Leandro Santos · Tallys Martins · Daniela Feitosa · Marcos Pereira · Joenio Costa · Braulio Bhavamitra
Showing 300 changed files Show diff stats
app/api/entities.rb
app/api/helpers.rb
app/api/v1/people.rb
app/concerns/authenticated_system.rb
app/controllers/admin/categories_controller.rb
app/controllers/application_controller.rb
app/controllers/box_organizer_controller.rb
app/controllers/concerns/authenticated_system.rb
app/controllers/concerns/custom_design.rb
app/controllers/concerns/needs_profile.rb
app/controllers/my_profile/circles_controller.rb
app/controllers/my_profile/followers_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/content_viewer_controller.rb
app/controllers/public/profile_controller.rb
app/helpers/action_tracker_helper.rb
app/helpers/application_helper.rb
app/helpers/design_helper.rb
app/helpers/forms_helper.rb
app/helpers/profile_helper.rb
@@ -124,6 +124,7 @@ module Api
       expose :type
       expose :custom_header
       expose :custom_footer
+      expose :layout_template
       expose :permissions do |profile, options|
         Entities.permissions_for_entity(profile, options[:current_person],
         :allow_post_content?, :allow_edit?, :allow_destroy?)
@@ -264,6 +265,7 @@ module Api
       expose :name
       expose :id
       expose :description
+      expose :layout_template
       expose :settings, if: lambda { |instance, options| options[:is_admin] }
     end
  
@@ -302,12 +302,12 @@ module Api
     end
  
     def cant_be_saved_request!(attribute)
-      message = _("(Invalid request) %s can't be saved") % attribute
+      message = _("(Invalid request) %s can't be saved").html_safe % attribute
       render_api_error!(message, 400)
     end
  
     def bad_request!(attribute)
-      message = _("(Invalid request) %s not given") % attribute
+      message = _("(Invalid request) %s not given").html_safe % attribute
       render_api_error!(message, 400)
     end
  
@@ -119,6 +119,20 @@ module Api
               members = select_filtered_collection_of(profile, 'members', params)
               present members, :with => Entities::Person, :current_person => current_person
             end
+
+            post do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.add_member(current_person) rescue forbidden!
+              {pending: !current_person.is_member_of?(profile)}
+            end
+
+            delete do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.remove_member(current_person)
+              present current_person, :with => Entities::Person, :current_person => current_person
+            end
           end
         end
       end
@@ -44,7 +44,7 @@ class CategoriesController &lt; AdminController
       if request.post?
         @category.update!(params[:category])
         @saved = true
-        session[:notice] = _("Category %s saved." % @category.name)
+        session[:notice] = _("Category %s saved." % @category.name).html_safe
         redirect_to :action => 'index'
       end
     rescue Exception => e
@@ -14,6 +14,20 @@ class ApplicationController &lt; ActionController::Base
   before_filter :redirect_to_current_user
  
   before_filter :set_session_theme
+
+  # FIXME: only include necessary methods
+  include ApplicationHelper
+
+  # concerns
+  include PermissionCheck
+  include CustomDesign
+  include NeedsProfile
+
+  # implementations
+  include FindByContents
+  include Noosfero::Plugin::HotSpot
+  include SearchTermHelper
+
   def set_session_theme
     if params[:theme]
       session[:theme] = environment.theme_ids.include?(params[:theme]) ? params[:theme] : nil
@@ -48,7 +62,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  include ApplicationHelper
   layout :get_layout
   def get_layout
     return false if request.format == :js or request.xhr?
@@ -74,9 +87,6 @@ class ApplicationController &lt; ActionController::Base
   helper :document
   helper :language
  
-  include DesignHelper
-  include PermissionCheck
-
   before_filter :set_locale
   def set_locale
     FastGettext.available_locales = environment.available_locales
@@ -89,8 +99,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  include NeedsProfile
-
   attr_reader :environment
  
   # declares that the given <tt>actions</tt> cannot be accessed by other HTTP
@@ -107,6 +115,10 @@ class ApplicationController &lt; ActionController::Base
  
   protected
  
+  def accept_only_post
+    return render_not_found if !request.post?
+  end
+
   def verified_request?
     super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
   end
@@ -151,8 +163,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  include Noosfero::Plugin::HotSpot
-
   # FIXME this filter just loads @plugins to children controllers and helpers
   def init_noosfero_plugins
     plugins
@@ -184,9 +194,6 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  include SearchTermHelper
-  include FindByContents
-
   def find_suggestions(query, context, asset, options={})
     plugins.dispatch_first(:find_suggestions, query, context, asset, options)
   end
@@ -109,7 +109,7 @@ class BoxOrganizerController &lt; ApplicationController
   def show_block_type_info
     type = params[:type]
     if type.blank? || !available_blocks.map(&:name).include?(type)
-      raise ArgumentError.new("Type %s is not allowed. Go away." % type)
+      raise ArgumentError.new("Type %s is not allowed. Go away.".html_safe % type)
     end
     @block = type.constantize.new
     @block.box = Box.new(:owner => boxes_holder)
@@ -122,7 +122,7 @@ class BoxOrganizerController &lt; ApplicationController
  
   def new_block(type, box)
     if !available_blocks.map(&:name).include?(type)
-      raise ArgumentError.new("Type %s is not allowed. Go away." % type)
+      raise ArgumentError.new("Type %s is not allowed. Go away.".html_safe % type)
     end
     block = type.constantize.new
     box.blocks << block
@@ -0,0 +1,169 @@
+module AuthenticatedSystem
+
+  protected
+
+    extend ActiveSupport::Concern
+
+    included do
+      if self < ActionController::Base
+        around_filter :user_set_current
+        before_filter :override_user
+        before_filter :login_from_cookie
+      end
+
+      # Inclusion hook to make #current_user and #logged_in?
+      # available as ActionView helper methods.
+      helper_method :current_user, :logged_in?
+    end
+
+    # Returns true or false if the user is logged in.
+    # Preloads @current_user with the user model if they're logged in.
+    def logged_in?
+      current_user != nil
+    end
+
+    # Accesses the current user from the session.
+    def current_user user_id = session[:user]
+      @current_user ||= begin
+        user = User.find_by id: user_id if user_id
+        user.session = session if user
+        User.current = user
+        user
+      end
+    end
+
+    # Store the given user in the session.
+    def current_user=(new_user)
+      if new_user.nil?
+        session.delete(:user)
+      else
+        session[:user] = new_user.id
+        new_user.session = session
+        new_user.register_login
+      end
+      @current_user = User.current = new_user
+    end
+
+    # See impl. from http://stackoverflow.com/a/2513456/670229
+    def user_set_current
+      User.current = current_user
+      yield
+    ensure
+      # to address the thread variable leak issues in Puma/Thin webserver
+      User.current = nil
+    end
+
+    # Check if the user is authorized.
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the user
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorize?
+    #    current_user.login != "bob"
+    #  end
+    def authorized?
+      true
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      username, passwd = get_auth_data
+      if username && passwd
+        self.current_user ||= User.authenticate(username, passwd) || nil
+      end
+      if logged_in? && authorized?
+        true
+      else
+        if params[:require_login_popup]
+          render :json => { :require_login_popup => true }
+        else
+          access_denied
+        end
+      end
+    end
+
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the user is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |accepts|
+        accepts.html do
+          if request.xhr?
+            render :text => _('Access denied'), :status => 401
+          else
+            store_location
+            redirect_to :controller => '/account', :action => 'login'
+          end
+        end
+        accepts.xml do
+          headers["Status"]           = "Unauthorized"
+          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+          render :text => "Could't authenticate you", :status => '401 Unauthorized'
+        end
+      end
+      false
+    end
+
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location(location = request.url)
+      session[:return_to] = location
+    end
+
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      if session[:return_to]
+        redirect_to(session.delete(:return_to))
+      else
+        redirect_to(default)
+      end
+    end
+
+    def override_user
+      return if params[:override_user].blank?
+      return unless logged_in? and user.is_admin? environment
+      @current_user = nil
+      current_user params[:override_user]
+    end
+
+    # When called with before_filter :login_from_cookie will check for an :auth_token
+    # cookie and log the user back in if apropriate
+    def login_from_cookie
+      return if cookies[:auth_token].blank? or logged_in?
+      user = User.where(remember_token: cookies[:auth_token]).first
+      self.current_user = user if user and user.remember_token?
+    end
+
+  private
+    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+    # gets BASIC auth info
+    def get_auth_data
+      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
+    end
+end
@@ -0,0 +1,50 @@
+module CustomDesign
+
+  extend ActiveSupport::Concern
+
+  included do
+    extend ClassMethods
+    include InstanceMethods
+    before_filter :load_custom_design if self.respond_to? :before_filter
+  end
+
+  module ClassMethods
+
+    def no_design_blocks
+      @no_design_blocks = true
+    end
+
+    def use_custom_design options = {}
+      @custom_design = options
+    end
+
+    def custom_design
+      @custom_design ||= {}
+    end
+
+    def uses_design_blocks?
+      !@no_design_blocks
+    end
+
+  end
+
+  module InstanceMethods
+
+    protected
+
+    def uses_design_blocks?
+      !@no_design_blocks && self.class.uses_design_blocks?
+    end
+
+    def load_custom_design
+      # see also: LayoutHelper#body_classes
+      @layout_template = self.class.custom_design[:layout_template]
+    end
+
+    def custom_design
+      @custom_design || self.class.custom_design
+    end
+
+  end
+
+end
@@ -0,0 +1,40 @@
+module NeedsProfile
+
+  module ClassMethods
+    def needs_profile
+      before_filter :load_profile
+    end
+  end
+
+  def self.included(including)
+    including.send(:extend, NeedsProfile::ClassMethods)
+  end
+
+  def boxes_holder
+    profile || environment # prefers profile, but defaults to environment
+  end
+
+  def profile
+    @profile
+  end
+
+  protected
+
+  def load_profile
+    if params[:profile]
+      params[:profile].downcase!
+      @profile ||= environment.profiles.where(identifier: params[:profile]).first
+    end
+
+    if @profile
+      profile_hostname = @profile.hostname
+      if profile_hostname && profile_hostname != request.host
+        params.delete(:profile)
+        redirect_to(Noosfero.url_options.merge(params).merge(:host => profile_hostname))
+      end
+    else
+      render_not_found
+    end
+  end
+
+end
@@ -0,0 +1,58 @@
+class CirclesController < MyProfileController
+
+  before_action :accept_only_post, :only => [:create, :update, :destroy]
+
+  def index
+    @circles = profile.circles
+  end
+
+  def new
+    @circle = Circle.new
+  end
+
+  def create
+    @circle = Circle.new(params[:circle].merge({ :person => profile }))
+    if @circle.save
+      redirect_to :action => 'index'
+    else
+      render :action => 'new'
+    end
+  end
+
+  def xhr_create
+    if request.xhr?
+      circle = Circle.new(params[:circle].merge({:person => profile }))
+      if circle.save
+        render :partial => "circle_checkbox", :locals => { :circle => circle },
+               :status => 201
+      else
+        render :text => _('The circle could not be saved'), :status => 400
+      end
+    else
+      render_not_found
+    end
+  end
+
+  def edit
+    @circle = Circle.find_by_id(params[:id])
+    render_not_found if @circle.nil?
+  end
+
+  def update
+    @circle = Circle.find_by_id(params[:id])
+    return render_not_found if @circle.nil?
+
+    if @circle.update(params[:circle])
+      redirect_to :action => 'index'
+    else
+      render :action => 'edit'
+    end
+  end
+
+  def destroy
+    @circle = Circle.find_by_id(params[:id])
+    return render_not_found if @circle.nil?
+    @circle.destroy
+    redirect_to :action => 'index'
+  end
+end
@@ -0,0 +1,43 @@
+class FollowersController < MyProfileController
+
+  before_action :only_for_person, :only => :index
+  before_action :accept_only_post, :only => [:update_category]
+
+  def index
+    @followed_people = profile.followed_profiles.order(:type)
+    @profile_types = {_('All profiles') => nil}.merge(Circle.profile_types).to_a
+
+    if params['filter'].present?
+      @followed_people = @followed_people.where(:type => params['filter'])
+      @active_filter = params['filter']
+    end
+
+    @followed_people = @followed_people.paginate(:per_page => 15, :page => params[:npage])
+  end
+
+  def set_category_modal
+    followed_profile = Profile.find(params[:followed_profile_id])
+    circles = Circle.where(:person => profile, :profile_type => followed_profile.class.name)
+    render :partial => 'followers/edit_circles_modal', :locals => { :circles => circles, :followed_profile => followed_profile }
+  end
+
+  def update_category
+    followed_profile = Profile.find_by(:id => params["followed_profile_id"])
+
+    selected_circles = params[:circles].map{ |circle_name, circle_id| Circle.find_by(:id => circle_id) }.select{ |c| c.present? }
+
+    if followed_profile
+      profile.update_profile_circles(followed_profile, selected_circles)
+      render :text => _("Circles of %s updated successfully") % followed_profile.name, :status => 200
+    else
+      render :text => _("Error: No profile to follow."), :status => 400
+    end
+  end
+
+  protected
+
+  def only_for_person
+    render_not_found unless profile.person?
+  end
+
+end
@@ -205,7 +205,7 @@ class AccountController &lt; ApplicationController
         if params[:value].blank?
           @change_password.errors[:base] << _('Can not recover user password with blank value.')
         else
-          @change_password.errors[:base] << _('Could not find any user with %s equal to "%s".') % [fields_label, params[:value]]
+          @change_password.errors[:base] << _('Could not find any user with %s equal to "%s".').html_safe % [fields_label, params[:value]]
         end
       rescue ActiveRecord::RecordInvalid
         @change_password.errors[:base] << _('Could not perform password recovery for the user.')
@@ -128,9 +128,9 @@ class ContentViewerController &lt; ApplicationController
     end
  
     unless @page.display_to?(user)
-      if !profile.visible? || profile.secret? || (user && user.follows?(profile)) || user.blank?
+      if !profile.visible? || profile.secret? || (user && profile.in_social_circle?(user)) || user.blank?
         render_access_denied
-      else #!profile.public?
+      else
         private_profile_partial_parameters
         render :template => 'profile/_private_profile', :status => 403, :formats => [:html]
       end
@@ -3,7 +3,9 @@ class ProfileController &lt; PublicController
   needs_profile
   before_filter :check_access_to_profile, :except => [:join, :join_not_logged, :index, :add]
   before_filter :store_location, :only => [:join, :join_not_logged, :report_abuse, :send_mail]
-  before_filter :login_required, :only => [:add, :join, :leave, :unblock, :leave_scrap, :remove_scrap, :remove_activity, :view_more_activities, :view_more_network_activities, :report_abuse, :register_report, :leave_comment_on_activity, :send_mail]
+  before_filter :login_required, :only => [:add, :join, :leave, :unblock, :leave_scrap, :remove_scrap, :remove_activity, :view_more_activities, :view_more_network_activities, :report_abuse, :register_report, :leave_comment_on_activity, :send_mail, :follow, :unfollow]
+  before_filter :allow_followers?, :only => [:follow, :unfollow]
+  before_filter :accept_only_post, :only => [:follow, :unfollow]
  
   helper TagsHelper
   helper ActionTrackerHelper
@@ -42,8 +44,8 @@ class ProfileController &lt; PublicController
     feed_writer = FeedWriter.new
     data = feed_writer.write(
       tagged,
-      :title => _("%s's contents tagged with \"%s\"") % [profile.name, @tag],
-      :description => _("%s's contents tagged with \"%s\"") % [profile.name, @tag],
+      :title => _("%s's contents tagged with \"%s\"").html_safe % [profile.name, @tag],
+      :description => _("%s's contents tagged with \"%s\"").html_safe % [profile.name, @tag],
       :link => url_for(profile.url)
     )
     render :text => data, :content_type => "text/xml"
@@ -65,6 +67,14 @@ class ProfileController &lt; PublicController
     end
   end
  
+  def following
+    @followed_people = profile.followed_profiles.paginate(:per_page => per_page, :page => params[:npage], :total_entries => profile.followed_profiles.count)
+  end
+
+  def followed
+    @followed_by = profile.followers.paginate(:per_page => per_page, :page => params[:npage], :total_entries => profile.followers.count)
+  end
+
   def members
     if is_cache_expired?(profile.members_cache_key(params))
       sort = (params[:sort] == 'desc') ? params[:sort] : 'asc'
@@ -88,7 +98,7 @@ class ProfileController &lt; PublicController
  
   def join_modal
       profile.add_member(user)
-      session[:notice] = _('%s administrator still needs to accept you as member.') % profile.name
+      session[:notice] = _('%s administrator still needs to accept you as member.').html_safe % profile.name
       redirect_to :action => :index
   end
  
@@ -98,12 +108,12 @@ class ProfileController &lt; PublicController
  
       profile.add_member(user)
       if !profile.members.include?(user)
-        render :text => {:message => _('%s administrator still needs to accept you as member.') % profile.name}.to_json
+        render :text => {:message => _('%s administrator still needs to accept you as member.').html_safe % profile.name}.to_json
       else
-        render :text => {:message => _('You just became a member of %s.') % profile.name}.to_json
+        render :text => {:message => _('You just became a member of %s.').html_safe % profile.name}.to_json
       end
     else
-      render :text => {:message => _('You are already a member of %s.') % profile.name}.to_json
+      render :text => {:message => _('You are already a member of %s.').html_safe % profile.name}.to_json
     end
   end
  
@@ -125,7 +135,7 @@ class ProfileController &lt; PublicController
         render :text => current_person.leave(profile, params[:reload])
       end
     else
-      render :text => {:message => _('You are not a member of %s.') % profile.name}.to_json
+      render :text => {:message => _('You are not a member of %s.').html_safe % profile.name}.to_json
     end
   end
  
@@ -145,12 +155,41 @@ class ProfileController &lt; PublicController
     # FIXME this shouldn't be in Person model?
     if !user.memberships.include?(profile)
       AddFriend.create!(:person => user, :friend => profile)
-      render :text => _('%s still needs to accept being your friend.') % profile.name
+      render :text => _('%s still needs to accept being your friend.').html_safe % profile.name
     else
-      render :text => _('You are already a friend of %s.') % profile.name
+      render :text => _('You are already a friend of %s.').html_safe % profile.name
+    end
+  end
+
+  def follow
+    if profile.followed_by?(current_person)
+      render :text => _("You are already following %s.") % profile.name, :status => 400
+    else
+      selected_circles = params[:circles].map{ |circle_name, circle_id| Circle.find_by(:id => circle_id) }.select{ |c| c.present? }
+      if selected_circles.present?
+        current_person.follow(profile, selected_circles)
+        render :text => _("You are now following %s") % profile.name, :status => 200
+      else
+        render :text => _("Select at least one circle to follow %s.") % profile.name, :status => 400
+      end
     end
   end
  
+  def find_profile_circles
+    circles = Circle.where(:person => current_person, :profile_type => profile.class.name)
+    render :partial => 'blocks/profile_info_actions/circles', :locals => { :circles => circles, :profile_types => Circle.profile_types.to_a }
+  end
+
+  def unfollow
+    follower = params[:follower_id].present? ? Person.find_by(id: params[:follower_id]) : current_person
+
+    if follower && follower.follows?(profile)
+      follower.unfollow(profile)
+    end
+    redirect_url = params["redirect_to"] ? params["redirect_to"] : profile.url
+    redirect_to redirect_url
+  end
+
   def check_friendship
     unless logged_in?
       render :text => ''
@@ -178,7 +217,7 @@ class ProfileController &lt; PublicController
   def unblock
     if current_user.person.is_admin?(profile.environment)
       profile.unblock
-      session[:notice] = _("You have unblocked %s successfully. ") % profile.name
+      session[:notice] = _("You have unblocked %s successfully. ").html_safe % profile.name
       redirect_to :controller => 'profile', :action => 'index'
     else
       message = _('You are not allowed to unblock enterprises in this environment.')
@@ -437,4 +476,8 @@ class ProfileController &lt; PublicController
     [:image, :domains, :preferred_domain, :environment]
   end
  
+  def allow_followers?
+    render_not_found unless profile.allow_followers?
+  end
+
 end
@@ -14,13 +14,23 @@ module ActionTrackerHelper
     }
   end
  
+  def new_follower_description ta
+    n_('has 1 new follower:<br />%{name}', 'has %{num} new followers:<br />%{name}', ta.get_follower_name.size).html_safe % {
+      num: ta.get_follower_name.size,
+      name: safe_join(ta.collect_group_with_index(:follower_name) do |n,i|
+        link_to image_tag(ta.get_follower_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/person-icon.png")),
+          ta.get_follower_url[i], title: n
+      end)
+    }
+  end
+
   def join_community_description ta
-    n_('has joined 1 community:<br />%{name}'.html_safe, 'has joined %{num} communities:<br />%{name}'.html_safe, ta.get_resource_name.size) % {
+    n_('has joined 1 community:<br />%{name}', 'has joined %{num} communities:<br />%{name}', ta.get_resource_name.size).html_safe % {
       num: ta.get_resource_name.size,
-      name: ta.collect_group_with_index(:resource_name) do |n,i|
+      name: safe_join(ta.collect_group_with_index(:resource_name) do |n,i|
        link = link_to image_tag(ta.get_resource_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/community-icon.png")),
                 ta.get_resource_url[i], title: n
-      end.join.html_safe
+      end)
     }
   end
  
@@ -68,9 +78,9 @@ module ActionTrackerHelper
   end
  
   def favorite_enterprise_description ta
-    _('favorited enterprise %{title}') % {
+    (_('favorited enterprise %{title}') % {
       title: link_to(truncate(ta.get_enterprise_name), ta.get_enterprise_url),
-    }
+    }).html_safe
   end
  
 end
@@ -880,7 +880,7 @@ module ApplicationHelper
         link_to_all = link_to(content_tag('strong', _('See all')), :controller => 'memberships', :profile => user.identifier)
       end
       link = list.map do |element|
-        link_to(content_tag('strong', _('<span>Manage</span> %s') % element.short_name(25)), element.admin_url, :class => "icon-menu-"+element.class.identification.underscore, :title => _('Manage %s') % element.short_name)
+        link_to(content_tag('strong', _('<span>Manage</span> %s').html_safe % element.short_name(25)), element.admin_url, :class => "icon-menu-"+element.class.identification.underscore, :title => _('Manage %s').html_safe % element.short_name)
       end
       if link_to_all
         link << link_to_all
@@ -921,7 +921,7 @@ module ApplicationHelper
     logout_link = link_to(logout_icon.html_safe, { :controller => 'account', :action => 'logout'} , :id => "logout", :title => _("Leave the system"))
     join_result = safe_join(
       [welcome_span.html_safe, render_environment_features(:usermenu).html_safe, admin_link.html_safe,
-        manage_enterprises.html_safe, manage_communities.html_safe, ctrl_panel_link.html_safe,
+        manage_enterprises, manage_communities, ctrl_panel_link.html_safe,
         pending_tasks_count.html_safe, logout_link.html_safe], "")
     join_result
   end
@@ -128,14 +128,14 @@ module FormsHelper
       counter += 1
       row << item
       if counter % per_row == 0
-        rows << content_tag('tr', row.join("\n"))
+        rows << content_tag('tr', row.join("\n").html_safe)
         counter = 0
         row = []
       end
     end
-    rows << content_tag('tr', row.join("\n"))
+    rows << content_tag('tr', row.join("\n").html_safe)
  
-    content_tag('table',rows.join("\n"))
+    content_tag('table',rows.join("\n").html_safe)
   end
  
   def date_field(name, value, datepicker_options = {}, html_options = {})
@@ -11,7 +11,7 @@ module ProfileHelper
   PERSON_CATEGORIES[:location] = [:address, :address_reference, :zip_code, :city, :state, :district, :country, :nationality]
   PERSON_CATEGORIES[:work] = [:organization, :organization_website, :professional_activity]
   PERSON_CATEGORIES[:study] = [:schooling, :formation, :area_of_study]
-  PERSON_CATEGORIES[:network] = [:friends, :communities, :enterprises]
+  PERSON_CATEGORIES[:network] = [:friends, :followers, :followed_profiles, :communities, :enterprises]
   PERSON_CATEGORIES.merge!(COMMON_CATEGORIES)
  
   ORGANIZATION_CATEGORIES = {}
@@ -42,7 +42,8 @@ module ProfileHelper
     :created_at => _('Profile created at'),
     :members_count => _('Members'),
     :privacy_setting => _('Privacy setting'),
-    :article_tags => _('Tags')
+    :article_tags => _('Tags'),
+    :followed_profiles => _('Following')
   }
  
   EXCEPTION = {
@@ -144,6 +145,14 @@ module ProfileHelper
     link_to(n_('One picture', '%{num} pictures', gallery.images.published.count) % { :num => gallery.images.published.count }, gallery.url)
   end
  
+  def treat_followers(followers)
+    link_to(profile.followers.count, {:action=>"followed", :controller=>"profile", :profile=>"#{profile.identifier}"})
+  end
+
+  def treat_followed_profiles(followed_profiles)
+    link_to(profile.followed_profiles.count, {:action=>"following", :controller=>"profile", :profile=>"#{profile.identifier}"})
+  end
+
   def treat_events(events)
     link_to events.published.count, :controller => 'events', :action => 'events'
   end
@@ -19,8 +19,8 @@ class NotifyActivityToProfilesJob &lt; Struct.new(:tracked_action_id)
     # Notify the user
     ActionTrackerNotification.create(:profile_id => tracked_action.user.id, :action_tracker_id => tracked_action.id)
  
-    # Notify all friends
-    ActionTrackerNotification.connection.execute("insert into action_tracker_notifications(profile_id, action_tracker_id) select f.friend_id, #{tracked_action.id} from friendships as f where person_id=#{tracked_action.user.id} and f.friend_id not in (select atn.profile_id from action_tracker_notifications as atn where atn.action_tracker_id = #{tracked_action.id})")
+    # Notify all followers
+    ActionTrackerNotification.connection.execute("INSERT INTO action_tracker_notifications(profile_id, action_tracker_id) SELECT DISTINCT c.person_id, #{tracked_action.id} FROM profiles_circles AS p JOIN circles as c ON c.id = p.circle_id WHERE p.profile_id = #{tracked_action.user.id} AND (c.person_id NOT IN (SELECT atn.profile_id FROM action_tracker_notifications AS atn WHERE atn.action_tracker_id = #{tracked_action.id}))")
  
     if tracked_action.user.is_a? Organization
       ActionTrackerNotification.connection.execute "insert into action_tracker_notifications(profile_id, action_tracker_id) " +
@@ -47,8 +47,8 @@ class Contact
         content_type: 'text/html',
         to: contact.dest.notification_emails,
         reply_to: contact.email,
-        subject: "[#{contact.dest.short_name(30)}] " + contact.subject,
-        from: "#{contact.name} <#{contact.dest.environment.noreply_email}>"
+        subject: "[#{contact.dest.short_name(30)}] #{contact.subject}".html_safe,
+        from: "#{contact.name} <#{contact.dest.environment.noreply_email}>".html_safe
       }
  
       if contact.sender
@@ -30,7 +30,7 @@ class EnvironmentMailing &lt; Mailing
   end
  
   def signature_message
-    _('Sent by %s.') % source.name
+    _('Sent by %s.').html_safe % source.name
   end
  
   def url
@@ -2,7 +2,8 @@ require_dependency &#39;mailing_job&#39;
  
 class Mailing < ApplicationRecord
  
-  acts_as_having_settings :field => :data
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :data
  
   attr_accessible :subject, :body, :data
  
@@ -23,11 +24,11 @@ class Mailing &lt; ApplicationRecord
   end
  
   def generate_from
-    "#{source.name} <#{if source.is_a? Environment then source.noreply_email else source.contact_email end}>"
+    "#{source.name} <#{if source.is_a? Environment then source.noreply_email else source.contact_email end}>".html_safe
   end
  
   def generate_subject
-    '[%s] %s' % [source.name, subject]
+    '[%s] %s'.html_safe % [source.name, subject]
   end
  
   def signature_message
@@ -30,7 +30,7 @@ class OrganizationMailing &lt; Mailing
   end
  
   def signature_message
-    _('Sent by community %s.') % source.name
+    _('Sent by community %s.').html_safe % source.name
   end
  
   include Rails.application.routes.url_helpers
@@ -12,8 +12,8 @@ class PendingTaskNotifier &lt; ApplicationMailer
  
     mail(
       to: person.email,
-      from: "#{person.environment.name} <#{person.environment.noreply_email}>",
-      subject: _("[%s] Pending tasks") % person.environment.name
+      from: "#{person.environment.name} <#{person.environment.noreply_email}>".html_safe,
+      subject: _("[%s] Pending tasks").html_safe % person.environment.name
     )
   end
  
@@ -14,8 +14,8 @@ class ScrapNotifier &lt; ApplicationMailer
     @url = sender.environment.top_url
     mail(
       to: receiver.email,
-      from: "#{sender.environment.name} <#{sender.environment.noreply_email}>",
-      subject: _("[%s] You received a scrap!") % [sender.environment.name]
+      from: "#{sender.environment.name} <#{sender.environment.noreply_email}>".html_safe,
+      subject: _("[%s] You received a scrap!").html_safe % [sender.environment.name]
     )
   end
 end
@@ -14,7 +14,7 @@ class TaskMailer &lt; ApplicationMailer
     mail(
       to: task.target.notification_emails.compact,
       from: self.class.generate_from(task),
-      subject: "[%s] %s" % [task.environment.name, task.target_notification_description]
+      subject: "[%s] %s".html_safe % [task.environment.name, task.target_notification_description]
     )
   end
  
@@ -27,7 +27,7 @@ class TaskMailer &lt; ApplicationMailer
     mail(
       to: task.friend_email,
       from: self.class.generate_from(task),
-      subject: '[%s] %s' % [ task.requestor.environment.name, task.target_notification_description ]
+      subject: '[%s] %s'.html_safe % [ task.requestor.environment.name, task.target_notification_description ]
     )
   end
  
@@ -43,7 +43,7 @@ class TaskMailer &lt; ApplicationMailer
     mail_with_template(
       to: task.requestor.notification_emails,
       from: self.class.generate_from(task),
-      subject: '[%s] %s' % [task.requestor.environment.name, task.target_notification_description],
+      subject: '[%s] %s'.html_safe % [task.requestor.environment.name, task.target_notification_description],
       email_template: task.email_template,
       template_params: {:environment => task.requestor.environment, :task => task, :message => @message, :url => @url, :requestor => task.requestor}
     )
@@ -13,8 +13,8 @@ class UserMailer &lt; ApplicationMailer
  
     mail(
       to: user_email,
-      from: "#{user.environment.name} <#{user.environment.contact_email}>",
-      subject: _("[%{environment}] Welcome to %{environment} mail!") % { :environment => user.environment.name }
+      from: "#{user.environment.name} <#{user.environment.contact_email}>".html_safe,
+      subject: _("[%{environment}] Welcome to %{environment} mail!").html_safe % { :environment => user.environment.name }
     )
   end
  
@@ -30,7 +30,7 @@ class UserMailer &lt; ApplicationMailer
     mail_with_template(
       from: "#{user.environment.name} <#{user.environment.contact_email}>",
       to: user.email,
-      subject: _("[%s] Activate your account") % [user.environment.name],
+      subject: _("[%s] Activate your account").html_safe % [user.environment.name],
       template_params: {:environment => user.environment, :activation_code => @activation_code, :redirection => @redirection, :join => @join, :person => user.person, :url => @url},
       email_template: user.environment.email_templates.find_by_template_type(:user_activation),
     )
@@ -44,8 +44,8 @@ class UserMailer &lt; ApplicationMailer
     mail(
       content_type: 'text/html',
       to: user.email,
-      from: "#{user.environment.name} <#{user.environment.contact_email}>",
-      subject: email_subject.blank? ? _("Welcome to environment %s") % [user.environment.name] : email_subject,
+      from: "#{user.environment.name} <#{user.environment.contact_email}>".html_safe,
+      subject: email_subject.blank? ? _("Welcome to environment %s").html_safe % [user.environment.name] : email_subject,
       body: @body
     )
   end
@@ -63,8 +63,8 @@ class UserMailer &lt; ApplicationMailer
     mail(
       content_type: 'text/html',
       to: user.email,
-      from: "#{user.environment.name} <#{user.environment.contact_email}>",
-      subject: _("[%s] What about grow up your network?") % user.environment.name
+      from: "#{user.environment.name} <#{user.environment.contact_email}>".html_safe,
+      subject: _("[%s] What about grow up your network?").html_safe % user.environment.name
     )
   end
  
@@ -25,7 +25,7 @@ class AbuseComplaint &lt; Task
   end
  
   def title
-    abuse_reports.count > 1 ? (_('Abuse complaint (%s)') % abuse_reports.count) :_('Abuse complaint')
+    abuse_reports.count > 1 ? (_('Abuse complaint (%s)').html_safe % abuse_reports.count) :_('Abuse complaint')
   end
  
   def linked_subject
@@ -57,15 +57,15 @@ class AbuseComplaint &lt; Task
   end
  
   def task_activated_message
-    _('Your profile was reported by the users of %s due to inappropriate behavior. The administrators of the environment are now reviewing the report. To solve this misunderstanding, please contact the administrators.') % environment.name
+    _('Your profile was reported by the users of %s due to inappropriate behavior. The administrators of the environment are now reviewing the report. To solve this misunderstanding, please contact the administrators.').html_safe % environment.name
   end
  
   def task_finished_message
-    _('Your profile was disabled by the administrators of %s due to inappropriate behavior. To solve this misunderstanding please contact them.') % environment.name
+    _('Your profile was disabled by the administrators of %s due to inappropriate behavior. To solve this misunderstanding please contact them.').html_safe % environment.name
   end
  
   def target_notification_description
-    _('%s was reported due to inappropriate behavior.') % reported.name
+    _('%s was reported due to inappropriate behavior.').html_safe % reported.name
   end
  
   def target_notification_message
@@ -22,6 +22,7 @@ class AddMember &lt; Task
       self.roles = [Profile::Roles.member(organization.environment.id).id]
     end
     target.affiliate(requestor, self.roles.select{|r| !r.to_i.zero? }.map{|i| Role.find(i)})
+    person.follow(organization, Circle.find_or_create_by(:person => person, :name =>_('memberships'), :profile_type => 'Community'))
   end
  
   def title
@@ -56,7 +57,7 @@ class AddMember &lt; Task
   def target_notification_description
     requestor_email = " (#{requestor.email})" if requestor.may_display_field_to?("email")
  
-    _("%{requestor}%{requestor_email} wants to be a member of '%{organization}'.") % {:requestor => requestor.name, :requestor_email => requestor_email, :organization => organization.name}
+    _("%{requestor}%{requestor_email} wants to be a member of '%{organization}'.").html_safe % {:requestor => requestor.name, :requestor_email => requestor_email, :organization => organization.name}
   end
  
   def target_notification_message
@@ -13,7 +13,9 @@ class Article &lt; ApplicationRecord
                   :image_builder, :show_to_followers, :archived,
                   :author, :display_preview, :published_at, :person_followers
  
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
+
   include Noosfero::Plugin::HotSpot
  
   SEARCHABLE_FIELDS = {
@@ -91,7 +93,8 @@ class Article &lt; ApplicationRecord
   has_many :article_categorizations_including_virtual, :class_name => 'ArticleCategorization'
   has_many :categories_including_virtual, :through => :article_categorizations_including_virtual, :source => :category
  
-  acts_as_having_settings :field => :setting
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :setting
  
   settings_items :display_hits, :type => :boolean, :default => true
   settings_items :author_name, :type => :string, :default => ""
@@ -242,6 +245,7 @@ class Article &lt; ApplicationRecord
   acts_as_taggable
   N_('Tag list')
  
+  extend ActsAsFilesystem::ActsMethods
   acts_as_filesystem
  
   acts_as_versioned
@@ -534,13 +538,13 @@ class Article &lt; ApplicationRecord
  
   scope :display_filter, lambda {|user, profile|
     return published if (user.nil? && profile && profile.public?)
-    return [] if user.nil? || (profile && !profile.public? && !user.follows?(profile))
+    return [] if user.nil? || (profile && !profile.public? && !profile.in_social_circle?(user))
     where(
       [
        "published = ? OR last_changed_by_id = ? OR profile_id = ? OR ?
         OR  (show_to_followers = ? AND ? AND profile_id IN (?))", true, user.id, user.id,
         profile.nil? ?  false : user.has_permission?(:view_private_content, profile),
-        true, (profile.nil? ? true : user.follows?(profile)),  ( profile.nil? ? (user.friends.select('profiles.id')) : [profile.id])
+        true, (profile.nil? ? true : profile.in_social_circle?(user)),  ( profile.nil? ? (user.friends.select('profiles.id')) : [profile.id])
       ]
     )
   }
@@ -17,6 +17,7 @@ class Block &lt; ApplicationRecord
   belongs_to :mirror_block, :class_name => "Block"
   has_many :observers, :class_name => "Block", :foreign_key => "mirror_block_id"
  
+  extend ActsAsHavingSettings::ClassMethods
   acts_as_having_settings
  
   scope :enabled, -> { where :enabled => true }
@@ -88,7 +89,7 @@ class Block &lt; ApplicationRecord
   end
  
   def display_to_user?(user)
-    display_user == 'all' || (user.nil? && display_user == 'not_logged') || (user && display_user == 'logged') || (user && display_user == 'followers' && user.follows?(owner))
+    display_user == 'all' || (user.nil? && display_user == 'not_logged') || (user && display_user == 'logged') || (user && display_user == 'followers' && owner.in_social_circle?(user))
   end
  
   def display_always(context)
@@ -2,7 +2,9 @@ class Blog &lt; Folder
  
   attr_accessible :visualization_format
  
+  extend ActsAsHavingPosts::ClassMethods
   acts_as_having_posts
+
   include PostsLimit
  
   #FIXME This should be used until there is a migration to fix all blogs that
@@ -21,6 +21,7 @@ class Category &lt; ApplicationRecord
  
   scope :on_level, -> parent { where :parent_id => parent }
  
+  extend ActsAsFilesystem::ActsMethods
   acts_as_filesystem
  
   has_many :article_categorizations
@@ -35,6 +36,7 @@ class Category &lt; ApplicationRecord
   has_many :people, :through => :profile_categorizations, :source => :profile, :class_name => 'Person'
   has_many :communities, :through => :profile_categorizations, :source => :profile, :class_name => 'Community'
  
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
  
   before_save :normalize_display_color
@@ -0,0 +1,37 @@
+class Circle < ApplicationRecord
+  has_many :profile_followers
+  belongs_to :person
+
+  attr_accessible :name, :person, :profile_type
+
+  validates :name, presence: true
+  validates :person_id, presence: true
+  validates :profile_type, presence: true
+  validates :person_id, :uniqueness => {:scope => :name, :message => "can't add two circles with the same name"}
+
+  validate :profile_type_must_be_in_list
+
+  scope :by_owner, -> person{
+    where(:person => person)
+  }
+
+  scope :with_name, -> name{
+    where(:name => name)
+  }
+
+  def self.profile_types
+    {
+      _("Person") => Person.name,
+      _("Community") => Community.name,
+      _("Enterprise") => Enterprise.name
+    }
+  end
+
+  def profile_type_must_be_in_list
+    valid_profile_types = Circle.profile_types.values
+    unless self.profile_type.in? valid_profile_types
+      self.errors.add(:profile_type, "invalid profile type")
+    end
+  end
+
+end
@@ -38,6 +38,7 @@ class Comment &lt; ApplicationRecord
  
   validate :article_archived?
  
+  extend ActsAsHavingSettings::ClassMethods
   acts_as_having_settings
  
   xss_terminate :only => [ :body, :title, :name ], :on => 'validation'
@@ -2,7 +2,7 @@ class Community &lt; Organization
  
   attr_accessible :accessor_id, :accessor_type, :role_id, :resource_id, :resource_type
   attr_accessible :address_reference, :district, :tag_list, :language, :description
-  attr_accessible :requires_email
+
   after_destroy :check_invite_member_for_destroy
  
   def self.type_name
@@ -13,9 +13,6 @@ class Community &lt; Organization
   N_('Language')
  
   settings_items :language
-  settings_items :requires_email, :type => :boolean
-
-  alias_method :requires_email?, :requires_email
  
   extend SetProfileRegionFromCityState::ClassMethods
   set_profile_region_from_city_state
@@ -0,0 +1,265 @@
+module ActsAsFilesystem
+
+  module ActsMethods
+
+    # Declares the ActiveRecord model to acts like a filesystem: objects are
+    # arranged in a tree (liks acts_as_tree), and . The underlying table must
+    # have the following fields:
+    #
+    # * name (+:string+) - the title of the object
+    # * slug (+:string+)- the title turned in a URL-friendly string (downcased,
+    #   non-ascii chars transliterated into ascii, all sequences of
+    #   non-alphanumericd characters changed into dashed)
+    # * path (+:text+)- stores the full path of the object (the full path of
+    #   the parent, a "/" and the slug of the object)
+    # * children_count - a cache of the number of children elements.
+    def acts_as_filesystem
+      # a filesystem is a tree
+      acts_as_tree :counter_cache => :children_count
+
+      extend ClassMethods
+      include InstanceMethods
+      if self.has_path?
+        after_update :update_children_path
+        before_create :set_path
+        include InstanceMethods::PathMethods
+      end
+
+      before_save :set_ancestry
+    end
+
+  end
+
+  module ClassMethods
+
+    def build_ancestry(parent_id = nil, ancestry = '')
+      ActiveRecord::Base.transaction do
+        self.base_class.where(parent_id: parent_id).each do |node|
+          node.update_column :ancestry, ancestry
+
+          build_ancestry node.id, (ancestry.empty? ? "#{node.formatted_ancestry_id}" :
+                                   "#{ancestry}#{node.ancestry_sep}#{node.formatted_ancestry_id}")
+        end
+      end
+
+      #raise "Couldn't reach and set ancestry on every record" if self.base_class.where('ancestry is null').count != 0
+    end
+
+    def has_path?
+      (['name', 'slug', 'path'] - self.column_names).blank?
+    end
+
+  end
+
+  module InstanceMethods
+
+    def ancestry_column
+      'ancestry'
+    end
+    def ancestry_sep
+      '.'
+    end
+    def has_ancestry?
+      self.class.column_names.include? self.ancestry_column
+    end
+
+    def formatted_ancestry_id
+      "%010d" % self.id if self.id
+    end
+
+    def ancestry
+      self[ancestry_column]
+    end
+    def ancestor_ids
+      return nil if !has_ancestry? or ancestry.nil?
+      @ancestor_ids ||= ancestry.split(ancestry_sep).map{ |id| id.to_i }
+    end
+
+    def ancestry=(value)
+      self[ancestry_column] = value
+    end
+    def set_ancestry
+      return unless self.has_ancestry?
+      if self.ancestry.nil? or (new_record? or parent_id_changed?) or recalculate_path
+        self.ancestry = self.hierarchy(true)[0...-1].map{ |p| p.formatted_ancestry_id }.join(ancestry_sep)
+      end
+    end
+
+    def descendents_options
+      ["#{self.ancestry_column} LIKE ?", "%#{self.formatted_ancestry_id}%"]
+    end
+    def descendents
+      self.class.where descendents_options
+    end
+
+    # calculates the level of the record in the records hierarchy. Top-level
+    # records have level 0; the children of the top-level records have
+    # level 1; the children of records with level 1 have level 2, and so on.
+    #
+    #      A    level 0
+    #     / \
+    #    B   C  level 1
+    #   / \ / \
+    #   E F G H level 2
+    #     ...
+    def level
+      self.hierarchy.size - 1
+    end
+
+    # Is this record a top-level record?
+    def top_level?
+      self.parent.nil?
+    end
+
+    # Is this record a leaf in the hierarchy tree of records?
+    #
+    # Being a leaf means that this record has no subrecord.
+    def leaf?
+      self.children.empty?
+    end
+
+    def top_ancestor
+      if has_ancestry? and !ancestry.blank?
+        self.class.base_class.find_by id: self.top_ancestor_id
+      else
+        self.hierarchy.first
+      end
+    end
+    def top_ancestor_id
+      if has_ancestry? and !ancestry.nil?
+        self.ancestor_ids.first
+      else
+        self.hierarchy.first.id
+      end
+    end
+
+    # returns the full hierarchy from the top-level item to this one. For
+    # example, if item1 has a children item2 and item2 has a children item3,
+    # then item3's hierarchy would be [item1, item2, item3].
+    #
+    # If +reload+ is passed as +true+, then the hierarchy is reload (usefull
+    # when the ActiveRecord object was modified in some way, or just after
+    # changing parent)
+    def hierarchy(reload = false)
+      @hierarchy = nil if reload or recalculate_path
+
+      if @hierarchy.nil?
+        @hierarchy = []
+
+        if !reload and !recalculate_path and ancestor_ids
+          objects = self.class.base_class.where(id: ancestor_ids)
+          ancestor_ids.each{ |id| @hierarchy << objects.find{ |t| t.id == id } }
+          @hierarchy << self
+        else
+          item = self
+          while item
+            @hierarchy.unshift(item)
+            item = item.parent
+          end
+        end
+      end
+
+      @hierarchy
+    end
+
+    def map_traversal(&block)
+      result = []
+      current_level = [self]
+
+      while !current_level.empty?
+        result += current_level
+        ids = current_level.select {|item| item.children_count > 0}.map(&:id)
+        break if ids.empty?
+        current_level = self.class.base_class.where(parent_id: ids)
+      end
+      block ||= (lambda { |x| x })
+      result.map(&block)
+    end
+
+    def all_children
+      res = map_traversal
+      res.shift
+      res
+    end
+
+    #####
+    # Path methods
+    # These methods are used when _path_, _name_ and _slug_ attributes exist
+    # and should be calculated based on the tree
+    #####
+    module PathMethods
+      # used to know when to trigger batch renaming
+      attr_accessor :recalculate_path
+
+      # calculates the full path to this record using parent's path.
+      def calculate_path
+        self.hierarchy.map{ |obj| obj.slug }.join('/')
+      end
+      def set_path
+        if self.path == self.slug && !self.top_level?
+          self.path = self.calculate_path
+        end
+      end
+      def explode_path
+        path.split(/\//)
+      end
+
+      def update_children_path
+        if self.recalculate_path
+          self.children.each do |child|
+            child.path = child.calculate_path
+            child.recalculate_path = true
+            child.save!
+          end
+        end
+        self.recalculate_path = false
+      end
+
+      # calculates the full name of a record by accessing the name of all its
+      # ancestors.
+      #
+      # If you have this record hierarchy:
+      #   Record "A"
+      #     Record "B"
+      #       Record "C"
+      #
+      # Then Record "C" will have "A/B/C" as its full name.
+      def full_name(sep = '/')
+        self.hierarchy.map {|item| item.name || '?' }.join(sep)
+      end
+
+      # gets the name without leading parents. Useful when dividing records
+      # in top-level groups and full names must not include the top-level
+      # record which is already a emphasized label
+      def full_name_without_leading(count, sep = '/')
+        parts = self.full_name(sep).split(sep)
+        count.times { parts.shift }
+        parts.join(sep)
+      end
+
+      def set_name(value)
+        if self.name != value
+          self.recalculate_path = true
+        end
+        self[:name] = value
+      end
+
+      # sets the name of the record. Also sets #slug accordingly.
+      def name=(value)
+        self.set_name(value)
+        unless self.name.blank?
+          self.slug = self.name.to_slug
+        end
+      end
+
+      # sets the slug of the record. Also sets the path with the new slug value.
+      def slug=(value)
+        self[:slug] = value
+        unless self.slug.blank?
+          self.path = self.calculate_path
+        end
+      end
+    end
+  end
+end
+
@@ -0,0 +1,37 @@
+module ActsAsHavingBoxes
+
+  module ClassMethods
+    def acts_as_having_boxes
+      has_many :boxes, -> { order :position }, as: :owner, dependent: :destroy
+      self.send(:include, ActsAsHavingBoxes)
+    end
+  end
+
+  module BlockArray
+    def find(id)
+      select { |item| item.id == id.to_i }.first
+    end
+  end
+
+  def blocks(reload = false)
+    if (reload)
+      @blocks = nil
+    end
+    if @blocks.nil?
+      @blocks = boxes.includes(:blocks).inject([]) do |acc,obj|
+        acc.concat(obj.blocks)
+      end
+      @blocks.send(:extend, BlockArray)
+    end
+    @blocks
+  end
+
+  # returns 3 unless the class table has a boxes_limit column. In that case
+  # return the value of the column.
+  def boxes_limit layout_template = nil
+    layout_template ||= self.layout_template
+    @boxes_limit ||= LayoutTemplate.find(layout_template).number_of_boxes || 3
+  end
+
+end
+
@@ -0,0 +1,25 @@
+module ActsAsHavingImage
+
+  module ClassMethods
+    def acts_as_having_image
+      belongs_to :image, dependent: :destroy
+      scope :with_image, -> { where "#{table_name}.image_id IS NOT NULL" }
+      scope :without_image, -> { where "#{table_name}.image_id IS NULL" }
+      attr_accessible :image_builder
+      include ActsAsHavingImage
+    end
+  end
+
+  def image_builder=(img)
+    if image && image.id == img[:id]
+      image.attributes = img
+    else
+      build_image(img)
+    end unless img[:uploaded_data].blank?
+    if img[:remove_image] == 'true'
+      self.image_id = nil
+    end
+  end
+
+end
+
@@ -0,0 +1,49 @@
+module ActsAsHavingPosts
+
+  module ClassMethods
+    def acts_as_having_posts(scope = nil)
+      has_many :posts, -> {
+        s = order('published_at DESC, id DESC').where('articles.type != ?', 'RssFeed')
+        s = s.instance_exec(&scope) if scope
+        s
+      }, class_name: 'Article', foreign_key: 'parent_id', source: :children
+
+      attr_accessor :feed_attrs
+
+      after_create do |blog|
+        blog.children << RssFeed.new(:name => 'feed', :profile => blog.profile)
+        blog.feed = blog.feed_attrs
+      end
+
+      settings_items :posts_per_page, :type => :integer, :default => 5
+
+      self.send(:include, ActsAsHavingPosts)
+    end
+  end
+
+  def has_posts?
+    true
+  end
+
+  def feed
+    children.where(:type => 'RssFeed').first
+  end
+
+  def feed=(attrs)
+    if attrs
+      if self.feed
+        self.feed.update(attrs)
+      else
+        self.feed_attrs = attrs
+      end
+    end
+    self.feed
+  end
+
+  def name=(value)
+    self.set_name(value)
+    self.slug = self.slug.blank? ? self.name.to_slug : self.slug.to_slug
+  end
+
+end
+
@@ -0,0 +1,89 @@
+# declare missing types
+module ActiveRecord
+  module Type
+    class Symbol < Value
+      def cast_value value
+        value.to_sym
+      end
+    end
+    class Array < Value
+      def cast_value value
+        ::Array.wrap(value)
+      end
+    end
+    class Hash < Value
+      def cast_value value
+        h = ::Hash[value]
+        h.symbolize_keys!
+        h
+      end
+    end
+  end
+end
+
+module ActsAsHavingSettings
+
+  def self.type_cast value, type
+    # do not cast nil
+    return value if value.nil?
+    type.send :cast_value, value
+  end
+
+  module ClassMethods
+
+    def acts_as_having_settings(*args)
+      options = args.last.is_a?(Hash) ? args.pop : {}
+      field = (options[:field] || :settings).to_sym
+
+      serialize field, Hash
+      class_attribute :settings_field
+      self.settings_field = field
+
+      class_eval do
+        def settings_field
+          self[self.class.settings_field] ||= Hash.new
+        end
+
+        def setting_changed? setting_field
+          setting_field = setting_field.to_sym
+          changed_settings = self.changes[self.class.settings_field]
+          return false if changed_settings.nil?
+
+          old_setting_value = changed_settings.first.nil? ? nil : changed_settings.first[setting_field]
+          new_setting_value = changed_settings.last[setting_field]
+          old_setting_value != new_setting_value
+        end
+      end
+
+      settings_items *args
+    end
+
+    def settings_items *names
+
+      options = names.extract_options!
+      default = options[:default]
+      type = options[:type]
+      type = if type.present? then ActiveRecord::Type.const_get(type.to_s.camelize.to_sym).new else nil end
+
+      names.each do |setting|
+        # symbolize key
+        setting = setting.to_sym
+
+        define_method setting do
+          h = send self.class.settings_field
+          val = h[setting]
+          # translate default value if it is used
+          if not val.nil? then val elsif default.is_a? String then gettext default else default end
+        end
+
+        define_method "#{setting}=" do |value|
+          h = send self.class.settings_field
+          h[setting] = if type then ActsAsHavingSettings.type_cast value, type else value end
+        end
+      end
+    end
+
+  end
+
+end
+
@@ -0,0 +1,57 @@
+module CodeNumbering
+  module ClassMethods
+    def code_numbering field, options = {}
+      class_attribute :code_numbering_field
+      class_attribute :code_numbering_options
+
+      self.code_numbering_field = field
+      self.code_numbering_options = options
+
+      before_create :create_code_numbering
+
+      include CodeNumbering::InstanceMethods
+    end
+  end
+
+  module InstanceMethods
+
+    def code
+      self.attributes[self.code_numbering_field.to_s]
+    end
+
+    def code_scope
+      scope = self.code_numbering_options[:scope]
+      case scope
+      when Symbol
+        self.send scope
+      when Proc
+        instance_exec &scope
+      else
+        self.class
+      end
+    end
+
+    def code_maximum
+      self.code_scope.maximum(self.code_numbering_field) || 0
+    end
+
+    def create_code_numbering
+      max = self.code_numbering_options[:start].to_i - 1 if self.code_numbering_options[:start]
+      max = self.code_maximum
+      self.send "#{self.code_numbering_field}=", max+1
+    end
+
+    def reset_scope_code_numbering
+      max = self.code_numbering_options[:start].to_i - 1 if self.code_numbering_options[:start]
+      max ||= 1
+
+      self.code_scope.order(:created_at).each do |record|
+        record.update_column self.code_numbering_field, max
+        max += 1
+      end
+      self.reload
+    end
+
+  end
+end
+
@@ -0,0 +1,124 @@
+module Customizable
+
+  def self.included(base)
+    base.attr_accessible :custom_values
+    base.extend ClassMethods
+  end
+
+  module ClassMethods
+    def acts_as_customizable(options = {})
+      attr_accessor :custom_values
+      has_many :custom_field_values, :dependent => :delete_all, :as => :customized
+      send :include, Customizable::InstanceMethods
+      after_save :save_custom_values
+      validate :valid_custom_values?
+    end
+
+    def active_custom_fields environment
+      environment.custom_fields.select{|cf| customized_ancestors_list.include?(cf.customized_type) && cf.active}
+    end
+
+    def required_custom_fields environment
+      environment.custom_fields.select{|cf| customized_ancestors_list.include?(cf.customized_type) && cf.required}
+    end
+
+    def signup_custom_fields environment
+      environment.custom_fields.select{|cf| customized_ancestors_list.include?(cf.customized_type) && cf.signup}
+    end
+
+    def custom_fields environment
+      environment.custom_fields.select{|cf| customized_ancestors_list.include?(cf.customized_type)}
+    end
+
+    def customized_ancestors_list
+      current=self
+      result=[]
+      while current.instance_methods.include? :custom_value do
+        result << current.name
+        current=current.superclass
+      end
+      result
+    end
+
+  end
+
+  module InstanceMethods
+
+    def valid_custom_values?
+      is_valid = true
+      parse_custom_values.each do |cv|
+        unless cv.valid?
+          name = cv.custom_field.name
+          errors.add(name, cv.errors.messages[name.to_sym].first)
+          is_valid = false
+        end
+      end
+      is_valid
+    end
+
+    def customized_class
+      current=self.class
+      while current.instance_methods.include? :custom_fields do
+        result=current
+        current=current.superclass
+      end
+      result.name
+    end
+
+    def is_public(field_name)
+      cv = self.custom_field_values.detect{|cv| cv.custom_field.name==field_name}
+      cv.nil? ? false : cv.public
+    end
+
+    def public_values
+      self.custom_field_values.select{|cv| cv.public}
+    end
+
+    def custom_value(field_name)
+      cv = self.custom_field_values.detect{|cv| cv.custom_field.name==field_name}
+      cv.nil? ? default_value_for(field_name) : cv.value
+    end
+
+    def default_value_for(field_name)
+      field=self.class.custom_fields(environment).detect {|c| c.name == field_name}
+      field.nil? ? nil : field.default_value
+    end
+
+    def parse_custom_values
+      return_list = []
+      return return_list if custom_values.blank?
+      custom_values.each_pair do |key, value|
+        custom_field = environment.custom_fields.detect{|cf|cf.name==key}
+        next if custom_field.blank?
+        custom_field_value = self.custom_field_values(true).detect{|cv| cv.custom_field.name==key}
+
+        if custom_field_value.nil?
+          custom_field_value = CustomFieldValue.new
+          custom_field_value.custom_field = custom_field
+          custom_field_value.customized = self
+        end
+
+        if value.is_a?(Hash)
+          custom_field_value.value = value['value'].to_s
+          if value.has_key?('public')
+            is_public = value['public']=="true" || value['public']==true
+            custom_field_value.public = is_public
+          else
+            custom_field_value.public = false
+          end
+        else
+          custom_field_value.value = value.to_s
+          custom_field_value.public = false
+        end
+        return_list << custom_field_value
+      end
+      return_list
+    end
+
+    def save_custom_values
+      parse_custom_values.each(&:save)
+    end
+
+  end
+end
+
@@ -0,0 +1,55 @@
+module DelayedAttachmentFu
+
+  module ClassMethods
+    def delay_attachment_fu_thumbnails
+      include DelayedAttachmentFu::InstanceMethods
+      after_create do |file|
+        if file.thumbnailable?
+          Delayed::Job.enqueue CreateThumbnailsJob.new(file.class.name, file.id)
+        end
+      end
+    end
+  end
+
+  module InstanceMethods
+    # skip processing with RMagick
+    def process_attachment
+    end
+
+    def after_process_attachment
+      save_to_storage
+      @temp_paths.clear
+      @saved_attachment = nil
+      run_callbacks :after_attachment_saved
+    end
+
+    def create_thumbnails
+      if thumbnailable?
+        self.class.with_image(full_filename) do |img|
+          self.width = img.columns
+          self.height = img.rows
+          self.save!
+        end
+        self.class.attachment_options[:thumbnails].each do |suffix, size|
+          self.create_or_update_thumbnail(self.full_filename, suffix, size)
+        end
+        self.thumbnails_processed = true
+        self.save!
+      end
+    end
+
+    def public_filename(size=nil)
+      force, size = true, nil if size == :uploaded
+      if !self.thumbnailable? || self.thumbnails_processed || force
+        super size
+      else
+        size ||= :thumb
+        '/images/icons-app/image-loading-%s.png' % size
+      end
+    end
+
+
+  end
+end
+
+
@@ -0,0 +1,44 @@
+module SetProfileRegionFromCityState
+
+  module ClassMethods
+    def set_profile_region_from_city_state
+      before_save :region_from_city_and_state
+
+      include InstanceMethods
+      alias_method_chain :city=, :region
+      alias_method_chain :state=, :region
+    end
+  end
+
+  module InstanceMethods
+    include Noosfero::Plugin::HotSpot
+
+    def city_with_region=(value)
+      self.city_without_region = value
+      @change_region = true
+    end
+
+    def state_with_region=(value)
+      self.state_without_region = value
+      @change_region = true
+    end
+
+    def region_from_city_and_state
+      if @change_region
+        self.region = nil
+        state = search_region(State, self.state)
+        self.region = search_region(City.where(:parent_id => state.id), self.city) if state
+      end
+    end
+
+    private
+
+    def search_region(scope, query)
+      return nil if !query
+      query = query.downcase.strip
+      scope.where(['lower(name)=? OR lower(abbreviation)=? OR lower(acronym)=?', query, query, query]).first
+    end
+
+  end
+
+end
@@ -0,0 +1,8 @@
+module TranslatableContent
+
+  def translatable?
+    return false if self.profile && !self.profile.environment.languages.present?
+    parent.nil? || !parent.forum?
+  end
+
+end
@@ -0,0 +1,37 @@
+module WhiteListFilter
+
+  def check_iframe_on_content(content, trusted_sites)
+    if content.blank? || !content.include?('iframe')
+      return content
+    end
+    content.gsub!(/<iframe[^>]*>\s*<\/iframe>/i) do |iframe|
+      result = ''
+      unless iframe =~ /src=['"].*src=['"]/
+        trusted_sites.each do |trusted_site|
+          re_dom = trusted_site.gsub('.', '\.')
+          if iframe =~ /src=["'](https?:)?\/\/(www\.)?#{re_dom}\//
+            result = iframe
+          end
+        end
+      end
+      result
+    end
+    content
+  end
+
+  module ClassMethods
+    def filter_iframes(*opts)
+      options = opts.last.is_a?(Hash) && opts.pop || {}
+      white_list_method = options[:whitelist] || :iframe_whitelist
+      opts.each do |field|
+        before_validation do |obj|
+          obj.check_iframe_on_content(obj.send(field), obj.send(white_list_method))
+        end
+      end
+    end
+  end
+
+  def self.included(c)
+    c.send(:extend, WhiteListFilter::ClassMethods)
+  end
+end
@@ -12,6 +12,7 @@ class CreateCommunity &lt; Task
   attr_accessible :environment, :requestor, :target
   attr_accessible :reject_explanation, :template_id
  
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
  
   DATA_FIELDS = Community.fields + ['name', 'closed', 'description']
@@ -174,8 +174,4 @@ class Enterprise &lt; Organization
     ''
   end
  
-  def followed_by? person
-    super or self.fans.where(id: person.id).count > 0
-  end
-
 end
@@ -200,6 +200,7 @@ class Environment &lt; ApplicationRecord
   # Relationships and applied behaviour
   # #################################################
  
+  extend ActsAsHavingBoxes::ClassMethods
   acts_as_having_boxes
  
   after_create do |env|
@@ -251,7 +252,8 @@ class Environment &lt; ApplicationRecord
   # #################################################
  
   # store the Environment settings as YAML-serialized Hash.
-  acts_as_having_settings :field => :settings
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :settings
  
   # introduce and explain to users something about the signup
   settings_items :signup_intro, :type => String
-require 'noosfero/translatable_content'
 require 'builder'
  
 class Event < Article
@@ -138,7 +137,7 @@ class Event &lt; Article
     false
   end
  
-  include Noosfero::TranslatableContent
+  include TranslatableContent
   include MaybeAddHttp
  
 end
@@ -7,6 +7,10 @@ class FavoriteEnterprisePerson &lt; ApplicationRecord
   belongs_to :enterprise
   belongs_to :person
  
+  after_create do |favorite|
+    favorite.person.follow(favorite.enterprise, Circle.find_or_create_by(:person => favorite.person, :name =>_('favorites'), :profile_type => 'Enterprise'))
+  end
+
   protected
  
   def is_trackable?
@@ -10,7 +10,8 @@ class Folder &lt; Article
     errors.add(:parent, "A folder should not belong to a blog.") if parent && parent.blog?
   end
  
-  acts_as_having_settings :field => :setting
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :setting
  
   xss_terminate :only => [ :name, :body ], :with => 'white_list', :on => 'validation'
  
 class Forum < Folder
  
+  extend ActsAsHavingPosts::ClassMethods
   acts_as_having_posts -> { reorder 'updated_at DESC' }
+
   include PostsLimit
  
   attr_accessible :has_terms_of_use, :terms_of_use, :topic_creation
@@ -9,11 +9,19 @@ class Friendship &lt; ApplicationRecord
   after_create do |friendship|
     Friendship.update_cache_counter(:friends_count, friendship.person, 1)
     Friendship.update_cache_counter(:friends_count, friendship.friend, 1)
+
+    circles = friendship.group.blank? ? ['friendships'] : friendship.group.split(',').map(&:strip)
+    circles.each do |circle|
+      friendship.person.follow(friendship.friend, Circle.find_or_create_by(:person => friendship.person, :name => circle, :profile_type => 'Person'))
+    end
   end
  
   after_destroy do |friendship|
     Friendship.update_cache_counter(:friends_count, friendship.person, -1)
     Friendship.update_cache_counter(:friends_count, friendship.friend, -1)
+
+    circle = Circle.find_by(:person => friendship.person, :name => (friendship.group.blank? ? 'friendships': friendship.group) )
+    friendship.person.remove_profile_from_circle(friendship.friend, circle) if circle
   end
  
   def self.remove_friendship(person1, person2)
@@ -23,6 +23,7 @@ class Image &lt; ApplicationRecord
  
   validates_attachment :size => N_("{fn} of uploaded file was larger than the maximum size of 5.0 MB").fix_i18n
  
+  extend DelayedAttachmentFu::ClassMethods
   delay_attachment_fu_thumbnails
  
   postgresql_attachment_fu
@@ -2,6 +2,10 @@
 class Organization < Profile
  
   attr_accessible :moderated_articles, :foundation_year, :contact_person, :acronym, :legal_form, :economic_activity, :management_information, :cnpj, :display_name, :enable_contact_us
+  attr_accessible :requires_email
+
+  settings_items :requires_email, type: :boolean
+  alias_method :requires_email?, :requires_email
  
   SEARCH_FILTERS = {
     :order => %w[more_recent more_popular more_active],
@@ -8,7 +8,6 @@ class Person &lt; Profile
     :display => %w[compact]
   }
  
-
   def self.type_name
     _('Person')
   end
@@ -93,6 +92,7 @@ class Person &lt; Profile
   has_many :following_articles, :class_name => 'Article', :through => :article_followers, :source => :article
   has_many :friendships, :dependent => :destroy
   has_many :friends, :class_name => 'Person', :through => :friendships
+  has_many :circles
  
   scope :online, -> {
     joins(:user).where("users.chat_status != '' AND users.chat_status_at >= ?", DateTime.now - User.expires_chat_status_every.minutes)
@@ -200,6 +200,33 @@ class Person &lt; Profile
     end
   end
  
+  def follow(profile, circles)
+    circles = [circles] unless circles.is_a?(Array)
+    circles.each do |new_circle|
+      ProfileFollower.create(profile: profile, circle: new_circle)
+    end
+  end
+
+  def update_profile_circles(profile, new_circles)
+    profile_circles = ProfileFollower.with_profile(profile).with_follower(self).map(&:circle)
+    circles_to_add = new_circles - profile_circles
+    circles_to_remove = profile_circles - new_circles
+    circles_to_add.each do |new_circle|
+      ProfileFollower.create(profile: profile, circle: new_circle)
+    end
+
+    ProfileFollower.where('circle_id IN (?) AND profile_id = ?',
+                          circles_to_remove.map(&:id), profile.id).destroy_all
+  end
+
+  def unfollow(profile)
+    ProfileFollower.with_follower(self).with_profile(profile).destroy_all
+  end
+
+  def remove_profile_from_circle(profile, circle)
+    ProfileFollower.with_profile(profile).with_circle(circle).destroy_all
+  end
+
   def already_request_friendship?(person)
     person.tasks.where(requestor_id: self.id, type: 'AddFriend', status: Task::Status::ACTIVE).first
   end
@@ -580,9 +607,12 @@ class Person &lt; Profile
     person.has_permission?(:manage_friends, self)
   end
  
-  protected
+  def followed_profiles
+    Profile.followed_by self
+  end
  
-  def followed_by?(profile)
-    self == profile || self.is_a_friend?(profile)
+  def in_social_circle?(person)
+    self.is_a_friend?(person) || super
   end
+
 end
@@ -5,7 +5,7 @@ class Profile &lt; ApplicationRecord
  
   attr_accessible :name, :identifier, :public_profile, :nickname, :custom_footer, :custom_header, :address, :zip_code, :contact_phone, :image_builder, :description, :closed, :template_id, :environment, :lat, :lng, :is_template, :fields_privacy, :preferred_domain_id, :category_ids, :country, :city, :state, :national_region_code, :email, :contact_email, :redirect_l10n, :notification_time,
     :redirection_after_login, :custom_url_redirection,
-    :email_suggestions, :allow_members_to_invite, :invite_friends_only, :secret, :profile_admin_mail_notification
+    :email_suggestions, :allow_members_to_invite, :invite_friends_only, :secret, :profile_admin_mail_notification, :allow_followers
  
   # use for internationalizable human type names in search facets
   # reimplement on subclasses
@@ -88,6 +88,8 @@ class Profile &lt; ApplicationRecord
   }
  
   acts_as_accessible
+
+  include Customizable
   acts_as_customizable
  
   include Noosfero::Plugin::HotSpot
@@ -185,6 +187,21 @@ class Profile &lt; ApplicationRecord
     Person.members_of(self).by_role(roles)
   end
  
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :data
+
+  def settings
+    data
+  end
+
+  settings_items :redirect_l10n, :type => :boolean, :default => false
+  settings_items :public_content, :type => :boolean, :default => true
+  settings_items :description
+  settings_items :fields_privacy, :type => :hash, :default => {}
+  settings_items :email_suggestions, :type => :boolean, :default => false
+  settings_items :profile_admin_mail_notification, :type => :boolean, :default => true
+
+  extend ActsAsHavingBoxes::ClassMethods
   acts_as_having_boxes
  
   acts_as_taggable
@@ -203,6 +220,23 @@ class Profile &lt; ApplicationRecord
   scope :more_active, -> { order 'activities_count DESC' }
   scope :more_recent, -> { order "created_at DESC" }
  
+  scope :followed_by, -> person{
+    distinct.select('profiles.*').
+    joins('left join profiles_circles ON profiles_circles.profile_id = profiles.id').
+    joins('left join circles ON circles.id = profiles_circles.circle_id').
+    where('circles.person_id = ?', person.id)
+  }
+
+  scope :in_circle, -> circle{
+    distinct.select('profiles.*').
+    joins('left join profiles_circles ON profiles_circles.profile_id = profiles.id').
+    joins('left join circles ON circles.id = profiles_circles.circle_id').
+    where('circles.id = ?', circle.id)
+  }
+
+  settings_items :allow_followers, :type => :boolean, :default => true
+  alias_method :allow_followers?, :allow_followers
+
   acts_as_trackable :dependent => :destroy
  
   has_many :profile_activities
@@ -215,6 +249,9 @@ class Profile &lt; ApplicationRecord
  
   has_many :email_templates, :foreign_key => :owner_id
  
+  has_many :profile_followers
+  has_many :followers, -> { uniq }, :class_name => 'Person', :through => :profile_followers, :source => :person
+
   # Although this should be a has_one relation, there are no non-silly names for
   # a foreign key on article to reference the template to which it is
   # welcome_page... =P
@@ -231,19 +268,6 @@ class Profile &lt; ApplicationRecord
     scrap.nil? ? Scrap.all_scraps(self) : Scrap.all_scraps(self).find(scrap)
   end
  
-  acts_as_having_settings :field => :data
-
-  def settings
-    data
-  end
-
-  settings_items :redirect_l10n, :type => :boolean, :default => false
-  settings_items :public_content, :type => :boolean, :default => true
-  settings_items :description
-  settings_items :fields_privacy, :type => :hash, :default => {}
-  settings_items :email_suggestions, :type => :boolean, :default => false
-  settings_items :profile_admin_mail_notification, :type => :boolean, :default => true
-
   validates_length_of :description, :maximum => 550, :allow_nil => true
  
   # Valid identifiers must match this format.
@@ -285,6 +309,7 @@ class Profile &lt; ApplicationRecord
  
   has_many :files, :class_name => 'UploadedFile'
  
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
  
   has_many :tasks, :dependent => :destroy, :as => 'target'
@@ -758,12 +783,13 @@ private :generate_url, :url_options
  
   # Adds a person as member of this Profile.
   def add_member(person, attributes={})
-    if self.has_members?
+    if self.has_members? && !self.secret
       if self.closed? && members.count > 0
         AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
       else
         self.affiliate(person, Profile::Roles.admin(environment.id), attributes) if members.count == 0
         self.affiliate(person, Profile::Roles.member(environment.id), attributes)
+        person.follow(self, Circle.find_or_create_by(:person => person, :name =>_('memberships'), :profile_type => 'Community'))
       end
       person.tasks.pending.of("InviteMember").select { |t| t.data[:community_id] == self.id }.each { |invite| invite.cancel }
       remove_from_suggestion_list person
@@ -1107,7 +1133,11 @@ private :generate_url, :url_options
   end
  
   def followed_by?(person)
-    person.is_member_of?(self)
+    (person == self) || (person.in? self.followers)
+  end
+
+  def in_social_circle?(person)
+    (person == self) || (person.is_member_of?(self))
   end
  
   def display_private_info_to?(user)
@@ -1148,4 +1178,8 @@ private :generate_url, :url_options
   def allow_destroy?(person = nil)
     person.kind_of?(Profile) && person.has_permission?('destroy_profile', self)
   end
+
+  def in_circle?(circle, follower)
+    ProfileFollower.with_follower(follower).with_circle(circle).with_profile(self).present?
+  end
 end
@@ -0,0 +1,28 @@
+class ProfileFollower < ApplicationRecord
+  self.table_name = :profiles_circles
+  track_actions :new_follower, :after_create, :keep_params => ["follower.name", "follower.url", "follower.profile_custom_icon"], :custom_user => :profile
+
+  attr_accessible :profile, :circle
+
+  belongs_to :profile
+  belongs_to :circle
+
+  has_one :person, through: :circle
+  alias follower person
+
+  validates_presence_of :profile_id, :circle_id
+  validates :profile_id, :uniqueness => {:scope => :circle_id, :message => "can't put a profile in the same circle twice"}
+
+  scope :with_follower, -> person{
+    joins(:circle).where('circles.person_id = ?', person.id)
+  }
+
+  scope :with_profile, -> profile{
+    where(:profile => profile)
+  }
+
+  scope :with_circle, -> circle{
+    where(:circle => circle)
+  }
+
+end
@@ -17,7 +17,8 @@ class ProfileSuggestion &lt; ApplicationRecord
     self.class.generate_profile_suggestions(profile_suggestion.person)
   end
  
-  acts_as_having_settings :field => :categories
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :categories
  
   validate :must_be_a_valid_category, :on => :create
   def must_be_a_valid_category
@@ -11,7 +11,8 @@
 # will need to declare <ttserialize</tt> itself).
 class Task < ApplicationRecord
  
-  acts_as_having_settings :field => :data
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :data
  
   module Status
     # the status of tasks just created
-require 'noosfero/translatable_content'
-
 # a base class for all text article types.
 class TextArticle < Article
  
@@ -9,7 +7,7 @@ class TextArticle &lt; Article
     _('Article')
   end
  
-  include Noosfero::TranslatableContent
+  include TranslatableContent
  
   def self.icon_name(article = nil)
     if article && !article.parent.nil? && article.parent.kind_of?(Blog)
-require 'white_list_filter'
-
 class TinyMceArticle < TextArticle
  
   def self.short_description
@@ -84,6 +84,7 @@ class UploadedFile &lt; Article
  
   validates_attachment :size => N_("{fn} of uploaded file was larger than the maximum size of %{size}").sub('%{size}', self.max_size.to_humanreadable).fix_i18n
  
+  extend DelayedAttachmentFu::ClassMethods
   delay_attachment_fu_thumbnails
  
   postgresql_attachment_fu
@@ -3,7 +3,7 @@
     var answer = parseInt(form.answer.value);
     var val = form.answer.value;
     if (!answer || (val.length != 4) || val > <%= Time.now.year %> || val < 1900) {
-      alert(<%= (_('The year must be between %d and %d') % [1900, Time.now.year]).inspect %>);
+      alert(<%= (_('The year must be between %d and %d').html_safe % [1900, Time.now.year]).inspect %>);
       return false;
     } else {
       return true;
@@ -28,9 +28,9 @@
  
   <p>  <strong><%= _('Pay atention! You have only one chance!') %></strong> </p>
  
-  <p><%= _("This is a question to know if you really are part of this enterprise. Pay atention because you have only one chance to answer right and activate your enterprise. If you answer wrong you will not be able to activate the enterprise automaticaly and must get in touch with the admins of %s by email or phone.") % environment.name %> </p>
+  <p><%= _("This is a question to know if you really are part of this enterprise. Pay atention because you have only one chance to answer right and activate your enterprise. If you answer wrong you will not be able to activate the enterprise automaticaly and must get in touch with the admins of %s by email or phone.").html_safe % environment.name %> </p>
  
-  <%= ApplicationHelper::NoosferoFormBuilder::output_field(@question == :foundation_year ? (_("What year your enterprise was founded? It must have 4 digits, eg 1990. %s") % environment.tip_message_enterprise_activation_question) : _('What is the CNPJ of your enterprise?'), text_field_tag(:answer, nil, :id => 'enterprise-activation-answer')) %>
+  <%= ApplicationHelper::NoosferoFormBuilder::output_field(@question == :foundation_year ? (_("What year your enterprise was founded? It must have 4 digits, eg 1990. %s").html_safe % environment.tip_message_enterprise_activation_question) : _('What is the CNPJ of your enterprise?'), text_field_tag(:answer, nil, :id => 'enterprise-activation-answer')) %>
  
     <%= hidden_field_tag :enterprise_code, params[:enterprise_code] %>
  
 <div class='description'>
   <%= _('This text will be sent to new users if the feature "Send welcome e-mail to new users" is enabled on environment.') %><br/><br/>
-  <%= _('Including %s on body, it will be replaced by the real name of the e-mail recipient.') % content_tag('code', '{user_name}') %>
+  <%= _('Including %s on body, it will be replaced by the real name of the e-mail recipient.').html_safe % content_tag('code', '{user_name}') %>
 </div>
  
 <%= labelled_form_field(_('Subject'), text_field(:environment, :signup_welcome_text_subject, :style => 'width:100%')) %>
@@ -0,0 +1,11 @@
+<div class="circles" id='circles-list'>
+
+  <%= form_for :circles, :url => {:controller => 'profile', :action => 'follow'}, :html => {:id => "follow-circles-form"}  do |f|%>
+    <%= render partial: "blocks/profile_info_actions/select_circles", :locals => {:circles => circles, :followed_profile => profile, :follower => current_person } %>
+
+    <div id="circle-actions">
+      <%= submit_button :ok, _("Follow") %>
+      <input type="button" value="<%= _("Cancel") %>" id="cancel-set-circle" class="button with-text icon-cancel"/>
+    </div>
+  <% end %>
+</div>
 <li><%= report_abuse(profile, :button) %></li>
+<% if logged_in? && (user != profile) && profile.allow_followers? %>
+  <li>
+    <% follow = user.follows?(profile) %>
+    <%= button(:unfollow, content_tag('span', _('Unfollow')), {:profile => profile.identifier, :controller => 'profile', :action => 'unfollow'}, :method => :post, :id => 'action-unfollow', :title => _("Unfollow"), :style => follow ? "" : "display: none;") %>
+    <%= button(:ok, content_tag('span', _('Follow')), {:profile => profile.identifier, :controller => 'profile', :action => 'find_profile_circles'}, :id => 'action-follow', :title => _("Follow"), :style => follow ? "display: none;" : "") %>
+    <div id="circles-container" style="display: none;">
+    </div>
+  </li>
+<% end %>
 <%= render_environment_features(:profile_actions) %>
@@ -0,0 +1,22 @@
+<div class="circles" id='circles-list'>
+  <p><%= _("Select the circles for %s") % followed_profile.name %></p>
+  <div id="circles-checkboxes">
+    <% circles.each do |circle| %>
+      <div class="circle">
+        <%= labelled_check_box circle.name, "circles[#{circle.name}]", circle.id, followed_profile.in_circle?(circle, follower) %>
+      </div>
+    <% end %>
+  </div>
+
+  <%= button(:add, _('New Circle'), '#', :id => "new-circle") %>
+
+  <div id="new-circle-form" style="display: none;">
+    <%= labelled_text_field _('Circle name') , 'circle[name]', "",:id => 'text-field-name-new-circle'%>
+    <%= hidden_field_tag('circle[profile_type]', followed_profile.class.name) %>
+
+    <%= button_bar do %>
+      <%= button(:save, _('Create'), {:profile => follower.identifier, :controller => 'circles', :action => 'xhr_create'}, :id => "new-circle-submit") %>
+      <%= button(:cancel, _('Cancel'), '#', :id => "new-circle-cancel") %>
+    <% end %>
+  </div>
+</div>
@@ -0,0 +1,3 @@
+<div class="circle">
+  <%= labelled_check_box circle.name, "circles[#{circle.name}]", circle.id %>
+</div>
@@ -0,0 +1,14 @@
+<%= error_messages_for :circle %>
+
+<%= labelled_form_for :circle, :url => (mode == :edit) ? {:action => 'update', :id => circle} : {:action => 'create'} do |f| %>
+
+  <%= required_fields_message %>
+
+  <%= required f.text_field(:name) %>
+
+  <%= required labelled_form_field _("Profile type"), f.select(:profile_type, Circle.profile_types.to_a) %>
+
+  <%= button_bar do %>
+    <%= submit_button('save', (mode == :edit) ? _('Save changes') : _('Create circle'), :cancel => {:action => 'index'} ) %>
+  <% end %>
+<% end %>
@@ -0,0 +1,3 @@
+<h1><%= _("Edit circle") %></h1>
+
+<%= render :partial => 'form', :locals => { :mode => :edit, :circle => @circle, :profile_types => @profile_types } %>
@@ -0,0 +1,30 @@
+<h1><%= _('Manage circles') %></h1>
+
+<table>
+  <tr>
+    <th><%= _('Circle name') %></th>
+    <th><%= _('Profile type') %></th>
+    <th><%= _('Actions') %></th>
+  </tr>
+  <% @circles.each do |circle| %>
+    <tr>
+      <td>
+        <%= circle.name %>
+      </td>
+      <td>
+        <%= _(circle.profile_type) %>
+      </td>
+      <td>
+        <div style="text-align: center;">
+          <%= button_without_text :edit, _('Edit'), :action => 'edit', :id => circle %>
+          <%= button_without_text :delete, _('Delete'), { :action => 'destroy', :id => circle }, { "data-method" => "POST" } %>
+        </div>
+      </td>
+    </tr>
+  <% end %>
+</table>
+
+<%= button_bar do %>
+  <%= button :add, _('Create a new circle'), :action => 'new' %>
+  <%= button :back, _('Back to control panel'), :controller => 'profile_editor' %>
+<% end %>
@@ -0,0 +1,3 @@
+<h1><%= _("New circle") %></h1>
+
+<%= render :partial => 'form', :locals => { :mode => :new, :circle => @circle, :profile_types => @profile_types } %>
@@ -58,7 +58,7 @@
 <div id="blog-image-builder">
   <%= f.fields_for :image_builder, @article.image do |i| %>
     <%= file_field_or_thumbnail(_('Cover image:'), @article.image, i)%>
-    <%= _("Max size: %s (.jpg, .gif, .png)")% Image.max_size.to_humanreadable %>
+    <%= _("Max size: %s (.jpg, .gif, .png)").html_safe % Image.max_size.to_humanreadable %>
   <% end %>
 </div>
  
-<h2><%= _('Processed validation request for %s ') % @processed.name %> (<%= status(@processed) %>)</h2>
+<h2><%= _('Processed validation request for %s ').html_safe % @processed.name %> (<%= status(@processed) %>)</h2>
  
 <%= link_to _('Back'), :action => 'index' %>
  
-<h1><%= _('Adding %s as a favorite enterprise') % @favorite_enterprise.name %></h1>
+<h1><%= _('Adding %s as a favorite enterprise').html_safe % @favorite_enterprise.name %></h1>
  
 <p>
-<%= _('Are you sure you want to add %s as your favorite enterprise?') % @favorite_enterprise.name %>
+<%= _('Are you sure you want to add %s as your favorite enterprise?').html_safe % @favorite_enterprise.name %>
 </p>
  
 <%= form_tag do %>
   <%= hidden_field_tag(:confirmation, 1) %>
  
-  <%= submit_button(:ok, _("Yes, I am sure"), :title => _("I want to add %s as a favorite enterprise") % @favorite_enterprise.name) %>
+  <%= submit_button(:ok, _("Yes, I am sure"), :title => _("I want to add %s as a favorite enterprise").html_safe % @favorite_enterprise.name) %>
   <%= button(:cancel, _("No, I don't want"), :action => 'index') %>
 <% end %>
@@ -4,15 +4,15 @@
   current_index = images.index(image.encapsulated_file)
   total_of_images = images.count
   link_to_previous = if current_index >= 1
-   link_to(_('&laquo; Previous'), images[current_index - 1].view_url, :class => 'previous')
+   link_to(_('&laquo; Previous').html_safe, images[current_index - 1].view_url, :class => 'previous')
   else
-    content_tag('span', _('&laquo; Previous'), :class => 'previous')
+    content_tag('span', _('&laquo; Previous').html_safe, :class => 'previous')
   end
  
   link_to_next = if current_index < total_of_images - 1
-    link_to(_('Next &raquo;'), images[current_index + 1].view_url, :class => 'next')
+    link_to(_('Next &raquo;').html_safe, images[current_index + 1].view_url, :class => 'next')
   else
-    content_tag('span', _('Next &raquo;'), :class => 'next')
+    content_tag('span', _('Next &raquo;').html_safe, :class => 'next')
   end
 %>
  
@@ -0,0 +1,14 @@
+<div class="circles" id='circles-list'>
+  <%= form_for :circles, :url => {:controller => 'followers', :action => 'update_category'}, :html => {:id => "follow-circles-form"}  do |f|%>
+    <%= render partial: "blocks/profile_info_actions/select_circles", :locals => {:circles => circles, :followed_profile => followed_profile, :follower => profile }  %>
+
+    <%= hidden_field_tag('followed_profile_id', followed_profile.id) %>
+
+    <div id="circle-actions">
+      <div id="actions-container">
+        <%= submit_button('save', _('Save')) %>
+        <%= modal_close_button  _("Cancel") %>
+      </div>
+    </div>
+  <% end %>
+</div>
@@ -0,0 +1,17 @@
+<ul class="profile-list">
+  <% profiles.each do |followed_profile| %>
+    <li>
+    <%= link_to_profile profile_image(followed_profile) + tag('br') + followed_profile.short_name,
+                        followed_profile.identifier, :class => 'profile-link' %>
+    <div class="controll">
+      <%= button_without_text :remove, content_tag('span',_('unfollow')),
+        { :controller => "profile", :profile => followed_profile.identifier, :follower_id => profile.id,
+          :action => 'unfollow', :redirect_to => url_for({:controller => "followers", :profile => profile.identifier}) },
+          :method => :post, :title => _('remove') %>
+      <%= modal_icon_button :edit, _('change category'),
+             url_for(:controller => 'followers', :action => 'set_category_modal',
+                     :followed_profile_id => followed_profile.id) %>
+    </div><!-- end class="controll" -->
+    </li>
+  <% end %>
+</ul>
@@ -0,0 +1,27 @@
+<div id="manage_followed people">
+
+<h1><%= _("%s is following") % profile.name %></h1>
+
+<% cache_timeout(profile.manage_friends_cache_key(params), 4.hours) do %>
+  <% if @followed_people.empty? %>
+    <p>
+      <em>
+        <%= _("You don't follow anybody yet.") %>
+      </em>
+    </p>
+  <% end %>
+
+  <%= button_bar do %>
+    <%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
+    <%= button(:search, _('Find people'), :controller => 'search', :action => 'assets', :asset => 'people') %>
+  <% end %>
+
+  <%= labelled_select(_('Profile type')+': ', :filter_profile_type, :last, :first, @active_filter, @profile_types, :id => "profile-type-filter") %>
+
+  <%= render :partial => 'profile_list', :locals => { :profiles => @followed_people } %>
+
+  <br style="clear:both" />
+  <%= pagination_links @followed_people, :param_name => 'npage' %>
+<% end %>
+
+</div>
 <div id="remove_friend">
  
-<h1><%= _('Removing friend: %s') % @friend.name %></h1>
+<h1><%= _('Removing friend: %s').html_safe % @friend.name %></h1>
  
 <%= profile_image @friend, :thumb, :class => 'friend_picture' %>
  
 <p>
-<%= _('Are you sure you want to remove %s from your friends list?') % @friend.name %>
+<%= _('Are you sure you want to remove %s from your friends list?').html_safe % @friend.name %>
 </p>
  
 <p>
 <em>
-<%= _('Note that %s will still have you as a friend, unless he/she also wants to remove you from his/her friend list.') % @friend.name %>
+<%= _('Note that %s will still have you as a friend, unless he/she also wants to remove you from his/her friend list.').html_safe % @friend.name %>
 </em>
 </p>
  
 <% default_message = defined?(default_message) ? default_message : false %>
  
 <div id='thanks-for-signing'>
-  <h1><%= _("Welcome to %s!") % environment.name %></h1>
+  <h1><%= _("Welcome to %s!").html_safe % environment.name %></h1>
   <% if environment.has_custom_welcome_screen? && !default_message %>
     <%= environment.settings[:signup_welcome_screen_body].html_safe %>
   <% else %>
@@ -10,21 +10,21 @@
         <p><%= _("Firstly, some tips for getting started:") %></p>
         <h4><%= _("Confirm your account!") %></h4>
         <p><%= _("You should receive a welcome email from us shortly. Please take a second to follow the link within to confirm your account.") %></p>
-        <p><%= _("You won't appear as %s until your account is confirmed.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
+        <p><%= _("You won't appear as %s until your account is confirmed.").html_safe % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
       <% else %>
         <h4><%= _("Wait for admin approvement!") %></h4>
         <p><%= _("The administrators will evaluate your signup request for approvement.") %></p>
-        <p><%= _("You won't appear as %s until your account is approved.") % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
+        <p><%= _("You won't appear as %s until your account is approved.").html_safe % link_to(_('user'), {:controller => :search, :action => :people, :filter => 'more_recent'}, :target => '_blank') %></p>
       <% end %>
       <h4><%= _("What to do next?") %></h4>
-      <p><%= _("Access your %s and see your face on the network!") %
+      <p><%= _("Access your %s and see your face on the network!").html_safe %
         (user.present? ? link_to(_('Profile'), {:controller => 'profile', :profile => user.identifier}, :target => '_blank') : 'Profile') %>
-      <%= _("You can also explore your %s to customize your profile. Here are some %s on what you can do there.") %
+      <%= _("You can also explore your %s to customize your profile. Here are some %s on what you can do there.").html_safe %
         [user.present? ? link_to(_('Control Panel'), {:controller => 'profile_editor', :profile => user.identifier}, :target => '_blank') : 'Control Panel',
           link_to(_('tips'), {:controller => 'doc', :action => 'topic', :section => 'user', :topic => 'editing-person-info'}, :target => '_blank')] %></p>
-      <p><%= _("%s your Gmail, Yahoo and Hotmail contacts!") % link_to(_('Invite and find'), {:controller => 'doc', :action => 'topic', :section => 'user', :topic => 'invite-contacts'}, :target => '_blank') %></p>
-      <p><%= _("Learn the guidelines. Read the %s for more details on how to use this social network!") % link_to(_('Documentation'), {:controller => 'doc'}, :target => '_blank') %></p>
+      <p><%= _("%s your Gmail, Yahoo and Hotmail contacts!").html_safe % link_to(_('Invite and find'), {:controller => 'doc', :action => 'topic', :section => 'user', :topic => 'invite-contacts'}, :target => '_blank') %></p>
+      <p><%= _("Learn the guidelines. Read the %s for more details on how to use this social network!").html_safe % link_to(_('Documentation'), {:controller => 'doc'}, :target => '_blank') %></p>
       <p><%= _("Start exploring and have fun!") %></p>
   <% end %>
-  <%= render :partial => 'shared/template_welcome_page', :locals => {:template => @person_template, :header => _("What can I do as a %s?")} %>
+  <%= render :partial => 'shared/template_welcome_page', :locals => {:template => @person_template, :header => _("What can I do as a %s?").html_safe} %>
 </div>
@@ -5,7 +5,7 @@
   <td>
     <p>
     <span style="font-size: 14px;"><%= link_to activity.user.short_name(20), activity.user.url %></span>
-    <span style="font-size: 14px;"><%= _("has published on community %s") % link_to(activity.target.profile.short_name(20), activity.target.profile.url, :style => "color: #333; font-weight: bold; text-decoration: none;") if activity.target.profile.is_a?(Community) %></span>
+    <span style="font-size: 14px;"><%= _("has published on community %s").html_safe % link_to(activity.target.profile.short_name(20), activity.target.profile.url, :style => "color: #333; font-weight: bold; text-decoration: none;") if activity.target.profile.is_a?(Community) %></span>
     <span style="font-size: 10px; color: #929292; float:right;"><%= time_ago_in_words(activity.created_at) %></span>
     </p>
     <p>
@@ -0,0 +1 @@
+<%= render :partial => 'default_activity', :locals => { :activity => activity } %>
 <% if activity.comments_count > 2 %>
   <div style="font-size: 10px;">
     <% if activity.params['url'].blank?  %>
-      <%= _("%s comments") % activity.comments_count %>
+      <%= _("%s comments").html_safe % activity.comments_count %>
     <% else %>
-      <%= link_to(_("View all %s comments") % activity.comments_count, activity.params['url']) %>
+      <%= link_to(_("View all %s comments").html_safe % activity.comments_count, activity.params['url']) %>
     <% end %>
   </div>
 <% else %>
@@ -5,7 +5,7 @@
       <%= link_to @url, :style => "text-decoration: none;" do %>
         <span style="font-weight:bold;font-size: 28px;margin: 0;color: white;background-color: #AAAAAA;padding: 5px;"><%= @environment.name %></span>
       <% end %>
-      <span style="font-weight:bold;color: #333;font-size:19px;margin-left: 8px;"><%= _("%s's Notifications") % @profile.name %></h3>
+      <span style="font-weight:bold;color: #333;font-size:19px;margin-left: 8px;"><%= _("%s's Notifications").html_safe % @profile.name %></h3>
     </div>
     <div style="margin: 0 20px 20px 20px;border-top:1px solid #e2e2e2;">
       <% if @tasks.present? %>
@@ -34,7 +34,7 @@
  
       <div style="color:#444444;font-size:11px;margin-bottom: 20px;">
         <p style="margin:0"><%= _("Greetings,") %></p>
-        <p style="margin:0"><%= _('%s team.') % @environment.name %></p>
+        <p style="margin:0"><%= _('%s team.').html_safe % @environment.name %></p>
         <p style="margin:0"><%= link_to @url, url_for(@url) %></p>
       </div>
     </div>
@@ -0,0 +1,18 @@
+<% cache_timeout(profile.friends_cache_key(params), 4.hours) do %>
+  <ul class='profile-list'>
+    <% follow.each do |follower| %>
+      <%= profile_image_link(follower) %>
+    <% end%>
+  </ul>
+
+  <div id='pagination-profiles'>
+    <%= pagination_links follow, :param_name => 'npage' %>
+  </div>
+<% end %>
+
+<%= button_bar do %>
+  <%= button :back, _('Go back'), { :controller => 'profile' } %>
+  <% if user == profile %>
+    <%= button :edit, _('Manage followed people'), :controller => 'friends', :action => 'index', :profile => profile.identifier %>
+  <% end %>
+<% end %>
@@ -0,0 +1 @@
+<%= render :partial => 'default_activity', :locals => { :activity => activity, :tab_action => tab_action } %>
@@ -13,5 +13,5 @@
     <%= button(:add, content_tag('span', _('Add friend')), profile.add_url, :class => 'add-friend', :title => _("Add friend"), :style => 'position: relative;') %>
   <% end %>
   <%= button :back, _('Go back'), :back %>
-  <%= button :home, _("Go to %s home page") % environment.name, :controller => 'home' %>
+  <%= button :home, _("Go to %s home page").html_safe % environment.name, :controller => 'home' %>
 <% end %>
@@ -5,7 +5,7 @@
 <% if activity.comments_count > 0 %>
 <div id="profile-wall-activities-comments-more-<%= activity.id %>" class="profile-wall-activities-comments" >
   <div class='view-all-comments icon-chat'>
-     <%= link_to(n_('View comment', "View all %s comments", activity.comments_count) % activity.comments_count, :profile => profile.identifier, :controller => 'profile', :action => 'more_comments', :activity => activity, :comment_page => (1)) %>
+     <%= link_to(n_('View comment', "View all %s comments".html_safe, activity.comments_count) % activity.comments_count, :profile => profile.identifier, :controller => 'profile', :action => 'more_comments', :activity => activity, :comment_page => (1)) %>
   </div>
 </div>
 <% end %>
@@ -23,7 +23,7 @@
   <% if scrap.replies.count > 0 %>
     <div id="profile-wall-activities-comments-more-<%= activity.id %>" class="profile-wall-activities-comments">
       <div class='view-all-comments icon-chat'>
-        <%= link_to(n_('View comment', "View all %s comments", scrap.replies.count) % scrap.replies.count, :profile => profile.identifier, :controller => 'profile', :action => 'more_replies', :activity => activity, :comment_page => (1)) %>
+        <%= link_to(n_('View comment', "View all %s comments".html_safe, scrap.replies.count) % scrap.replies.count, :profile => profile.identifier, :controller => 'profile', :action => 'more_replies', :activity => activity, :comment_page => (1)) %>
       </div>
     </div>
   <% end %>
@@ -0,0 +1,7 @@
+<div class="common-profile-list-block">
+
+<h1><%= _("%s is followed by") % profile.name %></h1>
+
+<%= render :partial => 'follow', :locals => {:follow => @followed_by} %>
+
+</div>
@@ -0,0 +1,7 @@
+<div class="common-profile-list-block">
+
+<h1><%= _("%s is following") % profile.name %></h1>
+
+<%= render :partial => 'follow', :locals => {:follow => @followed_people} %>
+
+</div>
-<h1><%= _('Profile settings for %s') % profile.name %></h1>
+<h1><%= _('Profile settings for %s').html_safe % profile.name %></h1>
  
 <%= error_messages_for :profile_data %>
  
@@ -18,14 +18,16 @@
   </div>
   <div id="profile_change_picture">
     <%= f.fields_for :image_builder, @profile.image do |i| %>
-      <%= file_field_or_thumbnail(_('Image:'), @profile.image, i) %><%= _("Max size: %s (.jpg, .gif, .png)")% Image.max_size.to_humanreadable %>
+      <%= file_field_or_thumbnail(_('Image:'), @profile.image, i) %><%= _("Max size: %s (.jpg, .gif, .png)").html_safe % Image.max_size.to_humanreadable %>
     <% end %>
   </div>
  
   <h2><%= _('Privacy options') %></h2>
-
+  <div>
+    <%= labelled_check_box _("Allow other users to follow me"), 'profile_data[allow_followers]', true, @profile.allow_followers?, :class => "person-can-be-followed" %>
+  </div>
   <% if profile.person? %>
-    <div>
+    <div id="profile_allow_follows">
       <%= labelled_radio_button _('Public &mdash; show my contents to all internet users').html_safe, 'profile_data[public_profile]', true, @profile.public_profile? %>
     </div>
     <div>
@@ -72,6 +72,11 @@
  
   <%= control_panel_button(_('Email Templates'), 'email-templates', :controller => :profile_email_templates) if profile.organization? %>
  
+  <% if profile.person? %>
+    <%= control_panel_button(_('Manage followed profiles'), 'edit-profile', :controller => :followers) %>
+    <%= control_panel_button(_('Manage circles'), 'edit-profile-group', :controller => :circles) %>
+  <% end %>
+
   <% @plugins.dispatch(:control_panel_buttons).each do |button| %>
     <%= control_panel_button(button[:title], button[:icon], button[:url], button[:html_options]) %>
   <% end %>
 <div id='search-content'>
   <div class='total'>
-    <%= n_('Total of 1 result', 'Total of %s results', @searches[@asset][:results].total_entries) % @searches[@asset][:results].total_entries.inspect %>
+    <%= n_('Total of 1 result', 'Total of %s results'.html_safe, @searches[@asset][:results].total_entries) % @searches[@asset][:results].total_entries.inspect %>
   </div>
  
 <%= display_results(@searches, @asset) %>
-<%= render :partial => 'search_form', :locals => { :hint => _("Type words about the %s you're looking for") % _(@asset.to_s.singularize) } %>
+<%= render :partial => 'search_form', :locals => { :hint => _("Type words about the %s you're looking for").html_safe % _(@asset.to_s.singularize) } %>
 <%= render :partial => 'search_content' %>
  
 <div style="clear: both"></div>
 <%= profile_image suggestion, :thumb, :class => 'suggestion_picture' %>
  
 <p>
-<%= _('Are you sure you want to remove %s from your suggestions list?') % suggestion.name %>
+<%= _('Are you sure you want to remove %s from your suggestions list?').html_safe % suggestion.name %>
 </p>
  
 <%= form_tag do %>
-  <%= submit_button(:ok, _("Yes, I want to remove %s") % suggestion.name) %>
+  <%= submit_button(:ok, _("Yes, I want to remove %s").html_safe % suggestion.name) %>
   <%= button(:cancel, _("No"), :action => 'suggest') %>
 <% end %>
-<h2><%= _('Ticket: %s') % @ticket.name %></h2>
+<h2><%= _('Ticket: %s').html_safe % @ticket.name %></h2>
 <p><small>
-  <%= _('Created at %s by %s') % [@ticket.created_at.to_date, link_to(@ticket.requestor.name, @ticket.requestor.url)] %><br/>
-  <%= _('Owner: %s') %  link_to(@ticket.target.name, @ticket.target.url) %>
+  <%= _('Created at %s by %s').html_safe % [@ticket.created_at.to_date, link_to(@ticket.requestor.name, @ticket.requestor.url)] %><br/>
+  <%= _('Owner: %s').html_safe %  link_to(@ticket.target.name, @ticket.target.url) %>
 </small></p>
  
-<p><%= _('Status: %s') % gettext(Task::Status.names[@ticket.status]) %></p>
+<p><%= _('Status: %s').html_safe % gettext(Task::Status.names[@ticket.status]) %></p>
  
 <div>
-  <p><%= _('Description: %s') % @ticket.description %></p>
+  <p><%= _('Description: %s').html_safe % @ticket.description %></p>
 </div>
  
 <% if @ticket.closing_statment %>
-  <p><%= _('Closing statement: %s') % @ticket.closing_statment %></p>
+  <p><%= _('Closing statement: %s').html_safe % @ticket.closing_statment %></p>
 <% end %>
  
 <%= button_bar do %>
@@ -10,7 +10,7 @@
 <% list_of_templates.each do |title, templates, kind|%>
   <div class='template-kind'>
     <h2><%= title %></h2>
-    <%= button :add, _('New...'), {:action => "create_#{kind}_template"}, :title => _("Create a new template for %s") % title.downcase %>
+    <%= button :add, _('New...'), {:action => "create_#{kind}_template"}, :title => _("Create a new template for %s").html_safe % title.downcase %>
     <table class='actions'>
       <tr>
         <th><%= _('Template') %></th>
@@ -20,11 +20,11 @@
         <tr>
           <td>
             <%#= image_tag "icons-app/#{kind}-icon.png" %>
-            <%= link_to(template.name, {:controller => 'profile_editor', :profile => template.identifier}, :title => _('Edit template "%s"') % template.name ) %>
+            <%= link_to(template.name, {:controller => 'profile_editor', :profile => template.identifier}, :title => _('Edit template "%s"').html_safe % template.name ) %>
             <% if environment.is_default_template?(template) %>
               <%= _('is the default template') %>
             <% else %>
-              <%= link_to(_('Set as default'), {:action => "set_#{kind}_as_default", :template_id => template.id}, :title => _('Set %s template as default') % template.name ) %>
+              <%= link_to(_('Set as default'), {:action => "set_#{kind}_as_default", :template_id => template.id}, :title => _('Set %s template as default').html_safe % template.name ) %>
             <% end %>
           </td>
           <td>
-<%= _('Hello %s,') % @name  %>
+<%= _('Hello %s,').html_safe % @name  %>
  
-<%= _('Your email %s was just activated.') % [@email] %>
+<%= _('Your email %s was just activated.').html_safe % [@email] %>
  
 <%= _('You can access your e-mail from anywhere, using the following address:') %>
 <%= @webmail %>
@@ -8,5 +8,5 @@
 <%= _('Greetings,') %>
  
 --
-<%= _('%s team.') % @environment.name %>
+<%= _('%s team.').html_safe % @environment.name %>
 <%= @url %>
@@ -16,15 +16,6 @@ end
 require 'extensions'
  
 # locally-developed modules
-require 'acts_as_filesystem'
-require 'acts_as_having_settings'
-require 'acts_as_having_boxes'
-require 'acts_as_having_image'
-require 'acts_as_having_posts'
-require 'acts_as_customizable'
 require 'route_if'
 require 'maybe_add_http'
-require 'set_profile_region_from_city_state'
-require 'needs_profile'
-require 'white_list_filter'
  
@@ -12,6 +12,10 @@ ActionTrackerConfig.verbs = {
     type: :groupable
   },
  
+  new_follower: {
+    type: :groupable
+  },
+
   join_community: {
     type: :groupable
   },
@@ -7,6 +7,7 @@ class Environment &lt; ApplicationRecord
   has_many :profiles
   has_many :products, through: :profiles
  
+  extend ActsAsHavingSettings::ClassMethods
   acts_as_having_settings field: :settings
   settings_items :enabled_plugins, type: Array
 end
@@ -0,0 +1,43 @@
+class CreateProfileFollowersTable < ActiveRecord::Migration
+  def up
+    create_table :profiles_circles do |t|
+      t.column :profile_id, :integer
+      t.column :circle_id, :integer
+      t.timestamps
+    end
+
+    create_table :circles do |t|
+      t.column :name, :string
+      t.belongs_to :person
+      t.column :profile_type, :string, :null => false
+    end
+
+    add_foreign_key :profiles_circles, :circles, :on_delete => :nullify
+
+    add_index :profiles_circles, [:profile_id, :circle_id], :name => "profiles_circles_composite_key_index", :unique => true
+    add_index :circles, [:person_id, :name], :name => "circles_composite_key_index", :unique => true
+
+    #insert one category for each friend group a person has
+    execute("INSERT INTO circles(name, person_id, profile_type) SELECT DISTINCT 'friendships', f.person_id, 'Person' FROM friendships as f WHERE f.group IS NULL OR f.group = ''")
+    execute("INSERT INTO circles(name, person_id, profile_type) SELECT DISTINCT regexp_split_to_table(f.group, ', '), f.person_id, 'Person' FROM friendships as f WHERE f.group IS NOT NULL AND f.group <> ''")
+    #insert 'memberships' category if a person is in a community as any role
+    execute("INSERT INTO circles(name, person_id, profile_type) SELECT DISTINCT 'memberships', ra.accessor_id, 'Community'  FROM role_assignments as ra JOIN profiles ON ra.resource_id = profiles.id WHERE ra.resource_type = 'Profile' AND profiles.type = 'Community'")
+    #insert 'favorites' category if a person has any favorited enterprise
+    execute("INSERT INTO circles(name, person_id, profile_type) SELECT DISTINCT 'favorites', person_id, 'Enterprise' FROM favorite_enterprise_people")
+
+    #insert a follower entry for each friend, with the category the same as the friendship group or equals 'friendships'
+    execute("INSERT INTO profiles_circles(profile_id, circle_id) SELECT DISTINCT f.friend_id, c.id FROM friendships as f JOIN circles as c ON f.person_id = c.person_id WHERE c.name = ANY(regexp_split_to_array(f.group, ', ')) OR c.name = 'friendships'")
+    #insert a follower entry for each favorited enterprise, with the category 'favorites'
+    execute("INSERT INTO profiles_circles(profile_id, circle_id) SELECT DISTINCT f.enterprise_id, c.id FROM favorite_enterprise_people AS f JOIN circles as c ON f.person_id = c.person_id WHERE c.name = 'favorites' ")
+    #insert a follower entry for each community a person participates with any role
+    execute("INSERT INTO profiles_circles(profile_id, circle_id) SELECT DISTINCT ra.resource_id, c.id FROM role_assignments as ra JOIN profiles ON ra.accessor_id = profiles.id JOIN circles as c ON ra.accessor_id = c.person_id WHERE ra.resource_type = 'Profile' AND profiles.type = 'Community' AND c.name = 'memberships'")
+  end
+
+  def down
+    remove_foreign_key :profiles_circles, :circles
+    remove_index :profiles_circles, :name => "profiles_circles_composite_key_index"
+    remove_index :circles, :name => "circles_composite_key_index"
+    drop_table :circles
+    drop_table :profiles_circles
+  end
+end
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
  
-ActiveRecord::Schema.define(version: 20160422163123) do
+ActiveRecord::Schema.define(version: 20160608123748) do
  
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -274,6 +274,14 @@ ActiveRecord::Schema.define(version: 20160422163123) do
   add_index "chat_messages", ["from_id"], name: "index_chat_messages_on_from_id", using: :btree
   add_index "chat_messages", ["to_id"], name: "index_chat_messages_on_to_id", using: :btree
  
+  create_table "circles", force: :cascade do |t|
+    t.string  "name"
+    t.integer "person_id"
+    t.string  "profile_type", null: false
+  end
+
+  add_index "circles", ["person_id", "name"], name: "circles_composite_key_index", unique: true, using: :btree
+
   create_table "comments", force: :cascade do |t|
     t.string   "title"
     t.text     "body"
@@ -639,6 +647,15 @@ ActiveRecord::Schema.define(version: 20160422163123) do
   add_index "profiles", ["user_id", "type"], name: "index_profiles_on_user_id_and_type", using: :btree
   add_index "profiles", ["user_id"], name: "index_profiles_on_user_id", using: :btree
  
+  create_table "profiles_circles", force: :cascade do |t|
+    t.integer  "profile_id"
+    t.integer  "circle_id"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "profiles_circles", ["profile_id", "circle_id"], name: "profiles_circles_composite_key_index", unique: true, using: :btree
+
   create_table "qualifier_certifiers", force: :cascade do |t|
     t.integer "qualifier_id"
     t.integer "certifier_id"
@@ -860,4 +877,5 @@ ActiveRecord::Schema.define(version: 20160422163123) do
   add_index "votes", ["voteable_id", "voteable_type"], name: "fk_voteables", using: :btree
   add_index "votes", ["voter_id", "voter_type"], name: "fk_voters", using: :btree
  
+  add_foreign_key "profiles_circles", "circles", on_delete: :nullify
 end
@@ -0,0 +1,114 @@
+Feature: follow profile
+  As a noosfero user
+  I want to follow a profile
+  So I can receive notifications from it
+
+  Background:
+    Given the following community
+      | identifier  | name          |
+      | nightswatch | Nights Watch  |
+    And the following users
+      | login    |
+      | johnsnow |
+    And the user "johnsnow" has the following circles
+      | name      | profile_type |
+      | Family    | Person       |
+      | Work      | Community    |
+      | Favorites | Community    |
+
+  @selenium
+  Scenario: Common noofero user follow a community
+    Given I am logged in as "johnsnow"
+    When I go to nightswatch's homepage
+    When I follow "Follow"
+    When I check "Work"
+    When I press "Follow"
+    And I wait 1 second
+    Then "johnsnow" should be a follower of "nightswatch" in circle "Work"
+
+  @selenium
+  Scenario: Common noofero user follow a community in more than one circle
+    Given I am logged in as "johnsnow"
+    When I go to nightswatch's homepage
+    When I follow "Follow"
+    When I check "Work"
+    When I check "Favorites"
+    When I press "Follow"
+    And I wait 1 second
+    Then "johnsnow" should be a follower of "nightswatch" in circle "Work"
+    And "johnsnow" should be a follower of "nightswatch" in circle "Favorites"
+
+  @selenium
+  Scenario: No see another profile type circle when following a community
+    Given I am logged in as "johnsnow"
+    When I go to nightswatch's homepage
+    When I follow "Follow"
+    Then I should not see "Family"
+    And I should see "Favorites"
+    And I should see "Work"
+
+  @selenium
+  Scenario: Common noofero user follow a community then cancel the action
+    Given I am logged in as "johnsnow"
+    When I go to nightswatch's homepage
+    When I follow "Follow"
+    When I press "Cancel"
+    And I wait 1 second
+    Then I should not see "Family"
+    And I should not see "Favorites"
+    And I should not see "Work"
+    And I should not see "New Circle"
+    Then "johnsnow" should not be a follower of "nightswatch"
+
+  @selenium
+  Scenario: Common noofero user cancel the circle creation action
+    Given I am logged in as "johnsnow"
+    When I go to nightswatch's homepage
+    When I follow "Follow"
+    When I follow "New Circle"
+    When I press "Cancel"
+    And I wait 1 second
+    Then I should not see "Circle name"
+    And I should not see "Create"
+
+  @selenium
+  Scenario: Noosfero user see new circle option when following a community
+    Given I am logged in as "johnsnow"
+    When I go to nightswatch's homepage
+    When I follow "Follow"
+    Then I should see "New Circle"
+
+  @selenium
+  Scenario: Common noofero user follow a community with a new circle
+    Given I am logged in as "johnsnow"
+    When I go to nightswatch's homepage
+    When I follow "Follow"
+    When I follow "New Circle"
+    And I fill in "text-field-name-new-circle" with "Winterfell"
+    When I follow "Create"
+    When I check "Winterfell"
+    When I press "Follow"
+    And I wait 1 second
+    Then "johnsnow" should be a follower of "nightswatch" in circle "Winterfell"
+
+  @selenium
+  Scenario: Common noofero user create a new circle when following a community
+    Given I am logged in as "johnsnow"
+    When I go to nightswatch's homepage
+    When I follow "Follow"
+    When I follow "New Circle"
+    And I fill in "text-field-name-new-circle" with "Winterfell"
+    When I follow "Create"
+    And I wait 1 second
+    Then "johnsnow" should have the circle "Winterfell" with profile type "Community"
+    Then I should not see "Circle name"
+    Then I should not see "Create"
+
+  @selenium
+  Scenario: Common noofero user unfollow a community
+    Given "johnsnow" is a follower of "nightswatch" in circle "Work"
+    And I am logged in as "johnsnow"
+    When I go to nightswatch's homepage
+    When I follow "Unfollow"
+    Then "johnsnow" should not be a follower of "nightswatch"
+
@@ -0,0 +1,35 @@
+Given /^the user "(.+)" has the following circles$/ do |user_name,table|
+  person = User.find_by(:login => user_name).person
+  table.hashes.each do |circle|
+    Circle.create!(:person => person, :name => circle[:name], :profile_type => circle[:profile_type])
+  end
+end
+
+Then /^"(.+)" should be a follower of "(.+)" in circle "(.+)"$/ do |person, profile, circle|
+  profile =  Profile.find_by(identifier: profile)
+  followers = profile.followers
+  person = Person.find_by(identifier: person)
+  followers.should include(person)
+
+  circle = Circle.find_by(:name => circle, :person => person)
+  ProfileFollower.find_by(:circle => circle, :profile => profile).should_not == nil
+end
+
+Then /^"(.+)" should not be a follower of "(.+)"$/ do |person, profile|
+  profile =  Profile.find_by(identifier: profile)
+  followers = profile.followers
+  person = Person.find_by(identifier: person)
+  followers.should_not include(person)
+end
+
+Given /^"(.+)" is a follower of "(.+)" in circle "(.+)"$/ do |person, profile, circle|
+  profile =  Profile.find_by(identifier: profile)
+  person = Person.find_by(identifier: person)
+  circle = Circle.find_by(:name => circle, :person => person)
+  ProfileFollower.create!(:circle => circle, :profile => profile)
+end
+
+Then /^"(.+)" should have the circle "(.+)" with profile type "(.+)"$/ do |user_name, circle, profile_type|
+  person = User.find_by(:login => user_name).person
+  Circle.find_by(:name => circle, :person => person, :profile_type => profile_type).should_not == nil
+end
@@ -8,8 +8,7 @@ end
 class AccountControllerTest < ActionController::TestCase
   def setup
     @controller = AccountController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @person = create_user('person').person
  
     @environment = Environment.default
@@ -4,8 +4,6 @@ require_relative &#39;../../controllers/admin_notifications_plugin_admin_controller&#39;
 class AdminNotificationsPluginAdminControllerTest < ActionController::TestCase
   def setup
     @controller = AdminNotificationsPluginAdminController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
     @person = create_user('person').person
  
     @environment = Environment.default
@@ -7,8 +7,6 @@ require(
 class AdminNotificationsPluginMyprofileControllerTest < ActionController::TestCase
   def setup
     @controller = AdminNotificationsPluginMyprofileController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
     @person = create_user('person').person
     @community = fast_create(Community)
  
@@ -7,8 +7,6 @@ require(
 class AdminNotificationsPluginPublicControllerTest < ActionController::TestCase
   def setup
     @controller = AdminNotificationsPluginPublicController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
     @person = create_user('person').person
  
     @environment = Environment.default
@@ -7,8 +7,7 @@ end
 class HomeControllerTest < ActionController::TestCase
   def setup
     @controller = HomeController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @person = create_user('person').person
  
     @environment = Environment.default
@@ -0,0 +1,2 @@
+gem 'browser', '~> 2.2.0'
+
@@ -7,12 +7,39 @@ class AnalyticsPlugin::StatsController &lt; MyProfileController
   def index
   end
  
+  def edit
+    return render_access_denied unless user.has_permission? 'edit_profile', profile
+
+    params[:analytics_settings][:enabled] = params[:analytics_settings][:enabled] == 'true'
+    params[:analytics_settings][:anonymous] = params[:analytics_settings][:anonymous] == 'true'
+    @settings = profile.analytics_settings params[:analytics_settings] || {}
+    @settings.save!
+    render nothing: true
+  end
+
+  def view
+    params[:profile_ids] ||= [profile.id]
+    ids = params[:profile_ids].map(&:to_i)
+    user.adminships # FIXME just to cache #adminship_ids
+    ids = ids.select{ |id| id.in? user.adminship_ids } unless @user_is_admin
+
+    @profiles = environment.profiles.find ids
+    @user = environment.people.find params[:user_id]
+    @visits = AnalyticsPlugin::Visit.eager_load(:users_page_views).
+      where(profile_id: ids, analytics_plugin_page_views: {user_id: @user.id})
+
+    render partial: 'table', locals: {visits: @visits}
+
+  end
+
   protected
  
-  def default_url_options
-    # avoid rails' use_relative_controller!
-    {use_route: '/'}
+  # inherit routes from core skipping use_relative_controller!
+  def url_for options
+    options[:controller] = "/#{options[:controller]}" if options.is_a? Hash and options[:controller] and not options[:controller].to_s.starts_with? '/'
+    super options
   end
+  helper_method :url_for
  
   def skip_page_view
     @analytics_skip_page_view = true
@@ -7,7 +7,10 @@ class AnalyticsPlugin::TimeOnPageController &lt; ProfileController
     Noosfero::Scheduler::Defer.later do
       page_view = profile.page_views.where(request_id: params[:id]).first
       page_view.request = request
-      page_view.page_load!
+      AnalyticsPlugin::PageView.transaction do
+        page_view.page_load! Time.at(params[:time].to_i)
+        page_view.update_column :title, params[:title] if params[:title].present?
+      end
     end
  
     render nothing: true
@@ -0,0 +1,40 @@
+class AddTitleAndIsBotToAnalyticsPluginPageView < ActiveRecord::Migration
+
+  def up
+    add_column :analytics_plugin_page_views, :title, :text
+    add_column :analytics_plugin_page_views, :is_bot, :boolean
+
+    # missing indexes for performance
+    add_index :analytics_plugin_page_views, :type
+    add_index :analytics_plugin_page_views, :visit_id
+    add_index :analytics_plugin_page_views, :request_started_at
+    add_index :analytics_plugin_page_views, :page_loaded_at
+    add_index :analytics_plugin_page_views, :is_bot
+
+    AnalyticsPlugin::PageView.transaction do
+      AnalyticsPlugin::PageView.find_each do |page_view|
+        page_view.send :fill_is_bot
+        page_view.update_column :is_bot, page_view.is_bot
+      end
+    end
+
+    change_table :analytics_plugin_visits do |t|
+      t.timestamps
+    end
+    AnalyticsPlugin::Visit.transaction do
+      AnalyticsPlugin::Visit.find_each do |visit|
+        visit.created_at = visit.page_views.first.request_started_at
+        visit.updated_at = visit.page_views.last.request_started_at
+        visit.save!
+      end
+    end
+
+    # never used
+    remove_column :analytics_plugin_page_views, :track_id
+  end
+
+  def down
+    say "this migration can't be reverted"
+  end
+
+end
@@ -13,4 +13,15 @@ module AnalyticsPlugin
     I18n.t'analytics_plugin.lib.plugin.description'
   end
  
+  def self.clear_non_users
+    ActiveRecord::Base.transaction do
+      AnalyticsPlugin::PageView.bots.delete_all
+      AnalyticsPlugin::PageView.not_page_loaded.delete_all
+      # delete_all does not work here
+      AnalyticsPlugin::Visit.without_page_views.destroy_all
+    end
+  end
+
 end
+
+Browser::Bot.detect_empty_ua!
@@ -3,6 +3,7 @@ class AnalyticsPlugin::Base &lt; Noosfero::Plugin
  
   def body_ending
     return unless profile and profile.analytics_enabled?
+    return if @analytics_skip_page_view
     lambda do
       render 'analytics_plugin/body_ending'
     end
@@ -12,6 +13,7 @@ class AnalyticsPlugin::Base &lt; Noosfero::Plugin
     ['analytics'].map{ |j| "javascripts/#{j}" }
   end
  
+  # FIXME: not reloading on development, need server restart
   def application_controller_filters
     [{
       type: 'around_filter', options: {}, block: -> &block do
@@ -23,15 +25,12 @@ class AnalyticsPlugin::Base &lt; Noosfero::Plugin
         return unless profile and profile.analytics_enabled?
  
         Noosfero::Scheduler::Defer.later 'analytics: register page view' do
-          page_view = profile.page_views.build request: request, profile_id: profile,
+          page_view = profile.page_views.build request: request, profile_id: profile.id,
             request_started_at: request_started_at, request_finished_at: request_finished_at
-
           unless profile.analytics_anonymous?
-            session_id = session.id
             page_view.user = user
-            page_view.session_id = session_id
+            page_view.session_id = session.id
           end
-
           page_view.save!
         end
       end,
@@ -39,6 +38,7 @@ class AnalyticsPlugin::Base &lt; Noosfero::Plugin
   end
  
   def control_panel_buttons
+    return unless user.is_admin? environment
     {
       title: I18n.t('analytics_plugin.lib.plugin.panel_button'),
       icon: 'analytics-access',
 require_dependency 'profile'
-require_dependency 'community'
  
-([Profile] + Profile.descendants).each do |subclass|
-subclass.class_eval do
+class Profile
  
-  has_many :visits, foreign_key: :profile_id, class_name: 'AnalyticsPlugin::Visit'
-  has_many :page_views, foreign_key: :profile_id, class_name: 'AnalyticsPlugin::PageView'
+  has_many :users_visits, -> { latest.with_users_page_views }, foreign_key: :profile_id, class_name: 'AnalyticsPlugin::Visit'
  
-end
-end
+  has_many :visits, -> { latest.eager_load :page_views }, foreign_key: :profile_id, class_name: 'AnalyticsPlugin::Visit'
+  has_many :page_views, foreign_key: :profile_id, class_name: 'AnalyticsPlugin::PageView'
  
-class Profile
+  has_many :user_visits, -> { latest.eager_load :page_views }, foreign_key: :user_id, class_name: 'AnalyticsPlugin::PageView'
+  has_many :user_page_views, foreign_key: :user_id, class_name: 'AnalyticsPlugin::PageView'
  
   def analytics_settings attrs = {}
     @analytics_settings ||= Noosfero::Plugin::Settings.new self, ::AnalyticsPlugin, attrs
@@ -9,10 +9,14 @@ en: &amp;en
  
     views:
       stats:
+        enable: "Enable tracking on the profile '%{profile}'"
+        anonymous: "Don't associate users' login"
+        config_save: "Configuration saved"
         user: 'User'
         initial_time: 'Time'
+        ip: 'IP'
         pages: 'Pages'
  
-en-US:
+en_US:
   <<: *en
  
@@ -9,9 +9,14 @@ pt: &amp;pt
  
     views:
       stats:
+        enable: "Ativar rastreio no perfil '%{profile}'"
+        anonymous: "Não associar login de usuários"
+        config_save: "Configuração salva"
         user: 'Usuário'
         initial_time: 'Horário'
+        ip: 'IP'
         pages: 'Páginas'
  
-pt-BR:
+pt_BR:
   <<: *pt
+
@@ -8,24 +8,37 @@ class AnalyticsPlugin::PageView &lt; ApplicationRecord
   attr_accessor :request
   attr_accessible :request
  
+  extend ActsAsHavingSettings::ClassMethods
   acts_as_having_settings field: :options
  
-  belongs_to :visit, class_name: 'AnalyticsPlugin::Visit'
-  belongs_to :referer_page_view, class_name: 'AnalyticsPlugin::PageView'
+  belongs_to :profile, validate: true
+  belongs_to :visit, class_name: 'AnalyticsPlugin::Visit', touch: true, validate: true
  
-  belongs_to :user, class_name: 'Person'
-  belongs_to :session, primary_key: :session_id, foreign_key: :session_id, class_name: 'Session'
-  belongs_to :profile
+  belongs_to :referer_page_view, class_name: 'AnalyticsPlugin::PageView', validate: false
  
-  validates_presence_of :visit
-  validates_presence_of :request, on: :create
-  validates_presence_of :url
+  belongs_to :user, class_name: 'Person', validate: false
+  belongs_to :session, primary_key: :session_id, foreign_key: :session_id, class_name: 'Session', validate: false
+
+  validates :request, presence: true, on: :create
+  validates :url, presence: true
  
   before_validation :extract_request_data, on: :create
   before_validation :fill_referer_page_view, on: :create
   before_validation :fill_visit, on: :create
+  before_validation :fill_is_bot, on: :create
+
+  after_update :destroy_empty_visit
+  after_destroy :destroy_empty_visit
+
+  scope :in_sequence, -> { order 'analytics_plugin_page_views.request_started_at ASC' }
+
+  scope :page_loaded, -> { where 'analytics_plugin_page_views.page_loaded_at IS NOT NULL' }
+  scope :not_page_loaded, -> { where 'analytics_plugin_page_views.page_loaded_at IS NULL' }
  
-  scope :latest, -> { order 'request_started_at DESC' }
+  scope :no_bots, -> { where.not is_bot: true }
+  scope :bots, -> { where is_bot: true }
+
+  scope :loaded_users, -> { in_sequence.page_loaded.no_bots }
  
   def request_duration
     self.request_finished_at - self.request_started_at
@@ -43,8 +56,8 @@ class AnalyticsPlugin::PageView &lt; ApplicationRecord
     Time.now < self.user_last_time_seen + AnalyticsPlugin::TimeOnPageUpdateInterval
   end
  
-  def page_load!
-    self.page_loaded_at = Time.now
+  def page_load! time
+    self.page_loaded_at = time
     self.update_column :page_loaded_at, self.page_loaded_at
   end
  
@@ -56,6 +69,16 @@ class AnalyticsPlugin::PageView &lt; ApplicationRecord
     self.update_column :time_on_page, self.time_on_page
   end
  
+  def find_referer_page_view
+    return if self.referer_url.blank?
+    AnalyticsPlugin::PageView.order('request_started_at DESC').
+      where(url: self.referer_url, session_id: self.session_id, user_id: self.user_id, profile_id: self.profile_id).first
+  end
+
+  def browser
+    @browser ||= Browser.new self.user_agent
+  end
+
   protected
  
   def extract_request_data
@@ -64,16 +87,29 @@ class AnalyticsPlugin::PageView &lt; ApplicationRecord
     self.user_agent = self.request.headers['User-Agent']
     self.request_id = self.request.env['action_dispatch.request_id']
     self.remote_ip = self.request.remote_ip
+    true
   end
  
   def fill_referer_page_view
-    self.referer_page_view = AnalyticsPlugin::PageView.order('request_started_at DESC').
-      where(url: self.referer_url, session_id: self.session_id, user_id: self.user_id, profile_id: self.profile_id).first if self.referer_url.present?
+    self.referer_page_view = self.find_referer_page_view
+    true
   end
  
   def fill_visit
     self.visit = self.referer_page_view.visit if self.referer_page_view and self.referer_page_view.user_on_page?
     self.visit ||= AnalyticsPlugin::Visit.new profile: profile
+    true
+  end
+
+  def fill_is_bot
+    self.is_bot = self.browser.bot?
+    true
+  end
+
+  def destroy_empty_visit
+    return unless self.visit_id_changed?
+    old_visit = AnalyticsPlugin::Visit.find self.visit_id_was
+    old_visit.destroy if old_visit.page_views.empty?
   end
  
 end
@@ -5,10 +5,16 @@ class AnalyticsPlugin::Visit &lt; ApplicationRecord
  
   belongs_to :profile
   has_many :page_views, class_name: 'AnalyticsPlugin::PageView', dependent: :destroy
+  has_many :users_page_views, -> { loaded_users }, class_name: 'AnalyticsPlugin::PageView', dependent: :destroy
  
-  default_scope -> { joins(:page_views).includes :page_views }
+  scope :latest, -> { order 'updated_at DESC' }
  
-  scope :latest, -> { order 'analytics_plugin_page_views.request_started_at DESC' }
+  scope :with_users_page_views, -> {
+    eager_load(:users_page_views).where.not analytics_plugin_page_views: {visit_id: nil}
+  }
+  scope :without_page_views, -> {
+    eager_load(:page_views).where analytics_plugin_page_views: {visit_id: nil}
+  }
  
   def first_page_view
     self.page_views.first
 analytics = {
+
+  t: function (key, options) {
+    return I18n.t(key, $.extend(options, {scope: 'analytics_plugin'}))
+  },
+
   requestId: '',
  
   timeOnPage: {
@@ -27,7 +32,7 @@ analytics = {
  
   pageLoad: function() {
     $.ajax(analytics.timeOnPage.baseUrl+'/page_load', {
-      type: 'POST', data: {id: analytics.requestId},
+      type: 'POST', data: {id: analytics.requestId, title: document.title, time: Math.floor(Date.now()/1000)},
       success: function(data) {
       },
     });
@@ -0,0 +1,33 @@
+analytics-settings
+  .checkbox
+    label name='enabled'
+      input type='checkbox' name='enabled' value='1' checked='{settings.enabled}' onchange='{toggleEnabled}'
+      |{anl.t('views.stats.enable', {profile: noosfero.profile})}
+
+  .checkbox if='{settings.enabled}'
+    label name='anonymous'
+      input type='checkbox' name='anonymous' value='1' checked='{settings.anonymous}' onchange='{toggleAnonymous}'
+      |{anl.t('views.stats.anonymous')}
+
+  javascript:
+    this.anl = window.analytics
+    this.settings = opts.settings
+    this.updateUrl = Routes.analytics_plugin_stats_path({profile: noosfero.profile, action: 'edit'})
+
+    toggleEnabled (e) {
+      this.settings.enabled = !this.settings.enabled
+      this.update()
+      this.save(e)
+    }
+    toggleAnonymous (e) {
+      this.settings.anonymous = !this.settings.anonymous
+      this.save(e)
+    }
+
+    save (e) {
+      var self = this
+      $.post(this.updateUrl, {analytics_settings: this.settings}, function() {
+        display_notice(self.anl.t('views.stats.config_save'))
+      })
+    }
+
@@ -5,8 +5,6 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ContentViewerController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @environment = Environment.default
     @environment.enabled_plugins += ['AnalyticsPlugin']
@@ -37,7 +35,7 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
     @request.env['HTTP_REFERER'] = first_url
     get :view_page, profile: @community.identifier, page: @community.articles.last.path.split('/')
     assert_equal 2, @community.page_views.count
-    assert_equal 2, @community.visits.count
+    assert_equal 1, @community.visits.count
  
     second_page_view = @community.page_views.order(:id).last
     assert_equal first_page_view, second_page_view.referer_page_view
@@ -48,7 +46,7 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
     future = Time.now + 2*AnalyticsPlugin::TimeOnPageUpdateInterval
     Time.stubs(:now).returns(future)
     get :view_page, profile: @community.identifier, page: @community.articles.last.path.split('/')
-    assert_equal 3, @community.visits.count
+    assert_equal 2, @community.visits.count
   end
  
 end
  
-table#analytics-stats.table data-toggle='table' data-striped='true' data-sortable='true' data-icons-prefix='fa'
-  thead
-    - unless profile.analytics_anonymous?
+.table-responsive
+  table#analytics-stats.table data-toggle='table' data-striped='true' data-sortable='true' data-icons-prefix='fa'
+    thead
       th= t'analytics_plugin.views.stats.user'
-    th= t'analytics_plugin.views.stats.initial_time'
-    th= t'analytics_plugin.views.stats.pages'
+      th= t'analytics_plugin.views.stats.initial_time'
+      th= t'analytics_plugin.views.stats.ip'
+      th= t'analytics_plugin.views.stats.pages'
  
-  tbody
-    - profile.visits.each do |visit|
-      tr
-        td= link_to visit.user.name, visit.user.url
-        td
-          div data-toggle="tooltip" data-title='#{l visit.initial_time}'
-            = time_ago_in_words(visit.initial_time)
-            |&nbsp
-            = _'ago'
-        td
-          - visit.page_views.each do |page_view|
-            = link_to page_view.url, page_view.url
-            |&nbsp;
-            = "(#{distance_of_time_in_words page_view.time_on_page})"
-            |&nbsp;->&nbsp;
+    tbody
+      - visits.each do |visit|
+        tr data-visit-id='#{visit.id}'
+          td= link_to visit.user.name, visit.user.url if visit.user
+          td
+            div data-toggle="tooltip" data-title='#{l visit.initial_time}'
+              = time_ago_in_words visit.initial_time
+              |&nbsp
+              = _'ago'
+          td= visit.users_page_views.first.remote_ip
+          td
+            ol
+              - visit.users_page_views.each do |page_view|
+                li
+                  = link_to (if page_view.title.present? then page_view.title else page_view.url end), page_view.url, target: '_blank'
+                  |&nbsp;
+                  = "(#{distance_of_time_in_words page_view.time_on_page})"
  
 javascript:
   $('#analytics-stats').bootstrapTable({
     striped: true,
-    columns: [
-      {sortable: true},
-      {sortable: true},
-      {sortable: true},
-    ],
   })
  
   $(document).ready(function() {
-- content_for :head
-  = javascript_include_tag 'https://cdnjs.cloudflare.com/ajax/libs/bootstrap-table/1.8.1/bootstrap-table-all.min.js'
-  = stylesheet_link_tag 'https://cdnjs.cloudflare.com/ajax/libs/bootstrap-table/1.8.1/bootstrap-table.css'
+= render 'shared/bootstrap_table'
+
+= button :back, _('Back to control panel'), controller: 'profile_editor'
+
+= js_translations_include plugin: :analytics
+= javascript_include_tag 'plugins/analytics/javascripts/views/settings'
+analytics-settings data-opts="#{CGI.escapeHTML({settings: {enabled: profile.analytics_settings.enabled, anonymous: profile.analytics_settings.anonymous}}.to_json)}" data-riot=''
+/ needs html_safe to work
+/= riot_component :analytics_settings, settings: {enabled: profile.analytics_settings.enabled, anonymous: profile.analytics_settings.anonymous}
+
+= render 'table', visits: profile.users_visits.limit(50)
  
-= render 'table'
@@ -5,8 +5,6 @@ class CommentGroupPluginProfileControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = CommentGroupPluginProfileController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @profile = create_user('testuser').person
     @article = profile.articles.build(:name => 'test')
@@ -5,8 +5,6 @@ class CommentGroupPluginPublicControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = CommentGroupPluginPublicController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @profile = create_user('testuser').person
     @article = profile.articles.build(:name => 'test')
@@ -71,7 +71,7 @@ module CustomFormsPlugin::Helper
   def display_custom_field(field, submission, form)
     sanitized_name = ActionView::Base.white_list_sanitizer.sanitize field.name
     answer = submission.answers.select{|answer| answer.field == field}.first
-    field_tag = send("display_#{type_for_options(field.class)}",field, answer, form)
+    field_tag = send("display_#{type_for_options(field.class)}",field, answer, form).html_safe
     if field.mandatory? && submission.id.nil?
       required(labelled_form_field(sanitized_name, field_tag))
     else
@@ -4,8 +4,7 @@ require_relative &#39;../../controllers/custom_forms_plugin_myprofile_controller&#39;
 class CustomFormsPluginMyprofileControllerTest < ActionController::TestCase
   def setup
     @controller = CustomFormsPluginMyprofileController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @profile = create_user('profile').person
     login_as(@profile.identifier)
     environment = Environment.default
@@ -4,8 +4,7 @@ require_relative &#39;../../controllers/custom_forms_plugin_profile_controller&#39;
 class CustomFormsPluginProfileControllerTest < ActionController::TestCase
   def setup
     @controller = CustomFormsPluginProfileController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @profile = create_user('profile').person
     login_as(@profile.identifier)
     environment = Environment.default
@@ -12,7 +12,7 @@
   <%= f.hidden_field(:position) %>
  
   <%= f.hidden_field :_destroy, :class => 'destroy-field' %>
-  <%= button_to_function :delete, _('Remove field'), "customFormsPlugin.removeFieldBox(this, #{CGI::escapeHTML(_('Are you sure you want to remove this field?').to_json)})" %>
+  <%= button_to_function :delete, _('Remove field'), "customFormsPlugin.removeFieldBox(this, #{_('Are you sure you want to remove this field?').to_json})" %>
   <%= yield %>
 </div>
 </fieldset>
@@ -51,8 +51,8 @@
 </ul>
  
 <div class="addition-buttons">
-  <%= button(:add, _('Add a new text field'), '#', :onclick => "customFormsPlugin.addFields(this, 'fields', #{CGI::escapeHTML(html_for_field(f, :fields, CustomFormsPlugin::TextField).to_json)}); return false")%>
-  <%= button(:add, _('Add a new select field'), '#', :onclick => "customFormsPlugin.addFields(this, 'fields', #{CGI::escapeHTML(html_for_field(f, :fields, CustomFormsPlugin::SelectField).to_json)}); return false")%>
+  <%= button(:add, _('Add a new text field'), '#', :onclick => "customFormsPlugin.addFields(this, 'fields', #{html_for_field(f, :fields, CustomFormsPlugin::TextField).to_json}); return false")%>
+  <%= button(:add, _('Add a new select field'), '#', :onclick => "customFormsPlugin.addFields(this, 'fields', #{html_for_field(f, :fields, CustomFormsPlugin::SelectField).to_json}); return false")%>
 </div>
  
 <%= button_bar do %>
@@ -7,6 +7,6 @@
  
   <td>
     <%= f.hidden_field :_destroy, :class => 'destroy-field' %>
-    <%= button_to_function_without_text :remove, _('Remove alternative'), "customFormsPlugin.removeAlternative(this, #{CGI::escapeHTML(_('Are you sure you want to remove this alternative?').to_json)})", :class => 'remove-field', :title => _('Remove alternative') %>
+    <%= button_to_function_without_text :remove, _('Remove alternative'), "customFormsPlugin.removeAlternative(this, #{_('Are you sure you want to remove this alternative?').to_json})", :class => 'remove-field', :title => _('Remove alternative') %>
   </td>
 </tr>
@@ -22,7 +22,7 @@
     <tfoot>
     <tr class="addition-buttons">
       <td colspan="3">
-      <%= button(:add, _('Add a new alternative'), '#', :onclick => "customFormsPlugin.addFields(this, 'alternatives', #{CGI::escapeHTML(html_for_field(f, :alternatives, CustomFormsPlugin::Alternative).to_json)}); return false") %>
+      <%= button(:add, _('Add a new alternative'), '#', :onclick => "customFormsPlugin.addFields(this, 'alternatives', #{html_for_field(f, :alternatives, CustomFormsPlugin::Alternative).to_json}); return false") %>
       </td>
     </tr>
     </tfoot>
 <div id="custom-forms-plugin_submission">
  
 <h1><%= @form.name %></h1>
-<p><%= @form.description %></p>
+<p><%= (@form.description || "").html_safe %></p>
  
 <% if @submission.id.nil? %>
   <% if @form.expired? %>
 <% self.extend(CustomFormsPlugin::Helper) %>
  
 <% @form.fields.each do |field| %>
-  <%= display_custom_field(field, @submission, f.object_name) %>
+  <%= display_custom_field(field, @submission, f.object_name).html_safe %>
 <% end %>
@@ -5,8 +5,6 @@ class DisplayContentPluginAdminControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = DisplayContentPluginAdminController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @environment = Environment.default
     user_login = create_admin_user(@environment)
@@ -5,8 +5,6 @@ class DisplayContentPluginMyprofileControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = DisplayContentPluginMyprofileController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     user = create_user('testinguser')
     login_as(user.login)
@@ -7,8 +7,7 @@ class AccountControllerTest &lt; ActionDispatch::IntegrationTest
  
   def setup
     @controller = AccountController.new
-    @request = ActionController::TestRequest.new
-    @response = ActionController::TestResponse.new
+    @request    = ActionController::TestRequest.new
  
     e = Environment.default
     e.enable 'skip_new_user_email_confirmation', true
@@ -9,6 +9,7 @@ class FbAppPlugin::PageTab &lt; ApplicationRecord
  
   belongs_to :owner_profile, foreign_key: :profile_id, class_name: 'Profile'
  
+  extend ActsAsHavingSettings::ClassMethods
   acts_as_having_settings field: :config
  
   ConfigTypes = [:profile, :profiles, :query]
@@ -5,8 +5,7 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ProfileEditorController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @profile = create_user('default_user').person
     login_as(@profile.identifier)
     Environment.default.enable_plugin(GoogleAnalyticsPlugin.name)
@@ -5,8 +5,6 @@ class GoogleCsePluginControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = GoogleCsePluginController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
   end
  
   should 'get results page' do
@@ -7,8 +7,6 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ContentViewerController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @profile = create_user('testinguser').person
     @environment = @profile.environment
@@ -4,8 +4,6 @@ class AccountControllerPluginTest &lt; ActionController::TestCase
  
   def setup
     @controller = AccountController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @environment = Environment.default
     @environment.enabled_plugins = ['LdapPlugin']
@@ -4,8 +4,7 @@ require_relative &#39;../../controllers/mark_comment_as_read_plugin_profile_controll
 class MarkCommentAsReadPluginProfileControllerTest < ActionController::TestCase
   def setup
     @controller = MarkCommentAsReadPluginProfileController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @profile = create_user('profile').person
     @article = TinyMceArticle.create!(:profile => @profile, :name => 'An article')
     @comment = Comment.new(:source => @article, :author => @profile, :body => 'test')
@@ -6,8 +6,6 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ContentViewerController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @profile = create_user('testinguser').person
     @environment = @profile.environment
@@ -5,8 +5,6 @@ class HomeControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = HomeController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @environment = Environment.default
     @environment.enabled_plugins += ['MetadataPlugin']
@@ -6,8 +6,6 @@ if defined? ProductsPlugin
  
       def setup
         @controller = PageController.new
-        @request    = ActionController::TestRequest.new
-        @response   = ActionController::TestResponse.new
         @enterprise = fast_create(Enterprise, name: 'test', identifier: 'test_ent')
         @user = create_user_with_permission('test_user', 'manage_products', @enterprise)
         login_as :test_user
@@ -167,6 +167,7 @@ class NewsletterPlugin::Newsletter &lt; ApplicationRecord
     end
   end
  
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
  
   def last_send_at
@@ -4,8 +4,6 @@ class NewsletterPluginAdminControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = NewsletterPluginAdminController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @admin = create_user('admin_newsletter').person
     @environment = @admin.environment
@@ -4,8 +4,7 @@ class NewsletterPluginControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = NewsletterPluginController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     environment = fast_create(Environment)
     environment.enable_plugin(NewsletterPlugin)
     @controller.stubs(:environment).returns(environment)
@@ -10,6 +10,7 @@ class OauthClientPlugin::Auth &lt; ApplicationRecord
   validates_presence_of :provider
   validates_uniqueness_of :profile_id, scope: :provider_id
  
+  extend ActsAsHavingSettings::ClassMethods
   acts_as_having_settings field: :data
  
   def expires_in
@@ -4,7 +4,10 @@ class OauthClientPlugin::Provider &lt; ApplicationRecord
  
   validates_presence_of :name, :strategy
  
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
+
+  extend ActsAsHavingSettings::ClassMethods
   acts_as_having_settings field: :options
  
   settings_items :site, type: String
@@ -16,6 +19,4 @@ class OauthClientPlugin::Provider &lt; ApplicationRecord
  
   scope :enabled, -> { where enabled: true }
  
-  acts_as_having_image
-
 end
-gem 'doorkeeper', '~> 1.4.0'
+gem 'doorkeeper', '~> 2.2.0'
@@ -2,7 +2,8 @@ module Doorkeeper
   class ApplicationController < ApplicationController
  
     include Helpers::Controller
-    helper 'doorkeeper/form_errors'
+
+    helper 'doorkeeper/dashboard'
  
   end
 end
@@ -0,0 +1,54 @@
+module Doorkeeper
+  class ApplicationsController < Doorkeeper::ApplicationController
+    layout 'doorkeeper/admin'
+
+    before_action :authenticate_admin!
+    before_action :set_application, only: [:show, :edit, :update, :destroy]
+
+    def index
+      @applications = Application.all
+    end
+
+    def new
+      @application = Application.new
+    end
+
+    def create
+      @application = Application.new(application_params)
+      if @application.save
+        flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create])
+        redirect_to oauth_application_url(@application)
+      else
+        render :new
+      end
+    end
+
+    def update
+      if @application.update_attributes(application_params)
+        flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :update])
+        redirect_to oauth_application_url(@application)
+      else
+        render :edit
+      end
+    end
+
+    def destroy
+      flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :destroy]) if @application.destroy
+      redirect_to oauth_applications_url
+    end
+
+    private
+
+    def set_application
+      @application = Application.find(params[:id])
+    end
+
+    def application_params
+      if params.respond_to?(:permit)
+        params.require(:doorkeeper_application).permit(:name, :redirect_uri, :scopes)
+      else
+        params[:doorkeeper_application].slice(:name, :redirect_uri, :scopes) rescue nil
+      end
+    end
+  end
+end
@@ -6,4 +6,7 @@ class OauthProviderAuthorizationsController &lt; Doorkeeper::AuthorizationsControll
   def index
   end
  
+  def show
+  end
+
 end
@@ -1,41 +0,0 @@
-class CreateDoorkeeperTables < ActiveRecord::Migration
-  def change
-    create_table :oauth_applications do |t|
-      t.string  :name,         null: false
-      t.string  :uid,          null: false
-      t.string  :secret,       null: false
-      t.text    :redirect_uri, null: false
-      t.timestamps
-    end
-
-    add_index :oauth_applications, :uid, unique: true
-
-    create_table :oauth_access_grants do |t|
-      t.integer  :resource_owner_id, null: false
-      t.integer  :application_id,    null: false
-      t.string   :token,             null: false
-      t.integer  :expires_in,        null: false
-      t.text     :redirect_uri,      null: false
-      t.datetime :created_at,        null: false
-      t.datetime :revoked_at
-      t.string   :scopes
-    end
-
-    add_index :oauth_access_grants, :token, unique: true
-
-    create_table :oauth_access_tokens do |t|
-      t.integer  :resource_owner_id
-      t.integer  :application_id
-      t.string   :token,             null: false
-      t.string   :refresh_token
-      t.integer  :expires_in
-      t.datetime :revoked_at
-      t.datetime :created_at,        null: false
-      t.string   :scopes
-    end
-
-    add_index :oauth_access_tokens, :token, unique: true
-    add_index :oauth_access_tokens, :resource_owner_id
-    add_index :oauth_access_tokens, :refresh_token, unique: true
-  end
-end
@@ -0,0 +1,42 @@
+class CreateDoorkeeperTables < ActiveRecord::Migration
+  def change
+    create_table :oauth_applications do |t|
+      t.string  :name,         null: false
+      t.string  :uid,          null: false
+      t.string  :secret,       null: false
+      t.text    :redirect_uri, null: false
+      t.string  :scopes,       null: false, default: ''
+      t.timestamps
+    end
+
+    add_index :oauth_applications, :uid, unique: true
+
+    create_table :oauth_access_grants do |t|
+      t.integer  :resource_owner_id, null: false
+      t.integer  :application_id,    null: false
+      t.string   :token,             null: false
+      t.integer  :expires_in,        null: false
+      t.text     :redirect_uri,      null: false
+      t.datetime :created_at,        null: false
+      t.datetime :revoked_at
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_grants, :token, unique: true
+
+    create_table :oauth_access_tokens do |t|
+      t.integer  :resource_owner_id
+      t.integer  :application_id
+      t.string   :token,             null: false
+      t.string   :refresh_token
+      t.integer  :expires_in
+      t.datetime :revoked_at
+      t.datetime :created_at,        null: false
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_tokens, :token, unique: true
+    add_index :oauth_access_tokens, :resource_owner_id
+    add_index :oauth_access_tokens, :refresh_token, unique: true
+  end
+end
 <%- submit_btn_css ||= 'btn btn-link' %>
-<%= form_tag [:oauth, application] do %>
+<%= form_tag oauth_application_path(application) do %>
   <input type="hidden" name="_method" value="delete">
-  <%= submit_tag 'Destroy', onclick: "return confirm('Are you sure?')", class: submit_btn_css %>
+  <%= submit_tag t('doorkeeper.applications.buttons.destroy'), onclick: "return confirm('#{ t('doorkeeper.applications.confirmations.destroy') }')", class: submit_btn_css %>
 <% end %>
-<%= form_for [:oauth, application], html: {class: 'form-horizontal', role: 'form'} do |f| %>
+<%= form_for application, url: doorkeeper_submit_path(application),  html: {class: 'form-horizontal', role: 'form'} do |f| %>
   <% if application.errors.any? %>
     <div class="alert alert-danger" data-alert>
       <p><%= _('Whoops! Check your form for possible errors') %></p>
@@ -17,15 +17,15 @@
   <tbody>
   <% @applications.each do |application| %>
     <tr id="application_<%= application.id %>">
-      <td><%= link_to application.name, [:oauth, application] %></td>
+      <td><%= link_to application.name, oauth_application_path(application) %></td>
       <td><%= application.redirect_uri %></td>
-      <td><%= link_to _('Edit'), edit_oauth_application_path(application), class: 'btn btn-link' %></td>
+      <td><%= link_to t('doorkeeper.applications.buttons.edit'), edit_oauth_application_path(application), class: 'btn btn-link' %></td>
       <td><%= render 'delete_form', application: application %></td>
     </tr>
   <% end %>
   </tbody>
 </table>
-<div class="actions">
+<div class="actions" style="padding-top: 5px;">
   <%= button(:back, _('Go back'), {:controller => 'oauth_provider_plugin_admin', :action => 'index'}) %>
 </div>
 </div>
@@ -20,7 +20,8 @@
           <td>
             <code><%= uri %></code>
           </td>
-          <td>
+           <td>
+            <%= link_to t('doorkeeper.applications.buttons.authorize'), oauth_authorization_path(client_id: @application.uid, redirect_uri: uri, response_type: 'code', scope: @application.scopes), class: 'btn btn-success', target: '_blank' %>
           </td>
         </tr>
       <% end %>
@@ -6,16 +6,16 @@
  
 <main role="main">
   <p class="h4">
-  <%= _('Authorize %s to use your account?') % "<strong class=\"text-info\">#{@pre_auth.client.name}</strong>" %>
+  <%= raw _('Authorize %s to use your account?') % "<strong class=\"text-info\">#{@pre_auth.client.name}</strong>" %>
   </p>
  
-  <% if @pre_auth.scopes %>
+  <% if @pre_auth.scopes.count > 0 %>
     <div id="oauth-permissions">
       <p><%= _('This application will be able to:') %></p>
  
       <ul class="text-info">
         <% @pre_auth.scopes.each do |scope| %>
-          <li><%= OauthProviderPlugin::SCOPE_TRANSLATION[scope] %></li>
+          <li><%= t scope, scope: [:doorkeeper, :scopes] %></li>
         <% end %>
       </ul>
     </div>
@@ -25,7 +25,7 @@
   </table>
 </main>
  
-<div class="actions">
+<div class="actions" style="padding-top: 5px;">
   <%= button(:back, _('Go back'), :back) %>
 </div>
 </div>
@@ -8,8 +8,7 @@ class OpenGraphPlugin::MyprofileControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = OpenGraphPlugin::MyprofileController.new
-    @request = ActionController::TestRequest.new
-    @response = ActionController::TestResponse.new
+
     @actor = create_user.person
   end
  
@@ -14,6 +14,12 @@ class CreateOrganizationRatingComment &lt; Task
     settings_items field.to_sym
   end
  
+  scope :with_rating, -> (user_rating){
+    CreateOrganizationRatingComment.find_each do |task|
+      return task if(task.organization_rating_id == user_rating.id)
+    end
+  }
+
   def perform
     if (self.body && !self.body.blank?)
       comment = Comment.create!(:source => self.target, :body => self.body, :author => self.requestor)
@@ -8,8 +8,6 @@ class OrganizationRatingsPluginAdminControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = OrganizationRatingsPluginAdminController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @environment = Environment.default
     @environment.enabled_plugins = ['OrganizationRatingsPlugin']
@@ -8,8 +8,6 @@ class OrganizationRatingsPluginProfileControllerTest &lt; ActionController::TestCas
  
   def setup
     @controller = OrganizationRatingsPluginProfileController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @environment = Environment.default
     @environment.enabled_plugins = ['OrganizationRatingsPlugin']
@@ -148,6 +146,39 @@ class OrganizationRatingsPluginProfileControllerTest &lt; ActionController::TestCas
  
     get :new_rating, profile: @community.identifier
     assert_tag :tag => 'p', :content => /Report waiting for approval/, :attributes => {:class =>/moderation-msg/}
+    assert_tag :tag => 'p', :attributes => {:class =>/comment-body/}
+  end
+
+  test "display rejected comment to env admin" do
+    post :new_rating, profile: @community.identifier, :comments => {:body => "rejected comment"}, :organization_rating_value => 3
+
+    @admin = create_admin_user(@environment)
+    login_as @admin
+    @controller.stubs(:current_user).returns(Profile[@admin].user)
+
+    CreateOrganizationRatingComment.last.cancel
+
+    get :new_rating, profile: @community.identifier
+    assert_tag :tag => 'p', :attributes => {:class =>/comment-body/}, :content => /rejected comment/
+  end
+
+  test "not display rejected comment to regular user" do
+    p1 = create_user('regularUser').person
+    @community.add_member p1
+    login_as(p1.identifier)
+    @controller.stubs(:logged_in?).returns(true)
+    @controller.stubs(:current_user).returns(p1.user)
+
+    post :new_rating, profile: @community.identifier, :comments => {:body => "rejected comment"}, :organization_rating_value => 3
+    CreateOrganizationRatingComment.last.cancel
+    get :new_rating, profile: @community.identifier
+    assert_no_tag :tag => 'p', :attributes => {:class =>/comment-body/}
+  end
+
+  test "not display rejected comment to community admin" do
+    post :new_rating, profile: @community.identifier, :comments => {:body => "rejected comment"}, :organization_rating_value => 3
+    CreateOrganizationRatingComment.last.cancel
+    get :new_rating, profile: @community.identifier
     assert_no_tag :tag => 'p', :attributes => {:class =>/comment-body/}
   end
  
@@ -29,6 +29,9 @@
       <%= status_message_for(user, user_rate) %>
       <% if user_rate.comment.present? %>
         <p class="comment-body"> <%= user_rate.comment.body %> </p>
+      <% elsif user && user.is_admin? %>
+        <% rating_task = CreateOrganizationRatingComment.with_rating(user_rate) %>
+        <p class="comment-body"> <%= rating_task.body %> </p>
       <% end %>
     </div>
     <%= @plugins.dispatch(:organization_ratings_plugin_container_extra_fields, user_rate).collect { |content| instance_exec(&content) }.join("") %>
@@ -4,8 +4,7 @@ class EnvironmentDesignControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = EnvironmentDesignController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     Noosfero::Plugin::Manager.any_instance.stubs(:enabled_plugins).returns([PeopleBlockPlugin.new])
   end
  
@@ -4,8 +4,7 @@ class ProfileDesignControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ProfileDesignController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     Noosfero::Plugin::Manager.any_instance.stubs(:enabled_plugins).returns([PeopleBlockPlugin.new])
   end
  
@@ -4,8 +4,7 @@ class ProfileControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ProfileController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     Noosfero::Plugin::Manager.any_instance.stubs(:enabled_plugins).returns([PeopleBlockPlugin.new])
   end
  
@@ -45,6 +45,7 @@ class ProductsPlugin::Product &lt; ApplicationRecord
   has_many :qualifiers, through: :product_qualifiers
   has_many :certifiers, through: :product_qualifiers
  
+  extend ActsAsHavingSettings::ClassMethods
   acts_as_having_settings field: :data
  
   track_actions :create_product, :after_create, keep_params: [:name, :url ], if: Proc.new { |a| a.is_trackable? }, custom_user: :action_tracker_user
@@ -129,6 +130,7 @@ class ProductsPlugin::Product &lt; ApplicationRecord
     image ? image.public_filename(size) : '/images/icons-app/product-default-pic-%s.png' % size
   end
  
+  extend ActsAsHavingImage::ClassMethods
   acts_as_having_image
  
   def save_image
@@ -0,0 +1,25 @@
+class RecentActivitiesPlugin < Noosfero::Plugin
+  def self.plugin_name
+    'RecentActivitiesPlugin'
+  end
+
+  def self.plugin_description
+    _('Adds a block that lists recent profile activity.')
+  end
+
+  def self.extra_blocks
+    {
+      RecentActivitiesPlugin::ActivitiesBlock => { type: [Community, Person] }
+    }
+  end
+
+  def self.has_admin_url?
+    false
+  end
+
+  def stylesheet?
+    true
+  end
+end
+
+ApplicationHelper.include ActionTrackerHelper
@@ -0,0 +1,46 @@
+class RecentActivitiesPlugin::ActivitiesBlock < Block
+  attr_accessible :limit
+  settings_items :limit, type: :integer, default: 5
+
+  def view_title
+    self.default_title 
+  end
+
+  def activities
+    activities = owner.activities.where(activity_type: ActionTracker::Record.to_s)
+    list = self.limit.nil? ? activities : activities.limit(self.get_limit)
+    list.map(&:activity)
+  end
+
+  def extra_option
+    { }
+  end
+
+  def self.description
+    _('Display the latest activities by the owner of the context where the block is available.')
+  end
+
+  def help
+    _('This block lists your latest activities. By default, any user that goes to your profile will be able to see all activities. Configure the "Display to users" option if you don\'t want that.')
+  end
+
+  def default_title
+    _('Recent activities')
+  end
+
+  def api_content
+    Api::Entities::Activity.represent(activities).as_json
+  end
+
+  def display_api_content_by_default?
+    false
+  end
+
+  def timeout
+    4.hours
+  end
+
+  def self.expire_on
+    { profile: [:article] }
+  end
+end
@@ -0,0 +1,29 @@
+.recent-activities-block ul {
+  padding: 0;
+}
+
+.recent-activities-block li {
+  list-style: none;
+  border-bottom: 1px solid #ccc;
+}
+
+.recent-activities-block time,
+.recent-activities-block p {
+  margin: 10px 0;
+}
+
+.recent-activities-block time {
+  display: block;
+  margin-bottom: 10px;
+  color: #ccc;
+}
+
+.recent-activities-block img {
+  padding: 1px;
+  border: 1px solid #ccc;
+  margin: 3px 3px 0 0;
+}
+
+.recent-activities-block p:first-letter {
+  text-transform: capitalize
+}
@@ -0,0 +1 @@
+require_relative '../../../test/test_helper'
@@ -0,0 +1,73 @@
+require_relative '../test_helper'
+
+class RecentActivitiesBlockTest < ActiveSupport::TestCase
+  should 'describe itself' do
+    assert_not_equal Block.description, RecentActivitiesPlugin::ActivitiesBlock.description
+  end
+
+  should 'is editable' do
+    block = RecentActivitiesPlugin::ActivitiesBlock.new
+    assert block.editable?
+  end
+
+  should 'return last activities' do
+    profile = create_user('testuser').person
+    a1 = fast_create(ActionTracker::Record, user_id: profile.id, created_at: Time.now, updated_at: Time.now)
+    a2 = fast_create(ActionTracker::Record, user_id: profile.id, created_at: Time.now, updated_at: Time.now)
+    ProfileActivity.create! profile_id: profile.id, activity: a1
+    ProfileActivity.create! profile_id: profile.id, activity: a2
+
+    block = RecentActivitiesPlugin::ActivitiesBlock.new
+    block.stubs(:owner).returns(profile)
+
+    assert_equal [a2, a1].map(&:id), block.activities.map(&:id)
+  end
+
+  should 'return last activities with limit' do
+    profile = create_user('testuser').person
+    a1 = fast_create(ActionTracker::Record, user_id: profile.id, created_at: Time.now, updated_at: Time.now)
+    a2 = fast_create(ActionTracker::Record, user_id: profile.id, created_at: Time.now, updated_at: Time.now)
+    ProfileActivity.create! profile_id: profile.id, activity: a1
+    ProfileActivity.create! profile_id: profile.id, activity: a2
+
+    block = RecentActivitiesPlugin::ActivitiesBlock.new
+    block.stubs(:owner).returns(profile)
+    block.limit = 1
+
+    assert_equal [a2].map(&:id), block.activities.map(&:id)
+  end
+
+  should 'return only action tracker records as activities' do
+    profile = create_user('testuser').person
+    friend = create_user('friend').person
+    scrap = create(Scrap, defaults_for_scrap(sender: friend, receiver: profile))
+    a1 = fast_create(ActionTracker::Record, user_id: profile.id, created_at: Time.now, updated_at: Time.now)
+    a2 = fast_create(ActionTracker::Record, user_id: profile.id, created_at: Time.now, updated_at: Time.now)
+    ProfileActivity.create! profile_id: profile.id, activity: a1
+    ProfileActivity.create! profile_id: profile.id, activity: a2
+
+    block = RecentActivitiesPlugin::ActivitiesBlock.new
+    block.stubs(:owner).returns(profile)
+
+    assert_equal [a2, a1, scrap], block.owner.activities.map(&:activity)
+    assert_equal [a2, a1], block.activities
+  end
+end
+
+require 'boxes_helper'
+
+class RecentActivitiesBlockViewTest < ActionView::TestCase
+  include BoxesHelper
+
+  should 'return activities in api_content' do
+    profile = create_user('testuser').person
+
+    a = fast_create(ActionTracker::Record, user_id: profile.id, created_at: Time.now, updated_at: Time.now)
+    ProfileActivity.create! profile_id: profile.id, activity: a
+
+    block = RecentActivitiesPlugin::ActivitiesBlock.new
+    block.stubs(:owner).returns(profile)
+
+    assert_equal [a.id], block.api_content['activities'].map{ |a| a[:id] }
+  end
+end
@@ -0,0 +1,16 @@
+<%= block_title(block.view_title, block.subtitle) %>
+
+<div class="recent-activities-block">
+  <% unless block.activities.size == 0 %>
+    <ul>
+      <% block.activities.each do |activity| %>
+        <li>
+          <p><%= describe(activity).html_safe %></p>
+          <time datetime="<%= activity.created_at %>"><%= time_ago_in_words(activity.created_at) %></time>
+        </li>
+      <% end %>
+    </ul>
+  <% else %>
+    <div class="recent-activities-block-none"><%= c_('None') %></div>
+  <% end %>
+</div>
@@ -0,0 +1,3 @@
+<div id="activities_block_plugin">
+  <%= labelled_form_field(_('Limit'), text_field(:block, :limit, size: 3)) %>
+</div>
@@ -0,0 +1 @@
+box_organizer/
 \ No newline at end of file
@@ -0,0 +1 @@
+box_organizer/
 \ No newline at end of file
@@ -8,8 +8,7 @@ class RelevantContentBlockTest &lt; ActiveSupport::TestCase
  
   def setup
     @controller = CommentController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @profile = create_user('testinguser').person
     @environment = @profile.environment
   end
@@ -9,8 +9,6 @@ class RelevantContentBlockTest &lt; ActiveSupport::TestCase
  
   def setup
     @controller = CommentController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @profile = create_user('testinguser').person
     @environment = @profile.environment
@@ -2,6 +2,8 @@ require &#39;test_helper&#39;
  
 class AccountControllerTest < ActionController::TestCase
   def setup
+    @controller = AccountController.new
+
     @environment = Environment.default
     @environment.enabled_plugins = ['RemoteUserPlugin']
     @environment.save
@@ -9,10 +11,6 @@ class AccountControllerTest &lt; ActionController::TestCase
     @another_environment = Environment.new(name: "AnotherEnvironment")
     @another_environment.enabled_plugins = ['RemoteUserPlugin']
     @another_environment.save
-
-    @controller = AccountController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
   end
  
   should 'not authenticate user if there is no remote user' do
@@ -10,7 +10,7 @@ li.dropdown
  
   ul class='dropdown-menu' role='menu'
     li
-      = link_to user.public_profile_url, id: "homepage-link", title: _('Go to your homepage')
+      = link_to user.url, id: 'homepage-link', title: _('Go to your homepage')
         span class='icon-person' = _('Profile')
     li.divider
  
@@ -2,6 +2,7 @@ OrdersPlugin.send :remove_const, :Item if defined? OrdersPlugin::Item
 OrdersPlugin.send :remove_const, :Order if defined? OrdersPlugin::Order
  
 class ShoppingCartPlugin::PurchaseOrder < ApplicationRecord
+  extend ActsAsHavingSettings::ClassMethods
   acts_as_having_settings field: :data
  
   module Status
@@ -5,8 +5,7 @@ class ShoppingCartPluginControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ShoppingCartPluginController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @profile = fast_create(Enterprise)
     @profile.contact_email = 'enterprise@noosfero.org';@profile.save
     @product = fast_create(Product, profile_id: @profile.id)
@@ -5,8 +5,6 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ContentViewerController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @profile = create_user('testinguser').person
     @environment = @profile.environment
@@ -4,14 +4,12 @@ require_relative &#39;../../lib/ext/facets_browse&#39;
 class SearchControllerTest < ActionController::TestCase
  
   def setup
+    @controller = SearchController.new
+
     TestSolr.enable
     p1 = File.join(RAILS_ROOT, 'app', 'views')
     p2 = File.join(File.dirname(__FILE__) + '/../../views')
     SearchController.append_view_path([p1,p2])
-    @controller = SearchController.new
-    @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(false)
-    @response   = ActionController::TestResponse.new
  
     @category = Category.create!(:name => 'my category', :environment => Environment.default)
  
@@ -2,14 +2,14 @@ class SpaminatorPlugin::Mailer &lt; Noosfero::Plugin::MailerBase
  
   include Rails.application.routes.url_helpers
   def inactive_person_notification(person)
+    @person = person
+    @environment = person.environment
+    @url = url_for(:host => person.default_hostname, :controller => 'account', :action => 'forgot_password')
     mail(
       :to => person.email,
       :from => "#{person.environment.name} <#{person.environment.noreply_email}>",
       :subject => _("[%s] You must reactivate your account.") % person.environment.name,
       :content_type => 'text/html',
-      :body => {:person => person,
-           :environment => person.environment,
-           :url => url_for(:host => person.default_hostname, :controller => 'account', :action => 'forgot_password')}
     )
   end
  
@@ -4,8 +4,7 @@ require_relative &#39;../../controllers/spaminator_plugin_admin_controller&#39;
 class SpaminatorPluginAdminControllerTest < ActionController::TestCase
   def setup
     @controller = SpaminatorPluginAdminController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @environment = Environment.default
     @settings = Noosfero::Plugin::Settings.new(@environment, SpaminatorPlugin)
     login_as(create_admin_user(@environment))
@@ -10,7 +10,7 @@
       <%= _('Due to the recent increase in the number of spams on %s, we decided to deactivate all inactive users on the network. It just happens that you are one of them! But there is no need to worry. Your account is completely preserved and if you want to reactivate it you just need to click on the following link and recover your password (since it was changed to a huge scramble of random characters):') % @environment.name %>
     </p>
     <p>
-      <%= @url %>
+      <a href="<%= @url %>"><%= @url %></a>
     </p>
     <p>
       <%= _("We are sorry that this procedure might bother you a lot, but it's necessary for the healthy of our network.") %>
@@ -19,8 +19,6 @@ class AccountControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = AccountController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
     StoaPlugin::UspUser.create!({:codpes => 12345678, :cpf => Digest::MD5.hexdigest(SALT+'12345678'), :birth_date => '1970-01-30'}, :without_protection => true)
     Environment.default.enable_plugin(StoaPlugin.name)
     @user = create_user('joao-stoa', {:password => 'pass', :password_confirmation => 'pass'},:usp_id=>'87654321')
@@ -5,8 +5,7 @@ class InviteControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = InviteController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     environment = Environment.default
     environment.enabled_plugins = ['StoaPlugin']
     environment.save!
@@ -7,8 +7,7 @@ class StoaPluginProfileEditorControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ProfileEditorController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @person = User.create(:login => 'test_user', :email => 'test_user@example.com', :password => 'test', :password_confirmation => 'test').person
     login_as(@person.identifier)
     Environment.default.enable_plugin(StoaPlugin.name)
@@ -7,8 +7,6 @@ class StoaPluginControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = StoaPluginController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
     ApplicationRecord.configurations['stoa'] = {:adapter => 'sqlite3', :database => ':memory:', :verbosity => 'quiet'}
     env = Environment.default
     env.enable_plugin(StoaPlugin.name)
@@ -7,8 +7,7 @@ class SubOrganizationsPluginMyprofileController; def rescue_action(e) raise e en
 class SubOrganizationsPluginMyprofileControllerTest < ActionController::TestCase
   def setup
     @controller = SubOrganizationsPluginMyprofileController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @organization = Organization.create!(:name => 'My Organization', :identifier => 'my-organization')
     @person = create_user('person').person
     @organization.add_admin(@person)
@@ -8,8 +8,7 @@ class SubOrganizationsPluginProfileControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = SubOrganizationsPluginProfileController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @organization = Organization.create!(:name => 'My Organization', :identifier => 'my-organization')
     @person = create_user('person').person
     @organization.add_admin(@person)
-require 'noosfero/translatable_content'
 require 'application_helper'
 require 'net/http'
  
@@ -12,8 +11,8 @@ class VideoPlugin::Video &lt; Article
   settings_items :video_format,      :type => :string
   settings_items :video_id,          :type => :string
   settings_items :video_thumbnail_url,    :type => :string, :default => '/plugins/video/images/video_generic_thumbnail.jpg'
-  settings_items :video_thumbnail_width,  :type=> :integer
-  settings_items :video_thumbnail_height, :type=> :integer
+  settings_items :video_thumbnail_width,  :type=> :integer, :default => 239
+  settings_items :video_thumbnail_height, :type=> :integer, :default => 210
   settings_items :video_duration, :type=> :integer, :default => 0
  
   attr_accessible :video_url
@@ -35,14 +34,14 @@ class VideoPlugin::Video &lt; Article
   def self.description
     _('Display embedded videos.')
   end
-  
+
   def is_youtube?
     VideoPlugin::Video.is_youtube?(self.video_url)
   end
  
   def is_vimeo?
     VideoPlugin::Video.is_vimeo?(self.video_url)
-  end  
+  end
  
   include ActionView::Helpers::TagHelper
   def to_html(options={})
@@ -14,7 +14,8 @@ class VideoPlugin::VideoGallery &lt; Folder
     errors.add(:parent, "A video gallery should not belong to a blog.") if parent && parent.blog?
   end
  
-  acts_as_having_settings :field => :setting
+  extend ActsAsHavingSettings::ClassMethods
+  acts_as_having_settings field: :setting
  
   xss_terminate :only => [ :body ], :with => 'white_list', :on => 'validation'
  
@@ -4,8 +4,6 @@ class EnvironmentDesignControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = EnvironmentDesignController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     Environment.delete_all
     User.delete_all
@@ -4,8 +4,6 @@ class ProfileDesignControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ProfileDesignController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     user = create_user('testinguser')
     login_as(user.login)
@@ -46,6 +46,11 @@ class VideoTest &lt; ActiveSupport::TestCase
     assert_equal thumbnail_fitted_height, @video.thumbnail_fitted_height
   end
  
+  should "have dimensions of default thumbnail" do
+    assert @video.video_thumbnail_height.present? && @video.video_thumbnail_height > 0
+    assert @video.video_thumbnail_width.present? && @video.video_thumbnail_width > 0
+  end
+
   should "show a no_browser_support_message" do
     assert_equal @video.no_browser_support_message, '<p class="vjs-no-js">To view this video please enable JavaScript, and consider upgrading to a web browser that <a href="http://videojs.com/html5-video-support/" target="_blank">supports HTML5 video</a></p>'
   end
@@ -50,13 +50,13 @@ class WorkAssignmentPlugin::EmailContact
       mail(options)
     end
  
-    def build_mail_message(email_contact, uploaded_files)
+    def self.build_mail_message(email_contact, uploaded_files)
       message = ""
       if uploaded_files && uploaded_files.first && uploaded_files.first.parent && uploaded_files.first.parent.parent
         article = uploaded_files.first.parent.parent
         message = article.default_email + "<br>"
         uploaded_files.each do |file|
-          url = url_for(file.url)
+          url = Rails.application.routes.url_helpers.url_for(file.url)
           message += "<br><a href='#{url}'>#{url}</a>"
         end
       end
@@ -16,7 +16,7 @@ module WorkAssignmentPlugin::Helper
   end
  
   def display_author_folder(author_folder, user)
-    return if author_folder.children.empty?
+    return if author_folder.children(true).empty?
     content_tag('tr',
       content_tag('td', link_to_last_submission(author_folder, user)) +
       content_tag('td', time_format(author_folder.children.last.created_at)) +
@@ -5,8 +5,7 @@ class CmsControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = CmsController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @person = create_user('test_user').person
     login_as :test_user
     e = Environment.default
@@ -5,8 +5,7 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ContentViewerController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @profile = create_user('testinguser').person
  
     @organization = fast_create(Organization)
@@ -35,6 +34,14 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
     assert_response :success
   end
  
+  should 'display users submissions' do
+    folder = work_assignment.find_or_create_author_folder(@person)
+    submission = UploadedFile.create!(:uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'), :profile => organization, :parent => folder)
+    get :view_page, :profile => @organization.identifier, :page => work_assignment.path
+    assert_response :success
+    assert_match /rails.png/, @response.body
+  end
+
   should "display 'Upload files' when create children of image gallery" do
     login_as(profile.identifier)
     f = Gallery.create!(:name => 'gallery', :profile => profile)
@@ -5,8 +5,7 @@ class WorkAssignmentPluginMyprofileControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = WorkAssignmentPluginMyprofileController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @person = create_user('test_user').person
     login_as :test_user
     e = Environment.default
@@ -26,6 +26,8 @@
 *= require pagination.js
 * views speficics
 *= require add-and-join.js
+*= require followers.js
+*= require manage-followers.js
 *= require report-abuse.js
 *= require autogrow.js
 *= require require_login.js
@@ -550,6 +552,11 @@ function loading_for_button(selector) {
   jQuery(selector).css('cursor', 'progress');
 }
  
+function hide_loading_for_button(selector) {
+  selector.css("cursor","");
+  $(".small-loading").remove();
+}
+
 function new_qualifier_row(selector, select_qualifiers, delete_button) {
   index = jQuery(selector + ' tr').size() - 1;
   jQuery(selector).append("<tr><td>" + select_qualifiers + "</td><td id='certifier-area-" + index + "'><select></select>" + delete_button + "</td></tr>");
@@ -0,0 +1,81 @@
+$("#action-follow").live("click", function() {
+  var button = $(this);
+  var url = button.attr("href");
+  loading_for_button(button);
+
+  $.post(url, function(data) {
+    button.fadeOut("fast", function() {
+      $("#circles-container").html(data);
+      $("#circles-container").fadeIn();
+    });
+  }).always(function() {
+    hide_loading_for_button(button);
+  });
+  return false;
+});
+
+$("#cancel-set-circle").live("click", function() {
+  $("#circles-container").fadeOut("fast", function() {
+    $("#action-follow").fadeIn();
+  });
+  return false;
+});
+
+$("#new-circle").live("click", function() {
+  $(this).fadeOut();
+  $("#circle-actions").fadeOut("fast", function() {
+    $("#new-circle-form").fadeIn();
+  });
+  return false;
+});
+
+$("#new-circle-cancel").live("click", function() {
+  $("#new-circle-form").fadeOut("fast", function() {
+    $("#circle-actions").fadeIn();
+    $("#new-circle").fadeIn();
+    $("#text-field-name-new-circle").val('')
+  });
+  return false;
+});
+
+$('#follow-circles-form').live("submit", function() {
+  var valuesToSubmit = $(this).serialize();
+  $.ajax({
+    type: "POST",
+    url: $(this).attr('action'),
+    data: valuesToSubmit,
+    dataType: "JSON",
+    statusCode: {
+      200: function(response){
+        $("#circles-container").fadeOut();
+        $("#action-unfollow").fadeIn();
+        $.colorbox.close();
+        display_notice(response.responseText);
+      },
+      400: function(response) {
+        display_notice(response.responseText);
+      }
+    }
+  })
+    return false;
+});
+
+$("#new-circle-submit").live("click", function() {
+  $.ajax({
+    method: 'POST',
+    url: $(this).attr("href"),
+    data: {'circle[name]': $("#text-field-name-new-circle").val(),
+      'circle[profile_type]': $("#circle_profile_type").val()},
+    success: function(response) {
+      $('#circles-checkboxes').append(response);
+    },
+    error: function(response) {
+      display_notice(response.responseText);
+    },
+    complete: function(response) {
+      $("#text-field-name-new-circle").val('')
+      $("#new-circle-cancel").trigger("click");
+    }
+  })
+  return false;
+});
@@ -0,0 +1,9 @@
+$('#profile-type-filter').live('change', function() {
+  var filter_type = $(this).val();
+  $(".profile-list").addClass("fetching");
+  $.get(window.location.pathname, {filter: filter_type}, function(data) {
+    $(".main-content").html(data);
+  }).fail(function(data) {
+    $(".profile-list").removeClass("fetching");
+  });
+});
@@ -99,3 +99,44 @@
   margin: 0px 0px 5px 0px;
   padding: 2px;
 }
+#circles-container {
+  background-color: #eee;
+  padding: 5px;
+  display: flex;
+}
+#circles-container p {
+  font-size: 12px;
+  margin-bottom: 5px;
+}
+#circle-actions {
+  margin-top: 15px;
+}
+#new-category-field-actions-block {
+  float: left;
+  width: 80%;
+  margin-bottom: 10px;
+}
+#new-circle-form {
+  margin-top: 10px;
+}
+#new-circle-form input {
+  width: 90px;
+}
+#new-circle-form select {
+  margin-top: 2px;
+  width: 95px;
+}
+#new-circle-form label {
+  font-size: 10px;
+  margin-right: 5px;
+}
+#new-circle-form .button-bar {
+  padding-top: 0px;
+}
+#new-circle-form .button {
+  width: 60px;
+}
+#new-circle-form .button-bar .button {
+  width: 40px;
+  font-size: 10px;
+}
@@ -167,7 +167,9 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img {
  
 #profile-wall li.profile-activity-item.join_community .profile-activity-text a img,
 #profile-wall li.profile-activity-item.new_friendship .profile-activity-text a img,
+#profile-wall li.profile-activity-item.new_follower .profile-activity-text a img,
 #profile-network li.profile-activity-item.join_community .profile-activity-text a img,
+#profile-network li.profile-activity-item.new_follower .profile-activity-text a img,
 #profile-network li.profile-activity-item.new_friendship .profile-activity-text a img {
   margin: 5px 5px 0 0;
   padding: 1px;
@@ -263,3 +263,6 @@
   -webkit-border-radius: 5px;
 }
  
+#profile_allow_follows {
+  margin-top: 10px;
+}
@@ -23,6 +23,7 @@
 }
 .controller-favorite_enterprises .profile-list a.profile-link,
 .controller-friends .profile-list a.profile-link,
+.controller-followers .profile-list a.profile-link,
 .list-profile-connections .profile-list a.profile-link,
 .profiles-suggestions .profile-list a.profile-link {
   text-decoration: none;
@@ -32,11 +33,13 @@
 }
 .controller-favorite_enterprises .profile-list a.profile-link:hover,
 .controller-friends .profile-list a.profile-link:hover,
+.controller-followers .profile-list a.profile-link:hover,
 .profiles-suggestions .profile-list a.profile-link:hover {
   color: #FFF;
 }
 .controller-favorite_enterprises .profile-list .profile_link span,
 .controller-friends .profile-list .profile_link span,
+.controller-followers .profile-list .profile_link span,
 .box-1 .profiles-suggestions .profile-list .profile_link span {
   width: 80px;
   display: block;
@@ -44,12 +47,14 @@
 }
 .controller-favorite_enterprises .profile-list,
 .controller-friends .profile-list,
+.controller-followers .profile-list,
 .profiles-suggestions .profile-list {
   position: relative;
 }
  
 .controller-favorite_enterprises .profile-list .controll,
 .controller-friends .profile-list .controll,
+.controller-followers .profile-list .controll,
 .profiles-suggestions .profile-list .controll {
   position: absolute;
   top: 7px;
@@ -57,17 +62,20 @@
 }
 .controller-favorite_enterprises .profile-list .controll a,
 .controller-friends .profile-list .controll a,
+.controller-followers .profile-list .controll a,
 .profiles-suggestions .profile-list .controll a {
   display: block;
   margin-bottom: 2px;
 }
 .controller-favorite_enterprises .msie6 .profile-list .controll a,
 .controller-friends .msie6 .profile-list .controll a,
+.controller-folloed_people .msie6 .profile-list .controll a,
 .profiles-suggestions .msie6 .profile-list .controll a {
   width: 0px;
 }
 .controller-favorite_enterprises .button-bar,
 .controller-friends .button-bar,
+.controller-followers .button-bar,
 .profiles-suggestions .button-bar {
   clear: both;
   padding-top: 20px;
@@ -208,22 +216,35 @@
   font-size: 12px;
 }
 .action-profile-members .profile_link{
-	position: relative;
+  position: relative;
 }
 .action-profile-members .profile_link span.new-profile:last-child{
-	position: absolute;
-	top: 3px;
-	right: 2px;
-	text-transform: uppercase;
-	color: #FFF;
-	font-size: 9px;
-	background: #66CC33;
-	padding: 2px;
-	display: block;
-	width: 35px;
-	font-weight: 700;
+  position: absolute;
+  top: 3px;
+  right: 2px;
+  text-transform: uppercase;
+  color: #FFF;
+  font-size: 9px;
+  background: #66CC33;
+  padding: 2px;
+  display: block;
+  width: 35px;
+  font-weight: 700;
 }
 .action-profile-members .profile_link .fn{
-	font-style: normal;
-	color: #000;
+  font-style: normal;
+  color: #000;
+}
+.category-name {
+  margin-top: 0px;
+  margin-bottom: 0px;
+  font-style: italic;
+  color: #888a85;
+  text-align: center;
+}
+.set-category-modal {
+  width: 250px;
+}
+.set-category-modal #actions-container {
+  margin-top: 20px
 }
@@ -39,3 +39,12 @@
   width: 470px;
   overflow-x: hidden;
 }
+
+#circles-checkboxes {
+  text-align: left;
+  margin-left: 15%;
+}
+
+#circles-checkboxes .circle:last-child {
+  margin-bottom: 10px;
+}
@@ -7,7 +7,7 @@ export DEBIAN_INTERFACE=noninteractive
  
 run sudo apt-get install -qy dctrl-tools
  
-packages=$(grep-dctrl -n -s Build-Depends,Depends,Recommends -S -X noosfero debian/control | sed -e 's/([^)]*)//g; s/,\s*/\n/g' | grep -v 'rake\|ruby\|thin\|debhelper\|cucumber\|rail\|memcached\|debconf\|dbconfig-common\|misc:Depends\|adduser\|mail-transport-agent')
+packages=$(grep-dctrl -n -s Build-Depends,Depends,Recommends -S -X noosfero debian/control | sed -e 's/([^)]*)//g; s/,\s*/\n/g' | grep -v 'rake\|ruby\|thin\|debhelper\|cucumber\|rail\|memcached\|debconf\|dbconfig-common\|misc:Depends\|adduser\|mail-transport-agent\|bundler\|unicorn')
  
 run sudo apt-get install -qy ruby1.9.1-full build-essential libxml2-dev libxslt-dev libpq-dev libmagickcore-dev libmagickwand-dev $packages
  
@@ -5,7 +5,6 @@ class BoxesTest &lt; ActiveSupport::TestCase
   def setup
     create_and_activate_user
     login_api
-#    @request = ActionController::TestRequest.new
   end
  
   kinds= %w[Profile Community Person Enterprise Environment]
@@ -397,4 +397,62 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_not_nil person.image
     assert_equal person.image.filename, base64_image[:filename]
   end
+
+  should 'add logged person as member of a profile' do
+    login_api
+    profile = fast_create(Community)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['pending'], false
+    assert person.is_member_of?(profile)
+  end
+
+  should 'create task when add logged person as member of a moderated profile' do
+    login_api
+    profile = fast_create(Community, public_profile: false)
+    profile.add_member(create_user.person)
+    profile.closed = true
+    profile.save!
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['pending'], true
+    assert !person.is_member_of?(profile)
+  end
+
+  should 'remove logged person as member of a profile' do
+    login_api
+    profile = fast_create(Community)
+    profile.add_member(person)
+    delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal person.identifier, json['person']['identifier']
+    assert !person.is_member_of?(profile)
+  end
+
+  should 'forbid access to add members for non logged user' do
+    profile = fast_create(Community)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'forbid access to remove members for non logged user' do
+    profile = fast_create(Community)
+    delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'forbid to add person as member when the profile does not allow' do
+    login_api
+    profile = fast_create(Person)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'forbid to add person as member when the profile is secret' do
+    login_api
+    profile = fast_create(Community, secret: true)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert !person.is_member_of?(profile)
+    assert_equal 403, last_response.status
+  end
 end
@@ -11,8 +11,7 @@ class AccountControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = AccountController.new
-    @request = ActionController::TestRequest.new
-    @response = ActionController::TestResponse.new
+
     disable_signup_bot_check
   end
  
@@ -6,8 +6,7 @@ class AdminPanelControllerTest &lt; ActionController::TestCase
   all_fixtures
   def setup
     @controller = AdminPanelController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     login_as(create_admin_user(Environment.default))
   end
  
@@ -4,10 +4,9 @@ require &#39;test_controller&#39;
  
 class ApplicationControllerTest < ActionController::TestCase
   all_fixtures
+
   def setup
     @controller = TestController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
   end
  
   def test_detection_of_environment_by_host
@@ -50,7 +49,7 @@ class ApplicationControllerTest &lt; ActionController::TestCase
     current = fast_create(Environment, :name => 'test environment')
     current.domains.create!(:name => 'example.com')
  
-    @request.expects(:host).returns('example.com').at_least_once
+    @request.env['HTTP_HOST'] = 'example.com'
     get :index
  
     assert_equal current, assigns(:environment)
@@ -5,8 +5,6 @@ class CategoriesControllerTest &lt; ActionController::TestCase
   all_fixtures
   def setup
     @controller = CategoriesController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @env = fast_create(Environment, :name => "My test environment")
     Environment.stubs(:default).returns(env)
@@ -0,0 +1,129 @@
+require_relative "../test_helper"
+require 'circles_controller'
+
+class CirclesControllerTest < ActionController::TestCase
+
+  def setup
+    @controller = CirclesController.new
+    @person = create_user('person').person
+    login_as(@person.identifier)
+  end
+
+  should 'return all circles of a profile' do
+    circle1 = Circle.create!(:name => "circle1", :person => @person, :profile_type => 'Person')
+    circle2 = Circle.create!(:name => "circle2", :person => @person, :profile_type => 'Person')
+    get :index, :profile => @person.identifier
+
+    assert_equivalent [circle1, circle2], assigns[:circles]
+  end
+
+  should 'initialize an empty circle for creation' do
+    get :new, :profile => @person.identifier
+    assert_nil assigns[:circle].id
+    assert_nil assigns[:circle].name
+  end
+
+  should 'create a new circle' do
+    assert_difference '@person.circles.count' do
+      post :create, :profile => @person.identifier,
+                    :circle => { :name => 'circle' , :profile_type => Person.name}
+    end
+    assert_redirected_to :action => :index
+  end
+
+  should 'not create a circle without a name' do
+    assert_no_difference '@person.circles.count' do
+      post :create, :profile => @person.identifier, :circle => { :name => nil }
+    end
+    assert_template :new
+  end
+
+  should 'retrieve an existing circle when editing' do
+    circle = Circle.create!(:name => "circle", :person => @person, :profile_type => 'Person')
+    get :edit, :profile => @person.identifier, :id => circle.id
+    assert_equal circle.name, assigns[:circle].name
+  end
+
+  should 'return 404 when editing a circle that does not exist' do
+    get :edit, :profile => @person.identifier, :id => "nope"
+    assert_response 404
+  end
+
+  should 'update an existing circle' do
+    circle = Circle.create!(:name => "circle", :person => @person, :profile_type => 'Person')
+    post :update, :profile => @person.identifier, :id => circle.id,
+                  :circle => { :name => "new name" }
+
+    circle.reload
+    assert_equal "new name", circle.name
+    assert_redirected_to :action => :index
+  end
+
+  should 'not update an existing circle without a name' do
+    circle = Circle.create!(:name => "circle", :person => @person, :profile_type => 'Person')
+    post :update, :profile => @person.identifier, :id => circle.id,
+                  :circle => { :name => nil }
+
+    circle.reload
+    assert_equal "circle", circle.name
+    assert_template :edit
+  end
+
+  should 'return 404 when updating a circle that does not exist' do
+    post :update, :profile => @person.identifier, :id => "nope", :name => "new name"
+    assert_response 404
+  end
+
+  should 'destroy an existing circle and update related profiles' do
+    circle = Circle.create!(:name => "circle", :person => @person, :profile_type => 'Person')
+    follower = fast_create(ProfileFollower, :profile_id => fast_create(Person).id,
+                           :circle_id => circle.id)
+
+    assert_difference "@person.circles.count", -1 do
+      post :destroy, :profile => @person.identifier, :id => circle.id
+    end
+
+    follower.reload
+    assert_nil follower.circle
+  end
+
+  should 'not destroy an existing circle if action is not post' do
+    circle = Circle.create!(:name => "circle", :person => @person, :profile_type => 'Person')
+
+    assert_no_difference "@person.circles.count" do
+      get :destroy, :profile => @person.identifier, :id => circle.id
+    end
+    assert_response 404
+  end
+
+  should 'return 404 when deleting and circle that does not exist' do
+    get :destroy, :profile => @person.identifier, :id => "nope"
+    assert_response 404
+  end
+
+  should 'return 404 for xhr_create if request is not xhr' do
+    post :xhr_create, :profile => @person.identifier
+    assert_response 404
+  end
+
+  should 'return 400 if not possible to create circle via xhr' do
+    xhr :post, :xhr_create, :profile => @person.identifier,
+                            :circle => { :name => 'Invalid Circle' }
+    assert_response 400
+  end
+
+  should 'create a new circle via xhr' do
+    xhr :post, :xhr_create, :profile => @person.identifier,
+                            :circle => { :name => 'A Brand New Circle',
+                                         :profile_type => Person.name }
+    assert_response 201
+    assert_match /A Brand New Circle/, response.body
+  end
+
+  should 'not create a new circle via xhr with an invalid profile_type' do
+    xhr :post, :xhr_create, :profile => @person.identifier,
+                            :circle => { :name => 'A Brand New Circle',
+                                         :profile_type => '__invalid__' }
+    assert_response 400
+  end
+end
@@ -5,8 +5,6 @@ class CommentControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = CommentController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @profile = create_user('testinguser').person
     @environment = @profile.environment
@@ -8,8 +8,6 @@ class ContactControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ContactController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @profile = create_user('contact_test_user').person
     @enterprise = fast_create(Enterprise, :identifier => 'contact_test_enterprise', :name => 'Test contact enteprise')
@@ -7,8 +7,6 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ContentViewerController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @profile = create_user('testinguser').person
     @environment = @profile.environment
@@ -220,8 +218,7 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
     profile.domains << Domain.create!(:name => 'micojones.net')
     profile.save!
  
-    ActionController::TestRequest.any_instance.expects(:host).returns('www.micojones.net').at_least_once
-
+    @request.env['HTTP_HOST'] = 'www.micojones.net'
     get :view_page, :page => []
  
     assert_equal profile, assigns(:profile)
@@ -7,8 +7,7 @@ class EditTemplateControllerTest &lt; ActionController::TestCase
   all_fixtures
   def setup
     @controller = EditTemplateController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     login_as 'ze'
   end
  
@@ -9,8 +9,7 @@ class EnterpriseRegistrationControllerTest &lt; ActionController::TestCase
   def setup
     super
     @controller = EnterpriseRegistrationController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     login_as 'ze'
   end
  
@@ -7,8 +7,6 @@ class EnterpriseValidationControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = EnterpriseValidationController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     login_as 'ze'
     @user = Profile['ze']
@@ -7,8 +7,7 @@ class EnvironmentDesignControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = EnvironmentDesignController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     Noosfero::Plugin::Manager.any_instance.stubs(:enabled_plugins).returns([])
   end
  
@@ -4,8 +4,6 @@ require &#39;environment_role_manager_controller&#39;
 class EnvironmentRoleManagerControllerTest < ActionController::TestCase
   def setup
     @controller = EnvironmentRoleManagerController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
   end
  
 end
@@ -4,8 +4,6 @@ class EnvironmentThemesControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = EnvironmentThemesController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     Theme.stubs(:user_themes_dir).returns(TMP_THEMES_DIR)
  
@@ -6,8 +6,6 @@ class FavoriteEnterprisesControllerTest &lt; ActionController::TestCase
   self.default_params = {profile: 'testuser'}
   def setup
     @controller = FavoriteEnterprisesController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     self.profile = create_user('testuser').person
     self.favorite_enterprise = fast_create(Enterprise, :name => 'the_enterprise', :identifier => 'the_enterprise')
@@ -6,8 +6,6 @@ class FeaturesControllerTest &lt; ActionController::TestCase
   all_fixtures
   def setup
     @controller = FeaturesController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     login_as(create_admin_user(Environment.find(2)))
   end
@@ -0,0 +1,58 @@
+require_relative "../test_helper"
+require 'followers_controller'
+
+class FollowersControllerTest < ActionController::TestCase
+  def setup
+    @profile = create_user('testuser').person
+  end
+
+  should 'return followed people list' do
+    login_as(@profile.identifier)
+    person = fast_create(Person)
+    circle = Circle.create!(:person=> @profile, :name => "Zombies", :profile_type => 'Person')
+    fast_create(ProfileFollower, :profile_id => person.id, :circle_id => circle.id)
+
+    get :index, :profile => @profile.identifier
+    assert_includes assigns(:followed_people), person
+  end
+
+  should 'return filtered followed people list' do
+    login_as(@profile.identifier)
+    person = fast_create(Person)
+    community = fast_create(Community)
+    circle = Circle.create!(:person=> @profile, :name => "Zombies", :profile_type => 'Person')
+    circle2 = Circle.create!(:person=> @profile, :name => "Teams", :profile_type => 'Community')
+    fast_create(ProfileFollower, :profile_id => person.id, :circle_id => circle.id)
+    fast_create(ProfileFollower, :profile_id => community.id, :circle_id => circle2.id)
+
+    get :index, :profile => @profile.identifier, :filter => "Community"
+    assert_equal assigns(:followed_people), [community]
+
+    get :index, :profile => @profile.identifier, :filter => "Person"
+    assert_equal assigns(:followed_people), [person]
+  end
+
+  should 'redirect to login page if not logged in' do
+    get :index, :profile => @profile.identifier
+    assert_redirected_to :controller => 'account', :action => 'login'
+  end
+
+  should 'render set category modal' do
+    login_as(@profile.identifier)
+    person = fast_create(Person)
+    get :set_category_modal, :profile => @profile.identifier, :followed_profile_id => person.id
+    assert_tag :tag => "input", :attributes => { :id => "followed_profile_id", :value => person.id }
+  end
+
+  should 'update followed person category' do
+    login_as(@profile.identifier)
+    person = fast_create(Person)
+    circle = Circle.create!(:person=> @profile, :name => "Zombies", :profile_type => 'Person')
+    circle2 = Circle.create!(:person=> @profile, :name => "DotA", :profile_type => 'Person')
+    fast_create(ProfileFollower, :profile_id => person.id, :circle_id => circle.id)
+
+    post :update_category, :profile => @profile.identifier, :circles => {"DotA"=> circle2.id}, :followed_profile_id => person.id
+    assert_equivalent ProfileFollower.with_profile(person).with_follower(@profile).map(&:circle), [circle2]
+  end
+
+end
@@ -6,8 +6,6 @@ class FriendsControllerTest &lt; ActionController::TestCase
   self.default_params = {profile: 'testuser'}
   def setup
     @controller = FriendsController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     self.profile = create_user('testuser').person
     self.friend = create_user('thefriend').person
@@ -10,8 +10,6 @@ class HomeControllerTest &lt; ActionController::TestCase
   all_fixtures
   def setup
     @controller = HomeController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
   end
  
   should 'not display news from portal if disabled in environment' do
@@ -5,8 +5,7 @@ class LicensesControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = LicensesController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @environment = Environment.default
     login_as(create_admin_user(@environment))
   end
@@ -4,8 +4,7 @@ class MailconfControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = MailconfController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     User.destroy_all
     @user = create_user('ze')
  
@@ -5,8 +5,6 @@ class MapBalloonControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = MapBalloonController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @profile = create_user('test_profile').person
     login_as(@profile.identifier)
@@ -6,8 +6,6 @@ class MapsControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = MapsController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @profile = create_user('test_profile').person
     login_as(@profile.identifier)
@@ -7,8 +7,6 @@ class MembershipsControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = MembershipsController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @profile = create_user('testuser').person
     login_as('testuser')
@@ -13,8 +13,6 @@ class MyProfileControllerTest &lt; ActionController::TestCase
   all_fixtures
   def setup
     @controller = MyProfileController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
   end
  
   def test_should_allow_person
@@ -5,8 +5,6 @@ class OrganizationsControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = OrganizationsController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @environment = Environment.default
  
@@ -6,8 +6,7 @@ class PluginsControllerTest &lt; ActionController::TestCase
   all_fixtures
   def setup
     @controller = PluginsController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @environment = Environment.default
     login_as(create_admin_user(@environment))
   end
@@ -771,12 +771,15 @@ class ProfileControllerTest &lt; ActionController::TestCase
     assert_equal 15, assigns(:activities).size
   end
  
-  should 'not see the friends activities in the current profile' do
+  should 'not see the followers activities in the current profile' do
+    circle = Circle.create!(:person=> profile, :name => "Zombies", :profile_type => 'Person')
+
     p2 = create_user.person
-    refute profile.is_a_friend?(p2)
+    refute profile.follows?(p2)
     p3 = create_user.person
-    p3.add_friend(profile)
-    assert p3.is_a_friend?(profile)
+    profile.follow(p3, circle)
+    assert profile.follows?(p3)
+
     ActionTracker::Record.destroy_all
  
     scrap1 = create(Scrap, defaults_for_scrap(:sender => p2, :receiver => p3))
@@ -964,7 +967,11 @@ class ProfileControllerTest &lt; ActionController::TestCase
   should 'have activities defined if logged in and is following profile' do
     login_as(profile.identifier)
     p1= fast_create(Person)
-    p1.add_friend(profile)
+
+    circle = Circle.create!(:person=> profile, :name => "Zombies", :profile_type => 'Person')
+
+    profile.follow(p1, circle)
+
     ActionTracker::Record.destroy_all
     get :index, :profile => p1.identifier
     assert_equal [], assigns(:activities)
@@ -1932,4 +1939,110 @@ class ProfileControllerTest &lt; ActionController::TestCase
     assert_redirected_to :controller => 'account', :action => 'login'
   end
  
+  should 'not follow a user without defining a circle' do
+    login_as(@profile.identifier)
+    person = fast_create(Person)
+    assert_no_difference 'ProfileFollower.count' do
+      post :follow, :profile => person.identifier, :circles => {}
+    end
+  end
+
+  should "not follow user if not logged" do
+    person = fast_create(Person)
+    get :follow, :profile => person.identifier
+
+    assert_redirected_to :controller => 'account', :action => 'login'
+  end
+
+  should 'follow a user with a circle' do
+    login_as(@profile.identifier)
+    person = fast_create(Person)
+
+    circle = Circle.create!(:person=> @profile, :name => "Zombies", :profile_type => 'Person')
+
+    assert_difference 'ProfileFollower.count' do
+      post :follow, :profile => person.identifier, :circles => {"Zombies" => circle.id}
+    end
+  end
+
+  should 'follow a user with more than one circle' do
+    login_as(@profile.identifier)
+    person = fast_create(Person)
+
+    circle = Circle.create!(:person=> @profile, :name => "Zombies", :profile_type => 'Person')
+    circle2 = Circle.create!(:person=> @profile, :name => "Brainsss", :profile_type => 'Person')
+
+    assert_difference 'ProfileFollower.count', 2 do
+      post :follow, :profile => person.identifier, :circles => {"Zombies" => circle.id, "Brainsss"=> circle2.id}
+    end
+  end
+
+  should 'not follow a user with no circle selected' do
+    login_as(@profile.identifier)
+    person = fast_create(Person)
+
+    circle = Circle.create!(:person=> @profile, :name => "Zombies", :profile_type => 'Person')
+    circle2 = Circle.create!(:person=> @profile, :name => "Brainsss", :profile_type => 'Person')
+
+    assert_no_difference 'ProfileFollower.count' do
+      post :follow, :profile => person.identifier, :circles => {"Zombies" => "0", "Brainsss" => "0"}
+    end
+
+    assert_match /Select at least one circle to follow/, response.body
+  end
+
+  should 'not follow if current_person already follows the person' do
+    login_as(@profile.identifier)
+    person = fast_create(Person)
+
+    circle = Circle.create!(:person=> @profile, :name => "Zombies", :profile_type => 'Person')
+    fast_create(ProfileFollower, :profile_id => person.id, :circle_id => circle.id)
+
+    assert_no_difference 'ProfileFollower.count' do
+      post :follow, :profile => person.identifier, :follow => { :circles => {"Zombies" => circle.id} }
+    end
+    assert_response 400
+  end
+
+  should "not unfollow user if not logged" do
+    person = fast_create(Person)
+    post :unfollow, :profile => person.identifier
+
+    assert_redirected_to :controller => 'account', :action => 'login'
+  end
+
+  should "unfollow a followed person" do
+    login_as(@profile.identifier)
+    person = fast_create(Person)
+
+    circle = Circle.create!(:person=> @profile, :name => "Zombies", :profile_type => 'Person')
+    follower = fast_create(ProfileFollower, :profile_id => person.id, :circle_id => circle.id)
+
+    assert_not_nil follower
+
+    post :unfollow, :profile => person.identifier
+    follower = ProfileFollower.find_by(:profile_id => person.id, :circle_id => circle.id)
+    assert_nil follower
+  end
+
+  should "not unfollow a not followed person" do
+    login_as(@profile.identifier)
+    person = fast_create(Person)
+
+    assert_no_difference 'ProfileFollower.count' do
+      post :unfollow, :profile => person.identifier
+    end
+  end
+
+  should "redirect to page after unfollow" do
+    login_as(@profile.identifier)
+    person = fast_create(Person)
+
+    circle = Circle.create!(:person=> @profile, :name => "Zombies", :profile_type => 'Person')
+    fast_create(ProfileFollower, :profile_id => person.id, :circle_id => circle.id)
+
+    post :unfollow, :profile => person.identifier, :redirect_to => "/some/url"
+    assert_redirected_to "/some/url"
+  end
+
 end
@@ -11,8 +11,6 @@ class ProfileDesignControllerTest &lt; ActionController::TestCase
   attr_reader :holder
   def setup
     @controller = ProfileDesignController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @profile = @holder = create_user('designtestuser').person
     holder.save!
@@ -6,8 +6,7 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ProfileEditorController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @profile = create_user('default_user').person
     Environment.default.affiliate(@profile, [Environment::Roles.admin(Environment.default.id)] + Profile::Roles.all_roles(Environment.default.id))
     login_as('default_user')
@@ -643,9 +642,10 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
  
     profile.domains << Domain.new(:name => 'myowndomain.net')
     profile.environment.domains << Domain.new(:name => 'myenv.net')
-    ActionController::TestRequest.any_instance.stubs(:host).returns(profile.hostname)
  
+    @request.env['HTTP_HOST'] = profile.hostname
     get :edit, :profile => profile.identifier
+
     assert_tag :tag => 'select', :attributes => { :name => 'profile_data[preferred_domain_id]' }, :descendant => { :tag => "option", :content => 'myowndomain.net' }
     assert_tag :tag => 'select', :attributes => { :name => 'profile_data[preferred_domain_id]' }, :descendant => { :tag => "option", :content => 'myenv.net' }
  
@@ -659,9 +659,10 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
  
     profile.domains << Domain.new(:name => 'myowndomain.net')
     profile.environment.domains << Domain.new(:name => 'myenv.net')
-    ActionController::TestRequest.any_instance.stubs(:host).returns(profile.hostname)
  
+    @request.env['HTTP_HOST'] = profile.hostname
     get :edit, :profile => profile.identifier
+
     assert_tag :tag => "select", :attributes => { :name => 'profile_data[preferred_domain_id]'}, :descendant => { :tag => 'option', :content => '&lt;Select domain&gt;', :attributes => { :value => '' } }
  
     post :edit, :profile => profile.identifier, :profile_data => { :preferred_domain_id => '' }
@@ -1112,8 +1113,10 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
   should 'not redirect if the profile_hostname is the same as environment hostname' do
     Person.any_instance.stubs(:hostname).returns('hostname.org')
     Environment.any_instance.stubs(:default_hostname).returns('hostname.org')
-    ActionController::TestRequest.any_instance.stubs(:host).returns('hostname.org')
+
+    @request.env['HTTP_HOST'] = 'hostname.org'
     get :index, :profile => profile.identifier
+
     assert_response :success
   end
  
@@ -5,8 +5,6 @@ class ProfileMembersControllerTest &lt; ActionController::TestCase
   def setup
     super
     @controller = ProfileMembersController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
   end
  
   should 'not access index if dont have permission' do
@@ -5,8 +5,7 @@ class ProfileRolesControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ProfileRolesController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @role = Role.first
   end
  
@@ -4,8 +4,6 @@ require &#39;profile_search_controller&#39;
 class ProfileSearchControllerTest < ActionController::TestCase
   def setup
     @controller = ProfileSearchController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @person = fast_create(Person)
   end
@@ -4,8 +4,6 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = ProfileThemesController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     Theme.stubs(:user_themes_dir).returns(TMP_THEMES_DIR)
  
@@ -5,8 +5,7 @@ class RegionValidatorsControllerTest &lt; ActionController::TestCase
   all_fixtures
   def setup
     @controller = RegionValidatorsController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     login_as('ze')
   end
  
@@ -6,8 +6,7 @@ class RoleControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = RoleController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @role = Role.first
     login_as(:ze)
   end
@@ -4,9 +4,6 @@ class SearchControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = SearchController.new
-    @request    = ActionController::TestRequest.new
-    @request.stubs(:ssl?).returns(false)
-    @response   = ActionController::TestResponse.new
  
     @environment = Environment.default
     @category = Category.create!(:name => 'my-category', :environment => @environment)
@@ -4,8 +4,6 @@ require &#39;system_controller&#39;
 class SystemControllerTest < ActionController::TestCase
   def setup
     @controller = SystemController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
   end
  
   # Replace this with your real tests.
@@ -7,8 +7,6 @@ class TasksControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = TasksController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     self.profile = create_user('testuser').person
     @controller.stubs(:profile).returns(profile)
@@ -5,8 +5,6 @@ class TemplatesControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = TemplatesController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @environment = Environment.default
     login_as(create_admin_user(@environment))
@@ -6,8 +6,7 @@ class TrustedSitesControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = TrustedSitesController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
+
     @role = Role.first
     @environment = Environment.default
     @environment.trusted_sites_for_iframe = ['existing.site.com']
@@ -5,8 +5,6 @@ class UsersControllerTest &lt; ActionController::TestCase
  
   def setup
     @controller = UsersController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
  
     @environment = Environment.default
  
@@ -1099,9 +1099,10 @@ class ArticleTest &lt; ActiveSupport::TestCase
     assert_equal 3, ActionTrackerNotification.where(action_tracker_id: second_activity.id).count
   end
  
-  should 'create notifications to friends when creating an article' do
+  should 'create notifications to followers when creating an article' do
     friend = fast_create(Person)
-    profile.add_friend(friend)
+    circle = Circle.create!(:person=> friend, :name => "Zombies", :profile_type => 'Person')
+    friend.follow(profile, circle)
     Article.destroy_all
     ActionTracker::Record.destroy_all
     ActionTrackerNotification.destroy_all
@@ -1112,9 +1113,10 @@ class ArticleTest &lt; ActiveSupport::TestCase
     assert_equal friend, ActionTrackerNotification.last.profile
   end
  
-  should 'create the notification to the friend when one friend has the notification and the other no' do
+  should 'create the notification to the follower when one follower has the notification and the other no' do
     f1 = fast_create(Person)
-    profile.add_friend(f1)
+    circle = Circle.create!(:person=> f1, :name => "Zombies", :profile_type => 'Person')
+    f1.follow(profile, circle)
  
     User.current = profile.user
     article = create TinyMceArticle, :name => 'Tracked Article 1', :profile_id => profile.id
@@ -1123,16 +1125,22 @@ class ArticleTest &lt; ActiveSupport::TestCase
     assert_equal 2, ActionTrackerNotification.where(action_tracker_id: article.activity.id).count
  
     f2 = fast_create(Person)
-    profile.add_friend(f2)
+    circle2 = Circle.create!(:person=> f2, :name => "Zombies", :profile_type => 'Person')
+    f2.follow(profile, circle2)
+
     article2 = create TinyMceArticle, :name => 'Tracked Article 2', :profile_id => profile.id
     assert_equal 2, ActionTracker::Record.where(verb: 'create_article').count
     process_delayed_job_queue
     assert_equal 3, ActionTrackerNotification.where(action_tracker_id: article2.activity.id).count
   end
  
-  should 'destroy activity and notifications of friends when destroying an article' do
+  should 'destroy activity and notifications of followers when destroying an article' do
     friend = fast_create(Person)
-    profile.add_friend(friend)
+
+    circle = Circle.create!(:person=> friend, :name => "Zombies", :profile_type => 'Person')
+
+    friend.follow(profile, circle)
+
     Article.destroy_all
     ActionTracker::Record.destroy_all
     ActionTrackerNotification.destroy_all
@@ -0,0 +1,19 @@
+require_relative "../test_helper"
+
+class CustomDesignTest < ActionView::TestCase
+
+  include CustomDesign
+  include ActionView::Helpers::TagHelper
+
+  def setup
+  end
+
+  should 'allow class instance customization of custom design' do
+    self.class.use_custom_design boxes_limit: 1
+    assert_equal({boxes_limit: 1}, self.custom_design)
+    @custom_design = {boxes_limit: 2}
+    assert_equal({boxes_limit: 2}, self.custom_design)
+
+  end
+
+end
@@ -282,7 +282,7 @@ class EventTest &lt; ActiveSupport::TestCase
   end
  
   should 'be translatable' do
-    assert_kind_of Noosfero::TranslatableContent, Event.new
+    assert_kind_of TranslatableContent, Event.new
   end
  
   should 'tiny mce editor is enabled' do
@@ -28,14 +28,14 @@ class FriendshipTest &lt; ActiveSupport::TestCase
     f.person = a
     f.friend = b
     f.save!
-    ta = ActionTracker::Record.last
+    ta = ActionTracker::Record.where(:target_type => "Friendship").last
     assert_equal a, ta.user
     assert_equal 'b', ta.get_friend_name[0]
     f = Friendship.new
     f.person = a
     f.friend = c
     f.save!
-    ta = ActionTracker::Record.last
+    ta = ActionTracker::Record.where(:target_type => "Friendship").last
     assert_equal a, ta.user
     assert_equal 'c', ta.get_friend_name[1]
   end
@@ -46,14 +46,14 @@ class FriendshipTest &lt; ActiveSupport::TestCase
     f.person = a
     f.friend = b
     f.save!
-    ta = ActionTracker::Record.last
+    ta = ActionTracker::Record.where(:target_type => "Friendship").last
     assert_equal a, ta.user
     assert_equal ['b'], ta.get_friend_name
     f = Friendship.new
     f.person = b
     f.friend = a
     f.save!
-    ta = ActionTracker::Record.last
+    ta = ActionTracker::Record.where(:target_type => "Friendship").last
     assert_equal b, ta.user
     assert_equal ['a'], ta.get_friend_name
   end
@@ -72,4 +72,55 @@ class FriendshipTest &lt; ActiveSupport::TestCase
     assert_not_includes p2.friends(true), p1
   end
  
+  should 'add follower when adding friend' do
+    p1 = create_user('testuser1').person
+    p2 = create_user('testuser2').person
+
+    assert_difference 'ProfileFollower.count', 2 do
+      p1.add_friend(p2, 'friends')
+      p2.add_friend(p1, 'friends')
+    end
+
+    assert_includes p1.followers(true), p2
+    assert_includes p2.followers(true), p1
+  end
+
+  should 'remove follower when a friend removal occurs' do
+    p1 = create_user('testuser1').person
+    p2 = create_user('testuser2').person
+
+    p1.add_friend(p2, 'friends')
+    p2.add_friend(p1, 'friends')
+
+    Friendship.remove_friendship(p1, p2)
+
+    assert_not_includes p1.followers(true), p2
+    assert_not_includes p2.followers(true), p1
+  end
+
+  should 'keep friendship intact when stop following' do
+    p1 = create_user('testuser1').person
+    p2 = create_user('testuser2').person
+
+    p1.add_friend(p2, 'friends')
+    p2.add_friend(p1, 'friends')
+
+    p1.unfollow(p2)
+
+    assert_includes p1.friends(true), p2
+    assert_includes p2.friends(true), p1
+  end
+
+  should 'do not add friendship when start following' do
+    p1 = create_user('testuser1').person
+    p2 = create_user('testuser2').person
+
+    circle1 = Circle.create!(:person=> p1, :name => "Zombies", :profile_type => 'Person')
+    circle2 = Circle.create!(:person=> p2, :name => "Zombies", :profile_type => 'Person')
+    p1.follow(p2, circle1)
+    p2.follow(p1, circle2)
+
+    assert_not_includes p1.friends(true), p2
+    assert_not_includes p2.friends(true), p1
+  end
 end
@@ -43,10 +43,12 @@ class NoosferoTest &lt; ActiveSupport::TestCase
   end
  
   should 'change locale temporarily' do
-    Noosfero.with_locale('pt') do
-      assert_equal 'pt', FastGettext.locale
+    current_locale = FastGettext.locale
+    another_locale = current_locale == 'pt' ? 'en' : 'pt'
+    Noosfero.with_locale(another_locale) do
+      assert_equal another_locale, FastGettext.locale
     end
-    assert_equal 'en', FastGettext.locale
+    assert_equal current_locale, FastGettext.locale
   end
  
   should "use default hostname of default environment as hostname of Noosfero instance" do
@@ -24,15 +24,21 @@ class NotifyActivityToProfilesJobTest &lt; ActiveSupport::TestCase
     end
   end
  
-  should 'notify just the users and his friends tracking user actions' do
+  should 'notify just the users and his followers tracking user actions' do
     person = fast_create(Person)
     community  = fast_create(Community)
     action_tracker = fast_create(ActionTracker::Record, :user_type => 'Profile', :user_id => person.id, :target_type => 'Profile', :verb => 'create_article')
     refute NotifyActivityToProfilesJob::NOTIFY_ONLY_COMMUNITY.include?(action_tracker.verb)
     p1, p2, m1, m2 = fast_create(Person), fast_create(Person), fast_create(Person), fast_create(Person)
-    fast_create(Friendship, :person_id => person.id, :friend_id => p1.id)
-    fast_create(Friendship, :person_id => person.id, :friend_id => p2.id)
-    fast_create(Friendship, :person_id => p1.id, :friend_id => m1.id)
+
+    circle1 = Circle.create!(:person=> p1, :name => "Zombies", :profile_type => 'Person')
+    circle2 = Circle.create!(:person=> p2, :name => "Zombies", :profile_type => 'Person')
+    circle = Circle.create!(:person=> person, :name => "Zombies", :profile_type => 'Person')
+
+    fast_create(ProfileFollower, :profile_id => person.id, :circle_id => circle1.id)
+    fast_create(ProfileFollower, :profile_id => person.id, :circle_id => circle2.id)
+    fast_create(ProfileFollower, :profile_id => m1.id, :circle_id => circle.id)
+
     fast_create(RoleAssignment, :accessor_id => m2.id, :role_id => 3, :resource_id => community.id)
     ActionTrackerNotification.delete_all
     job = NotifyActivityToProfilesJob.new(action_tracker.id)
@@ -66,23 +72,24 @@ class NotifyActivityToProfilesJobTest &lt; ActiveSupport::TestCase
     end
   end
  
-  should 'notify users its friends, the community and its members' do
+  should 'notify users its followers, the community and its members' do
     person = fast_create(Person)
     community  = fast_create(Community)
     action_tracker = fast_create(ActionTracker::Record, :user_type => 'Profile', :user_id => person.id, :target_type => 'Profile', :target_id => community.id, :verb => 'create_article')
     refute NotifyActivityToProfilesJob::NOTIFY_ONLY_COMMUNITY.include?(action_tracker.verb)
     p1, p2, m1, m2 = fast_create(Person), fast_create(Person), fast_create(Person), fast_create(Person)
-    fast_create(Friendship, :person_id => person.id, :friend_id => p1.id)
-    fast_create(Friendship, :person_id => person.id, :friend_id => p2.id)
+
+    circle1 = Circle.create!(:person=> p1, :name => "Zombies", :profile_type => 'Person')
+    fast_create(ProfileFollower, :profile_id => person.id, :circle_id => circle1.id)
+
     fast_create(RoleAssignment, :accessor_id => m1.id, :role_id => 3, :resource_id => community.id)
     fast_create(RoleAssignment, :accessor_id => m2.id, :role_id => 3, :resource_id => community.id)
     ActionTrackerNotification.delete_all
     job = NotifyActivityToProfilesJob.new(action_tracker.id)
     job.perform
     process_delayed_job_queue
-
-    assert_equal 6, ActionTrackerNotification.count
-    [person, community, p1, p2, m1, m2].each do |profile|
+    assert_equal 5, ActionTrackerNotification.count
+    [person, community, p1, m1, m2].each do |profile|
       notification = ActionTrackerNotification.find_by profile_id: profile.id
       assert_equal action_tracker, notification.action_tracker
     end
@@ -119,8 +126,13 @@ class NotifyActivityToProfilesJobTest &lt; ActiveSupport::TestCase
     action_tracker = fast_create(ActionTracker::Record, :user_type => 'Profile', :user_id => person.id, :target_type => 'Profile', :target_id => community.id, :verb => 'join_community')
     refute NotifyActivityToProfilesJob::NOTIFY_ONLY_COMMUNITY.include?(action_tracker.verb)
     p1, p2, m1, m2 = fast_create(Person), fast_create(Person), fast_create(Person), fast_create(Person)
-    fast_create(Friendship, :person_id => person.id, :friend_id => p1.id)
-    fast_create(Friendship, :person_id => person.id, :friend_id => p2.id)
+
+    circle1 = Circle.create!(:person=> p1, :name => "Zombies", :profile_type => 'Person')
+    circle2 = Circle.create!(:person=> p2, :name => "Zombies", :profile_type => 'Person')
+
+    fast_create(ProfileFollower, :profile_id => person.id, :circle_id => circle1.id)
+    fast_create(ProfileFollower, :profile_id => person.id, :circle_id => circle2.id)
+
     fast_create(RoleAssignment, :accessor_id => m1.id, :role_id => 3, :resource_id => community.id)
     fast_create(RoleAssignment, :accessor_id => m2.id, :role_id => 3, :resource_id => community.id)
     ActionTrackerNotification.delete_all
@@ -178,6 +178,7 @@ class PersonNotifierTest &lt; ActiveSupport::TestCase
     update_product: -> { create Product, profile: @profile, product_category: create(ProductCategory, environment: Environment.default) },
     remove_product: -> { create Product, profile: @profile, product_category: create(ProductCategory, environment: Environment.default) },
     favorite_enterprise: -> { create FavoriteEnterprisePerson, enterprise: create(Enterprise), person: @member },
+    new_follower: -> { @member }
   }
  
   ActionTrackerConfig.verb_names.each do |verb|
@@ -197,6 +198,7 @@ class PersonNotifierTest &lt; ActiveSupport::TestCase
         'friend_url' => '/', 'friend_profile_custom_icon' => [], 'friend_name' => ['joe'],
         'resource_name' => ['resource'], 'resource_profile_custom_icon' => [], 'resource_url' => ['/'],
         'enterprise_name' => 'coop', 'enterprise_url' => '/coop',
+        'follower_url' => '/', 'follower_profile_custom_icon' => [], 'follower_name' => ['joe'],
         'view_url'=> ['/'], 'thumbnail_path' => ['1'],
       }
       a.get_url = ''
@@ -728,7 +728,7 @@ class PersonTest &lt; ActiveSupport::TestCase
     assert_equal [s4], p2.scraps_received.not_replies
   end
  
-  should "the followed_by method be protected and true to the person friends and herself by default" do
+  should "the followed_by method return true to the person friends and herself by default" do
     p1 = fast_create(Person)
     p2 = fast_create(Person)
     p3 = fast_create(Person)
@@ -740,9 +740,9 @@ class PersonTest &lt; ActiveSupport::TestCase
     assert p1.is_a_friend?(p4)
  
     assert_equal true, p1.send(:followed_by?,p1)
-    assert_equal true, p1.send(:followed_by?,p2)
-    assert_equal true, p1.send(:followed_by?,p4)
-    assert_equal false, p1.send(:followed_by?,p3)
+    assert_equal true, p2.send(:followed_by?,p1)
+    assert_equal true, p4.send(:followed_by?,p1)
+    assert_equal false, p3.send(:followed_by?,p1)
   end
  
   should "the person follows her friends and herself by default" do
@@ -757,9 +757,9 @@ class PersonTest &lt; ActiveSupport::TestCase
     assert p4.is_a_friend?(p1)
  
     assert_equal true, p1.follows?(p1)
-    assert_equal true, p1.follows?(p2)
-    assert_equal true, p1.follows?(p4)
-    assert_equal false, p1.follows?(p3)
+    assert_equal true, p2.follows?(p1)
+    assert_equal true, p4.follows?(p1)
+    assert_equal false, p3.follows?(p1)
   end
  
   should "a person member of a community follows the community" do
@@ -836,18 +836,21 @@ class PersonTest &lt; ActiveSupport::TestCase
     assert_nil Scrap.find_by(id: scrap.id)
   end
  
-  should "the tracked action be notified to person friends and herself" do
+  should "the tracked action be notified to person followers and herself" do
     Person.destroy_all
     p1 = fast_create(Person)
     p2 = fast_create(Person)
     p3 = fast_create(Person)
     p4 = fast_create(Person)
  
-    p1.add_friend(p2)
-    assert p1.is_a_friend?(p2)
-    refute p1.is_a_friend?(p3)
-    p1.add_friend(p4)
-    assert p1.is_a_friend?(p4)
+    circle2 = Circle.create!(:person=> p2, :name => "Zombies", :profile_type => 'Person')
+    circle4 = Circle.create!(:person=> p4, :name => "Zombies", :profile_type => 'Person')
+
+    p2.follow(p1, circle2)
+    assert p2.follows?(p1)
+    refute p3.follows?(p1)
+    p4.follow(p1, circle4)
+    assert p4.follows?(p1)
  
     action_tracker = fast_create(ActionTracker::Record, :user_id => p1.id)
     ActionTrackerNotification.delete_all
@@ -880,17 +883,19 @@ class PersonTest &lt; ActiveSupport::TestCase
     end
   end
  
-  should "the tracked action notify friends with one delayed job process" do
+  should "the tracked action notify followers with one delayed job process" do
     p1 = fast_create(Person)
     p2 = fast_create(Person)
     p3 = fast_create(Person)
     p4 = fast_create(Person)
  
-    p1.add_friend(p2)
-    assert p1.is_a_friend?(p2)
-    refute p1.is_a_friend?(p3)
-    p1.add_friend(p4)
-    assert p1.is_a_friend?(p4)
+    circle2 = Circle.create!(:person=> p2, :name => "Zombies", :profile_type => 'Person')
+    circle4 = Circle.create!(:person=> p4, :name => "Zombies", :profile_type => 'Person')
+    p2.follow(p1, circle2)
+    assert p2.follows?(p1)
+    refute p3.follows?(p1)
+    p4.follow(p1, circle4)
+    assert p4.follows?(p1)
  
     action_tracker = fast_create(ActionTracker::Record, :user_id => p1.id)
  
@@ -1035,11 +1040,13 @@ class PersonTest &lt; ActiveSupport::TestCase
     p2 = create_user('p2').person
     p3 = create_user('p3').person
     c = fast_create(Community, :name => "Foo")
+
     c.add_member(p1)
     process_delayed_job_queue
     c.add_member(p3)
     process_delayed_job_queue
-    assert_equal 4, ActionTracker::Record.count
+
+    assert_equal 5, ActionTracker::Record.count
     assert_equal 5, ActionTrackerNotification.count
     has_add_member_notification = false
     ActionTrackerNotification.all.map do |notification|
@@ -1951,4 +1958,51 @@ class PersonTest &lt; ActiveSupport::TestCase
     person.save!
   end
  
+  should 'update profile circles for a person' do
+    person = create_user('testuser').person
+    community = fast_create(Community)
+    circle = Circle.create!(:person=> person, :name => "Zombies", :profile_type => 'Community')
+    circle2 = Circle.create!(:person=> person, :name => "Dota", :profile_type => 'Community')
+    circle3 = Circle.create!(:person=> person, :name => "Quadrado", :profile_type => 'Community')
+    person.follow(community, [circle, circle2])
+    person.update_profile_circles(community, [circle2, circle3])
+    assert_equivalent [circle2, circle3], ProfileFollower.with_profile(community).with_follower(person).map(&:circle)
+  end
+
+  should 'a person follow a profile' do
+    person = create_user('testuser').person
+    community = fast_create(Community)
+    circle = Circle.create!(:person=> person, :name => "Zombies", :profile_type => 'Community')
+    person.follow(community, circle)
+    assert_includes person.followed_profiles, community
+  end
+
+  should 'a person follow a profile with more than one circle' do
+    person = create_user('testuser').person
+    community = fast_create(Community)
+    circle = Circle.create!(:person=> person, :name => "Zombies", :profile_type => 'Community')
+    circle2 = Circle.create!(:person=> person, :name => "Dota", :profile_type => 'Community')
+    person.follow(community, [circle, circle2])
+    assert_includes person.followed_profiles, community
+    assert_equivalent [circle, circle2], ProfileFollower.with_profile(community).with_follower(person).map(&:circle)
+  end
+
+  should 'a person unfollow a profile' do
+    person = create_user('testuser').person
+    community = fast_create(Community)
+    circle = Circle.create!(:person=> person, :name => "Zombies", :profile_type => 'Community')
+    person.follow(community, circle)
+    person.unfollow(community)
+    assert_not_includes person.followed_profiles, community
+  end
+
+  should 'a person remove a profile from a circle' do
+    person = create_user('testuser').person
+    community = fast_create(Community)
+    circle = Circle.create!(:person=> person, :name => "Zombies", :profile_type => 'Community')
+    circle2 = Circle.create!(:person=> person, :name => "Dota", :profile_type => 'Community')
+    person.follow(community, [circle, circle2])
+    person.remove_profile_from_circle(community, circle)
+    assert_equivalent [circle2], ProfileFollower.with_profile(community).with_follower(person).map(&:circle)
+  end
 end
@@ -0,0 +1,73 @@
+require_relative "../test_helper"
+
+class ProfileFollowersTest < ActiveSupport::TestCase
+
+  should 'a person follow another' do
+    p1 = create_user('person_test').person
+    p2 = create_user('person_test_2').person
+    circle = Circle.create!(:person=> p1, :name => "Zombies", :profile_type => 'Person')
+
+    assert_difference 'ProfileFollower.count' do
+      p1.follow(p2, circle)
+    end
+
+    assert_includes p2.followers(true), p1
+    assert_not_includes p1.followers(true), p2
+  end
+
+  should 'a person unfollow another person' do
+    p1 = create_user('person_test').person
+    p2 = create_user('person_test_2').person
+    circle = Circle.create!(:person=> p1, :name => "Zombies", :profile_type => 'Person')
+
+    p1.follow(p2,circle)
+
+    assert_difference 'ProfileFollower.count', -1 do
+      p1.unfollow(p2)
+    end
+
+    assert_not_includes p2.followers(true), p1
+  end
+
+  should 'get the followed persons for a profile' do
+    p1 = create_user('person_test').person
+    p2 = create_user('person_test_2').person
+    p3 = create_user('person_test_3').person
+    circle = Circle.create!(:person=> p1, :name => "Zombies", :profile_type => 'Person')
+
+    p1.follow(p2, circle)
+    p1.follow(p3, circle)
+
+    assert_equivalent p1.followed_profiles, [p2,p3]
+    assert_equivalent Profile.followed_by(p1), [p2,p3]
+  end
+
+  should 'not follow same person twice' do
+    p1 = create_user('person_test').person
+    p2 = create_user('person_test_2').person
+    circle = Circle.create!(:person=> p1, :name => "Zombies", :profile_type => 'Person')
+
+    assert_difference 'ProfileFollower.count' do
+      p1.follow(p2, circle)
+      p1.follow(p2, circle)
+    end
+
+    assert_equivalent p1.followed_profiles, [p2]
+    assert_equivalent p2.followers, [p1]
+  end
+
+  should 'show the correct message when a profile is followed by the same person' do
+    p1 = create_user('person_test').person
+    p2 = create_user('person_test_2').person
+    circle = Circle.create!(:person=> p1, :name => "Zombies", :profile_type => 'Person')
+
+    p1.follow(p2, circle)
+    profile_follower = ProfileFollower.new
+    profile_follower.circle = circle
+    profile_follower.profile = p2
+    profile_follower.valid?
+
+    assert_includes profile_follower.errors.messages[:profile_id],
+      "can't put a profile in the same circle twice"
+  end
+end
@@ -2224,4 +2224,12 @@ class ProfileTest &lt; ActiveSupport::TestCase
       assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)
     end
   end
+
+  should 'not allow to add members in secret profiles' do
+    c = fast_create(Community, secret: true)
+    p = create_user('mytestuser').person
+    assert_raise RuntimeError do
+      c.add_member(p)
+    end
+  end
 end
@@ -125,11 +125,11 @@ class ScrapTest &lt; ActiveSupport::TestCase
     assert_equal c, ta.target
   end
  
-  should "notify leave_scrap action tracker verb to friends and itself" do
+  should "notify leave_scrap action tracker verb to followers and itself" do
     User.current = create_user
     p1 = User.current.person
     p2 = create_user.person
-    p1.add_friend(p2)
+    p2.add_friend(p1)
     process_delayed_job_queue
     s = Scrap.new
     s.sender= p1
@@ -180,11 +180,11 @@ class ScrapTest &lt; ActiveSupport::TestCase
     assert_equal p, ta.user
   end
  
-  should "notify leave_scrap_to_self action tracker verb to friends and itself" do
+  should "notify leave_scrap_to_self action tracker verb to followers and itself" do
     User.current = create_user
     p1 = User.current.person
     p2 = create_user.person
-    p1.add_friend(p2)
+    p2.add_friend(p1)
     ActionTrackerNotification.delete_all
     Delayed::Job.delete_all
     s = Scrap.new
@@ -15,7 +15,7 @@ class TextArticleTest &lt; ActiveSupport::TestCase
   end
  
   should 'be translatable' do
-    assert_kind_of Noosfero::TranslatableContent, TextArticle.new
+    assert_kind_of TranslatableContent, TextArticle.new
   end
  
   should 'return article icon name' do
@@ -4,7 +4,7 @@ class TranslatableContentTest &lt; ActiveSupport::TestCase
  
   class Content
     attr_accessor :parent, :profile
-    include Noosfero::TranslatableContent
+    include TranslatableContent
   end
  
   def setup
@@ -4,8 +4,6 @@ class PermissionCheckTest &lt; ActionController::TestCase
  
   def setup
     @controller = AccessControlTestController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
   end
  
   def test_access_denied
@@ -54,12 +54,11 @@ ActionController::Routing::Routes.draw { |map| map.resources :things, :collectio
 class ActionTrackerTest < ActiveSupport::TestCase
  
   def setup
+    @controller = ThingsController.new
+
     ActionTrackerConfig.current_user = proc{ SomeModel.first || SomeModel.create! }
     ActionTracker::Record.delete_all
     ActionTrackerConfig.verbs = { :some_verb => { :description => "Did something" } }
-    @request = ActionController::TestRequest.new
-    @response = ActionController::TestResponse.new
-    @controller = ThingsController.new
   end
  
   def test_index
...	...	@@ -124,6 +124,7 @@ module Api
124	124	expose :type
125	125	expose :custom_header
126	126	expose :custom_footer
	127	+ expose :layout_template
127	128	expose :permissions do \|profile, options\|
128	129	Entities.permissions_for_entity(profile, options[:current_person],
129	130	:allow_post_content?, :allow_edit?, :allow_destroy?)
...	...	@@ -264,6 +265,7 @@ module Api
264	265	expose :name
265	266	expose :id
266	267	expose :description
	268	+ expose :layout_template
267	269	expose :settings, if: lambda { \|instance, options\| options[:is_admin] }
268	270	end
269	271
...	...
...	...	@@ -302,12 +302,12 @@ module Api
302	302	end
303	303
304	304	def cant_be_saved_request!(attribute)
305		- message = _("(Invalid request) %s can't be saved") % attribute
	305	+ message = _("(Invalid request) %s can't be saved").html_safe % attribute
306	306	render_api_error!(message, 400)
307	307	end
308	308
309	309	def bad_request!(attribute)
310		- message = _("(Invalid request) %s not given") % attribute
	310	+ message = _("(Invalid request) %s not given").html_safe % attribute
311	311	render_api_error!(message, 400)
312	312	end
313	313
...	...
...	...	@@ -119,6 +119,20 @@ module Api
119	119	members = select_filtered_collection_of(profile, 'members', params)
120	120	present members, :with => Entities::Person, :current_person => current_person
121	121	end
	122	+
	123	+ post do
	124	+ authenticate!
	125	+ profile = environment.profiles.find_by id: params[:profile_id]
	126	+ profile.add_member(current_person) rescue forbidden!
	127	+ {pending: !current_person.is_member_of?(profile)}
	128	+ end
	129	+
	130	+ delete do
	131	+ authenticate!
	132	+ profile = environment.profiles.find_by id: params[:profile_id]
	133	+ profile.remove_member(current_person)
	134	+ present current_person, :with => Entities::Person, :current_person => current_person
	135	+ end
122	136	end
123	137	end
124	138	end
...	...
...	...	@@ -44,7 +44,7 @@ class CategoriesController < AdminController
44	44	if request.post?
45	45	@category.update!(params[:category])
46	46	@saved = true
47		- session[:notice] = _("Category %s saved." % @category.name)
	47	+ session[:notice] = _("Category %s saved." % @category.name).html_safe
48	48	redirect_to :action => 'index'
49	49	end
50	50	rescue Exception => e
...	...
...	...	@@ -14,6 +14,20 @@ class ApplicationController < ActionController::Base
14	14	before_filter :redirect_to_current_user
15	15
16	16	before_filter :set_session_theme
	17	+
	18	+ # FIXME: only include necessary methods
	19	+ include ApplicationHelper
	20	+
	21	+ # concerns
	22	+ include PermissionCheck
	23	+ include CustomDesign
	24	+ include NeedsProfile
	25	+
	26	+ # implementations
	27	+ include FindByContents
	28	+ include Noosfero::Plugin::HotSpot
	29	+ include SearchTermHelper
	30	+
17	31	def set_session_theme
18	32	if params[:theme]
19	33	session[:theme] = environment.theme_ids.include?(params[:theme]) ? params[:theme] : nil
...	...	@@ -48,7 +62,6 @@ class ApplicationController < ActionController::Base
48	62	end
49	63	end
50	64
51		- include ApplicationHelper
52	65	layout :get_layout
53	66	def get_layout
54	67	return false if request.format == :js or request.xhr?
...	...	@@ -74,9 +87,6 @@ class ApplicationController < ActionController::Base
74	87	helper :document
75	88	helper :language
76	89
77		- include DesignHelper
78		- include PermissionCheck
79		-
80	90	before_filter :set_locale
81	91	def set_locale
82	92	FastGettext.available_locales = environment.available_locales
...	...	@@ -89,8 +99,6 @@ class ApplicationController < ActionController::Base
89	99	end
90	100	end
91	101
92		- include NeedsProfile
93		-
94	102	attr_reader :environment
95	103
96	104	# declares that the given <tt>actions</tt> cannot be accessed by other HTTP
...	...	@@ -107,6 +115,10 @@ class ApplicationController < ActionController::Base
107	115
108	116	protected
109	117
	118	+ def accept_only_post
	119	+ return render_not_found if !request.post?
	120	+ end
	121	+
110	122	def verified_request?
111	123	super \|\| form_authenticity_token == request.headers['X-XSRF-TOKEN']
112	124	end
...	...	@@ -151,8 +163,6 @@ class ApplicationController < ActionController::Base
151	163	end
152	164	end
153	165
154		- include Noosfero::Plugin::HotSpot
155		-
156	166	# FIXME this filter just loads @plugins to children controllers and helpers
157	167	def init_noosfero_plugins
158	168	plugins
...	...	@@ -184,9 +194,6 @@ class ApplicationController < ActionController::Base
184	194	end
185	195	end
186	196
187		- include SearchTermHelper
188		- include FindByContents
189		-
190	197	def find_suggestions(query, context, asset, options={})
191	198	plugins.dispatch_first(:find_suggestions, query, context, asset, options)
192	199	end
...	...
...	...	@@ -109,7 +109,7 @@ class BoxOrganizerController < ApplicationController
109	109	def show_block_type_info
110	110	type = params[:type]
111	111	if type.blank? \|\| !available_blocks.map(&:name).include?(type)
112		- raise ArgumentError.new("Type %s is not allowed. Go away." % type)
	112	+ raise ArgumentError.new("Type %s is not allowed. Go away.".html_safe % type)
113	113	end
114	114	@block = type.constantize.new
115	115	@block.box = Box.new(:owner => boxes_holder)
...	...	@@ -122,7 +122,7 @@ class BoxOrganizerController < ApplicationController
122	122
123	123	def new_block(type, box)
124	124	if !available_blocks.map(&:name).include?(type)
125		- raise ArgumentError.new("Type %s is not allowed. Go away." % type)
	125	+ raise ArgumentError.new("Type %s is not allowed. Go away.".html_safe % type)
126	126	end
127	127	block = type.constantize.new
128	128	box.blocks << block
...	...
...	...	@@ -0,0 +1,169 @@
	1	+module AuthenticatedSystem
	2	+
	3	+ protected
	4	+
	5	+ extend ActiveSupport::Concern
	6	+
	7	+ included do
	8	+ if self < ActionController::Base
	9	+ around_filter :user_set_current
	10	+ before_filter :override_user
	11	+ before_filter :login_from_cookie
	12	+ end
	13	+
	14	+ # Inclusion hook to make #current_user and #logged_in?
	15	+ # available as ActionView helper methods.
	16	+ helper_method :current_user, :logged_in?
	17	+ end
	18	+
	19	+ # Returns true or false if the user is logged in.
	20	+ # Preloads @current_user with the user model if they're logged in.
	21	+ def logged_in?
	22	+ current_user != nil
	23	+ end
	24	+
	25	+ # Accesses the current user from the session.
	26	+ def current_user user_id = session[:user]
	27	+ @current_user \|\|= begin
	28	+ user = User.find_by id: user_id if user_id
	29	+ user.session = session if user
	30	+ User.current = user
	31	+ user
	32	+ end
	33	+ end
	34	+
	35	+ # Store the given user in the session.
	36	+ def current_user=(new_user)
	37	+ if new_user.nil?
	38	+ session.delete(:user)
	39	+ else
	40	+ session[:user] = new_user.id
	41	+ new_user.session = session
	42	+ new_user.register_login
	43	+ end
	44	+ @current_user = User.current = new_user
	45	+ end
	46	+
	47	+ # See impl. from http://stackoverflow.com/a/2513456/670229
	48	+ def user_set_current
	49	+ User.current = current_user
	50	+ yield
	51	+ ensure
	52	+ # to address the thread variable leak issues in Puma/Thin webserver
	53	+ User.current = nil
	54	+ end
	55	+
	56	+ # Check if the user is authorized.
	57	+ #
	58	+ # Override this method in your controllers if you want to restrict access
	59	+ # to only a few actions or if you want to check if the user
	60	+ # has the correct rights.
	61	+ #
	62	+ # Example:
	63	+ #
	64	+ # # only allow nonbobs
	65	+ # def authorize?
	66	+ # current_user.login != "bob"
	67	+ # end
	68	+ def authorized?
	69	+ true
	70	+ end
	71	+
	72	+ # Filter method to enforce a login requirement.
	73	+ #
	74	+ # To require logins for all actions, use this in your controllers:
	75	+ #
	76	+ # before_filter :login_required
	77	+ #
	78	+ # To require logins for specific actions, use this in your controllers:
	79	+ #
	80	+ # before_filter :login_required, :only => [ :edit, :update ]
	81	+ #
	82	+ # To skip this in a subclassed controller:
	83	+ #
	84	+ # skip_before_filter :login_required
	85	+ #
	86	+ def login_required
	87	+ username, passwd = get_auth_data
	88	+ if username && passwd
	89	+ self.current_user \|\|= User.authenticate(username, passwd) \|\| nil
	90	+ end
	91	+ if logged_in? && authorized?
	92	+ true
	93	+ else
	94	+ if params[:require_login_popup]
	95	+ render :json => { :require_login_popup => true }
	96	+ else
	97	+ access_denied
	98	+ end
	99	+ end
	100	+ end
	101	+
	102	+ # Redirect as appropriate when an access request fails.
	103	+ #
	104	+ # The default action is to redirect to the login screen.
	105	+ #
	106	+ # Override this method in your controllers if you want to have special
	107	+ # behavior in case the user is not authorized
	108	+ # to access the requested action. For example, a popup window might
	109	+ # simply close itself.
	110	+ def access_denied
	111	+ respond_to do \|accepts\|
	112	+ accepts.html do
	113	+ if request.xhr?
	114	+ render :text => _('Access denied'), :status => 401
	115	+ else
	116	+ store_location
	117	+ redirect_to :controller => '/account', :action => 'login'
	118	+ end
	119	+ end
	120	+ accepts.xml do
	121	+ headers["Status"] = "Unauthorized"
	122	+ headers["WWW-Authenticate"] = %(Basic realm="Web Password")
	123	+ render :text => "Could't authenticate you", :status => '401 Unauthorized'
	124	+ end
	125	+ end
	126	+ false
	127	+ end
	128	+
	129	+ # Store the URI of the current request in the session.
	130	+ #
	131	+ # We can return to this location by calling #redirect_back_or_default.
	132	+ def store_location(location = request.url)
	133	+ session[:return_to] = location
	134	+ end
	135	+
	136	+ # Redirect to the URI stored by the most recent store_location call or
	137	+ # to the passed default.
	138	+ def redirect_back_or_default(default)
	139	+ if session[:return_to]
	140	+ redirect_to(session.delete(:return_to))
	141	+ else
	142	+ redirect_to(default)
	143	+ end
	144	+ end
	145	+
	146	+ def override_user
	147	+ return if params[:override_user].blank?
	148	+ return unless logged_in? and user.is_admin? environment
	149	+ @current_user = nil
	150	+ current_user params[:override_user]
	151	+ end
	152	+
	153	+ # When called with before_filter :login_from_cookie will check for an :auth_token
	154	+ # cookie and log the user back in if apropriate
	155	+ def login_from_cookie
	156	+ return if cookies[:auth_token].blank? or logged_in?
	157	+ user = User.where(remember_token: cookies[:auth_token]).first
	158	+ self.current_user = user if user and user.remember_token?
	159	+ end
	160	+
	161	+ private
	162	+ @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
	163	+ # gets BASIC auth info
	164	+ def get_auth_data
	165	+ auth_key = @@http_auth_headers.detect { \|h\| request.env.has_key?(h) }
	166	+ auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
	167	+ return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
	168	+ end
	169	+end
...	...
...	...	@@ -0,0 +1,50 @@
	1	+module CustomDesign
	2	+
	3	+ extend ActiveSupport::Concern
	4	+
	5	+ included do
	6	+ extend ClassMethods
	7	+ include InstanceMethods
	8	+ before_filter :load_custom_design if self.respond_to? :before_filter
	9	+ end
	10	+
	11	+ module ClassMethods
	12	+
	13	+ def no_design_blocks
	14	+ @no_design_blocks = true
	15	+ end
	16	+
	17	+ def use_custom_design options = {}
	18	+ @custom_design = options
	19	+ end
	20	+
	21	+ def custom_design
	22	+ @custom_design \|\|= {}
	23	+ end
	24	+
	25	+ def uses_design_blocks?
	26	+ !@no_design_blocks
	27	+ end
	28	+
	29	+ end
	30	+
	31	+ module InstanceMethods
	32	+
	33	+ protected
	34	+
	35	+ def uses_design_blocks?
	36	+ !@no_design_blocks && self.class.uses_design_blocks?
	37	+ end
	38	+
	39	+ def load_custom_design
	40	+ # see also: LayoutHelper#body_classes
	41	+ @layout_template = self.class.custom_design[:layout_template]
	42	+ end
	43	+
	44	+ def custom_design
	45	+ @custom_design \|\| self.class.custom_design
	46	+ end
	47	+
	48	+ end
	49	+
	50	+end
...	...
...	...	@@ -0,0 +1,40 @@
	1	+module NeedsProfile
	2	+
	3	+ module ClassMethods
	4	+ def needs_profile
	5	+ before_filter :load_profile
	6	+ end
	7	+ end
	8	+
	9	+ def self.included(including)
	10	+ including.send(:extend, NeedsProfile::ClassMethods)
	11	+ end
	12	+
	13	+ def boxes_holder
	14	+ profile \|\| environment # prefers profile, but defaults to environment
	15	+ end
	16	+
	17	+ def profile
	18	+ @profile
	19	+ end
	20	+
	21	+ protected
	22	+
	23	+ def load_profile
	24	+ if params[:profile]
	25	+ params[:profile].downcase!
	26	+ @profile \|\|= environment.profiles.where(identifier: params[:profile]).first
	27	+ end
	28	+
	29	+ if @profile
	30	+ profile_hostname = @profile.hostname
	31	+ if profile_hostname && profile_hostname != request.host
	32	+ params.delete(:profile)
	33	+ redirect_to(Noosfero.url_options.merge(params).merge(:host => profile_hostname))
	34	+ end
	35	+ else
	36	+ render_not_found
	37	+ end
	38	+ end
	39	+
	40	+end
...	...
...	...	@@ -0,0 +1,58 @@
	1	+class CirclesController < MyProfileController
	2	+
	3	+ before_action :accept_only_post, :only => [:create, :update, :destroy]
	4	+
	5	+ def index
	6	+ @circles = profile.circles
	7	+ end
	8	+
	9	+ def new
	10	+ @circle = Circle.new
	11	+ end
	12	+
	13	+ def create
	14	+ @circle = Circle.new(params[:circle].merge({ :person => profile }))
	15	+ if @circle.save
	16	+ redirect_to :action => 'index'
	17	+ else
	18	+ render :action => 'new'
	19	+ end
	20	+ end
	21	+
	22	+ def xhr_create
	23	+ if request.xhr?
	24	+ circle = Circle.new(params[:circle].merge({:person => profile }))
	25	+ if circle.save
	26	+ render :partial => "circle_checkbox", :locals => { :circle => circle },
	27	+ :status => 201
	28	+ else
	29	+ render :text => _('The circle could not be saved'), :status => 400
	30	+ end
	31	+ else
	32	+ render_not_found
	33	+ end
	34	+ end
	35	+
	36	+ def edit
	37	+ @circle = Circle.find_by_id(params[:id])
	38	+ render_not_found if @circle.nil?
	39	+ end
	40	+
	41	+ def update
	42	+ @circle = Circle.find_by_id(params[:id])
	43	+ return render_not_found if @circle.nil?
	44	+
	45	+ if @circle.update(params[:circle])
	46	+ redirect_to :action => 'index'
	47	+ else
	48	+ render :action => 'edit'
	49	+ end
	50	+ end
	51	+
	52	+ def destroy
	53	+ @circle = Circle.find_by_id(params[:id])
	54	+ return render_not_found if @circle.nil?
	55	+ @circle.destroy
	56	+ redirect_to :action => 'index'
	57	+ end
	58	+end
...	...