Leandro Santos · Tallys Martins · Daniela Feitosa · Marcos Pereira · Joenio Costa · Braulio Bhavamitra
Showing 300 changed files Show diff stats
app/api/entities.rb
app/api/helpers.rb
app/api/v1/people.rb
app/concerns/authenticated_system.rb
app/controllers/admin/categories_controller.rb
app/controllers/application_controller.rb
app/controllers/box_organizer_controller.rb
app/controllers/concerns/authenticated_system.rb
app/controllers/concerns/custom_design.rb
app/controllers/concerns/needs_profile.rb
app/controllers/my_profile/circles_controller.rb
app/controllers/my_profile/followers_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/content_viewer_controller.rb
app/controllers/public/profile_controller.rb
app/helpers/action_tracker_helper.rb
app/helpers/application_helper.rb
app/helpers/design_helper.rb
app/helpers/forms_helper.rb
app/helpers/profile_helper.rb
@@ -124,6 +124,7 @@ module Api
       expose :type
       expose :custom_header
       expose :custom_footer
+      expose :layout_template
       expose :permissions do |profile, options|
         Entities.permissions_for_entity(profile, options[:current_person],
         :allow_post_content?, :allow_edit?, :allow_destroy?)
@@ -264,6 +265,7 @@ module Api
       expose :name
       expose :id
       expose :description
+      expose :layout_template
       expose :settings, if: lambda { |instance, options| options[:is_admin] }
     end
  
@@ -302,12 +302,12 @@ module Api
     end
  
     def cant_be_saved_request!(attribute)
-      message = _("(Invalid request) %s can't be saved") % attribute
+      message = _("(Invalid request) %s can't be saved").html_safe % attribute
       render_api_error!(message, 400)
     end
  
     def bad_request!(attribute)
-      message = _("(Invalid request) %s not given") % attribute
+      message = _("(Invalid request) %s not given").html_safe % attribute
       render_api_error!(message, 400)
     end
  
@@ -119,6 +119,20 @@ module Api
               members = select_filtered_collection_of(profile, 'members', params)
               present members, :with => Entities::Person, :current_person => current_person
             end
+
+            post do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.add_member(current_person) rescue forbidden!
+              {pending: !current_person.is_member_of?(profile)}
+            end
+
+            delete do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.remove_member(current_person)
+              present current_person, :with => Entities::Person, :current_person => current_person
+            end
           end
         end
       end
@@ -44,7 +44,7 @@ class CategoriesController &lt; AdminController
       if request.post?
         @category.update!(params[:category])
         @saved = true
-        session[:notice] = _("Category %s saved." % @category.name)
+        session[:notice] = _("Category %s saved." % @category.name).html_safe
         redirect_to :action => 'index'
       end
     rescue Exception => e
@@ -14,6 +14,20 @@ class ApplicationController &lt; ActionController::Base
   before_filter :redirect_to_current_user
  
   before_filter :set_session_theme
+
+  # FIXME: only include necessary methods
+  include ApplicationHelper
+
+  # concerns
+  include PermissionCheck
+  include CustomDesign
+  include NeedsProfile
+
+  # implementations
+  include FindByContents
+  include Noosfero::Plugin::HotSpot
+  include SearchTermHelper
+
   def set_session_theme
     if params[:theme]
       session[:theme] = environment.theme_ids.include?(params[:theme]) ? params[:theme] : nil
@@ -48,7 +62,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  include ApplicationHelper
   layout :get_layout
   def get_layout
     return false if request.format == :js or request.xhr?
@@ -74,9 +87,6 @@ class ApplicationController &lt; ActionController::Base
   helper :document
   helper :language
  
-  include DesignHelper
-  include PermissionCheck
-
   before_filter :set_locale
   def set_locale
     FastGettext.available_locales = environment.available_locales
@@ -89,8 +99,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  include NeedsProfile
-
   attr_reader :environment
  
   # declares that the given <tt>actions</tt> cannot be accessed by other HTTP
@@ -107,6 +115,10 @@ class ApplicationController &lt; ActionController::Base
  
   protected
  
+  def accept_only_post
+    return render_not_found if !request.post?
+  end
+
   def verified_request?
     super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
   end
@@ -151,8 +163,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  include Noosfero::Plugin::HotSpot
-
   # FIXME this filter just loads @plugins to children controllers and helpers
   def init_noosfero_plugins
     plugins
@@ -184,9 +194,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  include SearchTermHelper
-  include FindByContents
-
   def find_suggestions(query, context, asset, options={})
     plugins.dispatch_first(:find_suggestions, query, context, asset, options)
   end
@@ -109,7 +109,7 @@ class BoxOrganizerController &lt; ApplicationController
   def show_block_type_info
     type = params[:type]
     if type.blank? || !available_blocks.map(&:name).include?(type)
-      raise ArgumentError.new("Type %s is not allowed. Go away." % type)
+      raise ArgumentError.new("Type %s is not allowed. Go away.".html_safe % type)
     end
     @block = type.constantize.new
     @block.box = Box.new(:owner => boxes_holder)
@@ -122,7 +122,7 @@ class BoxOrganizerController &lt; ApplicationController
  
   def new_block(type, box)
     if !available_blocks.map(&:name).include?(type)
-      raise ArgumentError.new("Type %s is not allowed. Go away." % type)
+      raise ArgumentError.new("Type %s is not allowed. Go away.".html_safe % type)
     end
     block = type.constantize.new
     box.blocks << block
@@ -0,0 +1,169 @@
+module AuthenticatedSystem
+
+  protected
+
+    extend ActiveSupport::Concern
+
+    included do
+      if self < ActionController::Base
+        around_filter :user_set_current
+        before_filter :override_user
+        before_filter :login_from_cookie
+      end
+
+      # Inclusion hook to make #current_user and #logged_in?
+      # available as ActionView helper methods.
+      helper_method :current_user, :logged_in?
+    end
+
+    # Returns true or false if the user is logged in.
+    # Preloads @current_user with the user model if they're logged in.
+    def logged_in?
+      current_user != nil
+    end
+
+    # Accesses the current user from the session.
+    def current_user user_id = session[:user]
+      @current_user ||= begin
+        user = User.find_by id: user_id if user_id
+        user.session = session if user
+        User.current = user
+        user
+      end
+    end
+
+    # Store the given user in the session.
+    def current_user=(new_user)
+      if new_user.nil?
+        session.delete(:user)
+      else
+        session[:user] = new_user.id
+        new_user.session = session
+        new_user.register_login
+      end
+      @current_user = User.current = new_user
+    end
+
+    # See impl. from http://stackoverflow.com/a/2513456/670229
+    def user_set_current
+      User.current = current_user
+      yield
+    ensure
+      # to address the thread variable leak issues in Puma/Thin webserver
+      User.current = nil
+    end
+
+    # Check if the user is authorized.
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the user
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorize?
+    #    current_user.login != "bob"
+    #  end
+    def authorized?
+      true
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      username, passwd = get_auth_data
+      if username && passwd
+        self.current_user ||= User.authenticate(username, passwd) || nil
+      end
+      if logged_in? && authorized?
+        true
+      else
+        if params[:require_login_popup]
+          render :json => { :require_login_popup => true }
+        else
+          access_denied
+        end
+      end
+    end
+
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the user is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |accepts|
+        accepts.html do
+          if request.xhr?
+            render :text => _('Access denied'), :status => 401
+          else
+            store_location
+            redirect_to :controller => '/account', :action => 'login'
+          end
+        end
+        accepts.xml do
+          headers["Status"]           = "Unauthorized"
+          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+          render :text => "Could't authenticate you", :status => '401 Unauthorized'
+        end
+      end
+      false
+    end
+
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location(location = request.url)
+      session[:return_to] = location
+    end
+
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      if session[:return_to]
+        redirect_to(session.delete(:return_to))
+      else
+        redirect_to(default)
+      end
+    end
+
+    def override_user
+      return if params[:override_user].blank?
+      return unless logged_in? and user.is_admin? environment
+      @current_user = nil
+      current_user params[:override_user]
+    end
+
+    # When called with before_filter :login_from_cookie will check for an :auth_token
+    # cookie and log the user back in if apropriate
+    def login_from_cookie
+      return if cookies[:auth_token].blank? or logged_in?
+      user = User.where(remember_token: cookies[:auth_token]).first
+      self.current_user = user if user and user.remember_token?
+    end
+
+  private
+    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+    # gets BASIC auth info
+    def get_auth_data
+      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
+    end
+end
@@ -0,0 +1,50 @@
+module CustomDesign
+
+  extend ActiveSupport::Concern
+
+  included do
+    extend ClassMethods
+    include InstanceMethods
+    before_filter :load_custom_design if self.respond_to? :before_filter
+  end
+
+  module ClassMethods
+
+    def no_design_blocks
+      @no_design_blocks = true
+    end
+
+    def use_custom_design options = {}
+      @custom_design = options
+    end
+
+    def custom_design
+      @custom_design ||= {}
+    end
+
+    def uses_design_blocks?
+      !@no_design_blocks
+    end
+
+  end
+
+  module InstanceMethods
+
+    protected
+
+    def uses_design_blocks?
+      !@no_design_blocks && self.class.uses_design_blocks?
+    end
+
+    def load_custom_design
+      # see also: LayoutHelper#body_classes
+      @layout_template = self.class.custom_design[:layout_template]
+    end
+
+    def custom_design
+      @custom_design || self.class.custom_design
+    end
+
+  end
+
+end
@@ -0,0 +1,40 @@
+module NeedsProfile
+
+  module ClassMethods
+    def needs_profile
+      before_filter :load_profile
+    end
+  end
+
+  def self.included(including)
+    including.send(:extend, NeedsProfile::ClassMethods)
+  end
+
+  def boxes_holder
+    profile || environment # prefers profile, but defaults to environment
+  end
+
+  def profile
+    @profile
+  end
+
+  protected
+
+  def load_profile
+    if params[:profile]
+      params[:profile].downcase!
+      @profile ||= environment.profiles.where(identifier: params[:profile]).first
+    end
+
+    if @profile
+      profile_hostname = @profile.hostname
+      if profile_hostname && profile_hostname != request.host
+        params.delete(:profile)
+        redirect_to(Noosfero.url_options.merge(params).merge(:host => profile_hostname))
+      end
+    else
+      render_not_found
+    end
+  end
+
+end
@@ -0,0 +1,58 @@
+class CirclesController < MyProfileController
+
+  before_action :accept_only_post, :only => [:create, :update, :destroy]
+
+  def index
+    @circles = profile.circles
+  end
+
+  def new
+    @circle = Circle.new
+  end
+
+  def create
+    @circle = Circle.new(params[:circle].merge({ :person => profile }))
+    if @circle.save
+      redirect_to :action => 'index'
+    else
+      render :action => 'new'
+    end
+  end
+
+  def xhr_create
+    if request.xhr?
+      circle = Circle.new(params[:circle].merge({:person => profile }))
+      if circle.save
+        render :partial => "circle_checkbox", :locals => { :circle => circle },
+               :status => 201
+      else
+        render :text => _('The circle could not be saved'), :status => 400
+      end
+    else
+      render_not_found
+    end
+  end
+
+  def edit
+    @circle = Circle.find_by_id(params[:id])
+    render_not_found if @circle.nil?
+  end
+
+  def update
+    @circle = Circle.find_by_id(params[:id])
+    return render_not_found if @circle.nil?
+
+    if @circle.update(params[:circle])
+      redirect_to :action => 'index'
+    else
+      render :action => 'edit'
+    end
+  end
+
+  def destroy
+    @circle = Circle.find_by_id(params[:id])
+    return render_not_found if @circle.nil?
+    @circle.destroy
+    redirect_to :action => 'index'
+  end
+end
@@ -0,0 +1,43 @@
+class FollowersController < MyProfileController
+
+  before_action :only_for_person, :only => :index
+  before_action :accept_only_post, :only => [:update_category]
+
+  def index
+    @followed_people = profile.followed_profiles.order(:type)
+    @profile_types = {_('All profiles') => nil}.merge(Circle.profile_types).to_a
+
+    if params['filter'].present?
+      @followed_people = @followed_people.where(:type => params['filter'])
+      @active_filter = params['filter']
+    end
+
+    @followed_people = @followed_people.paginate(:per_page => 15, :page => params[:npage])
+  end
+
+  def set_category_modal
+    followed_profile = Profile.find(params[:followed_profile_id])
+    circles = Circle.where(:person => profile, :profile_type => followed_profile.class.name)
+    render :partial => 'followers/edit_circles_modal', :locals => { :circles => circles, :followed_profile => followed_profile }
+  end
+
+  def update_category
+    followed_profile = Profile.find_by(:id => params["followed_profile_id"])
+
+    selected_circles = params[:circles].map{ |circle_name, circle_id| Circle.find_by(:id => circle_id) }.select{ |c| c.present? }
+
+    if followed_profile
+      profile.update_profile_circles(followed_profile, selected_circles)
+      render :text => _("Circles of %s updated successfully") % followed_profile.name, :status => 200
+    else
+      render :text => _("Error: No profile to follow."), :status => 400
+    end
+  end
+
+  protected
+
+  def only_for_person
+    render_not_found unless profile.person?
+  end
+
+end
@@ -205,7 +205,7 @@ class AccountController &lt; ApplicationController
         if params[:value].blank?
           @change_password.errors[:base] << _('Can not recover user password with blank value.')
         else
-          @change_password.errors[:base] << _('Could not find any user with %s equal to "%s".') % [fields_label, params[:value]]
+          @change_password.errors[:base] << _('Could not find any user with %s equal to "%s".').html_safe % [fields_label, params[:value]]
         end
       rescue ActiveRecord::RecordInvalid
         @change_password.errors[:base] << _('Could not perform password recovery for the user.')
@@ -128,9 +128,9 @@ class ContentViewerController &lt; ApplicationController
     end
  
     unless @page.display_to?(user)
-      if !profile.visible? || profile.secret? || (user && user.follows?(profile)) || user.blank?
+      if !profile.visible? || profile.secret? || (user && profile.in_social_circle?(user)) || user.blank?
         render_access_denied
-      else #!profile.public?
+      else
         private_profile_partial_parameters
         render :template => 'profile/_private_profile', :status => 403, :formats => [:html]
       end
@@ -3,7 +3,9 @@ class ProfileController &lt; PublicController
   needs_profile
   before_filter :check_access_to_profile, :except => [:join, :join_not_logged, :index, :add]
   before_filter :store_location, :only => [:join, :join_not_logged, :report_abuse, :send_mail]
-  before_filter :login_required, :only => [:add, :join, :leave, :unblock, :leave_scrap, :remove_scrap, :remove_activity, :view_more_activities, :view_more_network_activities, :report_abuse, :register_report, :leave_comment_on_activity, :send_mail]
+  before_filter :login_required, :only => [:add, :join, :leave, :unblock, :leave_scrap, :remove_scrap, :remove_activity, :view_more_activities, :view_more_network_activities, :report_abuse, :register_report, :leave_comment_on_activity, :send_mail, :follow, :unfollow]
+  before_filter :allow_followers?, :only => [:follow, :unfollow]
+  before_filter :accept_only_post, :only => [:follow, :unfollow]
  
   helper TagsHelper
   helper ActionTrackerHelper
@@ -42,8 +44,8 @@ class ProfileController &lt; PublicController
     feed_writer = FeedWriter.new
     data = feed_writer.write(
       tagged,
-      :title => _("%s's contents tagged with \"%s\"") % [profile.name, @tag],
-      :description => _("%s's contents tagged with \"%s\"") % [profile.name, @tag],
+      :title => _("%s's contents tagged with \"%s\"").html_safe % [profile.name, @tag],
+      :description => _("%s's contents tagged with \"%s\"").html_safe % [profile.name, @tag],
       :link => url_for(profile.url)
     )
     render :text => data, :content_type => "text/xml"
@@ -65,6 +67,14 @@ class ProfileController &lt; PublicController
     end
   end
  
+  def following
+    @followed_people = profile.followed_profiles.paginate(:per_page => per_page, :page => params[:npage], :total_entries => profile.followed_profiles.count)
+  end
+
+  def followed
+    @followed_by = profile.followers.paginate(:per_page => per_page, :page => params[:npage], :total_entries => profile.followers.count)
+  end
+
   def members
     if is_cache_expired?(profile.members_cache_key(params))
       sort = (params[:sort] == 'desc') ? params[:sort] : 'asc'
@@ -88,7 +98,7 @@ class ProfileController &lt; PublicController
  
   def join_modal
       profile.add_member(user)
-      session[:notice] = _('%s administrator still needs to accept you as member.') % profile.name
+      session[:notice] = _('%s administrator still needs to accept you as member.').html_safe % profile.name
       redirect_to :action => :index
   end
  
@@ -98,12 +108,12 @@ class ProfileController &lt; PublicController
  
       profile.add_member(user)
       if !profile.members.include?(user)
-        render :text => {:message => _('%s administrator still needs to accept you as member.') % profile.name}.to_json
+        render :text => {:message => _('%s administrator still needs to accept you as member.').html_safe % profile.name}.to_json
       else
-        render :text => {:message => _('You just became a member of %s.') % profile.name}.to_json
+        render :text => {:message => _('You just became a member of %s.').html_safe % profile.name}.to_json
       end
     else
-      render :text => {:message => _('You are already a member of %s.') % profile.name}.to_json
+      render :text => {:message => _('You are already a member of %s.').html_safe % profile.name}.to_json
     end
   end
  
@@ -125,7 +135,7 @@ class ProfileController &lt; PublicController
         render :text => current_person.leave(profile, params[:reload])
       end
     else
-      render :text => {:message => _('You are not a member of %s.') % profile.name}.to_json
+      render :text => {:message => _('You are not a member of %s.').html_safe % profile.name}.to_json
     end
   end
  
@@ -145,12 +155,41 @@ class ProfileController &lt; PublicController
     # FIXME this shouldn't be in Person model?
     if !user.memberships.include?(profile)
       AddFriend.create!(:person => user, :friend => profile)
-      render :text => _('%s still needs to accept being your friend.') % profile.name
+      render :text => _('%s still needs to accept being your friend.').html_safe % profile.name
     else
-      render :text => _('You are already a friend of %s.') % profile.name
+      render :text => _('You are already a friend of %s.').html_safe % profile.name
+    end
+  end
+
+  def follow
+    if profile.followed_by?(current_person)
+      render :text => _("You are already following %s.") % profile.name, :status => 400
+    else
+      selected_circles = params[:circles].map{ |circle_name, circle_id| Circle.find_by(:id => circle_id) }.select{ |c| c.present? }
+      if selected_circles.present?
+        current_person.follow(profile, selected_circles)
+        render :text => _("You are now following %s") % profile.name, :status => 200
+      else
+        render :text => _("Select at least one circle to follow %s.") % profile.name, :status => 400
+      end
     end
   end
  
+  def find_profile_circles
+    circles = Circle.where(:person => current_person, :profile_type => profile.class.name)
+    render :partial => 'blocks/profile_info_actions/circles', :locals => { :circles => circles, :profile_types => Circle.profile_types.to_a }
+  end
+
+  def unfollow
+    follower = params[:follower_id].present? ? Person.find_by(id: params[:follower_id]) : current_person
+
+    if follower && follower.follows?(profile)
+      follower.unfollow(profile)
+    end
+    redirect_url = params["redirect_to"] ? params["redirect_to"] : profile.url
+    redirect_to redirect_url
+  end
+
   def check_friendship
     unless logged_in?
       render :text => ''
@@ -178,7 +217,7 @@ class ProfileController &lt; PublicController
   def unblock
     if current_user.person.is_admin?(profile.environment)
       profile.unblock
-      session[:notice] = _("You have unblocked %s successfully. ") % profile.name
+      session[:notice] = _("You have unblocked %s successfully. ").html_safe % profile.name
       redirect_to :controller => 'profile', :action => 'index'
     else
       message = _('You are not allowed to unblock enterprises in this environment.')
@@ -437,4 +476,8 @@ class ProfileController &lt; PublicController
     [:image, :domains, :preferred_domain, :environment]
   end
  
+  def allow_followers?
+    render_not_found unless profile.allow_followers?
+  end
+
 end
@@ -14,13 +14,23 @@ module ActionTrackerHelper
     }
   end
  
+  def new_follower_description ta
+    n_('has 1 new follower:<br />%{name}', 'has %{num} new followers:<br />%{name}', ta.get_follower_name.size).html_safe % {
+      num: ta.get_follower_name.size,
+      name: safe_join(ta.collect_group_with_index(:follower_name) do |n,i|
+        link_to image_tag(ta.get_follower_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/person-icon.png")),
+          ta.get_follower_url[i], title: n
+      end)
+    }
+  end
+
   def join_community_description ta
-    n_('has joined 1 community:<br />%{name}'.html_safe, 'has joined %{num} communities:<br />%{name}'.html_safe, ta.get_resource_name.size) % {
+    n_('has joined 1 community:<br />%{name}', 'has joined %{num} communities:<br />%{name}', ta.get_resource_name.size).html_safe % {
       num: ta.get_resource_name.size,
-      name: ta.collect_group_with_index(:resource_name) do |n,i|
+      name: safe_join(ta.collect_group_with_index(:resource_name) do |n,i|
        link = link_to image_tag(ta.get_resource_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/community-icon.png")),
                 ta.get_resource_url[i], title: n
-      end.join.html_safe
+      end)
     }
   end
  
@@ -68,9 +78,9 @@ module ActionTrackerHelper
   end
  
   def favorite_enterprise_description ta
-    _('favorited enterprise %{title}') % {
+    (_('favorited enterprise %{title}') % {
       title: link_to(truncate(ta.get_enterprise_name), ta.get_enterprise_url),
-    }
+    }).html_safe
   end
  
 end
@@ -880,7 +880,7 @@ module ApplicationHelper
         link_to_all = link_to(content_tag('strong', _('See all')), :controller => 'memberships', :profile => user.identifier)
       end
       link = list.map do |element|
-        link_to(content_tag('strong', _('<span>Manage</span> %s') % element.short_name(25)), element.admin_url, :class => "icon-menu-"+element.class.identification.underscore, :title => _('Manage %s') % element.short_name)
+        link_to(content_tag('strong', _('<span>Manage</span> %s').html_safe % element.short_name(25)), element.admin_url, :class => "icon-menu-"+element.class.identification.underscore, :title => _('Manage %s').html_safe % element.short_name)
       end
       if link_to_all
         link << link_to_all
@@ -921,7 +921,7 @@ module ApplicationHelper
     logout_link = link_to(logout_icon.html_safe, { :controller => 'account', :action => 'logout'} , :id => "logout", :title => _("Leave the system"))
     join_result = safe_join(
       [welcome_span.html_safe, render_environment_features(:usermenu).html_safe, admin_link.html_safe,
-        manage_enterprises.html_safe, manage_communities.html_safe, ctrl_panel_link.html_safe,
+        manage_enterprises, manage_communities, ctrl_panel_link.html_safe,
         pending_tasks_count.html_safe, logout_link.html_safe], "")
     join_result
   end
@@ -128,14 +128,14 @@ module FormsHelper
       counter += 1
       row << item
       if counter % per_row == 0
-        rows << content_tag('tr', row.join("\n"))
+        rows << content_tag('tr', row.join("\n").html_safe)
         counter = 0
         row = []
       end
     end
-    rows << content_tag('tr', row.join("\n"))
+    rows << content_tag('tr', row.join("\n").html_safe)
  
-    content_tag('table',rows.join("\n"))
+    content_tag('table',rows.join("\n").html_safe)
   end
  
   def date_field(name, value, datepicker_options = {}, html_options = {})
@@ -11,7 +11,7 @@ module ProfileHelper
   PERSON_CATEGORIES[:location] = [:address, :address_reference, :zip_code, :city, :state, :district, :country, :nationality]
   PERSON_CATEGORIES[:work] = [:organization, :organization_website, :professional_activity]
   PERSON_CATEGORIES[:study] = [:schooling, :formation, :area_of_study]
-  PERSON_CATEGORIES[:network] = [:friends, :communities, :enterprises]
+  PERSON_CATEGORIES[:network] = [:friends, :followers, :followed_profiles, :communities, :enterprises]
   PERSON_CATEGORIES.merge!(COMMON_CATEGORIES)
  
   ORGANIZATION_CATEGORIES = {}
@@ -42,7 +42,8 @@ module ProfileHelper
     :created_at => _('Profile created at'),
     :members_count => _('Members'),
     :privacy_setting => _('Privacy setting'),
-    :article_tags => _('Tags')
+    :article_tags => _('Tags'),
+    :followed_profiles => _('Following')
   }
  
   EXCEPTION = {
@@ -144,6 +145,14 @@ module ProfileHelper
     link_to(n_('One picture', '%{num} pictures', gallery.images.published.count) % { :num => gallery.images.published.count }, gallery.url)
   end
  
+  def treat_followers(followers)
+    link_to(profile.followers.count, {:action=>"followed", :controller=>"profile", :profile=>"#{profile.identifier}"})
+  end
+
+  def treat_followed_profiles(followed_profiles)
+    link_to(profile.followed_profiles.count, {:action=>"following", :controller=>"profile", :profile=>"#{profile.identifier}"})
+  end
+
   def treat_events(events)
     link_to events.published.count, :controller => 'events', :action => 'events'
   end
@@ -19,8 +19,8 @@ class NotifyActivityToProfilesJob &lt; Struct.new(:tracked_action_id)
     # Notify the user
     ActionTrackerNotification.create(:profile_id => tracked_action.user.id, :action_tracker_id => tracked_action.id)
  
-    # Notify all friends
-    ActionTrackerNotification.connection.execute("insert into action_tracker_notifications(profile_id, action_tracker_id) select f.friend_id, #{tracked_action.id} from friendships as f where person_id=#{tracked_action.user.id} and f.friend_id not in (select atn.profile_id from action_tracker_notifications as atn where atn.action_tracker_id = #{tracked_action.id})")
+    # Notify all followers
+    ActionTrackerNotification.connection.execute("INSERT INTO action_tracker_notifications(profile_id, action_tracker_id) SELECT DISTINCT c.person_id, #{tracked_action.id} FROM profiles_circles AS p JOIN circles as c ON c.id = p.circle_id WHERE p.profile_id = #{tracked_action.user.id} AND (c.person_id NOT IN (SELECT atn.profile_id FROM action_tracker_notifications AS atn WHERE atn.action_tracker_id = #{tracked_action.id}))")
  
     if tracked_action.user.is_a? Organization
       ActionTrackerNotification.connection.execute "insert into action_tracker_notifications(profile_id, action_tracker_id) " +
@@ -47,8 +47,8 @@ class Contact
         content_type: 'text/html',
         to: contact.dest.notification_emails,
         reply_to: contact.email,
-        subject: "[#{contact.dest.short_name(30)}] " + contact.subject,
-        from: "#{contact.name} <#{contact.dest.environment.noreply_email}>"
+        subject: "[#{contact.dest.short_name(30)}] #{contact.subject}".html_safe,
+        from: "#{contact.name} <#{contact.dest.environment.noreply_email}>".html_safe
       }
  
       if contact.sender
@@ -30,7 +30,7 @@ class EnvironmentMailing &lt; Mailing
   end
  
   def signature_message
-    _('Sent by %s.') % source.name
+    _('Sent by %s.').html_safe % source.name
   end
  
   def url
@@ -2,7 +2,8 @@ require_dependency &#39;mailing_job&#39;
  
 class Mailing < ApplicationRecord
  
-  acts_as_having_settings :field => :data
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :data
  
   attr_accessible :subject, :body, :data
  
@@ -23,11 +24,11 @@ class Mailing &lt; ApplicationRecord
   end
  
   def generate_from
-    "#{source.name} <#{if source.is_a? Environment then source.noreply_email else source.contact_email end}>"
+    "#{source.name} <#{if source.is_a? Environment then source.noreply_email else source.contact_email end}>".html_safe
   end
  
   def generate_subject
-    '[%s] %s' % [source.name, subject]
+    '[%s] %s'.html_safe % [source.name, subject]
   end
  
   def signature_message
@@ -30,7 +30,7 @@ class OrganizationMailing &lt; Mailing
   end
  
   def signature_message
-    _('Sent by community %s.') % source.name
+    _('Sent by community %s.').html_safe % source.name
   end
  
   include Rails.application.routes.url_helpers
@@ -12,8 +12,8 @@ class PendingTaskNotifier &lt; ApplicationMailer
  
     mail(
       to: person.email,
-      from: "#{person.environment.name} <#{person.environment.noreply_email}>",
-      subject: _("[%s] Pending tasks") % person.environment.name
+      from: "#{person.environment.name} <#{person.environment.noreply_email}>".html_safe,
+      subject: _("[%s] Pending tasks").html_safe % person.environment.name
     )
   end
  
@@ -14,8 +14,8 @@ class ScrapNotifier &lt; ApplicationMailer
     @url = sender.environment.top_url
     mail(
       to: receiver.email,
-      from: "#{sender.environment.name} <#{sender.environment.noreply_email}>",
-      subject: _("[%s] You received a scrap!") % [sender.environment.name]
+      from: "#{sender.environment.name} <#{sender.environment.noreply_email}>".html_safe,
+      subject: _("[%s] You received a scrap!").html_safe % [sender.environment.name]
     )
   end
 end
@@ -14,7 +14,7 @@ class TaskMailer &lt; ApplicationMailer
     mail(
       to: task.target.notification_emails.compact,
       from: self.class.generate_from(task),
-      subject: "[%s] %s" % [task.environment.name, task.target_notification_description]
+      subject: "[%s] %s".html_safe % [task.environment.name, task.target_notification_description]
     )
   end
  
@@ -27,7 +27,7 @@ class TaskMailer &lt; ApplicationMailer
     mail(
       to: task.friend_email,
       from: self.class.generate_from(task),
-      subject: '[%s] %s' % [ task.requestor.environment.name, task.target_notification_description ]
+      subject: '[%s] %s'.html_safe % [ task.requestor.environment.name, task.target_notification_description ]
     )
   end
  
@@ -43,7 +43,7 @@ class TaskMailer &lt; ApplicationMailer
     mail_with_template(
       to: task.requestor.notification_emails,
       from: self.class.generate_from(task),
-      subject: '[%s] %s' % [task.requestor.environment.name, task.target_notification_description],
+      subject: '[%s] %s'.html_safe % [task.requestor.environment.name, task.target_notification_description],
       email_template: task.email_template,
       template_params: {:environment => task.requestor.environment, :task => task, :message => @message, :url => @url, :requestor => task.requestor}
     )
@@ -13,8 +13,8 @@ class UserMailer &lt; ApplicationMailer
  
     mail(
       to: user_email,
-      from: "#{user.environment.name} <#{user.environment.contact_email}>",
-      subject: _("[%{environment}] Welcome to %{environment} mail!") % { :environment => user.environment.name }
+      from: "#{user.environment.name} <#{user.environment.contact_email}>".html_safe,
+      subject: _("[%{environment}] Welcome to %{environment} mail!").html_safe % { :environment => user.environment.name }
     )
   end
  
@@ -30,7 +30,7 @@ class UserMailer &lt; ApplicationMailer
     mail_with_template(
       from: "#{user.environment.name} <#{user.environment.contact_email}>",
       to: user.email,
-      subject: _("[%s] Activate your account") % [user.environment.name],
+      subject: _("[%s] Activate your account").html_safe % [user.environment.name],
       template_params: {:environment => user.environment, :activation_code => @activation_code, :redirection => @redirection, :join => @join, :person => user.person, :url => @url},
       email_template: user.environment.email_templates.find_by_template_type(:user_activation),
     )
@@ -44,8 +44,8 @@ class UserMailer &lt; ApplicationMailer
     mail(
       content_type: 'text/html',
       to: user.email,
-      from: "#{user.environment.name} <#{user.environment.contact_email}>",
-      subject: email_subject.blank? ? _("Welcome to environment %s") % [user.environment.name] : email_subject,
+      from: "#{user.environment.name} <#{user.environment.contact_email}>".html_safe,
+      subject: email_subject.blank? ? _("Welcome to environment %s").html_safe % [user.environment.name] : email_subject,
       body: @body
     )
   end
@@ -63,8 +63,8 @@ class UserMailer &lt; ApplicationMailer
     mail(
       content_type: 'text/html',
       to: user.email,
-      from: "#{user.environment.name} <#{user.environment.contact_email}>",
-      subject: _("[%s] What about grow up your network?") % user.environment.name
+      from: "#{user.environment.name} <#{user.environment.contact_email}>".html_safe,
+      subject: _("[%s] What about grow up your network?").html_safe % user.environment.name
     )
   end
  
@@ -25,7 +25,7 @@ class AbuseComplaint &lt; Task
   end
  
   def title
-    abuse_reports.count > 1 ? (_('Abuse complaint (%s)') % abuse_reports.count) :_('Abuse complaint')
+    abuse_reports.count > 1 ? (_('Abuse complaint (%s)').html_safe % abuse_reports.count) :_('Abuse complaint')
   end
  
   def linked_subject
@@ -57,15 +57,15 @@ class AbuseComplaint &lt; Task
   end
  
   def task_activated_message
-    _('Your profile was reported by the users of %s due to inappropriate behavior. The administrators of the environment are now reviewing the report. To solve this misunderstanding, please contact the administrators.') % environment.name
+    _('Your profile was reported by the users of %s due to inappropriate behavior. The administrators of the environment are now reviewing the report. To solve this misunderstanding, please contact the administrators.').html_safe % environment.name
   end
  
   def task_finished_message
-    _('Your profile was disabled by the administrators of %s due to inappropriate behavior. To solve this misunderstanding please contact them.') % environment.name
+    _('Your profile was disabled by the administrators of %s due to inappropriate behavior. To solve this misunderstanding please contact them.').html_safe % environment.name
   end
  
   def target_notification_description
-    _('%s was reported due to inappropriate behavior.') % reported.name
+    _('%s was reported due to inappropriate behavior.').html_safe % reported.name
   end
  
   def target_notification_message
@@ -22,6 +22,7 @@ class AddMember &lt; Task
       self.roles = [Profile::Roles.member(organization.environment.id).id]
     end
     target.affiliate(requestor, self.roles.select{|r| !r.to_i.zero? }.map{|i| Role.find(i)})
+    person.follow(organization, Circle.find_or_create_by(:person => person, :name =>_('memberships'), :profile_type => 'Community'))
   end
  
   def title
@@ -56,7 +57,7 @@ class AddMember &lt; Task
   def target_notification_description
     requestor_email = " (#{requestor.email})" if requestor.may_display_field_to?("email")
  
-    _("%{requestor}%{requestor_email} wants to be a member of '%{organization}'.") % {:requestor => requestor.name, :requestor_email => requestor_email, :organization => organization.name}
+    _("%{requestor}%{requestor_email} wants to be a member of '%{organization}'.").html_safe % {:requestor => requestor.name, :requestor_email => requestor_email, :organization => organization.name}
   end
  
   def target_notification_message
@@ -13,7 +13,9 @@ class Article &lt; ApplicationRecord
                   :image_builder, :show_to_followers, :archived,
                   :author, :display_preview, :published_at, :person_followers
  
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
+
   include Noosfero::Plugin::HotSpot
  
   SEARCHABLE_FIELDS = {
@@ -91,7 +93,8 @@ class Article &lt; ApplicationRecord
   has_many :article_categorizations_including_virtual, :class_name => 'ArticleCategorization'
   has_many :categories_including_virtual, :through => :article_categorizations_including_virtual, :source => :category
  
-  acts_as_having_settings :field => :setting
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :setting
  
   settings_items :display_hits, :type => :boolean, :default => true
   settings_items :author_name, :type => :string, :default => ""
@@ -242,6 +245,7 @@ class Article &lt; ApplicationRecord
   acts_as_taggable
   N_('Tag list')
  
+  extend ActsAsFilesystem::ActsMethods
   acts_as_filesystem
  
   acts_as_versioned
@@ -534,13 +538,13 @@ class Article &lt; ApplicationRecord
  
   scope :display_filter, lambda {|user, profile|
     return published if (user.nil? && profile && profile.public?)
-    return [] if user.nil? || (profile && !profile.public? && !user.follows?(profile))
+    return [] if user.nil? || (profile && !profile.public? && !profile.in_social_circle?(user))
     where(
       [
        "published = ? OR last_changed_by_id = ? OR profile_id = ? OR ?
         OR  (show_to_followers = ? AND ? AND profile_id IN (?))", true, user.id, user.id,
         profile.nil? ?  false : user.has_permission?(:view_private_content, profile),
-        true, (profile.nil? ? true : user.follows?(profile)),  ( profile.nil? ? (user.friends.select('profiles.id')) : [profile.id])
+        true, (profile.nil? ? true : profile.in_social_circle?(user)),  ( profile.nil? ? (user.friends.select('profiles.id')) : [profile.id])
       ]
     )
   }
@@ -17,6 +17,7 @@ class Block &lt; ApplicationRecord
   belongs_to :mirror_block, :class_name => "Block"
   has_many :observers, :class_name => "Block", :foreign_key => "mirror_block_id"
  
+  extend ActsAsHavingSettings::ClassMethods
   acts_as_having_settings
  
   scope :enabled, -> { where :enabled => true }
@@ -88,7 +89,7 @@ class Block &lt; ApplicationRecord
   end
  
   def display_to_user?(user)
-    display_user == 'all' || (user.nil? && display_user == 'not_logged') || (user && display_user == 'logged') || (user && display_user == 'followers' && user.follows?(owner))
+    display_user == 'all' || (user.nil? && display_user == 'not_logged') || (user && display_user == 'logged') || (user && display_user == 'followers' && owner.in_social_circle?(user))
   end
  
   def display_always(context)
@@ -2,7 +2,9 @@ class Blog &lt; Folder
  
   attr_accessible :visualization_format
  
+  extend ActsAsHavingPosts::ClassMethods
   acts_as_having_posts
+
   include PostsLimit
  
   #FIXME This should be used until there is a migration to fix all blogs that
@@ -21,6 +21,7 @@ class Category &lt; ApplicationRecord
  
   scope :on_level, -> parent { where :parent_id => parent }
  
+  extend ActsAsFilesystem::ActsMethods
   acts_as_filesystem
  
   has_many :article_categorizations
@@ -35,6 +36,7 @@ class Category &lt; ApplicationRecord
   has_many :people, :through => :profile_categorizations, :source => :profile, :class_name => 'Person'
   has_many :communities, :through => :profile_categorizations, :source => :profile, :class_name => 'Community'
  
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
  
   before_save :normalize_display_color
@@ -0,0 +1,37 @@
+class Circle < ApplicationRecord
+  has_many :profile_followers
+  belongs_to :person
+
+  attr_accessible :name, :person, :profile_type
+
+  validates :name, presence: true
+  validates :person_id, presence: true
+  validates :profile_type, presence: true
+  validates :person_id, :uniqueness => {:scope => :name, :message => "can't add two circles with the same name"}
+
+  validate :profile_type_must_be_in_list
+
+  scope :by_owner, -> person{
+    where(:person => person)
+  }
+
+  scope :with_name, -> name{
+    where(:name => name)
+  }
+
+  def self.profile_types
+    {
+      _("Person") => Person.name,
+      _("Community") => Community.name,
+      _("Enterprise") => Enterprise.name
+    }
+  end
+
+  def profile_type_must_be_in_list
+    valid_profile_types = Circle.profile_types.values
+    unless self.profile_type.in? valid_profile_types
+      self.errors.add(:profile_type, "invalid profile type")
+    end
+  end
+
+end
@@ -38,6 +38,7 @@ class Comment &lt; ApplicationRecord
  
   validate :article_archived?
  
+  extend ActsAsHavingSettings::ClassMethods
   acts_as_having_settings
  
   xss_terminate :only => [ :body, :title, :name ], :on => 'validation'
@@ -2,7 +2,7 @@ class Community &lt; Organization
  
   attr_accessible :accessor_id, :accessor_type, :role_id, :resource_id, :resource_type
   attr_accessible :address_reference, :district, :tag_list, :language, :description
-  attr_accessible :requires_email
+
   after_destroy :check_invite_member_for_destroy
  
   def self.type_name
@@ -13,9 +13,6 @@ class Community &lt; Organization
   N_('Language')
  
   settings_items :language
-  settings_items :requires_email, :type => :boolean
-
-  alias_method :requires_email?, :requires_email
  
   extend SetProfileRegionFromCityState::ClassMethods
   set_profile_region_from_city_state
@@ -0,0 +1,265 @@
+module ActsAsFilesystem
+
+  module ActsMethods
+
+    # Declares the ActiveRecord model to acts like a filesystem: objects are
+    # arranged in a tree (liks acts_as_tree), and . The underlying table must
+    # have the following fields:
+    #
+    # * name (+:string+) - the title of the object
+    # * slug (+:string+)- the title turned in a URL-friendly string (downcased,
+    #   non-ascii chars transliterated into ascii, all sequences of
+    #   non-alphanumericd characters changed into dashed)
+    # * path (+:text+)- stores the full path of the object (the full path of
+    #   the parent, a "/" and the slug of the object)
+    # * children_count - a cache of the number of children elements.
+    def acts_as_filesystem
+      # a filesystem is a tree
+      acts_as_tree :counter_cache => :children_count
+
+      extend ClassMethods
+      include InstanceMethods
+      if self.has_path?
+        after_update :update_children_path
+        before_create :set_path
+        include InstanceMethods::PathMethods
+      end
+
+      before_save :set_ancestry
+    end
+
+  end
+
+  module ClassMethods
+
+    def build_ancestry(parent_id = nil, ancestry = '')
+      ActiveRecord::Base.transaction do
+        self.base_class.where(parent_id: parent_id).each do |node|
+          node.update_column :ancestry, ancestry
+
+          build_ancestry node.id, (ancestry.empty? ? "#{node.formatted_ancestry_id}" :
+                                   "#{ancestry}#{node.ancestry_sep}#{node.formatted_ancestry_id}")
+        end
+      end
+
+      #raise "Couldn't reach and set ancestry on every record" if self.base_class.where('ancestry is null').count != 0
+    end
+
+    def has_path?
+      (['name', 'slug', 'path'] - self.column_names).blank?
+    end
+
+  end
+
+  module InstanceMethods
+
+    def ancestry_column
+      'ancestry'
+    end
+    def ancestry_sep
+      '.'
+    end
+    def has_ancestry?
+      self.class.column_names.include? self.ancestry_column
+    end
+
+    def formatted_ancestry_id
+      "%010d" % self.id if self.id
+    end
+
+    def ancestry
+      self[ancestry_column]
+    end
+    def ancestor_ids
+      return nil if !has_ancestry? or ancestry.nil?
+      @ancestor_ids ||= ancestry.split(ancestry_sep).map{ |id| id.to_i }
+    end
+
+    def ancestry=(value)
+      self[ancestry_column] = value
+    end
+    def set_ancestry
+      return unless self.has_ancestry?
+      if self.ancestry.nil? or (new_record? or parent_id_changed?) or recalculate_path
+        self.ancestry = self.hierarchy(true)[0...-1].map{ |p| p.formatted_ancestry_id }.join(ancestry_sep)
+      end
+    end
+
+    def descendents_options
+      ["#{self.ancestry_column} LIKE ?", "%#{self.formatted_ancestry_id}%"]
+    end
+    def descendents
+      self.class.where descendents_options
+    end
+
+    # calculates the level of the record in the records hierarchy. Top-level
+    # records have level 0; the children of the top-level records have
+    # level 1; the children of records with level 1 have level 2, and so on.
+    #
+    #      A    level 0
+    #     / \
+    #    B   C  level 1
+    #   / \ / \
+    #   E F G H level 2
+    #     ...
+    def level
+      self.hierarchy.size - 1
+    end
+
+    # Is this record a top-level record?
+    def top_level?
+      self.parent.nil?
+    end
+
+    # Is this record a leaf in the hierarchy tree of records?
+    #
+    # Being a leaf means that this record has no subrecord.
+    def leaf?
+      self.children.empty?
+    end
+
+    def top_ancestor
+      if has_ancestry? and !ancestry.blank?
+        self.class.base_class.find_by id: self.top_ancestor_id
+      else
+        self.hierarchy.first
+      end
+    end
+    def top_ancestor_id
+      if has_ancestry? and !ancestry.nil?
+        self.ancestor_ids.first
+      else
+        self.hierarchy.first.id
+      end
+    end
+
+    # returns the full hierarchy from the top-level item to this one. For
+    # example, if item1 has a children item2 and item2 has a children item3,
+    # then item3's hierarchy would be [item1, item2, item3].
+    #
+    # If +reload+ is passed as +true+, then the hierarchy is reload (usefull
+    # when the ActiveRecord object was modified in some way, or just after
+    # changing parent)
+    def hierarchy(reload = false)
+      @hierarchy = nil if reload or recalculate_path
+
+      if @hierarchy.nil?
+        @hierarchy = []
+
+        if !reload and !recalculate_path and ancestor_ids
+          objects = self.class.base_class.where(id: ancestor_ids)
+          ancestor_ids.each{ |id| @hierarchy << objects.find{ |t| t.id == id } }
+          @hierarchy << self
+        else
+          item = self
+          while item
+            @hierarchy.unshift(item)
+            item = item.parent
+          end
+        end
+      end
+
+      @hierarchy
+    end
+
+    def map_traversal(&block)
+      result = []
+      current_level = [self]
+
+      while !current_level.empty?
+        result += current_level
+        ids = current_level.select {|item| item.children_count > 0}.map(&:id)
+        break if ids.empty?
+        current_level = self.class.base_class.where(parent_id: ids)
+      end
+      block ||= (lambda { |x| x })
+      result.map(&block)
+    end
+
+    def all_children
+      res = map_traversal
+      res.shift
+      res
+    end
+
+    #####
+    # Path methods
+    # These methods are used when _path_, _name_ and _slug_ attributes exist
+    # and should be calculated based on the tree
+    #####
+    module PathMethods
+      # used to know when to trigger batch renaming
+      attr_accessor :recalculate_path
+
+      # calculates the full path to this record using parent's path.
+      def calculate_path
+        self.hierarchy.map{ |obj| obj.slug }.join('/')
+      end
+      def set_path
+        if self.path == self.slug && !self.top_level?
+          self.path = self.calculate_path
+        end
+      end
+      def explode_path
+        path.split(/\//)
+      end
+
+      def update_children_path
+        if self.recalculate_path
+          self.children.each do |child|
+            child.path = child.calculate_path
+            child.recalculate_path = true
+            child.save!
+          end
+        end
+        self.recalculate_path = false
+      end
+
+      # calculates the full name of a record by accessing the name of all its
+      # ancestors.
+      #
+      # If you have this record hierarchy:
+      #   Record "A"
+      #     Record "B"
+      #       Record "C"
+      #
+      # Then Record "C" will have "A/B/C" as its full name.
+      def full_name(sep = '/')
+        self.hierarchy.map {|item| item.name || '?' }.join(sep)
+      end
+
+      # gets the name without leading parents. Useful when dividing records
+      # in top-level groups and full names must not include the top-level
+      # record which is already a emphasized label
+      def full_name_without_leading(count, sep = '/')
+        parts = self.full_name(sep).split(sep)
+        count.times { parts.shift }
+        parts.join(sep)
+      end
+
+      def set_name(value)
+        if self.name != value
+          self.recalculate_path = true
+        end
+        self[:name] = value
+      end
+
+      # sets the name of the record. Also sets #slug accordingly.
+      def name=(value)
+        self.set_name(value)
+        unless self.name.blank?
+          self.slug = self.name.to_slug
+        end
+      end
+
+      # sets the slug of the record. Also sets the path with the new slug value.
+      def slug=(value)
+        self[:slug] = value
+        unless self.slug.blank?
+          self.path = self.calculate_path
+        end
+      end
+    end
+  end
+end
+
@@ -0,0 +1,37 @@
+module ActsAsHavingBoxes
+
+  module ClassMethods
+    def acts_as_having_boxes
+      has_many :boxes, -> { order :position }, as: :owner, dependent: :destroy
+      self.send(:include, ActsAsHavingBoxes)
+    end
+  end
+
+  module BlockArray
+    def find(id)
+      select { |item| item.id == id.to_i }.first
+    end
+  end
+
+  def blocks(reload = false)
+    if (reload)
+      @blocks = nil
+    end
+    if @blocks.nil?
+      @blocks = boxes.includes(:blocks).inject([]) do |acc,obj|
+        acc.concat(obj.blocks)
+      end
+      @blocks.send(:extend, BlockArray)
+    end
+    @blocks
+  end
+
+  # returns 3 unless the class table has a boxes_limit column. In that case
+  # return the value of the column.
+  def boxes_limit layout_template = nil
+    layout_template ||= self.layout_template
+    @boxes_limit ||= LayoutTemplate.find(layout_template).number_of_boxes || 3
+  end
+
+end
+
@@ -0,0 +1,25 @@
+module ActsAsHavingImage
+
+  module ClassMethods
+    def acts_as_having_image
+      belongs_to :image, dependent: :destroy
+      scope :with_image, -> { where "#{table_name}.image_id IS NOT NULL" }
+      scope :without_image, -> { where "#{table_name}.image_id IS NULL" }
+      attr_accessible :image_builder
+      include ActsAsHavingImage
+    end
+  end
+
+  def image_builder=(img)
+    if image && image.id == img[:id]
+      image.attributes = img
+    else
+      build_image(img)
+    end unless img[:uploaded_data].blank?
+    if img[:remove_image] == 'true'
+      self.image_id = nil
+    end
+  end
+
+end
+
@@ -0,0 +1,49 @@
+module ActsAsHavingPosts
+
+  module ClassMethods
+    def acts_as_having_posts(scope = nil)
+      has_many :posts, -> {
+        s = order('published_at DESC, id DESC').where('articles.type != ?', 'RssFeed')
+        s = s.instance_exec(&scope) if scope
+        s
+      }, class_name: 'Article', foreign_key: 'parent_id', source: :children
+
+      attr_accessor :feed_attrs
+
+      after_create do |blog|
+        blog.children << RssFeed.new(:name => 'feed', :profile => blog.profile)
+        blog.feed = blog.feed_attrs
+      end
+
+      settings_items :posts_per_page, :type => :integer, :default => 5
+
+      self.send(:include, ActsAsHavingPosts)
+    end
+  end
+
+  def has_posts?
+    true
+  end
+
+  def feed
+    children.where(:type => 'RssFeed').first
+  end
+
+  def feed=(attrs)
+    if attrs
+      if self.feed
+        self.feed.update(attrs)
+      else
+        self.feed_attrs = attrs
+      end
+    end
+    self.feed
+  end
+
+  def name=(value)
+    self.set_name(value)
+    self.slug = self.slug.blank? ? self.name.to_slug : self.slug.to_slug
+  end
+
+end
+
@@ -0,0 +1,89 @@
+# declare missing types
+module ActiveRecord
+  module Type
+    class Symbol < Value
+      def cast_value value
+        value.to_sym
+      end
+    end
+    class Array < Value
+      def cast_value value
+        ::Array.wrap(value)
+      end
+    end
+    class Hash < Value
+      def cast_value value
+        h = ::Hash[value]
+        h.symbolize_keys!
+        h
+      end
+    end
+  end
+end
+
+module ActsAsHavingSettings
+
+  def self.type_cast value, type
+    # do not cast nil
+    return value if value.nil?
+    type.send :cast_value, value
+  end
+
+  module ClassMethods
+
+    def acts_as_having_settings(*args)
+      options = args.last.is_a?(Hash) ? args.pop : {}
+      field = (options[:field] || :settings).to_sym
+
+      serialize field, Hash
+      class_attribute :settings_field
+      self.settings_field = field
+
+      class_eval do
+        def settings_field
+          self[self.class.settings_field] ||= Hash.new
+        end
+
+        def setting_changed? setting_field
+          setting_field = setting_field.to_sym
+          changed_settings = self.changes[self.class.settings_field]
+          return false if changed_settings.nil?
+
+          old_setting_value = changed_settings.first.nil? ? nil : changed_settings.first[setting_field]
+          new_setting_value = changed_settings.last[setting_field]
+          old_setting_value != new_setting_value
+        end
+      end
+
+      settings_items *args
+    end
+
+    def settings_items *names
+
+      options = names.extract_options!
+      default = options[:default]
+      type = options[:type]
+      type = if type.present? then ActiveRecord::Type.const_get(type.to_s.camelize.to_sym).new else nil end
+
+      names.each do |setting|
+        # symbolize key
+        setting = setting.to_sym
+
+        define_method setting do
+          h = send self.class.settings_field
+          val = h[setting]
+          # translate default value if it is used
+          if not val.nil? then val elsif default.is_a? String then gettext default else default end
+        end
+
+        define_method "#{setting}=" do |value|
+          h = send self.class.settings_field
+          h[setting] = if type then ActsAsHavingSettings.type_cast value, type else value end
+        end
+      end
+    end
+
+  end
+
+end
+
@@ -0,0 +1,57 @@
+module CodeNumbering
+  module ClassMethods
+    def code_numbering field, options = {}
+      class_attribute :code_numbering_field
+      class_attribute :code_numbering_options
+
+      self.code_numbering_field = field
+      self.code_numbering_options = options
+
+      before_create :create_code_numbering
+
+      include CodeNumbering::InstanceMethods
+    end
+  end
+
+  module InstanceMethods
+
+    def code
+      self.attributes[self.code_numbering_field.to_s]
+    end
+
+    def code_scope
+      scope = self.code_numbering_options[:scope]
+      case scope
+      when Symbol
+        self.send scope
+      when Proc
+        instance_exec &scope
+      else
+        self.class
+      end
+    end
+
+    def code_maximum
+      self.code_scope.maximum(self.code_numbering_field) || 0
+    end
+
+    def create_code_numbering
+      max = self.code_numbering_options[:start].to_i - 1 if self.code_numbering_options[:start]
+      max = self.code_maximum
+      self.send "#{self.code_numbering_field}=", max+1
+    end
+
+    def reset_scope_code_numbering
+      max = self.code_numbering_options[:start].to_i - 1 if self.code_numbering_options[:start]
+      max ||= 1
+
+      self.code_scope.order(:created_at).each do |record|
+        record.update_column self.code_numbering_field, max
+        max += 1
+      end
+      self.reload
+    end
+
+  end
+end
+
@@ -0,0 +1,124 @@
+module Customizable
+
+  def self.included(base)
+    base.attr_accessible :custom_values
+    base.extend ClassMethods
+  end
+
+  module ClassMethods
+    def acts_as_customizable(options = {})
+      attr_accessor :custom_values
+      has_many :custom_field_values, :dependent => :delete_all, :as => :customized
+      send :include, Customizable::InstanceMethods
+      after_save :save_custom_values
+      validate :valid_custom_values?
+    end
+
+    def active_custom_fields environment
+      environment.custom_fields.select{|cf| customized_ancestors_list.include?(cf.customized_type) && cf.active}
+    end
+
+    def required_custom_fields environment
+      environment.custom_fields.select{|cf| customized_ancestors_list.include?(cf.customized_type) && cf.required}
+    end
+
+    def signup_custom_fields environment
+      environment.custom_fields.select{|cf| customized_ancestors_list.include?(cf.customized_type) && cf.signup}
+    end
+
+    def custom_fields environment
+      environment.custom_fields.select{|cf| customized_ancestors_list.include?(cf.customized_type)}
+    end
+
+    def customized_ancestors_list
+      current=self
+      result=[]
+      while current.instance_methods.include? :custom_value do
+        result << current.name
+        current=current.superclass
+      end
+      result
+    end
+
+  end
+
+  module InstanceMethods
+
+    def valid_custom_values?
+      is_valid = true
+      parse_custom_values.each do |cv|
+        unless cv.valid?
+          name = cv.custom_field.name
+          errors.add(name, cv.errors.messages[name.to_sym].first)
+          is_valid = false
+        end
+      end
+      is_valid
+    end
+
+    def customized_class
+      current=self.class
+      while current.instance_methods.include? :custom_fields do
+        result=current
+        current=current.superclass
+      end
+      result.name
+    end
+
+    def is_public(field_name)
+      cv = self.custom_field_values.detect{|cv| cv.custom_field.name==field_name}
+      cv.nil? ? false : cv.public
+    end
+
+    def public_values
+      self.custom_field_values.select{|cv| cv.public}
+    end
+
+    def custom_value(field_name)
+      cv = self.custom_field_values.detect{|cv| cv.custom_field.name==field_name}
+      cv.nil? ? default_value_for(field_name) : cv.value
+    end
+
+    def default_value_for(field_name)
+      field=self.class.custom_fields(environment).detect {|c| c.name == field_name}
+      field.nil? ? nil : field.default_value
+    end
+
+    def parse_custom_values
+      return_list = []
+      return return_list if custom_values.blank?
+      custom_values.each_pair do |key, value|
+        custom_field = environment.custom_fields.detect{|cf|cf.name==key}
+        next if custom_field.blank?
+        custom_field_value = self.custom_field_values(true).detect{|cv| cv.custom_field.name==key}
+
+        if custom_field_value.nil?
+          custom_field_value = CustomFieldValue.new
+          custom_field_value.custom_field = custom_field
+          custom_field_value.customized = self
+        end
+
+        if value.is_a?(Hash)
+          custom_field_value.value = value['value'].to_s
+          if value.has_key?('public')
+            is_public = value['public']=="true" || value['public']==true
+            custom_field_value.public = is_public
+          else
+            custom_field_value.public = false
+          end
+        else
+          custom_field_value.value = value.to_s
+          custom_field_value.public = false
+        end
+        return_list << custom_field_value
+      end
+      return_list
+    end
+
+    def save_custom_values
+      parse_custom_values.each(&:save)
+    end
+
+  end
+end
+
@@ -0,0 +1,55 @@
+module DelayedAttachmentFu
+
+  module ClassMethods
+    def delay_attachment_fu_thumbnails
+      include DelayedAttachmentFu::InstanceMethods
+      after_create do |file|
+        if file.thumbnailable?
+          Delayed::Job.enqueue CreateThumbnailsJob.new(file.class.name, file.id)
+        end
+      end
+    end
+  end
+
+  module InstanceMethods
+    # skip processing with RMagick
+    def process_attachment
+    end
+
+    def after_process_attachment
+      save_to_storage
+      @temp_paths.clear
+      @saved_attachment = nil
+      run_callbacks :after_attachment_saved
+    end
+
+    def create_thumbnails
+      if thumbnailable?
+        self.class.with_image(full_filename) do |img|
+          self.width = img.columns
+          self.height = img.rows
+          self.save!
+        end
+        self.class.attachment_options[:thumbnails].each do |suffix, size|
+          self.create_or_update_thumbnail(self.full_filename, suffix, size)
+        end
+        self.thumbnails_processed = true
+        self.save!
+      end
+    end
+
+    def public_filename(size=nil)
+      force, size = true, nil if size == :uploaded
+      if !self.thumbnailable? || self.thumbnails_processed || force
+        super size
+      else
+        size ||= :thumb
+        '/images/icons-app/image-loading-%s.png' % size
+      end
+    end
+
+
+  end
+end
+
+
@@ -0,0 +1,44 @@
+module SetProfileRegionFromCityState
+
+  module ClassMethods
+    def set_profile_region_from_city_state
+      before_save :region_from_city_and_state
+
+      include InstanceMethods
+      alias_method_chain :city=, :region
+      alias_method_chain :state=, :region
+    end
+  end
+
+  module InstanceMethods
+    include Noosfero::Plugin::HotSpot
+
+    def city_with_region=(value)
+      self.city_without_region = value
+      @change_region = true
+    end
+
+    def state_with_region=(value)
+      self.state_without_region = value
+      @change_region = true
+    end
+
+    def region_from_city_and_state
+      if @change_region
+        self.region = nil
+        state = search_region(State, self.state)
+        self.region = search_region(City.where(:parent_id => state.id), self.city) if state
+      end
+    end
+
+    private
+
+    def search_region(scope, query)
+      return nil if !query
+      query = query.downcase.strip
+      scope.where(['lower(name)=? OR lower(abbreviation)=? OR lower(acronym)=?', query, query, query]).first
+    end
+
+  end
+
+end
@@ -0,0 +1,8 @@
+module TranslatableContent
+
+  def translatable?
+    return false if self.profile && !self.profile.environment.languages.present?
+    parent.nil? || !parent.forum?
+  end
+
+end
@@ -0,0 +1,37 @@
+module WhiteListFilter
+
+  def check_iframe_on_content(content, trusted_sites)
+    if content.blank? || !content.include?('iframe')
+      return content
+    end
+    content.gsub!(/<iframe[^>]*>\s*<\/iframe>/i) do |iframe|
+      result = ''
+      unless iframe =~ /src=['"].*src=['"]/
+        trusted_sites.each do |trusted_site|
+          re_dom = trusted_site.gsub('.', '\.')
+          if iframe =~ /src=["'](https?:)?\/\/(www\.)?#{re_dom}\//
+            result = iframe
+          end
+        end
+      end
+      result
+    end
+    content
+  end
+
+  module ClassMethods
+    def filter_iframes(*opts)
+      options = opts.last.is_a?(Hash) && opts.pop || {}
+      white_list_method = options[:whitelist] || :iframe_whitelist
+      opts.each do |field|
+        before_validation do |obj|
+          obj.check_iframe_on_content(obj.send(field), obj.send(white_list_method))
+        end
+      end
+    end
+  end
+
+  def self.included(c)
+    c.send(:extend, WhiteListFilter::ClassMethods)
+  end
+end
@@ -12,6 +12,7 @@ class CreateCommunity &lt; Task
   attr_accessible :environment, :requestor, :target
   attr_accessible :reject_explanation, :template_id
  
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
  
   DATA_FIELDS = Community.fields + ['name', 'closed', 'description']
@@ -174,8 +174,4 @@ class Enterprise &lt; Organization
     ''
   end
  
-  def followed_by? person
-    super or self.fans.where(id: person.id).count > 0
-  end
-
 end
@@ -200,6 +200,7 @@ class Environment &lt; ApplicationRecord
   # Relationships and applied behaviour
   # #################################################
  
+  extend ActsAsHavingBoxes::ClassMethods
   acts_as_having_boxes
  
   after_create do |env|
@@ -251,7 +252,8 @@ class Environment &lt; ApplicationRecord
   # #################################################
  
   # store the Environment settings as YAML-serialized Hash.
-  acts_as_having_settings :field => :settings
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :settings
  
   # introduce and explain to users something about the signup
   settings_items :signup_intro, :type => String
-require 'noosfero/translatable_content'
 require 'builder'
  
 class Event < Article
@@ -138,7 +137,7 @@ class Event &lt; Article
     false
   end
  
-  include Noosfero::TranslatableContent
+  include TranslatableContent
   include MaybeAddHttp
  
 end
@@ -7,6 +7,10 @@ class FavoriteEnterprisePerson &lt; ApplicationRecord
   belongs_to :enterprise
   belongs_to :person
  
+  after_create do |favorite|
+    favorite.person.follow(favorite.enterprise, Circle.find_or_create_by(:person => favorite.person, :name =>_('favorites'), :profile_type => 'Enterprise'))
+  end
+
   protected
  
   def is_trackable?
@@ -10,7 +10,8 @@ class Folder &lt; Article
     errors.add(:parent, "A folder should not belong to a blog.") if parent && parent.blog?
   end
  
-  acts_as_having_settings :field => :setting
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :setting
  
   xss_terminate :only => [ :name, :body ], :with => 'white_list', :on => 'validation'
  
 class Forum < Folder
  
+  extend ActsAsHavingPosts::ClassMethods
   acts_as_having_posts -> { reorder 'updated_at DESC' }
+
   include PostsLimit
  
   attr_accessible :has_terms_of_use, :terms_of_use, :topic_creation
@@ -9,11 +9,19 @@ class Friendship &lt; ApplicationRecord
   after_create do |friendship|
     Friendship.update_cache_counter(:friends_count, friendship.person, 1)
     Friendship.update_cache_counter(:friends_count, friendship.friend, 1)
+
+    circles = friendship.group.blank? ? ['friendships'] : friendship.group.split(',').map(&:strip)
+    circles.each do |circle|
+      friendship.person.follow(friendship.friend, Circle.find_or_create_by(:person => friendship.person, :name => circle, :profile_type => 'Person'))
+    end
   end
  
   after_destroy do |friendship|
     Friendship.update_cache_counter(:friends_count, friendship.person, -1)
     Friendship.update_cache_counter(:friends_count, friendship.friend, -1)
+
+    circle = Circle.find_by(:person => friendship.person, :name => (friendship.group.blank? ? 'friendships': friendship.group) )
+    friendship.person.remove_profile_from_circle(friendship.friend, circle) if circle
   end
  
   def self.remove_friendship(person1, person2)
@@ -23,6 +23,7 @@ class Image &lt; ApplicationRecord
  
   validates_attachment :size => N_("{fn} of uploaded file was larger than the maximum size of 5.0 MB").fix_i18n
  
+  extend DelayedAttachmentFu::ClassMethods
   delay_attachment_fu_thumbnails
  
   postgresql_attachment_fu
@@ -2,6 +2,10 @@
 class Organization < Profile
  
   attr_accessible :moderated_articles, :foundation_year, :contact_person, :acronym, :legal_form, :economic_activity, :management_information, :cnpj, :display_name, :enable_contact_us
+  attr_accessible :requires_email
+
+  settings_items :requires_email, type: :boolean
+  alias_method :requires_email?, :requires_email
  
   SEARCH_FILTERS = {
     :order => %w[more_recent more_popular more_active],
@@ -8,7 +8,6 @@ class Person &lt; Profile
     :display => %w[compact]
   }
  
-
   def self.type_name
     _('Person')
   end
@@ -93,6 +92,7 @@ class Person &lt; Profile
   has_many :following_articles, :class_name => 'Article', :through => :article_followers, :source => :article
   has_many :friendships, :dependent => :destroy
   has_many :friends, :class_name => 'Person', :through => :friendships
+  has_many :circles
  
   scope :online, -> {
     joins(:user).where("users.chat_status != '' AND users.chat_status_at >= ?", DateTime.now - User.expires_chat_status_every.minutes)
@@ -200,6 +200,33 @@ class Person &lt; Profile
     end
   end
  
+  def follow(profile, circles)
+    circles = [circles] unless circles.is_a?(Array)
+    circles.each do |new_circle|
+      ProfileFollower.create(profile: profile, circle: new_circle)
+    end
+  end
+
+  def update_profile_circles(profile, new_circles)
+    profile_circles = ProfileFollower.with_profile(profile).with_follower(self).map(&:circle)
+    circles_to_add = new_circles - profile_circles
+    circles_to_remove = profile_circles - new_circles
+    circles_to_add.each do |new_circle|
+      ProfileFollower.create(profile: profile, circle: new_circle)
+    end
+
+    ProfileFollower.where('circle_id IN (?) AND profile_id = ?',
+                          circles_to_remove.map(&:id), profile.id).destroy_all
+  end
+
+  def unfollow(profile)
+    ProfileFollower.with_follower(self).with_profile(profile).destroy_all
+  end
+
+  def remove_profile_from_circle(profile, circle)
+    ProfileFollower.with_profile(profile).with_circle(circle).destroy_all
+  end
+
   def already_request_friendship?(person)
     person.tasks.where(requestor_id: self.id, type: 'AddFriend', status: Task::Status::ACTIVE).first
   end
@@ -580,9 +607,12 @@ class Person &lt; Profile
     person.has_permission?(:manage_friends, self)
   end
  
-  protected
+  def followed_profiles
+    Profile.followed_by self
+  end
  
-  def followed_by?(profile)
-    self == profile || self.is_a_friend?(profile)
+  def in_social_circle?(person)
+    self.is_a_friend?(person) || super
   end
+
 end
@@ -5,7 +5,7 @@ class Profile &lt; ApplicationRecord
  
   attr_accessible :name, :identifier, :public_profile, :nickname, :custom_footer, :custom_header, :address, :zip_code, :contact_phone, :image_builder, :description, :closed, :template_id, :environment, :lat, :lng, :is_template, :fields_privacy, :preferred_domain_id, :category_ids, :country, :city, :state, :national_region_code, :email, :contact_email, :redirect_l10n, :notification_time,
     :redirection_after_login, :custom_url_redirection,
-    :email_suggestions, :allow_members_to_invite, :invite_friends_only, :secret, :profile_admin_mail_notification
+    :email_suggestions, :allow_members_to_invite, :invite_friends_only, :secret, :profile_admin_mail_notification, :allow_followers
  
   # use for internationalizable human type names in search facets
   # reimplement on subclasses
@@ -88,6 +88,8 @@ class Profile &lt; ApplicationRecord
   }
  
   acts_as_accessible
+
+  include Customizable
   acts_as_customizable
  
   include Noosfero::Plugin::HotSpot
@@ -185,6 +187,21 @@ class Profile &lt; ApplicationRecord
     Person.members_of(self).by_role(roles)
   end
  
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :data
+
+  def settings
+    data
+  end
+
+  settings_items :redirect_l10n, :type => :boolean, :default => false
+  settings_items :public_content, :type => :boolean, :default => true
+  settings_items :description
+  settings_items :fields_privacy, :type => :hash, :default => {}
+  settings_items :email_suggestions, :type => :boolean, :default => false
+  settings_items :profile_admin_mail_notification, :type => :boolean, :default => true
+
+  extend ActsAsHavingBoxes::ClassMethods
   acts_as_having_boxes
  
   acts_as_taggable
@@ -203,6 +220,23 @@ class Profile &lt; ApplicationRecord
   scope :more_active, -> { order 'activities_count DESC' }
   scope :more_recent, -> { order "created_at DESC" }
  
+  scope :followed_by, -> person{
+    distinct.select('profiles.*').
+    joins('left join profiles_circles ON profiles_circles.profile_id = profiles.id').
+    joins('left join circles ON circles.id = profiles_circles.circle_id').
+    where('circles.person_id = ?', person.id)
+  }
+
+  scope :in_circle, -> circle{
+    distinct.select('profiles.*').
+    joins('left join profiles_circles ON profiles_circles.profile_id = profiles.id').
+    joins('left join circles ON circles.id = profiles_circles.circle_id').
+    where('circles.id = ?', circle.id)
+  }
+
+  settings_items :allow_followers, :type => :boolean, :default => true
+  alias_method :allow_followers?, :allow_followers
+
   acts_as_trackable :dependent => :destroy
  
   has_many :profile_activities
@@ -215,6 +249,9 @@ class Profile &lt; ApplicationRecord
  
   has_many :email_templates, :foreign_key => :owner_id
  
+  has_many :profile_followers
+  has_many :followers, -> { uniq }, :class_name => 'Person', :through => :profile_followers, :source => :person
+
   # Although this should be a has_one relation, there are no non-silly names for
   # a foreign key on article to reference the template to which it is
   # welcome_page... =P
@@ -231,19 +268,6 @@ class Profile &lt; ApplicationRecord
     scrap.nil? ? Scrap.all_scraps(self) : Scrap.all_scraps(self).find(scrap)
   end
  
-  acts_as_having_settings :field => :data
-
-  def settings
-    data
-  end
-
-  settings_items :redirect_l10n, :type => :boolean, :default => false
-  settings_items :public_content, :type => :boolean, :default => true
-  settings_items :description
-  settings_items :fields_privacy, :type => :hash, :default => {}
-  settings_items :email_suggestions, :type => :boolean, :default => false
-  settings_items :profile_admin_mail_notification, :type => :boolean, :default => true
-
   validates_length_of :description, :maximum => 550, :allow_nil => true
  
   # Valid identifiers must match this format.
@@ -285,6 +309,7 @@ class Profile &lt; ApplicationRecord
  
   has_many :files, :class_name => 'UploadedFile'
  
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
  
   has_many :tasks, :dependent => :destroy, :as => 'target'
@@ -758,12 +783,13 @@ private :generate_url, :url_options
  
   # Adds a person as member of this Profile.
   def add_member(person, attributes={})
-    if self.has_members?
+    if self.has_members? && !self.secret
       if self.closed? && members.count > 0
         AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
       else
         self.affiliate(person, Profile::Roles.admin(environment.id), attributes) if members.count == 0
         self.affiliate(person, Profile::Roles.member(environment.id), attributes)
+        person.follow(self, Circle.find_or_create_by(:person => person, :name =>_('memberships'), :profile_type => 'Community'))
       end
       person.tasks.pending.of("InviteMember").select { |t| t.data[:community_id] == self.id }.each { |invite| invite.cancel }
       remove_from_suggestion_list person
@@ -1107,7 +1133,11 @@ private :generate_url, :url_options
   end
  
   def followed_by?(person)
-    person.is_member_of?(self)
+    (person == self) || (person.in? self.followers)
+  end
+
+  def in_social_circle?(person)
+    (person == self) || (person.is_member_of?(self))
   end
  
   def display_private_info_to?(user)
@@ -1148,4 +1178,8 @@ private :generate_url, :url_options
   def allow_destroy?(person = nil)
     person.kind_of?(Profile) && person.has_permission?('destroy_profile', self)
   end
+
+  def in_circle?(circle, follower)
+    ProfileFollower.with_follower(follower).with_circle(circle).with_profile(self).present?
+  end
 end
@@ -0,0 +1,28 @@
+class ProfileFollower < ApplicationRecord
+  self.table_name = :profiles_circles
+  track_actions :new_follower, :after_create, :keep_params => ["follower.name", "follower.url", "follower.profile_custom_icon"], :custom_user => :profile
+
+  attr_accessible :profile, :circle
+
+  belongs_to :profile
+  belongs_to :circle
+
+  has_one :person, through: :circle
+  alias follower person
+
+  validates_presence_of :profile_id, :circle_id
+  validates :profile_id, :uniqueness => {:scope => :circle_id, :message => "can't put a profile in the same circle twice"}
+
+  scope :with_follower, -> person{
+    joins(:circle).where('circles.person_id = ?', person.id)
+  }
+
+  scope :with_profile, -> profile{
+    where(:profile => profile)
+  }
+
+  scope :with_circle, -> circle{
+    where(:circle => circle)
+  }
+
+end
@@ -17,7 +17,8 @@ class ProfileSuggestion &lt; ApplicationRecord
     self.class.generate_profile_suggestions(profile_suggestion.person)
   end
  
-  acts_as_having_settings :field => :categories
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :categories
  
   validate :must_be_a_valid_category, :on => :create
   def must_be_a_valid_category
@@ -11,7 +11,8 @@
 # will need to declare <ttserialize</tt> itself).
 class Task < ApplicationRecord
  
-  acts_as_having_settings :field => :data
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :data
  
   module Status
     # the status of tasks just created
-require 'noosfero/translatable_content'
-
 # a base class for all text article types.
 class TextArticle < Article
  
@@ -9,7 +7,7 @@ class TextArticle &lt; Article
     _('Article')
   end
  
-  include Noosfero::TranslatableContent
+  include TranslatableContent
  
   def self.icon_name(article = nil)
     if article && !article.parent.nil? && article.parent.kind_of?(Blog)
-require 'white_list_filter'
-
 class TinyMceArticle < TextArticle
  
   def self.short_description
@@ -84,6 +84,7 @@ class UploadedFile &lt; Article
  
   validates_attachment :size => N_("{fn} of uploaded file was larger than the maximum size of %{size}").sub('%{size}', self.max_size.to_humanreadable).fix_i18n
  
+  extend DelayedAttachmentFu::ClassMethods
   delay_attachment_fu_thumbnails
  
   postgresql_attachment_fu
@@ -3,7 +3,7 @@
     var answer = parseInt(form.answer.value);
     var val = form.answer.value;
     if (!answer || (val.length != 4) || val > <%= Time.now.year %> || val < 1900) {
-      alert(<%= (_('The year must be between %d and %d') % [1900, Time.now.year]).inspect %>);
+      alert(<%= (_('The year must be between %d and %d').html_safe % [1900, Time.now.year]).inspect %>);
       return false;
     } else {
       return true;
@@ -28,9 +28,9 @@
  
   <p>  <strong><%= _('Pay atention! You have only one chance!') %></strong> </p>
  
-  <p><%= _("This is a question to know if you really are part of this enterprise. Pay atention because you have only one chance to answer right and activate your enterprise. If you answer wrong you will not be able to activate the enterprise automaticaly and must get in touch with the admins of %s by email or phone.") % environment.name %> </p>
+  <p><%= _("This is a question to know if you really are part of this enterprise. Pay atention because you have only one chance to answer right and activate your enterprise. If you answer wrong you will not be able to activate the enterprise automaticaly and must get in touch with the admins of %s by email or phone.").html_safe % environment.name %> </p>
  
-  <%= ApplicationHelper::NoosferoFormBuilder::output_field(@question == :foundation_year ? (_("What year your enterprise was founded? It must have 4 digits, eg 1990. %s") % environment.tip_message_enterprise_activation_question) : _('What is the CNPJ of your enterprise?'), text_field_tag(:answer, nil, :id => 'enterprise-activation-answer')) %>
+  <%= ApplicationHelper::NoosferoFormBuilder::output_field(@question == :foundation_year ? (_("What year your enterprise was founded? It must have 4 digits, eg 1990. %s").html_safe % environment.tip_message_enterprise_activation_question) : _('What is the CNPJ of your enterprise?'), text_field_tag(:answer, nil, :id => 'enterprise-activation-answer')) %>
  
     <%= hidden_field_tag :enterprise_code, params[:enterprise_code] %>
  
 <div class='description'>
   <%= _('This text will be sent to new users if the feature "Send welcome e-mail to new users" is enabled on environment.') %><br/><br/>
-  <%= _('Including %s on body, it will be replaced by the real name of the e-mail recipient.') % content_tag('code', '{user_name}') %>
+  <%= _('Including %s on body, it will be replaced by the real name of the e-mail recipient.').html_safe % content_tag('code', '{user_name}') %>
 </div>
  
 <%= labelled_form_field(_('Subject'), text_field(:environment, :signup_welcome_text_subject, :style => 'width:100%')) %>
@@ -0,0 +1,11 @@
+<div class="circles" id='circles-list'>
+
+  <%= form_for :circles, :url => {:controller => 'profile', :action => 'follow'}, :html => {:id => "follow-circles-form"}  do |f|%>
+    <%= render partial: "blocks/profile_info_actions/select_circles", :locals => {:circles => circles, :followed_profile => profile, :follower => current_person } %>
+
+    <div id="circle-actions">
+      <%= submit_button :ok, _("Follow") %>
+      <input type="button" value="<%= _("Cancel") %>" id="cancel-set-circle" class="button with-text icon-cancel"/>
+    </div>
+  <% end %>
+</div>
 <li><%= report_abuse(profile, :button) %></li>
+<% if logged_in? && (user != profile) && profile.allow_followers? %>
+  <li>
+    <% follow = user.follows?(profile) %>
+    <%= button(:unfollow, content_tag('span', _('Unfollow')), {:profile => profile.identifier, :controller => 'profile', :action => 'unfollow'}, :method => :post, :id => 'action-unfollow', :title => _("Unfollow"), :style => follow ? "" : "display: none;") %>
+    <%= button(:ok, content_tag('span', _('Follow')), {:profile => profile.identifier, :controller => 'profile', :action => 'find_profile_circles'}, :id => 'action-follow', :title => _("Follow"), :style => follow ? "display: none;" : "") %>
+    <div id="circles-container" style="display: none;">
+    </div>
+  </li>
+<% end %>
 <%= render_environment_features(:profile_actions) %>
@@ -0,0 +1,22 @@
+<div class="circles" id='circles-list'>
+  <p><%= _("Select the circles for %s") % followed_profile.name %></p>
+  <div id="circles-checkboxes">
+    <% circles.each do |circle| %>
+      <div class="circle">
+        <%= labelled_check_box circle.name, "circles[#{circle.name}]", circle.id, followed_profile.in_circle?(circle, follower) %>
+      </div>
+    <% end %>
+  </div>
+
+  <%= button(:add, _('New Circle'), '#', :id => "new-circle") %>
+
+  <div id="new-circle-form" style="display: none;">
+    <%= labelled_text_field _('Circle name') , 'circle[name]', "",:id => 'text-field-name-new-circle'%>
+    <%= hidden_field_tag('circle[profile_type]', followed_profile.class.name) %>
+
+    <%= button_bar do %>
+      <%= button(:save, _('Create'), {:profile => follower.identifier, :controller => 'circles', :action => 'xhr_create'}, :id => "new-circle-submit") %>
+      <%= button(:cancel, _('Cancel'), '#', :id => "new-circle-cancel") %>
+    <% end %>
+  </div>
+</div>
@@ -0,0 +1,3 @@
+<div class="circle">
+  <%= labelled_check_box circle.name, "circles[#{circle.name}]", circle.id %>
+</div>
@@ -0,0 +1,14 @@
+<%= error_messages_for :circle %>
+
+<%= labelled_form_for :circle, :url => (mode == :edit) ? {:action => 'update', :id => circle} : {:action => 'create'} do |f| %>
+
+  <%= required_fields_message %>
+
+  <%= required f.text_field(:name) %>
+
+  <%= required labelled_form_field _("Profile type"), f.select(:profile_type, Circle.profile_types.to_a) %>
+
+  <%= button_bar do %>
+    <%= submit_button('save', (mode == :edit) ? _('Save changes') : _('Create circle'), :cancel => {:action => 'index'} ) %>
+  <% end %>
+<% end %>
@@ -0,0 +1,3 @@
+<h1><%= _("Edit circle") %></h1>
+
+<%= render :partial => 'form', :locals => { :mode => :edit, :circle => @circle, :profile_types => @profile_types } %>
@@ -0,0 +1,30 @@
+<h1><%= _('Manage circles') %></h1>
+
+<table>
+  <tr>
+    <th><%= _('Circle name') %></th>
+    <th><%= _('Profile type') %></th>
+    <th><%= _('Actions') %></th>
+  </tr>
+  <% @circles.each do |circle| %>
+    <tr>
+      <td>
+        <%= circle.name %>
+      </td>
+      <td>
+        <%= _(circle.profile_type) %>
+      </td>
+      <td>
+        <div style="text-align: center;">
+          <%= button_without_text :edit, _('Edit'), :action => 'edit', :id => circle %>
+          <%= button_without_text :delete, _('Delete'), { :action => 'destroy', :id => circle }, { "data-method" => "POST" } %>
+        </div>
+      </td>
+    </tr>
+  <% end %>
+</table>
+
+<%= button_bar do %>
+  <%= button :add, _('Create a new circle'), :action => 'new' %>
+  <%= button :back, _('Back to control panel'), :controller => 'profile_editor' %>
+<% end %>
@@ -0,0 +1,3 @@
+<h1><%= _("New circle") %></h1>
+
+<%= render :partial => 'form', :locals => { :mode => :new, :circle => @circle, :profile_types => @profile_types } %>
@@ -58,7 +58,7 @@
 <div id="blog-image-builder">
   <%= f.fields_for :image_builder, @article.image do |i| %>
     <%= file_field_or_thumbnail(_('Cover image:'), @article.image, i)%>
-    <%= _("Max size: %s (.jpg, .gif, .png)")% Image.max_size.to_humanreadable %>
+    <%= _("Max size: %s (.jpg, .gif, .png)").html_safe % Image.max_size.to_humanreadable %>
   <% end %>
 </div>
  
-<h2><%= _('Processed validation request for %s ') % @processed.name %> (<%= status(@processed) %>)</h2>
+<h2><%= _('Processed validation request for %s ').html_safe % @processed.name %> (<%= status(@processed) %>)</h2>
  
 <%= link_to _('Back'), :action => 'index' %>
  
-<h1><%= _('Adding %s as a favorite enterprise') % @favorite_enterprise.name %></h1>
+<h1><%= _('Adding %s as a favorite enterprise').html_safe % @favorite_enterprise.name %></h1>
  
 <p>
-<%= _('Are you sure you want to add %s as your favorite enterprise?') % @favorite_enterprise.name %>
+<%= _('Are you sure you want to add %s as your favorite enterprise?').html_safe % @favorite_enterprise.name %>
 </p>
  
 <%= form_tag do %>
   <%= hidden_field_tag(:confirmation, 1) %>
  
-  <%= submit_button(:ok, _("Yes, I am sure"), :title => _("I want to add %s as a favorite enterprise") % @favorite_enterprise.name) %>
+  <%= submit_button(:ok, _("Yes, I am sure"), :title => _("I want to add %s as a favorite enterprise").html_safe % @favorite_enterprise.name) %>
   <%= button(:cancel, _("No, I don't want"), :action => 'index') %>
 <% end %>
@@ -4,15 +4,15 @@
   current_index = images.index(image.encapsulated_file)
   total_of_images = images.count
   link_to_previous = if current_index >= 1
-   link_to(_('&laquo; Previous'), images[current_index - 1].view_url, :class => 'previous')
+   link_to(_('&laquo; Previous').html_safe, images[current_index - 1].view_url, :class => 'previous')
   else
-    content_tag('span', _('&laquo; Previous'), :class => 'previous')
+    content_tag('span', _('&laquo; Previous').html_safe, :class => 'previous')
   end
  
   link_to_next = if current_index < total_of_images - 1
-    link_to(_('Next &raquo;'), images[current_index + 1].view_url, :class => 'next')
+    link_to(_('Next &raquo;').html_safe, images[current_index + 1].view_url, :class => 'next')
   else
-    content_tag('span', _('Next &raquo;'), :class => 'next')
+    content_tag('span', _('Next &raquo;').html_safe, :class => 'next')
   end
 %>
  
@@ -0,0 +1,14 @@
+<div class="circles" id='circles-list'>
+  <%= form_for :circles, :url => {:controller => 'followers', :action => 'update_category'}, :html => {:id => "follow-circles-form"}  do |f|%>
+    <%= render partial: "blocks/profile_info_actions/select_circles", :locals => {:circles => circles, :followed_profile => followed_profile, :follower => profile }  %>
+
+    <%= hidden_field_tag('followed_profile_id', followed_profile.id) %>
+
+    <div id="circle-actions">
+      <div id="actions-container">
+        <%= submit_button('save', _('Save')) %>
+        <%= modal_close_button  _("Cancel") %>
+      </div>
+    </div>
+  <% end %>
+</div>
@@ -0,0 +1,17 @@
+<ul class="profile-list">
+  <% profiles.each do |followed_profile| %>
+    <li>
+    <%= link_to_profile profile_image(followed_profile) + tag('br') + followed_profile.short_name,
+                        followed_profile.identifier, :class => 'profile-link' %>
+    <div class="controll">
+      <%= button_without_text :remove, content_tag('span',_('unfollow')),
+        { :controller => "profile", :profile => followed_profile.identifier, :follower_id => profile.id,
+          :action => 'unfollow', :redirect_to => url_for({:controller => "followers", :profile => profile.identifier}) },
+          :method => :post, :title => _('remove') %>
+      <%= modal_icon_button :edit, _('change category'),
+             url_for(:controller => 'followers', :action => 'set_category_modal',
+                     :followed_profile_id => followed_profile.id) %>
+    </div><!-- end class="controll" -->
+    </li>
+  <% end %>
+</ul>
@@ -0,0 +1,27 @@
+<div id="manage_followed people">
+
+<h1><%= _("%s is following") % profile.name %></h1>
+
+<% cache_timeout(profile.manage_friends_cache_key(params), 4.hours) do %>
+  <% if @followed_people.empty? %>
+    <p>
+      <em>
+        <%= _("You don't follow anybody yet.") %>
+      </em>
+    </p>
+  <% end %>
+
+  <%= button_bar do %>
+    <%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
+    <%= button(:search, _('Find people'), :controller => 'search', :action => 'assets', :asset => 'people') %>
+  <% end %>
+
+  <%= labelled_select(_('Profile type')+': ', :filter_profile_type, :last, :first, @active_filter, @profile_types, :id => "profile-type-filter") %>
+
+  <%= render :partial => 'profile_list', :locals => { :profiles => @followed_people } %>
+
+  <br style="clear:both" />
+  <%= pagination_links @followed_people, :param_name => 'npage' %>
+<% end %>
+
+</div>
 <div id="remove_friend">
  
-<h1><%= _('Removing friend: %s') % @friend.name %></h1>
+<h1><%= _('Removing friend: %s').html_safe % @friend.name %></h1>
  
 <%= profile_image @friend, :thumb, :class => 'friend_picture' %>
  
 <p>
-<%= _('Are you sure you want to remove %s from your friends list?') % @friend.name %>
+<%= _('Are you sure you want to remove %s from your friends list?').html_safe % @friend.name %>
 </p>
  
 <p>
 <em>
-<%= _('Note that %s will still have you as a friend, unless he/she also wants to remove you from his/her friend list.') % @friend.name %>
+<%= _('Note that %s will still have you as a friend, unless he/she also wants to remove you from his/her friend list.').html_safe % @friend.name %>
 </em>
 </p>
  
 <% default_message = defined?(default_message) ? default_message : false %>
  
 <div id='thanks-for-signing'>
-  <h1><%= _("Welcome to %s!") % environment.name %></h1>
+  <h1><%= _("Welcome to %s!").html_safe % environment.name %></h1>
   <% if environment.has_custom_welcome_screen? && !default_message %>
     <%= environment.settings[:signup_welcome_screen_body].html_safe %>
   <% else %>
@@ -10,21 +10,21 @@
         <p><%= _("Firstly, some tips for getting started:") %></p>
         <h4><%= _("Confirm your account!") %></h4>
         <p><%= _("You should receive a welcome email from us shortly. Please take a second to follow the link within to confirm your account.") %></p>
-        <p><%= _("You won't appear as %s until your account is confirmed.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
+        <p><%= _("You won't appear as %s until your account is confirmed.").html_safe % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
       <% else %>
         <h4><%= _("Wait for admin approvement!") %></h4>
         <p><%= _("The administrators will evaluate your signup request for approvement.") %></p>
-        <p><%= _("You won't appear as %s until your account is approved.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
+        <p><%= _("You won't appear as %s until your account is approved.").html_safe % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
       <% end %>
       <h4><%= _("What to do next?") %></h4>
-      <p><%= _("Access your %s and see your face on the network!") %
+      <p><%= _("Access your %s and see your face on the network!").html_safe %
         (user.present? ? link_to(_('Profile'), {:controller => 'profile', :profile => user.identifier}, :target => '_blank') : 'Profile') %>
-      <%= _("You can also explore your %s to customize your profile. Here are some %s on what you can do there.") %
+      <%= _("You can also explore your %s to customize your profile. Here are some %s on what you can do there.").html_safe %
         [user.present? ? link_to(_('Control Panel'), {:controller => 'profile_editor', :profile => user.identifier}, :target => '_blank') : 'Control Panel',
           link_to(_('tips'), {:controller => 'doc', :action => 'topic', :section => 'user', :topic => 'editing-person-info'}, :target => '_blank')] %></p>
-      <p><%= _("%s your Gmail, Yahoo and Hotmail contacts!") % link_to(_('Invite and find'), {:controller => 'doc', :action => 'topic', :section => 'user', :topic => 'invite-contacts'}, :target => '_blank') %></p>
-      <p><%= _("Learn the guidelines. Read the %s for more details on how to use this social network!") % link_to(_('Documentation'), {:controller => 'doc'}, :target => '_blank') %></p>
+      <p><%= _("%s your Gmail, Yahoo and Hotmail contacts!").html_safe % link_to(_('Invite and find'), {:controller => 'doc', :action => 'topic', :section => 'user', :topic => 'invite-contacts'}, :target => '_blank') %></p>
+      <p><%= _("Learn the guidelines. Read the %s for more details on how to use this social network!").html_safe % link_to(_('Documentation'), {:controller => 'doc'}, :target => '_blank') %></p>
       <p><%= _("Start exploring and have fun!") %></p>
   <% end %>
-  <%= render :partial => 'shared/template_welcome_page', :locals => {:template => @person_template, :header => _("What can I do as a %s?")} %>
+  <%= render :partial => 'shared/template_welcome_page', :locals => {:template => @person_template, :header => _("What can I do as a %s?").html_safe} %>
 </div>
@@ -5,7 +5,7 @@
   <td>
     <p>
     <span style="font-size: 14px;"><%= link_to activity.user.short_name(20), activity.user.url %></span>
-    <span style="font-size: 14px;"><%= _("has published on community %s") % link_to(activity.target.profile.short_name(20), activity.target.profile.url, :style => "color: #333; font-weight: bold; text-decoration: none;") if activity.target.profile.is_a?(Community) %></span>
+    <span style="font-size: 14px;"><%= _("has published on community %s").html_safe % link_to(activity.target.profile.short_name(20), activity.target.profile.url, :style => "color: #333; font-weight: bold; text-decoration: none;") if activity.target.profile.is_a?(Community) %></span>
     <span style="font-size: 10px; color: #929292; float:right;"><%= time_ago_in_words(activity.created_at) %></span>
     </p>
     <p>
@@ -0,0 +1 @@
+<%= render :partial => 'default_activity', :locals => { :activity => activity } %>
 <% if activity.comments_count > 2 %>
   <div style="font-size: 10px;">
     <% if activity.params['url'].blank?  %>
-      <%= _("%s comments") % activity.comments_count %>
+      <%= _("%s comments").html_safe % activity.comments_count %>
     <% else %>
-      <%= link_to(_("View all %s comments") % activity.comments_count, activity.params['url']) %>
+      <%= link_to(_("View all %s comments").html_safe % activity.comments_count, activity.params['url']) %>
     <% end %>
   </div>
 <% else %>
@@ -5,7 +5,7 @@
       <%= link_to @url, :style => "text-decoration: none;" do %>
         <span style="font-weight:bold;font-size: 28px;margin: 0;color: white;background-color: #AAAAAA;padding: 5px;"><%= @environment.name %></span>
       <% end %>
-      <span style="font-weight:bold;color: #333;font-size:19px;margin-left: 8px;"><%= _("%s's Notifications") % @profile.name %></h3>
+      <span style="font-weight:bold;color: #333;font-size:19px;margin-left: 8px;"><%= _("%s's Notifications").html_safe % @profile.name %></h3>
     </div>
     <div style="margin: 0 20px 20px 20px;border-top:1px solid #e2e2e2;">
       <% if @tasks.present? %>
@@ -34,7 +34,7 @@
  
       <div style="color:#444444;font-size:11px;margin-bottom: 20px;">
         <p style="margin:0"><%= _("Greetings,") %></p>
-        <p style="margin:0"><%= _('%s team.') % @environment.name %></p>
+        <p style="margin:0"><%= _('%s team.').html_safe % @environment.name %></p>
         <p style="margin:0"><%= link_to @url, url_for(@url) %></p>
       </div>
     </div>
@@ -0,0 +1,18 @@
+<% cache_timeout(profile.friends_cache_key(params), 4.hours) do %>
+  <ul class='profile-list'>
+    <% follow.each do |follower| %>
+      <%= profile_image_link(follower) %>
+    <% end%>
+  </ul>
+
+  <div id='pagination-profiles'>
+    <%= pagination_links follow, :param_name => 'npage' %>
+  </div>
+<% end %>
+
+<%= button_bar do %>
+  <%= button :back, _('Go back'), { :controller => 'profile' } %>
+  <% if user == profile %>
+    <%= button :edit, _('Manage followed people'), :controller => 'friends', :action => 'index', :profile => profile.identifier %>
+  <% end %>
+<% end %>
@@ -0,0 +1 @@
+<%= render :partial => 'default_activity', :locals => { :activity => activity, :tab_action => tab_action } %>
@@ -13,5 +13,5 @@
     <%= button(:add, content_tag('span', _('Add friend')), profile.add_url, :class => 'add-friend', :title => _("Add friend"), :style => 'position: relative;') %>
   <% end %>
   <%= button :back, _('Go back'), :back %>
-  <%= button :home, _("Go to %s home page") % environment.name, :controller => 'home' %>
+  <%= button :home, _("Go to %s home page").html_safe % environment.name, :controller => 'home' %>
 <% end %>
@@ -5,7 +5,7 @@
 <% if activity.comments_count > 0 %>
 <div id="profile-wall-activities-comments-more-<%= activity.id %>" class="profile-wall-activities-comments" >
   <div class='view-all-comments icon-chat'>
-     <%= link_to(n_('View comment', "View all %s comments", activity.comments_count) % activity.comments_count, :profile => profile.identifier, :controller => 'profile', :action => 'more_comments', :activity => activity, :comment_page => (1)) %>
+     <%= link_to(n_('View comment', "View all %s comments".html_safe, activity.comments_count) % activity.comments_count, :profile => profile.identifier, :controller => 'profile', :action => 'more_comments', :activity => activity, :comment_page => (1)) %>
   </div>
 </div>
 <% end %>
@@ -23,7 +23,7 @@
   <% if scrap.replies.count > 0 %>
     <div id="profile-wall-activities-comments-more-<%= activity.id %>" class="profile-wall-activities-comments">
       <div class='view-all-comments icon-chat'>
-        <%= link_to(n_('View comment', "View all %s comments", scrap.replies.count) % scrap.replies.count, :profile => profile.identifier, :controller => 'profile', :action => 'more_replies', :activity => activity, :comment_page => (1)) %>
+        <%= link_to(n_('View comment', "View all %s comments".html_safe, scrap.replies.count) % scrap.replies.count, :profile => profile.identifier, :controller => 'profile', :action => 'more_replies', :activity => activity, :comment_page => (1)) %>
       </div>
     </div>
   <% end %>
@@ -0,0 +1,7 @@
+<div class="common-profile-list-block">
+
+<h1><%= _("%s is followed by") % profile.name %></h1>
+
+<%= render :partial => 'follow', :locals => {:follow => @followed_by} %>
+
+</div>
@@ -0,0 +1,7 @@
+<div class="common-profile-list-block">
+
+<h1><%= _("%s is following") % profile.name %></h1>
+
+<%= render :partial => 'follow', :locals => {:follow => @followed_people} %>
+
+</div>
-<h1><%= _('Profile settings for %s') % profile.name %></h1>
+<h1><%= _('Profile settings for %s').html_safe % profile.name %></h1>
  
 <%= error_messages_for :profile_data %>
  
@@ -18,14 +18,16 @@
   </div>
   <div id="profile_change_picture">
     <%= f.fields_for :image_builder, @profile.image do |i| %>
-      <%= file_field_or_thumbnail(_('Image:'), @profile.image, i) %><%= _("Max size: %s (.jpg, .gif, .png)")% Image.max_size.to_humanreadable %>
+      <%= file_field_or_thumbnail(_('Image:'), @profile.image, i) %><%= _("Max size: %s (.jpg, .gif, .png)").html_safe % Image.max_size.to_humanreadable %>
     <% end %>
   </div>
  
   <h2><%= _('Privacy options') %></h2>
-
+  <div>
+    <%= labelled_check_box _("Allow other users to follow me"), 'profile_data[allow_followers]', true, @profile.allow_followers?, :class => "person-can-be-followed" %>
+  </div>
   <% if profile.person? %>
-    <div>
+    <div id="profile_allow_follows">
       <%= labelled_radio_button _('Public &mdash; show my contents to all internet users').html_safe, 'profile_data[public_profile]', true, @profile.public_profile? %>
     </div>
     <div>
@@ -72,6 +72,11 @@
  
   <%= control_panel_button(_('Email Templates'), 'email-templates', :controller => :profile_email_templates) if profile.organization? %>
  
+  <% if profile.person? %>
+    <%= control_panel_button(_('Manage followed profiles'), 'edit-profile', :controller => :followers) %>
+    <%= control_panel_button(_('Manage circles'), 'edit-profile-group', :controller => :circles) %>
+  <% end %>
+
   <% @plugins.dispatch(:control_panel_buttons).each do |button| %>
     <%= control_panel_button(button[:title], button[:icon], button[:url], button[:html_options]) %>
   <% end %>
 <div id='search-content'>
   <div class='total'>
-    <%= n_('Total of 1 result', 'Total of %s results', @searches[@asset][:results].total_entries) % @searches[@asset][:results].total_entries.inspect %>
+    <%= n_('Total of 1 result', 'Total of %s results'.html_safe, @searches[@asset][:results].total_entries) % @searches[@asset][:results].total_entries.inspect %>
   </div>
  
 <%= display_results(@searches, @asset) %>
...	...	@@ -124,6 +124,7 @@ module Api
124	124	expose :type
125	125	expose :custom_header
126	126	expose :custom_footer
	127	+ expose :layout_template
127	128	expose :permissions do \|profile, options\|
128	129	Entities.permissions_for_entity(profile, options[:current_person],
129	130	:allow_post_content?, :allow_edit?, :allow_destroy?)
...	...	@@ -264,6 +265,7 @@ module Api
264	265	expose :name
265	266	expose :id
266	267	expose :description
	268	+ expose :layout_template
267	269	expose :settings, if: lambda { \|instance, options\| options[:is_admin] }
268	270	end
269	271
...	...
...	...	@@ -302,12 +302,12 @@ module Api
302	302	end
303	303
304	304	def cant_be_saved_request!(attribute)
305		- message = _("(Invalid request) %s can't be saved") % attribute
	305	+ message = _("(Invalid request) %s can't be saved").html_safe % attribute
306	306	render_api_error!(message, 400)
307	307	end
308	308
309	309	def bad_request!(attribute)
310		- message = _("(Invalid request) %s not given") % attribute
	310	+ message = _("(Invalid request) %s not given").html_safe % attribute
311	311	render_api_error!(message, 400)
312	312	end
313	313
...	...
...	...	@@ -119,6 +119,20 @@ module Api
119	119	members = select_filtered_collection_of(profile, 'members', params)
120	120	present members, :with => Entities::Person, :current_person => current_person
121	121	end
	122	+
	123	+ post do
	124	+ authenticate!
	125	+ profile = environment.profiles.find_by id: params[:profile_id]
	126	+ profile.add_member(current_person) rescue forbidden!
	127	+ {pending: !current_person.is_member_of?(profile)}
	128	+ end
	129	+
	130	+ delete do
	131	+ authenticate!
	132	+ profile = environment.profiles.find_by id: params[:profile_id]
	133	+ profile.remove_member(current_person)
	134	+ present current_person, :with => Entities::Person, :current_person => current_person
	135	+ end
122	136	end
123	137	end
124	138	end
...	...
...	...	@@ -44,7 +44,7 @@ class CategoriesController < AdminController
44	44	if request.post?
45	45	@category.update!(params[:category])
46	46	@saved = true
47		- session[:notice] = _("Category %s saved." % @category.name)
	47	+ session[:notice] = _("Category %s saved." % @category.name).html_safe
48	48	redirect_to :action => 'index'
49	49	end
50	50	rescue Exception => e
...	...
...	...	@@ -14,6 +14,20 @@ class ApplicationController < ActionController::Base
14	14	before_filter :redirect_to_current_user
15	15
16	16	before_filter :set_session_theme
	17	+
	18	+ # FIXME: only include necessary methods
	19	+ include ApplicationHelper
	20	+
	21	+ # concerns
	22	+ include PermissionCheck
	23	+ include CustomDesign
	24	+ include NeedsProfile
	25	+
	26	+ # implementations
	27	+ include FindByContents
	28	+ include Noosfero::Plugin::HotSpot
	29	+ include SearchTermHelper
	30	+
17	31	def set_session_theme
18	32	if params[:theme]
19	33	session[:theme] = environment.theme_ids.include?(params[:theme]) ? params[:theme] : nil
...	...	@@ -48,7 +62,6 @@ class ApplicationController < ActionController::Base
48	62	end
49	63	end
50	64
51		- include ApplicationHelper
52	65	layout :get_layout
53	66	def get_layout
54	67	return false if request.format == :js or request.xhr?
...	...	@@ -74,9 +87,6 @@ class ApplicationController < ActionController::Base
74	87	helper :document
75	88	helper :language
76	89
77		- include DesignHelper
78		- include PermissionCheck
79		-
80	90	before_filter :set_locale
81	91	def set_locale
82	92	FastGettext.available_locales = environment.available_locales
...	...	@@ -89,8 +99,6 @@ class ApplicationController < ActionController::Base
89	99	end
90	100	end
91	101
92		- include NeedsProfile
93		-
94	102	attr_reader :environment
95	103
96	104	# declares that the given <tt>actions</tt> cannot be accessed by other HTTP
...	...	@@ -107,6 +115,10 @@ class ApplicationController < ActionController::Base
107	115
108	116	protected
109	117
	118	+ def accept_only_post
	119	+ return render_not_found if !request.post?
	120	+ end
	121	+
110	122	def verified_request?
111	123	super \|\| form_authenticity_token == request.headers['X-XSRF-TOKEN']
112	124	end
...	...	@@ -151,8 +163,6 @@ class ApplicationController < ActionController::Base
151	163	end
152	164	end
153	165
154		- include Noosfero::Plugin::HotSpot
155		-
156	166	# FIXME this filter just loads @plugins to children controllers and helpers
157	167	def init_noosfero_plugins
158	168	plugins
...	...	@@ -184,9 +194,6 @@ class ApplicationController < ActionController::Base
184	194	end
185	195	end
186	196
187		- include SearchTermHelper
188		- include FindByContents
189		-
190	197	def find_suggestions(query, context, asset, options={})
191	198	plugins.dispatch_first(:find_suggestions, query, context, asset, options)
192	199	end
...	...
...	...	@@ -109,7 +109,7 @@ class BoxOrganizerController < ApplicationController
109	109	def show_block_type_info
110	110	type = params[:type]
111	111	if type.blank? \|\| !available_blocks.map(&:name).include?(type)
112		- raise ArgumentError.new("Type %s is not allowed. Go away." % type)
	112	+ raise ArgumentError.new("Type %s is not allowed. Go away.".html_safe % type)
113	113	end
114	114	@block = type.constantize.new
115	115	@block.box = Box.new(:owner => boxes_holder)
...	...	@@ -122,7 +122,7 @@ class BoxOrganizerController < ApplicationController
122	122
123	123	def new_block(type, box)
124	124	if !available_blocks.map(&:name).include?(type)
125		- raise ArgumentError.new("Type %s is not allowed. Go away." % type)
	125	+ raise ArgumentError.new("Type %s is not allowed. Go away.".html_safe % type)
126	126	end
127	127	block = type.constantize.new
128	128	box.blocks << block
...	...
...	...	@@ -0,0 +1,169 @@
	1	+module AuthenticatedSystem
	2	+
	3	+ protected
	4	+
	5	+ extend ActiveSupport::Concern
	6	+
	7	+ included do
	8	+ if self < ActionController::Base
	9	+ around_filter :user_set_current
	10	+ before_filter :override_user
	11	+ before_filter :login_from_cookie
	12	+ end
	13	+
	14	+ # Inclusion hook to make #current_user and #logged_in?
	15	+ # available as ActionView helper methods.
	16	+ helper_method :current_user, :logged_in?
	17	+ end
	18	+
	19	+ # Returns true or false if the user is logged in.
	20	+ # Preloads @current_user with the user model if they're logged in.
	21	+ def logged_in?
	22	+ current_user != nil
	23	+ end
	24	+
	25	+ # Accesses the current user from the session.
	26	+ def current_user user_id = session[:user]
	27	+ @current_user \|\|= begin
	28	+ user = User.find_by id: user_id if user_id
	29	+ user.session = session if user
	30	+ User.current = user
	31	+ user
	32	+ end
	33	+ end
	34	+
	35	+ # Store the given user in the session.
	36	+ def current_user=(new_user)
	37	+ if new_user.nil?
	38	+ session.delete(:user)
	39	+ else
	40	+ session[:user] = new_user.id
	41	+ new_user.session = session
	42	+ new_user.register_login
	43	+ end
	44	+ @current_user = User.current = new_user
	45	+ end
	46	+
	47	+ # See impl. from http://stackoverflow.com/a/2513456/670229
	48	+ def user_set_current
	49	+ User.current = current_user
	50	+ yield
	51	+ ensure
	52	+ # to address the thread variable leak issues in Puma/Thin webserver
	53	+ User.current = nil
	54	+ end
	55	+
	56	+ # Check if the user is authorized.
	57	+ #
	58	+ # Override this method in your controllers if you want to restrict access
	59	+ # to only a few actions or if you want to check if the user
	60	+ # has the correct rights.
	61	+ #
	62	+ # Example:
	63	+ #
	64	+ # # only allow nonbobs
	65	+ # def authorize?
	66	+ # current_user.login != "bob"
	67	+ # end
	68	+ def authorized?
	69	+ true
	70	+ end
	71	+
	72	+ # Filter method to enforce a login requirement.
	73	+ #
	74	+ # To require logins for all actions, use this in your controllers:
	75	+ #
	76	+ # before_filter :login_required
	77	+ #
	78	+ # To require logins for specific actions, use this in your controllers:
	79	+ #
	80	+ # before_filter :login_required, :only => [ :edit, :update ]
	81	+ #
	82	+ # To skip this in a subclassed controller:
	83	+ #
	84	+ # skip_before_filter :login_required
	85	+ #
	86	+ def login_required
	87	+ username, passwd = get_auth_data
	88	+ if username && passwd
	89	+ self.current_user \|\|= User.authenticate(username, passwd) \|\| nil
	90	+ end
	91	+ if logged_in? && authorized?
	92	+ true
	93	+ else
	94	+ if params[:require_login_popup]
	95	+ render :json => { :require_login_popup => true }
	96	+ else
	97	+ access_denied
	98	+ end
	99	+ end
	100	+ end
	101	+
	102	+ # Redirect as appropriate when an access request fails.
	103	+ #
	104	+ # The default action is to redirect to the login screen.
	105	+ #
	106	+ # Override this method in your controllers if you want to have special
	107	+ # behavior in case the user is not authorized
	108	+ # to access the requested action. For example, a popup window might
	109	+ # simply close itself.
	110	+ def access_denied
	111	+ respond_to do \|accepts\|
	112	+ accepts.html do
	113	+ if request.xhr?
	114	+ render :text => _('Access denied'), :status => 401
	115	+ else
	116	+ store_location
	117	+ redirect_to :controller => '/account', :action => 'login'
	118	+ end
	119	+ end
	120	+ accepts.xml do
	121	+ headers["Status"] = "Unauthorized"
	122	+ headers["WWW-Authenticate"] = %(Basic realm="Web Password")
	123	+ render :text => "Could't authenticate you", :status => '401 Unauthorized'
	124	+ end
	125	+ end
	126	+ false
	127	+ end
	128	+
	129	+ # Store the URI of the current request in the session.
	130	+ #
	131	+ # We can return to this location by calling #redirect_back_or_default.
	132	+ def store_location(location = request.url)
	133	+ session[:return_to] = location
	134	+ end
	135	+
	136	+ # Redirect to the URI stored by the most recent store_location call or
	137	+ # to the passed default.
	138	+ def redirect_back_or_default(default)
	139	+ if session[:return_to]
	140	+ redirect_to(session.delete(:return_to))
	141	+ else
	142	+ redirect_to(default)
	143	+ end
	144	+ end
	145	+
	146	+ def override_user
	147	+ return if params[:override_user].blank?
	148	+ return unless logged_in? and user.is_admin? environment
	149	+ @current_user = nil
	150	+ current_user params[:override_user]
	151	+ end
	152	+
	153	+ # When called with before_filter :login_from_cookie will check for an :auth_token
	154	+ # cookie and log the user back in if apropriate
	155	+ def login_from_cookie
	156	+ return if cookies[:auth_token].blank? or logged_in?
	157	+ user = User.where(remember_token: cookies[:auth_token]).first
	158	+ self.current_user = user if user and user.remember_token?
	159	+ end
	160	+
	161	+ private
	162	+ @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
	163	+ # gets BASIC auth info
	164	+ def get_auth_data
	165	+ auth_key = @@http_auth_headers.detect { \|h\| request.env.has_key?(h) }
	166	+ auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
	167	+ return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
	168	+ end
	169	+end
...	...
...	...	@@ -0,0 +1,50 @@
	1	+module CustomDesign
	2	+
	3	+ extend ActiveSupport::Concern
	4	+
	5	+ included do
	6	+ extend ClassMethods
	7	+ include InstanceMethods
	8	+ before_filter :load_custom_design if self.respond_to? :before_filter
	9	+ end
	10	+
	11	+ module ClassMethods
	12	+
	13	+ def no_design_blocks
	14	+ @no_design_blocks = true
	15	+ end
	16	+
	17	+ def use_custom_design options = {}
	18	+ @custom_design = options
	19	+ end
	20	+
	21	+ def custom_design
	22	+ @custom_design \|\|= {}
	23	+ end
	24	+
	25	+ def uses_design_blocks?
	26	+ !@no_design_blocks
	27	+ end
	28	+
	29	+ end
	30	+
	31	+ module InstanceMethods
	32	+
	33	+ protected
	34	+
	35	+ def uses_design_blocks?
	36	+ !@no_design_blocks && self.class.uses_design_blocks?
	37	+ end
	38	+
	39	+ def load_custom_design
	40	+ # see also: LayoutHelper#body_classes
	41	+ @layout_template = self.class.custom_design[:layout_template]
	42	+ end
	43	+
	44	+ def custom_design
	45	+ @custom_design \|\| self.class.custom_design
	46	+ end
	47	+
	48	+ end
	49	+
	50	+end
...	...
...	...	@@ -0,0 +1,40 @@
	1	+module NeedsProfile
	2	+
	3	+ module ClassMethods
	4	+ def needs_profile
	5	+ before_filter :load_profile
	6	+ end
	7	+ end
	8	+
	9	+ def self.included(including)
	10	+ including.send(:extend, NeedsProfile::ClassMethods)
	11	+ end
	12	+
	13	+ def boxes_holder
	14	+ profile \|\| environment # prefers profile, but defaults to environment
	15	+ end
	16	+
	17	+ def profile
	18	+ @profile
	19	+ end
	20	+
	21	+ protected
	22	+
	23	+ def load_profile
	24	+ if params[:profile]
	25	+ params[:profile].downcase!
	26	+ @profile \|\|= environment.profiles.where(identifier: params[:profile]).first
	27	+ end
	28	+
	29	+ if @profile
	30	+ profile_hostname = @profile.hostname
	31	+ if profile_hostname && profile_hostname != request.host
	32	+ params.delete(:profile)
	33	+ redirect_to(Noosfero.url_options.merge(params).merge(:host => profile_hostname))
	34	+ end
	35	+ else
	36	+ render_not_found
	37	+ end
	38	+ end
	39	+
	40	+end
...	...
...	...	@@ -0,0 +1,58 @@
	1	+class CirclesController < MyProfileController
	2	+
	3	+ before_action :accept_only_post, :only => [:create, :update, :destroy]
	4	+
	5	+ def index
	6	+ @circles = profile.circles
	7	+ end
	8	+
	9	+ def new
	10	+ @circle = Circle.new
	11	+ end
	12	+
	13	+ def create
	14	+ @circle = Circle.new(params[:circle].merge({ :person => profile }))
	15	+ if @circle.save
	16	+ redirect_to :action => 'index'
	17	+ else
	18	+ render :action => 'new'
	19	+ end
	20	+ end
	21	+
	22	+ def xhr_create
	23	+ if request.xhr?
	24	+ circle = Circle.new(params[:circle].merge({:person => profile }))
	25	+ if circle.save
	26	+ render :partial => "circle_checkbox", :locals => { :circle => circle },
	27	+ :status => 201
	28	+ else
	29	+ render :text => _('The circle could not be saved'), :status => 400
	30	+ end
	31	+ else
	32	+ render_not_found
	33	+ end
	34	+ end
	35	+
	36	+ def edit
	37	+ @circle = Circle.find_by_id(params[:id])
	38	+ render_not_found if @circle.nil?
	39	+ end
	40	+
	41	+ def update
	42	+ @circle = Circle.find_by_id(params[:id])
	43	+ return render_not_found if @circle.nil?
	44	+
	45	+ if @circle.update(params[:circle])
	46	+ redirect_to :action => 'index'
	47	+ else
	48	+ render :action => 'edit'
	49	+ end
	50	+ end
	51	+
	52	+ def destroy
	53	+ @circle = Circle.find_by_id(params[:id])
	54	+ return render_not_found if @circle.nil?
	55	+ @circle.destroy
	56	+ redirect_to :action => 'index'
	57	+ end
	58	+end
...	...