time,
     :redirection_after_login, :custom_url_redirection,
-    :email_suggestions, :allow_members_to_invite, :invite_friends_only, :secret, :profile_admin_mail_notification
+    :email_suggestions, :allow_members_to_invite, :invite_friends_only, :secret, :profile_admin_mail_notification, :allow_followers
   # use for internationalizable human type names in search facets
   # reimplement on subclasses
@@ -52,6 +52,9 @@ class Profile &lt; ApplicationRecord
     def self.organization_custom_roles(env_id, profile_id)
       all_roles(env_id).where('profile_id = ?', profile_id)
     end
+    def self.organization_roles(env_id, profile_id)
+      all_roles(env_id).where("profile_id = ?  or key like 'profile_%'", profile_id)
+    end
     def self.all_roles(env_id)
       Role.where(environment_id: env_id)
     end
@@ -88,6 +91,8 @@ class Profile &lt; ApplicationRecord
   }
   acts_as_accessible
+
+  include Customizable
   acts_as_customizable
   include Noosfero::Plugin::HotSpot
@@ -185,6 +190,21 @@ class Profile &lt; ApplicationRecord
     Person.members_of(self).by_role(roles)
   end
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :data
+
+  def settings
+    data
+  end
+
+  settings_items :redirect_l10n, :type => :boolean, :default => false
+  settings_items :public_content, :type => :boolean, :default => true
+  settings_items :description
+  settings_items :fields_privacy, :type => :hash, :default => {}
+  settings_items :email_suggestions, :type => :boolean, :default => false
+  settings_items :profile_admin_mail_notification, :type => :boolean, :default => true
+
+  extend ActsAsHavingBoxes::ClassMethods
   acts_as_having_boxes
   acts_as_taggable
@@ -203,6 +223,23 @@ class Profile &lt; ApplicationRecord
   scope :more_active, -> { order 'activities_count DESC' }
   scope :more_recent, -> { order "created_at DESC" }
+  scope :followed_by, -> person{
+    distinct.select('profiles.*').
+    joins('left join profiles_circles ON profiles_circles.profile_id = profiles.id').
+    joins('left join circles ON circles.id = profiles_circles.circle_id').
+    where('circles.person_id = ?', person.id)
+  }
+
+  scope :in_circle, -> circle{
+    distinct.select('profiles.*').
+    joins('left join profiles_circles ON profiles_circles.profile_id = profiles.id').
+    joins('left join circles ON circles.id = profiles_circles.circle_id').
+    where('circles.id = ?', circle.id)
+  }
+
+  settings_items :allow_followers, :type => :boolean, :default => true
+  alias_method :allow_followers?, :allow_followers
+
   acts_as_trackable :dependent => :destroy
   has_many :profile_activities
@@ -215,6 +252,9 @@ class Profile &lt; ApplicationRecord
   has_many :email_templates, :foreign_key => :owner_id
+  has_many :profile_followers
+  has_many :followers, -> { uniq }, :class_name => 'Person', :through => :profile_followers, :source => :person
+
   # Although this should be a has_one relation, there are no non-silly names for
   # a foreign key on article to reference the template to which it is
   # welcome_page... =P
@@ -231,19 +271,6 @@ class Profile &lt; ApplicationRecord
     scrap.nil? ? Scrap.all_scraps(self) : Scrap.all_scraps(self).find(scrap)
   end
-  acts_as_having_settings :field => :data
-
-  def settings
-    data
-  end
-
-  settings_items :redirect_l10n, :type => :boolean, :default => false
-  settings_items :public_content, :type => :boolean, :default => true
-  settings_items :description
-  settings_items :fields_privacy, :type => :hash, :default => {}
-  settings_items :email_suggestions, :type => :boolean, :default => false
-  settings_items :profile_admin_mail_notification, :type => :boolean, :default => true
-
   validates_length_of :description, :maximum => 550, :allow_nil => true
   # Valid identifiers must match this format.
@@ -285,6 +312,7 @@ class Profile &lt; ApplicationRecord
   has_many :files, :class_name => 'UploadedFile'
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
   has_many :tasks, :dependent => :destroy, :as => 'target'
@@ -758,12 +786,13 @@ private :generate_url, :url_options
   # Adds a person as member of this Profile.
   def add_member(person, attributes={})
-    if self.has_members?
+    if self.has_members? && !self.secret
       if self.closed? && members.count > 0
         AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
       else
         self.affiliate(person, Profile::Roles.admin(environment.id), attributes) if members.count == 0
         self.affiliate(person, Profile::Roles.member(environment.id), attributes)
+        person.follow(self, Circle.find_or_create_by(:person => person, :name =>_('memberships'), :profile_type => 'Community'))
       end
       person.tasks.pending.of("InviteMember").select { |t| t.data[:community_id] == self.id }.each { |invite| invite.cancel }
       remove_from_suggestion_list person
@@ -1107,7 +1136,11 @@ private :generate_url, :url_options
   end
   def followed_by?(person)
-    person.is_member_of?(self)
+    (person == self) || (person.in? self.followers)
+  end
+
+  def in_social_circle?(person)
+    (person == self) || (person.is_member_of?(self))
   end
   def display_private_info_to?(user)
@@ -1148,4 +1181,8 @@ private :generate_url, :url_options
   def allow_destroy?(person = nil)
     person.kind_of?(Profile) && person.has_permission?('destroy_profile', self)
   end
+
+  def in_circle?(circle, follower)
+    ProfileFollower.with_follower(follower).with_circle(circle).with_profile(self).present?
+  end
 end
@@ -0,0 +1,28 @@
+class ProfileFollower < ApplicationRecord
+  self.table_name = :profiles_circles
+  track_actions :new_follower, :after_create, :keep_params => ["follower.name", "follower.url", "follower.profile_custom_icon"], :custom_user => :profile
+
+  attr_accessible :profile, :circle
+
+  belongs_to :profile
+  belongs_to :circle
+
+  has_one :person, through: :circle
+  alias follower person
+
+  validates_presence_of :profile_id, :circle_id
+  validates :profile_id, :uniqueness => {:scope => :circle_id, :message => "can't put a profile in the same circle twice"}
+
+  scope :with_follower, -> person{
+    joins(:circle).where('circles.person_id = ?', person.id)
+  }
+
+  scope :with_profile, -> profile{
+    where(:profile => profile)
+  }
+
+  scope :with_circle, -> circle{
+    where(:circle => circle)
+  }
+
+end
@@ -17,7 +17,8 @@ class ProfileSuggestion &lt; ApplicationRecord
     self.class.generate_profile_suggestions(profile_suggestion.person)
   end
-  acts_as_having_settings :field => :categories
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :categories
   validate :must_be_a_valid_category, :on => :create
   def must_be_a_valid_category
@@ -11,7 +11,8 @@
 # will need to declare <ttserialize</tt> itself).
 class Task < ApplicationRecord
-  acts_as_having_settings :field => :data
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :data
   module Status
     # the status of tasks just created
@@ -313,7 +314,7 @@ class Task &lt; ApplicationRecord
         where "LOWER(#{field}) LIKE ?", "%#{value.downcase}%"
       end
   }
-  scope :pending_all, -> profile, filter_type, filter_text {
+  scope :pending_all_by_filter, -> profile, filter_type, filter_text {
     self.to(profile).without_spam.pending.of(filter_type).like('data', filter_text)
   }
@@ -322,10 +323,17 @@ class Task &lt; ApplicationRecord
     if profile.person?
       envs_ids = Environment.all.select{ |env| profile.is_admin?(env) }.map{ |env| "target_id = #{env.id}"}.join(' OR ')
       environment_condition = envs_ids.blank? ? nil : "(target_type = 'Environment' AND (#{envs_ids}))"
+
+      organizations = profile.memberships.all.select do |organization| 
+        profile.has_permission?(:perform_task, organization) 
+      end
+      organization_ids = organizations.map{ |organization| "target_id = #{organization.id}"}.join(' OR ')
+
+      organization_conditions = organization_ids.blank? ? nil : "(target_type = 'Profile' AND (#{organization_ids}))"
     end
     profile_condition = "(target_type = 'Profile' AND target_id = #{profile.id})"
-    where [environment_condition, profile_condition].compact.join(' OR ')
+    where [environment_condition, organization_conditions, profile_condition].compact.join(' OR ')
   }
   scope :from_closed_date, -> closed_from {
-require 'noosfero/translatable_content'
-
 # a base class for all text article types.
 class TextArticle < Article
@@ -9,7 +7,7 @@ class TextArticle &lt; Article
     _('Article')
   end
-  include Noosfero::TranslatableContent
+  include TranslatableContent
   def self.icon_name(article = nil)
     if article && !article.parent.nil? && article.parent.kind_of?(Blog)
-require 'white_list_filter'
-
 class TinyMceArticle < TextArticle
   def self.short_description
@@ -84,6 +84,7 @@ class UploadedFile &lt; Article
   validates_attachment :size => N_("{fn} of uploaded file was larger than the maximum size of %{size}").sub('%{size}', self.max_size.to_humanreadable).fix_i18n
+  extend DelayedAttachmentFu::ClassMethods
   delay_attachment_fu_thumbnails
   postgresql_attachment_fu
@@ -3,7 +3,7 @@
     var answer = parseInt(form.answer.value);
     var val = form.answer.value;
     if (!answer || (val.length != 4) || val > <%= Time.now.year %> || val < 1900) {
-      alert(<%= (_('The year must be between %d and %d') % [1900, Time.now.year]).inspect %>);
+      alert(<%= (_('The year must be between %d and %d').html_safe % [1900, Time.now.year]).inspect %>);
       return false;
     } else {
       return true;
@@ -28,9 +28,9 @@
   <p>  <strong><%= _('Pay atention! You have only one chance!') %></strong> </p>
-  <p><%= _("This is a question to know if you really are part of this enterprise. Pay atention because you have only one chance to answer right and activate your enterprise. If you answer wrong you will not be able to activate the enterprise automaticaly and must get in touch with the admins of %s by email or phone.") % environment.name %> </p>
+  <p><%= _("This is a question to know if you really are part of this enterprise. Pay atention because you have only one chance to answer right and activate your enterprise. If you answer wrong you will not be able to activate the enterprise automaticaly and must get in touch with the admins of %s by email or phone.").html_safe % environment.name %> </p>
-  <%= ApplicationHelper::NoosferoFormBuilder::output_field(@question == :foundation_year ? (_("What year your enterprise was founded? It must have 4 digits, eg 1990. %s") % environment.tip_message_enterprise_activation_question) : _('What is the CNPJ of your enterprise?'), text_field_tag(:answer, nil, :id => 'enterprise-activation-answer')) %>
+  <%= ApplicationHelper::NoosferoFormBuilder::output_field(@question == :foundation_year ? (_("What year your enterprise was founded? It must have 4 digits, eg 1990. %s").html_safe % environment.tip_message_enterprise_activation_question) : _('What is the CNPJ of your enterprise?'), text_field_tag(:answer, nil, :id => 'enterprise-activation-answer')) %>
     <%= hidden_field_tag :enterprise_code, params[:enterprise_code] %>
 <div class='description'>
   <%= _('This text will be sent to new users if the feature "Send welcome e-mail to new users" is enabled on environment.') %><br/><br/>
-  <%= _('Including %s on body, it will be replaced by the real name of the e-mail recipient.') % content_tag('code', '{user_name}') %>
+  <%= _('Including %s on body, it will be replaced by the real name of the e-mail recipient.').html_safe % content_tag('code', '{user_name}') %>
 </div>
 <%= labelled_form_field(_('Subject'), text_field(:environment, :signup_welcome_text_subject, :style => 'width:100%')) %>
@@ -0,0 +1,11 @@
+<div class="circles" id='circles-list'>
+
+  <%= form_for :circles, :url => {:controller => 'profile', :action => 'follow'}, :html => {:id => "follow-circles-form"}  do |f|%>
+    <%= render partial: "blocks/profile_info_actions/select_circles", :locals => {:circles => circles, :followed_profile => profile, :follower => current_person } %>
+
+    <div id="circle-actions">
+      <%= submit_button :ok, _("Follow") %>
+      <input type="button" value="<%= _("Cancel") %>" id="cancel-set-circle" class="button with-text icon-cancel"/>
+    </div>
+  <% end %>
+</div>
 <li><%= report_abuse(profile, :button) %></li>
+<% if logged_in? && (user != profile) && profile.allow_followers? %>
+  <li>
+    <% follow = user.follows?(profile) %>
+    <%= button(:unfollow, content_tag('span', _('Unfollow')), {:profile => profile.identifier, :controller => 'profile', :action => 'unfollow'}, :method => :post, :id => 'action-unfollow', :title => _("Unfollow"), :style => follow ? "" : "display: none;") %>
+    <%= button(:ok, content_tag('span', _('Follow')), {:profile => profile.identifier, :controller => 'profile', :action => 'find_profile_circles'}, :id => 'action-follow', :title => _("Follow"), :style => follow ? "display: none;" : "") %>
+    <div id="circles-container" style="display: none;">
+    </div>
+  </li>
+<% end %>
 <%= render_environment_features(:profile_actions) %>
@@ -0,0 +1,22 @@
+<div class="circles" id='circles-list'>
+  <p><%= _("Select the circles for %s") % followed_profile.name %></p>
+  <div id="circles-checkboxes">
+    <% circles.each do |circle| %>
+      <div class="circle">
+        <%= labelled_check_box circle.name, "circles[#{circle.name}]", circle.id, followed_profile.in_circle?(circle, follower) %>
+      </div>
+    <% end %>
+  </div>
+
+  <%= button(:add, _('New Circle'), '#', :id => "new-circle") %>
+
+  <div id="new-circle-form" style="display: none;">
+    <%= labelled_text_field _('Circle name') , 'circle[name]', "",:id => 'text-field-name-new-circle'%>
+    <%= hidden_field_tag('circle[profile_type]', followed_profile.class.name) %>
+
+    <%= button_bar do %>
+      <%= button(:save, _('Create'), {:profile => follower.identifier, :controller => 'circles', :action => 'xhr_create'}, :id => "new-circle-submit") %>
+      <%= button(:cancel, _('Cancel'), '#', :id => "new-circle-cancel") %>
+    <% end %>
+  </div>
+</div>
@@ -15,7 +15,7 @@
   <div id="block-info-description">
     <h2><%= _('Description') %></h2>
     <p><%= @block.class.description %></p>
-    <p><%= @block.help if @block.class.method_defined?(:help) %></p>
+    <p><%= @block.help.html_safe if @block.class.method_defined?(:help) %></p>
   </div>
 </div>
@@ -0,0 +1,3 @@
+<div class="circle">
+  <%= labelled_check_box circle.name, "circles[#{circle.name}]", circle.id %>
+</div>
@@ -0,0 +1,14 @@
+<%= error_messages_for :circle %>
+
+<%= labelled_form_for :circle, :url => (mode == :edit) ? {:action => 'update', :id => circle} : {:action => 'create'} do |f| %>
+
+  <%= required_fields_message %>
+
+  <%= required f.text_field(:name) %>
+
+  <%= required labelled_form_field _("Profile type"), f.select(:profile_type, Circle.profile_types.to_a) %>
+
+  <%= button_bar do %>
+    <%= submit_button('save', (mode == :edit) ? _('Save changes') : _('Create circle'), :cancel => {:action => 'index'} ) %>
+  <% end %>
+<% end %>
@@ -0,0 +1,3 @@
+<h1><%= _("Edit circle") %></h1>
+
+<%= render :partial => 'form', :locals => { :mode => :edit, :circle => @circle, :profile_types => @profile_types } %>
@@ -0,0 +1,30 @@
+<h1><%= _('Manage circles') %></h1>
+
+<table>
+  <tr>
+    <th><%= _('Circle name') %></th>
+    <th><%= _('Profile type') %></th>
+    <th><%= _('Actions') %></th>
+  </tr>
+  <% @circles.each do |circle| %>
+    <tr>
+      <td>
+        <%= circle.name %>
+      </td>
+      <td>
+        <%= _(circle.profile_type) %>
+      </td>
+      <td>
+        <div style="text-align: center;">
+          <%= button_without_text :edit, _('Edit'), :action => 'edit', :id => circle %>
+          <%= button_without_text :delete, _('Delete'), { :action => 'destroy', :id => circle }, { "data-method" => "POST" } %>
+        </div>
+      </td>
+    </tr>
+  <% end %>
+</table>
+
+<%= button_bar do %>
+  <%= button :add, _('Create a new circle'), :action => 'new' %>
+  <%= button :back, _('Back to control panel'), :controller => 'profile_editor' %>
+<% end %>
@@ -0,0 +1,3 @@
+<h1><%= _("New circle") %></h1>
+
+<%= render :partial => 'form', :locals => { :mode => :new, :circle => @circle, :profile_types => @profile_types } %>
@@ -58,7 +58,7 @@
 <div id="blog-image-builder">
   <%= f.fields_for :image_builder, @article.image do |i| %>
     <%= file_field_or_thumbnail(_('Cover image:'), @article.image, i)%>
-    <%= _("Max size: %s (.jpg, .gif, .png)")% Image.max_size.to_humanreadable %>
+    <%= _("Max size: %s (.jpg, .gif, .png)").html_safe % Image.max_size.to_humanreadable %>
   <% end %>
 </div>
-<h2><%= _('Processed validation request for %s ') % @processed.name %> (<%= status(@processed) %>)</h2>
+<h2><%= _('Processed validation request for %s ').html_safe % @processed.name %> (<%= status(@processed) %>)</h2>
 <%= link_to _('Back'), :action => 'index' %>
-<h1><%= _('Adding %s as a favorite enterprise') % @favorite_enterprise.name %></h1>
+<h1><%= _('Adding %s as a favorite enterprise').html_safe % @favorite_enterprise.name %></h1>
 <p>
-<%= _('Are you sure you want to add %s as your favorite enterprise?') % @favorite_enterprise.name %>
+<%= _('Are you sure you want to add %s as your favorite enterprise?').html_safe % @favorite_enterprise.name %>
 </p>
 <%= form_tag do %>
   <%= hidden_field_tag(:confirmation, 1) %>
-  <%= submit_button(:ok, _("Yes, I am sure"), :title => _("I want to add %s as a favorite enterprise") % @favorite_enterprise.name) %>
+  <%= submit_button(:ok, _("Yes, I am sure"), :title => _("I want to add %s as a favorite enterprise").html_safe % @favorite_enterprise.name) %>
   <%= button(:cancel, _("No, I don't want"), :action => 'index') %>
 <% end %>
@@ -4,15 +4,15 @@
   current_index = images.index(image.encapsulated_file)
   total_of_images = images.count
   link_to_previous = if current_index >= 1
-   link_to(_('&laquo; Previous'), images[current_index - 1].view_url, :class => 'previous')
+   link_to(_('&laquo; Previous').html_safe, images[current_index - 1].view_url, :class => 'previous')
   else
-    content_tag('span', _('&laquo; Previous'), :class => 'previous')
+    content_tag('span', _('&laquo; Previous').html_safe, :class => 'previous')
   end
   link_to_next = if current_index < total_of_images - 1
-    link_to(_('Next &raquo;'), images[current_index + 1].view_url, :class => 'next')
+    link_to(_('Next &raquo;').html_safe, images[current_index + 1].view_url, :class => 'next')
   else
-    content_tag('span', _('Next &raquo;'), :class => 'next')
+    content_tag('span', _('Next &raquo;').html_safe, :class => 'next')
   end
 %>
@@ -0,0 +1,14 @@
+<div class="circles" id='circles-list'>
+  <%= form_for :circles, :url => {:controller => 'followers', :action => 'update_category'}, :html => {:id => "follow-circles-form"}  do |f|%>
+    <%= render partial: "blocks/profile_info_actions/select_circles", :locals => {:circles => circles, :followed_profile => followed_profile, :follower => profile }  %>
+
+    <%= hidden_field_tag('followed_profile_id', followed_profile.id) %>
+
+    <div id="circle-actions">
+      <div id="actions-container">
+        <%= submit_button('save', _('Save')) %>
+        <%= modal_close_button  _("Cancel") %>
+      </div>
+    </div>
+  <% end %>
+</div>
@@ -0,0 +1,17 @@
+<ul class="profile-list">
+  <% profiles.each do |followed_profile| %>
+    <li>
+    <%= link_to_profile profile_image(followed_profile) + tag('br') + followed_profile.short_name,
+                        followed_profile.identifier, :class => 'profile-link' %>
+    <div class="controll">
+      <%= button_without_text :remove, content_tag('span',_('unfollow')),
+        { :controller => "profile", :profile => followed_profile.identifier, :follower_id => profile.id,
+          :action => 'unfollow', :redirect_to => url_for({:controller => "followers", :profile => profile.identifier}) },
+          :method => :post, :title => _('remove') %>
+      <%= modal_icon_button :edit, _('change category'),
+             url_for(:controller => 'followers', :action => 'set_category_modal',
+                     :followed_profile_id => followed_profile.id) %>
+    </div><!-- end class="controll" -->
+    </li>
+  <% end %>
+</ul>
@@ -0,0 +1,27 @@
+<div id="manage_followed people">
+
+<h1><%= _("%s is following") % profile.name %></h1>
+
+<% cache_timeout(profile.manage_friends_cache_key(params), 4.hours) do %>
+  <% if @followed_people.empty? %>
+    <p>
+      <em>
+        <%= _("You don't follow anybody yet.") %>
+      </em>
+    </p>
+  <% end %>
+
+  <%= button_bar do %>
+    <%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
+    <%= button(:search, _('Find people'), :controller => 'search', :action => 'assets', :asset => 'people') %>
+  <% end %>
+
+  <%= labelled_select(_('Profile type')+': ', :filter_profile_type, :last, :first, @active_filter, @profile_types, :id => "profile-type-filter") %>
+
+  <%= render :partial => 'profile_list', :locals => { :profiles => @followed_people } %>
+
+  <br style="clear:both" />
+  <%= pagination_links @followed_people, :param_name => 'npage' %>
+<% end %>
+
+</div>
 <div id="remove_friend">
-<h1><%= _('Removing friend: %s') % @friend.name %></h1>
+<h1><%= _('Removing friend: %s').html_safe % @friend.name %></h1>
 <%= profile_image @friend, :thumb, :class => 'friend_picture' %>
 <p>
-<%= _('Are you sure you want to remove %s from your friends list?') % @friend.name %>
+<%= _('Are you sure you want to remove %s from your friends list?').html_safe % @friend.name %>
 </p>
 <p>
 <em>
-<%= _('Note that %s will still have you as a friend, unless he/she also wants to remove you from his/her friend list.') % @friend.name %>
+<%= _('Note that %s will still have you as a friend, unless he/she also wants to remove you from his/her friend list.').html_safe % @friend.name %>
 </em>
 </p>
 <% default_message = defined?(default_message) ? default_message : false %>
 <div id='thanks-for-signing'>
-  <h1><%= _("Welcome to %s!") % environment.name %></h1>
+  <h1><%= _("Welcome to %s!").html_safe % environment.name %></h1>
   <% if environment.has_custom_welcome_screen? && !default_message %>
     <%= environment.settings[:signup_welcome_screen_body].html_safe %>
   <% else %>
@@ -10,21 +10,21 @@
         <p><%= _("Firstly, some tips for getting started:") %></p>
         <h4><%= _("Confirm your account!") %></h4>
         <p><%= _("You should receive a welcome email from us shortly. Please take a second to follow the link within to confirm your account.") %></p>
-        <p><%= _("You won't appear as %s until your account is confirmed.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
+        <p><%= _("You won't appear as %s until your account is confirmed.").html_safe % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
       <% else %>
         <h4><%= _("Wait for admin approvement!") %></h4>
         <p><%= _("The administrators will evaluate your signup request for approvement.") %></p>
-        <p><%= _("You won't appear as %s until your account is approved.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
+        <p><%= _("You won't appear as %s until your account is approved.").html_safe % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
       <% end %>
       <h4><%= _("What to do next?") %></h4>
-      <p><%= _("Access your %s and see your face on the network!") %
+      <p><%= _("Access your %s and see your face on the network!").html_safe %
         (user.present? ? link_to(_('Profile'), {:controller => 'profile', :profile => user.identifier}, :target => '_blank') : 'Profile') %>
-      <%= _("You can also explore your %s to customize your profile. Here are some %s on what you can do there.") %
+      <%= _("You can also explore your %s to customize your profile. Here are some %s on what you can do there.").html_safe %
         [user.present? ? link_to(_('Control Panel'), {:controller => 'profile_editor', :profile => user.identifier}, :target => '_blank') : 'Control Panel',
           link_to(_('tips'), {:controller => 'doc', :action => 'topic', :section => 'user', :topic => 'editing-person-info'}, :target => '_blank')] %></p>
-      <p><%= _("%s your Gmail, Yahoo and Hotmail contacts!") % link_to(_('Invite and find'), {:controller => 'doc', :action => 'topic', :section => 'user', :topic => 'invite-contacts'}, :target => '_blank') %></p>
-      <p><%= _("Learn the guidelines. Read the %s for more details on how to use this social network!") % link_to(_('Documentation'), {:controller => 'doc'}, :target => '_blank') %></p>
+      <p><%= _("%s your Gmail, Yahoo and Hotmail contacts!").html_safe % link_to(_('Invite and find'), {:controller => 'doc', :action => 'topic', :section => 'user', :topic => 'invite-contacts'}, :target => '_blank') %></p>
+      <p><%= _("Learn the guidelines. Read the %s for more details on how to use this social network!").html_safe % link_to(_('Documentation'), {:controller => 'doc'}, :target => '_blank') %></p>
       <p><%= _("Start exploring and have fun!") %></p>
   <% end %>
-  <%= render :partial => 'shared/template_welcome_page', :locals => {:template => @person_template, :header => _("What can I do as a %s?")} %>
+  <%= render :partial => 'shared/template_welcome_page', :locals => {:template => @person_template, :header => _("What can I do as a %s?").html_safe} %>
 </div>
@@ -5,7 +5,7 @@
   <td>
     <p>
     <span style="font-size: 14px;"><%= link_to activity.user.short_name(20), activity.user.url %></span>
-    <span style="font-size: 14px;"><%= _("has published on community %s") % link_to(activity.target.profile.short_name(20), activity.target.profile.url, :style => "color: #333; font-weight: bold; text-decoration: none;") if activity.target.profile.is_a?(Community) %></span>
+    <span style="font-size: 14px;"><%= _("has published on community %s").html_safe % link_to(activity.target.profile.short_name(20), activity.target.profile.url, :style => "color: #333; font-weight: bold; text-decoration: none;") if activity.target.profile.is_a?(Community) %></span>
     <span style="font-size: 10px; color: #929292; float:right;"><%= time_ago_in_words(activity.created_at) %></span>
     </p>
     <p>
@@ -0,0 +1 @@
+<%= render :partial => 'default_activity', :locals => { :activity => activity } %>
 <% if activity.comments_count > 2 %>
   <div style="font-size: 10px;">
     <% if activity.params['url'].blank?  %>
-      <%= _("%s comments") % activity.comments_count %>
+      <%= _("%s comments").html_safe % activity.comments_count %>
     <% else %>
-      <%= link_to(_("View all %s comments") % activity.comments_count, activity.params['url']) %>
+      <%= link_to(_("View all %s comments").html_safe % activity.comments_count, activity.params['url']) %>
     <% end %>
   </div>
 <% else %>
@@ -5,7 +5,7 @@
       <%= link_to @url, :style => "text-decoration: none;" do %>
         <span style="font-weight:bold;font-size: 28px;margin: 0;color: white;background-color: #AAAAAA;padding: 5px;"><%= @environment.name %></span>
       <% end %>
-      <span style="font-weight:bold;color: #333;font-size:19px;margin-left: 8px;"><%= _("%s's Notifications") % @profile.name %></h3>
+      <span style="font-weight:bold;color: #333;font-size:19px;margin-left: 8px;"><%= _("%s's Notifications").html_safe % @profile.name %></h3>
     </div>
     <div style="margin: 0 20px 20px 20px;border-top:1px solid #e2e2e2;">
       <% if @tasks.present? %>
@@ -34,7 +34,7 @@
       <div style="color:#444444;font-size:11px;margin-bottom: 20px;">
         <p style="margin:0"><%= _("Greetings,") %></p>
-        <p style="margin:0"><%= _('%s team.') % @environment.name %></p>
+        <p style="margin:0"><%= _('%s team.').html_safe % @environment.name %></p>
         <p style="margin:0"><%= link_to @url, url_for(@url) %></p>
       </div>
     </div>
@@ -0,0 +1,18 @@
+<% cache_timeout(profile.friends_cache_key(params), 4.hours) do %>
+  <ul class='profile-list'>
+    <% follow.each do |follower| %>
+      <%= profile_image_link(follower) %>
+    <% end%>
+  </ul>
+
+  <div id='pagination-profiles'>
+    <%= pagination_links follow, :param_name => 'npage' %>
+  </div>
+<% end %>
+
+<%= button_bar do %>
+  <%= button :back, _('Go back'), { :controller => 'profile' } %>
+  <% if user == profile %>
+    <%= button :edit, _('Manage followed people'), :controller => 'friends', :action => 'index', :profile => profile.identifier %>
+  <% end %>
+<% end %>
@@ -0,0 +1 @@
+<%= render :partial => 'default_activity', :locals => { :activity => activity, :tab_action => tab_action } %>
@@ -13,5 +13,5 @@
     <%= button(:add, content_tag('span', _('Add friend')), profile.add_url, :class => 'add-friend', :title => _("Add friend"), :style => 'position: relative;') %>
   <% end %>
   <%= button :back, _('Go back'), :back %>
-  <%= button :home, _("Go to %s home page") % environment.name, :controller => 'home' %>
+  <%= button :home, _("Go to %s home page").html_safe % environment.name, :controller => 'home' %>
 <% end %>
@@ -5,7 +5,7 @@
 <% if activity.comments_count > 0 %>
 <div id="profile-wall-activities-comments-more-<%= activity.id %>" class="profile-wall-activities-comments" >
   <div class='view-all-comments icon-chat'>
-     <%= link_to(n_('View comment', "View all %s comments", activity.comments_count) % activity.comments_count, :profile => profile.identifier, :controller => 'profile', :action => 'more_comments', :activity => activity, :comment_page => (1)) %>
+     <%= link_to(n_('View comment', "View all %s comments".html_safe, activity.comments_count) % activity.comments_count, :profile => profile.identifier, :controller => 'profile', :action => 'more_comments', :activity => activity, :comment_page => (1)) %>
   </div>
 </div>
 <% end %>
@@ -23,7 +23,7 @@
   <% if scrap.replies.count > 0 %>
     <div id="profile-wall-activities-comments-more-<%= activity.id %>" class="profile-wall-activities-comments">
       <div class='view-all-comments icon-chat'>
-        <%= link_to(n_('View comment', "View all %s comments", scrap.replies.count) % scrap.replies.count, :profile => profile.identifier, :controller => 'profile', :action => 'more_replies', :activity => activity, :comment_page => (1)) %>
+        <%= link_to(n_('View comment', "View all %s comments".html_safe, scrap.replies.count) % scrap.replies.count, :profile => profile.identifier, :controller => 'profile', :action => 'more_replies', :activity => activity, :comment_page => (1)) %>
       </div>
     </div>
   <% end %>
@@ -0,0 +1,7 @@
+<div class="common-profile-list-block">
+
+<h1><%= _("%s is followed by") % profile.name %></h1>
+
+<%= render :partial => 'follow', :locals => {:follow => @followed_by} %>
+
+</div>
	@@ -54,6 +54,7 @@ module Api		@@ -54,6 +54,7 @@ module Api
54	mount V1::Blocks	54	mount V1::Blocks
55	mount V1::Profiles	55	mount V1::Profiles
56	mount V1::Activities	56	mount V1::Activities
		57	+ mount V1::Roles
57		58
58	# hook point which allow plugins to add Grape::API extensions to Api::App	59	# hook point which allow plugins to add Grape::API extensions to Api::App
59	#finds for plugins which has api mount points classes defined (the class should extends Grape::API)	60	#finds for plugins which has api mount points classes defined (the class should extends Grape::API)
	@@ -111,6 +111,10 @@ module Api		@@ -111,6 +111,10 @@ module Api
111	hash[value.custom_field.name]=value.value	111	hash[value.custom_field.name]=value.value
112	end	112	end
113		113
		114	+ profile.public_fields.each do \|field\|
		115	+ hash[field] = profile.send(field.to_sym)
		116	+ end
		117	+
114	private_values = profile.custom_field_values - profile.public_values	118	private_values = profile.custom_field_values - profile.public_values
115	private_values.each do \|value\|	119	private_values.each do \|value\|
116	if Entities.can_display_profile_field?(profile,options)	120	if Entities.can_display_profile_field?(profile,options)
	@@ -124,6 +128,7 @@ module Api		@@ -124,6 +128,7 @@ module Api
124	expose :type	128	expose :type
125	expose :custom_header	129	expose :custom_header
126	expose :custom_footer	130	expose :custom_footer
		131	+ expose :layout_template
127	expose :permissions do \|profile, options\|	132	expose :permissions do \|profile, options\|
128	Entities.permissions_for_entity(profile, options[:current_person],	133	Entities.permissions_for_entity(profile, options[:current_person],
129	:allow_post_content?, :allow_edit?, :allow_destroy?)	134	:allow_post_content?, :allow_edit?, :allow_destroy?)
	@@ -258,12 +263,28 @@ module Api		@@ -258,12 +263,28 @@ module Api
258	root 'tasks', 'task'	263	root 'tasks', 'task'
259	expose :id	264	expose :id
260	expose :type	265	expose :type
		266	+ expose :requestor, using: Profile
		267	+ expose :status
		268	+ expose :created_at
		269	+ expose :data
		270	+ expose :accept_details
		271	+ expose :reject_details
		272	+ expose :accept_disabled?, as: :accept_disabled
		273	+ expose :reject_disabled?, as: :reject_disabled
		274	+ expose :target do \|task, options\|
		275	+ type_map = {Profile => ::Profile, Environment => ::Environment}.find {\|h\| task.target.kind_of?(h.last)}
		276	+ type_map.first.represent(task.target) unless type_map.nil?
		277	+ end
261	end	278	end
262		279
263	class Environment < Entity	280	class Environment < Entity
264	expose :name	281	expose :name
265	expose :id	282	expose :id
266	expose :description	283	expose :description
		284	+ expose :layout_template
		285	+ expose :signup_intro
		286	+ expose :terms_of_use
		287	+ expose :top_url, as: :host
267	expose :settings, if: lambda { \|instance, options\| options[:is_admin] }	288	expose :settings, if: lambda { \|instance, options\| options[:is_admin] }
268	end	289	end
269		290
	@@ -281,5 +302,12 @@ module Api		@@ -281,5 +302,12 @@ module Api
281	type_map.first.represent(activity.target) unless type_map.nil?	302	type_map.first.represent(activity.target) unless type_map.nil?
282	end	303	end
283	end	304	end
		305	+
		306	+ class Role < Entity
		307	+ root 'roles', 'role'
		308	+ expose :id
		309	+ expose :name
		310	+ expose :key
		311	+ end
284	end	312	end
285	end	313	end
	@@ -119,6 +119,20 @@ module Api		@@ -119,6 +119,20 @@ module Api
119	members = select_filtered_collection_of(profile, 'members', params)	119	members = select_filtered_collection_of(profile, 'members', params)
120	present members, :with => Entities::Person, :current_person => current_person	120	present members, :with => Entities::Person, :current_person => current_person
121	end	121	end
		122	+
		123	+ post do
		124	+ authenticate!
		125	+ profile = environment.profiles.find_by id: params[:profile_id]
		126	+ profile.add_member(current_person) rescue forbidden!
		127	+ {pending: !current_person.is_member_of?(profile)}
		128	+ end
		129	+
		130	+ delete do
		131	+ authenticate!
		132	+ profile = environment.profiles.find_by id: params[:profile_id]
		133	+ profile.remove_member(current_person)
		134	+ present current_person, :with => Entities::Person, :current_person => current_person
		135	+ end
122	end	136	end
123	end	137	end
124	end	138	end
@@ -0,0 +1,25 @@		@@ -0,0 +1,25 @@
	1	+module Api
	2	+ module V1
	3	+ class Roles < Grape::API
	4	+ before { authenticate! }
	5	+
	6	+ MAX_PER_PAGE = 50
	7	+
	8	+ resource :profiles do
	9	+ segment "/:profile_id" do
	10	+ resource :roles do
	11	+
	12	+ paginate max_per_page: MAX_PER_PAGE
	13	+ get do
	14	+ profile = environment.profiles.find(params[:profile_id])
	15	+ return forbidden! unless profile.kind_of?(Organization)
	16	+ roles = Profile::Roles.organization_roles(profile.environment.id, profile.id)
	17	+ present_partial paginate(roles), with: Entities::Role
	18	+ end
	19	+
	20	+ end
	21	+ end
	22	+ end
	23	+ end
	24	+ end
	25	+end
	@@ -44,7 +44,7 @@ class CategoriesController < AdminController		@@ -44,7 +44,7 @@ class CategoriesController < AdminController
44	if request.post?	44	if request.post?
45	@category.update!(params[:category])	45	@category.update!(params[:category])
46	@saved = true	46	@saved = true
47	- session[:notice] = _("Category %s saved." % @category.name)	47	+ session[:notice] = _("Category %s saved." % @category.name).html_safe
48	redirect_to :action => 'index'	48	redirect_to :action => 'index'
49	end	49	end
50	rescue Exception => e	50	rescue Exception => e
	@@ -109,7 +109,7 @@ class BoxOrganizerController < ApplicationController		@@ -109,7 +109,7 @@ class BoxOrganizerController < ApplicationController
109	def show_block_type_info	109	def show_block_type_info
110	type = params[:type]	110	type = params[:type]
111	if type.blank? \|\| !available_blocks.map(&:name).include?(type)	111	if type.blank? \|\| !available_blocks.map(&:name).include?(type)
112	- raise ArgumentError.new("Type %s is not allowed. Go away." % type)	112	+ raise ArgumentError.new("Type %s is not allowed. Go away.".html_safe % type)
113	end	113	end
114	@block = type.constantize.new	114	@block = type.constantize.new
115	@block.box = Box.new(:owner => boxes_holder)	115	@block.box = Box.new(:owner => boxes_holder)
	@@ -122,7 +122,7 @@ class BoxOrganizerController < ApplicationController		@@ -122,7 +122,7 @@ class BoxOrganizerController < ApplicationController
122		122
123	def new_block(type, box)	123	def new_block(type, box)
124	if !available_blocks.map(&:name).include?(type)	124	if !available_blocks.map(&:name).include?(type)
125	- raise ArgumentError.new("Type %s is not allowed. Go away." % type)	125	+ raise ArgumentError.new("Type %s is not allowed. Go away.".html_safe % type)
126	end	126	end
127	block = type.constantize.new	127	block = type.constantize.new
128	box.blocks << block	128	box.blocks << block
@@ -0,0 +1,169 @@		@@ -0,0 +1,169 @@
	1	+module AuthenticatedSystem
	2	+
	3	+ protected
	4	+
	5	+ extend ActiveSupport::Concern
	6	+
	7	+ included do
	8	+ if self < ActionController::Base
	9	+ around_filter :user_set_current
	10	+ before_filter :override_user
	11	+ before_filter :login_from_cookie
	12	+ end
	13	+
	14	+ # Inclusion hook to make #current_user and #logged_in?
	15	+ # available as ActionView helper methods.
	16	+ helper_method :current_user, :logged_in?
	17	+ end
	18	+
	19	+ # Returns true or false if the user is logged in.
	20	+ # Preloads @current_user with the user model if they're logged in.
	21	+ def logged_in?
	22	+ current_user != nil
	23	+ end
	24	+
	25	+ # Accesses the current user from the session.
	26	+ def current_user user_id = session[:user]
	27	+ @current_user \|\|= begin
	28	+ user = User.find_by id: user_id if user_id
	29	+ user.session = session if user
	30	+ User.current = user
	31	+ user
	32	+ end
	33	+ end
	34	+
	35	+ # Store the given user in the session.
	36	+ def current_user=(new_user)
	37	+ if new_user.nil?
	38	+ session.delete(:user)
	39	+ else
	40	+ session[:user] = new_user.id
	41	+ new_user.session = session
	42	+ new_user.register_login
	43	+ end
	44	+ @current_user = User.current = new_user
	45	+ end
	46	+
	47	+ # See impl. from http://stackoverflow.com/a/2513456/670229
	48	+ def user_set_current
	49	+ User.current = current_user
	50	+ yield
	51	+ ensure
	52	+ # to address the thread variable leak issues in Puma/Thin webserver
	53	+ User.current = nil
	54	+ end
	55	+
	56	+ # Check if the user is authorized.
	57	+ #
	58	+ # Override this method in your controllers if you want to restrict access
	59	+ # to only a few actions or if you want to check if the user
	60	+ # has the correct rights.
	61	+ #
	62	+ # Example:
	63	+ #
	64	+ # # only allow nonbobs
	65	+ # def authorize?
	66	+ # current_user.login != "bob"
	67	+ # end
	68	+ def authorized?
	69	+ true
	70	+ end
	71	+
	72	+ # Filter method to enforce a login requirement.
	73	+ #
	74	+ # To require logins for all actions, use this in your controllers:
	75	+ #
	76	+ # before_filter :login_required
	77	+ #
	78	+ # To require logins for specific actions, use this in your controllers:
	79	+ #
	80	+ # before_filter :login_required, :only => [ :edit, :update ]
	81	+ #
	82	+ # To skip this in a subclassed controller:
	83	+ #
	84	+ # skip_before_filter :login_required
	85	+ #
	86	+ def login_required
	87	+ username, passwd = get_auth_data
	88	+ if username && passwd
	89	+ self.current_user \|\|= User.authenticate(username, passwd) \|\| nil
	90	+ end
	91	+ if logged_in? && authorized?
	92	+ true
	93	+ else
	94	+ if params[:require_login_popup]
	95	+ render :json => { :require_login_popup => true }
	96	+ else
	97	+ access_denied
	98	+ end
	99	+ end
	100	+ end
	101	+
	102	+ # Redirect as appropriate when an access request fails.
	103	+ #
	104	+ # The default action is to redirect to the login screen.
	105	+ #
	106	+ # Override this method in your controllers if you want to have special
	107	+ # behavior in case the user is not authorized
	108	+ # to access the requested action. For example, a popup window might
	109	+ # simply close itself.
	110	+ def access_denied
	111	+ respond_to do \|accepts\|
	112	+ accepts.html do
	113	+ if request.xhr?
	114	+ render :text => _('Access denied'), :status => 401
	115	+ else
	116	+ store_location
	117	+ redirect_to :controller => '/account', :action => 'login'
	118	+ end
	119	+ end
	120	+ accepts.xml do
	121	+ headers["Status"] = "Unauthorized"
	122	+ headers["WWW-Authenticate"] = %(Basic realm="Web Password")
	123	+ render :text => "Could't authenticate you", :status => '401 Unauthorized'
	124	+ end
	125	+ end
	126	+ false
	127	+ end
	128	+
	129	+ # Store the URI of the current request in the session.
	130	+ #
	131	+ # We can return to this location by calling #redirect_back_or_default.
	132	+ def store_location(location = request.url)
	133	+ session[:return_to] = location
	134	+ end
	135	+
	136	+ # Redirect to the URI stored by the most recent store_location call or
	137	+ # to the passed default.
	138	+ def redirect_back_or_default(default)
	139	+ if session[:return_to]
	140	+ redirect_to(session.delete(:return_to))
	141	+ else
	142	+ redirect_to(default)
	143	+ end
	144	+ end
	145	+
	146	+ def override_user
	147	+ return if params[:override_user].blank?
	148	+ return unless logged_in? and user.is_admin? environment
	149	+ @current_user = nil
	150	+ current_user params[:override_user]
	151	+ end
	152	+
	153	+ # When called with before_filter :login_from_cookie will check for an :auth_token
	154	+ # cookie and log the user back in if apropriate
	155	+ def login_from_cookie
	156	+ return if cookies[:auth_token].blank? or logged_in?
	157	+ user = User.where(remember_token: cookies[:auth_token]).first
	158	+ self.current_user = user if user and user.remember_token?
	159	+ end
	160	+
	161	+ private
	162	+ @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
	163	+ # gets BASIC auth info
	164	+ def get_auth_data
	165	+ auth_key = @@http_auth_headers.detect { \|h\| request.env.has_key?(h) }
	166	+ auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
	167	+ return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
	168	+ end
	169	+end
@@ -0,0 +1,50 @@		@@ -0,0 +1,50 @@
	1	+module CustomDesign
	2	+
	3	+ extend ActiveSupport::Concern
	4	+
	5	+ included do
	6	+ extend ClassMethods
	7	+ include InstanceMethods
	8	+ before_filter :load_custom_design if self.respond_to? :before_filter
	9	+ end
	10	+
	11	+ module ClassMethods
	12	+
	13	+ def no_design_blocks
	14	+ @no_design_blocks = true
	15	+ end
	16	+
	17	+ def use_custom_design options = {}
	18	+ @custom_design = options
	19	+ end
	20	+
	21	+ def custom_design
	22	+ @custom_design \|\|= {}
	23	+ end
	24	+
	25	+ def uses_design_blocks?
	26	+ !@no_design_blocks
	27	+ end
	28	+
	29	+ end
	30	+
	31	+ module InstanceMethods
	32	+
	33	+ protected
	34	+
	35	+ def uses_design_blocks?
	36	+ !@no_design_blocks && self.class.uses_design_blocks?
	37	+ end
	38	+
	39	+ def load_custom_design
	40	+ # see also: LayoutHelper#body_classes
	41	+ @layout_template = self.class.custom_design[:layout_template]
	42	+ end
	43	+
	44	+ def custom_design
	45	+ @custom_design \|\| self.class.custom_design
	46	+ end
	47	+
	48	+ end
	49	+
	50	+end
@@ -0,0 +1,40 @@		@@ -0,0 +1,40 @@
	1	+module NeedsProfile
	2	+
	3	+ module ClassMethods
	4	+ def needs_profile
	5	+ before_filter :load_profile
	6	+ end
	7	+ end
	8	+
	9	+ def self.included(including)
	10	+ including.send(:extend, NeedsProfile::ClassMethods)
	11	+ end
	12	+
	13	+ def boxes_holder
	14	+ profile \|\| environment # prefers profile, but defaults to environment
	15	+ end
	16	+
	17	+ def profile
	18	+ @profile
	19	+ end
	20	+
	21	+ protected
	22	+
	23	+ def load_profile
	24	+ if params[:profile]
	25	+ params[:profile].downcase!
	26	+ @profile \|\|= environment.profiles.where(identifier: params[:profile]).first
	27	+ end
	28	+
	29	+ if @profile
	30	+ profile_hostname = @profile.hostname
	31	+ if profile_hostname && profile_hostname != request.host
	32	+ params.delete(:profile)
	33	+ redirect_to(Noosfero.url_options.merge(params).merge(:host => profile_hostname))
	34	+ end
	35	+ else
	36	+ render_not_found
	37	+ end
	38	+ end
	39	+
	40	+end
@@ -0,0 +1,58 @@		@@ -0,0 +1,58 @@
	1	+class CirclesController < MyProfileController
	2	+
	3	+ before_action :accept_only_post, :only => [:create, :update, :destroy]
	4	+
	5	+ def index
	6	+ @circles = profile.circles
	7	+ end
	8	+
	9	+ def new
	10	+ @circle = Circle.new
	11	+ end
	12	+
	13	+ def create
	14	+ @circle = Circle.new(params[:circle].merge({ :person => profile }))
	15	+ if @circle.save
	16	+ redirect_to :action => 'index'
	17	+ else
	18	+ render :action => 'new'
	19	+ end
	20	+ end
	21	+
	22	+ def xhr_create
	23	+ if request.xhr?
	24	+ circle = Circle.new(params[:circle].merge({:person => profile }))
	25	+ if circle.save
	26	+ render :partial => "circle_checkbox", :locals => { :circle => circle },
	27	+ :status => 201
	28	+ else
	29	+ render :text => _('The circle could not be saved'), :status => 400
	30	+ end
	31	+ else
	32	+ render_not_found
	33	+ end
	34	+ end
	35	+
	36	+ def edit
	37	+ @circle = Circle.find_by_id(params[:id])
	38	+ render_not_found if @circle.nil?
	39	+ end
	40	+
	41	+ def update
	42	+ @circle = Circle.find_by_id(params[:id])
	43	+ return render_not_found if @circle.nil?
	44	+
	45	+ if @circle.update(params[:circle])
	46	+ redirect_to :action => 'index'
	47	+ else
	48	+ render :action => 'edit'
	49	+ end
	50	+ end
	51	+
	52	+ def destroy
	53	+ @circle = Circle.find_by_id(params[:id])
	54	+ return render_not_found if @circle.nil?
	55	+ @circle.destroy
	56	+ redirect_to :action => 'index'
	57	+ end
	58	+end