Merge branch 'chat' of gitlab.com:diguliu/noosfero into chat

Conflicts: public/javascripts/chat.js

Merge branch 'chat' of gitlab.com:diguliu/noosfero into chat
Conflicts: public/javascripts/chat.js
Rodrigo Souto
2 parents 57c5f59d 80bac445
Showing 1339 changed files with 36096 additions and 100756 deletions Show diff stats
AUTHORS.md
DEVELOPMENT.md
Gemfile
INSTALL.https.md
INSTALL.locales.md
INSTALL.md
app/controllers/admin/admin_panel_controller.rb
app/controllers/admin/plugin_admin_controller.rb
app/controllers/admin/templates_controller.rb
app/controllers/application_controller.rb
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile/profile_design_controller.rb
app/controllers/my_profile/profile_editor_controller.rb
app/controllers/my_profile/profile_members_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/chat_controller.rb
app/controllers/public/contact_controller.rb
app/controllers/public/content_viewer_controller.rb
app/controllers/public/profile_controller.rb
app/controllers/public/search_controller.rb
@@ -40,6 +40,7 @@ Alessandro Palmeira + João M. M. Silva &lt;alessandro.palmeira@gmail.com&gt;
 Alessandro Palmeira + Paulo Meirelles <alessandro.palmeira@gmail.com>
 Alessandro Palmeira + Paulo Meirelles + João M. M. da Silva <alessandro.palmeira@gmail.com>
 Alessandro Palmeira + Rafael Manzo <alessandro.palmeira@gmail.com>
+analosnak <analosnak@gmail.com>
 Ana Losnak <analosnak@gmail.com>
 Andre Bernardes <andrebsguedes@gmail.com>
 Antonio Terceiro + Carlos Morais <terceiro@colivre.coop.br>
@@ -81,7 +82,6 @@ Carlos Morais + Diego Araújo &lt;diegoamc90@gmail.com&gt;
 Carlos Morais + Eduardo Morais <carlos88morais@gmail.com>
 Carlos Morais + Paulo Meirelles <carlos88morais@gmail.com>
 Carlos Morais + Pedro Leal <carlos88morais@gmail.com>
-Daniela Feitosa <dani@dohko.(none)>
 Daniel Alves + Diego Araújo <danpaulalves@gmail.com>
 Daniel Alves + Diego Araújo <diegoamc90@gmail.com>
 Daniel Alves + Diego Araújo + Guilherme Rojas <danpaulalves@gmail.com>
@@ -119,7 +119,6 @@ Diego Araújo + Renan Teruo &lt;diegoamc90@gmail.com&gt;
 Diego Araujo + Rodrigo Souto + Rafael Manzo <rr.manzo@gmail.com>
 Diego + Jefferson <diegoamc90@gmail.com>
 Diego Martinez <diegoamc90@gmail.com>
-Diego Martinez <diego@diego-K55A.(none)>
 Diego + Renan <renanteruoc@gmail.com>
 Eduardo Tourinho Edington <eduardo.edington@serpro.gov.br>
 Evandro Jr <evandrojr@gmail.com>
@@ -195,9 +194,11 @@ Luis David Aguilar Carlos &lt;ludwig9003@gmail.com&gt;
 Luiz Fernando de Freitas Matos <luiz@luizff.matos@gmail.com>
 Marcos Ramos <ms.ramos@outlook.com>
 Martín Olivera <molivera@solar.org.ar>
+Michal Čihař <michal@cihar.com>
 Moises Machado <moises@colivre.coop.br>
 Naíla Alves <naila@colivre.coop.br>
 Nanda Lopes <nanda.listas+psl@gmail.com>
+Parley Martins <parleypachecomartins@gmail.com>
 Paulo Meirelles + Alessandro Palmeira + João M. M. da Silva <paulo@softwarelivre.org>
 Paulo Meirelles + Alessandro Palmeira <paulo@softwarelivre.org>
 Paulo Meirelles + Carlos Morais <paulo@softwarelivre.org>
@@ -220,6 +221,7 @@ Rafael Reggiani Manzo + João M. M. da Silva &lt;rr.manzo@gmail.com&gt;
 Rafael Reggiani Manzo <rr.manzo@gmail.com>
 Raphaël Rousseau <raph@r4f.org>
 Raquel Lira <raquel.lira@gmail.com>
+Raquel <rcordioli@gmail.com>
 Renan Teruo + Caio Salgado <renanteruoc@gmail.com>
 Renan Teruoc + Diego Araujo <renanteruoc@gmail.com>
 Renan Teruo + Diego Araujo <renanteruoc@gmail.com>
@@ -227,13 +229,13 @@ Renan Teruo + Diego Araújo &lt;renanteruoc@gmail.com&gt;
 Renan Teruo + Paulo Meirelles <renanteruoc@gmail.com>
 Renan Teruo + Rafael Manzo <renanteruoc@gmail.com>
 Rodrigo Souto + Ana Losnak + Daniel Bucher + Caio Almeida + Leandro Nunes + Daniela Feitosa + Mariel Zasso <noosfero-br@listas.softwarelivre.org>
-Rodrigo Souto <diguliu@gmail.com>
 Rodrigo Souto <rodrigo@colivre.coop.br>
 Ronny Kursawe <kursawe.ronny@googlemail.com>
 root <root@debian.sdr.serpro>
 Samuel R. C. Vale <srcvale@holoscopio.com>
 Tallys Martins <tallysmartins@gmail.com>
 tallys <tallys@tallys.(none)>
+Thiago Zoroastro <thiago.zoroastro@bol.com.br>
 Valessio Brito <contato@valessiobrito.com.br>
 Valessio Brito <contato@valessiobrito.info>
 Valessio Brito <valessio@gmail.com>
@@ -0,0 +1,124 @@
+# Noosfero Development Policy
+
+## Developer Roles
+
+* *Developers* are everyone that is contributing code to Noosfero.
+* *Committers* are the people with direct commit access to the Noosfero source
+  code. They are responsible for reviewing contributions from other developers
+  and integrating them in the Noosfero code base. They are the members of the
+  [Noosfero group on Gitlab](https://gitlab.com/groups/noosfero/members).
+* *Release managers* are the people that are managing the release of a new
+  Noosfero version and/or the maintainance work of an existing Noosfero stable
+  branch. See MAINTAINANCE.md for details on the maintaince policy.
+
+## Development process
+
+* Every new feature or non-trivial bugfix should be reviewed by at least one
+  committer. This must be the case even if the original author is a committer.
+
+  * In the case the original author is a committer, he/she should feel free to
+    commit directly if after 1 week nobody has provided any kind of feedback.
+
+  * Developers who are not committers should feel free to ping committers if
+    they do not get feedback on their contributions after 1 week.
+
+    * On GitLab, one can just add a comment to the merge request; one can also
+      @-mention specific committers or other developers who have expertise on
+      the area of the contribution.
+
+  * Committers should follow the activity of the project, and try to help
+    reviewing contributions from others as much as possible.
+
+    * On GitLab one can get emails for all activity on a project by setting the
+      [notification settings](https://gitlab.com/profile/notifications) to
+      "watch".
+
+  * Anyone can help by reviewing contributions. Committers are the only ones
+    who can give the final approval to a contribution, but everyone is welcome
+    to help with code review, testing, etc.
+
+    * See note above about setting up notification on GitLab.
+
+* Committers should feel free to push trivial (or urgent) changes directly.
+  There are no strict rule on what makes a change trivial or urgent; committers
+  are expected to exercise good judgement on a case by case basis.
+
+  * Usually changes to the database are not trivial.
+
+* In the case of unsolvable conflict between commiters regarding any change to
+  the code, the current release manager(s) will have the final say in the
+  matter.
+
+* Release managers are responsible for stablishing a release schedule, and
+  about deciding when and what to release.
+
+  * Release managers should announce release schedules to the project mailing
+    lists in advance.
+
+  * The release schedule may include a period of feature freeze, during which
+    no new features or any other changes that are not pre-approved by the
+    release manager must be committed to the repository.
+
+  * Committers must respect the release schedule and feature freezes.
+
+## Maintainance process
+
+### Not all feature releases will be maintained as a stable release
+
+We will be choosing specific release series to be maintained as stable
+releases.
+
+This means that a given release is not guaranteed to be maintained as a stable
+release, but does *not* mean it won't be. Any committer (or anyone, really) can
+decide to maintain a given release as stable and seek help from others to do
+so.
+
+### No merges from stable branches to master
+
+*All* changes must be submitted against the master branch first, and when
+applicable, backported to the desired stable releases. Exceptions to this rules
+are bug fixes that only apply to a given stable branch and not to master.
+
+In the past we had non-trivial changes accepted into stable releases while
+master was way ahead (e.g. during the rails3 migration period), that made the
+merge back into master very painful.  By eliminating the need to do these
+merges, we save time for the people responsible for the release, and eliminate
+the possibility of human errors or oversights causing changes to be accepted
+into stable that will be a problem to merge back into master.
+
+By getting all fixes in master first, we improve the chances that  a future
+release will not present regressions against bugs that should already be fixed,
+but the fixes got lost in a big, complicated merge (and those won't exist
+anymore, at least not from stable branches to master).
+
+After a fix gets into master, backporting changes into a stable release branch
+is the responsibility of whoever is maintaing that branch, and those interested
+in it. The stable branch release manager(s) are entitled the final say on any
+matters related to that branch.
+
+## Apendix A: how to become a committer
+
+Every developer that wants to be a committer should create [an issue on
+Gitlab](https://gitlab.com/noosfero/noosfero/issues) requesting to be added as
+a committer. This request must include information about the requestor's
+previous contributions to the project.
+
+If 2 or more commiters consider second the request, the requestor is accepted
+as new commiter and added to the Noosfero group.
+
+The existing committers are free to choose whatever criteria they want to
+second the request, but they must be sure that the new committer is a
+responsible developer and knows what she/he is doing. They must be aware that
+seconding these requests means seconding the actions of the new committer: if
+the new committer screw up, her/his seconds screwed up.
+
+## Apendix B: how to become a release manager
+
+A new release manager for the development version of Noosfero (i.e. the one
+that includes new features, a.k.a. the master branch) is apointed by the
+current release manager, and must be a committer first.
+
+Release managers for stable branches are self-appointed, i.e. whoever takes the
+work takes the role. In case of a conflict (e.g. 2+ different people want to do
+the work but can't agree on working together), the development release manager
+decides.
 source "https://rubygems.org"
 gem 'rails',                    '~> 3.2.19'
+gem 'minitest',                 '~> 3.2.0'
 gem 'fast_gettext',             '~> 0.6.8'
 gem 'acts-as-taggable-on',      '~> 3.0.2'
 gem 'prototype-rails',          '~> 3.2.1'
@@ -18,6 +19,7 @@ gem &#39;rake&#39;, :require =&gt; false
 gem 'rest-client',              '~> 1.6.7'
 gem 'exception_notification',   '~> 4.0.1'
 gem 'gettext',                  '~> 2.2.1', :require => false, :group => :development
+gem 'locale',                   '~> 2.0.5'
  
 # FIXME list here all actual dependencies (i.e. the ones in debian/control),
 # with their GEM names (not the Debian package names)
@@ -40,8 +42,9 @@ group :cucumber do
   gem 'selenium-webdriver',     '~> 2.39.0'
 end
  
-# include plugin gemfiles
-Dir.glob(File.join('config', 'plugins', '*')).each do |plugin|
-  plugin_gemfile = File.join(plugin, 'Gemfile')
-  eval File.read(plugin_gemfile) if File.exists?(plugin_gemfile)
+# include gemfiles from enabled plugins
+# plugins in baseplugins/ are not included on purpose. They should not have any
+# dependencies.
+Dir.glob('config/plugins/*/Gemfile').each do |gemfile|
+  eval File.read(gemfile)
 end
-Setup Noosfero to use HTTPS
-===========================
+# Setup Noosfero to use HTTPS
  
 This document assumes that you have a fully and clean Noosfero
 installation as explained at the `INSTALL.md` file.
  
-SSL certificate
-+++++++++++++++
+## Creating a self-signed SSL certificate
  
 You should get a valid SSL certificate, but if you want to test
 your setup before, you could generate a self-signed certificate
@@ -17,99 +15,106 @@ as below:
     # openssl req -new -x509 -nodes -sha1 -days $[10*365] -key noosfero.key > noosfero.cert
     # cat noosfero.key noosfero.cert > noosfero.pem
  
+## Web server configuration
+
 There are two ways of using SSL with Noosfero: 1) If you are not using
 Varnish; and 2) If you are using Varnish.
  
-1) If you are are not using Varnish
-+++++++++++++++++++++++++++++++++++
+### 1) If you are are not using Varnish
  
 Simply do a redirect in apache to force all connections with SSL:
  
-  <VirtualHost *:8080>
-    ServerName test.stoa.usp.br
-   
-    Redirect / https://example.com/
-  </VirtualHost>
+```
+<VirtualHost *:8080>
+  ServerName test.stoa.usp.br
+  Redirect / https://example.com/
+</VirtualHost>
+```
  
 And set a vhost to receive then:
  
-  <VirtualHost *:443>
-    ServerName example.com
-   
-    SSLEngine On
-    SSLCertificateFile    /etc/ssl/certs/cert.pem
-    SSLCertificateKeyFile /etc/ssl/private/cert.key
-   
-    Include /etc/noosfero/apache/virtualhost.conf
-  </VirtualHost>
+```
+<VirtualHost *:443>
+  ServerName example.com
+  SSLEngine On
+  SSLCertificateFile    /etc/ssl/certs/cert.pem
+  SSLCertificateKeyFile /etc/ssl/private/cert.key
+  Include /etc/noosfero/apache/virtualhost.conf
+</VirtualHost>
+```
  
 Be aware that if you had configured varnish, the requests won't reach
 it with this configuration.
  
-2) If you are using Varnish
-+++++++++++++++++++++++++++
-
-Varnish isn't able to communicate with the SSL protocol, so we will
-need some one who do this and Pound[1] can do the job. In order to
-install it in Debian based systems:
+### 2) If you are using Varnish
  
-  $ sudo apt-get install pound
+Varnish isn't able to communicate with the SSL protocol, so we will need some
+one else who do this and [Pound](http://www.apsis.ch/pound) can do the job. In
+order to install it in Debian based systems:
  
-Set Varnish to listen in other port than 80:
+```
+$ sudo apt-get install pound
+```
  
-/etc/defaults/varnish
----------------------
+Set Varnish to listen in other port than 80 in `/etc/defaults/varnish`:
  
-  DAEMON_OPTS="-a localhost:6081 \
-               -T localhost:6082 \ 
-               -f /etc/varnish/default.vcl \ 
-               -S /etc/varnish/secret \ 
-               -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
+```
+DAEMON_OPTS="-a localhost:6081 \
+             -T localhost:6082 \
+             -f /etc/varnish/default.vcl \
+             -S /etc/varnish/secret \
+             -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
+```
  
 Configure Pound:
  
-    # cp /usr/share/noosfero/etc/pound.cfg /etc/pound/
-
-Edit /etc/pound.cfg and set the IP and domain of your server.
+```
+# cp /usr/share/noosfero/etc/pound.cfg /etc/pound/
+```
  
-Configure Pound to start at system initialization:
+Edit `/etc/pound.cfg` and set the IP and domain of your server.
  
-/etc/default/pound
+Configure Pound to start at system initialization. At `/etc/default/pound`:
 ------------------
  
-  startup=1
+```
+startup=1
+```
  
-Set Apache to only listen to localhost:
+Set Apache to only listen to localhost, at `/etc/apache2/ports.conf`:
  
-/etc/apache2/ports.conf
------------------------
-
-  Listen 127.0.0.1:8080
+```
+Listen 127.0.0.1:8080
+```
  
 Restart the services:
  
-  $ sudo service apache2 restart
-  $ sudo service varnish restart
+```
+$ sudo service apache2 restart
+$ sudo service varnish restart
+```
  
 Start pound:
  
-  $ sudo service pound start
-
-[1] http://www.apsis.ch/pound
+```
+$ sudo service pound start
+```
  
-Noosfero XMPP chat
-++++++++++++++++++
+## Noosfero XMPP chat
  
 If you want to use chat over HTTPS, then you should add the domain
-and IP of your server in the /etc/hosts file, example:
+and IP of your server in the /etc/hosts file, example
  
-/etc/hosts
-----------
+`/etc/hosts:`
  
-  192.168.1.86	mydomain.example.com
+```
+192.168.1.86	mydomain.example.com
+```
  
-Also, it's recomended that you remove lines above from the file
+Also, it's recomended that you remove the lines below from the file
 `/etc/apache2/sites-enabled/noosfero`:
  
-    RewriteEngine On
-    Include /usr/share/noosfero/util/chat/apache/xmpp.conf
+```
+RewriteEngine On
+Include /usr/share/noosfero/util/chat/apache/xmpp.conf
+```
@@ -0,0 +1,29 @@
+Using custom locales
+====================
+
+Personalized translations go into the `config/custom_locales/` directory.
+Custom locales can be identified by the rails environment, schema name in a
+multitenancy setup or domain name until the first dot (e.g env1.coop.br for the
+example below).
+
+Currently, the only filename prefix for the localization file which is
+processed is "environment". For instance, a POT file would be called
+"environment.pot".
+
+The structure of an environment named env1 with custom translations for both
+Portuguese and Spanish and an environment named env2 with custom Russian
+translation would be:
+
+    config/
+      custom_locales/
+        env1/
+          environment.pot
+          pt/
+            environment.po
+          es/
+            environment.po
+        env2/
+          environment.pot
+          ru/
+            environment.po
+
@@ -186,8 +186,8 @@ Apache instalation
  
     # apt-get install apache2
  
-Apache configuration
---------------------
+Configuration - noosfero at /
+-----------------------------
  
 First you have to enable the following some apache modules:
  
@@ -257,6 +257,62 @@ Now restart your apache server (as root):
  
     # invoke-rc.d apache2 restart
  
+Configuration - noosfero at a /subdirectory
+-------------------------------------------
+
+This section describes how to configure noosfero at a subdirectory, what is
+specially useful when you want Noosfero to share a domain name with other
+applications. For example you can host noosfero at yourdomain.com/social, a
+webmail application at yourdomain.com/webmail, and have a static HTML website
+at yourdomain.com/.
+
+**NOTE:** Some plugins might not work well with this setting. Before deploying
+this setting, make sure you test that everything  you need works properly with
+it.
+
+The configuration is similar to the main configuration instructions, except for
+the following points. In the description below, replace '/subdirectory' with
+the actual subdirectory you want.
+
+1) add a `prefix: /subdirectory` line to your thin configuration file (thin.yml).
+
+1.1) remember to restart the noosfero application server whenever you make
+changes to that configuration file.
+
+    # service noosfero restart
+
+2) add a line saying `export RAILS_RELATIVE_URL_ROOT=/subdirectory` to
+/etc/default/noosfero (you can create it with just this line if it does not
+exist already).
+
+3) You should add the following apache configuration to an existing virtual
+host (plus the `<Proxy balancer://noosfero>` section as displayed above):
+
+```
+Alias /subdirectory /path/to/noosfero/public
+<Directory "/path/to/noosfero/public">
+  Options FollowSymLinks
+  AllowOverride None
+  Order Allow,Deny
+  Allow from all
+
+  Include /path/to/noosfero/etc/noosfero/apache/cache.conf
+
+  RewriteEngine On
+  RewriteBase /subdirectory
+  # Rewrite index to check for static index.html
+  RewriteRule ^$ index.html [QSA]
+  # Rewrite to check for Rails cached page
+  RewriteRule ^([^.]+)$ $1.html [QSA]
+  RewriteCond %{REQUEST_FILENAME} !-f
+  RewriteRule ^(.*)$ http://localhost:3000%{REQUEST_URI} [P,QSA,L]
+</Directory>
+```
+
+3.1) remember to reload the apache server whenever any apache configuration
+file changes.
+
+    # sudo service apache2 reload
  
 Enabling exception notifications
 ================================
@@ -71,4 +71,22 @@ class AdminPanelController &lt; AdminController
       end
     end
   end
+
+  def manage_organizations_status
+    scope = environment.organizations
+    @filter = params[:filter] || 'any'
+    @title = "Organization profiles"
+    @title = @title+" - "+@filter if @filter != 'any'
+
+    if @filter == 'enabled'
+      scope = scope.visible
+    elsif @filter == 'disabled'
+      scope = scope.disabled
+    end
+
+    scope = scope.order('name ASC')
+
+    @q = params[:q]
+    @collection = find_by_contents(:organizations, scope, @q, {:per_page => 10, :page => params[:npage]})[:results]
+  end
 end
@@ -0,0 +1,5 @@
+class PluginAdminController < AdminController
+
+  protect 'edit_environment_features', :environment
+
+end
@@ -40,8 +40,67 @@ class TemplatesController &lt; AdminController
     end
   end
  
+  def set_community_as_default
+    begin
+      community = environment.communities.find(params[:template_id])
+    rescue ActiveRecord::RecordNotFound
+      message = _('Community not found. The template could no be changed.')
+      community = nil
+    end
+
+    message = _('%s defined as default') % community.name if set_as_default(community)
+    session[:notice] = message
+
+    redirect_to :action => 'index'
+  end
+
+  def set_person_as_default
+    begin
+      person = environment.people.find(params[:template_id])
+    rescue ActiveRecord::RecordNotFound
+      message = _('Person not found. The template could no be changed.')
+      person = nil
+    end
+
+    message = _('%s defined as default') % person.name if set_as_default(person)
+    session[:notice] = message
+
+    redirect_to :action => 'index'
+  end
+
+  def set_enterprise_as_default
+    begin
+      enterprise = environment.enterprises.find(params[:template_id])
+    rescue ActiveRecord::RecordNotFound
+      message = _('Enterprise not found. The template could no be changed.')
+      enterprise = nil
+    end
+
+    message = _('%s defined as default') % enterprise.name if set_as_default(enterprise)
+    session[:notice] = message
+
+    redirect_to :action => 'index'
+  end
+
   private
  
+  def set_as_default(obj)
+    return nil if obj.nil?
+    case obj.class.name
+      when 'Community' then
+        environment.community_default_template = obj
+        environment.save!
+      when 'Person' then
+        environment.person_default_template = obj
+        environment.save!
+      when 'Enterprise' then
+        environment.enterprise_default_template = obj
+        environment.save!
+      else
+        nil
+    end
+  end
+
   def create_organization_template(klass)
     identifier = params[:name].to_slug
     template = klass.new(:name => params[:name], :identifier => identifier, :is_template => true)
@@ -127,6 +127,9 @@ class ApplicationController &lt; ActionController::Base
  
   # TODO: move this logic somewhere else (Domain class?)
   def detect_stuff_by_domain
+    # Sets text domain based on request host for custom internationalization
+    FastGettext.text_domain = Domain.custom_locale(request.host)
+
     @domain = Domain.find_by_name(request.host)
     if @domain.nil?
       @environment = Environment.default
@@ -174,6 +174,8 @@ class CmsController &lt; MyProfileController
  
   post_only :set_home_page
   def set_home_page
+    return render_access_denied unless user.can_change_homepage?
+
     article = params[:id].nil? ? nil : profile.articles.find(params[:id])
     profile.update_attribute(:home_page, article)
  
@@ -212,6 +214,7 @@ class CmsController &lt; MyProfileController
       if @errors.any?
         render :action => 'upload_files', :parent_id => @parent_id
       else
+        session[:notice] = _('File(s) successfully uploaded') 
         if @back_to
           redirect_to @back_to
         elsif @parent
@@ -3,7 +3,16 @@ class ProfileDesignController &lt; BoxOrganizerController
   needs_profile
  
   protect 'edit_profile_design', :profile
-  
+
+  before_filter :protect_fixed_block, :only => [:save, :move_block]
+
+  def protect_fixed_block
+    block = boxes_holder.blocks.find(params[:id].gsub(/^block-/, ''))
+    if block.fixed && !current_person.is_admin?
+      render_access_denied
+    end
+  end
+
   def available_blocks
     blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock, LinkListBlock, MyNetworkBlock, FeedReaderBlock, ProfileImageBlock, LocationBlock, SlideshowBlock, ProfileSearchBlock, HighlightsBlock ]
  
@@ -16,14 +16,16 @@ class ProfileEditorController &lt; MyProfileController
     if request.post?
       params[:profile_data][:fields_privacy] ||= {} if profile.person? && params[:profile_data].is_a?(Hash)
       Profile.transaction do
-      Image.transaction do
-        if @profile_data.update_attributes(params[:profile_data])
-          redirect_to :action => 'index', :profile => profile.identifier
-        else
-          profile.identifier = params[:profile] if profile.identifier.blank?
+        Image.transaction do
+          begin
+            @plugins.dispatch(:profile_editor_transaction_extras)
+            @profile_data.update_attributes!(params[:profile_data])
+            redirect_to :action => 'index', :profile => profile.identifier
+          rescue Exception => ex
+            profile.identifier = params[:profile] if profile.identifier.blank?
+          end
         end
       end
-      end
     end
   end
  
@@ -72,10 +74,51 @@ class ProfileEditorController &lt; MyProfileController
     if request.post?
       if @profile.destroy
         session[:notice] = _('The profile was deleted.')
-        redirect_to :controller => 'home'
+        if(params[:return_to])
+          redirect_to params[:return_to]
+        else
+          redirect_to :controller => 'home'
+        end
       else
         session[:notice] = _('Could not delete profile')
       end
     end
   end
+
+  def deactivate_profile
+    if environment.admins.include?(current_person)
+      profile = environment.profiles.find(params[:id])
+      if profile.disable
+        profile.save
+        session[:notice] = _("The profile '#{profile.name}' was deactivated.")
+      else
+        session[:notice] = _('Could not deactivate profile.')
+      end
+    end
+
+    redirect_to_previous_location
+  end
+
+  def activate_profile
+    if environment.admins.include?(current_person)
+      profile = environment.profiles.find(params[:id])
+
+      if profile.enable
+        session[:notice] = _("The profile '#{profile.name}' was activated.")
+      else
+        session[:notice] = _('Could not activate the profile.')
+      end
+    end
+
+    redirect_to_previous_location
+  end
+
+  protected
+
+  def redirect_to_previous_location
+    back = request.referer
+    back = "/" if back.nil?
+
+    redirect_to back
+  end
 end
@@ -20,7 +20,7 @@ class ProfileMembersController &lt; MyProfileController
         redirect_to :action => :last_admin
       elsif @person.define_roles(@roles, profile)
         session[:notice] = _('Roles successfuly updated')
-        redirect_to :controller => 'profile_editor'
+        redirect_to :action => 'index'
       else
         session[:notice] = _('Couldn\'t change the roles')
         redirect_to :action => 'index'
@@ -193,7 +193,7 @@ class AccountController &lt; ApplicationController
         else
           @change_password.errors[:base] << _('Could not find any user with %s equal to "%s".') % [fields_label, params[:value]]
         end
-      rescue ActiveRecord::RecordInvald
+      rescue ActiveRecord::RecordInvalid
         @change_password.errors[:base] << _('Could not perform password recovery for the user.')
       end
     end
@@ -6,6 +6,7 @@ class ChatController &lt; PublicController
   def start_session
     login = user.jid
     password = current_user.crypted_password
+    session[:chat] ||= {:rooms => []}
     begin
       jid, sid, rid = RubyBOSH.initialize_session(login, password, "http://#{environment.default_hostname}/http-bind",
                                                   :wait => 30, :hold => 1, :window => 5)
@@ -16,10 +17,35 @@ class ChatController &lt; PublicController
     end
   end
  
+  def toggle
+    session[:chat][:status] = session[:chat][:status] == 'opened' ? 'closed' : 'opened'
+    render :nothing => true
+  end
+
+  def tab
+    session[:chat][:tab_id] = params[:tab_id]
+    render :nothing => true
+  end
+
+  def join
+    session[:chat][:rooms] << params[:room_id]
+    session[:chat][:rooms].uniq!
+    render :nothing => true
+  end
+
+  def leave
+    session[:chat][:rooms].delete(params[:room_id])
+    render :nothing => true
+  end
+
+  def my_session
+    render :text => session[:chat].to_json, :layout => false
+  end
+
   def avatar
     profile = environment.profiles.find_by_identifier(params[:id])
     filename, mimetype = profile_icon(profile, :minor, true)
-    if filename =~ /^https?:/
+    if filename =~ /^(https?:)?\/\//
       redirect_to filename
     else
       data = File.read(File.join(Rails.root, 'public', filename))
 class ContactController < PublicController
  
-  before_filter :login_required
-
   needs_profile
  
   def new
-    @contact
+    @contact = build_contact
     if request.post? && params[:confirm] == 'true'
-      @contact = user.build_contact(profile, params[:contact])
       @contact.city = (!params[:city].blank? && City.exists?(params[:city])) ? City.find(params[:city]).name : nil
       @contact.state = (!params[:state].blank? && State.exists?(params[:state])) ? State.find(params[:state]).name : nil
       if @contact.deliver
@@ -16,8 +13,17 @@ class ContactController &lt; PublicController
       else
         session[:notice] = _('Contact not sent')
       end
+    end
+  end
+
+  protected
+
+  def build_contact
+    params[:contact] ||= {}
+    if logged_in?
+      user.build_contact profile, params[:contact]
     else
-      @contact = user.build_contact(profile)
+      Contact.new params[:contact].merge(dest: profile)
     end
   end
  
@@ -126,7 +126,7 @@ class ContentViewerController &lt; ApplicationController
     elsif !@page.display_to?(user)
       if !profile.public?
         private_profile_partial_parameters
-        render :template => 'profile/_private_profile', :status => 403
+        render :template => 'profile/_private_profile', :status => 403, :formats => [:html]
         allowed = false
       else #if !profile.visible?
         render_access_denied
@@ -17,7 +17,11 @@ class ProfileController &lt; PublicController
     end
     @tags = profile.article_tags
     unless profile.display_info_to?(user)
-      profile.visible? ? private_profile : invisible_profile
+      if profile.visible?
+        private_profile
+      else
+        invisible_profile
+      end
     end
   end
  
@@ -61,13 +65,13 @@ class ProfileController &lt; PublicController
  
   def friends
     if is_cache_expired?(profile.friends_cache_key(params))
-      @friends = profile.friends.includes(relations_to_include).paginate(:per_page => per_page, :page => params[:npage])
+      @friends = profile.friends.includes(relations_to_include).paginate(:per_page => per_page, :page => params[:npage], :total_entries => profile.friends.count)
     end
   end
  
   def members
     if is_cache_expired?(profile.members_cache_key(params))
-      @members = profile.members_by_name.includes(relations_to_include).paginate(:per_page => members_per_page, :page => params[:npage])
+      @members = profile.members_by_name.includes(relations_to_include).paginate(:per_page => members_per_page, :page => params[:npage], :total_entries => profile.members.count)
     end
   end
  
@@ -315,7 +319,7 @@ class ProfileController &lt; PublicController
         abuse_report = AbuseReport.new(params[:abuse_report])
         if !params[:content_type].blank?
           article = params[:content_type].constantize.find(params[:content_id])
-          abuse_report.content = instance_eval(&article.reported_version)
+          abuse_report.content = article_reported_version(article)
         end
  
         user.register_report(abuse_report, profile)
@@ -394,6 +398,7 @@ class ProfileController &lt; PublicController
  
   def private_profile
     private_profile_partial_parameters
+    render :action => 'index', :status => 403
   end
  
   def invisible_profile
@@ -90,10 +90,14 @@ class SearchController &lt; PublicController
   end
  
   def events
-    year = (params[:year] ? params[:year].to_i : Date.today.year)
-    month = (params[:month] ? params[:month].to_i : Date.today.month)
-    day = (params[:day] ? params[:day].to_i : Date.today.day)
-    @date = build_date(year, month, day)
+    if params[:year].blank? && params[:year].blank? && params[:day].blank?
+      @date = Date.today
+    else
+      year = (params[:year] ? params[:year].to_i : Date.today.year)
+      month = (params[:month] ? params[:month].to_i : Date.today.month)
+      day = (params[:day] ? params[:day].to_i : 1)
+      @date = build_date(year, month, day)
+    end
     date_range = (@date - 1.month).at_beginning_of_month..(@date + 1.month).at_end_of_month
  
     @events = []
@@ -304,7 +304,7 @@ module ApplicationHelper
   def partial_for_class(klass, prefix=nil, suffix=nil)
     raise ArgumentError, 'No partial for object. Is there a partial for any class in the inheritance hierarchy?' if klass.nil?
     name = klass.name.underscore
-    controller.view_paths.reverse_each do |view_path|
+    controller.view_paths.each do |view_path|
       partial = partial_for_class_in_view_path(klass, view_path, prefix, suffix)
       return partial if partial
     end
@@ -433,19 +433,19 @@ module ApplicationHelper
   end
  
   def theme_site_title
-    theme_include('site_title')
+    @theme_site_title ||= theme_include 'site_title'
   end
  
   def theme_header
-    theme_include('header')
+    @theme_header ||= theme_include 'header'
   end
  
   def theme_footer
-    theme_include('footer')
+    @theme_footer ||= theme_include 'footer'
   end
  
   def theme_extra_navigation
-    theme_include('navigation')
+    @theme_extra_navigation ||= theme_include 'navigation'
   end
  
   def is_testing_theme
@@ -674,13 +674,14 @@ module ApplicationHelper
     html.join "\n"
   end
  
+  def theme_javascript_src
+    script = File.join theme_path, 'theme.js'
+    script if File.exists? File.join(Rails.root, 'public', script)
+  end
+
   def theme_javascript_ng
-    script = File.join(theme_path, 'theme.js')
-    if File.exists?(File.join(Rails.root, 'public', script))
-      javascript_include_tag script
-    else
-      nil
-    end
+    script = theme_javascript_src
+    javascript_include_tag script if script
   end
  
   def file_field_or_thumbnail(label, image, i)
@@ -861,8 +862,9 @@ module ApplicationHelper
   end
  
   def base_url
-    environment.top_url
+    environment.top_url(request.scheme)
   end
+  alias :top_url :base_url
  
   def helper_for_article(article)
     article_helper = ActionView::Base.new
@@ -907,13 +909,15 @@ module ApplicationHelper
   end
  
   def page_title
-    (@page ? @page.title + ' - ' : '') +
-    (@topic ? @topic.title + ' - ' : '') +
-    (@section ? @section.title + ' - ' : '') +
-    (@toc ? _('Online Manual') + ' - ' : '') +
-    (controller.controller_name == 'chat' ? _('Chat') + ' - ' : '') +
-    (profile ? profile.short_name : environment.name) +
-    (@category ? " - #{@category.full_name}" : '')
+    CGI.escapeHTML(
+      (@page ? @page.title + ' - ' : '') +
+      (@topic ? @topic.title + ' - ' : '') +
+      (@section ? @section.title + ' - ' : '') +
+      (@toc ? _('Online Manual') + ' - ' : '') +
+      (controller.controller_name == 'chat' ? _('Chat') + ' - ' : '') +
+      (profile ? profile.short_name : environment.name) +
+      (@category ? " - #{@category.full_name}" : '')
+    )
   end
  
   # DEPRECATED. Do not use this.
@@ -942,9 +946,9 @@ module ApplicationHelper
   # from Article model for an ArticleBlock.
   def reference_to_article(text, article, anchor=nil)
     if article.profile.domains.empty?
-      href = "/#{article.url[:profile]}/"
+      href = "#{Noosfero.root}/#{article.url[:profile]}/"
     else
-      href = "http://#{article.profile.domains.first.name}/"
+      href = "http://#{article.profile.domains.first.name}#{Noosfero.root}/"
     end
     href += article.url[:page].join('/')
     href += '#' + anchor if anchor
@@ -1285,11 +1289,13 @@ module ApplicationHelper
   end
  
   def delete_article_message(article)
-    if article.folder?
-      _("Are you sure that you want to remove the folder \"%s\"? Note that all the items inside it will also be removed!") % article.name
-    else
-      _("Are you sure that you want to remove the item \"%s\"?") % article.name
-    end
+    CGI.escapeHTML(
+      if article.folder?
+        _("Are you sure that you want to remove the folder \"%s\"? Note that all the items inside it will also be removed!") % article.name
+      else
+        _("Are you sure that you want to remove the item \"%s\"?") % article.name
+      end
+    )
   end
  
   def expirable_link_to(expired, content, url, options = {})
@@ -1310,10 +1316,8 @@ module ApplicationHelper
     return '' if templates.count == 0
     return hidden_field_tag("#{field_name}[template_id]", templates.first.id) if templates.count == 1
  
-    counter = 0
     radios = templates.map do |template|
-      counter += 1
-      content_tag('li', labelled_radio_button(link_to(template.name, template.url, :target => '_blank'), "#{field_name}[template_id]", template.id, counter==1))
+      content_tag('li', labelled_radio_button(link_to(template.name, template.url, :target => '_blank'), "#{field_name}[template_id]", template.id, environment.is_default_template?(template)))
     end.join("\n")
  
     content_tag('div', content_tag('label', _('Profile organization'), :for => 'template-options', :class => 'formlabel') +
@@ -1377,7 +1381,7 @@ module ApplicationHelper
       #     are old things that do not support it we are keeping this hot spot.
       html = @plugins.pipeline(:parse_content, html, source).first
     end
-    html
+    html && html.html_safe
   end
  
   def convert_macro(html, source)
@@ -3,6 +3,12 @@ module ArticleHelper
   include PrototypeHelper
   include TokenHelper
  
+  def article_reported_version(article)
+    search_path = Rails.root.join('app', 'views', 'shared', 'reported_versions')
+    partial_path = File.join('shared', 'reported_versions', 'profile', partial_for_class_in_view_path(article.class, search_path))
+    render_to_string(:partial => partial_path, :locals => {:article => article})
+  end
+
   def custom_options_for_article(article, tokenized_children)
     @article = article
  
@@ -71,12 +77,59 @@ module ArticleHelper
       content_tag('div',
         radio_button(:article, :published, false) +
           content_tag('label', _('Private'), :for => 'article_published_false', :id => "label_private")
-       ) +
-      (article.profile.community? ? content_tag('div',
-        content_tag('label', _('Fill in the search field to add the exception users to see this content'), :id => "text-input-search-exception-users") +
-        token_input_field_tag(:q, 'search-article-privacy-exceptions', {:action => 'search_article_privacy_exceptions'},
-          {:focus => false, :hint_text => _('Type in a search term for a user'), :pre_populate => tokenized_children})) :
-          ''))
+      ) +
+      privacity_exceptions(article, tokenized_children)
+    )
+  end
+
+  def privacity_exceptions(article, tokenized_children)
+    content_tag('div',
+      content_tag('div',
+        (
+          if article.profile
+            add_option_to_followers(article, tokenized_children)
+          else
+            ''
+          end
+        )
+      ),
+      :style => "margin-left:10px"
+    )
+  end
+
+  def add_option_to_followers(article, tokenized_children)
+    label_message = article.profile.organization? ? _('For all community members') : _('For all your friends')
+
+    check_box(
+      :article,
+      :show_to_followers,
+      {:class => "custom_privacy_option"}
+    ) +
+    content_tag(
+      'label',
+      label_message,
+      :for => 'article_show_to_followers',
+      :id => 'label_show_to_followers'
+    ) +
+    (article.profile.community? ?
+      content_tag(
+        'div',
+        content_tag(
+          'label',
+          _('Fill in the search field to add the exception users to see this content'),
+          :id => "text-input-search-exception-users"
+        ) +
+        token_input_field_tag(
+          :q,
+          'search-article-privacy-exceptions',
+          {:action => 'search_article_privacy_exceptions'},
+          {
+            :focus => false,
+            :hint_text => _('Type in a search term for a user'),
+            :pre_populate => tokenized_children
+          }
+        )
+      ) : '')
   end
  
   def prepare_to_token_input(array)
@@ -170,49 +170,54 @@ module BoxesHelper
       else
         "before-block-#{block.id}"
       end
-
-    content_tag('div', '&nbsp;', :id => id, :class => 'block-target' ) + drop_receiving_element(id, :url => { :action => 'move_block', :target => id }, :accept => box.acceptable_blocks, :hoverclass => 'block-target-hover')
+    if block.nil? or modifiable?(block)
+      content_tag('div', '&nbsp;', :id => id, :class => 'block-target' ) + drop_receiving_element(id, :url => { :action => 'move_block', :target => id }, :accept => box.acceptable_blocks, :hoverclass => 'block-target-hover')
+    else
+      ""
+    end
   end
  
   # makes the given block draggable so it can be moved away.
   def block_handle(block)
-    draggable_element("block-#{block.id}", :revert => true)
+    modifiable?(block) ? draggable_element("block-#{block.id}", :revert => true) : ""
   end
  
   def block_edit_buttons(block)
     buttons = []
     nowhere = 'javascript: return false;'
  
-    if block.first?
-      buttons << icon_button('up-disabled', _("Can't move up anymore."), nowhere)
-    else
-      buttons << icon_button('up', _('Move block up'), { :action => 'move_block_up', :id => block.id }, { :method => 'post' })
-    end
+    if modifiable?(block)
+      if block.first?
+        buttons << icon_button('up-disabled', _("Can't move up anymore."), nowhere)
+      else
+        buttons << icon_button('up', _('Move block up'), { :action => 'move_block_up', :id => block.id }, { :method => 'post' })
+      end
  
-    if block.last?
-      buttons << icon_button('down-disabled', _("Can't move down anymore."), nowhere)
-    else
-      buttons << icon_button(:down, _('Move block down'), { :action => 'move_block_down' ,:id => block.id }, { :method => 'post'})
-    end
+      if block.last?
+        buttons << icon_button('down-disabled', _("Can't move down anymore."), nowhere)
+      else
+        buttons << icon_button(:down, _('Move block down'), { :action => 'move_block_down' ,:id => block.id }, { :method => 'post'})
+      end
  
-    holder = block.owner
-    # move to opposite side
-    # FIXME too much hardcoded stuff
-    if holder.layout_template == 'default'
-      if block.box.position == 2 # area 2, left side => move to right side
-        buttons << icon_button('right', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[2].id.to_s, :id => block.id }, :method => 'post' )
-      elsif block.box.position == 3 # area 3, right side => move to left side
-        buttons << icon_button('left', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[1].id.to_s, :id => block.id }, :method => 'post' )
+      holder = block.owner
+      # move to opposite side
+      # FIXME too much hardcoded stuff
+      if holder.layout_template == 'default'
+        if block.box.position == 2 # area 2, left side => move to right side
+          buttons << icon_button('right', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[2].id.to_s, :id => block.id }, :method => 'post' )
+        elsif block.box.position == 3 # area 3, right side => move to left side
+          buttons << icon_button('left', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[1].id.to_s, :id => block.id }, :method => 'post' )
+        end
       end
-    end
  
-    if block.editable?
-      buttons << colorbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
-    end
+      if block.editable?
+        buttons << colorbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
+      end
  
-    if !block.main?
-      buttons << icon_button(:delete, _('Remove block'), { :action => 'remove', :id => block.id }, { :method => 'post', :confirm => _('Are you sure you want to remove this block?')})
-      buttons << icon_button(:clone, _('Clone'), { :action => 'clone_block', :id => block.id }, { :method => 'post' })
+      if !block.main?
+        buttons << icon_button(:delete, _('Remove block'), { :action => 'remove', :id => block.id }, { :method => 'post', :confirm => _('Are you sure you want to remove this block?')})
+        buttons << icon_button(:clone, _('Clone'), { :action => 'clone_block', :id => block.id }, { :method => 'post' })
+      end
     end
  
     if block.respond_to?(:help)
@@ -248,5 +253,7 @@ module BoxesHelper
     classes
   end
  
-
+  def modifiable?(block)
+    return !block.fixed || environment.admins.include?(user)
+  end
 end
@@ -10,7 +10,7 @@ module ContentViewerHelper
   end
  
   def number_of_comments(article)
-    display_number_of_comments(article.comments_count - article.spam_comments_count)
+    display_number_of_comments(article.comments_count - article.spam_comments_count.to_i)
   end
  
   def article_title(article, args = {})
@@ -45,7 +45,7 @@ module ContentViewerHelper
         { article.environment.locales[translation.language] => { :href => url_for(translation.url) } }
       end
       content_tag(:div, link_to(_('Translations'), '#',
-                                :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{links.to_json}); return false",
+                                :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{CGI::escape_html(links.to_json)}); return false",
                                 :class => 'article-translations-menu simplemenu-trigger up'),
                   :class => 'article-translations')
     end
@@ -2,12 +2,31 @@ module LayoutHelper
  
   def body_classes
     # Identify the current controller and action for the CSS:
+    (logged_in? ? " logged-in" : "") +
     " controller-#{controller.controller_name}" +
     " action-#{controller.controller_name}-#{controller.action_name}" +
     " template-#{@layout_template || if profile.blank? then 'default' else profile.layout_template end}" +
     (!profile.nil? && profile.is_on_homepage?(request.path,@page) ? " profile-homepage" : "")
   end
  
+  def html_tag_classes
+    [
+      body_classes, (
+        profile.blank? ? nil : [
+          'profile-type-is-' + profile.class.name.downcase,
+          'profile-name-is-' + profile.identifier,
+        ]
+      ), 'theme-' + current_theme,
+      @plugins.dispatch(:html_tag_classes).map do |content|
+        if content.respond_to?(:call)
+          instance_exec(&content)
+        else
+          content.html_safe
+        end
+      end
+    ].flatten.compact.join(' ')
+  end
+
   def noosfero_javascript
     plugins_javascripts = @plugins.map { |plugin| [plugin.js_files].flatten.map { |js| plugin.class.public_path(js) } }.flatten
  
@@ -17,6 +36,8 @@ module LayoutHelper
     unless plugins_javascripts.empty?
       output += javascript_include_tag plugins_javascripts, :cache => "cache/plugins-#{Digest::MD5.hexdigest plugins_javascripts.to_s}"
     end
+    output += theme_javascript_ng.to_s
+
     output
   end
  
@@ -85,6 +106,10 @@ module LayoutHelper
     theme_path + '/style.css'
   end
  
+  def layout_template
+    if profile then profile.layout_template else environment.layout_template end
+  end
+
   def addthis_javascript
     if NOOSFERO_CONF['addthis_enabled']
       '<script src="https://s7.addthis.com/js/152/addthis_widget.js"></script>'
@@ -92,7 +117,7 @@ module LayoutHelper
   end
  
   def meta_description_tag(article=nil)
-    article ? truncate(strip_tags(article.body.to_s), :length => 200) : environment.name
+    article ? CGI.escapeHTML(truncate(strip_tags(article.body.to_s), :length => 200)) : environment.name
   end
 end
  
@@ -1,15 +0,0 @@
-module PersonNotifierHelper
-
-  include ApplicationHelper
-
-  private
-
-  def path_to_image(source)
-    top_url + source
-  end
-
-  def top_url
-    top_url = @profile.environment ? @profile.environment.top_url : ''
-  end
-
-end
 module ProfileHelper
  
   COMMON_CATEGORIES = ActiveSupport::OrderedHash.new
-  COMMON_CATEGORIES[:content] = [:blogs, :image_galleries, :events, :tags]
+  COMMON_CATEGORIES[:content] = [:blogs, :image_galleries, :events, :article_tags]
   COMMON_CATEGORIES[:interests] = [:interests]
   COMMON_CATEGORIES[:general] = nil
  
@@ -41,6 +41,8 @@ module ProfileHelper
     :birth_date => _('Date of birth'),
     :created_at => _('Profile created at'),
     :members_count => _('Members'),
+    :privacy_setting => _('Privacy setting'),
+    :article_tags => _('Tags')
   }
  
   EXCEPTION = {
@@ -63,7 +65,7 @@ module ProfileHelper
  
   def title(field, entry = nil)
     return self.send("#{field}_custom_title", entry) if MULTIPLE[kind].include?(field) && entry.present?
-    CUSTOM_LABELS[field.to_sym] || field.to_s.humanize
+    CUSTOM_LABELS[field.to_sym] || _(field.to_s.humanize)
   end
  
   def display_field(field)
@@ -73,15 +75,18 @@ module ProfileHelper
       return ''
     end
     value = begin profile.send(field) rescue nil end
-    p field
-    if !value.blank?
+    return '' if value.blank?
+    if value.kind_of?(Hash)
+      content = self.send("treat_#{field}", value)
+      content_tag('tr', content_tag('td', title(field), :class => 'field-name') + content_tag('td', content))
+    else
       entries = multiple ? value : [] << value
       entries.map do |entry|
         content = self.send("treat_#{field}", entry)
-        content_tag('tr', content_tag('td', title(field, entry), :class => 'field-name') + content_tag('td', content))
+        unless content.blank?
+          content_tag('tr', content_tag('td', title(field, entry), :class => 'field-name') + content_tag('td', content))
+        end
       end.join("\n")
-    else
-      ''
     end
   end
  
@@ -98,7 +103,6 @@ module ProfileHelper
   end
  
   def treat_date(date)
-    puts date.inspect
     show_date(date.to_date)
   end
   alias :treat_birth_date :treat_date
@@ -133,12 +137,10 @@ module ProfileHelper
   end
  
   def treat_blogs(blog)
-    p blog
     link_to(n_('One post', '%{num} posts', blog.posts.published.count) % { :num => blog.posts.published.count }, blog.url)
   end
  
   def treat_image_galleries(gallery)
-    p gallery
     link_to(n_('One picture', '%{num} pictures', gallery.images.published.count) % { :num => gallery.images.published.count }, gallery.url)
   end
  
@@ -146,7 +148,7 @@ module ProfileHelper
     link_to events.published.count, :controller => 'events', :action => 'events'
   end
  
-  def treat_tags(tags)
+  def treat_article_tags(tags)
     tag_cloud @tags, :id, { :action => 'tags' }, :max_size => 18, :min_size => 10
   end
  
 module RoleHelper
+
+  def role_available_permissions(role)
+    role.kind == "Environment" ? ['Environment', 'Profile'] : [role.kind]
+  end
+
 end
@@ -21,6 +21,12 @@ module SearchHelper
     'more_comments' => _('More comments')
   }
  
+  COMMON_PROFILE_LIST_BLOCK = [
+    :enterprises,
+    :people,
+    :communities
+  ]
+
   # FIXME remove it after search_controler refactored
   include EventsHelper
  
@@ -94,7 +100,7 @@ module SearchHelper
       compact_link = display?(asset, :compact) ? (display == 'compact' ? _('Compact') : link_to(_('Compact'), params.merge(:display => 'compact'))) : nil
       map_link = display?(asset, :map) ? (display == 'map' ? _('Map') : link_to(_('Map'), params.merge(:display => 'map'))) : nil
       full_link = display?(asset, :full) ? (display == 'full' ? _('Full') : link_to(_('Full'), params.merge(:display => 'full'))) : nil
-      content_tag('div', 
+      content_tag('div',
         content_tag('strong', _('Display')) + ': ' + [compact_link, map_link, full_link].compact.join(' | ').html_safe,
         :class => 'search-customize-options'
       )
@@ -56,12 +56,12 @@ module SweeperHelper
     if profile
       profile.blocks.each {|block|
         conditions = block.class.expire_on
-        blocks_to_expire << block unless (conditions[:profile] & causes).empty?
+        blocks_to_expire << block unless (conditions[:profile] & causes).blank?
       }
     end
     environment.blocks.each {|block|
       conditions = block.class.expire_on
-      blocks_to_expire << block unless (conditions[:environment] & causes).empty?
+      blocks_to_expire << block unless (conditions[:environment] & causes).blank?
     }
  
     blocks_to_expire.uniq!
@@ -0,0 +1,51 @@
+module TinymceHelper
+  include MacrosHelper
+
+  def tinymce_js
+    output = ''
+    output += javascript_include_tag 'tinymce/js/tinymce/tinymce.min.js'
+    output += javascript_include_tag 'tinymce/js/tinymce/jquery.tinymce.min.js'
+    output += javascript_include_tag 'tinymce.js'
+    output += include_macro_js_files.to_s
+    output
+  end
+
+  def tinymce_init_js options = {}
+    options.merge! :document_base_url => top_url,
+      :content_css => "/stylesheets/tinymce.css,#{macro_css_files}",
+      :plugins => %w[compat3x advlist autolink lists link image charmap print preview hr anchor pagebreak
+        searchreplace wordcount visualblocks visualchars code fullscreen
+        insertdatetime media nonbreaking save table contextmenu directionality
+        emoticons template paste textcolor colorpicker textpattern],
+      :language => tinymce_language
+
+    options[:toolbar1] = "insertfile undo redo | copy paste | bold italic underline | styleselect fontsizeselect | forecolor backcolor | alignleft aligncenter alignright alignjustify | bullist numlist outdent indent | link image"
+    if options[:mode] == 'simple'
+      options[:menubar] = false
+    else
+      options[:menubar] = 'edit insert view tools'
+      options[:toolbar2] = 'print preview code media | table'
+
+      options[:toolbar2] += ' | macros'
+      macros_with_buttons.each do |macro|
+        options[:toolbar2] += " #{macro.identifier}"
+      end
+    end
+
+    options[:macros_setup] = macros_with_buttons.map do |macro|
+      <<-EOS
+        ed.addButton('#{macro.identifier}', {
+          title: #{macro_title(macro).to_json},
+          onclick: #{generate_macro_config_dialog macro},
+          image : '#{macro.configuration[:icon_path]}'
+        });
+      EOS
+    end
+
+    #cleanup non tinymce options
+    options = options.except :mode
+
+    "noosfero.tinymce.init(#{options.to_json})"
+  end
+
+end
@@ -22,6 +22,7 @@ class ApproveArticle &lt; Task
   end
  
   settings_items :closing_statment, :article_parent_id, :highlighted
+  settings_items :create_link, :type => :boolean, :default => false
  
   def article_parent
     Article.find_by_id article_parent_id.to_i
@@ -48,7 +49,11 @@ class ApproveArticle &lt; Task
   end
  
   def perform
-    article.copy!(:name => name, :abstract => abstract, :body => body, :profile => target, :reference_article => article, :parent => article_parent, :highlighted => highlighted, :source => article.source, :last_changed_by_id => article.last_changed_by_id, :created_by_id => article.created_by_id)
+    if create_link
+      LinkArticle.create!(:reference_article => article, :profile => target, :parent => article_parent, :highlighted => highlighted)
+    else
+      article.copy!(:name => name, :abstract => abstract, :body => body, :profile => target, :reference_article => article, :parent => article_parent, :highlighted => highlighted, :source => article.source, :last_changed_by_id => article.last_changed_by_id, :created_by_id => article.created_by_id)
+    end
   end
  
   def title
@@ -2,7 +2,14 @@ require &#39;hpricot&#39;
  
 class Article < ActiveRecord::Base
  
-  attr_accessible :name, :body, :abstract, :profile, :tag_list, :parent, :allow_members_to_edit, :translation_of_id, :language, :license_id, :parent_id, :display_posts_in_current_language, :category_ids, :posts_per_page, :moderate_comments, :accept_comments, :feed, :published, :source, :highlighted, :notify_comments, :display_hits, :slug, :external_feed_builder, :display_versions, :external_link, :image_builder
+  attr_accessible :name, :body, :abstract, :profile, :tag_list, :parent,
+                  :allow_members_to_edit, :translation_of_id, :language,
+                  :license_id, :parent_id, :display_posts_in_current_language,
+                  :category_ids, :posts_per_page, :moderate_comments,
+                  :accept_comments, :feed, :published, :source,
+                  :highlighted, :notify_comments, :display_hits, :slug,
+                  :external_feed_builder, :display_versions, :external_link,
+                  :image_builder, :show_to_followers
  
   acts_as_having_image
  
@@ -103,6 +110,11 @@ class Article &lt; ActiveRecord::Base
     self.activity.destroy if self.activity
   end
  
+  after_destroy :destroy_link_article
+  def destroy_link_article
+    Article.where(:reference_article_id => self.id, :type => LinkArticle).destroy_all
+  end
+
   xss_terminate :only => [ :name ], :on => 'validation', :with => 'white_list'
  
   scope :in_category, lambda { |category|
@@ -285,13 +297,6 @@ class Article &lt; ActiveRecord::Base
     end
   end
  
-  def reported_version(options = {})
-    article = self
-    search_path = Rails.root.join('app', 'views', 'shared', 'reported_versions')
-    partial_path = File.join('shared', 'reported_versions', partial_for_class_in_view_path(article.class, search_path))
-    lambda { render_to_string(:partial => partial_path, :locals => {:article => article}) }
-  end
-
   # returns the data of the article. Must be overriden in each subclass to
   # provide the correct content for the article.
   def data
@@ -340,7 +345,7 @@ class Article &lt; ActiveRecord::Base
   def belongs_to_blog?
     self.parent and self.parent.blog?
   end
-  
+
   def belongs_to_forum?
     self.parent and self.parent.forum?
   end
@@ -452,6 +457,7 @@ class Article &lt; ActiveRecord::Base
       if self.parent && !self.parent.published?
         return false
       end
+
       true
     else
       false
@@ -483,14 +489,17 @@ class Article &lt; ActiveRecord::Base
     {:conditions => ["  articles.published = ? OR
                         articles.last_changed_by_id = ? OR
                         articles.profile_id = ? OR
-                        ?",
-                        true, user.id, user.id, user.has_permission?(:view_private_content, profile)] }
+                        ? OR  articles.show_to_followers = ? AND ?",
+                        true, user.id, user.id, user.has_permission?(:view_private_content, profile),
+                        true, user.follows?(profile)]}
   end
  
+
   def display_unpublished_article_to?(user)
     user == author || allow_view_private_content?(user) || user == profile ||
     user.is_admin?(profile.environment) || user.is_admin?(profile) ||
-    article_privacy_exceptions.include?(user)
+    article_privacy_exceptions.include?(user) ||
+    (self.show_to_followers && user.follows?(profile))
   end
  
   def display_to?(user = nil)
 class Block < ActiveRecord::Base
  
-  attr_accessible :title, :display, :limit, :box_id, :posts_per_page, :visualization_format, :language, :display_user, :box
+  attr_accessible :title, :display, :limit, :box_id, :posts_per_page, :visualization_format, :language, :display_user, :box, :fixed
  
   # to be able to generate HTML
   include ActionView::Helpers::UrlHelper
@@ -64,7 +64,7 @@ class Block &lt; ActiveRecord::Base
   end
  
   def display_to_user?(user)
-    display_user == 'all' || (user.nil? && display_user == 'not_logged') || (user && display_user == 'logged')
+    display_user == 'all' || (user.nil? && display_user == 'not_logged') || (user && display_user == 'logged') || (user && display_user == 'followers' && user.follows?(owner))
   end
  
   def display_always(context)
@@ -75,7 +75,7 @@ class Block &lt; ActiveRecord::Base
     if context[:article]
       return context[:article] == owner.home_page
     else
-      return context[:request_path] == '/'
+      return home_page_path?(context[:request_path])
     end
   end
  
@@ -83,7 +83,7 @@ class Block &lt; ActiveRecord::Base
     if context[:article]
       return context[:article] != owner.home_page
     else
-      return context[:request_path] != '/' + (owner.kind_of?(Profile) ? owner.identifier : '')
+      return !home_page_path?(context[:request_path])
     end
   end
  
@@ -110,11 +110,14 @@ class Block &lt; ActiveRecord::Base
   # * <tt>'all'</tt>: the block is always displayed
   settings_items :language, :type => :string, :default => 'all'
  
+  # The block can be configured to be fixed. Only can be edited by environment admins
+  settings_items :fixed, :type => :boolean, :default => false
+
   # returns the description of the block, used when the user sees a list of
   # blocks to choose one to include in the design.
   #
   # Must be redefined in subclasses to match the description of each block
-  # type. 
+  # type.
   def self.description
     '(dummy)'
   end
@@ -124,13 +127,13 @@ class Block &lt; ActiveRecord::Base
   # This method can return several types of objects:
   #
   # * <tt>String</tt>: if the string starts with <tt>http://</tt> or <tt>https://</tt>, then it is assumed to be address of an IFRAME. Otherwise it's is used as regular HTML.
-  # * <tt>Hash</tt>: the hash is used to build an URL that is used as the address for a IFRAME. 
+  # * <tt>Hash</tt>: the hash is used to build an URL that is used as the address for a IFRAME.
   # * <tt>Proc</tt>: the Proc is evaluated in the scope of BoxesHelper. The
   # block can then use <tt>render</tt>, <tt>link_to</tt>, etc.
   #
   # The method can also return <tt>nil</tt>, which means "no content".
   #
-  # See BoxesHelper#extract_block_content for implementation details. 
+  # See BoxesHelper#extract_block_content for implementation details.
   def content(args={})
     "This is block number %d" % self.id
   end
@@ -192,7 +195,7 @@ class Block &lt; ActiveRecord::Base
  
   # Override in your subclasses.
   # Define which events and context should cause the block cache to expire
-  # Possible events are: :article, :profile, :friendship, :category
+  # Possible events are: :article, :profile, :friendship, :category, :role_assignment
   # Possible contexts are: :profile, :environment
   def self.expire_on
     {
@@ -221,6 +224,7 @@ class Block &lt; ActiveRecord::Base
       'all'            => _('All users'),
       'logged'         => _('Logged'),
       'not_logged'     => _('Not logged'),
+      'followers'      => owner.class != Environment && owner.organization? ? _('Members') : _('Friends')
     }
   end
  
@@ -234,4 +238,26 @@ class Block &lt; ActiveRecord::Base
     duplicated_block
   end
  
+  def copy_from(block)
+    self.settings = block.settings
+    self.position = block.position
+  end
+
+  private
+
+  def home_page_path
+    home_page_url = Noosfero.root('/')
+
+    if owner.kind_of?(Profile)
+      home_page_url += "profile/" if owner.home_page.nil?
+      home_page_url += owner.identifier
+    end
+
+    return home_page_url
+  end
+
+  def home_page_path? path
+    return path == home_page_path || path == (home_page_path + '/')
+  end
+
 end
@@ -53,7 +53,7 @@ class Blog &lt; Folder
   def prepare_external_feed
     unless self.external_feed_data.nil?
       if self.external_feed(true) && self.external_feed.id == self.external_feed_data[:id].to_i
-        self.external_feed.attributes = self.external_feed_data
+        self.external_feed.attributes = self.external_feed_data.except(:id)
       else
         self.build_external_feed(self.external_feed_data, :without_protection => true)
       end
@@ -50,16 +50,6 @@ class Community &lt; Organization
     super + FIELDS
   end
  
-  validate :presence_of_required_fieds
-
-  def presence_of_required_fieds
-    self.required_fields.each do |field|
-      if self.send(field).blank?
-        self.errors.add_on_blank(field)
-      end
-    end
-  end
-
   def active_fields
     environment ? environment.active_community_fields : []
   end
@@ -78,7 +68,7 @@ class Community &lt; Organization
   end
  
   def default_template
-    environment.community_template
+    environment.community_default_template
   end
  
   def news(limit = 30, highlight = false)
@@ -92,4 +92,11 @@ class Domain &lt; ActiveRecord::Base
     @hosting = {}
   end
  
+  # Detects a domain's custom text domain chain if available based on a domain
+  # served on multitenancy configuration or a registered domain.
+  def self.custom_locale(domainname)
+    domain = Noosfero::MultiTenancy.mapping[domainname] || domainname[/(.*?)\./,1]
+    FastGettext.translation_repositories.keys.include?(domain) ? domain : FastGettext.default_text_domain
+  end
+
 end
@@ -59,16 +59,6 @@ class Enterprise &lt; Organization
     super + FIELDS
   end
  
-  validate :presence_of_required_fieds
-
-  def presence_of_required_fieds
-    self.required_fields.each do |field|
-      if self.send(field).blank?
-        self.errors.add_on_blank(field)
-      end
-    end
-  end
-
   def active_fields
     environment ? environment.active_enterprise_fields : []
   end
@@ -107,7 +97,12 @@ class Enterprise &lt; Organization
     self.tasks.where(:type => 'EnterpriseActivation').first
   end
  
-  def enable(owner)
+  def enable(owner = nil)
+    if owner.nil?
+      self.visible = true
+      return self.save
+    end
+
     return if enabled
     # must be set first for the following to work
     self.enabled = true
@@ -169,7 +164,7 @@ class Enterprise &lt; Organization
   end
  
   def default_template
-    environment.enterprise_template
+    environment.enterprise_default_template
   end
  
   def template_with_inactive_enterprise
@@ -283,6 +283,7 @@ class Environment &lt; ActiveRecord::Base
     www.flickr.com
     www.gmodules.com
     www.youtube.com
+    openstreetmap.org
   ] + ('a' .. 'z').map{|i| "#{i}.yimg.com"}
  
   settings_items :enabled_plugins, :type => Array, :default => Noosfero::Plugin.available_plugin_names
@@ -656,10 +657,11 @@ class Environment &lt; ActiveRecord::Base
     { :controller => 'admin_panel', :action => 'index' }
   end
  
-  def top_url
-    url = 'http://'
+  def top_url(scheme = 'http')
+    url = scheme + '://'
     url << (Noosfero.url_options.key?(:host) ? Noosfero.url_options[:host] : default_hostname)
     url << ':' << Noosfero.url_options[:port].to_s if Noosfero.url_options.key?(:port)
+    url << Noosfero.root('')
     url
   end
  
@@ -727,31 +729,50 @@ class Environment &lt; ActiveRecord::Base
     ]
   end
  
-  def community_template
+  def is_default_template?(template)
+    is_default = template == community_default_template 
+    is_default = is_default || template == person_default_template 
+    is_default = is_default || template == enterprise_default_template
+    is_default
+  end
+
+  def community_templates
+    self.communities.templates
+  end
+
+  def community_default_template
     template = Community.find_by_id settings[:community_template_id]
-    template if template && template.is_template
+    template if template && template.is_template?
+  end
+
+  def community_default_template=(value)
+    settings[:community_template_id] = value.kind_of?(Community) ? value.id : value
   end
  
-  def community_template=(value)
-    settings[:community_template_id] = value.id
+  def person_templates
+    self.people.templates
   end
  
-  def person_template
+  def person_default_template
     template = Person.find_by_id settings[:person_template_id]
-    template if template && template.is_template
+    template if template && template.is_template?
+  end
+
+  def person_default_template=(value)
+    settings[:person_template_id] = value.kind_of?(Person) ? value.id : value
   end
  
-  def person_template=(value)
-    settings[:person_template_id] = value.id
+  def enterprise_templates
+    self.enterprises.templates
   end
  
-  def enterprise_template
+  def enterprise_default_template
     template = Enterprise.find_by_id settings[:enterprise_template_id]
-    template if template && template.is_template
+    template if template && template.is_template?
   end
  
-  def enterprise_template=(value)
-    settings[:enterprise_template_id] = value.id
+  def enterprise_default_template=(value)
+    settings[:enterprise_template_id] = value.kind_of?(Enterprise) ? value.id : value
   end
  
   def inactive_enterprise_template
@@ -849,10 +870,10 @@ class Environment &lt; ActiveRecord::Base
     person_template.visible = false
     person_template.save!
  
-    self.enterprise_template = enterprise_template
+    self.enterprise_default_template = enterprise_template
     self.inactive_enterprise_template = inactive_enterprise_template
-    self.community_template = community_template
-    self.person_template = person_template
+    self.community_default_template = community_template
+    self.person_default_template = person_template
     self.save!
   end
  
@@ -916,6 +937,10 @@ class Environment &lt; ActiveRecord::Base
     locales_list
   end
  
+  def has_license?
+    self.licenses.any?
+  end
+
   private
  
   def default_language_available
@@ -19,7 +19,7 @@ class Event &lt; Article
     maybe_add_http(self.setting[:link])
   end
  
-  xss_terminate :only => [ :body, :link, :address ], :with => 'white_list', :on => 'validation'
+  xss_terminate :only => [ :name, :body, :link, :address ], :with => 'white_list', :on => 'validation'
  
   def initialize(*args)
     super(*args)
@@ -10,9 +10,10 @@ class ExternalFeed &lt; ActiveRecord::Base
     { :conditions => ['(fetched_at is NULL) OR (fetched_at < ?)', Time.now - FeedUpdater.update_interval] }
   }
  
-  attr_accessible :address, :enabled
+  attr_accessible :address, :enabled, :only_once
  
   def add_item(title, link, date, content)
+    return if content.blank?
     doc = Hpricot(content)
     doc.search('*').each do |p|
       if p.instance_of? Hpricot::Elem
@@ -12,7 +12,7 @@ class Folder &lt; Article
  
   acts_as_having_settings :field => :setting
  
-  xss_terminate :only => [ :body ], :with => 'white_list', :on => 'validation'
+  xss_terminate :only => [ :name, :body ], :with => 'white_list', :on => 'validation'
  
   include WhiteListFilter
   filter_iframes :body
@@ -65,18 +65,16 @@ class Invitation &lt; Task
  
       task_args = if user.nil?
         {:person => person, :friend_name => friend_name, :friend_email => friend_email, :message => message}
-      elsif !user.person.is_a_friend?(person)
+      else
         {:person => person, :target => user.person}
       end
  
-      if !task_args.nil?
-        if profile.person?
-          InviteFriend.create(task_args)
-        elsif profile.community?
-          InviteMember.create(task_args.merge(:community_id => profile.id))
-        else
-          raise NotImplementedError, 'Don\'t know how to invite people to a %s' % profile.class.to_s
-        end
+      if profile.person?
+        InviteFriend.create(task_args) if user.nil? || !user.person.is_a_friend?(person)
+      elsif profile.community?
+        InviteMember.create(task_args.merge(:community_id => profile.id)) if user.nil? || !user.person.is_member_of?(profile)
+      else
+        raise NotImplementedError, 'Don\'t know how to invite people to a %s' % profile.class.to_s
       end
     end
   end
@@ -0,0 +1,14 @@
+class LinkArticle < Article
+
+  attr_accessible :reference_article
+
+  def self.short_description
+    "Article link"
+  end
+
+  delegate :name, :to => :reference_article
+  delegate :body, :to => :reference_article
+  delegate :abstract, :to => :reference_article
+  delegate :url, :to => :reference_article
+
+end
@@ -78,8 +78,13 @@ class LinkListBlock &lt; Block
       address
     end
     if add !~ /^[a-z]+:\/\// && add !~ /^\//
-      'http://' + add
+      '//' + add
     else
+      if root = Noosfero.root
+        if !add.starts_with?(root)
+          add = root + add
+        end
+      end
       add
     end
   end
@@ -96,4 +101,5 @@ class LinkListBlock &lt; Block
     sanitizer = HTML::WhiteListSanitizer.new
     sanitizer.sanitize(text)
   end
+
 end
@@ -30,6 +30,16 @@ class Organization &lt; Profile
  
   scope :more_popular, :order => 'members_count DESC'
  
+  validate :presence_of_required_fieds, :unless => :is_template
+
+  def presence_of_required_fieds
+    self.required_fields.each do |field|
+      if self.send(field).blank?
+        self.errors.add_on_blank(field)
+      end
+    end
+  end
+
   def validation_methodology
     self.validation_info ? self.validation_info.validation_methodology : nil
   end
@@ -21,6 +21,12 @@ class Person &lt; Profile
     { :select => 'DISTINCT profiles.*', :joins => :role_assignments, :conditions => [conditions] }
   }
  
+  scope :by_role, lambda { |roles|
+    roles = [roles] unless roles.kind_of?(Array)
+    { :select => 'DISTINCT profiles.*', :joins => :role_assignments, :conditions => ['role_assignments.role_id IN (?)',
+roles] }
+  }
+
   def has_permission_with_plugins?(permission, profile)
     permissions = [has_permission_without_plugins?(permission, profile)]
     permissions += plugins.map do |plugin|
@@ -74,6 +80,10 @@ class Person &lt; Profile
  
   belongs_to :user, :dependent => :delete
  
+  def can_change_homepage?
+    !environment.enabled?('cant_change_homepage') || is_admin?
+  end
+
   def can_control_scrap?(scrap)
     begin
       !self.scraps(scrap).nil?
@@ -161,7 +171,7 @@ class Person &lt; Profile
     FIELDS
   end
  
-  validate :presence_of_required_fields
+  validate :presence_of_required_fields, :unless => :is_template
  
   def presence_of_required_fields
     self.required_fields.each do |field|
@@ -300,7 +310,7 @@ class Person &lt; Profile
   end
  
   def default_template
-    environment.person_template
+    environment.person_default_template
   end
  
   def apply_type_specific_template(template)
@@ -67,7 +67,7 @@ class PersonNotifier
  
   class Mailer < ActionMailer::Base
  
-    add_template_helper(PersonNotifierHelper)
+    add_template_helper(ApplicationHelper)
  
     def session
       {:theme => nil}
@@ -11,7 +11,7 @@ class Product &lt; ActiveRecord::Base
  
   SEARCH_DISPLAYS = %w[map full]
  
-  attr_accessible :name, :product_category, :highlighted, :price, :enterprise, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs
+  attr_accessible :name, :product_category, :highlighted, :price, :enterprise, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs, :qualifiers_list
  
   def self.default_search_display
     'full'
@@ -97,7 +97,7 @@ class Profile &lt; ActiveRecord::Base
   end
  
   def members_by_name
-    members.order(:name)
+    members.order('profiles.name')
   end
  
   class << self
@@ -108,8 +108,8 @@ class Profile &lt; ActiveRecord::Base
     alias_method_chain :count, :distinct
   end
  
-  def members_by_role(role)
-    Person.members_of(self).all(:conditions => ['role_assignments.role_id = ?', role.id])
+  def members_by_role(roles)
+    Person.members_of(self).by_role(roles)
   end
  
   acts_as_having_boxes
@@ -121,7 +121,9 @@ class Profile &lt; ActiveRecord::Base
   end
  
   scope :visible, :conditions => { :visible => true }
+  scope :disabled, :conditions => { :visible => false }
   scope :public, :conditions => { :visible => true, :public_profile => true }
+  scope :enabled, :conditions => { :enabled => true }
  
   # Subclasses must override this method
   scope :more_popular
@@ -346,16 +348,17 @@ class Profile &lt; ActiveRecord::Base
   end
  
   def copy_blocks_from(profile)
+    template_boxes = profile.boxes.select{|box| box.position}
     self.boxes.destroy_all
-    profile.boxes.each do |box|
-      new_box = Box.new
+    self.boxes = template_boxes.size.times.map { Box.new }
+
+    template_boxes.each_with_index do |box, i|
+      new_box = self.boxes[i]
       new_box.position = box.position
-      self.boxes << new_box
       box.blocks.each do |block|
         new_block = block.class.new(:title => block[:title])
-        new_block.settings = block.settings
-        new_block.position = block.position
-        self.boxes[-1].blocks << new_block
+        new_block.copy_from(block)
+        new_box.blocks << new_block
       end
     end
   end
@@ -390,7 +393,7 @@ class Profile &lt; ActiveRecord::Base
   end
  
   xss_terminate :only => [ :name, :nickname, :address, :contact_phone, :description ], :on => 'validation'
-  xss_terminate :only => [ :custom_footer, :custom_header ], :with => 'white_list', :on => 'validation'
+  xss_terminate :only => [ :custom_footer, :custom_header ], :with => 'white_list'
  
   include WhiteListFilter
   filter_iframes :custom_header, :custom_footer
@@ -774,7 +777,7 @@ private :generate_url, :url_options
   end
  
   include Noosfero::Plugin::HotSpot
-  
+
   def folder_types
     types = Article.folder_types
     plugins.dispatch(:content_types).each {|type|
@@ -898,6 +901,13 @@ private :generate_url, :url_options
   end
  
   def disable
+    self.visible = false
+    self.save
+  end
+
+  def enable
+    self.visible = true
+    self.save
   end
  
   def control_panel_settings_button
@@ -285,8 +285,9 @@ class Task &lt; ActiveRecord::Base
   # If
   def send_notification(action)
     if sends_email?
-      if self.requestor
-         TaskMailer.generic_message("task_#{action}", self)
+      if self.requestor && !self.requestor.notification_emails.empty?
+        message = TaskMailer.generic_message("task_#{action}", self)
+        message.deliver if message
       end
     end
   end
@@ -201,6 +201,10 @@ class User &lt; ActiveRecord::Base
     Digest::MD5.hexdigest(password)
   end
  
+  add_encryption_method :salted_md5 do |password, salt|
+    Digest::MD5.hexdigest(password+salt)
+  end
+
   add_encryption_method :clear do |password, salt|
     password
   end
@@ -350,6 +354,7 @@ class User &lt; ActiveRecord::Base
     end
  
     def delay_activation_check
+      return if person.is_template?
       Delayed::Job.enqueue(UserActivationJob.new(self.id), {:priority => 0, :run_at => 72.hours.from_now})
     end
 end
@@ -13,20 +13,22 @@ class RoleAssignmentSweeper &lt; ActiveRecord::Observer
 protected
  
   def expire_caches(role_assignment)
-    expire_cache(role_assignment.accessor)
-    expire_cache(role_assignment.resource) if role_assignment.resource.respond_to?(:cache_keys)
+    expire_cache(role_assignment.accessor) if role_assignment.accessor.kind_of?(Profile)
+    expire_cache(role_assignment.resource) if role_assignment.resource.kind_of?(Profile)
   end
  
   def expire_cache(profile)
     per_page = Noosfero::Constants::PROFILE_PER_PAGE
-    profile.cache_keys(:per_page => per_page).each { |ck|
-      expire_timeout_fragment(ck)
-    }
+
+    profile.cache_keys(:per_page => per_page).each { |ck| expire_timeout_fragment(ck) }
+    expire_timeout_fragment(profile.members_cache_key(:per_page => per_page))
  
     profile.blocks_to_expire_cache.each { |block|
       blocks = profile.blocks.select{|b| b.kind_of?(block)}
       BlockSweeper.expire_blocks(blocks)
     }
+
+    expire_blocks_cache(profile, [:role_assignment])
   end
  
 end
@@ -20,6 +20,7 @@
   <tr><td><%= link_to _('Users'), :controller => 'users' %></td></tr>
   <tr><td><%= link_to _('Profile templates'), :controller => 'templates' %></td></tr>
   <tr><td><%= link_to _('Fields'), :controller => 'features', :action => 'manage_fields' %></td></tr>
+  <tr><td><%= link_to _('Manage organizations status'), :action => 'manage_organizations_status' %></td></tr>
 </table>
  
  
@@ -0,0 +1,69 @@
+<h1><%= _('Manage organizations') %></h1>
+
+<%= form_tag( { :action => 'manage_organizations_status' }, :method => 'get', :class => 'users-search' ) do %>
+
+  <div class="search-field">
+    <span class="formfield">
+      <%= text_field_tag 'q', @q, :title => _("Find profiles"), :style=>"width:85%" %>
+    </span>
+
+    <%= submit_button(:search, _('Search')) %>
+  </div>
+
+  <div class="environment-users-results-header">
+    <div id='environment-users-filter-title'><%= @title %></div>
+
+    <div id="environment-users-filter-filter">
+      <strong><%= _("Filter by: ") %></strong>
+
+      <select id="profile_filter_select">
+        <%= options_for_select([['Any', 'any'],["Disabled profiles", "disabled"], ["Enabled profiles", "enabled"]], @filter) %>
+      </select>
+    </div>
+    <div style="clear: both"></div>
+  </div>
+
+  <table>
+    <colgroup>
+      <col width="80%">
+      <col width="20%">
+    </colgroup>
+
+    <tr>
+      <th><%= _('Member') %></th>
+      <th><%= _('Actions') %></th>
+    </tr>
+
+    <% @collection.each do |p| %>
+      <tr title="<%= p.name %>">
+        <td><%= link_to_profile p.short_name, p.identifier, :title => p.name %> </td>
+
+        <td class='actions'>
+          <div class="members-buttons-cell">
+            <% if p.visible %>
+              <%= button_without_text :'deactivate-user', _('Deactivate'), {:controller => "profile_editor", :action => 'deactivate_profile', :profile => p.identifier, :id => p.id}, :confirm => _("Do you want to deactivate this profile ?") %>
+            <% else %>
+              <%= button_without_text :'activate-user', _('Activate'), {:controller => "profile_editor", :action => 'activate_profile', :profile => p.identifier, :id => p.id}, :confirm => _("Do you want to activate this profile ?") %>
+            <% end %>
+              <%= button_without_text :'delete', _('Remove'), {:controller => "profile_editor", :action => 'destroy_profile', :profile => p.identifier, :id => p.id, :return_to => "/admin/admin_panel/manage_organizations_status"}, :method => :post, :confirm => _("Do you want to deactivate this profile ?") %>
+         </div>
+        </td>
+      </tr>
+    <% end %>
+  </table>
+
+<% end %>
+
+<%= pagination_links @collection, {:param_name => 'npage', :page_links => true} %>
+
+<% button_bar do %>
+  <%= button :back, _('Back'), :controller => 'admin_panel' %>
+<% end %>
+
+<script type="text/javascript">
+  jQuery(document).ready(function(){
+    jQuery("#profile_filter_select").change(function(){
+      document.location.href = '/admin/admin_panel/manage_organizations_status?filter='+this.value;
+    });
+  });
+</script>
 \ No newline at end of file
@@ -5,6 +5,12 @@
  
     <%= labelled_form_field(_('Custom title for this block: '), text_field(:block, :title, :maxlength => 20)) %>
  
+    <% if environment.admins.include?(user) %>
+      <div class="fixed_block">
+        <%= labelled_check_box(_("Fixed"), "block[fixed]", value = "1", checked = @block.fixed) %>
+      </div>
+    <% end %>
+
     <%= render :partial => partial_for_class(@block.class) %>
  
     <div class="display">
 <%= select_profile_folder(_('Parent folder:'), 'article[parent_id]', profile, @article.parent_id) %>
-<%= labelled_form_field(_('License'), select(:article, :license_id, options_for_select_with_title([[_('None'), nil]] + profile.environment.licenses.map {|license| [license.name, license.id]}, @article.license ? @article.license.id : nil))) %>
+<% if profile.environment.has_license? %>
+  <%= labelled_form_field(_('License'), select(:article, :license_id, options_for_select_with_title([[_('None'), nil]] + profile.environment.licenses.map {|license| [license.name, license.id]}, @article.license ? @article.license.id : nil))) %>
+<% end %>
@@ -0,0 +1,6 @@
+<div>
+  <%= labelled_form_field(_('Title'), @article.name) %>
+  <%= labelled_form_field(_('Reference'), link_to(url_for @article.view_url)) %>
+
+  <%= render :partial => 'general_fields' %>
+</div>
@@ -20,5 +20,10 @@
 <h5><%= _('Uploading files to %s') % content_tag('code', @target) %></h5>
  
 <%= form_for('uploaded_file', :url => { :action => 'upload_files' }, :html => {:multipart => true}) do |f| %>
+
+  <%= @plugins.dispatch(:upload_files_extra_fields, params[:parent_id]).collect { |content| instance_exec(&content) }.join("") %>
+
   <%= render :partial => 'upload_file_form', :locals => { :size => '45'} %>
-<% end %>
+
+<% end %> 
+
@@ -2,7 +2,7 @@
   <%= _('Content management') %>
 </h1>
  
-<% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+<% if user.can_change_homepage? && !remove_content_button(:home) %>
   <div class="cms-homepage">
     <%= _('Profile homepage:') %>
     <% if profile.home_page %>
@@ -69,7 +69,7 @@
         <%= expirable_button article, :edit, _('Edit'), {:action => 'edit', :id => article.id} if !remove_content_button(:edit) %>
         <%= button_without_text :eyes, _('Public view'), article.view_url %>
         <%= display_spread_button(profile, article) unless article.folder? || remove_content_button(:spread)%>
-        <% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+        <% if user.can_change_homepage? && !remove_content_button(:home) %>
           <% if profile.home_page != article %>
             <%= expirable_button article, :home, _('Use as homepage'), { :action => 'set_home_page', :id => article.id }, :method => :post %>
           <% else %>
@@ -13,11 +13,16 @@
  
   <%= required_fields_message %>
  
-  <% location_fields = select_city(true) %>
+  <% unless logged_in? %>
+    <%= required f.text_field(:name) %>
+    <%= required f.text_field(:email) %>
+  <% end %>
  
+  <% location_fields = select_city(true) %>
   <% unless environment.enabled?('disable_select_city_for_contact') || location_fields.blank? %>
     <%= labelled_form_field _('City and state'), location_fields %>
   <% end %>
+
   <%= required f.text_field(:subject) %>
  
   <%= render :file => 'shared/tiny_mce' %>
@@ -25,5 +30,9 @@
  
   <%= labelled_form_field check_box(:contact, :receive_a_copy) + _('I want to receive a copy of the message in my e-mail.'), '' %>
  
-  <%= submit_button(:send, _('Send'), :onclick => "$('confirm').value = 'true'") %>
+  <% unless logged_in? %>
+    <%= recaptcha_tags :ajax => true, :display => {:theme => 'clean'} %>
+  <% end %>
+
+  <%= submit_button(:send, _('Send'), :onclick => "jQuery('#confirm').val('true')") %>
 <% end %>
@@ -70,37 +70,36 @@
  
 <%= @plugins.dispatch(:article_extra_contents, @page).collect { |content| instance_exec(&content) }.join("") %>
  
-<div class="comments" id="comments_list">
-
-  <% if @page.accept_comments? || @comments_count > 0 %>
+<% if @page.accept_comments? || @comments_count > 0 %>
+  <div class="comments" id="comments_list">
     <h3 <%= 'class="no-comments-yet"' if @comments_count == 0 %>>
       <%= display_number_of_comments(@comments_count) %>
     </h3>
-  <% end %>
  
-  <% if @comments.present? && @comments.count > 1 %>
-    <%= link_to(_('Post a comment'), '#', :class => 'display-comment-form', :id => 'top-post-comment-button', :onclick => "jQuery('#page-comment-form .display-comment-form').first().click();") if @page.accept_comments? %>
+    <% if @comments.present? && @comments.count > 1 %>
+      <%= link_to(_('Post a comment'), '#', :class => 'display-comment-form', :id => 'top-post-comment-button', :onclick => "jQuery('#page-comment-form .display-comment-form').first().click();") if @page.accept_comments? %>
+
+      <%= hidden_field_tag("page_url", url_for(:controller=>'content_viewer', :action=>'view_page', :profile=>profile.identifier, :page => @page.explode_path)) %>
+      <%= javascript_include_tag "comment_order.js" %>
+      <div class="comment-order">
+        <%= form_tag({:controller=>'content_viewer' , :action=>'view_page'}, {:method=>'get', :id=>"form_order"}) do %>
+          <%= select_tag 'comment_order', options_for_select({_('Oldest first')=>'oldest', _('Newest first')=>'newest'}, @comment_order) %>
+        <% end %>
+      </div>
+    <% end %>
  
-    <%= hidden_field_tag("page_url", url_for(:controller=>'content_viewer', :action=>'view_page', :profile=>profile.identifier, :page => @page.explode_path)) %>
-    <%= javascript_include_tag "comment_order.js" %>
-    <div class="comment-order">
-      <%= form_tag({:controller=>'content_viewer' , :action=>'view_page'}, {:method=>'get', :id=>"form_order"}) do %>
-        <%= select_tag 'comment_order', options_for_select({_('Oldest first')=>'oldest', _('Newest first')=>'newest'}, @comment_order) %>
+    <ul class="article-comments-list">
+      <% if @comments.present? %>
+        <%= render :partial => 'comment/comment', :collection => @comments %>
+        <%= pagination_links @comments, :param_name => 'comment_page' %>
       <% end %>
-    </div>
-  <% end %>
+    </ul>
  
-  <ul class="article-comments-list">
-    <% if @comments.present? %>
-      <%= render :partial => 'comment/comment', :collection => @comments %>
-      <%= pagination_links @comments, :param_name => 'comment_page' %>
+    <% if @page.accept_comments? %>
+      <div id='page-comment-form' class='page-comment-form'><%= render :partial => 'comment/comment_form', :locals =>{:url => {:controller => :comment, :action => :create}, :display_link => true, :cancel_triggers_hide => true}%></div>
     <% end %>
-  </ul>
-
-  <% if @page.accept_comments? %>
-    <div id='page-comment-form' class='page-comment-form'><%= render :partial => 'comment/comment_form', :locals =>{:url => {:controller => :comment, :action => :create}, :display_link => true, :cancel_triggers_hide => true}%></div>
-  <% end %>
-</div><!-- end class="comments" -->
+  </div><!-- end class="comments" -->
+<% end %>
  
 </div><!-- end id="article" -->
 <%= add_zoom_to_article_images %>
@@ -20,7 +20,7 @@
  
   <%= labelled_form_for :create_enterprise do |f| %>
     <%= required f.text_field 'name', :onchange => "updateUrlField(this, 'create_enterprise_identifier')", :size => 40 %>
-    <%= required labelled_form_field(_('Address'), content_tag('code', environment.top_url + "/" + text_field(:create_enterprise, 'identifier', :size => 26))) %>
+    <%= required labelled_form_field(_('Address'), content_tag('code', top_url + "/" + text_field(:create_enterprise, 'identifier', :size => 26))) %>
     <%= render :partial => 'shared/organization_custom_fields', :locals => { :f => f, :object_name => :create_enterprise, :profile => @create_enterprise } %>
     <%= required labelled_form_field(_('Region'), f.select('region_id', @regions)) if @validation == :region %>
  
@@ -13,8 +13,8 @@
                 date.day,
                 :url => {:action => 'events_by_day', :year => date.year, :month => date.month, :day => date.day, :category_id => @category_id},
                 :update => 'events-of-the-day',
-                :loading => '$("events-of-the-day").addClassName("loading")',
-                :complete => '$("events-of-the-day").removeClassName("loading")'
+                :loading => "$('events-of-the-day').addClassName('loading')",
+                :complete => "$('events-of-the-day').removeClassName('loading')"
               ) :
               date.day
             %>
@@ -3,7 +3,7 @@
 <div id='agenda-toolbar'>
   <%= button :back, _('Back to %s') % profile.name, profile.url %>
   <% if user && user.has_permission?('post_content', profile) %>
-    <%= button :new, _('New event'), myprofile_url(:controller => 'cms', :action => 'new', :type => 'Event') %>
+    <%= button :new, _('New event'), myprofile_path(:controller => 'cms', :action => 'new', :type => 'Event') %>
   <% end %>
 </div>
  
 <span class="download-link">
   <span>Download</span>
-  <strong><%= link_to generic.filename, generic.public_filename %></strong>
+  <strong><%= link_to generic.filename, [Noosfero.root, generic.public_filename].join %></strong>
 </span>
  
 <div class="uploaded-file-description <%= 'empty' if generic.abstract.blank? %>">
@@ -28,7 +28,7 @@
  
 <%# image_tag(article.public_filename(:display), :class => article.css_class_name, :style => 'max-width: 100%') %>
  
-<img src="<%=image.public_filename(:display)%>" class="<%=image.css_class_name%>">
+<img src="<%= [Noosfero.root, image.public_filename(:display)].join %>" class="<%=image.css_class_name%>">
  
 <div class="uploaded-file-description <%= 'empty' if image.abstract.blank? %>">
   <%= image.abstract %>
@@ -61,9 +61,6 @@
         <%= submit_button(:search, _('Search')) %>
       </div>
  
-      <div>
-        <%= lightbox_link_to _('More options'), :controller => 'search', :action => 'popup' %>
-      </div>
     <% end %>
   </div>
 <% end %>
@@ -0,0 +1,4 @@
+<div id="content-inner">
+  <%= insert_boxes(yield) %>
+  <br style='clear: both'/>
+</div><!-- end id="content-inner" -->
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<%= html_language %>" lang="<%= html_language %>">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<%= html_language %>" lang="<%= html_language %>" class="<%= h html_tag_classes %>">
   <head>
     <title><%= h page_title %></title>
     <%= yield(:feeds) %>
@@ -12,20 +12,8 @@
     <meta name="twitter:title" content="<%= h page_title %>">
     <meta name="twitter:description" content="<%= meta_description_tag(@page) %>">
  
-    <!-- Open Graph -->
-    <meta property="og:type" content="<%= @page ? 'article' : 'website' %>">
-    <meta property="og:url" content="<%= @page ? url_for(@page.url) : @environment.top_url %>">
-    <meta property="og:title" content="<%= h page_title %>">
-    <meta property="og:site_name" content="<%= profile ? profile.name : @environment.name %>">
-    <meta property="og:description" content="<%= @page ? truncate(strip_tags(@page.body.to_s), :length => 200) : @environment.name %>">
-
-    <% if @page %>
-      <meta property="article:published_time" content="<%= show_date(@page.published_at) %>">
-      <% @page.body_images_paths.each do |img| %>
-        <meta name="twitter:image" content="<%= img.to_s %>">
-        <meta property="og:image" content="<%= img.to_s %>">
-      <% end %>
-    <% end %>
+    <!-- site root -->
+    <meta property="noosfero:root" content="<%= Noosfero.root %>"/>
  
     <link rel="shortcut icon" href="<%= image_path(theme_favicon) %>" type="image/x-icon" />
     <%= noosfero_javascript %>
@@ -69,10 +57,7 @@
           <div id="navigation-end"></div>
         </div><!-- end id="navigation" -->
         <div id="content">
-          <div id="content-inner">
-            <%= insert_boxes(yield) %>
-            <br style='clear: both'/>
-          </div><!-- end id="content-inner" -->
+          <%= render 'layouts/content' %>
         </div><!-- end id="content" -->
       </div><!-- end id="wrap-2" -->
     </div><!-- end id="wrap-1" -->
@@ -81,7 +66,6 @@
       <%= theme_footer %>
     </div><!-- end id="theme-footer" -->
     <%= noosfero_layout_features %>
-    <%= theme_javascript_ng %>
     <%= addthis_javascript %>
     <%=
       @plugins.dispatch(:body_ending).map do |content|
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<%= html_language %>" lang="<%= html_language %>">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<%= html_language %>" lang="<%= html_language %>" class="<%= h html_tag_classes %>">
   <head>
     <title><%= h page_title %></title>
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
@@ -68,7 +68,7 @@
  
         <div id="navigation_bar">
           <%= link_to "<span>"+ @environment.name() +"</span>",
-                      @environment.top_url,
+                        top_url,
                         :id=>"menu_link_to_envhome",
                         :title=>@environment.name  %>
           <% unless environment.enabled?(:disable_categories) %>
 <%= render :file => 'shared/tiny_mce', :locals => {:mode => 'simple'} %>
 <%= remote_form_for(@product,
                    :loading => "small_loading('product-description-form')",
-                   :before => ("tinyMCE.triggerSave()" unless Rails.env == 'test'),
                    :update => 'product-description',
                    :url => {:controller => 'manage_products', :action => 'edit', :id => @product, :field => 'description'},
                    :html => {:id => 'product-description-form', :method => 'post'}) do |f| %>
@@ -47,7 +47,7 @@
     <%= button_to_function(
       :add,
       _('Add new qualifier'),
-      "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(select_qualifiers(@product))}', '#{escape_javascript(remove_qualifier_button)}')"
+      "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(CGI::escape_html(select_qualifiers(@product)))}', '#{escape_javascript(CGI::escape_html(remove_qualifier_button))}')"
     ) %>
     <%= hidden_field_tag "product[qualifiers_list][nil]" %>
   <% end %>
@@ -10,8 +10,8 @@
                                  :rows => 1,
                                  :class => 'submit-with-keypress',
                                  :title => _('Leave your comment'),
-                                 :onfocus => ('if(this.value==this.title){this.value="";this.style.color="#000"};this.style.backgroundImage="url(' + profile_icon(current_person, :icon, false) + ')"' if logged_in?),
-                                 :onblur => ('if(this.value==""){this.value=this.title;this.style.color="#ccc"};this.style.backgroundImage="none"' if logged_in?),
+                                 :onfocus => ("if(this.value==this.title){this.value='';this.style.color='#000'};this.style.backgroundImage='url(" + profile_icon(current_person, :icon, false) + ")'" if logged_in?),
+                                 :onblur => ("if(this.value==''){this.value=this.title;this.style.color='#ccc'};this.style.backgroundImage='none'" if logged_in?),
                                  :value => _('Leave your comment'),
                                  :style => 'color: #ccc' %>
         <%= hidden_field_tag :source_id, activity.id, :id => "activity_id_#{activity.id}" %>
@@ -9,8 +9,8 @@
                                  :rows => 1,
                                  :class => 'submit-with-keypress',
                                  :title => _('Leave your comment'),
-                                 :onfocus => ('if(this.value==this.title){this.value="";this.style.color="#000"};this.style.backgroundImage="url(' + profile_icon(current_person, :icon, false) + ')"' if logged_in?),
-                                 :onblur => ('if(this.value==""){this.value=this.title;this.style.color="#ccc"};this.style.backgroundImage="none"' if logged_in?),
+                                 :onfocus => ("if(this.value==this.title){this.value='';this.style.color='#000'};this.style.backgroundImage='url(" + profile_icon(current_person, :icon, false) + ")'" if logged_in?),
+                                 :onblur => ("if(this.value==''){this.value=this.title;this.style.color='#ccc'};this.style.backgroundImage='none'" if logged_in?),
                                  :value => _('Leave your comment') %>
         <%= hidden_field_tag 'scrap[scrap_id]', scrap.id %>
         <%= hidden_field_tag 'receiver_id', scrap.sender.id %>
@@ -27,6 +27,10 @@
 <%= optional_field(@person, 'district', labelled_form_field(_('District'), text_field(:profile_data, :district, :rel => _('District')))) %>
 <%= optional_field(@person, 'image', labelled_form_field(_('Image'), file_field(:file, :image, :rel => _('Image')))) %>
  
+<% @plugins.dispatch(:extra_optional_fields).each do |field| %>
+  <%= optional_field(@person, field[:name], labelled_form_field(field[:label], text_field(field[:object_name], field[:method], :rel => field[:label], :value => field[:value]))) %>
+<% end %>
+
 <% optional_field(@person, 'schooling') do %>
   <div class="formfieldline">
     <label class='formlabel' for='profile_data_schooling'><%= _('Schooling') %></label>
 <h1><%= _('Profile settings for %s') % profile.name %></h1>
  
+<%= javascript_include_tag 'deactivate_profile' %>
 <%= error_messages_for :profile_data %>
  
 <%= labelled_form_for :profile_data, :html => { :id => 'profile-data', :multipart => true } do |f| %>
@@ -67,6 +68,15 @@
   <% if user && user.has_permission?('destroy_profile', profile) %>
     <% button_bar(:id => 'delete-profile') do %>
       <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %>
+
+      <% if environment.admins.include?(current_person) %>
+
+        <% if profile.visible? %>
+          <%= button(:remove, _('Deactivate profile'), {:action => :deactivate_profile, :id=>profile.id}, :id=>'deactivate_profile_button', :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %>
+        <% else %>
+          <%= button(:add, _('Activate profile'), {:action => :activate_profile, :id=>profile.id}, :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %>
+        <% end %>
+      <% end %>
     <% end %>
   <% end %>
 -<% end %>
+<% end %>
 \ No newline at end of file
@@ -6,10 +6,14 @@
  
   <%= required f.text_field(:name) %>
  
-  <p><%= _('Permissions:') %><p>
-  <% permissions.keys.each do |p| %>
-    <%= check_box_tag("role[permissions][]", p, role.has_permission?(p), { :id => p }) %>
-    <%= content_tag(:label, permission_name(p), { :for => p }) %><br/>
+  <% permissions.each do |key| %>
+  <div class="permissions <%= key.downcase %>">
+    <h4><%= _('%s Permissions:' % key) %></h4>
+    <% ActiveRecord::Base::PERMISSIONS[key].keys.each do |p| %>
+      <%= check_box_tag("role[permissions][]", p, role.has_permission?(p), { :id => p }) %>
+      <%= content_tag(:label, permission_name(p), { :for => p }) %><br/>
+    <% end %>
+  </div>
   <% end %>
  
   <% button_bar do %>
 <h2> <%= _("Editing #{@role.name}") %> </h2>
  
-<%= render :partial => 'form', :locals => { :mode => :edit, :role => @role, :permissions => ActiveRecord::Base::PERMISSIONS[@role.kind] } %>
+<%= render :partial => 'form', :locals => { :mode => :edit, :role => @role, :permissions => role_available_permissions(@role) } %>
 <h2> <%= _("Create a new role") %> </h2>
  
-<%= render :partial => 'form', :locals => { :mode => :create, :role => @role, :permissions => ActiveRecord::Base::PERMISSIONS[@role.kind] } %>
+<%= render :partial => 'form', :locals => { :mode => :create, :role => @role, :permissions => role_available_permissions(@role) } %>
@@ -14,7 +14,7 @@
  
         <% display = display_filter(name, params[:display]) %>
  
-        <div class="search-results-innerbox search-results-type-<%= name.to_s.singularize %> <%= 'common-profile-list-block' if [:enterprises, :people, :communities].include?(name) %>">
+        <div class="search-results-innerbox search-results-type-<%= name.to_s.singularize %> <%= 'common-profile-list-block' if SearchHelper::COMMON_PROFILE_LIST_BLOCK.include?(name) %>">
           <ul>
             <% search[:results].each do |hit| %>
               <% partial = partial_for_class(hit.class, display) %>
@@ -1,5 +0,0 @@
-<% if profile.members.include?(user) %>
-  <li>
-  <%= button_to_function(:chat, _('Enter chat room'), "open_chat_window(this, '##{profile.full_jid}')") %>
-  </li>
-<% end %>
@@ -1,10 +0,0 @@
-<ul>
-  <li><%= (content_tag('strong', _('Title') + ': ') + article.title)  if article.title %> </li>
-  <li><%= (content_tag('strong', _('Type') + ': ') + article.class.short_description) %> </li>
-  <li>
-  <%= (content_tag('strong', _('Original content') + ': ') + link_to(article.name, article.url)) %> <br />
-    <%= content_tag('small', _('This link might be unavailable if the content is removed')) %>
-  </li>
-</ul>
-
-<%= article_to_html(article) %>
@@ -1,10 +0,0 @@
-<ul>
-  <li><%= (content_tag('strong', _('Title') + ': ') + comment.title)  if comment.title %> </li>
-  <li><%= content_tag('strong', _('Type') + ': ') + _('Comment') %> </li>
-  <li>
-    <%= (content_tag('strong', _('Original content') + ': ') + link_to(comment.title || url_for(comment.url), comment.url)) %> <br />
-    <%= content_tag('small', _('This link might be unavailable if the content is removed')) %>
-  </li>
-</ul>
-
-<p><%= article_to_html(comment) %></p>
@@ -1 +0,0 @@
-<%= _('Reported folder') + ': ' + link_to(article.name, article.url) %>
@@ -0,0 +1,10 @@
+<ul>
+  <li><%= (content_tag('strong', _('Title') + ': ') + article.title)  if article.title %> </li>
+  <li><%= (content_tag('strong', _('Type') + ': ') + article.class.short_description) %> </li>
+  <li>
+  <%= (content_tag('strong', _('Original content') + ': ') + link_to(article.name, article.url)) %> <br />
+    <%= content_tag('small', _('This link might be unavailable if the content is removed')) %>
+  </li>
+</ul>
+
+<%= article_to_html(article) %>
@@ -0,0 +1,10 @@
+<ul>
+  <li><%= (content_tag('strong', _('Title') + ': ') + comment.title)  if comment.title %> </li>
+  <li><%= content_tag('strong', _('Type') + ': ') + _('Comment') %> </li>
+  <li>
+    <%= (content_tag('strong', _('Original content') + ': ') + link_to(comment.title || url_for(comment.url), comment.url)) %> <br />
+    <%= content_tag('small', _('This link might be unavailable if the content is removed')) %>
+  </li>
+</ul>
+
+<p><%= article_to_html(comment) %></p>
@@ -0,0 +1 @@
+<%= _('Reported folder') + ': ' + link_to(article.name, article.url) %>
-<% extend MacrosHelper %>
-<%= javascript_include_tag 'tinymce/jscripts/tiny_mce/tiny_mce.js' %>
-<%= include_macro_js_files %>
-<script type="text/javascript">
-  var myplugins = "searchreplace,print,table,contextmenu,-macrosPlugin";
-  var first_line, second_line;
-  var mode = '<%= mode ||= false %>'
-  <% if mode %>
-    first_line = "fontsizeselect,bold,italic,underline,bullist,numlist,justifyleft,justifycenter,justifyright,link,unlink"
-    second_line = ""
-  <% else %>
-    first_line = "print,separator,copy,paste,separator,undo,redo,separator,search,replace,separator,forecolor,fontsizeselect,formatselect"
-    second_line = "bold,italic,underline,strikethrough,separator,bullist,numlist,separator,justifyleft,justifycenter,justifyright,justifyfull,separator,link,unlink,image,table,separator,cleanup,code,macros"
-    <% macros_with_buttons.each do |macro| %>
-      second_line += ',<%=macro.identifier %>'
-    <% end %>
-  <% end %>
-
-  if (tinymce.isIE) {
-    // the paste plugin is only useful in Internet Explorer
-    myplugins = "paste," + myplugins;
-  }
+<%
+extend TinymceHelper
+mode ||= false
+%>
  
+<%= tinymce_js %>
+<script type="text/javascript">
 tinymce.create('tinymce.plugins.MacrosPlugin', {
   createControl: function(n, cm) {
     switch (n) {
@@ -49,56 +33,21 @@ tinymce.create(&#39;tinymce.plugins.MacrosPlugin&#39;, {
   }
 });
  
+function tinymce_macros_setup(editor) {
+  <% macros_with_buttons.each do |macro| %>
+    editor.addButton('<%= macro.identifier %>', {
+      title: <%= macro_title(macro).to_json %>,
+      onclick: <%= generate_macro_config_dialog(macro) %>,
+      image : '<%= macro.configuration[:icon_path]%>'
+    });
+  <% end %>
+}
+
 // Register plugin with a short name
 tinymce.PluginManager.add('macrosPlugin', tinymce.plugins.MacrosPlugin);
  
-tinyMCE.init({
-  mode : "textareas",
-  editor_selector : "mceEditor",
-  theme : "advanced",
-  relative_urls : false,
-  remove_script_host : false,
-  document_base_url : <%= environment.top_url.to_json %>,
-  plugins: myplugins,
-  theme_advanced_toolbar_location : "top",
-  theme_advanced_layout_manager: 'SimpleLayout',
-  theme_advanced_buttons1 : first_line,
-  theme_advanced_buttons2 : second_line,
-  theme_advanced_buttons3 : "",
-  theme_advanced_blockformats :"p,address,pre,h2,h3,h4,h5,h6",
-  paste_auto_cleanup_on_paste : true,
-  paste_insert_word_content_callback : "convertWord",
-  paste_use_dialog: false,
-  apply_source_formatting : true,
-  extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling],embed[title|src|type|height|width],audio[controls|autoplay],video[controls|autoplay],source[src|type]",
-  content_css: '/stylesheets/tinymce.css,<%= macro_css_files %>',
-  language: <%= tinymce_language.inspect %>,
-  entity_encoding: 'raw',
-  setup : function(ed) {
-    <% macros_with_buttons.each do |macro| %>
-           ed.addButton('<%= macro.identifier %>', {
-               title: <%= macro_title(macro).to_json %>,
-               onclick: <%= generate_macro_config_dialog(macro) %>,
-               image : '<%= macro.configuration[:icon_path]%>'
-             });
-    <% end %>
-  }
+jQuery(document).ready(function () {
+  <%= tinymce_init_js :mode => mode %>
 });
-
-function convertWord(type, content) {
-  switch (type) {
-    // Gets executed before the built in logic performes it's cleanups
-    case "before":
-      //content = content.toLowerCase(); // Some dummy logic
-      break;
-
-    // Gets executed after the built in logic performes it's cleanups
-    case "after":
-      content = content.replace(/<!--\s*-->/, '');
-      break;
-  }
-
-  return content;
-}
-
 </script>
+
@@ -0,0 +1,9 @@
+<%= _('Dear %s,') % @requestor %>
+
+<%= word_wrap(@message) %>
+
+<%= _('Greetings,') %>
+
+--
+<%= _('%s team.') % @environment %>
+<%= @url %>
@@ -1 +0,0 @@
-task_cancelled.text.erb
 \ No newline at end of file
@@ -1,9 +0,0 @@
-<%= _('Dear %s,') % @requestor %>
-
-<%= word_wrap(@message) %>
-
-<%= _('Greetings,') %>
-
---
-<%= _('%s team.') % @environment %>
-<%= @url %>
@@ -1 +0,0 @@
-task_cancelled.text.erb
 \ No newline at end of file
@@ -1 +0,0 @@
-task_cancelled.text.erb
 \ No newline at end of file
 <%= render :file => 'shared/tiny_mce' %>
  
+<%= labelled_form_field(_('Create a link'), f.check_box(:create_link)) %>
+
 <%= labelled_form_field(_('Name for publishing'), f.text_field(:name)) %>
 <%= select_profile_folder(_('Select the folder where the article must be published'), "tasks[#{task.id}][task][article_parent_id]", task.target) %>
 <%= labelled_form_field(_('Highlight this article'), f.check_box(:highlighted)) %>
@@ -2,10 +2,11 @@
  
 <%= _('Manage the templates used on creation of profiles') %>
  
-<% list_of_templates = [[_('Person')    , environment.people.templates     , 'person'    ],
+<% list_of_templates = [[_('Person')    , environment.person_templates     , 'person'    ],
                         [_('Community') , environment.communities.templates, 'community' ],
                         [_('Enterprise'), environment.enterprises.templates, 'enterprise']] %>
  
+
 <% list_of_templates.each do |title, templates, kind|%>
   <div class='template-kind'>
     <h2><%= title %></h2>
@@ -15,6 +16,11 @@
         <li>
           <%= image_tag "icons-app/#{kind}-icon.png" %>
           <%= link_to(template.name, {:controller => 'profile_editor', :profile => template.identifier}, :title => _('Edit template "%s"') % template.name ) %>
+          <% if environment.is_default_template?(template) %>
+            <%= _('is the default template') %>
+          <% else %>
+            <%= link_to(_('Set as default'), {:action => "set_#{kind}_as_default", :template_id => template.id}, :title => _('Set %s template as default') % template.name ) %>
+          <% end %>
         </li>
       <% end %>
     </ul>
@@ -111,9 +111,10 @@ module Noosfero
     # Make sure the secret is at least 30 characters and all random,
     # no regular words or you'll be exposed to dictionary attacks.
     config.secret_token = noosfero_session_secret
-    config.action_dispatch.session = {
-      :key    => '_noosfero_session',
-    }
+    config.session_store :cookie_store, :key => '_noosfero_session'
+
+    config.paths['db/migrate'] += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/db/migrate"
+    config.i18n.load_path += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/locales/*.{rb,yml}"
  
     Noosfero::Plugin.setup(config)
  
 # necessary for I18n.default_locale to work
 require 'i18n/backend/fallbacks'
 I18n.backend.class.send :include, I18n::Backend::Fallbacks
-
+I18n.enforce_available_locales = false
@@ -0,0 +1,13 @@
+if Rails.env == 'development'
+  ActionController::Base.send(:prepend_before_filter) do |controller|
+    # XXX note that this is not thread-safe! Accessing a Noosfero instance in
+    # development mode under different ports concurrently _will_ lead to weird
+    # things happening.
+    if [80,443].include?(controller.request.port)
+      url_options = {}
+    else
+      url_options = { :port => controller.request.port }
+    end
+    Noosfero.instance_variable_set('@development_url_options', url_options)
+  end
+end
@@ -3,7 +3,7 @@ if defined? PhusionPassenger
   # from http://russbrooks.com/2010/10/20/rails-cache-memcache-on-passenger-with-smart-spawning
   PhusionPassenger.on_event :starting_worker_process do |forked|
     if forked
-      Rails.cache.instance_variable_get(:@data).reset if Rails.cache.class == ActiveSupport::Cache::MemCacheStore
+      Rails.cache.instance_variable_get(:@data).reset if Rails.cache.class.name == 'ActiveSupport::Cache::MemCacheStore'
     end
   end
 end
...	...	@@ -40,6 +40,7 @@ Alessandro Palmeira + João M. M. Silva <alessandro.palmeira@gmail.com>
40	40	Alessandro Palmeira + Paulo Meirelles <alessandro.palmeira@gmail.com>
41	41	Alessandro Palmeira + Paulo Meirelles + João M. M. da Silva <alessandro.palmeira@gmail.com>
42	42	Alessandro Palmeira + Rafael Manzo <alessandro.palmeira@gmail.com>
	43	+analosnak <analosnak@gmail.com>
43	44	Ana Losnak <analosnak@gmail.com>
44	45	Andre Bernardes <andrebsguedes@gmail.com>
45	46	Antonio Terceiro + Carlos Morais <terceiro@colivre.coop.br>
...	...	@@ -81,7 +82,6 @@ Carlos Morais + Diego Araújo <diegoamc90@gmail.com>
81	82	Carlos Morais + Eduardo Morais <carlos88morais@gmail.com>
82	83	Carlos Morais + Paulo Meirelles <carlos88morais@gmail.com>
83	84	Carlos Morais + Pedro Leal <carlos88morais@gmail.com>
84		-Daniela Feitosa <dani@dohko.(none)>
85	85	Daniel Alves + Diego Araújo <danpaulalves@gmail.com>
86	86	Daniel Alves + Diego Araújo <diegoamc90@gmail.com>
87	87	Daniel Alves + Diego Araújo + Guilherme Rojas <danpaulalves@gmail.com>
...	...	@@ -119,7 +119,6 @@ Diego Araújo + Renan Teruo <diegoamc90@gmail.com>
119	119	Diego Araujo + Rodrigo Souto + Rafael Manzo <rr.manzo@gmail.com>
120	120	Diego + Jefferson <diegoamc90@gmail.com>
121	121	Diego Martinez <diegoamc90@gmail.com>
122		-Diego Martinez <diego@diego-K55A.(none)>
123	122	Diego + Renan <renanteruoc@gmail.com>
124	123	Eduardo Tourinho Edington <eduardo.edington@serpro.gov.br>
125	124	Evandro Jr <evandrojr@gmail.com>
...	...	@@ -195,9 +194,11 @@ Luis David Aguilar Carlos <ludwig9003@gmail.com>
195	194	Luiz Fernando de Freitas Matos <luiz@luizff.matos@gmail.com>
196	195	Marcos Ramos <ms.ramos@outlook.com>
197	196	Martín Olivera <molivera@solar.org.ar>
	197	+Michal Čihař <michal@cihar.com>
198	198	Moises Machado <moises@colivre.coop.br>
199	199	Naíla Alves <naila@colivre.coop.br>
200	200	Nanda Lopes <nanda.listas+psl@gmail.com>
	201	+Parley Martins <parleypachecomartins@gmail.com>
201	202	Paulo Meirelles + Alessandro Palmeira + João M. M. da Silva <paulo@softwarelivre.org>
202	203	Paulo Meirelles + Alessandro Palmeira <paulo@softwarelivre.org>
203	204	Paulo Meirelles + Carlos Morais <paulo@softwarelivre.org>
...	...	@@ -220,6 +221,7 @@ Rafael Reggiani Manzo + João M. M. da Silva <rr.manzo@gmail.com>
220	221	Rafael Reggiani Manzo <rr.manzo@gmail.com>
221	222	Raphaël Rousseau <raph@r4f.org>
222	223	Raquel Lira <raquel.lira@gmail.com>
	224	+Raquel <rcordioli@gmail.com>
223	225	Renan Teruo + Caio Salgado <renanteruoc@gmail.com>
224	226	Renan Teruoc + Diego Araujo <renanteruoc@gmail.com>
225	227	Renan Teruo + Diego Araujo <renanteruoc@gmail.com>
...	...	@@ -227,13 +229,13 @@ Renan Teruo + Diego Araújo <renanteruoc@gmail.com>
227	229	Renan Teruo + Paulo Meirelles <renanteruoc@gmail.com>
228	230	Renan Teruo + Rafael Manzo <renanteruoc@gmail.com>
229	231	Rodrigo Souto + Ana Losnak + Daniel Bucher + Caio Almeida + Leandro Nunes + Daniela Feitosa + Mariel Zasso <noosfero-br@listas.softwarelivre.org>
230		-Rodrigo Souto <diguliu@gmail.com>
231	232	Rodrigo Souto <rodrigo@colivre.coop.br>
232	233	Ronny Kursawe <kursawe.ronny@googlemail.com>
233	234	root <root@debian.sdr.serpro>
234	235	Samuel R. C. Vale <srcvale@holoscopio.com>
235	236	Tallys Martins <tallysmartins@gmail.com>
236	237	tallys <tallys@tallys.(none)>
	238	+Thiago Zoroastro <thiago.zoroastro@bol.com.br>
237	239	Valessio Brito <contato@valessiobrito.com.br>
238	240	Valessio Brito <contato@valessiobrito.info>
239	241	Valessio Brito <valessio@gmail.com>
...	...
...	...	@@ -0,0 +1,124 @@
	1	+# Noosfero Development Policy
	2	+
	3	+## Developer Roles
	4	+
	5	+* Developers are everyone that is contributing code to Noosfero.
	6	+* Committers are the people with direct commit access to the Noosfero source
	7	+ code. They are responsible for reviewing contributions from other developers
	8	+ and integrating them in the Noosfero code base. They are the members of the
	9	+ [Noosfero group on Gitlab](https://gitlab.com/groups/noosfero/members).
	10	+* Release managers are the people that are managing the release of a new
	11	+ Noosfero version and/or the maintainance work of an existing Noosfero stable
	12	+ branch. See MAINTAINANCE.md for details on the maintaince policy.
	13	+
	14	+## Development process
	15	+
	16	+* Every new feature or non-trivial bugfix should be reviewed by at least one
	17	+ committer. This must be the case even if the original author is a committer.
	18	+
	19	+ * In the case the original author is a committer, he/she should feel free to
	20	+ commit directly if after 1 week nobody has provided any kind of feedback.
	21	+
	22	+ * Developers who are not committers should feel free to ping committers if
	23	+ they do not get feedback on their contributions after 1 week.
	24	+
	25	+ * On GitLab, one can just add a comment to the merge request; one can also
	26	+ @-mention specific committers or other developers who have expertise on
	27	+ the area of the contribution.
	28	+
	29	+ * Committers should follow the activity of the project, and try to help
	30	+ reviewing contributions from others as much as possible.
	31	+
	32	+ * On GitLab one can get emails for all activity on a project by setting the
	33	+ [notification settings](https://gitlab.com/profile/notifications) to
	34	+ "watch".
	35	+
	36	+ * Anyone can help by reviewing contributions. Committers are the only ones
	37	+ who can give the final approval to a contribution, but everyone is welcome
	38	+ to help with code review, testing, etc.
	39	+
	40	+ * See note above about setting up notification on GitLab.
	41	+
	42	+* Committers should feel free to push trivial (or urgent) changes directly.
	43	+ There are no strict rule on what makes a change trivial or urgent; committers
	44	+ are expected to exercise good judgement on a case by case basis.
	45	+
	46	+ * Usually changes to the database are not trivial.
	47	+
	48	+* In the case of unsolvable conflict between commiters regarding any change to
	49	+ the code, the current release manager(s) will have the final say in the
	50	+ matter.
	51	+
	52	+* Release managers are responsible for stablishing a release schedule, and
	53	+ about deciding when and what to release.
	54	+
	55	+ * Release managers should announce release schedules to the project mailing
	56	+ lists in advance.
	57	+
	58	+ * The release schedule may include a period of feature freeze, during which
	59	+ no new features or any other changes that are not pre-approved by the
	60	+ release manager must be committed to the repository.
	61	+
	62	+ * Committers must respect the release schedule and feature freezes.
	63	+
	64	+## Maintainance process
	65	+
	66	+### Not all feature releases will be maintained as a stable release
	67	+
	68	+We will be choosing specific release series to be maintained as stable
	69	+releases.
	70	+
	71	+This means that a given release is not guaranteed to be maintained as a stable
	72	+release, but does not mean it won't be. Any committer (or anyone, really) can
	73	+decide to maintain a given release as stable and seek help from others to do
	74	+so.
	75	+
	76	+### No merges from stable branches to master
	77	+
	78	+All changes must be submitted against the master branch first, and when
	79	+applicable, backported to the desired stable releases. Exceptions to this rules
	80	+are bug fixes that only apply to a given stable branch and not to master.
	81	+
	82	+In the past we had non-trivial changes accepted into stable releases while
	83	+master was way ahead (e.g. during the rails3 migration period), that made the
	84	+merge back into master very painful. By eliminating the need to do these
	85	+merges, we save time for the people responsible for the release, and eliminate
	86	+the possibility of human errors or oversights causing changes to be accepted
	87	+into stable that will be a problem to merge back into master.
	88	+
	89	+By getting all fixes in master first, we improve the chances that a future
	90	+release will not present regressions against bugs that should already be fixed,
	91	+but the fixes got lost in a big, complicated merge (and those won't exist
	92	+anymore, at least not from stable branches to master).
	93	+
	94	+After a fix gets into master, backporting changes into a stable release branch
	95	+is the responsibility of whoever is maintaing that branch, and those interested
	96	+in it. The stable branch release manager(s) are entitled the final say on any
	97	+matters related to that branch.
	98	+
	99	+## Apendix A: how to become a committer
	100	+
	101	+Every developer that wants to be a committer should create [an issue on
	102	+Gitlab](https://gitlab.com/noosfero/noosfero/issues) requesting to be added as
	103	+a committer. This request must include information about the requestor's
	104	+previous contributions to the project.
	105	+
	106	+If 2 or more commiters consider second the request, the requestor is accepted
	107	+as new commiter and added to the Noosfero group.
	108	+
	109	+The existing committers are free to choose whatever criteria they want to
	110	+second the request, but they must be sure that the new committer is a
	111	+responsible developer and knows what she/he is doing. They must be aware that
	112	+seconding these requests means seconding the actions of the new committer: if
	113	+the new committer screw up, her/his seconds screwed up.
	114	+
	115	+## Apendix B: how to become a release manager
	116	+
	117	+A new release manager for the development version of Noosfero (i.e. the one
	118	+that includes new features, a.k.a. the master branch) is apointed by the
	119	+current release manager, and must be a committer first.
	120	+
	121	+Release managers for stable branches are self-appointed, i.e. whoever takes the
	122	+work takes the role. In case of a conflict (e.g. 2+ different people want to do
	123	+the work but can't agree on working together), the development release manager
	124	+decides.
...	...
1	1	source "https://rubygems.org"
2	2	gem 'rails', '~> 3.2.19'
	3	+gem 'minitest', '~> 3.2.0'
3	4	gem 'fast_gettext', '~> 0.6.8'
4	5	gem 'acts-as-taggable-on', '~> 3.0.2'
5	6	gem 'prototype-rails', '~> 3.2.1'
...	...	@@ -18,6 +19,7 @@ gem 'rake', :require => false
18	19	gem 'rest-client', '~> 1.6.7'
19	20	gem 'exception_notification', '~> 4.0.1'
20	21	gem 'gettext', '~> 2.2.1', :require => false, :group => :development
	22	+gem 'locale', '~> 2.0.5'
21	23
22	24	# FIXME list here all actual dependencies (i.e. the ones in debian/control),
23	25	# with their GEM names (not the Debian package names)
...	...	@@ -40,8 +42,9 @@ group :cucumber do
40	42	gem 'selenium-webdriver', '~> 2.39.0'
41	43	end
42	44
43		-# include plugin gemfiles
44		-Dir.glob(File.join('config', 'plugins', '*')).each do \|plugin\|
45		- plugin_gemfile = File.join(plugin, 'Gemfile')
46		- eval File.read(plugin_gemfile) if File.exists?(plugin_gemfile)
	45	+# include gemfiles from enabled plugins
	46	+# plugins in baseplugins/ are not included on purpose. They should not have any
	47	+# dependencies.
	48	+Dir.glob('config/plugins/*/Gemfile').each do \|gemfile\|
	49	+ eval File.read(gemfile)
47	50	end
...	...
1		-Setup Noosfero to use HTTPS
2		-===========================
	1	+# Setup Noosfero to use HTTPS
3	2
4	3	This document assumes that you have a fully and clean Noosfero
5	4	installation as explained at the `INSTALL.md` file.
6	5
7		-SSL certificate
8		-+++++++++++++++
	6	+## Creating a self-signed SSL certificate
9	7
10	8	You should get a valid SSL certificate, but if you want to test
11	9	your setup before, you could generate a self-signed certificate
...	...	@@ -17,99 +15,106 @@ as below:
17	15	# openssl req -new -x509 -nodes -sha1 -days $[10*365] -key noosfero.key > noosfero.cert
18	16	# cat noosfero.key noosfero.cert > noosfero.pem
19	17
	18	+## Web server configuration
	19	+
20	20	There are two ways of using SSL with Noosfero: 1) If you are not using
21	21	Varnish; and 2) If you are using Varnish.
22	22
23		-1) If you are are not using Varnish
24		-+++++++++++++++++++++++++++++++++++
	23	+### 1) If you are are not using Varnish
25	24
26	25	Simply do a redirect in apache to force all connections with SSL:
27	26
28		- <VirtualHost *:8080>
29		- ServerName test.stoa.usp.br
30		-
31		- Redirect / https://example.com/
32		- </VirtualHost>
	27	+```
	28	+<VirtualHost *:8080>
	29	+ ServerName test.stoa.usp.br
	30	+ Redirect / https://example.com/
	31	+</VirtualHost>
	32	+```
33	33
34	34	And set a vhost to receive then:
35	35
36		- <VirtualHost *:443>
37		- ServerName example.com
38		-
39		- SSLEngine On
40		- SSLCertificateFile /etc/ssl/certs/cert.pem
41		- SSLCertificateKeyFile /etc/ssl/private/cert.key
42		-
43		- Include /etc/noosfero/apache/virtualhost.conf
44		- </VirtualHost>
	36	+```
	37	+<VirtualHost *:443>
	38	+ ServerName example.com
	39	+ SSLEngine On
	40	+ SSLCertificateFile /etc/ssl/certs/cert.pem
	41	+ SSLCertificateKeyFile /etc/ssl/private/cert.key
	42	+ Include /etc/noosfero/apache/virtualhost.conf
	43	+</VirtualHost>
	44	+```
45	45
46	46	Be aware that if you had configured varnish, the requests won't reach
47	47	it with this configuration.
48	48
49		-2) If you are using Varnish
50		-+++++++++++++++++++++++++++
51		-
52		-Varnish isn't able to communicate with the SSL protocol, so we will
53		-need some one who do this and Pound[1] can do the job. In order to
54		-install it in Debian based systems:
	49	+### 2) If you are using Varnish
55	50
56		- $ sudo apt-get install pound
	51	+Varnish isn't able to communicate with the SSL protocol, so we will need some
	52	+one else who do this and [Pound](http://www.apsis.ch/pound) can do the job. In
	53	+order to install it in Debian based systems:
57	54
58		-Set Varnish to listen in other port than 80:
	55	+```
	56	+$ sudo apt-get install pound
	57	+```
59	58
60		-/etc/defaults/varnish
61		----------------------
	59	+Set Varnish to listen in other port than 80 in `/etc/defaults/varnish`:
62	60
63		- DAEMON_OPTS="-a localhost:6081 \
64		- -T localhost:6082 \
65		- -f /etc/varnish/default.vcl \
66		- -S /etc/varnish/secret \
67		- -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
	61	+```
	62	+DAEMON_OPTS="-a localhost:6081 \
	63	+ -T localhost:6082 \
	64	+ -f /etc/varnish/default.vcl \
	65	+ -S /etc/varnish/secret \
	66	+ -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
	67	+```
68	68
69	69	Configure Pound:
70	70
71		- # cp /usr/share/noosfero/etc/pound.cfg /etc/pound/
72		-
73		-Edit /etc/pound.cfg and set the IP and domain of your server.
	71	+```
	72	+# cp /usr/share/noosfero/etc/pound.cfg /etc/pound/
	73	+```
74	74
75		-Configure Pound to start at system initialization:
	75	+Edit `/etc/pound.cfg` and set the IP and domain of your server.
76	76
77		-/etc/default/pound
	77	+Configure Pound to start at system initialization. At `/etc/default/pound`:
78	78	------------------
79	79
80		- startup=1
	80	+```
	81	+startup=1
	82	+```
81	83
82		-Set Apache to only listen to localhost:
	84	+Set Apache to only listen to localhost, at `/etc/apache2/ports.conf`:
83	85
84		-/etc/apache2/ports.conf
85		------------------------
86		-
87		- Listen 127.0.0.1:8080
	86	+```
	87	+Listen 127.0.0.1:8080
	88	+```
88	89
89	90	Restart the services:
90	91
91		- $ sudo service apache2 restart
92		- $ sudo service varnish restart
	92	+```
	93	+$ sudo service apache2 restart
	94	+$ sudo service varnish restart
	95	+```
93	96
94	97	Start pound:
95	98
96		- $ sudo service pound start
97		-
98		-[1] http://www.apsis.ch/pound
	99	+```
	100	+$ sudo service pound start
	101	+```
99	102
100		-Noosfero XMPP chat
101		-++++++++++++++++++
	103	+## Noosfero XMPP chat
102	104
103	105	If you want to use chat over HTTPS, then you should add the domain
104		-and IP of your server in the /etc/hosts file, example:
	106	+and IP of your server in the /etc/hosts file, example
105	107
106		-/etc/hosts
107		-----------
	108	+`/etc/hosts:`
108	109
109		- 192.168.1.86 mydomain.example.com
	110	+```
	111	+192.168.1.86 mydomain.example.com
	112	+```
110	113
111		-Also, it's recomended that you remove lines above from the file
	114	+Also, it's recomended that you remove the lines below from the file
112	115	`/etc/apache2/sites-enabled/noosfero`:
113	116
114		- RewriteEngine On
115		- Include /usr/share/noosfero/util/chat/apache/xmpp.conf
	117	+```
	118	+RewriteEngine On
	119	+Include /usr/share/noosfero/util/chat/apache/xmpp.conf
	120	+```
...	...
...	...	@@ -0,0 +1,29 @@
	1	+Using custom locales
	2	+====================
	3	+
	4	+Personalized translations go into the `config/custom_locales/` directory.
	5	+Custom locales can be identified by the rails environment, schema name in a
	6	+multitenancy setup or domain name until the first dot (e.g env1.coop.br for the
	7	+example below).
	8	+
	9	+Currently, the only filename prefix for the localization file which is
	10	+processed is "environment". For instance, a POT file would be called
	11	+"environment.pot".
	12	+
	13	+The structure of an environment named env1 with custom translations for both
	14	+Portuguese and Spanish and an environment named env2 with custom Russian
	15	+translation would be:
	16	+
	17	+ config/
	18	+ custom_locales/
	19	+ env1/
	20	+ environment.pot
	21	+ pt/
	22	+ environment.po
	23	+ es/
	24	+ environment.po
	25	+ env2/
	26	+ environment.pot
	27	+ ru/
	28	+ environment.po
	29	+
...	...
...	...	@@ -186,8 +186,8 @@ Apache instalation
186	186
187	187	# apt-get install apache2
188	188
189		-Apache configuration
190		---------------------
	189	+Configuration - noosfero at /
	190	+-----------------------------
191	191
192	192	First you have to enable the following some apache modules:
193	193
...	...	@@ -257,6 +257,62 @@ Now restart your apache server (as root):
257	257
258	258	# invoke-rc.d apache2 restart
259	259
	260	+Configuration - noosfero at a /subdirectory
	261	+-------------------------------------------
	262	+
	263	+This section describes how to configure noosfero at a subdirectory, what is
	264	+specially useful when you want Noosfero to share a domain name with other
	265	+applications. For example you can host noosfero at yourdomain.com/social, a
	266	+webmail application at yourdomain.com/webmail, and have a static HTML website
	267	+at yourdomain.com/.
	268	+
	269	+NOTE: Some plugins might not work well with this setting. Before deploying
	270	+this setting, make sure you test that everything you need works properly with
	271	+it.
	272	+
	273	+The configuration is similar to the main configuration instructions, except for
	274	+the following points. In the description below, replace '/subdirectory' with
	275	+the actual subdirectory you want.
	276	+
	277	+1) add a `prefix: /subdirectory` line to your thin configuration file (thin.yml).
	278	+
	279	+1.1) remember to restart the noosfero application server whenever you make
	280	+changes to that configuration file.
	281	+
	282	+ # service noosfero restart
	283	+
	284	+2) add a line saying `export RAILS_RELATIVE_URL_ROOT=/subdirectory` to
	285	+/etc/default/noosfero (you can create it with just this line if it does not
	286	+exist already).
	287	+
	288	+3) You should add the following apache configuration to an existing virtual
	289	+host (plus the `<Proxy balancer://noosfero>` section as displayed above):
	290	+
	291	+```
	292	+Alias /subdirectory /path/to/noosfero/public
	293	+<Directory "/path/to/noosfero/public">
	294	+ Options FollowSymLinks
	295	+ AllowOverride None
	296	+ Order Allow,Deny
	297	+ Allow from all
	298	+
	299	+ Include /path/to/noosfero/etc/noosfero/apache/cache.conf
	300	+
	301	+ RewriteEngine On
	302	+ RewriteBase /subdirectory
	303	+ # Rewrite index to check for static index.html
	304	+ RewriteRule ^$ index.html [QSA]
	305	+ # Rewrite to check for Rails cached page
	306	+ RewriteRule ^([^.]+)$ $1.html [QSA]
	307	+ RewriteCond %{REQUEST_FILENAME} !-f
	308	+ RewriteRule ^(.*)$ http://localhost:3000%{REQUEST_URI} [P,QSA,L]
	309	+</Directory>
	310	+```
	311	+
	312	+3.1) remember to reload the apache server whenever any apache configuration
	313	+file changes.
	314	+
	315	+ # sudo service apache2 reload
260	316
261	317	Enabling exception notifications
262	318	================================
...	...
...	...	@@ -71,4 +71,22 @@ class AdminPanelController < AdminController
71	71	end
72	72	end
73	73	end
	74	+
	75	+ def manage_organizations_status
	76	+ scope = environment.organizations
	77	+ @filter = params[:filter] \|\| 'any'
	78	+ @title = "Organization profiles"
	79	+ @title = @title+" - "+@filter if @filter != 'any'
	80	+
	81	+ if @filter == 'enabled'
	82	+ scope = scope.visible
	83	+ elsif @filter == 'disabled'
	84	+ scope = scope.disabled
	85	+ end
	86	+
	87	+ scope = scope.order('name ASC')
	88	+
	89	+ @q = params[:q]
	90	+ @collection = find_by_contents(:organizations, scope, @q, {:per_page => 10, :page => params[:npage]})[:results]
	91	+ end
74	92	end
...	...
...	...	@@ -0,0 +1,5 @@
	1	+class PluginAdminController < AdminController
	2	+
	3	+ protect 'edit_environment_features', :environment
	4	+
	5	+end
...	...
...	...	@@ -40,8 +40,67 @@ class TemplatesController < AdminController
40	40	end
41	41	end
42	42
	43	+ def set_community_as_default
	44	+ begin
	45	+ community = environment.communities.find(params[:template_id])
	46	+ rescue ActiveRecord::RecordNotFound
	47	+ message = _('Community not found. The template could no be changed.')
	48	+ community = nil
	49	+ end
	50	+
	51	+ message = _('%s defined as default') % community.name if set_as_default(community)
	52	+ session[:notice] = message
	53	+
	54	+ redirect_to :action => 'index'
	55	+ end
	56	+
	57	+ def set_person_as_default
	58	+ begin
	59	+ person = environment.people.find(params[:template_id])
	60	+ rescue ActiveRecord::RecordNotFound
	61	+ message = _('Person not found. The template could no be changed.')
	62	+ person = nil
	63	+ end
	64	+
	65	+ message = _('%s defined as default') % person.name if set_as_default(person)
	66	+ session[:notice] = message
	67	+
	68	+ redirect_to :action => 'index'
	69	+ end
	70	+
	71	+ def set_enterprise_as_default
	72	+ begin
	73	+ enterprise = environment.enterprises.find(params[:template_id])
	74	+ rescue ActiveRecord::RecordNotFound
	75	+ message = _('Enterprise not found. The template could no be changed.')
	76	+ enterprise = nil
	77	+ end
	78	+
	79	+ message = _('%s defined as default') % enterprise.name if set_as_default(enterprise)
	80	+ session[:notice] = message
	81	+
	82	+ redirect_to :action => 'index'
	83	+ end
	84	+
43	85	private
44	86
	87	+ def set_as_default(obj)
	88	+ return nil if obj.nil?
	89	+ case obj.class.name
	90	+ when 'Community' then
	91	+ environment.community_default_template = obj
	92	+ environment.save!
	93	+ when 'Person' then
	94	+ environment.person_default_template = obj
	95	+ environment.save!
	96	+ when 'Enterprise' then
	97	+ environment.enterprise_default_template = obj
	98	+ environment.save!
	99	+ else
	100	+ nil
	101	+ end
	102	+ end
	103	+
45	104	def create_organization_template(klass)
46	105	identifier = params[:name].to_slug
47	106	template = klass.new(:name => params[:name], :identifier => identifier, :is_template => true)
...	...
...	...	@@ -127,6 +127,9 @@ class ApplicationController < ActionController::Base
127	127
128	128	# TODO: move this logic somewhere else (Domain class?)
129	129	def detect_stuff_by_domain
	130	+ # Sets text domain based on request host for custom internationalization
	131	+ FastGettext.text_domain = Domain.custom_locale(request.host)
	132	+
130	133	@domain = Domain.find_by_name(request.host)
131	134	if @domain.nil?
132	135	@environment = Environment.default
...	...