Merge branch 'master' into field-of-interest

Caio Almeida
2 parents cdd1f702 733814ea
Showing 310 changed files with 2575 additions and 1519 deletions Show diff stats
app/api/entities.rb
app/api/helpers.rb
app/api/v1/activities.rb
app/api/v1/articles.rb
app/api/v1/boxes.rb
app/api/v1/comments.rb
app/api/v1/profiles.rb
app/concerns/authenticated_system.rb
app/controllers/application_controller.rb
app/controllers/my_profile/profile_themes_controller.rb
app/controllers/public/content_viewer_controller.rb
app/helpers/application_helper.rb
app/helpers/article_helper.rb
app/helpers/boxes_helper.rb
app/helpers/buttons_helper.rb
app/helpers/custom_fields_helper.rb
app/helpers/theme_loader_helper.rb
app/helpers/url_helper.rb
app/helpers/users_helper.rb
app/jobs/download_reported_images_job.rb
@@ -93,7 +93,9 @@ module Api
     class Box < Entity
       root 'boxes', 'box'
       expose :id, :position
-      expose :blocks, :using => Block
+      expose :blocks, :using => Block do |box, options|
+        box.blocks.select {|block| block.visible_to_user?(options[:current_person]) }
+      end
     end
  
     class Profile < Entity
@@ -200,12 +202,21 @@ module Api
       expose :accept_comments?, as: :accept_comments
     end
  
+    def self.permissions_for_entity(entity, current_person, *method_names)
+      method_names.map { |method| entity.send(method, current_person) ? method.to_s.gsub(/\?/,'') : nil }.compact
+    end
+
     class Article < ArticleBase
       root 'articles', 'article'
       expose :parent, :using => ArticleBase
       expose :children, :using => ArticleBase do |article, options|
         article.children.published.limit(V1::Articles::MAX_PER_PAGE)
       end
+      expose :permissions do |article, options|
+        Entities.permissions_for_entity(article, options[:current_person],
+          :allow_edit?, :allow_post_content?, :allow_delete?, :allow_create?,
+          :allow_publish_content?)
+      end
     end
  
     class User < Entity
@@ -121,7 +121,7 @@ module Api
  
     def present_article(asset)
       article = find_article(asset.articles, params[:id])
-      present_partial article, :with => Entities::Article, :params => params
+      present_partial article, with: Entities::Article, params: params, current_person: current_person
     end
  
     def present_articles_for_asset(asset, method = 'articles')
@@ -130,7 +130,7 @@ module Api
     end
  
     def present_articles(articles)
-      present_partial paginate(articles), :with => Entities::Article, :params => params
+      present_partial paginate(articles), :with => Entities::Article, :params => params, current_person: current_person
     end
  
     def find_articles(asset, method = 'articles')
@@ -407,9 +407,11 @@ module Api
  
     def parse_content_type(content_type)
       return nil if content_type.blank?
-      content_type.split(',').map do |content_type|
-        content_type.camelcase
+      content_types = content_type.split(',').map do |content_type|
+        content_type = content_type.camelcase
+        content_type == 'TextArticle' ? Article.text_article_types : content_type
       end
+      content_types.flatten.uniq
     end
  
     def period(from_date, until_date)
 module Api
   module V1
     class Activities < Grape::API
-      before { authenticate! }
  
       resource :profiles do
  
@@ -9,7 +8,7 @@ module Api
           profile = Profile.find_by id: params[:id]
  
           not_found! if profile.blank? || profile.secret || !profile.visible
-          forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person)
+          forbidden! if !profile.display_private_info_to?(current_person)
  
           activities = profile.activities.map(&:activity)
           present activities, :with => Entities::Activity, :current_person => current_person
@@ -54,6 +54,17 @@ module Api
           present_partial article, :with => Entities::Article
         end
  
+        delete ':id' do
+          article = environment.articles.find(params[:id])
+          return forbidden! unless article.allow_delete?(current_person)
+          begin
+            article.destroy
+            { :success => true }
+          rescue Exception => exception
+            render_api_error!(_('The article couldn\'t be removed due to some problem. Please contact the administrator.'), 400)
+          end          
+        end
+
         desc 'Report a abuse and/or violent content in a article by id' do
           detail 'Submit a abuse (in general, a content violation) report about a specific article'
           params Entities::Article.documentation
@@ -262,7 +273,7 @@ module Api
                     article = forbidden!
                   end
  
-                  present_partial article, :with => Entities::Article
+                  present_partial article, :with => Entities::Article, current_person: current_person
                 else
  
                   present_articles_for_asset(profile)
@@ -12,7 +12,8 @@ module Api
             resource :boxes do
               get do
                 profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
-                present profile.boxes, :with => Entities::Box
+                return forbidden! unless profile.display_info_to?(current_person)
+                present profile.boxes, with: Entities::Box, current_person: current_person
               end
             end
           end
@@ -32,7 +33,7 @@ module Api
                 else
                   env = Environment.find(params[:environment_id])
                 end
-                present env.boxes, :with => Entities::Box
+                present env.boxes, with: Entities::Box, current_person: current_person
               end
             end
           end
@@ -34,6 +34,7 @@ module Api
         post ":id/comments" do
           authenticate!
           article = find_article(environment.articles, params[:id])
+          return forbidden! unless article.accept_comments?
           options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article)
           begin
             comment = Comment.create!(options)
@@ -42,6 +43,19 @@ module Api
           end
           present comment, :with => Entities::Comment, :current_person => current_person
         end
+
+        delete ":id/comments/:comment_id" do
+          article = find_article(environment.articles, params[:id])
+          comment = article.comments.find_by_id(params[:comment_id])
+          return not_found! if comment.nil?
+          return forbidden! unless comment.can_be_destroyed_by?(current_person)
+          begin
+            comment.destroy
+            present comment, with: Entities::Comment, :current_person => current_person
+          rescue => e
+            render_api_error!(e.message, 500)
+          end
+        end
       end
  
     end
@@ -22,6 +22,15 @@ module Api
             not_found!
           end
         end
+        
+        desc "Update profile information"
+        post ':id' do
+          authenticate!
+          profile = environment.profiles.find_by(id: params[:id])
+          return forbidden! unless current_person.has_permission?(:edit_profile, profile)
+          profile.update_attributes!(params[:profile])
+          present profile, :with => Entities::Profile, :current_person => current_person
+        end
  
         delete ':id' do
           authenticate!
@@ -0,0 +1,169 @@
+module AuthenticatedSystem
+
+  protected
+
+    extend ActiveSupport::Concern
+
+    included do
+      if self < ActionController::Base
+        around_filter :user_set_current
+        before_filter :override_user
+        before_filter :login_from_cookie
+      end
+
+      # Inclusion hook to make #current_user and #logged_in?
+      # available as ActionView helper methods.
+      helper_method :current_user, :logged_in?
+    end
+
+    # Returns true or false if the user is logged in.
+    # Preloads @current_user with the user model if they're logged in.
+    def logged_in?
+      current_user != nil
+    end
+
+    # Accesses the current user from the session.
+    def current_user user_id = session[:user]
+      @current_user ||= begin
+        user = User.find_by id: user_id if user_id
+        user.session = session if user
+        User.current = user
+        user
+      end
+    end
+
+    # Store the given user in the session.
+    def current_user=(new_user)
+      if new_user.nil?
+        session.delete(:user)
+      else
+        session[:user] = new_user.id
+        new_user.session = session
+        new_user.register_login
+      end
+      @current_user = User.current = new_user
+    end
+
+    # See impl. from http://stackoverflow.com/a/2513456/670229
+    def user_set_current
+      User.current = current_user
+      yield
+    ensure
+      # to address the thread variable leak issues in Puma/Thin webserver
+      User.current = nil
+    end
+
+    # Check if the user is authorized.
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the user
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorize?
+    #    current_user.login != "bob"
+    #  end
+    def authorized?
+      true
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      username, passwd = get_auth_data
+      if username && passwd
+        self.current_user ||= User.authenticate(username, passwd) || nil
+      end
+      if logged_in? && authorized?
+        true
+      else
+        if params[:require_login_popup]
+          render :json => { :require_login_popup => true }
+        else
+          access_denied
+        end
+      end
+    end
+
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the user is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |accepts|
+        accepts.html do
+          if request.xhr?
+            render :text => _('Access denied'), :status => 401
+          else
+            store_location
+            redirect_to :controller => '/account', :action => 'login'
+          end
+        end
+        accepts.xml do
+          headers["Status"]           = "Unauthorized"
+          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+          render :text => "Could't authenticate you", :status => '401 Unauthorized'
+        end
+      end
+      false
+    end
+
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location(location = request.url)
+      session[:return_to] = location
+    end
+
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      if session[:return_to]
+        redirect_to(session.delete(:return_to))
+      else
+        redirect_to(default)
+      end
+    end
+
+    def override_user
+      return if params[:override_user].blank?
+      return unless logged_in? and user.is_admin? environment
+      @current_user = nil
+      current_user params[:override_user]
+    end
+
+    # When called with before_filter :login_from_cookie will check for an :auth_token
+    # cookie and log the user back in if apropriate
+    def login_from_cookie
+      return if cookies[:auth_token].blank? or logged_in?
+      user = User.where(remember_token: cookies[:auth_token]).first
+      self.current_user = user if user and user.remember_token?
+    end
+
+  private
+    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+    # gets BASIC auth info
+    def get_auth_data
+      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
+    end
+end
@@ -13,6 +13,13 @@ class ApplicationController &lt; ActionController::Base
   before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
   before_filter :redirect_to_current_user
  
+  before_filter :set_session_theme
+  def set_session_theme
+    if params[:theme]
+      session[:theme] = environment.theme_ids.include?(params[:theme]) ? params[:theme] : nil
+    end
+  end
+
   def require_login_for_environment
     login_required
   end
@@ -63,12 +63,12 @@ class ProfileThemesController &lt; ThemesController
   end
  
   def start_test
-    session[:theme] = params[:id]
+    session[:user_theme] = params[:id]
     redirect_to :controller => 'content_viewer', :profile => profile.identifier, :action => 'view_page'
   end
  
   def stop_test
-    session[:theme] = nil
+    session[:user_theme] = nil
     redirect_to :action => 'index'
   end
  
@@ -209,7 +209,7 @@ class ContentViewerController &lt; ApplicationController
       end
  
       if @page.published && @page.uploaded_file?
-        redirect_to @page.public_filename
+        redirect_to "#{Noosfero.root}#{@page.public_filename}"
       else
         send_data data, @page.download_headers
       end
@@ -233,13 +233,6 @@ module ApplicationHelper
     link_to(content_tag('span', text), url, html_options.merge(:class => the_class, :title => text))
   end
  
-  def button_bar(options = {}, &block)
-    options[:class].nil? ?
-      options[:class]='button-bar' :
-      options[:class]+=' button-bar'
-    concat(content_tag('div', capture(&block).to_s + tag('br', :style => 'clear: left;'), options))
-  end
-
   def render_profile_actions klass
     name = klass.to_s.underscore
     begin
@@ -351,7 +344,7 @@ module ApplicationHelper
   end
  
   def is_testing_theme
-    !controller.session[:theme].nil?
+    !controller.session[:user_theme].nil?
   end
  
   def theme_owner
@@ -600,8 +593,8 @@ module ApplicationHelper
     end
  
     if block
-      field_html ||= ''
-      field_html += capture(&block)
+      field_html ||= ''.html_safe
+      field_html   = [field_html, capture(&block)].safe_join
     end
  
     if controller.action_name == 'signup' || controller.action_name == 'new_community' || (controller.controller_name == "enterprise_registration" && controller.action_name == 'index') || (controller.controller_name == 'home' && controller.action_name == 'index' && user.nil?)
@@ -610,7 +603,9 @@ module ApplicationHelper
       end
     else
       if profile.active_fields.include?(name)
-        result = content_tag('div', field_html + profile_field_privacy_selector(profile, name), :class => 'field-with-privacy-selector')
+        result = content_tag :div, class: 'field-with-privacy-selector' do
+          [field_html, profile_field_privacy_selector(profile, name)].safe_join
+        end
       end
     end
  
@@ -618,10 +613,6 @@ module ApplicationHelper
       result = required(result)
     end
  
-    if block
-      concat(result)
-    end
-
     result
   end
  
@@ -866,7 +857,7 @@ module ApplicationHelper
   alias :browse_communities_menu :search_communities_menu
  
   def pagination_links(collection, options={})
-    options = {:previous_label => content_tag(:span, '&laquo; ', :class => 'previous-arrow') + _('Previous'), :next_label => _('Next') + content_tag(:span, ' &raquo;', :class => 'next-arrow'), :inner_window => 1, :outer_window => 0 }.merge(options)
+    options = {:previous_label => content_tag(:span, '&laquo; '.html_safe, :class => 'previous-arrow') + _('Previous'), :next_label => _('Next') + content_tag(:span, ' &raquo;'.html_safe, :class => 'next-arrow'), :inner_window => 1, :outer_window => 0 }.merge(options)
     will_paginate(collection, options)
   end
  
@@ -988,6 +979,7 @@ module ApplicationHelper
     values = {}
     values.merge!(task.information[:variables]) if task.information[:variables]
     values.merge!({:requestor => link_to(task.requestor.name, task.requestor.url)}) if task.requestor
+    values.merge!({:target => link_to(task.target.name, task.target.url)}) if (task.target && task.target.respond_to?(:url))
     values.merge!({:subject => content_tag('span', task.subject, :class=>'task_target')}) if task.subject
     values.merge!({:linked_subject => link_to(content_tag('span', task.linked_subject[:text], :class => 'task_target'), task.linked_subject[:url])}) if task.linked_subject
     (task.information[:message] % values).html_safe
@@ -1138,7 +1130,7 @@ module ApplicationHelper
     content_tag(:div, :class => 'errorExplanation', :id => 'errorExplanation') do
       content_tag(:h2, _('Errors while saving')) +
       content_tag(:ul) do
-        safe_join(errors.map { |err| content_tag(:li, err) })
+        safe_join(errors.map { |err| content_tag(:li, err.html_safe) })
       end
     end
   end
@@ -187,9 +187,9 @@ module ArticleHelper
   def following_button(page, user)
     if !user.blank? and user != page.author
       if page.is_followed_by? user
-        button :cancel, unfollow_button_text(page), {:controller => 'profile', :action => 'unfollow_article', :article_id => page.id, :profile => page.profile.identifier}
+        button :cancel, unfollow_button_text(page), {controller: :profile, profile: page.profile.identifier, action: :unfollow_article, article_id: page.id}
       else
-        button :add, follow_button_text(page), {:controller => 'profile', :action => 'follow_article', :article_id => page.id, :profile => page.profile.identifier}
+        button :add, follow_button_text(page), {controller: :profile, profile: page.profile.identifier, action: :follow_article, article_id: page.id}
       end
     end
   end
@@ -99,15 +99,10 @@ module BoxesHelper
   end
  
   def render_block_content block
-    # FIXME: this conditional should be removed after all
-    # block footer from plugins methods get refactored into helpers and views.
-    # They are a failsafe until all of them are done.
-    return block.content if block.method(:content).owner != Block
     render_block block
   end
  
   def render_block_footer block
-    return block.footer if block.method(:footer).owner != Block
     render_block block, 'footers/'
   end
  
 module ButtonsHelper
+
+  def button_bar(options = {}, &block)
+    options[:class] ||= ''
+    options[:class] << ' button-bar'
+
+    content_tag :div, options do
+      [
+        capture(&block).to_s,
+        tag(:br, style: 'clear: left;'),
+      ].safe_join
+    end
+  end
+
   def button(type, label, url, html_options = {})
     html_options ||= {}
     the_class = 'with-text'
@@ -61,6 +61,6 @@ module CustomFieldsHelper
  
   def form_for_format(customized_type, format)
     field = CustomField.new(:format => format, :customized_type => customized_type, :environment => environment)
-    CGI::escapeHTML((render(:partial => 'features/custom_fields/form', :locals => {:field => field})))
+    CGI::escapeHTML((render(:partial => 'features/custom_fields/form', :locals => {:field => field}))).html_safe
   end
 end
@@ -2,8 +2,8 @@ module ThemeLoaderHelper
   def current_theme
     @current_theme ||=
       begin
-        if session[:theme]
-          session[:theme]
+        if session[:user_theme]
+          session[:user_theme]
         else
           # utility for developers: set the theme to 'random' in development mode and
           # you will get a different theme every request. This is interesting for
@@ -11,8 +11,8 @@ module ThemeLoaderHelper
           if Rails.env.development? && environment.theme == 'random'
             @random_theme ||= Dir.glob('public/designs/themes/*').map { |f| File.basename(f) }.rand
             @random_theme
-          elsif Rails.env.development? && respond_to?(:params) && params[:theme] && File.exists?(Rails.root.join('public/designs/themes', params[:theme]))
-            params[:theme]
+          elsif Rails.env.development? && respond_to?(:params) && params[:user_theme] && File.exists?(Rails.root.join('public/designs/themes', params[:user_theme]))
+            params[:user_theme]
           else
             if profile && !profile.theme.nil?
               profile.theme
@@ -34,8 +34,10 @@ module ThemeLoaderHelper
   end
  
   def theme_path
-    if session[:theme]
+    if session[:user_theme]
       '/user_themes/' + current_theme
+    elsif session[:theme]
+      '/designs/themes/' + session[:theme]
     else
       '/designs/themes/' + current_theme
     end
@@ -4,4 +4,12 @@ module UrlHelper
     'javascript:history.back()'
   end
  
+  def default_url_options
+    options = {}
+
+    options[:override_user] = params[:override_user] if params[:override_user].present?
+
+    options
+  end
+
 end
 module UsersHelper
  
-  FILTER_TRANSLATION = {
+  def filter_translation
+    {
       'all_users' => _('All users'),
       'admin_users' => _('Admin users'),
       'activated_users' => _('Activated users'),
       'deactivated_users' => _('Deativated users'),
-  }
+    }
+  end
  
   def filter_selector(filter, float = 'right')
-    options = options_for_select(FILTER_TRANSLATION.map {|key, name| [name, key]}, :selected => filter)
+    options = options_for_select(filter_translation.map {|key, name| [name, key]}, :selected => filter)
     url_params = url_for(params.merge(:filter => 'FILTER'))
     onchange = "document.location.href = '#{url_params}'.replace('FILTER', this.value)"
     select_field = select_tag(:filter, options, :onchange => onchange)
@@ -19,7 +21,7 @@ module UsersHelper
   end
  
   def users_filter_title(filter)
-    FILTER_TRANSLATION[filter]
+    filter_translation[filter]
   end
  
 end
@@ -0,0 +1,27 @@
+class DownloadReportedImagesJob < Struct.new(:abuse_report, :article)
+  def perform
+    images_paths = article.image? ? [File.join(article.profile.environment.top_url, article.public_filename(:display))] : article.body_images_paths
+    images_paths.each do |image_path|
+      image = get_image(image_path)
+      reported_image = ReportedImage.create!( :abuse_report => abuse_report,
+                                              :uploaded_data => image,
+                                              :filename => File.basename(image_path),
+                                              :size => image.size )
+      abuse_report.content = parse_content(abuse_report, image_path, reported_image)
+    end
+    abuse_report.save!
+  end
+
+  def get_image(image_path)
+    image = ActionController::UploadedTempfile.new('reported_image')
+    image.write(Net::HTTP.get(URI.parse(image_path)))
+    image.original_path = 'tmp/' + File.basename(image_path)
+    image.content_type = 'image/' + File.extname(image_path).gsub('.','')
+    image
+  end
+
+  def parse_content(report, old_path, image)
+    old_path = old_path.gsub(report.reporter.environment.top_url, '')
+    report.content.gsub(/#{old_path}/, image.public_filename)
+  end
+end
@@ -0,0 +1,11 @@
+class GetEmailContactsJob < Struct.new(:import_from, :login, :password, :contact_list_id)
+  def perform
+    begin
+      Invitation.get_contacts(import_from, login, password, contact_list_id)
+    rescue Contacts::AuthenticationError => ex
+      ContactList.exists?(contact_list_id) && ContactList.find(contact_list_id).register_auth_error
+    rescue Exception => ex
+      ContactList.exists?(contact_list_id) && ContactList.find(contact_list_id).register_error
+    end
+  end
+end
@@ -0,0 +1,10 @@
+class InvitationJob < Struct.new(:person_id, :contacts_to_invite, :message, :profile_id, :contact_list_id, :locale)
+  def perform
+    Noosfero.with_locale(locale) do
+      person = Person.find(person_id)
+      profile = Profile.find(profile_id)
+      Invitation.invite(person, contacts_to_invite, message, profile)
+      ContactList.exists?(contact_list_id) && ContactList.find(contact_list_id).destroy
+    end
+  end
+end
@@ -0,0 +1,22 @@
+class LogMemoryConsumptionJob < Struct.new(:last_stat)
+  # Number of entries do display
+  N = 20
+
+  def perform
+    logpath = File.join(Rails.root, 'log', "#{ENV['RAILS_ENV']}_memory_consumption.log")
+    logger = Logger.new(logpath)
+    stats = Hash.new(0)
+    ObjectSpace.each_object {|o| stats[o.class.to_s] += 1}
+    i = 1
+
+    logger << "[#{Time.now.strftime('%F %T %z')}]\n"
+    stats.sort {|(k1,v1),(k2,v2)| v2 <=> v1}.each do |k,v|
+      logger << (sprintf "%-60s %10d", k, v)
+      logger << (sprintf " | delta %10d", (v - last_stat[k])) if last_stat && last_stat[k]
+      logger << "\n"
+      break if i > N
+      i += 1
+    end
+    logger << "\n"
+  end
+end
@@ -0,0 +1,8 @@
+class MailingJob < Struct.new(:mailing_id)
+  def perform
+    mailing = Mailing.find(mailing_id)
+    Noosfero.with_locale(mailing.locale) do
+      mailing.deliver
+    end
+  end
+end
@@ -0,0 +1,44 @@
+class NotifyActivityToProfilesJob < Struct.new(:tracked_action_id)
+  NOTIFY_ONLY_COMMUNITY = [
+    'add_member_in_community'
+  ]
+
+  NOT_NOTIFY_COMMUNITY = [
+    'join_community'
+  ]
+  def perform
+    return unless ActionTracker::Record.exists?(tracked_action_id)
+    tracked_action = ActionTracker::Record.find(tracked_action_id)
+    return unless tracked_action.user.present?
+    target = tracked_action.target
+    if target.is_a?(Community) && ( NOTIFY_ONLY_COMMUNITY.include?(tracked_action.verb) || ! target.public_profile )
+      ActionTrackerNotification.create(:profile_id => target.id, :action_tracker_id => tracked_action.id)
+      return
+    end
+
+    # Notify the user
+    ActionTrackerNotification.create(:profile_id => tracked_action.user.id, :action_tracker_id => tracked_action.id)
+
+    # Notify all friends
+    ActionTrackerNotification.connection.execute("insert into action_tracker_notifications(profile_id, action_tracker_id) select f.friend_id, #{tracked_action.id} from friendships as f where person_id=#{tracked_action.user.id} and f.friend_id not in (select atn.profile_id from action_tracker_notifications as atn where atn.action_tracker_id = #{tracked_action.id})")
+
+    if tracked_action.user.is_a? Organization
+      ActionTrackerNotification.connection.execute "insert into action_tracker_notifications(profile_id, action_tracker_id) " +
+      "select distinct accessor_id, #{tracked_action.id} from role_assignments where resource_id = #{tracked_action.user.id} and resource_type='Profile' " +
+      if tracked_action.user.is_a? Enterprise then "union select distinct person_id, #{tracked_action.id} from favorite_enterprise_people where enterprise_id = #{tracked_action.user.id}" else "" end
+    end
+
+    if target.is_a?(Community)
+      ActionTrackerNotification.create(:profile_id => target.id, :action_tracker_id => tracked_action.id) unless NOT_NOTIFY_COMMUNITY.include?(tracked_action.verb)
+
+      ActionTrackerNotification.connection.execute("insert into action_tracker_notifications(profile_id, action_tracker_id) select distinct profiles.id, #{tracked_action.id} from role_assignments, profiles where profiles.type = 'Person' and profiles.id = role_assignments.accessor_id and profiles.id != #{tracked_action.user.id} and profiles.id not in (select atn.profile_id from action_tracker_notifications as atn where atn.action_tracker_id = #{tracked_action.id}) and role_assignments.resource_type = 'Profile' and role_assignments.resource_id = #{target.id}")
+    end
+
+    if target.is_a?(Article) && target.profile.is_a?(Community)
+      ActionTrackerNotification.create(:profile_id => target.profile.id, :action_tracker_id => tracked_action.id) unless NOT_NOTIFY_COMMUNITY.include?(tracked_action.verb)
+
+      ActionTrackerNotification.connection.execute("insert into action_tracker_notifications(profile_id, action_tracker_id) select distinct profiles.id, #{tracked_action.id} from role_assignments, profiles where profiles.type = 'Person' and profiles.id = role_assignments.accessor_id and profiles.id != #{tracked_action.user.id} and profiles.id not in (select atn.profile_id from action_tracker_notifications as atn where atn.action_tracker_id = #{tracked_action.id}) and role_assignments.resource_type = 'Profile' and role_assignments.resource_id = #{target.profile.id}")
+    end
+
+  end
+end
@@ -0,0 +1,22 @@
+class ProfileSuggestionsJob < Struct.new(:person_id)
+
+  def self.exists?(person_id)
+    !find(person_id).empty?
+  end
+
+  def self.find(person_id)
+    Delayed::Job.by_handler("--- !ruby/struct:ProfileSuggestionsJob\nperson_id: #{person_id}\n")
+  end
+
+  def perform
+    logger = Delayed::Worker.logger
+    begin
+      person = Person.find(person_id)
+      ProfileSuggestion.calculate_suggestions(person)
+      UserMailer.profiles_suggestions_email(person).deliver if person.email_suggestions
+    rescue Exception => exception
+      logger.error("Error with suggestions for person ID %d: %s" % [person_id, exception.to_s])
+    end
+  end
+
+end
@@ -0,0 +1,6 @@
+class UserActivationJob < Struct.new(:user_id)
+  def perform
+    user = User.find(user_id)
+    user.destroy unless user.activated? || user.person.is_template? || user.moderate_registration_pending?
+  end
+end
@@ -37,6 +37,10 @@ class AddMember &lt; Task
     true
   end
  
+  def reject_details
+    true
+  end
+
   def footer
     true
   end
@@ -72,8 +76,9 @@ class AddMember &lt; Task
   end
  
   def task_cancelled_message
-    _("Your request to enter community \"%{target} with the profile \"%{requestor}\" was not accepted. Please contact any profile admin from %{url} for more information.") %
-    {:target => self.target.name, :url => self.target.url,
-     :requestor => self.requestor.name}
+    _("Your request to enter community \"%{target}\" with the profile \"%{requestor}\" was not accepted. Please contact any profile admin from %{target} for more information. The following explanation was given: \n\n\"%{explanation}\"") %
+    {:target => self.target.name,
+     :requestor => self.requestor.name,
+     :explanation => self.reject_explanation}
   end
 end
@@ -29,6 +29,8 @@ class Article &lt; ApplicationRecord
     :display => %w[full]
   }
  
+  N_('article')
+
   def initialize(*params)
     super
     if params.present? && params.first.present?
@@ -181,30 +181,6 @@ class Block &lt; ApplicationRecord
     "/images/block_preview.png"
   end
  
-  # Returns the content to be used for this block.
-  #
-  # This method can return several types of objects:
-  #
-  # * <tt>String</tt>: if the string starts with <tt>http://</tt> or <tt>https://</tt>, then it is assumed to be address of an IFRAME. Otherwise it's is used as regular HTML.
-  # * <tt>Hash</tt>: the hash is used to build an URL that is used as the address for a IFRAME.
-  # * <tt>Proc</tt>: the Proc is evaluated in the scope of BoxesHelper. The
-  # block can then use <tt>render</tt>, <tt>link_to</tt>, etc.
-  #
-  # The method can also return <tt>nil</tt>, which means "no content".
-  #
-  # See BoxesHelper#extract_block_content for implementation details.
-  def content(args={})
-    "This is block number %d" % self.id
-  end
-
-  # A footer to be appended to the end of the block. Returns <tt>nil</tt>.
-  #
-  # Override in your subclasses. You can return the same types supported by
-  # #content.
-  def footer
-    nil
-  end
-
   # Is this block editable? (Default to <tt>true</tt>)
   def editable?(user=nil)
     self.edit_modes == "all"
-class CommentHandler < Struct.new(:comment_id, :method)
+class CommentHandler < Struct.new(:comment_id, :method, :locale)
+  def initialize(*args)
+    super
+    self.locale ||= FastGettext.locale
+  end
  
   def perform
+    saved_locale = FastGettext.locale
+    FastGettext.locale = locale
+
     comment = Comment.find(comment_id)
     comment.send(method)
+    FastGettext.locale = saved_locale
   rescue ActiveRecord::RecordNotFound
     # just ignore non-existing comments
   end
@@ -9,7 +9,7 @@ class Community &lt; Organization
     _('Community')
   end
  
-  N_('Community')
+  N_('community')
   N_('Language')
  
   settings_items :language
@@ -12,7 +12,7 @@ class Enterprise &lt; Organization
     _('Enterprise')
   end
  
-  N_('Enterprise')
+  N_('enterprise')
  
   acts_as_trackable after_add: proc{ |p, t| notify_activity t }
  
@@ -750,6 +750,10 @@ class Environment &lt; ApplicationRecord
     end
   end
  
+  def theme_ids
+    settings[:themes] || []
+  end
+
   def themes=(values)
     settings[:themes] = values
   end
@@ -81,10 +81,8 @@ class LinkListBlock &lt; Block
     end
   end
  
-  def icons_options
-    ICONS.map do |i|
-      "<span title=\"#{i[1]}\" class=\"icon-#{i[0]}\" onclick=\"changeIcon(this, '#{i[0]}')\"></span>".html_safe
-    end
+  def icons
+    ICONS
   end
  
 end
@@ -234,4 +234,7 @@ class Organization &lt; Profile
     self.admins.where(:id => user.id).exists?
   end
  
+  def display_private_info_to?(user)
+    (public_profile && visible && !secret) || super
+  end
 end
@@ -13,6 +13,8 @@ class Person &lt; Profile
     _('Person')
   end
  
+  N_('person')
+
   acts_as_trackable :after_add => Proc.new {|p,t| notify_activity(t)}
   acts_as_accessor
  
@@ -82,7 +82,7 @@ class PersonNotifier
     helper ActionTrackerHelper
  
     def session
-      {:theme => nil}
+      {:user_theme => nil}
     end
  
     def content_summary(person, notifications, tasks)
@@ -11,7 +11,7 @@
   <%= hidden_field_tag :terms_accepted, params[:terms_accepted] %>
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= submit_button( 'login', _('Log in') )%>
   <%= modal_close_button _('Cancel') if request.xhr? %>
 <% end %>
@@ -20,7 +20,7 @@
     <%= hidden_field_tag :answer, params[:answer] %>
  
     <%= labelled_check_box(environment.terms_of_use_acceptance_text.blank? ? _('I read the terms of use and accepted them') : environment.terms_of_use_acceptance_text, :terms_accepted, '1', false, :id => 'accept-terms') %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button 'cancel', _('Cancel'), :controller => 'home', :action => 'index' %>
       <%= submit_button 'forward', _('Continue'), {:disabled => true, :class => 'disabled', :id => 'submit-accept-terms'} %>
     <% end %>
@@ -24,7 +24,7 @@
  
 <div class='activation-box'>
   <h2><%= _('Enterprise activation') + ' - ' + (logged_in? ? _('part 1 of 2') : _('part 1 of 3')) %></h2>
-  <%= form_tag( {:action => 'accept_terms'}, {:method => 'get', :onsubmit => (@question == :foundation_year ? 'return check_valid_year(this)' : 'return check_valid_cnpj(this)')}) do %> 
+  <%= form_tag( {:action => 'accept_terms'}, {:method => 'get', :onsubmit => (@question == :foundation_year ? 'return check_valid_year(this)' : 'return check_valid_cnpj(this)')}) do %>
  
   <p>  <strong><%= _('Pay atention! You have only one chance!') %></strong> </p>
  
@@ -34,7 +34,7 @@
  
     <%= hidden_field_tag :enterprise_code, params[:enterprise_code] %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button 'cancel', _('Cancel'), :action => 'index' %>
       <%= submit_button 'forward', _('Continue') %>
     <% end %>
@@ -9,7 +9,7 @@
   <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %>
  
   <div>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button('send', _('Send instructions')) %>
     <% end %>
   </div>
@@ -22,7 +22,7 @@
  
      <%= safe_join(@plugins.dispatch(:login_extra_contents).collect { |content| instance_exec(&content) }, "") %>
  
-     <% button_bar do %>
+     <%= button_bar do %>
        <%= submit_button( 'login', _('Log in') )%>
        <% if is_popin %>
          <%= modal_close_button(_('Cancel')) %>
@@ -31,7 +31,7 @@
  
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
     <%= button :add, _("New user"), :controller => 'account', :action => 'signup' %>
   <% end %>
@@ -17,7 +17,7 @@
  
       <%= safe_join(@plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }, "") %>
  
-      <% button_bar do %>
+      <%= button_bar do %>
         <%= submit_button( 'login', _('Log in') )%>
         <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
           <%= button(:add, _('New user'), { :controller => 'account', :action => 'signup' }) %>
 <h2><%= _('Are you sure you want to get out?') %></h2>
 <p>
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :ok, _('Yes'), { :controller => 'account', :action => 'logout' } %>
   <%= modal_close_button _('No, I want to stay.') %>
 <% end %>
@@ -10,7 +10,7 @@
  
   <%= labelled_form_field(_('Enter new password'), (f.password_field :password)) %>
   <%= labelled_form_field(_('Confirm the new password'), (f.password_field :password_confirmation)) %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:ok, _('Change password')) %>
   <% end %>
  
@@ -3,8 +3,8 @@
  
   <%= _('%s was successfuly activated. Now you may go to your control panel or to the control panel of your enterprise') % @enterprise.name %>
  
-  <% button_bar do %>
-    <%= button 'forward', _('Go to my control panel'), :action => 'index', :controller => 'profile_editor', :profile => current_user.person.identifier %> 
+  <%= button_bar do %>
+    <%= button 'forward', _('Go to my control panel'), :action => 'index', :controller => 'profile_editor', :profile => current_user.person.identifier %>
     <%= button 'forward', _('Go to my enterprise control panel') % @enterprise.name, :action => 'index', :controller => 'profile_editor', :profile => @enterprise.identifier %>
   <% end %>
 <% end %>
@@ -6,7 +6,7 @@
  
   <%= f.text_area :message_for_disabled_enterprise, :cols => 40, :style => 'width: 90%' %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Save')) %>
     <%= button(:cancel, _('Cancel'), :action => 'index') %>
   <% end %>
@@ -4,14 +4,14 @@
   <%= form_tag do %>
     <%= labelled_form_field(_('Portal identifier'), text_field_tag('portal_community_identifier', @portal_community.identifier, :size => 40) ) %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button 'save', _('Save'), :cancel => { :action => 'index' }  %>
     <% end %>
   <% end %>
 <% else %>
   <%= _('Portal identifier: %s').html_safe % link_to(@portal_community.identifier, @portal_community.url) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%if @portal_community.environment.enabled?('use_portal_community') %>
       <%= button 'cancel', _('Disable'), {:action => 'manage_portal_community', :activate => 0} %>
     <% else %>
@@ -37,7 +37,7 @@
     <%= _('The same order in which you arrange the folders here will be used for arranging the boxes in the environment initial page.') %>
   </p>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button 'save', _('Save'), :cancel => {:action => 'index'} %>
   <% end %>
 <% end %>
@@ -6,7 +6,7 @@
   <%= labelled_form_field _('Number of portal news'), select(:environment, :portal_news_amount, (0..10).to_a) %>
   <%= labelled_form_field _('Number of news by folder'), select(:environment, :news_amount_by_folder, (1..10).to_a) %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Save')) %>
     <%= button(:cancel, _('Cancel'), :action => 'index') %>
   <% end %>
@@ -20,7 +20,7 @@
   <% tabs << {:title => _('Signup introduction text'), :id => 'signup-intro',
     :content => (render :partial => 'signup_intro', :locals => {:f => f})} %>
   <%= render_tabs(tabs) %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:save, _('Save'), :cancel => {:action => 'index'}) %>
   <% end %>
 <% end %>
@@ -2,6 +2,8 @@
   <%= hidden_field_tag 'block[links][][icon]', icon %>
   <span class='icon-<%= icon %>' style='display:block; width:16px; height:16px;'></span>
   <div class="icon-selector" style='display:none;'>
-     <%= @block.icons_options.join %>
+    <% @block.icons.map do |i| %>
+      <%= content_tag('span', '', :title => i[1], :class => "icon-#{i[0]}", :onclick => "changeIcon(this, '#{i[0]}')") %>
+    <% end %>
   </div>
 </div>
@@ -35,7 +35,7 @@
       </div>
     <% end %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button(:save, _('Save')) %>
       <%= modal_close_button(_('Cancel')) %>
     <% end %>
@@ -3,7 +3,7 @@
  
 <h1><%= _('Editing sideboxes')%></h1>
  
-<% button_bar :class=>'design-menu' do %>
+<%= button_bar :class=>'design-menu' do %>
   <%= button(:back, _('Back to control panel'), :controller => (profile.nil? ? 'admin_panel': 'profile_editor')) %>
 <% end %>
  
@@ -28,7 +28,7 @@
     <%= file_field_or_thumbnail(_('Image:'), @category.image, i) %>
   <% end %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save'), :cancel => {:action => 'index'}) %>
   <% end%>
 <% end %>
@@ -9,7 +9,7 @@
   <%= labelled_radio_button _('Folder'), :folder_type, 'Folder', false %>
  
   <%= labelled_form_field _('Name:'), text_field_tag(:new_folder, nil, 'data-url' => url_for({:action => 'new', :profile => profile.identifier})) %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:newfolder, _('Create')) %>
   <% end %>
 <% end %>
-<%= labelled_form_field(_('Publish date'), date_field('article[published_at]', @article.published_at || DateTime.current, {:max_date => '+0d', :date_format => 'yy-mm-dd'}, {:id => "article_published_at"})) %>
+<%= labelled_form_field(_('Publish date'), date_field('article[published_at]', @article.published_at || DateTime.current, {:max_date => '+0d', :time => true}, {:id => "article_published_at"})) %>
@@ -12,7 +12,7 @@
  
 <%= hidden_field_tag('back_to', @back_to) %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button_to_function :add, _('More files'), "add_new_file_fields()" %>
   <% if @back_to %>
     <%= submit_button :save, _('Upload'), :cancel => @back_to %>
@@ -12,7 +12,7 @@
     <% end %>
   </strong>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Yes, I want.') %>
     <%= button :cancel, _("No, I don't want."), @article.url %>
   <% end %>
@@ -21,7 +21,7 @@
     </div>
   <% end %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Save') %>
     <%= submit_button :save, _('Save and continue'), :name => "continue" %>
   <% end %>
@@ -48,7 +48,7 @@
     <%= options_for_article(@article, @tokenized_children) %>
   </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Save') %>
  
     <% if @back_to %>
@@ -25,7 +25,7 @@
         <%= hidden_field_tag :back_to, @back_to %>
         <%= labelled_form_field _('Title'), text_field_tag('name', @article.name) %>
  
-        <% button_bar do %>
+        <%= button_bar do %>
           <%= submit_button 'spread', _('Spread this') %>
         <% end %>
       <% end %>
@@ -41,7 +41,7 @@
         <% search_action = url_for(:action => 'search_communities_to_publish') %>
         <%= token_input_field_tag(:q, 'search-communities-to-publish', search_action, { :hint_text => _('Type in a search for your community'), :zindex => 10000, :focus => false }) %>
         <%= labelled_form_field _('Title'), text_field_tag('name', @article.name) %>
-        <% button_bar do %>
+        <%= button_bar do %>
           <%= submit_button 'spread', _('Spread this') %>
         <% end %>
       <% end %>
@@ -58,7 +58,7 @@
         <%= hidden_field_tag :back_to, @back_to %>
         <%= labelled_form_field _('Title'), text_field_tag('name', @article.name) %>
  
-        <% button_bar do %>
+        <%= button_bar do %>
           <%= submit_button 'spread', _('Spread this') %>
         <% end %>
       <% end %>
@@ -5,7 +5,7 @@
     <%= hidden_field_tag :back_to, @back_to %>
     <%= labelled_text_field _('Title') + ': ', :name, @article.name, :style => 'width: 100%' %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button 'spread', _('Spread this'), :cancel => @back_to %>
     <% end %>
   <% end %>
@@ -14,7 +14,7 @@
     <%= _("There is no portal community in this environment.") %>
   </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button :back, _('Back'), :controller => 'cms' %>
   <% end %>
 <% end %>
@@ -23,7 +23,7 @@
  
   <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) unless logged_in? %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button :save, _('Save') %>
     <%= button :cancel, _('Cancel'), @back_to %>
   <% end %>
@@ -14,7 +14,7 @@
   </div>
 <% end %>
  
-<% button_bar(:style => 'margin-bottom: 1em;') do %>
+<%= button_bar(:style => 'margin-bottom: 1em;') do %>
   <% parent_id = ((@article && @article.allow_children?) ? @article : nil) %>
  
   <%= modal_button('new', _('New content'), url_for({:action => 'new', :parent_id => parent_id, :cms => true}).html_safe) %>
@@ -4,6 +4,6 @@
 <%= _('By categorizing your content, you increase the possibility that other people access it. When they are looking for, say, articles about Bahia and you categorize your article in "Regions/Bahia", then there is a good change that your article is going to be found.') %>
 </p>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= modal_close_button _('Close') %>
 <% end %>
@@ -8,7 +8,7 @@
   <div id="recaptcha-container" style="display: none">
     <h3><%= _('Please type the two words below') %></h3>
     <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button_to_function :add, _('Confirm'), "return false", :id => "confirm-captcha" %>
       <%= button_to_function :cancel, _('Cancel'), "noosfero.modal.close()" %>
     <% end %>
@@ -87,7 +87,7 @@ function check_captcha(button, confirm_action) {
  
   <%= safe_join(@plugins.dispatch(:comment_form_extra_contents, local_assigns.merge(:comment => @comment)).collect { |content| instance_exec(&content) }, "") %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('add', _('Post comment'), :onclick => "if(check_captcha(this)) { save_comment(this) } else { check_captcha(this, save_comment)};return false;") %>
     <% if !edition_mode %>
       <%= button :cancel, _('Cancel'), '', :id => 'cancel-comment' %>
@@ -36,7 +36,7 @@ function submit_comment_form(button) {
   <div id="recaptcha-container" style="display: none">
     <h3><%= _('Please type the two words below') %></h3>
     <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button_to_function :add, _('Confirm'), "return false", :id => "confirm-captcha" %>
       <%= button_to_function :cancel, _('Cancel'), "noosfero.modal.close()" %>
     <% end %>
@@ -73,7 +73,7 @@ function submit_comment_form(button) {
   <%= hidden_field_tag(:confirm, 'false') %>
   <%= hidden_field_tag(:view, params[:view])%>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('add', _('Post comment'), :onclick => "submit_comment_form(this); return false") %>
     <% if cancel_triggers_hide %>
       <%= button :cancel, _('Cancel'), '', :id => 'cancel-comment' %>
@@ -5,7 +5,7 @@
   <%= form_tag(@page.view_url.merge({:only_path => true}), {:method => 'post', :class => 'comment_form'}) do %>
     <%= hidden_field_tag(:unfollow, 'commit') %>
     <%= labelled_form_field(_('Enter your e-Mail'), text_field_tag(:email, nil, {:size => 40})) %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button(:ok, _('Cancel notifications for e-mail above') ) %>
     <% end %>
   <% end %>
@@ -4,7 +4,7 @@
  
 <div>
   <div class='blog-description'>
-    <%= blog.body %>
+    <%= (blog.body || '').html_safe %>
   </div>
 </div>
 <hr class="pre-posts"/>
@@ -16,7 +16,7 @@
   <p><%= @page.terms_of_use %></p>
  
   <%= form_tag @page.url.merge(:terms_accepted => true) do %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <% if user %>
         <%= submit_button :save, _("Accept")  %>
       <% else %>
@@ -8,7 +8,7 @@
     <%= _('There are no validators to validate the registration of this new enterprise. Contact your administrator for instructions.') %>
   </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button :back, _('Go back'), { :profile => current_user.person.identifier, :action=>"enterprises", :controller=>"profile" }%>
   <% end %>
 <% else %>
@@ -36,7 +36,7 @@
  
     <%= template_options(:enterprises, 'create_enterprise')%>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button('next', _('Next'), :cancel => {:profile => current_user.person.identifier, :action=>"enterprises", :controller=>"profile"}) %>
     <% end %>
   <% end %>
@@ -4,7 +4,7 @@
  
 <%= render :partial => 'shared/template_welcome_page', :locals => {:template => @enterprise.template, :header => _("What can I do with a %s?")} %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button :back, _('Back'), {:controller => 'memberships', :action => 'index', :profile => user.identifier} %>
 <% end %>
  
@@ -22,7 +22,7 @@
   <% end %>
   </table>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button 'save', _('Confirm') %>
   <% end %>
 <% end %>
@@ -15,7 +15,7 @@
 <p><%= _('If this enterprise passes the criteria to be considered an solidarity enconomy enterprise, you can approve it by click the button below.') %></p>
  
 <%= form_tag :action => 'approve', :id => @pending.code do %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('approve', _('Approve')) %>
   <% end %>
 <% end %>
@@ -27,7 +27,7 @@
 <%= form_tag :action => 'reject', :id => @pending.code do %>
   <%= labelled_form_field(_('Please provide an explanation for the rejection. This explanation will be sent to the requestor (required).'), text_area_tag('reject_explanation'))%>
   <div>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button('reject', _('Reject')) %>
     <% end %>
   </div>
@@ -5,7 +5,7 @@
 <%= labelled_form_for :info do |f| %>
   <%= f.text_area(:validation_methodology, :cols => 50, :rows => 10) %>
   <%= f.text_area(:restrictions, :cols => 50, :rows => 7) %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save'), :cancel => {:action => 'index'}) %>
   <% end %>
 <% end %>
 <h1><%= _('Enterprise validations') %></h1>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:edit, _('Edit validation info'), { :action => 'edit_validation_info' }) %>
   <%= button(:back, _('Go Back'), { :controller => 'profile_editor' }) %>
 <% end %>
@@ -3,7 +3,7 @@
 <%= form_tag( {:action => 'give_role'}, {:method => :post}) do %>
   <%= select_tag 'role', options_for_select(@roles.map{|r|[r.name,r.id]})  %>
   <%= hidden_field_tag 'person', current_user.person.id %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('affiliate', _('Affiliate', :cancel => {:action => 'index'}) %>
   <% end %>
 <% end %>
@@ -7,7 +7,7 @@
   <% end %>
   <%= hidden_field_tag 'person', @admin.id %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save changes'), :cancel => {:action => 'index'})  %>
   <% end %>
 <% end %>
@@ -9,7 +9,7 @@
   <% @roles.each do |r| %>
     <%= labelled_form_field(r.name, (check_box_tag "roles[]", r.id)) %>
   <% end %>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button( 'save', _('Make'), :cancel => {:action => 'index'} ) %>
   <% end %>
 <% end %>
@@ -3,6 +3,6 @@
  
 <br style="clear:both" />
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:back, _('Back'), :controller => 'admin_panel', :action => 'index') %>
 <% end %>
@@ -23,7 +23,7 @@
 </p>
 <% end %>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:back, _('Go back'), :controller => 'profile_editor') %>
 <% end %>
  
@@ -55,7 +55,7 @@
 </script>
  
 <div>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save changes'), :id=>"save_community_fields") %>
     <%= button :back, _('Back to admin panel'), :controller => 'admin_panel', :action => 'index' %>
   <% end %>
@@ -22,7 +22,7 @@
   </fieldset>
 </div>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:save, _('Save'), 'javascript: void()', :onClick => "submit_custom_field_form('##{format_values_id}', '##{form_id}');") %>
 <% end %>
  
@@ -55,7 +55,7 @@
 </script>
  
 <div>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save changes'), :id=>"save_enterprise_fields") %>
     <%= button :back, _('Back to admin panel'), :controller => 'admin_panel', :action => 'index' %>
   <% end %>
@@ -55,7 +55,7 @@
 </script>
  
 <div>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save changes'), :id=>"save_person_fields") %>
     <%= button :back, _('Back to admin panel'), :controller => 'admin_panel', :action => 'index' %>
   <% end %>
@@ -29,7 +29,7 @@
           </tr>
         </thead>
         <tfoot>
-          <tr><td colspan=3><%= button(:add, _('Add option'), 'javascript: void()', :id => "btn_opt_#{id}", :onclick => "add_content('##{id} .custom-field-extras', $('#btn_opt_#{id}').attr('value'), 'EXTRAS_ID');", :value => "#{render_extras_field(id)}") %></td></tr>
+          <tr><td colspan=3><%= button(:add, _('Add option'), 'javascript: void()', :id => "btn_opt_#{id}", :onclick => "add_content('##{id} .custom-field-extras', $('#btn_opt_#{id}').attr('value'), 'EXTRAS_ID');", :value => "#{render_extras_field(id)}".html_safe) %></td></tr>
         </tfoot>
         <tbody class="custom-field-extras">
           <% if !field.extras.blank?%>
@@ -69,7 +69,7 @@ Check all the features you want to enable for your environment, uncheck all the 
 <hr/>
  
 <div>
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button('save', _('Save changes')) %>
     <%= button :back, _('Back to admin panel'), :controller => 'admin_panel', :action => 'index' %>
   <% end %>
 <h1><%= _("Connections with %s") % @suggestion.suggestion.name %></h1>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:back, _('Go to friends list'), :controller => 'friends') %>
 <% end %>
  
@@ -12,7 +12,7 @@
     </p>
   <% end %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
     <%= button(:search, _('Find people'), :controller => 'search', :action => 'assets', :asset => 'people') %>
     <% unless @plugins.dispatch(:remove_invite_friends_button).include?(true) %>
 <h1><%= _("Friends suggestions for %s") % profile.name %></h1>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:back, _('Go to friends list'), :controller => 'friends') %>
 <% end %>
  
@@ -34,7 +34,7 @@
     <%= labelled_form_field(_("Password") + ":", password_field_tag(:password)) %>
   </div>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:forward, _("Next")) %>
   <% end %>
   <p><%= _("We won't store your password or contact anyone without your permission.") %></p>
@@ -24,7 +24,7 @@
       { :hint_text => _('Type in the person\'s %{search_fields}') % {:search_fields => @search_fields},
         :focus => false }) %>
  
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= submit_button('save', _('Invite'))%>
       <%= button('cancel', _('Cancel'), profile.url)%>
     <% end %>
@@ -32,7 +32,7 @@
  
   <%= render :partial => 'invite/personalize_invitation_mail', :locals => {:mail_template => @mail_template } %>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= submit_button(:ok, _("Invite!")) %>
   <% end %>
 <% end %>
@@ -5,7 +5,7 @@
   <%= required labelled_form_field(_('Name'), f.text_field(:name)) %>
   <%= labelled_form_field(_('License url'), f.text_field(:url)) %>
  
- <% button_bar do %>
+ <%= button_bar do %>
    <%= submit_button('save', _('Save'))%>
    <%= button('cancel', _('Cancel'), {:action => 'index'})%>
   <% end %>
@@ -16,7 +16,7 @@
   <% end %>
 </table>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:add, _('Add a new license'), :action => 'create')%>
   <%= button :back, _('Back to admin panel'), :controller => 'admin_panel' %>
 <% end %>
@@ -6,7 +6,7 @@
  
   <p><%= _('You already request activation of your mailbox. Please wait until an administrator approves your request.') %></p>
  
-  <% button_bar do %>
+  <%= button_bar do %>
     <%= button :back, _('Back to control panel'), :controller => 'profile_editor' %>
   <% end %>
  
@@ -21,10 +21,10 @@
     <h2><%= _('Configuration') %></h2>
     <ul>
       <li>
-      <%= link_to _('Mail configuration for POP and IMAP'), 'http://www.ynternet.org/move/infos-technique-pour-utiliser-multypass-pop3-smtp-imap-ftp-quotas...' %>  
+      <%= link_to _('Mail configuration for POP and IMAP'), 'http://www.ynternet.org/move/infos-technique-pour-utiliser-multypass-pop3-smtp-imap-ftp-quotas...' %>
       </li>
     </ul>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button :back, _('Back to control panel'), :controller => 'profile_editor' %>
     <% end %>
  
@@ -33,7 +33,7 @@
     <h2><%= _("Enable e-Mail account below:") %></h2>
     <ul><%= safe_join(profile.email_addresses.map{|i| content_tag('li', i)}, "\n") %></ul>
     <blockquote><%= _("You'll be able to access a webmail from your user menu.") %></blockquote>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button(:ok, _('Enable e-Mail'), { :action => 'enable' }, :method => 'post') %>
       <%= button :back, _('Back to control panel'), :controller => 'profile_editor' %>
     <% end %>
@@ -11,7 +11,7 @@
     <%= labelled_form_field _('City'), f.text_field(:city) %>
     <%= labelled_form_field _('ZIP code'), text_field(:profile_data, :zip_code) %>
     <%= labelled_form_field _('Address (street and number)'), text_field(:profile_data, :address) %>
-    <% button_bar do %>
+    <%= button_bar do %>
       <%= button_to_function :search, _('Locate in the map'), "addressToPoint()", :title => _("Locate the address informed above in the map below (note that you'll probably need to adjust the marker to get a precise position)")  %>
       <%= submit_button 'save', _('Save') %>
       <%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
 <h1><%= _("Connections with %s") % @suggestion.suggestion.name %></h1>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:back, _('Go to groups list'), :controller => 'memberships') %>
 <% end %>
  
@@ -2,7 +2,7 @@
  
 <h1><%= _('Manage my groups') %></h1>
  
-<% button_bar do %>
+<%= button_bar do %>
   <%= button(:add, _('Create a new community'), :controller => 'memberships', :action => 'new_community') %>
   <%= button :add, _('Register a new enterprise'), :controller => 'enterprise_registration' if environment.enabled?('enterprise_registration') %>
   <%= button :back, _('Go back'), :controller => 'profile_editor' %>
...	...	@@ -93,7 +93,9 @@ module Api
93	93	class Box < Entity
94	94	root 'boxes', 'box'
95	95	expose :id, :position
96		- expose :blocks, :using => Block
	96	+ expose :blocks, :using => Block do \|box, options\|
	97	+ box.blocks.select {\|block\| block.visible_to_user?(options[:current_person]) }
	98	+ end
97	99	end
98	100
99	101	class Profile < Entity
...	...	@@ -200,12 +202,21 @@ module Api
200	202	expose :accept_comments?, as: :accept_comments
201	203	end
202	204
	205	+ def self.permissions_for_entity(entity, current_person, *method_names)
	206	+ method_names.map { \|method\| entity.send(method, current_person) ? method.to_s.gsub(/\?/,'') : nil }.compact
	207	+ end
	208	+
203	209	class Article < ArticleBase
204	210	root 'articles', 'article'
205	211	expose :parent, :using => ArticleBase
206	212	expose :children, :using => ArticleBase do \|article, options\|
207	213	article.children.published.limit(V1::Articles::MAX_PER_PAGE)
208	214	end
	215	+ expose :permissions do \|article, options\|
	216	+ Entities.permissions_for_entity(article, options[:current_person],
	217	+ :allow_edit?, :allow_post_content?, :allow_delete?, :allow_create?,
	218	+ :allow_publish_content?)
	219	+ end
209	220	end
210	221
211	222	class User < Entity
...	...
...	...	@@ -121,7 +121,7 @@ module Api
121	121
122	122	def present_article(asset)
123	123	article = find_article(asset.articles, params[:id])
124		- present_partial article, :with => Entities::Article, :params => params
	124	+ present_partial article, with: Entities::Article, params: params, current_person: current_person
125	125	end
126	126
127	127	def present_articles_for_asset(asset, method = 'articles')
...	...	@@ -130,7 +130,7 @@ module Api
130	130	end
131	131
132	132	def present_articles(articles)
133		- present_partial paginate(articles), :with => Entities::Article, :params => params
	133	+ present_partial paginate(articles), :with => Entities::Article, :params => params, current_person: current_person
134	134	end
135	135
136	136	def find_articles(asset, method = 'articles')
...	...	@@ -407,9 +407,11 @@ module Api
407	407
408	408	def parse_content_type(content_type)
409	409	return nil if content_type.blank?
410		- content_type.split(',').map do \|content_type\|
411		- content_type.camelcase
	410	+ content_types = content_type.split(',').map do \|content_type\|
	411	+ content_type = content_type.camelcase
	412	+ content_type == 'TextArticle' ? Article.text_article_types : content_type
412	413	end
	414	+ content_types.flatten.uniq
413	415	end
414	416
415	417	def period(from_date, until_date)
...	...
1	1	module Api
2	2	module V1
3	3	class Activities < Grape::API
4		- before { authenticate! }
5	4
6	5	resource :profiles do
7	6
...	...	@@ -9,7 +8,7 @@ module Api
9	8	profile = Profile.find_by id: params[:id]
10	9
11	10	not_found! if profile.blank? \|\| profile.secret \|\| !profile.visible
12		- forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person)
	11	+ forbidden! if !profile.display_private_info_to?(current_person)
13	12
14	13	activities = profile.activities.map(&:activity)
15	14	present activities, :with => Entities::Activity, :current_person => current_person
...	...
...	...	@@ -54,6 +54,17 @@ module Api
54	54	present_partial article, :with => Entities::Article
55	55	end
56	56
	57	+ delete ':id' do
	58	+ article = environment.articles.find(params[:id])
	59	+ return forbidden! unless article.allow_delete?(current_person)
	60	+ begin
	61	+ article.destroy
	62	+ { :success => true }
	63	+ rescue Exception => exception
	64	+ render_api_error!(_('The article couldn\'t be removed due to some problem. Please contact the administrator.'), 400)
	65	+ end
	66	+ end
	67	+
57	68	desc 'Report a abuse and/or violent content in a article by id' do
58	69	detail 'Submit a abuse (in general, a content violation) report about a specific article'
59	70	params Entities::Article.documentation
...	...	@@ -262,7 +273,7 @@ module Api
262	273	article = forbidden!
263	274	end
264	275
265		- present_partial article, :with => Entities::Article
	276	+ present_partial article, :with => Entities::Article, current_person: current_person
266	277	else
267	278
268	279	present_articles_for_asset(profile)
...	...
...	...	@@ -12,7 +12,8 @@ module Api
12	12	resource :boxes do
13	13	get do
14	14	profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
15		- present profile.boxes, :with => Entities::Box
	15	+ return forbidden! unless profile.display_info_to?(current_person)
	16	+ present profile.boxes, with: Entities::Box, current_person: current_person
16	17	end
17	18	end
18	19	end
...	...	@@ -32,7 +33,7 @@ module Api
32	33	else
33	34	env = Environment.find(params[:environment_id])
34	35	end
35		- present env.boxes, :with => Entities::Box
	36	+ present env.boxes, with: Entities::Box, current_person: current_person
36	37	end
37	38	end
38	39	end
...	...
...	...	@@ -34,6 +34,7 @@ module Api
34	34	post ":id/comments" do
35	35	authenticate!
36	36	article = find_article(environment.articles, params[:id])
	37	+ return forbidden! unless article.accept_comments?
37	38	options = params.select { \|key,v\| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article)
38	39	begin
39	40	comment = Comment.create!(options)
...	...	@@ -42,6 +43,19 @@ module Api
42	43	end
43	44	present comment, :with => Entities::Comment, :current_person => current_person
44	45	end
	46	+
	47	+ delete ":id/comments/:comment_id" do
	48	+ article = find_article(environment.articles, params[:id])
	49	+ comment = article.comments.find_by_id(params[:comment_id])
	50	+ return not_found! if comment.nil?
	51	+ return forbidden! unless comment.can_be_destroyed_by?(current_person)
	52	+ begin
	53	+ comment.destroy
	54	+ present comment, with: Entities::Comment, :current_person => current_person
	55	+ rescue => e
	56	+ render_api_error!(e.message, 500)
	57	+ end
	58	+ end
45	59	end
46	60
47	61	end
...	...
...	...	@@ -22,6 +22,15 @@ module Api
22	22	not_found!
23	23	end
24	24	end
	25	+
	26	+ desc "Update profile information"
	27	+ post ':id' do
	28	+ authenticate!
	29	+ profile = environment.profiles.find_by(id: params[:id])
	30	+ return forbidden! unless current_person.has_permission?(:edit_profile, profile)
	31	+ profile.update_attributes!(params[:profile])
	32	+ present profile, :with => Entities::Profile, :current_person => current_person
	33	+ end
25	34
26	35	delete ':id' do
27	36	authenticate!
...	...
...	...	@@ -0,0 +1,169 @@
	1	+module AuthenticatedSystem
	2	+
	3	+ protected
	4	+
	5	+ extend ActiveSupport::Concern
	6	+
	7	+ included do
	8	+ if self < ActionController::Base
	9	+ around_filter :user_set_current
	10	+ before_filter :override_user
	11	+ before_filter :login_from_cookie
	12	+ end
	13	+
	14	+ # Inclusion hook to make #current_user and #logged_in?
	15	+ # available as ActionView helper methods.
	16	+ helper_method :current_user, :logged_in?
	17	+ end
	18	+
	19	+ # Returns true or false if the user is logged in.
	20	+ # Preloads @current_user with the user model if they're logged in.
	21	+ def logged_in?
	22	+ current_user != nil
	23	+ end
	24	+
	25	+ # Accesses the current user from the session.
	26	+ def current_user user_id = session[:user]
	27	+ @current_user \|\|= begin
	28	+ user = User.find_by id: user_id if user_id
	29	+ user.session = session if user
	30	+ User.current = user
	31	+ user
	32	+ end
	33	+ end
	34	+
	35	+ # Store the given user in the session.
	36	+ def current_user=(new_user)
	37	+ if new_user.nil?
	38	+ session.delete(:user)
	39	+ else
	40	+ session[:user] = new_user.id
	41	+ new_user.session = session
	42	+ new_user.register_login
	43	+ end
	44	+ @current_user = User.current = new_user
	45	+ end
	46	+
	47	+ # See impl. from http://stackoverflow.com/a/2513456/670229
	48	+ def user_set_current
	49	+ User.current = current_user
	50	+ yield
	51	+ ensure
	52	+ # to address the thread variable leak issues in Puma/Thin webserver
	53	+ User.current = nil
	54	+ end
	55	+
	56	+ # Check if the user is authorized.
	57	+ #
	58	+ # Override this method in your controllers if you want to restrict access
	59	+ # to only a few actions or if you want to check if the user
	60	+ # has the correct rights.
	61	+ #
	62	+ # Example:
	63	+ #
	64	+ # # only allow nonbobs
	65	+ # def authorize?
	66	+ # current_user.login != "bob"
	67	+ # end
	68	+ def authorized?
	69	+ true
	70	+ end
	71	+
	72	+ # Filter method to enforce a login requirement.
	73	+ #
	74	+ # To require logins for all actions, use this in your controllers:
	75	+ #
	76	+ # before_filter :login_required
	77	+ #
	78	+ # To require logins for specific actions, use this in your controllers:
	79	+ #
	80	+ # before_filter :login_required, :only => [ :edit, :update ]
	81	+ #
	82	+ # To skip this in a subclassed controller:
	83	+ #
	84	+ # skip_before_filter :login_required
	85	+ #
	86	+ def login_required
	87	+ username, passwd = get_auth_data
	88	+ if username && passwd
	89	+ self.current_user \|\|= User.authenticate(username, passwd) \|\| nil
	90	+ end
	91	+ if logged_in? && authorized?
	92	+ true
	93	+ else
	94	+ if params[:require_login_popup]
	95	+ render :json => { :require_login_popup => true }
	96	+ else
	97	+ access_denied
	98	+ end
	99	+ end
	100	+ end
	101	+
	102	+ # Redirect as appropriate when an access request fails.
	103	+ #
	104	+ # The default action is to redirect to the login screen.
	105	+ #
	106	+ # Override this method in your controllers if you want to have special
	107	+ # behavior in case the user is not authorized
	108	+ # to access the requested action. For example, a popup window might
	109	+ # simply close itself.
	110	+ def access_denied
	111	+ respond_to do \|accepts\|
	112	+ accepts.html do
	113	+ if request.xhr?
	114	+ render :text => _('Access denied'), :status => 401
	115	+ else
	116	+ store_location
	117	+ redirect_to :controller => '/account', :action => 'login'
	118	+ end
	119	+ end
	120	+ accepts.xml do
	121	+ headers["Status"] = "Unauthorized"
	122	+ headers["WWW-Authenticate"] = %(Basic realm="Web Password")
	123	+ render :text => "Could't authenticate you", :status => '401 Unauthorized'
	124	+ end
	125	+ end
	126	+ false
	127	+ end
	128	+
	129	+ # Store the URI of the current request in the session.
	130	+ #
	131	+ # We can return to this location by calling #redirect_back_or_default.
	132	+ def store_location(location = request.url)
	133	+ session[:return_to] = location
	134	+ end
	135	+
	136	+ # Redirect to the URI stored by the most recent store_location call or
	137	+ # to the passed default.
	138	+ def redirect_back_or_default(default)
	139	+ if session[:return_to]
	140	+ redirect_to(session.delete(:return_to))
	141	+ else
	142	+ redirect_to(default)
	143	+ end
	144	+ end
	145	+
	146	+ def override_user
	147	+ return if params[:override_user].blank?
	148	+ return unless logged_in? and user.is_admin? environment
	149	+ @current_user = nil
	150	+ current_user params[:override_user]
	151	+ end
	152	+
	153	+ # When called with before_filter :login_from_cookie will check for an :auth_token
	154	+ # cookie and log the user back in if apropriate
	155	+ def login_from_cookie
	156	+ return if cookies[:auth_token].blank? or logged_in?
	157	+ user = User.where(remember_token: cookies[:auth_token]).first
	158	+ self.current_user = user if user and user.remember_token?
	159	+ end
	160	+
	161	+ private
	162	+ @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
	163	+ # gets BASIC auth info
	164	+ def get_auth_data
	165	+ auth_key = @@http_auth_headers.detect { \|h\| request.env.has_key?(h) }
	166	+ auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
	167	+ return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
	168	+ end
	169	+end
...	...
...	...	@@ -13,6 +13,13 @@ class ApplicationController < ActionController::Base
13	13	before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
14	14	before_filter :redirect_to_current_user
15	15
	16	+ before_filter :set_session_theme
	17	+ def set_session_theme
	18	+ if params[:theme]
	19	+ session[:theme] = environment.theme_ids.include?(params[:theme]) ? params[:theme] : nil
	20	+ end
	21	+ end
	22	+
16	23	def require_login_for_environment
17	24	login_required
18	25	end
...	...
...	...	@@ -63,12 +63,12 @@ class ProfileThemesController < ThemesController
63	63	end
64	64
65	65	def start_test
66		- session[:theme] = params[:id]
	66	+ session[:user_theme] = params[:id]
67	67	redirect_to :controller => 'content_viewer', :profile => profile.identifier, :action => 'view_page'
68	68	end
69	69
70	70	def stop_test
71		- session[:theme] = nil
	71	+ session[:user_theme] = nil
72	72	redirect_to :action => 'index'
73	73	end
74	74
...	...