Merge branch 'master' into language-selection

Conflicts: app/helpers/forms_helper.rb app/models/box.rb app/views/box_organizer/edit.rhtml db/schema.rb test/unit/box_test.rb

Merge branch 'master' into language-selection
Conflicts: app/helpers/forms_helper.rb app/models/box.rb app/views/box_organizer/edit.rhtml db/schema.rb test/unit/box_test.rb
Rodrigo Souto
2 parents d0b4277a f1e0dc83
Showing 273 changed files with 8742 additions and 1192 deletions Show diff stats
INSTALL.varnish
app/controllers/admin/users_controller.rb
app/controllers/application_controller.rb
app/controllers/box_organizer_controller.rb
app/controllers/my_profile/profile_design_controller.rb
app/controllers/my_profile/spam_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/content_viewer_controller.rb
app/controllers/public/profile_controller.rb
app/controllers/public/search_controller.rb
app/helpers/application_helper.rb
app/helpers/boxes_helper.rb
app/helpers/cms_helper.rb
app/helpers/colorbox_helper.rb
app/helpers/content_viewer_helper.rb
app/helpers/forms_helper.rb
app/helpers/search_helper.rb
app/models/box.rb
app/models/comment.rb
app/models/comment_handler.rb
@@ -15,6 +15,10 @@ Noosfero was tested with Varnish 2.x. If you are using a Debian Lenny (and you
 should, unless Debian already released Squeeze by now), make sure you install
 varnish from the lenny-backports suite.
  
+Install the RPAF apache module (or skip this step if not using apache):
+
+  # apt-get install libapache2-mod-rpaf
+
 3) Enable varnish logging:
  
 3a) Edit /etc/default/varnishncsa and uncomment the line that contains:
@@ -7,11 +7,12 @@ class UsersController &lt; AdminController
       format.html
       format.xml do
         @users = User.find(:all, :conditions => {:environment_id => environment.id}, :include => [:person])
-        render :xml => @users.to_xml(
-          :skip_types => true,
-          :only => %w[email login created_at updated_at],
-          :include => { :person => {:only => %w[name updated_at created_at address birth_date contact_phone identifier lat lng] } }
-        )
+        send_data @users.to_xml(
+            :skip_types => true,
+            :only => %w[email login created_at updated_at],
+            :include => { :person => {:only => %w[name updated_at created_at address birth_date contact_phone identifier lat lng] } }),
+          :type => 'text/xml',
+          :disposition => "attachment; filename=users.xml"
       end
       format.csv do
         @users = User.find(:all, :conditions => {:environment_id => environment.id}, :include => [:person])
@@ -101,9 +101,10 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
+  include Noosfero::Plugin::HotSpot
+
   def init_noosfero_plugins
-    @plugins = Noosfero::Plugin::Manager.new(self)
-    @plugins.each do |plugin|
+    plugins.each do |plugin|
       prepend_view_path(plugin.class.view_path)
     end
     init_noosfero_plugins_controller_filters
@@ -112,8 +113,10 @@ class ApplicationController &lt; ActionController::Base
   # This is a generic method that initialize any possible filter defined by a
   # plugin to the current controller being initialized.
   def init_noosfero_plugins_controller_filters
-    @plugins.each do |plugin|
-      plugin.send(self.class.name.underscore + '_filters').each do |plugin_filter|
+    plugins.each do |plugin|
+      filters = plugin.send(self.class.name.underscore + '_filters')
+      filters = [filters] if !filters.kind_of?(Array)
+      filters.each do |plugin_filter|
         self.class.send(plugin_filter[:type], plugin.class.name.underscore + '_' + plugin_filter[:method_name], (plugin_filter[:options] || {}))
         self.class.send(:define_method, plugin.class.name.underscore + '_' + plugin_filter[:method_name], plugin_filter[:block])
       end
@@ -68,7 +68,8 @@ class BoxOrganizerController &lt; ApplicationController
         raise ArgumentError.new("Type %s is not allowed. Go away." % type)
       end
     else
-      @block_types = available_blocks
+      @center_block_types = Box.acceptable_center_blocks & available_blocks
+      @side_block_types = Box.acceptable_side_blocks & available_blocks
       @boxes = boxes_holder.boxes
       render :action => 'add_block', :layout => false
     end
@@ -5,7 +5,7 @@ class ProfileDesignController &lt; BoxOrganizerController
   protect 'edit_profile_design', :profile
  
   def available_blocks
-    blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock, LinkListBlock, MyNetworkBlock, FeedReaderBlock, ProfileImageBlock, LocationBlock, SlideshowBlock, ProfileSearchBlock ]
+    blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock, LinkListBlock, MyNetworkBlock, FeedReaderBlock, ProfileImageBlock, LocationBlock, SlideshowBlock, ProfileSearchBlock, HighlightsBlock ]
  
     # blocks exclusive for organizations
     if profile.has_members?
@@ -0,0 +1,40 @@
+class SpamController < MyProfileController
+
+  protect :moderate_comments, :profile
+
+  def index
+    if request.post?
+      begin
+        # FIXME duplicated logic
+        #
+        # This logic more or less replicates what is already in
+        # ContentViewerController#view_page,
+        # ContentViewerController#remove_comment and
+        # ContentViewerController#mark_comment_as_spam
+        if params[:remove_comment]
+          profile.comments_received.find(params[:remove_comment]).destroy
+        end
+        if params[:mark_comment_as_ham]
+          profile.comments_received.find(params[:mark_comment_as_ham]).ham!
+        end
+        if request.xhr?
+          json_response(true)
+        else
+          redirect_to :action => :index
+        end
+      rescue
+        json_response(false)
+      end
+      return
+    end
+
+    @spam = profile.comments_received.spam.paginate({:page => params[:page]})
+  end
+
+  protected
+
+  def json_response(status)
+    render :text => {'ok' => status }.to_json, :content_type => 'application/json'
+  end
+
+end
@@ -25,11 +25,13 @@ class AccountController &lt; ApplicationController
  
   # action to perform login to the application
   def login
-    @user = User.new
-    @person = @user.build_person
     store_location(request.referer) unless session[:return_to]
     return unless request.post?
-    self.current_user = User.authenticate(params[:user][:login], params[:user][:password], environment) if params[:user]
+
+    self.current_user = plugins_alternative_authentication
+
+    self.current_user ||= User.authenticate(params[:user][:login], params[:user][:password], environment) if params[:user]
+
     if logged_in?
       if params[:remember_me] == "1"
         self.current_user.remember_me
@@ -41,7 +43,6 @@ class AccountController &lt; ApplicationController
       end
     else
       session[:notice] = _('Incorrect username or password') if redirect?
-      redirect_to :back if redirect?
     end
   end
  
@@ -56,6 +57,11 @@ class AccountController &lt; ApplicationController
  
   # action to register an user to the application
   def signup
+    if @plugins.dispatch(:allow_user_registration).include?(false)
+      redirect_back_or_default(:controller => 'home')
+      session[:notice] = _("This environment doesn't allow user registration.")
+    end
+
     @invitation_code = params[:invitation_code]
     begin
       if params[:user]
@@ -125,6 +131,10 @@ class AccountController &lt; ApplicationController
   #
   # Posts back.
   def forgot_password
+    if @plugins.dispatch(:allow_password_recovery).include?(false)
+      redirect_back_or_default(:controller => 'home')
+      session[:notice] = _("This environment doesn't allow password recovery.")
+    end
     @change_password = ChangePassword.new(params[:change_password])
  
     if request.post?
@@ -316,4 +326,13 @@ class AccountController &lt; ApplicationController
     end
   end
  
+  def plugins_alternative_authentication
+    user = nil
+    @plugins.each do |plugin|
+      user = plugin.alternative_authentication
+      break unless user.nil?
+    end
+    user
+  end
+
 end
@@ -2,6 +2,8 @@ class ContentViewerController &lt; ApplicationController
  
   needs_profile
  
+  before_filter :comment_author, :only => :edit_comment
+
   helper ProfileHelper
   helper TagsHelper
  
@@ -19,7 +21,7 @@ class ContentViewerController &lt; ApplicationController
       unless @page
         page_from_old_path = profile.articles.find_by_old_path(path)
         if page_from_old_path
-          redirect_to :profile => profile.identifier, :page => page_from_old_path.explode_path
+          redirect_to profile.url.merge(:page => page_from_old_path.explode_path)
           return
         end
       end
@@ -75,8 +77,14 @@ class ContentViewerController &lt; ApplicationController
       @comment = Comment.new
     end
  
-    if request.post? && params[:remove_comment]
-      remove_comment
+    if request.post?
+      if params[:remove_comment]
+        remove_comment
+        return
+      elsif params[:mark_comment_as_spam]
+        mark_comment_as_spam
+        return
+      end
     end
  
     if @page.has_posts?
@@ -107,23 +115,46 @@ class ContentViewerController &lt; ApplicationController
       end
     end
  
-    @comments = @page.comments(true).as_thread
-    @comments_count = @page.comments.count
+    comments = @page.comments.without_spam
+    @comments = comments.as_thread
+    @comments_count = comments.count
     if params[:slideshow]
       render :action => 'slideshow', :layout => 'slideshow'
     end
   end
  
+  def edit_comment
+    path = params[:page].join('/')
+    @page = profile.articles.find_by_path(path)
+    @form_div = 'opened'
+    @comment = @page.comments.find_by_id(params[:id])
+    if @comment
+      if request.post?
+        begin
+          @comment.update_attributes(params[:comment])
+          session[:notice] = _('Comment succesfully updated')
+          redirect_to :action => 'view_page', :profile => profile.identifier, :page => @comment.article.explode_path
+        rescue
+          session[:notice] = _('Comment could not be updated')
+        end
+      end
+    else
+      redirect_to @page.view_url
+      session[:notice] = _('Could not find the comment in the article')
+    end
+  end
+
   protected
  
   def add_comment
     @comment.author = user if logged_in?
     @comment.article = @page
     @comment.ip_address = request.remote_ip
+    @comment.user_agent = request.user_agent
+    @comment.referrer = request.referrer
     plugins_filter_comment(@comment)
     return if @comment.rejected?
     if (pass_without_comment_captcha? || verify_recaptcha(:model => @comment, :message => _('Please type the words correctly'))) && @comment.save
-      plugins_comment_saved(@comment)
       @page.touch
       @comment = nil # clear the comment form
       redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
@@ -138,12 +169,6 @@ class ContentViewerController &lt; ApplicationController
     end
   end
  
-  def plugins_comment_saved(comment)
-    @plugins.each do |plugin|
-      plugin.comment_saved(comment)
-    end
-  end
-
   def pass_without_comment_captcha?
     logged_in? && !environment.enabled?('captcha_for_logged_users')
   end
@@ -153,9 +178,24 @@ class ContentViewerController &lt; ApplicationController
     @comment = @page.comments.find(params[:remove_comment])
     if (user == @comment.author || user == @page.profile || user.has_permission?(:moderate_comments, @page.profile))
       @comment.destroy
-      session[:notice] = _('Comment succesfully deleted')
     end
-    redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
+    finish_comment_handling
+  end
+
+  def mark_comment_as_spam
+    @comment = @page.comments.find(params[:mark_comment_as_spam])
+    if logged_in? && (user == @page.profile || user.has_permission?(:moderate_comments, @page.profile))
+      @comment.spam!
+    end
+    finish_comment_handling
+  end
+
+  def finish_comment_handling
+    if request.xhr?
+      render :text => {'ok' => true}.to_json, :content_type => 'application/json'
+    else
+      redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
+    end
   end
  
   def per_page
@@ -181,4 +221,13 @@ class ContentViewerController &lt; ApplicationController
     end
   end
  
+  def comment_author
+    comment = Comment.find_by_id(params[:id])
+    if comment
+      render_access_denied if comment.author.blank? || comment.author != user
+    else
+      render_not_found
+    end
+  end
+
 end
@@ -212,9 +212,9 @@ class ProfileController &lt; PublicController
     begin
       scrap = current_user.person.scraps(params[:scrap_id])
       scrap.destroy
-      render :text => _('Scrap successfully removed.')
+      finish_successful_removal 'Scrap successfully removed.'
     rescue
-      render :text => _('You could not remove this scrap')
+      finish_unsuccessful_removal 'You could not remove this scrap.'
     end
   end
  
@@ -227,9 +227,9 @@ class ProfileController &lt; PublicController
       else
         activity.destroy
       end
-      render :text => _('Activity successfully removed.')
+      finish_successful_removal 'Activity successfully removed.'
     rescue
-      render :text => _('You could not remove this activity')
+      finish_unsuccessful_removal 'You could not remove this activity.'
     end
   end
  
@@ -244,6 +244,24 @@ class ProfileController &lt; PublicController
     end
   end
  
+  def finish_successful_removal(msg)
+    if request.xhr?
+      render :text => {'ok' => true}.to_json, :content_type => 'application/json'
+    else
+      session[:notice] = _(msg)
+      redirect_to :action => :index
+    end
+  end
+
+  def finish_unsuccessful_removal(msg)
+    session[:notice] = _(msg)
+    if request.xhr?
+      render :text => {'redirect' => url_for(:action => :index)}.to_json, :content_type => 'application/json'
+    else
+      redirect_to :action => :index
+    end
+  end
+
   def profile_info
     begin
       @block = profile.blocks.find(params[:block_id])
@@ -303,9 +321,10 @@ class ProfileController &lt; PublicController
     @comment = Comment.find(params[:comment_id])
     if (user == @comment.author || user == profile || user.has_permission?(:moderate_comments, profile))
       @comment.destroy
-      session[:notice] = _('Comment successfully deleted')
+      finish_successful_removal 'Comment successfully removed.'
+    else
+      finish_unsuccessful_removal 'You could not remove this comment.'
     end
-    redirect_to :action => :index
   end
  
   protected
@@ -4,10 +4,17 @@ class SearchController &lt; PublicController
   include SearchHelper
   include ActionView::Helpers::NumberHelper
  
+  before_filter :redirect_asset_param, :except => [:facets_browse, :assets]
   before_filter :load_category
   before_filter :load_search_assets
   before_filter :load_query
  
+  # Backwards compatibility with old URLs
+  def redirect_asset_param
+    return unless params.has_key?(:asset)
+    redirect_to params.merge(:action => params.delete(:asset))
+  end
+
   no_design_blocks
  
   def facets_browse
@@ -250,10 +257,9 @@ class SearchController &lt; PublicController
   end
  
   def limit
-    searching = @searching.values.select{ |v| v }
-    if params[:display] == 'map'
+    if map_search?
       MAP_SEARCH_LIMIT
-    elsif searching.size <= 1
+    elsif !multiple_search?
       if [:people, :communities].include? @asset
         BLOCKS_SEARCH_LIMIT
       elsif @asset == :enterprises and @empty_query
@@ -267,31 +273,34 @@ class SearchController &lt; PublicController
   end
  
   def paginate_options(page = params[:page])
+    page = 1 if multiple_search? or params[:display] == 'map'
     { :per_page => limit, :page => page }
   end
  
   def full_text_search(filters = [], options = {})
     paginate_options = paginate_options(params[:page])
     asset_class = asset_class(@asset)
-
     solr_options = options
-    if !@results_only and asset_class.respond_to? :facets
-      solr_options.merge! asset_class.facets_find_options(params[:facet])
-      solr_options[:all_facets] = true
-      solr_options[:limit] = 0 if @facets_only
-    end
-    solr_options[:filter_queries] ||= []
-    solr_options[:filter_queries] += filters
-    solr_options[:filter_queries] << "environment_id:#{environment.id}"
-    solr_options[:filter_queries] << asset_class.facet_category_query.call(@category) if @category
-
-    solr_options[:boost_functions] ||= []
-    params[:order_by] = nil if params[:order_by] == 'none'
-    if params[:order_by]
-      order = SortOptions[@asset][params[:order_by].to_sym]
-      raise "Unknown order by" if order.nil?
-      order[:solr_opts].each do |opt, value|
-        solr_options[opt] = value.is_a?(Proc) ? instance_eval(&value) : value
+    pg_options = paginate_options(params[:page])
+
+    if !multiple_search?
+      if !@results_only and asset_class.respond_to? :facets
+        solr_options.merge! asset_class.facets_find_options(params[:facet])
+        solr_options[:all_facets] = true
+      end
+      solr_options[:filter_queries] ||= []
+      solr_options[:filter_queries] += filters
+      solr_options[:filter_queries] << "environment_id:#{environment.id}"
+      solr_options[:filter_queries] << asset_class.facet_category_query.call(@category) if @category
+
+      solr_options[:boost_functions] ||= []
+      params[:order_by] = nil if params[:order_by] == 'none'
+      if params[:order_by]
+        order = SortOptions[@asset][params[:order_by].to_sym]
+        raise "Unknown order by" if order.nil?
+        order[:solr_opts].each do |opt, value|
+          solr_options[opt] = value.is_a?(Proc) ? instance_eval(&value) : value
+        end
       end
     end
  
@@ -265,9 +265,9 @@ module ApplicationHelper
  
   VIEW_EXTENSIONS = %w[.rhtml .html.erb]
  
-  def partial_for_class_in_view_path(klass, view_path)
+  def partial_for_class_in_view_path(klass, view_path, suffix = nil)
     return nil if klass.nil?
-    name = klass.name.underscore
+    name = [klass.name.underscore, suffix].compact.map(&:to_s).join('_')
  
     search_name = String.new(name)
     if search_name.include?("/")
@@ -285,28 +285,17 @@ module ApplicationHelper
     partial_for_class_in_view_path(klass.superclass, view_path)
   end
  
-  def partial_for_class(klass)
+  def partial_for_class(klass, suffix=nil)
     raise ArgumentError, 'No partial for object. Is there a partial for any class in the inheritance hierarchy?' if klass.nil?
     name = klass.name.underscore
     @controller.view_paths.each do |view_path|
-      partial = partial_for_class_in_view_path(klass, view_path)
+      partial = partial_for_class_in_view_path(klass, view_path, suffix)
       return partial if partial
     end
  
     raise ArgumentError, 'No partial for object. Is there a partial for any class in the inheritance hierarchy?'
   end
  
-  def partial_for_task_class(klass, action)
-    raise ArgumentError, 'No partial for object. Is there a partial for any class in the inheritance hierarchy?' if klass.nil?
-
-    name = "#{klass.name.underscore}_#{action.to_s}"
-    VIEW_EXTENSIONS.each do |ext|
-      return name if File.exists?(File.join(RAILS_ROOT, 'app', 'views', params[:controller], '_'+name+ext))
-    end
-
-    partial_for_task_class(klass.superclass, action)
-  end
-
   def view_for_profile_actions(klass)
     raise ArgumentError, 'No profile actions view for this class.' if klass.nil?
  
@@ -1336,6 +1325,19 @@ module ApplicationHelper
     end
   end
  
+  def expirable_link_to(expired, content, url, options = {})
+    if expired
+      options[:class] = (options[:class] || '') + ' disabled'
+      content_tag('a', '&nbsp;'+content_tag('span', content), options)
+    else
+      link_to content, url, options
+    end
+  end
+
+  def remove_content_button(action)
+    @plugins.dispatch("content_remove_#{action.to_s}", @page).include?(true)
+  end
+
   def template_options(klass, field_name)
     return '' if klass.templates.count == 0
     return hidden_field_tag("#{field_name}[template_id]", klass.templates.first.id) if klass.templates.count == 1
@@ -1401,4 +1403,19 @@ module ApplicationHelper
     result
   end
  
+  def expirable_content_reference(content, action, text, url, options = {})
+    reason = @plugins.dispatch("content_expire_#{action.to_s}", content).first
+    options[:title] = reason
+    expirable_link_to reason.present?, text, url, options
+  end
+
+  def expirable_button(content, action, text, url, options = {})
+    options[:class] = "button with-text icon-#{action.to_s}"
+    expirable_content_reference content, action, text, url, options
+  end
+
+  def expirable_comment_link(content, action, text, url, options = {})
+    options[:class] = "comment-footer comment-footer-link comment-footer-hide"
+    expirable_content_reference content, action, text, url, options
+  end
 end
@@ -162,9 +162,6 @@ module BoxesHelper
   #
   # +box+ is always needed
   def block_target(box, block = nil)
-    # FIXME hardcoded
-    return '' if box.position == 1
-
     id =
       if block.nil?
         "end-of-box-#{box.id}"
@@ -172,14 +169,11 @@ module BoxesHelper
         "before-block-#{block.id}"
       end
  
-    content_tag('div', '&nbsp;', :id => id, :class => 'block-target' ) + drop_receiving_element(id, :url => { :action => 'move_block', :target => id }, :accept => 'block', :hoverclass => 'block-target-hover')
+    content_tag('div', '&nbsp;', :id => id, :class => 'block-target' ) + drop_receiving_element(id, :url => { :action => 'move_block', :target => id }, :accept => box.acceptable_blocks, :hoverclass => 'block-target-hover')
   end
  
   # makes the given block draggable so it can be moved away.
   def block_handle(block)
-    # FIXME hardcoded
-    return '' if block.box.position == 1
-
     draggable_element("block-#{block.id}", :revert => true)
   end
  
@@ -211,7 +205,7 @@ module BoxesHelper
     end
  
     if block.editable?
-      buttons << lightbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
+      buttons << colorbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
     end
  
     if !block.main?
@@ -42,13 +42,25 @@ module CmsHelper
  
   def display_spread_button(profile, article)
     if profile.person?
-      button_without_text :spread, _('Spread this'), :action => 'publish', :id => article.id
+      expirable_button article, :spread, _('Spread this'), :action => 'publish', :id => article.id
     elsif profile.community? && environment.portal_community
-      button_without_text :spread, _('Spread this'), :action => 'publish_on_portal_community', :id => article.id
+      expirable_button article, :spread, _('Spread this'), :action => 'publish_on_portal_community', :id => article.id
     end
   end
  
   def display_delete_button(article)
-    button_without_text :delete, _('Delete'), { :action => 'destroy', :id => article.id }, :method => :post, :confirm => delete_article_message(article)
+    expirable_button article, :delete, _('Delete'), { :action => 'destroy', :id => article.id }, :method => :post, :confirm => delete_article_message(article)
+  end
+
+  def expirable_button(content, action, title, url, options = {})
+    reason = @plugins.dispatch("content_expire_#{action.to_s}", content).first
+    if reason.present?
+      options[:class] = (options[:class] || '') + ' disabled'
+      options[:disabled] = 'disabled'
+      options.delete(:confirm)
+      options.delete(:method)
+      title = reason
+    end
+    button_without_text action.to_sym, title, url, options
   end
 end
@@ -8,6 +8,10 @@ module ColorboxHelper
     button(type, label, url, colorbox_options(options))
   end
  
+  def colorbox_icon_button(type, label, url, options = {})
+    icon_button(type, label, url, colorbox_options(options))
+  end
+
   # options must be an HTML options hash as passed to link_to etc.
   #
   # returns a new hash with colorbox class added. Keeps existing classes.
@@ -4,11 +4,11 @@ module ContentViewerHelper
   include ForumHelper
  
   def number_of_comments(article)
-    n = article.comments.size
+    n = article.comments.without_spam.count
     if n == 0
      _('No comments yet')
     else
-     n_('One comment', '%{comments} comments', n) % { :comments => n }
+     n_('One comment', '<span class="comment-count">%{comments}</span> comments', n) % { :comments => n }
     end
   end
  
@@ -142,6 +142,119 @@ module FormsHelper
     content_tag('table',rows.join("\n"))
   end
  
+  def date_field(name, value, format = '%Y-%m-%d', datepicker_options = {}, html_options = {})
+    datepicker_options[:disabled] ||= false
+    datepicker_options[:alt_field] ||= ''
+    datepicker_options[:alt_format] ||= ''
+    datepicker_options[:append_text] ||= ''
+    datepicker_options[:auto_size] ||= false
+    datepicker_options[:button_image] ||= ''
+    datepicker_options[:button_image_only] ||=  false
+    datepicker_options[:button_text] ||= '...'
+    datepicker_options[:calculate_week] ||= 'jQuery.datepicker.iso8601Week'
+    datepicker_options[:change_month] ||= false
+    datepicker_options[:change_year] ||= false
+    datepicker_options[:close_text] ||= _('Done')
+    datepicker_options[:constrain_input] ||= true
+    datepicker_options[:current_text] ||= _('Today')
+    datepicker_options[:date_format] ||= 'mm/dd/yy'
+    datepicker_options[:day_names] ||= [_('Sunday'), _('Monday'), _('Tuesday'), _('Wednesday'), _('Thursday'), _('Friday'), _('Saturday')]
+    datepicker_options[:day_names_min] ||= [_('Su'), _('Mo'), _('Tu'), _('We'), _('Th'), _('Fr'), _('Sa')]
+    datepicker_options[:day_names_short] ||= [_('Sun'), _('Mon'), _('Tue'), _('Wed'), _('Thu'), _('Fri'), _('Sat')]
+    datepicker_options[:default_date] ||= nil
+    datepicker_options[:duration] ||= 'normal'
+    datepicker_options[:first_day] ||= 0
+    datepicker_options[:goto_current] ||= false
+    datepicker_options[:hide_if_no_prev_next] ||= false
+    datepicker_options[:is_rtl] ||= false
+    datepicker_options[:max_date] ||= nil
+    datepicker_options[:min_date] ||= nil
+    datepicker_options[:month_names] ||= [_('January'), _('February'), _('March'), _('April'), _('May'), _('June'), _('July'), _('August'), _('September'), _('October'), _('November'), _('December')]
+    datepicker_options[:month_names_short] ||= [_('Jan'), _('Feb'), _('Mar'), _('Apr'), _('May'), _('Jun'), _('Jul'), _('Aug'), _('Sep'), _('Oct'), _('Nov'), _('Dec')]
+    datepicker_options[:navigation_as_date_format] ||= false
+    datepicker_options[:next_text] ||= _('Next')
+    datepicker_options[:number_of_months] ||= 1
+    datepicker_options[:prev_text] ||= _('Prev')
+    datepicker_options[:select_other_months] ||= false
+    datepicker_options[:short_year_cutoff] ||= '+10'
+    datepicker_options[:show_button_panel] ||= false
+    datepicker_options[:show_current_at_pos] ||= 0
+    datepicker_options[:show_month_after_year] ||= false
+    datepicker_options[:show_on] ||= 'focus'
+    datepicker_options[:show_options] ||= {}
+    datepicker_options[:show_other_months] ||= false
+    datepicker_options[:show_week] ||= false
+    datepicker_options[:step_months] ||= 1
+    datepicker_options[:week_header] ||= _('Wk')
+    datepicker_options[:year_range] ||= 'c-10:c+10'
+    datepicker_options[:year_suffix] ||= ''
+
+    element_id = html_options[:id] || 'datepicker-date'
+    value = value.strftime(format) if value.present?
+    method = datepicker_options[:time] ? 'datetimepicker' : 'datepicker'
+    result = text_field_tag(name, value, html_options)
+    result +=
+    "
+    <script type='text/javascript'>
+      jQuery('##{element_id}').#{method}({
+        disabled: #{datepicker_options[:disabled].to_json},
+        altField: #{datepicker_options[:alt_field].to_json},
+        altFormat: #{datepicker_options[:alt_format].to_json},
+        appendText: #{datepicker_options[:append_text].to_json},
+        autoSize: #{datepicker_options[:auto_size].to_json},
+        buttonImage: #{datepicker_options[:button_image].to_json},
+        buttonImageOnly: #{datepicker_options[:button_image_only].to_json},
+        buttonText: #{datepicker_options[:button_text].to_json},
+        calculateWeek: #{datepicker_options[:calculate_week].to_json},
+        changeMonth: #{datepicker_options[:change_month].to_json},
+        changeYear: #{datepicker_options[:change_year].to_json},
+        closeText: #{datepicker_options[:close_text].to_json},
+        constrainInput: #{datepicker_options[:constrain_input].to_json},
+        currentText: #{datepicker_options[:current_text].to_json},
+        dateFormat: #{datepicker_options[:date_format].to_json},
+        dayNames: #{datepicker_options[:day_names].to_json},
+        dayNamesMin: #{datepicker_options[:day_names_min].to_json},
+        dayNamesShort: #{datepicker_options[:day_names_short].to_json},
+        defaultDate: #{datepicker_options[:default_date].to_json},
+        duration: #{datepicker_options[:duration].to_json},
+        firstDay: #{datepicker_options[:first_day].to_json},
+        gotoCurrent: #{datepicker_options[:goto_current].to_json},
+        hideIfNoPrevNext: #{datepicker_options[:hide_if_no_prev_next].to_json},
+        isRTL: #{datepicker_options[:is_rtl].to_json},
+        maxDate: #{datepicker_options[:max_date].to_json},
+        minDate: #{datepicker_options[:min_date].to_json},
+        monthNames: #{datepicker_options[:month_names].to_json},
+        monthNamesShort: #{datepicker_options[:month_names_short].to_json},
+        navigationAsDateFormat: #{datepicker_options[:navigation_as_date_format].to_json},
+        nextText: #{datepicker_options[:next_text].to_json},
+        numberOfMonths: #{datepicker_options[:number_of_months].to_json},
+        prevText: #{datepicker_options[:prev_text].to_json},
+        selectOtherMonths: #{datepicker_options[:select_other_months].to_json},
+        shortYearCutoff: #{datepicker_options[:short_year_cutoff].to_json},
+        showButtonPanel: #{datepicker_options[:show_button_panel].to_json},
+        showCurrentAtPos: #{datepicker_options[:show_current_at_pos].to_json},
+        showMonthAfterYear: #{datepicker_options[:show_month_after_year].to_json},
+        showOn: #{datepicker_options[:show_on].to_json},
+        showOptions: #{datepicker_options[:show_options].to_json},
+        showOtherMonths: #{datepicker_options[:show_other_months].to_json},
+        showWeek: #{datepicker_options[:show_week].to_json},
+        stepMonths: #{datepicker_options[:step_months].to_json},
+        weekHeader: #{datepicker_options[:week_header].to_json},
+        yearRange: #{datepicker_options[:year_range].to_json},
+        yearSuffix: #{datepicker_options[:year_suffix].to_json}
+      })
+    </script>
+    "
+    result
+  end
+
+  def date_range_field(from_name, to_name, from_value, to_value, format = '%Y-%m-%d', datepicker_options = {}, html_options = {})
+    from_id = html_options[:from_id] || 'datepicker-from-date'
+    to_id = html_options[:to_id] || 'datepicker-to-date'
+    return _('From') +' '+ date_field(from_name, from_value, format, datepicker_options, html_options.merge({:id => from_id})) +
+    ' ' + _('until') +' '+ date_field(to_name, to_value, format, datepicker_options, html_options.merge({:id => to_id}))
+  end
+
 protected
   def self.next_id_number
     if defined? @@id_num
@@ -45,6 +45,14 @@ module SearchHelper
   # FIXME remove it after search_controler refactored
   include EventsHelper
  
+  def multiple_search?
+    ['index', 'category_index'].include?(params[:action]) or @results.size > 1
+  end
+
+  def map_search?
+    !@empty_query and !multiple_search? and params[:display] == 'map'
+  end
+
   def search_page_title(title, category = nil)
     title = "<h1>" + title
     title += '<small>' + category.name + '</small>' if category
@@ -58,8 +66,8 @@ module SearchHelper
       :align => 'center', :class => 'search-category-context') if category
   end
  
-  def display_results(use_map = false)
-    if params[:display] == 'map' && use_map
+  def display_results(map_capable = false)
+    if map_capable and map_search?
       partial = 'google_maps'
       klass = 'map'
     else
@@ -99,7 +107,7 @@ module SearchHelper
     @asset_class = asset_class(asset)
     render(:partial => 'facets_unselect_menu')
   end
-  
+
   def facet_javascript(input_id, facet, array)
     array = [] if array.nil?
     hintText = _('Type in an option')
@@ -148,6 +156,7 @@ module SearchHelper
     params = params.dup
     params[:facet].each do |id, value|
       facet = klass.facet_by_id(id.to_sym)
+      next unless facet
       if value.kind_of?(Hash)
         label_hash = facet[:label].call(environment)
         value.each do |label_id, value|
@@ -6,4 +6,76 @@ class Box &lt; ActiveRecord::Base
   def environment
     owner ? (owner.kind_of?(Environment) ? owner : owner.environment) : nil
   end
+
+  def acceptable_blocks
+    to_css_class_name central?  ? Box.acceptable_center_blocks : Box.acceptable_side_blocks
+  end
+
+  def central?
+    position == 1
+  end
+
+  def self.acceptable_center_blocks
+    [ ArticleBlock,
+      BlogArchivesBlock,
+      CategoriesBlock,
+      CommunitiesBlock,
+      EnterprisesBlock,
+      EnvironmentStatisticsBlock,
+      FansBlock,
+      FavoriteEnterprisesBlock,
+      FeedReaderBlock,
+      FriendsBlock,
+      HighlightsBlock,
+      LinkListBlock,
+      LoginBlock,
+      MainBlock,
+      MembersBlock,
+      MyNetworkBlock,
+      PeopleBlock,
+      ProfileImageBlock,
+      RawHTMLBlock,
+      RecentDocumentsBlock,
+      SellersSearchBlock,
+      TagsBlock ]
+  end
+
+  def self.acceptable_side_blocks
+    [ ArticleBlock,
+      BlogArchivesBlock,
+      CategoriesBlock,
+      CommunitiesBlock,
+      DisabledEnterpriseMessageBlock,
+      EnterprisesBlock,
+      EnvironmentStatisticsBlock,
+      FansBlock,
+      FavoriteEnterprisesBlock,
+      FeaturedProductsBlock,
+      FeedReaderBlock,
+      FriendsBlock,
+      HighlightsBlock,
+      LinkListBlock,
+      LocationBlock,
+      LoginBlock,
+      MembersBlock,
+      MyNetworkBlock,
+      PeopleBlock,
+      ProductsBlock,
+      ProfileImageBlock,
+      ProfileInfoBlock,
+      ProfileSearchBlock,
+      RawHTMLBlock,
+      RecentDocumentsBlock,
+      SellersSearchBlock,
+      SlideshowBlock,
+      TagsBlock
+    ]
+  end
+
+  private
+
+  def to_css_class_name(blocks)
+    blocks.map{ |block| block.to_s.underscore.tr('_', '-') }
+  end
+
 end
@@ -10,6 +10,9 @@ class Comment &lt; ActiveRecord::Base
   has_many :children, :class_name => 'Comment', :foreign_key => 'reply_of_id', :dependent => :destroy
   belongs_to :reply_of, :class_name => 'Comment', :foreign_key => 'reply_of_id'
  
+  named_scope :without_spam, :conditions => ['spam IS NULL OR spam = ?', false]
+  named_scope :spam, :conditions => ['spam = ?', true]
+
   # unauthenticated authors:
   validates_presence_of :name, :if => (lambda { |record| !record.email.blank? })
   validates_presence_of :email, :if => (lambda { |record| !record.name.blank? })
@@ -25,6 +28,8 @@ class Comment &lt; ActiveRecord::Base
  
   xss_terminate :only => [ :body, :title, :name ], :on => 'validation'
  
+  delegate :environment, :to => :source
+
   def action_tracker_target
     self.article.profile
   end
@@ -85,7 +90,28 @@ class Comment &lt; ActiveRecord::Base
     end
   end
  
-  after_create :notify_by_mail
+  after_create :schedule_notification
+
+  def schedule_notification
+    Delayed::Job.enqueue CommentHandler.new(self.id, :verify_and_notify)
+  end
+
+  delegate :environment, :to => :profile
+  delegate :profile, :to => :source
+
+  include Noosfero::Plugin::HotSpot
+
+  def verify_and_notify
+    check_for_spam
+    unless spam?
+      notify_by_mail
+    end
+  end
+
+  def check_for_spam
+    plugins.dispatch(:check_comment_for_spam, self)
+  end
+
   def notify_by_mail
     if source.kind_of?(Article) && article.notify_comments?
       if !article.profile.notification_emails.empty?
@@ -123,10 +149,14 @@ class Comment &lt; ActiveRecord::Base
   def self.as_thread
     result = {}
     root = []
-    all.each do |c|
+    order(:id).each do |c|
       c.replies = []
       result[c.id] ||= c
-      c.reply_of_id.nil? ? root << c : result[c.reply_of_id].replies << c
+      if result[c.reply_of_id]
+        result[c.reply_of_id].replies << c
+      else
+        root << c
+      end
     end
     root
   end
@@ -183,4 +213,34 @@ class Comment &lt; ActiveRecord::Base
     @rejected = true
   end
  
+  def spam?
+    !spam.nil? && spam
+  end
+
+  def ham?
+    !spam.nil? && !spam
+  end
+
+  def spam!
+    self.spam = true
+    self.save!
+    Delayed::Job.enqueue(CommentHandler.new(self.id, :marked_as_spam))
+    self
+  end
+
+  def ham!
+    self.spam = false
+    self.save!
+    Delayed::Job.enqueue(CommentHandler.new(self.id, :marked_as_ham))
+    self
+  end
+
+  def marked_as_spam
+    plugins.dispatch(:comment_marked_as_spam, self)
+  end
+
+  def marked_as_ham
+    plugins.dispatch(:comment_marked_as_ham, self)
+  end
+
 end
@@ -0,0 +1,10 @@
+class CommentHandler < Struct.new(:comment_id, :method)
+
+  def perform
+    comment = Comment.find(comment_id)
+    comment.send(method)
+  rescue ActiveRecord::RecordNotFound
+    # just ignore non-existing comments
+  end
+
+end
@@ -88,7 +88,7 @@ class Community &lt; Organization
   end
  
   def activities
-    Scrap.find_by_sql("SELECT id, updated_at, '#{Scrap.to_s}' AS klass FROM #{Scrap.table_name} WHERE scraps.receiver_id = #{self.id} AND scraps.scrap_id IS NULL UNION SELECT id, updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} WHERE action_tracker.target_id = #{self.id} UNION SELECT at.id, at.updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} at INNER JOIN articles a ON at.target_id = a.id WHERE a.profile_id = #{self.id} AND at.target_type = 'Article' ORDER BY updated_at DESC")
+    Scrap.find_by_sql("SELECT id, updated_at, '#{Scrap.to_s}' AS klass FROM #{Scrap.table_name} WHERE scraps.receiver_id = #{self.id} AND scraps.scrap_id IS NULL UNION SELECT id, updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} WHERE action_tracker.target_id = #{self.id} and action_tracker.verb != 'join_community' and action_tracker.verb != 'leave_scrap' UNION SELECT at.id, at.updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} at INNER JOIN articles a ON at.target_id = a.id WHERE a.profile_id = #{self.id} AND at.target_type = 'Article' ORDER BY updated_at DESC")
   end
  
 end
@@ -22,8 +22,6 @@ class Person &lt; Profile
     super
   end
  
-  acts_as_having_hotspots
-
   named_scope :members_of, lambda { |resources|
     resources = [resources] if !resources.kind_of?(Array)
     conditions = resources.map {|resource| "role_assignments.resource_type = '#{resource.class.base_class.name}' AND role_assignments.resource_id = #{resource.id || -1}"}.join(' OR ')
@@ -32,7 +30,7 @@ class Person &lt; Profile
  
   def has_permission_with_plugins?(permission, profile)
     permissions = [has_permission_without_plugins?(permission, profile)]
-    permissions += enabled_plugins.map do |plugin|
+    permissions += plugins.map do |plugin|
       plugin.has_permission?(self, permission, profile)
     end
     permissions.include?(true)
@@ -73,10 +71,7 @@ class Person &lt; Profile
     Friendship.find(:all, :conditions => { :friend_id => person.id}).each { |friendship| friendship.destroy }
   end
  
-  after_destroy :destroy_user
-  def destroy_user
-    self.user.destroy if self.user
-  end
+  belongs_to :user, :dependent => :delete
  
   def can_control_scrap?(scrap)
     begin
@@ -458,7 +453,7 @@ class Person &lt; Profile
   end
  
   def activities
-    Scrap.find_by_sql("SELECT id, updated_at, '#{Scrap.to_s}' AS klass FROM #{Scrap.table_name} WHERE scraps.receiver_id = #{self.id} AND scraps.scrap_id IS NULL UNION SELECT id, updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} WHERE action_tracker.user_id = #{self.id} ORDER BY updated_at DESC")
+    Scrap.find_by_sql("SELECT id, updated_at, '#{Scrap.to_s}' AS klass FROM #{Scrap.table_name} WHERE scraps.receiver_id = #{self.id} AND scraps.scrap_id IS NULL UNION SELECT id, updated_at, '#{ActionTracker::Record.to_s}' AS klass FROM #{ActionTracker::Record.table_name} WHERE action_tracker.user_id = #{self.id} and action_tracker.verb != 'leave_scrap_to_self' and action_tracker.verb != 'add_member_in_community' ORDER BY updated_at DESC")
   end
  
   protected
 class Product < ActiveRecord::Base
+
   belongs_to :enterprise
   has_one :region, :through => :enterprise
   validates_presence_of :enterprise
@@ -163,7 +164,7 @@ class Product &lt; ActiveRecord::Base
  
   def total_production_cost
     return inputs_cost if price_details.empty?
-    inputs_cost + price_details.map(&:price).inject { |sum,price| sum + price }
+    inputs_cost + price_details.map(&:price).inject(0){ |sum,price| sum + price }
   end
  
   def price_described?
@@ -60,7 +60,8 @@ class Profile &lt; ActiveRecord::Base
   }
  
   acts_as_accessible
-  acts_as_having_hotspots
+
+  include Noosfero::Plugin::HotSpot
  
   named_scope :memberships_of, lambda { |person| { :select => 'DISTINCT profiles.*', :joins => :role_assignments, :conditions => ['role_assignments.accessor_type = ? AND role_assignments.accessor_id = ?', person.class.base_class.name, person.id ] } }
   #FIXME: these will work only if the subclass is already loaded
@@ -69,7 +70,7 @@ class Profile &lt; ActiveRecord::Base
   named_scope :templates, :conditions => {:is_template => true}
  
   def members
-    scopes = dispatch_scopes(:organization_members, self)
+    scopes = plugins.dispatch_scopes(:organization_members, self)
     scopes << Person.members_of(self)
     scopes.size == 1 ? scopes.first : Person.or_scope(scopes)
   end
@@ -113,6 +114,8 @@ class Profile &lt; ActiveRecord::Base
   has_many :scraps_received, :class_name => 'Scrap', :foreign_key => :receiver_id, :order => "updated_at DESC", :dependent => :destroy
   belongs_to :template, :class_name => 'Profile', :foreign_key => 'template_id'
  
+  has_many :comments_received, :class_name => 'Comment', :through => :articles, :source => :comments
+
   # FIXME ugly workaround
   def self.human_attribute_name(attrib)
       _(self.superclass.human_attribute_name(attrib))
@@ -255,7 +258,7 @@ class Profile &lt; ActiveRecord::Base
       self.categories(true)
       self.solr_save
     end
-	 self.categories(reload)
+    self.categories(reload)
   end
  
   def category_ids=(ids)
@@ -31,7 +31,7 @@ class Task &lt; ActiveRecord::Base
     end
   end
  
-  belongs_to :requestor, :class_name => 'Person', :foreign_key => :requestor_id
+  belongs_to :requestor, :class_name => 'Profile', :foreign_key => :requestor_id
   belongs_to :target, :foreign_key => :target_id, :polymorphic => true
  
   validates_uniqueness_of :code, :on => :create
@@ -67,7 +67,7 @@ class UploadedFile &lt; Article
       'upload-file'
     end
   end
-  
+
   def mime_type
     content_type
   end
@@ -129,6 +129,12 @@ class UploadedFile &lt; Article
     end
   end
  
+  def extension
+    dotindex = self.filename.rindex('.')
+    return nil unless dotindex
+    self.filename[(dotindex+1)..-1].downcase
+  end
+
   def allow_children?
     false
   end
@@ -144,4 +150,5 @@ class UploadedFile &lt; Article
   def uploaded_file?
     true
   end
+
 end
@@ -30,7 +30,7 @@ class User &lt; ActiveRecord::Base
  
   after_create do |user|
     user.person ||= Person.new
-    user.person.attributes = user.person_data.merge(:identifier => user.login, :user_id => user.id, :environment_id => user.environment_id)
+    user.person.attributes = user.person_data.merge(:identifier => user.login, :user => user, :environment_id => user.environment_id)
     user.person.name ||= user.login
     user.person.visible = false unless user.activated?
     user.person.save!
@@ -88,13 +88,13 @@ class User &lt; ActiveRecord::Base
   attr_protected :activated_at
  
   # Virtual attribute for the unencrypted password
-  attr_accessor :password
+  attr_accessor :password, :name
  
   validates_presence_of     :login, :email
   validates_format_of       :login, :with => Profile::IDENTIFIER_FORMAT, :if => (lambda {|user| !user.login.blank?})
   validates_presence_of     :password,                   :if => :password_required?
-  validates_presence_of     :password_confirmation,      :if => :password_required?, :if => (lambda {|user| !user.password.blank?})
-  validates_length_of       :password, :within => 4..40, :if => :password_required?, :if => (lambda {|user| !user.password.blank?})
+  validates_presence_of     :password_confirmation,      :if => :password_required?
+  validates_length_of       :password, :within => 4..40, :if => :password_required?
   validates_confirmation_of :password,                   :if => :password_required?
   validates_length_of       :login,    :within => 2..40, :if => (lambda {|user| !user.login.blank?})
   validates_length_of       :email,    :within => 3..100, :if => (lambda {|user| !user.email.blank?})
@@ -228,7 +228,12 @@ class User &lt; ActiveRecord::Base
   end
  
   def name
-    person ? person.name : login
+    name = (self[:name] || login)
+    person.nil? ? name : (person.name || name)
+  end
+
+  def name= name
+   self[:name] = name
   end
  
   def enable_email!
@@ -274,6 +279,11 @@ class User &lt; ActiveRecord::Base
     15 # in minutes
   end
  
+
+  def not_require_password!
+    @is_password_required = false
+  end
+
   protected
     # before filter 
     def encrypt_password
@@ -282,9 +292,13 @@ class User &lt; ActiveRecord::Base
       self.password_type ||= User.system_encryption_method.to_s
       self.crypted_password = encrypt(password)
     end
-    
+
     def password_required?
-      crypted_password.blank? || !password.blank?
+      (crypted_password.blank? || !password.blank?) && is_password_required?
+    end
+
+    def is_password_required?
+      @is_password_required.nil? ? true : @is_password_required
     end
  
     def make_activation_code
@@ -292,6 +306,7 @@ class User &lt; ActiveRecord::Base
     end
  
     def deliver_activation_code
+      return if person.is_template?
       User::Mailer.deliver_activation_code(self) unless self.activation_code.blank?
     end
  
@@ -13,6 +13,8 @@
  
      <%= f.password_field :password %>
  
+     <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }.join("") %>
+
      <% button_bar do %>
        <%= submit_button( 'login', _('Log in') )%>
        <% if is_thickbox %>
@@ -23,8 +25,13 @@
 <% end %>
  
 <% button_bar do %>
-  <%= button :add, _("New user"), :controller => 'account', :action => 'signup' %>
-  <%= button :help, _("I forgot my password!"), :controller => 'account', :action => 'forgot_password' %>
+  <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
+    <%= button :add, _("New user"), :controller => 'account', :action => 'signup' %>
+  <% end %>
+
+  <% unless @plugins.dispatch(:allow_password_recovery).include?(false) %>
+    <%= button :help, _("I forgot my password!"), :controller => 'account', :action => 'forgot_password' %>
+  <% end %>
 <% end %>
  
 </div><!-- end class="login-box" -->
@@ -9,25 +9,30 @@
   @user ||= User.new
 %>
  
-    <% labelled_form_for :user, @user,
-       :url => login_url do |f| %>
+    <% labelled_form_for :user, @user, :url => login_url do |f| %>
  
-         <%= f.text_field :login, :onchange => 'this.value = convToValidLogin( this.value )' %>
+      <%= f.text_field :login, :onchange => 'this.value = convToValidLogin( this.value )' %>
  
-         <%= f.password_field :password %>
+      <%= f.password_field :password %>
+
+      <%= @plugins.dispatch(:login_extra_contents).collect { |content| instance_eval(&content) }.join("") %>
  
       <% button_bar do %>
         <%= submit_button( 'login', _('Log in') )%>
-        <%= link_to content_tag( 'span', _('New user') ),
-            { :controller => 'account', :action => 'signup' },
-            :class => 'button with-text icon-add' %>
+        <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
+          <%= link_to content_tag( 'span', _('New user') ),
+              { :controller => 'account', :action => 'signup' },
+              :class => 'button with-text icon-add' %>
+        <% end %>
       <% end %>
  
     <% end %>
  
-    <p class="forgot-passwd">
-      <%= link_to _("I forgot my password!"), :controller => 'account', :action => 'forgot_password' %>
-    </p>
+    <% unless @plugins.dispatch(:allow_password_recovery).include?(false) %>
+      <p class="forgot-passwd">
+        <%= link_to _("I forgot my password!"), :controller => 'account', :action => 'forgot_password' %>
+      </p>
+    <% end %>
  
     </div>
  
 <h1><%= _('Administrator Panel') %></h1>
  
-<p><%= _('You, as an environment administrator, has the following options:')%></p>
+<h2><%= _('System settings') %></h2>
  
 <table>
-  <tr><td><%= link_to _('Edit environment settings'), :action => 'site_info' %></td></tr>
-  <tr><td><%= link_to __('Edit message for disabled enterprises'), :action => 'message_for_disabled_enterprise' %></td></tr>
-  <tr><td><%= link_to _('Enable/disable features'), :controller => 'features' %></td></tr>
-  <tr><td><%= link_to _('Enable/disable plugins'), :controller => 'plugins' %></td></tr>
-  <tr><td><%= link_to _('Edit sideboxes'), :controller => 'environment_design'%></td></tr>
-  <tr><td><%= link_to _('Manage Categories'), :controller => 'categories'%></td></tr>
-  <tr><td><%= link_to _('Manage User roles'), :controller => 'role' %></td></tr>
-  <tr><td><%= link_to _('Manage users'), :controller => 'users' %></td></tr>
-  <tr><td><%= link_to _('Manage Validators by region'), :controller => 'region_validators' %></td></tr>
-  <tr><td><%= link_to _('Edit Templates'), :controller => 'templates' %></td></tr>
-  <tr><td><%= link_to _('Manage Fields'), :controller => 'features', :action => 'manage_fields' %></td></tr>
-  <tr><td><%= link_to _('Set Portal'), :action => 'set_portal_community' %></td></tr>
-  <tr><td><%= link_to _('Manage Licenses'), :controller =>'licenses' %></td></tr>
-  <% @plugins.dispatch(:admin_panel_links).each do |link| %>
+  <tr><td><%= link_to _('Environment settings'), :action => 'site_info' %></td></tr>
+  <tr><td><%= link_to _('Features'), :controller => 'features' %></td></tr>
+  <tr><td><%= link_to _('Plugins'), :controller => 'plugins' %></td></tr>
+  <tr><td><%= link_to _('Sideboxes'), :controller => 'environment_design'%></td></tr>
+  <tr><td><%= link_to _('Homepage'), :action => 'set_portal_community' %></td></tr>
+  <tr><td><%= link_to _('Licenses'), :controller =>'licenses' %></td></tr>
+</table>
+
+<h2><%= _('Profiles') %></h2>
+
+<table>
+  <tr><td><%= link_to _('User roles'), :controller => 'role' %></td></tr>
+  <tr><td><%= link_to _('Users'), :controller => 'users' %></td></tr>
+  <tr><td><%= link_to _('Profile templates'), :controller => 'templates' %></td></tr>
+  <tr><td><%= link_to _('Fields'), :controller => 'features', :action => 'manage_fields' %></td></tr>
+</table>
+
+
+<%
+  plugin_links = @plugins.dispatch(:admin_panel_links)
+%>
+<% unless plugin_links.empty? %>
+  <h2><%= _('Plugins') %></h2>
+  <table>
+  <% plugin_links.each do |link| %>
     <tr><td><%= link_to link[:title], link[:url] %></td></tr>
   <% end %>
+  </table>
+<% end %>
+
+<h2><%= _('Enterprise-related settings') %></h2>
+
+<table>
+  <tr><td><%= link_to __('Message for disabled enterprises'), :action => 'message_for_disabled_enterprise' %></td></tr>
+  <tr><td><%= link_to _('Validators by region'), :controller => 'region_validators' %></td></tr>
+  <tr><td><%= link_to _('Categories'), :controller => 'categories'%></td></tr>
 </table>
@@ -0,0 +1,10 @@
+<% block_types.in_groups_of(2) do |block1, block2| %>
+  <div style='float: left; width: 48%; padding-top: 2px;'>
+    <%= labelled_radio_button(block1.description, :type, block1.name) %>
+  </div>
+  <% if block2 %>
+    <div style='float: left; width: 48%; padding-top: 2px;'>
+      <%= labelled_radio_button(block2.description, :type, block2.name) %>
+    </div>
+  <% end %>
+<% end %>
 <strong><%= _('Highlights') %></strong>
-<div id='edit-highlights-block'>
+<div id='edit-highlights-block' style='width:450px'>
 <table id='highlights' class='noborder'>
   <tr><th><%= _('Image') %></th><th><%= _('Address') %></th><th><%= _('Position') %></th><th><%= _('Title') %></th></tr>
   <% for image in @block.images do %>
 <strong><%= _('Links') %></strong>
-<div id='edit-link-list-block'>
+<div id='edit-link-list-block' style='width:450px'>
 <table id='links' class='noborder'>
   <tr><th><%= _('Icon') %></th><th><%= _('Name') %></th><th><%= _('Address') %></th></tr>
   <% for link in @block.links do %>
-<%= labelled_form_field(_('HTML code'), text_area(:block, :html, :style => 'width: 100%', :rows => 15)) %>
+<%= labelled_form_field(_('HTML code'), text_area(:block, :html, :style => 'width: 90%', :rows => 15)) %>
-<% form_tag do %>
-
-  <p><%= _('In what area do you want to put your new block?') %></p>
-
-  <%# FIXME hardcoded stuff %>
-  <%= select_tag('box_id', options_for_select(@boxes.select { |item| item.position != 1 }.map {|item| [ _("Area %d") % item.position, item.id]})) %>
-  
-  <p><%= _('Select the type of block you want to add to your page.') %></p>
-  
-  <% @block_types.in_groups_of(2) do |block1, block2| %>
-    <div style='float: left; width: 48%; padding-top: 2px;'>
-      <%= radio_button_tag('type', block1.name) %>
-      <%= label_tag "type_#{block1.name.downcase}", block1.description %>
+<div style='height:350px'>
+  <% form_tag do %>
+
+    <p><%= _('In what area do you want to put your new block?') %></p>
+
+    <% @boxes.each do |box| %>
+      <%= labelled_radio_button(_("Area %d") % box.position, :box_id, box.id, box.central?, { :class => 'box-position', 'data-position' => box.position })  %>
+    <% end %>
+
+    <script type="text/javascript">
+      (function ($) {
+        $(document).ready(function () {
+          $(".box-position").live('change', function () {
+            if ($(this).attr('data-position') == '1') {
+              $('#center-block-types').show();
+              $('#side-block-types').hide();
+            } else {
+              $('#center-block-types').hide();
+              $('#side-block-types').show();
+            };
+          });
+      })})(jQuery);
+    </script>
+
+    <p><%= _('Select the type of block you want to add to your page.') %></p>
+
+    <div id='center-block-types'>
+      <%= render :partial => 'block_types', :locals => { :block_types => @center_block_types } %>
     </div>
-    <% if block2 %>
-      <div style='float: left; width: 48%; padding-top: 2px;'>
-        <%= radio_button_tag('type', block2.name) %>
-        <%= label_tag "type_#{block2.name.downcase}", block2.description %>
-      </div>
+
+    <div id='side-block-types' style='display:none'>
+      <%= render :partial => 'block_types', :locals => { :block_types => @side_block_types } %>
+    </div>
+
+    <br style='clear: both'/>
+
+    <% button_bar do %>
+      <%= submit_button(:add, _("Add")) %>
+      <%= colorbox_close_button(_('Close')) %>
     <% end %>
-  <% end %>
-  <br style='clear: both'/>
-  
-  <% button_bar do %>
-    <%= submit_button(:add, _("Add")) %>
-    <%= lightbox_close_button(_('Close')) %>
-  <% end %>
  
-<% end %>
+  <% end %>
+</div>
-<h2><%= _('Editing block') %></h2>
+<div style='width: 500px;'>
+  <h2><%= _('Editing block') %></h2>
  
-<% form_tag(:action => 'save', :id => @block.id) do %>
+  <% form_tag(:action => 'save', :id => @block.id) do %>
  
-  <%= labelled_form_field(_('Custom title for this block: '), text_field(:block, :title, :maxlength => 20)) %>
+    <%= labelled_form_field(_('Custom title for this block: '), text_field(:block, :title, :maxlength => 20)) %>
  
-  <%= render :partial => partial_for_class(@block.class) %>
+    <%= render :partial => partial_for_class(@block.class) %>
  
-  <%= labelled_form_field _('Display this block:'), '' %>
-  <div style='margin-left: 10px'>
-    <%= radio_button(:block, :display, 'always') %>
-    <%= label_tag('block_display_always', _('In all pages')) %>
-    <br/>
-    <%= radio_button(:block, :display, 'home_page_only') %>
-    <%= label_tag('block_display_home_page_only', _('Only in the homepage')) %>
-    <br/>
-    <%= radio_button(:block, :display, 'except_home_page') %>
-    <%= label_tag('block_display_except_home_page', _('In all pages, except in the homepage')) %>
-    <br/>
-    <%= radio_button(:block, :display, 'never') %>
-    <%= label_tag('block_display_never', _("Don't display")) %>
-  </div>
+    <%= labelled_form_field _('Display this block:'), '' %>
+    <div style='margin-left: 10px'>
+      <%= radio_button(:block, :display, 'always') %>
+      <%= label_tag('block_display_always', _('In all pages')) %>
+      <br/>
+      <%= radio_button(:block, :display, 'home_page_only') %>
+      <%= label_tag('block_display_home_page_only', _('Only in the homepage')) %>
+      <br/>
+      <%= radio_button(:block, :display, 'except_home_page') %>
+      <%= label_tag('block_display_except_home_page', _('In all pages, except in the homepage')) %>
+      <br/>
+      <%= radio_button(:block, :display, 'never') %>
+      <%= label_tag('block_display_never', _("Don't display")) %>
+    </div>
  
   <%= labelled_form_field(_('Show for:'), select(:block, :language, [ [ _('all languages'), 'all']] + environment.locales.map {|key, value| [value, key]} )) %>
  
-  <% button_bar do %>
-    <%= submit_button(:save, _('Save')) %>
-    <%= lightbox_close_button(_('Cancel')) %>
-  <% end %>
+    <% button_bar do %>
+      <%= submit_button(:save, _('Save')) %>
+      <%= colorbox_close_button(_('Cancel')) %>
+    <% end %>
  
-<% end %>
+  <% end %>
+</div>
 <h1><%= _('Editing sideboxes')%></h1>
  
 <% button_bar do %>
-  <%= lightbox_button('add', _('Add a block'), { :action => 'add_block' }) %> 
+  <%= colorbox_button('add', _('Add a block'), { :action => 'add_block' }) %>
   <%= button(:back, _('Back to control panel'), :controller => (profile.nil? ? 'admin_panel': 'profile_editor')) %>
 <% end %>
@@ -49,13 +49,13 @@
         <%= article.class.short_description %>
       </td>
       <td class="article-controls">
-        <%= button_without_text :edit, _('Edit'), :action => 'edit', :id => article.id %>
+        <%= expirable_button article, :edit, _('Edit'), {:action => 'edit', :id => article.id} if !remove_content_button(:edit) %>
         <%= button_without_text :eyes, _('Public view'), article.view_url %>
-        <%= display_spread_button(profile, article) unless article.folder? %>
-        <% if !environment.enabled?('cant_change_homepage') %>
-          <%= button_without_text :home, _('Use as homepage'), { :action => 'set_home_page', :id => article.id }, :method => :post %>
+        <%= display_spread_button(profile, article) unless article.folder? || remove_content_button(:spread)%>
+        <% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+          <%= expirable_button article, :home, _('Use as homepage'), { :action => 'set_home_page', :id => article.id }, :method => :post %>
         <% end %>
-        <%= display_delete_button(article) %>
+        <%= display_delete_button(article) if !remove_content_button(:delete) %>
       </td>
     </tr>
   <% end %>
 <div<%= user && " class='logged-in'" %>>
   <div id="article-actions">
  
-    <% if @page.allow_edit?(user) %>
-      <%= link_to content_tag( 'span', label_for_edit_article(@page) ),
-          profile.admin_url.merge({ :controller => 'cms', :action => 'edit', :id => @page.id }),
-          :class => 'button with-text icon-edit' %>
+
+    <% if @page.allow_edit?(user) && !remove_content_button(:edit) %>
+      <% content = content_tag('span', label_for_edit_article(@page)) %>
+      <% url = profile.admin_url.merge({ :controller => 'cms', :action => 'edit', :id => @page.id }) %>
+      <%= expirable_button @page, :edit, content, url %>
     <% end %>
  
-    <% if @page != profile.home_page && !@page.has_posts?  && @page.allow_delete?(user) %>
-      <%= link_to content_tag( 'span', _('Delete') ),
-        profile.admin_url.merge({ :controller => 'cms', :action => 'destroy', :id => @page}),
-        :method => :post,
-        :class => 'button with-text icon-delete',
-        :confirm => delete_article_message(@page) %>
+    <% if @page != profile.home_page && !@page.has_posts?  && @page.allow_delete?(user) && !remove_content_button(:delete)%>
+      <% content = content_tag( 'span', _('Delete') ) %>
+      <% url = profile.admin_url.merge({ :controller => 'cms', :action => 'destroy', :id => @page}) %>
+      <% options = {:method => :post, :confirm => delete_article_message(@page)} %>
+      <%= expirable_button @page, :delete, content, url, options %>
     <% end %>
  
-    <% if !@page.folder? && @page.allow_spread?(user) %>
+    <% if !@page.folder? && @page.allow_spread?(user) && !remove_content_button(:spread) %>
+      <% content = content_tag( 'span', _('Spread this') ) %>
+      <% url = nil %>
       <% if profile.kind_of?(Person) %>
-        <%= link_to content_tag( 'span', _('Spread this') ),
-            profile.admin_url.merge({ :controller => 'cms', :action => 'publish', :id => @page }),
-            :class => 'button with-text icon-spread' %>
+        <% url = profile.admin_url.merge({ :controller => 'cms', :action => 'publish', :id => @page }) %>
       <% elsif profile.kind_of?(Community) && environment.portal_community %>
-        <%= link_to content_tag( 'span', _('Spread this') ),
-            profile.admin_url.merge({ :controller => 'cms', :action => 'publish_on_portal_community', :id => @page }),
-            :class => 'button with-text icon-spread' %>
+        <% url = profile.admin_url.merge({ :controller => 'cms', :action => 'publish_on_portal_community', :id => @page }) %>
       <% end %>
+      <%= expirable_button @page, :spread, content, url if url %>
     <% end %>
  
     <% if !@page.gallery? && @page.allow_create?(user) %>
-      <%= link_to _('Add translation'),
-          profile.admin_url.merge(:controller => 'cms', :action => 'new',
-                                  :parent_id => (@page.folder? ? @page : (@page.parent.nil? ? nil : @page.parent)),
-                                  :type => @page.type, :article => { :translation_of_id => @page.native_translation.id }),
-          :class => 'button with-text icon-locale' if @page.translatable? && !@page.native_translation.language.blank? %>
+      <% if @page.translatable? && !@page.native_translation.language.blank? && !remove_content_button(:locale) %>
+        <% content = _('Add translation') %>
+        <% parent_id = (@page.folder? ? @page : (@page.parent.nil? ? nil : @page.parent)) %>
+        <% url = profile.admin_url.merge(:controller => 'cms', :action => 'new', :parent_id => parent_id, :type => @page.type, :article => { :translation_of_id => @page.native_translation.id })%>
+        <%= expirable_button @page, :locale, content, url %>
+      <% end %>
+
       <%= colorbox_button(:new, label_for_new_article(@page), profile.admin_url.merge(:controller => 'cms', :action => 'new', :parent_id => (@page.folder? ? @page : (@page.parent.nil? ? nil : @page.parent)))) %>
     <% end %>
  
@@ -40,8 +41,11 @@
       <%= button('upload-file', _('Upload files'), profile.admin_url.merge(:controller => 'cms', :action => 'upload_files', :parent_id => (@page.folder? ? @page : @page.parent))) %>
     <% end %>
  
-    <% if !@page.allow_create?(user) && profile.community? && (@page.blog? || @page.parent && @page.parent.blog?) %>
-      <%= link_to content_tag( 'span', _('Suggest an article') ), profile.admin_url.merge({ :controller => 'cms', :action => 'suggest_an_article'}), :id => 'suggest-article-link', :class => 'button with-text icon-new' %>
+    <% if !@page.allow_create?(user) && profile.community? && (@page.blog? || @page.parent && @page.parent.blog?) && !remove_content_button(:suggest) %>
+      <% content = content_tag( 'span', _('Suggest an article') ) %>
+      <% url = profile.admin_url.merge({ :controller => 'cms', :action => 'suggest_an_article'}) %>
+      <% options = {:id => 'suggest-article-link'} %>
+      <%= expirable_button @page, :suggest, content, url, options %>
     <% end %>
  
     <%= report_abuse(profile, :link, @page) %>
 <li id="<%= comment.anchor %>" class="article-comment">
   <div class="article-comment-inner">
  
-  <div class="comment-content comment-logged-<%= comment.author ? 'in' : 'out' %> <%= 'comment-from-owner' if ( comment.author && (@page.profile.name == comment.author.name) ) %>">
+  <div class="comment-content comment-logged-<%= comment.author ? 'in' : 'out' %> <%= 'comment-from-owner' if ( comment.author && (profile == comment.author) ) %>">
  
   <% if comment.author %>
     <%= link_to image_tag(profile_icon(comment.author, :minor)) +
@@ -29,17 +29,12 @@
   <% end %>
  
   <% comment_balloon do %>
-    <% if logged_in? && (user == @page.profile || user == comment.author || user.has_permission?(:moderate_comments, @page.profile)) %>
-      <% button_bar(:style => 'float: right; margin-top: 0px;') do %>
-        <%= icon_button(:delete, _('Remove this comment and all its replies'), { :profile => params[:profile], :remove_comment => comment.id, :view => params[:view] }, :method => :post, :confirm => _('Are you sure you want to remove this comment and all its replies?')) %>
-      <% end %>
-    <% end %>
  
     <div class="comment-details">
       <div class="comment-created-at">
         <%= show_time(comment.created_at) %>
       </div>
-      <h4><%= comment.title %></h4>
+      <h4><%= comment.title.blank? && '&nbsp;' || comment.title %></h4>
       <div class="comment-text">
         <p/>
         <%= txt2html comment.body %>
@@ -57,18 +52,42 @@
         </script>
       <% end %>
       <%= report_abuse(comment.author, :comment_link, comment) if comment.author %>
-      <%= link_to_function _('Reply'),
-          "var f = add_comment_reply_form(this, %s); f.find('input[name=comment[title]], textarea').val(''); return false" % comment.id,
+
+      <% if comment.spam? %>
+        &nbsp;
+        <%= link_to_function(_('Mark as NOT SPAM'), 'remove_comment(this, %s); return false;' % url_for(:mark_comment_as_ham => comment.id).to_json, :class => 'comment-footer comment-footer-link comment-footer-hide')  %>
+      <% else %>
+        <% if (logged_in? && (user == profile || user.has_permission?(:moderate_comments, profile))) %>
+          &nbsp;
+          <%= link_to_function(_('Mark as SPAM'), 'remove_comment(this, %s, %s); return false;' % [url_for(:mark_comment_as_spam => comment.id).to_json, _('Are you sure you want to mark this comment as SPAM?').to_json], :class => 'comment-footer comment-footer-link comment-footer-hide')  %>
+        <% end %>
+      <% end %>
+
+      <% if comment.author && comment.author == user %>
+        &nbsp;
+        <%= expirable_comment_link comment, :edit, _('Edit'), {:action => 'edit_comment', :id => comment.id, :profile => profile.identifier} %>
+      <% end %>
+
+      <% if logged_in? && (user == profile || user == comment.author || user.has_permission?(:moderate_comments, profile)) %>
+        &nbsp;
+        <%= link_to_function(_('Remove'), 'remove_comment(this, %s, %s); return false ;' % [url_for(:profile => params[:profile], :remove_comment => comment.id, :view => params[:view]).to_json, _('Are you sure you want to remove this comment and all its replies?').to_json], :class => 'comment-footer comment-footer-link comment-footer-hide remove-children') %>
+      <% end %>
+
+      <% unless comment.spam? %>
+        &nbsp;
+        <%= link_to_function _('Reply'),
+          "var f = add_comment_reply_form(this, %s); f.find('comment_title, textarea').val(''); return false" % comment.id,
           :class => 'comment-footer comment-footer-link comment-footer-hide',
           :id => 'comment-reply-to-' + comment.id.to_s
-      %>
+        %>
+      <% end %>
     </div>
  
   <% end %>
  
   </div>
  
-  <% unless comment.replies.blank? %>
+  <% unless comment.replies.blank? || comment.spam? %>
   <ul class="comment-replies">
     <% comment.replies.each do |reply| %>
       <%= render :partial => 'comment', :locals => { :comment => reply } %>
@@ -32,15 +32,17 @@ function submit_comment_form(button) {
  
 <div class="post_comment_box <%= @form_div %>">
  
-<h4 onclick="var d = jQuery(this).parent('.post_comment_box');
-             if (d.hasClass('closed')) {
-               d.removeClass('closed');
-               d.addClass('opened');
-               d.find('input[name=comment[title]], textarea').val('');
-               d.find('.comment_form input[name=comment[<%= focus_on %>]]').focus();
-             }">
-  <%= content_tag('a', '', :name => 'comment_form') + _('Post a comment') %>
-</h4>
+<% if display_link %>
+  <h4 onclick="var d = jQuery(this).parent('.post_comment_box');
+               if (d.hasClass('closed')) {
+                 d.removeClass('closed');
+                 d.addClass('opened');
+                 d.find('input[name=comment[title]], textarea').val('');
+                 d.find('.comment_form input[name=comment[<%= focus_on %>]]').focus();
+               }">
+    <%= content_tag('a', '', :name => 'comment_form') + _('Post a comment') %>
+  </h4>
+<% end %>
  
 <% unless pass_without_comment_captcha? %>
   <div id="recaptcha-container" style="display: none">
@@ -59,7 +61,7 @@ function submit_comment_form(button) {
   </script>
 <% end %>
  
-<% form_tag( url_for(@page.view_url.merge({:only_path => true})), { :class => 'comment_form' } ) do %>
+<% form_tag( url, { :class => 'comment_form' } ) do %>
   <%= hidden_field_tag(:confirm, 'false') %>
  
   <%= required_fields_message %>
@@ -84,7 +86,11 @@ function submit_comment_form(button) {
  
   <% button_bar do %>
     <%= submit_button('add', _('Post comment'), :onclick => "submit_comment_form(this); return false") %>
-    <%= button_to_function :cancel, _('Cancel'), "f=jQuery(this).parents('.post_comment_box'); f.removeClass('opened'); f.addClass('closed'); return false" %>
+    <% if cancel_triggers_hide %>
+      <%= button_to_function :cancel, _('Cancel'), "f=jQuery(this).parents('.post_comment_box'); f.removeClass('opened'); f.addClass('closed'); return false" %>
+    <% else %>
+      <%= button('cancel', _('Cancel'), {:action => 'view_page', :profile => profile.identifier, :page => @comment.article.explode_path})%>
+    <% end %>
   <% end %>
 <% end %>
  
@@ -0,0 +1,3 @@
+<h1><%= _('Edit comment') %></h1>
+
+<%= render :partial => 'comment_form', :locals => {:url => {:action => 'edit_comment', :profile => profile.identifier}, :display_link => false, :cancel_triggers_hide => false} %>
@@ -98,13 +98,7 @@
   </ul>
  
   <% if @page.accept_comments? %>
-    <div id="page-comment-form"><%= render :partial => 'comment_form' %></div>
-    <script type="text/javascript">
-      jQuery( function() {
-        jQuery('.article-comment').live('mouseover', function() { jQuery(this).find('.icon-delete:first').show(); });
-        jQuery('.article-comment').live('mouseout', function() { jQuery(this).find('.icon-delete').hide(); });
-      });
-    </script>
+    <div id="page-comment-form"><%= render :partial => 'comment_form', :locals => {:url => url_for(@page.view_url.merge({:only_path => true})), :display_link => true, :cancel_triggers_hide => true}%></div>
   <% end %>
 </div><!-- end class="comments" -->
  
@@ -31,7 +31,7 @@
               :class => 'button icon-remove',
               :title => _('remove') %>
         <%= link_to content_tag('span',_('contact')),
-              friend.url.merge(:controller => 'contact', :action => 'new'),
+              friend.url.merge(:controller => 'contact', :action => 'new', :profile => friend.identifier),
               :class => 'button icon-menu-mail',
               :title => _('contact') %>
       </div><!-- end class="controll" -->
@@ -2,7 +2,8 @@
 'jquery.noconflict.js', 'jquery.cycle.all.min.js', 'thickbox.js', 'lightbox', 'colorbox',
 'jquery-ui-1.8.2.custom.min', 'jquery.scrollTo', 'jquery.form.js', 'jquery-validation/jquery.validate',
 'jquery.cookie', 'jquery.ba-bbq.min.js', 'reflection', 'jquery.tokeninput',
-'add-and-join', 'report-abuse', 'catalog', 'manage-products', :cache => 'cache-general' %>
+'add-and-join', 'report-abuse', 'catalog', 'manage-products',
+'jquery-ui-timepicker-addon', :cache => 'cache-general' %>
  
 <% language = FastGettext.locale %>
 <% %w{messages methods}.each do |type| %>
@@ -56,10 +56,18 @@
             <%= usermenu_logged_in %>
           </span>
           <span class='not-logged-in' style='display: none'>
-              <%= _("<span class='login'>%s</span> <span class='or'>or</span> <span class='signup'>%s</span>") % [thickbox_inline_popup_link('<i class="icon-menu-login"></i><strong>' + _('Login') + '</strong>', login_url, 'inlineLoginBox', :id => 'link_login'), link_to('<strong>' + _('Sign up') + '</strong>', :controller => 'account', :action => 'signup') ] %>
+
+              <%= _("<span class='login'>%s</span>") % thickbox_inline_popup_link('<i class="icon-menu-login"></i><strong>' + _('Login') + '</strong>', login_url, 'inlineLoginBox', :id => 'link_login') %>
+              <%= @plugins.dispatch(:alternative_authentication_link).collect { |content| instance_eval(&content) }.join("") %>
+
               <div id='inlineLoginBox' style='display: none;'>
                 <%= render :file => 'account/login', :locals => { :is_thickbox => true } %>
               </div>
+
+              <% unless @plugins.dispatch(:allow_user_registration).include?(false) %>
+              <%= _("<span class='or'>or</span> <span class='signup'>%s</span>") % link_to('<strong>' + _('Sign up') + '</strong>', :controller => 'account', :action => 'signup')%>
+              <% end %>
+
           </span>
           <form action="/search" class="search_form" method="get" class="clean">
             <input name="query" size="15" title="<%=_('Search...')%>" onfocus="this.form.className='focused';" onblur="this.form.className=''" />
 <h1><%= _('Manage plugins') %></h1>
-<%= _('Here you can enable or disable any plugin of your environment.')%>
+
+<p>
+<%= _('Select which plugins you want to enable in your environment') %>
+</p>
  
 <% labelled_form_for(:environment, @environment, :url => {:action => 'update'}) do |f| %>
  
-<table>
-  <tr>
-    <th><%= _('Plugin') %></th>
-    <th><%= _('Description') %></th>
-    <th><%= _('Enabled?') %></th>
-  </tr>
-  <%= hidden_field_tag('environment[enabled_plugins][]', '') %>
-  <% @active_plugins.each do |plugin|   %>
-    <tr>
-      <td><%= plugin.has_admin_url? ? link_to(plugin.plugin_name, plugin.admin_url) : plugin.plugin_name %></td>
-      <td><%= plugin.plugin_description %></td>
-      <td><%= check_box_tag "environment[enabled_plugins][]", plugin, @environment.enabled_plugins.include?(plugin.to_s), :id => plugin.plugin_name %></td>
-    </tr>
-  <% end %>
-</table>
+  <table>
+    <% @active_plugins.sort_by(&:plugin_name).each do |plugin|   %>
+      <tr>
+        <td style='vertical-align: top'><%= check_box_tag "environment[enabled_plugins][]", plugin, @environment.enabled_plugins.include?(plugin.to_s), :id => plugin.plugin_name %></td>
+        <td>
+          <%= hidden_field_tag('environment[enabled_plugins][]', '') %>
+          <strong><%= plugin.plugin_name %></strong>
+          <br/>
+          <%= plugin.plugin_description %>
+          <% if plugin.has_admin_url? %>
+            <br/>
+            <br/>
+            <%= link_to(_('Configuration'), plugin.admin_url) %>
+          <% end %>
+        </td>
+      </tr>
+    <% end %>
+  </table>
  
 <div>
   <% button_bar do %>
@@ -5,19 +5,35 @@
 <li class="article-comment" style='border-bottom:none;'>
   <div class="article-comment-inner">
  
-  <div class="comment-content comment-logged-in">
+  <div class="comment-content comment-logged-<%= comment.author ? 'in' : 'out' %>">
  
   <% if comment.author %>
     <%= link_to image_tag(profile_icon(comment.author, :minor)),
-        Person.find(comment.author_id).url,
+        comment.author_url,
         :class => 'comment-picture',
         :title => comment.author_name
     %>
+  <% else %>
+    <% url_image, status_class = comment.author_id ?
+       [comment.removed_user_image, 'icon-user-removed'] :
+       [str_gravatar_url_for( comment.email ), 'icon-user-unknown'] %>
+
+    <%= link_to(
+          image_tag(url_image, :onerror=>'gravatarCommentFailback(this)',
+                   'data-gravatar'=>str_gravatar_url_for(comment.email)) +
+          content_tag('span', comment.author_name, :class => 'comment-info') +
+          content_tag('span', comment.message,
+                   :class => 'comment-user-status comment-user-status-wall ' + status_class),
+        gravatar_profile_url(comment.email),
+        :target => '_blank',
+        :class => 'comment-picture',
+        :title => '%s %s' % [comment.author_name, comment.message]
+    )%>
   <% end %>
  
   <div class="comment-details">
     <div class="comment-text">
-      <%= link_to(comment.author_name, comment.author.url) %>
+      <%= comment.author.present? ? link_to(comment.author_name, comment.author.url) : content_tag('strong', comment.author_name) %>
       <% unless comment.title.blank? %>
         <span class="comment-title"><%= comment.title %></span><br/>
       <% end %>
@@ -30,7 +46,7 @@
  
   <% if logged_in? && (user == profile || user == comment.author || user.has_permission?(:moderate_comments, profile)) %>
     <% button_bar(:style => 'float: right; margin-top: 0px;') do %>
-      <%= icon_button(:delete, _('Remove'), { :action => :remove_comment, :comment_id => comment.id }, :method => :get, :confirm => _('Are you sure you want to remove this comment and all its replies?')) %>
+      <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.article-comment'", url_for(:profile => params[:profile], :action => :remove_comment, :comment_id => comment.id, :view => params[:view]).to_json, _('Are you sure you want to remove this comment and all its replies?').to_json], :class => 'button icon-button icon-delete') %>
     <% end %>
   <% end %>
   <br style="clear: both;" />
@@ -46,6 +62,10 @@
       </script>
     <% end %>
     <%= report_abuse(comment.author, :comment_link, comment) if comment.author %>
+    <% if comment.author && comment.author == user %>
+      <%= expirable_comment_link comment, :edit, _('Edit'), {:action => 'edit_comment', :id => comment.id, :profile => profile.identifier} %>
+      <%= content_tag('span', ' | ', :class => 'comment-footer comment-footer-hide') %>
+    <% end %>
     <%= link_to_function _('Reply'),
         "var f = add_comment_reply_form(this, %s); f.find('input[name=comment[title]], textarea').val(''); return false" % comment.id,
         :class => 'comment-footer comment-footer-link comment-footer-hide',
@@ -15,7 +15,7 @@
   <p class='profile-activity-time'><%= time_ago_as_sentence(activity.created_at) %></p>
   <div class='profile-wall-actions'>
     <%= link_to s_('profile|Comment'), '#', { :class => 'focus-on-comment'} %>
-    <%= link_to_remote(content_tag(:span, _('Remove')), :url =>{:action => 'remove_activity', :activity_id => activity.id, :only_hide => true}, :confirm => _('Are you sure?'), :update => "profile-activity-item-#{activity.id}") if logged_in? && current_person == @profile %>
+    <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :only_hide => true, :view => params[:view]).to_json, _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %>
   </div>
 </div>
  
@@ -6,7 +6,7 @@
   <p class='profile-activity-time'><%= time_ago_as_sentence(activity.created_at) %></p>
   <div class='profile-wall-actions'>
     <%= link_to s_('profile|Comment'), '#', { :class => 'focus-on-comment'} %>
-    <%= link_to_remote(content_tag(:span, _('Remove')), :confirm => _('Are you sure?'), :url =>{:action => 'remove_activity', :activity_id => activity.id}, :update => "profile-activity-item-#{activity.id}") if logged_in? && current_person == @profile %>
+    <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]).to_json, _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %>
   </div>
 </div>
  
@@ -5,7 +5,7 @@
   <p class='profile-activity-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p>
   <p class='profile-activity-time'><%= time_ago_as_sentence(activity.created_at) %></p>
   <div class='profile-wall-actions'>
-    <%= link_to_remote(content_tag(:span, _('Remove')), :confirm => _('Are you sure?'), :url =>{:action => 'remove_activity', :activity_id => activity.id}, :update => "profile-activity-item-#{activity.id}") if logged_in? && current_person == @profile %>
+    <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]).to_json, _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %>
   </div>
 </div>
  
@@ -12,7 +12,7 @@
         <%= link_to_function s_('profile|Comment'), "hide_and_show(['#profile-wall-message-response-#{scrap.id}'],['#profile-wall-reply-#{scrap.id}', '#profile-wall-reply-form-#{scrap.id}']);$('reply_content_#{scrap.id}').value='';$('reply_content_#{scrap.id}').focus();return false", :class => "profile-send-reply" %>
       </span>
     <% end %>
-    <%= link_to_remote(content_tag(:span, _('Remove')), :confirm => _('Are you sure?'), :url =>{:action => 'remove_scrap', :scrap_id => scrap.id}, :update => "profile-activity-item-#{scrap.id}") if logged_in? && user.can_control_scrap?(scrap) %>
+    <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_scrap, :scrap_id => scrap.id, :view => params[:view]).to_json, _('Are you sure you want to remove this scrap and all its replies?').to_json]) if logged_in? && user.can_control_scrap?(scrap) %>
     </div>
   </div>
  
@@ -6,7 +6,7 @@
     <p class='profile-activity-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p>
     <p class='profile-activity-time'><%= time_ago_as_sentence(activity.created_at) %></p>
     <div class='profile-wall-actions'>
-      <%= link_to_remote(content_tag(:span, _('Remove')), :confirm => _('Are you sure?'), :url =>{:action => 'remove_activity', :activity_id => activity.id}, :update => "profile-activity-item-#{activity.id}") if logged_in? && current_person == @profile %>
+      <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]).to_json, _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %>
     </div>
   </div>
 </div>
@@ -66,6 +66,8 @@
  
   <%= control_panel_button(_('Manage my groups'), 'groups', :controller => 'memberships') if profile.person? %>
  
+  <%= control_panel_button(_('Manage SPAM'), 'manage-spam', :controller => 'spam', :action => 'index') %>
+
   <% @plugins.dispatch(:control_panel_buttons).each do |button| %>
     <%= control_panel_button(button[:title], button[:icon], button[:url]) %>
   <% end %>
-<div id="search-results" class="<%= @results.size == 1 ? 'only-one-result-box' : 'multiple-results-boxes' %>">
+<div id="search-results" class="<%= !multiple_search? ? 'only-one-result-box' : 'multiple-results-boxes' %>">
   <% @order.each do |name| %>
     <% results = @results[name] %>
     <% empty = results.nil? || results.empty? %>
@@ -7,7 +7,7 @@
       <% if not empty %>
         <% partial = partial_for_class(results.first.class.class_name.constantize) %>
  
-        <% if @results.size > 1 %>
+        <% if multiple_search? %>
           <h3><%= @names[name] %></h3>
           <% if results.total_entries > SearchController::MULTIPLE_SEARCH_LIMIT %>
             <%= link_to(_('see all (%d)') % results.total_entries, params.merge(:action => name), :class => 'see-more' ) %>
@@ -22,9 +22,10 @@
           </ul>
         </div>
       <% else %>
-        <% if @results.size > 1 %>
+        <% if multiple_search? %>
           <h3><%= @names[name] %></h3>
         <% end %>
+
         <div class="search-results-innerbox search-results-type-empty">
           <div> <%= _('None') %> </div>
         </div>
 <div class="search-image-container">
  
   <% if image.is_a? UploadedFile and image.filename %>
-    <% extension = image.filename[(image.filename.rindex('.')+1)..-1].downcase %>
+    <% extension = image.extension %>
     <% if ['jpg', 'jpeg', 'gif', 'png', 'tiff', 'svg'].include? extension %>
       <%= link_to '', image.view_url, :class => "search-image-pic", :style => 'background-image: url(%s)'% image.public_filename(:thumb) %>
       <% if image.width && image.height %>
 <li class="search-profile-item">
-<% if @empty_query or @results.size > 1 or !profile.enterprise?  %>
+<% if @empty_query or multiple_search? or !profile.enterprise?  %>
   <%= profile_image_link profile, :portrait, 'div',
     @filter == 'more_recent' ? profile.send(@filter + '_label') + show_date(profile.created_at) : profile.send(@filter + '_label') %>
 <% else %>
@@ -4,7 +4,7 @@
   <% if logged_in? %>
     <% button_bar do %>
       <%# FIXME shouldn't the user create the community in the current environment instead of going to its home environment? %>
-      <%= button(:add, __('New community'), user.url.merge(:controller => 'memberships', :action => 'new_community')) %>
+      <%= button(:add, __('New community'), user.url.merge(:controller => 'memberships', :action => 'new_community', :profile => user.identifier)) %>
     <% end %>
   <% end %>
  
@@ -0,0 +1,20 @@
+<h1><%= _('Manage SPAM') %></h1>
+
+<% button_bar do %>
+  <%= button :back, _('Back to control panel'), :controller => :profile_editor %>
+<% end %>
+
+<%# FIXME should not need to replicate the article structure like this to be able to use the same formatting as the comments listing %>
+<div id='article'>
+  <div class="comments" id="comments_list">
+    <ul class="article-comments-list">
+      <%= render :partial => 'content_viewer/comment', :collection => @spam %>
+    </ul>
+  </div>
+</div>
+
+<%= pagination_links @spam %>
+
+<% button_bar do %>
+  <%= button :back, _('Back to control panel'), :controller => :profile_editor %>
+<% end %>
@@ -50,13 +50,13 @@
   <% fields_for "tasks[#{task.id}][task]", task do |f| %>
     <% if task.accept_details %>
       <div id="on-accept-information-<%=task.id%>" style="display: none">
-        <%= render :partial => partial_for_task_class(task.class, :accept_details), :locals => {:task => task, :f => f} %>
+        <%= render :partial => partial_for_class(task.class, :accept_details), :locals => {:task => task, :f => f} %>
       </div>
     <% end %>
  
     <% if task.reject_details %>
       <div id="on-reject-information-<%=task.id%>" style="display: none">
-        <%= render :partial => partial_for_task_class(task.class, :reject_details), :locals => {:task => task, :f => f} %>
+        <%= render :partial => partial_for_class(task.class, :reject_details), :locals => {:task => task, :f => f} %>
       </div>
     <% end %>
   <% end %>
@@ -7,7 +7,7 @@
   <ul>
     <% @tasks.each do |item| %>
       <li>
-        <strong><%= item.information %></strong> <br/>
+        <strong><%= task_information(item) %></strong> <br/>
         <small>
           <%= _('Created:')   +' '+ show_date(item.created_at) %>
           &nbsp; &#151; &nbsp;
@@ -23,7 +23,28 @@ ActionTrackerConfig.verbs = {
   },
  
   :upload_image => { 
-    :description => lambda { n_('uploaded 1 image<br />%{thumbnails}<br style="clear: both;" />', 'uploaded %{num} images<br />%{thumbnails}<br style="clear: both;" />', get_view_url.size) % { :num => get_view_url.size, :thumbnails => '{{ta.collect_group_with_index(:thumbnail_path){ |t,i| content_tag(:span, link_to(image_tag(t), ta.get_view_url[i]))}.last(3).join}}' } },
+    :description => lambda do
+      total = get_view_url.size
+      n_('uploaded 1 image', 'uploaded %d images', total) % total +
+      '<br />{{'+
+      'ta.collect_group_with_index(:thumbnail_path) { |t,i|' +
+      "  if ( #{total} == 1 );" +
+      '    link_to( image_tag(t), ta.get_view_url[i], :class => \'upimg\' );' +
+      '   else;' +
+      "    pos = #{total}-i;" +
+      '    morethen2 = pos>2 ? \'morethen2\' : \'\';' +
+      '    morethen5 = pos>5 ? \'morethen5\' : \'\';' +
+      '    t = t.gsub(/(.*)(display)(.*)/, \'\\1thumb\\3\');' +
+      '    link_to( \'&nbsp;\', ta.get_view_url[i],' +
+      '      :style => "background-image:url(#{t})",' +
+      '      :class => "upimg pos#{pos} #{morethen2} #{morethen5}" );' +
+      '  end' +
+      '}.reverse.join}}' +
+      ( total > 5 ?
+        '<span class="more" onclick="this.parentNode.className+=\' show-all\'">' +
+        '&hellip;</span>' : '' ) +
+      '<br style="clear: both;" />'
+    end,
     :type => :groupable
   },
  
 require 'noosfero/plugin'
-require 'noosfero/plugin/acts_as_having_hotspots'
+require 'noosfero/plugin/hot_spot'
 require 'noosfero/plugin/manager'
-require 'noosfero/plugin/context'
 require 'noosfero/plugin/active_record'
 require 'noosfero/plugin/mailer_base'
 Noosfero::Plugin.init_system if $NOOSFERO_LOAD_PLUGINS
@@ -19,6 +19,7 @@ ActionController::Routing::Routes.draw do |map|
  
   # -- just remember to delete public/index.html.
   # You can have the root of your site routed by hooking up ''
+  map.root :controller => "home", :conditions => { :if => lambda { |env| !Domain.hosting_profile_at(env[:host]) } }
   map.connect '', :controller => "home", :conditions => { :if => lambda { |env| !Domain.hosting_profile_at(env[:host]) } }
   map.home 'site/:action', :controller => 'home'
  
@@ -121,9 +122,12 @@ ActionController::Routing::Routes.draw do |map|
   # cache stuff - hack
   map.cache 'public/:action/:id', :controller => 'public'
  
+  map.connect ':profile/edit_comment/:id/*page', :controller => 'content_viewer', :action => 'edit_comment', :profile => /#{Noosfero.identifier_format}/
+
   # match requests for profiles that don't have a custom domain
   map.homepage ':profile/*page', :controller => 'content_viewer', :action => 'view_page', :profile => /#{Noosfero.identifier_format}/, :conditions => { :if => lambda { |env| !Domain.hosting_profile_at(env[:host]) } }
  
+
   # match requests for content in domains hosted for profiles
   map.connect '*page', :controller => 'content_viewer', :action => 'view_page'
  
@@ -0,0 +1,11 @@
+class AddUserAgentAndReferrerToComments < ActiveRecord::Migration
+  def self.up
+    add_column :comments, :user_agent, :string
+    add_column :comments, :referrer, :string
+  end
+
+  def self.down
+    remove_column :comments, :user_agent
+    remove_column :comments, :referrer
+  end
+end
@@ -9,7 +9,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
  
-ActiveRecord::Schema.define(:version => 20120823215007) do
+ActiveRecord::Schema.define(:version => 20120825185219) do
  
   create_table "abuse_reports", :force => true do |t|
     t.integer  "reporter_id"
@@ -213,6 +213,8 @@ ActiveRecord::Schema.define(:version =&gt; 20120823215007) do
     t.string   "ip_address"
     t.boolean  "spam"
     t.string   "source_type"
+    t.string   "user_agent"
+    t.string   "referrer"
   end
  
   create_table "contact_lists", :force => true do |t|
+noosfero (0.39.0~1) UNRELEASED; urgency=low
+
+  * Pre-release to test the antispam mechanism.
+
+ -- Antonio Terceiro <terceiro@debian.org>  Thu, 30 Aug 2012 14:55:10 -0300
+
+noosfero (0.38.2) unstable; urgency=low
+
+  * Bugfixes release
+
+ -- Antonio Terceiro <terceiro@colivre.coop.br>  Wed, 05 Sep 2012 10:07:58 -0300
+
 noosfero (0.38.1) unstable; urgency=low
  
   * Bugfixes release
@@ -62,8 +62,7 @@ Description: free web-based platform for social networks
  
 Package: noosfero-apache
 Architecture: all
-Depends: apache2, debconf
-Suggests: noosfero
+Depends: apache2, debconf, noosfero
 Description: free web-based platform for social networks (apache frontend)
  Noosfero is a web platform for social and solidarity economy networks with
  blog, e-Porfolios, CMS, RSS, thematic discussion, events agenda and collective
@@ -2,4 +2,7 @@
  
 set -e
  
-cd /usr/share/noosfero && su noosfero -c "./script/console production"
+environment="$1"
+test -z "$environment" && environment=production
+
+cd /usr/share/noosfero && su noosfero -c "./script/console $environment"
 sub vcl_recv {
+  if (req.request == "GET" || req.request == "HEAD") {
     if (req.http.Cookie) {
-        # We only care about the "_noosfero_session.*" cookie, used for
-        # authentication.
-        if (req.http.Cookie ~ "_noosfero_session.*" ) {
-             return (pass);
-        }
-        # Else strip all cookies
+      # We only care about the "_noosfero_session.*" cookie, used for
+      # authentication.
+      if (req.http.Cookie !~ "_noosfero_session.*" ) {
+        # strip all cookies
         unset req.http.Cookie;
+      }
     }
+  }
 }
  
 sub vcl_error {
@@ -8,7 +8,7 @@ Feature: edit environment templates
   Scenario: See links to edit all templates
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Edit Templates"
+    And I follow "Profile templates"
     Then I should see "Person template" link
     And I should see "Community template" link
     And I should see "Enterprise template" link
@@ -17,28 +17,28 @@ Feature: edit environment templates
   Scenario: Go to control panel of person template
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Edit Templates"
+    And I follow "Profile templates"
     And I follow "Person template"
     Then I should be on Person template's control panel
  
   Scenario: Go to control panel of enterprise template
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Edit Templates"
+    And I follow "Profile templates"
     And I follow "Enterprise template"
     Then I should be on Enterprise template's control panel
  
   Scenario: Go to control panel of inactive enterprise template
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Edit Templates"
+    And I follow "Profile templates"
     And I follow "Inactive enterprise template"
     Then I should be on Inactive Enterprise template's control panel
  
   Scenario: Go to control panel of community template
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Edit Templates"
+    And I follow "Profile templates"
     And I follow "Community template"
     Then I should be on Community template's control panel
  
@@ -46,7 +46,7 @@ Feature: edit environment templates
     Given that the default environment have no Inactive Enterprise template
     And I am logged in as admin
     When I follow "Administration"
-    And I follow "Edit Templates"
+    And I follow "Profile templates"
     Then I should see "Person template" link
     And I should see "Community template" link
     And I should see "Enterprise template" link
@@ -6,7 +6,7 @@ Feature: setting environment name
   Scenario: setting environment name through administration panel
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Edit environment settings"
+    And I follow "Environment settings"
     And I fill in "Site name" with "My environment"
     And I press "Save"
     Then I should see "My environment" within "title"
@@ -10,14 +10,14 @@ Feature: export users
   Scenario: Export users as XML
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Manage users"
+    And I follow "Users"
     And I follow "[XML]"
     Then I should see "ultraje"
  
   Scenario: Export users as CSV
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Manage users"
+    And I follow "Users"
     And I follow "[CSV]"
     Then I should see "name;email"
     And I should see "ultraje"
@@ -14,7 +14,7 @@ Feature: manage categories
       | Development   | services  |
     And I am logged in as admin
     And I am on the environment control panel
-    And I follow "Manage categories"
+    And I follow "Categories"
  
   Scenario: load only top level categories
     Then I should see "Products"
@@ -49,7 +49,7 @@ Feature: plugins
     When I go to the profile
     Then I should see "Test plugin tab"
     And I go to the environment control panel
-    And I follow "Enable/disable plugins"
+    And I follow "Plugins"
     And I uncheck "Test plugin"
     And I press "Save changes"
     When I go to the Control panel
@@ -5,26 +5,26 @@ Feature: manage roles
   Scenario: create new role
     Given I am logged in as admin
     And I go to the environment control panel
-    And I follow "Manage User roles"
+    And I follow "User roles"
     Then I should not see "My new role"
     And I follow "Create a new role"
     And I fill in "Name" with "My new role"
     And I check "Publish content"
     And I press "Create role"
     And I go to the environment control panel
-    And I follow "Manage User roles"
+    And I follow "User roles"
     Then I should see "My new role"
  
   Scenario: edit a role
     Given I am logged in as admin
     And I go to the environment control panel
-    And I follow "Manage User roles"
+    And I follow "User roles"
     Then I should not see "My new role"
     And I follow "Profile Administrator"
     And I follow "Edit"
     And I fill in "Name" with "My new role"
     And I press "Save changes"
     And I go to the environment control panel
-    And I follow "Manage User roles"
+    And I follow "User roles"
     Then I should see "My new role"
     And I should not see "Profile Administrator"
@@ -18,7 +18,7 @@ Feature: send emails to environment members users
   Scenario: Send e-mail to members
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Manage users"
+    And I follow "Users"
     And I follow "Send e-mail to users"
     And I fill in "Subject" with "Hello, user!"
     And I fill in "body" with "We have some news"
@@ -28,7 +28,7 @@ Feature: send emails to environment members users
   Scenario: Not send e-mail to members if subject is blank
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Manage users"
+    And I follow "Users"
     And I follow "Send e-mail to users"
     And I fill in "body" with "We have some news"
     When I press "Send"
@@ -37,7 +37,7 @@ Feature: send emails to environment members users
   Scenario: Not send e-mail to members if body is blank
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Manage users"
+    And I follow "Users"
     And I follow "Send e-mail to users"
     And I fill in "Subject" with "Hello, user!"
     When I press "Send"
@@ -46,7 +46,7 @@ Feature: send emails to environment members users
   Scenario: Cancel creation of mailing
     Given I am logged in as admin
     When I follow "Administration"
-    And I follow "Manage users"
+    And I follow "Users"
     And I follow "Send e-mail to users"
     Then I should be on /admin/users/send_mail
     When I follow "Cancel e-mail"
@@ -8,7 +8,7 @@ module ActsAsFaceted
     #
     #acts_as_faceted :fields => {
     #  :f_type => {:label => _('Type'), :proc => proc{|klass| f_type_proc(klass)}},
-    #  :f_published_at => {:type => :date, :label => _('Published date'), :queries => {'[* TO NOW-1YEARS/DAY]' => _("Older than one year"), 
+    #  :f_published_at => {:type => :date, :label => _('Published date'), :queries => {'[* TO NOW-1YEARS/DAY]' => _("Older than one year"),
     #    '[NOW-1YEARS TO NOW/DAY]' => _("Last year"), '[NOW-1MONTHS TO NOW/DAY]' => _("Last month"), '[NOW-7DAYS TO NOW/DAY]' => _("Last week"), '[NOW-1DAYS TO NOW/DAY]' => _("Last day")}},
     #  :f_profile_type => {:label => _('Author'), :proc => proc{|klass| f_profile_type_proc(klass)}},
     #  :f_category => {:label => _('Categories')}},
@@ -36,7 +36,7 @@ module ActsAsFaceted
       self.facets_order = options[:order] || self.facets.keys
       self.facets_results_containers = {:fields => 'facet_fields', :queries => 'facet_queries', :ranges => 'facet_ranges'}
       self.facets_option_for_solr = Hash[facets.select{ |id,data| ! data.has_key?(:queries) }].keys
-      self.facets_fields_for_solr = facets.map{ |id,data| {id => data[:type] || :facet} } 
+      self.facets_fields_for_solr = facets.map{ |id,data| {id => data[:type] || :facet} }
       self.solr_fields_names = facets.map{ |id,data| id.to_s + '_' + get_solr_field_type(data[:type] || :facet) }
       self.facet_category_query = options[:category_query]
  
@@ -67,6 +67,7 @@ module ActsAsFaceted
         raise 'Use map_facets_for before this method' if facet[:solr_field].nil?
         facets_data = {} if facets_data.blank? # could be empty array
         solr_facet = to_solr_fields_names[facet[:solr_field]]
+        unfiltered_facets_data ||= {}
  
         if facet[:queries]
           container = facets_data[facets_results_containers[:queries]]
@@ -158,13 +159,15 @@ module ActsAsFaceted
       end
  
       def facet_label(facet)
-        _ facet[:label]
+        return nil unless facet
+        _(facet[:label])
       end
  
       def facets_find_options(facets_selected = {}, options = {})
         browses = []
         facets_selected ||= {}
         facets_selected.map do |id, value|
+          next unless facets[id.to_sym]
           if value.kind_of?(Hash)
             value.map do |label_id, value|
               value.to_a.each do |value|
@@ -14,12 +14,12 @@ module NeedsProfile
     profile || environment # prefers profile, but defaults to environment
   end
  
-  protected 
-
   def profile
     @profile
   end
  
+  protected
+
   def load_profile
     @profile ||= environment.profiles.find_by_identifier(params[:profile])
     if @profile
@@ -2,7 +2,7 @@ require &#39;fast_gettext&#39;
  
 module Noosfero
   PROJECT = 'noosfero'
-  VERSION = '0.38.1'
+  VERSION = '0.39.0~1'
  
   def self.pattern_for_controllers_in_directory(dir)
     disjunction = controllers_in_directory(dir).join('|')
@@ -12,17 +12,41 @@ class Noosfero::Plugin
     end
  
     def init_system
-      Dir.glob(File.join(Rails.root, 'config', 'plugins', '*')).select do |entry|
+      enabled_plugins = Dir.glob(File.join(Rails.root, 'config', 'plugins', '*'))
+      if Rails.env.test? && !enabled_plugins.include?(File.join(Rails.root, 'config', 'plugins', 'foo'))
+        enabled_plugins << File.join(Rails.root, 'plugins', 'foo')
+      end
+      enabled_plugins.select do |entry|
         File.directory?(entry)
       end.each do |dir|
-        Rails.configuration.controller_paths << File.join(dir, 'controllers')
-        ActiveSupport::Dependencies.load_paths << File.join(dir, 'controllers')
-        [ ActiveSupport::Dependencies.load_paths, $:].each do |path|
-          path << File.join(dir, 'models')
-          path << File.join(dir, 'lib')
+        plugin_name = File.basename(dir)
+
+        plugin_dependencies_ok = true
+        plugin_dependencies_file = File.join(dir, 'dependencies.rb')
+        if File.exists?(plugin_dependencies_file)
+          begin
+            require plugin_dependencies_file
+          rescue LoadError => ex
+            plugin_dependencies_ok = false
+            $stderr.puts "W: Noosfero plugin #{plugin_name} failed to load (#{ex})"
+          end
         end
  
-        klass(File.basename(dir))
+        if plugin_dependencies_ok
+          Rails.configuration.controller_paths << File.join(dir, 'controllers')
+          ActiveSupport::Dependencies.load_paths << File.join(dir, 'controllers')
+          controllers_folders = %w[public profile myprofile admin]
+          controllers_folders.each do |folder|
+            Rails.configuration.controller_paths << File.join(dir, 'controllers', folder)
+            ActiveSupport::Dependencies.load_paths << File.join(dir, 'controllers', folder)
+          end
+          [ ActiveSupport::Dependencies.load_paths, $:].each do |path|
+            path << File.join(dir, 'models')
+            path << File.join(dir, 'lib')
+          end
+
+          klass(plugin_name)
+        end
       end
     end
  
@@ -196,28 +220,6 @@ class Noosfero::Plugin
     nil
   end
  
-  # This is a generic hotspot for all controllers on Noosfero.
-  # If any plugin wants to define filters to run on any controller, the name of
-  # the hotspot must be in the following form: <underscored_controller_name>_filters.
-  # Example: for ProfileController the hotspot is profile_controller_filters
-  #
-  # -> Adds a filter to a controller
-  # returns = { :type => type,
-  #             :method_name => method_name,
-  #             :options => {:opt1 => opt1, :opt2 => opt2},
-  #             :block => Proc or lambda block}
-  #   type = 'before_filter' or 'after_filter'
-  #   method_name = The name of the filter
-  #   option = Filter options, like :only or :except
-  #   block = Block that the filter will call
-  def method_missing(method, *args, &block)
-    if method.to_s =~ /^(.+)_controller_filters$/
-      []
-    else
-      super
-    end
-  end
-
   # This method will be called just before a comment is saved to the database.
   #
   # It can modify the comment in several ways. In special, a plugin can call
@@ -226,16 +228,53 @@ class Noosfero::Plugin
   # example:
   #
   #   def filter_comment(comment)
-  #     comment.reject! if anti_spam_service.is_spam?(comment)
+  #     if user_not_logged_in
+  #       comment.reject!
+  #     end
   #   end
   #
   def filter_comment(comment)
   end
  
-  # This method will be called just after a comment has been saved to the
-  # database, so that a plugin can perform some action on it.
+  # This method is called by the CommentHandler background job before sending
+  # the notification email. If the comment is marked as spam (i.e. by calling
+  # <tt>comment.spam!</tt>), then the notification email will *not* be sent.
+  #
+  # example:
+  #
+  #   def check_comment_for_spam(comment)
+  #     if anti_spam_service.is_spam?(comment)
+  #       comment.spam!
+  #     end
+  #   end
+  #
+  def check_comment_for_spam(comment)
+  end
+
+  # This method is called when the user manually marks a comment as SPAM. A
+  # plugin implementing this method should train its spam detection mechanism
+  # by submitting this comment as a confirmed spam.
+  #
+  # example:
+  #
+  #   def comment_marked_as_spam(comment)
+  #     anti_spam_service.train_with_spam(comment)
+  #   end
+  #
+  def comment_marked_as_spam(comment)
+  end
+
+  # This method is called when the user manually marks a comment a NOT SPAM. A
+  # plugin implementing this method should train its spam detection mechanism
+  # by submitting this coimment as a confirmed ham.
+  #
+  # example:
+  #
+  #   def comment_marked_as_ham(comment)
+  #     anti_spam_service.train_with_ham(comment)
+  #   end
   #
-  def comment_saved(comment)
+  def comment_marked_as_ham(comment)
   end
  
   # -> Adds fields to the signup form
@@ -281,4 +320,71 @@ class Noosfero::Plugin
     nil
   end
  
+  # -> Add an alternative authentication method.
+  # Your plugin have to make the access control and return the logged user.
+  # returns = User
+  def alternative_authentication
+    nil
+  end
+
+  # -> Adds adicional link to make the user authentication
+  # returns = lambda block that creates html code
+  def alternative_authentication_link
+    nil
+  end
+
+  # -> Allow or not user registration
+  # returns = boolean
+  def allow_user_registration
+    true
+  end
+
+  # -> Allow or not password recovery by users
+  # returns = boolean
+  def allow_password_recovery
+    true
+  end
+
+  # -> Adds fields to the login form
+  # returns = lambda block that creates html code
+  def login_extra_contents
+    nil
+  end
+
+  def method_missing(method, *args, &block)
+    # This is a generic hotspot for all controllers on Noosfero.
+    # If any plugin wants to define filters to run on any controller, the name of
+    # the hotspot must be in the following form: <underscored_controller_name>_filters.
+    # Example: for ProfileController the hotspot is profile_controller_filters
+    #
+    # -> Adds a filter to a controller
+    # returns = { :type => type,
+    #             :method_name => method_name,
+    #             :options => {:opt1 => opt1, :opt2 => opt2},
+    #             :block => Proc or lambda block}
+    #   type = 'before_filter' or 'after_filter'
+    #   method_name = The name of the filter
+    #   option = Filter options, like :only or :except
+    #   block = Block that the filter will call
+    if method.to_s =~ /^(.+)_controller_filters$/
+      []
+    # -> Removes the action button from the content
+    # returns = boolean
+    elsif method.to_s =~ /^content_remove_(#{content_actions.join('|')})$/
+      nil
+    # -> Expire the action button from the content
+    # returns = string with reason of expiration
+    elsif method.to_s =~ /^content_expire_(#{content_actions.join('|')})$/
+      nil
+    else
+      super
+    end
+  end
+
+  private
+
+  def content_actions
+    %w[edit delete spread locale suggest home]
+  end
+
 end
@@ -1,44 +0,0 @@
-module ActsAsHavingHotspots
-  module ClassMethods
-    # Adding this feature to a class demands that it defines an instance method
-    # 'environment' that returns the environment associated with the instance.
-    def acts_as_having_hotspots
-      send :include, InstanceMethods
-    end
-
-    module InstanceMethods
-      # Dispatches +event+ to each enabled plugin and collect the results.
-      #
-      # Returns an Array containing the objects returned by the event method in
-      # each plugin. This array is compacted (i.e. nils are removed) and flattened
-      # (i.e. elements of arrays are added to the resulting array). For example, if
-      # the enabled plugins return 1, 0, nil, and [1,2,3], then this method will
-      # return [1,0,1,2,3]
-      #
-      def dispatch(event, *args)
-        enabled_plugins.map { |plugin| plugin.send(event, *args) }.compact.flatten
-      end
-
-      # Dispatch without flatten since scopes are executed if you run flatten on them
-      def dispatch_scopes(event, *args)
-        enabled_plugins.map { |plugin| plugin.send(event, *args) }.compact
-      end
-
-      def enabled_plugins
-        Thread.current[:enabled_plugins] ||= (Noosfero::Plugin.all & environment.enabled_plugins).map do |plugin_name|
-          plugin = plugin_name.constantize.new
-          plugin.context = context
-          plugin
-        end
-      end
-
-      if !method_defined?(:context)
-        define_method(:context) do
-          Noosfero::Plugin::Context.new
-        end
-      end
-    end
-  end
-end
-
-ActiveRecord::Base.send(:extend, ActsAsHavingHotspots::ClassMethods)
@@ -1,15 +0,0 @@
-# This class defines the interface to important context information from the
-# controller that can be accessed by plugins
-class Noosfero::Plugin::Context
-
-  def initialize(controller = ApplicationController.new)
-    @controller = controller
-  end
-
-  delegate :profile, :request, :response, :environment, :params, :session, :user, :logged_in?, :to => :controller
-
-  protected
-
-  attr_reader :controller
-
-end
@@ -0,0 +1,18 @@
+# This module must be included by classes that contain Noosfero plugin
+# hotspots.
+#
+# Classes that include this module *must* provide a method called
+# <tt>environment</tt> which returns an intance of Environment. This
+# Environment will be used to determine which plugins are enabled and therefore
+# which plugins should be instantiated.
+module Noosfero::Plugin::HotSpot
+
+  # Returns an instance of Noosfero::Plugin::Manager.
+  #
+  # This which is intantiated on the first call and just returned in subsequent
+  # calls.
+  def plugins
+    @plugins ||= Noosfero::Plugin::Manager.new(environment, self)
+  end
+
+end
 class Noosfero::Plugin::Manager
  
-  extend ActsAsHavingHotspots::ClassMethods
-  acts_as_having_hotspots
-
+  attr_reader :environment
   attr_reader :context
  
-  delegate :environment, :to => :context
+  def initialize(environment, context)
+    @environment = environment
+    @context = context
+  end
+
   delegate :each, :to => :enabled_plugins
   include Enumerable
  
-  def initialize(controller)
-    @context = Noosfero::Plugin::Context.new(controller)
-    Thread.current[:enabled_plugins] = (Noosfero::Plugin.all & environment.enabled_plugins).map do |plugin_name|
-      plugin = plugin_name.constantize.new
-      plugin.context = context
-      plugin
+  # Dispatches +event+ to each enabled plugin and collect the results.
+  #
+  # Returns an Array containing the objects returned by the event method in
+  # each plugin. This array is compacted (i.e. nils are removed) and flattened
+  # (i.e. elements of arrays are added to the resulting array). For example, if
+  # the enabled plugins return 1, 0, nil, and [1,2,3], then this method will
+  # return [1,0,1,2,3]
+  #
+  def dispatch(event, *args)
+    dispatch_without_flatten(event, *args).flatten
+  end
+
+  def dispatch_without_flatten(event, *args)
+    map { |plugin| plugin.send(event, *args) }.compact
+  end
+
+  alias :dispatch_scopes :dispatch_without_flatten
+
+  def enabled_plugins
+    @enabled_plugins ||= (Noosfero::Plugin.all & environment.enabled_plugins).map do |plugin|
+      p = plugin.constantize.new
+      p.context = context
+      p
     end
   end
  
-Dir.glob(File.join(Rails.root, 'config', 'plugins', '*', 'controllers')) do |dir|
-  plugin_name = File.basename(File.dirname(dir))
+plugins_root = Rails.env.test? ? 'plugins' : File.join('config', 'plugins')
+
+Dir.glob(File.join(Rails.root, plugins_root, '*', 'controllers')) do |controllers_dir|
+  prefixes_by_folder = {'public' => 'plugin',
+                        'profile' => 'profile/:profile/plugin',
+                        'myprofile' => 'myprofile/:profile/plugin',
+                        'admin' => 'admin/plugin'}
+
+  controllers_by_folder = prefixes_by_folder.keys.inject({}) do |hash, folder|
+    hash.merge!({folder => Dir.glob(File.join(controllers_dir, folder, '*')).map {|full_names| File.basename(full_names).gsub(/_controller.rb$/,'')}})
+  end
+
+  plugin_name = File.basename(File.dirname(controllers_dir))
+
+  controllers_by_folder.each do |folder, controllers|
+    controllers.each do |controller|
+      controller_name = controller.gsub("#{plugin_name}_plugin_",'')
+      map.connect "#{prefixes_by_folder[folder]}/#{plugin_name}/#{controller_name}/:action/:id", :controller => controller
+    end
+  end
+
   map.connect 'plugin/' + plugin_name + '/:action/:id', :controller => plugin_name + '_plugin'
-  map.connect 'profile/:profile/plugins/' + plugin_name + '/:action/:id', :controller => plugin_name + '_plugin_profile'
+  map.connect 'profile/:profile/plugin/' + plugin_name + '/:action/:id', :controller => plugin_name + '_plugin_profile'
   map.connect 'myprofile/:profile/plugin/' + plugin_name + '/:action/:id', :controller => plugin_name + '_plugin_myprofile'
   map.connect 'admin/plugin/' + plugin_name + '/:action/:id', :controller => plugin_name + '_plugin_admin'
 end
-
@@ -3,7 +3,7 @@ namespace :db do
     task :minimal do
       sh './script/runner', "Environment.create!(:name => 'Noosfero', :is_default => true)"
       unless ENV['NOOSFERO_DOMAIN'].blank?
-        sh './script/runner', "environment.domains << Domain.new(:name => ENV['NOOSFERO_DOMAIN'])"
+        sh './script/runner', "Environment.default.domains << Domain.new(:name => ENV['NOOSFERO_DOMAIN'])"
       end
     end
   end
-@disabled_plugins = Dir.glob(File.join(Rails.root, 'plugins', '*')).map { |file| File.basename(file)} - Dir.glob(File.join(Rails.root, 'config', 'plugins', '*')).map { |file| File.basename(file)}
-@disabled_plugins.delete('template')
-
-def define_task(test, plugins_folder='plugins', plugin = '*')
-  test_files = Dir.glob(File.join(Rails.root, plugins_folder, plugin, 'test', test[:folder], '**', '*_test.rb'))
-  desc 'Runs ' + (plugin != '*' ? plugin : 'plugins') + ' ' + test[:name] + ' tests'
-  Rake::TestTask.new(test[:name].to_sym => 'db:test:plugins:prepare') do |t|
-    t.libs << 'test'
-    t.test_files = test_files
-    t.verbose = true
-  end
+all_plugins = Dir.glob('plugins/*').map { |f| File.basename(f) } - ['template']
+def enabled_plugins
+  Dir.glob('config/plugins/*').map { |f| File.basename(f) } - ['README']
 end
+disabled_plugins = all_plugins - enabled_plugins
  
 task 'db:test:plugins:prepare' do
-  Rake::Task['db:test:prepare'].invoke
-  sh 'rake db:migrate RAILS_ENV=test SCHEMA=/dev/null'
+  if Dir.glob('config/plugins/*/db/migrate/*.rb').empty?
+    puts "I: skipping database setup, enabled plugins have no migrations"
+  else
+    Rake::Task['db:test:prepare'].invoke
+    sh 'rake db:migrate RAILS_ENV=test SCHEMA=/dev/null'
+  end
 end
  
-namespace :test do
-  namespace :noosfero_plugins do
-    tasks = [
-      {:name => :available, :folder => 'plugins'},
-      {:name => :enabled, :folder => File.join('config', 'plugins')}
-    ]
-    tests = [
-      {:name => 'units', :folder => 'unit'},
-      {:name => 'functionals', :folder => 'functional'},
-      {:name => 'integration', :folder => 'integration'}
-    ]
-
-    tasks.each do |t|
-      namespace t[:name] do
-        tests.each do |test|
-          define_task(test, t[:folder])
-        end
-      end
-    end
+def plugin_name(plugin)
+  "#{plugin} plugin"
+end
+
+def run_tests(name, files_glob)
+  files = Dir.glob(files_glob)
+  if files.empty?
+    puts "I: no tests to run (#{name})"
+  else
+    sh 'testrb', '-Itest', *files
+  end
+end
  
-    plugins = Dir.glob(File.join(Rails.root, 'plugins', '*')).map {|path| File.basename(path)}
+def run_cucumber(name, profile, files_glob)
+  files = Dir.glob(files_glob)
+  if files.empty?
+    puts "I: no tests to run #{name}"
+  else
+    sh 'xvfb-run', 'ruby', '-S', 'cucumber', '--profile', profile, '--format', ENV['CUCUMBER_FORMAT'] || 'progress' , *features
+  end
+end
  
-    plugins.each do |plugin_name|
-      namespace plugin_name do
-        tests.each do |test|
-          define_task(test, 'plugins', plugin_name)
-        end
-      end
+def plugin_test_task(name, plugin, files_glob)
+  desc "Run #{name} tests for #{plugin_name(plugin)}"
+  task name => 'db:test:plugins:prepare' do |t|
+    run_tests t.name, files_glob
+  end
+end
+
+def plugin_cucumber_task(plugin, files_glob)
+  task :cucumber => 'db:test:plugins:prepare' do |t|
+    run_cucumber t.name, :default, files_glob
+  end
+end
  
-      dependencies = []
-      tests.each do |test|
-        dependencies << plugin_name+':'+test[:name]
+def plugin_selenium_task(plugin, files_glob)
+  task :selenium => 'db:test:plugins:prepare' do |t|
+    run_cucumber t.name, :selenium, files_glob
+  end
+end
+
+def test_sequence_task(name, plugin, *tasks)
+  desc "Run all tests for #{plugin_name(plugin)}"
+  task name do
+    failed = []
+    tasks.each do |task|
+      begin
+        Rake::Task['test:noosfero_plugins:' + task.to_s].invoke
+      rescue Exception => ex
+        puts ex
+        failed << task
       end
-      task plugin_name => dependencies
     end
-
-    task :temp_enable_plugins do
-      system('./script/noosfero-plugins enableall')
+    unless failed.empty?
+      fail 'Tests failed: ' + failed.join(', ')
     end
+  end
+end
  
-    task :rollback_temp_enable_plugins do
-      @disabled_plugins.each { |plugin| system('./script/noosfero-plugins disable ' + plugin)}
+namespace :test do
+  namespace :noosfero_plugins do
+    all_plugins.each do |plugin|
+      namespace plugin do
+        plugin_test_task :units, plugin, "plugins/#{plugin}/test/unit/**/*.rb"
+        plugin_test_task :functionals, plugin, "plugins/#{plugin}/test/functional/**/*.rb"
+        plugin_test_task :integration, plugin, "plugins/#{plugin}/test/integration/**/*.rb"
+        plugin_cucumber_task plugin, "plugins/#{plugin}/features/**/*.feature"
+        plugin_selenium_task plugin, "plugins/#{plugin}/features/**/*.feature"
+      end
+
+      test_sequence_task(plugin, plugin, "#{plugin}:units", "#{plugin}:functionals", "#{plugin}:integration", "#{plugin}:cucumber", "#{plugin}:selenium") # FIXME missing cucumber and selenium
     end
  
-    task :units => 'available:units'
-    task :functionals => 'available:functionals'
-    task :integration => 'available:integration'
-    task :available do
-      Rake::Task['test:noosfero_plugins:temp_enable_plugins'].invoke
-      begin
-        Rake::Task['test:noosfero_plugins:units'].invoke
-        Rake::Task['test:noosfero_plugins:functionals'].invoke
-        Rake::Task['test:noosfero_plugins:integration'].invoke
-      rescue
+    { :units => :unit , :functionals => :functional , :integration => :integration }.each do |taskname,folder|
+      task taskname => 'db:test:plugins:prepare' do |t|
+        run_tests t.name, "plugins/{#{enabled_plugins.join(',')}}/test/#{folder}/**/*.rb"
       end
-      Rake::Task['test:noosfero_plugins:rollback_temp_enable_plugins'].invoke
     end
-    task :enabled => ['enabled:units', 'enabled:functionals', 'enabled:integration']
  
+    task :cucumber => 'db:test:plugins:prepare' do |t|
+      run_cucumber t.name, :default, "plugins/{#{enabled_plugins.join(',')}}/features/**/*.features"
+    end
  
-    namespace :cucumber do
-      task :enabled do
-        features = Dir.glob('config/plugins/*/features/*.feature')
-        if features.empty?
-          puts "No acceptance tests for enabled plugins, skipping"
-        else
-          ruby '-S', 'cucumber', '--format', ENV['CUCUMBER_FORMAT'] || 'progress' , *features
-        end
-      end
+    task :selenium => 'db:test:plugins:prepare' do |t|
+      run_cucumber t.name, :selenium, "plugins/{#{enabled_plugins.join(',')}}/features/**/*.features"
     end
  
-    namespace :selenium do
-      task :enabled do
-        features = Dir.glob('config/plugins/*/features/*.feature')
-        if features.empty?
-          puts "No acceptance tests for enabled plugins, skipping"
-        else
-          sh 'xvfb-run', 'ruby', '-S', 'cucumber', '--profile', 'selenium', '--format', ENV['CUCUMBER_FORMAT'] || 'progress' , *features
-        end
-      end
+    task :temp_enable_all_plugins do
+      sh './script/noosfero-plugins', 'enableall'
     end
  
+    task :rollback_enable_all_plugins do
+      sh './script/noosfero-plugins', 'disable', *disabled_plugins
+    end
   end
  
-  task :noosfero_plugins => %w[ noosfero_plugins:available noosfero_plugins:cucumber:enabled noosfero_plugins:selenium:enabled ]
+  test_sequence_task(:noosfero_plugins, '*', :temp_enable_all_plugins, :units, :functionals, :integration, :cucumber, :selenium, :rollback_enable_all_plugins)
  
 end
-
@@ -95,6 +95,9 @@ EOF
     sh "cd #{target} && dpkg-buildpackage -us -uc -b"
   end
  
+  desc "Build Debian packages (shorcut)"
+  task :deb => :debian_packages
+
   desc 'Test Debian package'
   task 'debian:test' => :debian_packages do
     Dir.chdir 'pkg' do
@@ -0,0 +1,12 @@
+class AntiSpamPluginAdminController < AdminController
+  append_view_path File.join(File.dirname(__FILE__) + '/../views')
+
+  def index
+    @settings = AntiSpamPlugin::Settings.new(environment, params[:settings])
+    if request.post?
+      @settings.save!
+      redirect_to :action => 'index'
+    end
+  end
+
+end
@@ -0,0 +1 @@
+require 'rakismet'
@@ -0,0 +1,39 @@
+class AntiSpamPlugin < Noosfero::Plugin
+
+  def self.plugin_name
+    "AntiSpam"
+  end
+
+  def self.plugin_description
+    _("Checks comments against a spam checking service compatible with the Akismet API")
+  end
+
+  def check_comment_for_spam(comment)
+    if rakismet_call(comment, :spam?)
+      comment.spam = true
+      comment.save!
+    end
+  end
+
+  def comment_marked_as_spam(comment)
+    rakismet_call(comment, :spam!)
+  end
+
+  def comment_marked_as_ham(comment)
+    rakismet_call(comment, :ham!)
+  end
+
+  protected
+
+  def rakismet_call(comment, op)
+    settings = AntiSpamPlugin::Settings.new(comment.environment)
+
+    Rakismet.host = settings.host
+    Rakismet.key = settings.api_key
+    Rakismet.url = comment.environment.top_url
+
+    submission = AntiSpamPlugin::CommentWrapper.new(comment)
+    submission.send(op)
+  end
+
+end
@@ -0,0 +1,11 @@
+class AntiSpamPlugin::CommentWrapper < Struct.new(:comment)
+
+  delegate :author_name, :author_email, :title, :body, :ip_address, :user_agent, :referrer, :to => :comment
+
+  include Rakismet::Model
+
+  alias :author :author_name
+  alias :user_ip :ip_address
+  alias :content :body
+
+end
@@ -0,0 +1,35 @@
+class AntiSpamPlugin::Settings
+
+  def initialize(environment, attributes = nil)
+    @environment = environment
+    attributes ||= {}
+    attributes.each do |k,v|
+      self.send("#{k}=", v)
+    end
+  end
+
+  def settings
+    @environment.settings[:anti_spam_plugin] ||= {}
+  end
+
+  def host
+    settings[:host] ||= 'api.antispam.typepad.com'
+  end
+
+  def host=(value)
+    settings[:host] = value
+  end
+
+  def api_key
+    settings[:api_key]
+  end
+
+  def api_key=(value)
+    settings[:api_key] = value
+  end
+
+  def save!
+    @environment.save!
+  end
+
+end
@@ -0,0 +1,115 @@
+require 'benchmark'
+
+class AntiSpamPlugin::Spaminator
+
+  class << self
+    def run(environment)
+      instance = new(environment)
+      instance.run
+    end
+
+    def benchmark(environment)
+      puts Benchmark.measure { run(environment) }
+    end
+  end
+
+
+  def initialize(environment)
+    @environment = environment
+  end
+
+  def run
+    start_time = Time.now
+
+    process_all_comments
+    process_all_people
+    process_people_without_network
+
+    finish(start_time)
+  end
+
+  protected
+
+  def finish(start_time)
+    @environment.settings[:spaminator_last_run] = start_time
+    @environment.save!
+  end
+
+  def conditions(table)
+    last_run = @environment.settings[:spaminator_last_run]
+    if last_run
+      ["profiles.environment_id = ? AND #{table}.created_at > ?", @environment.id, last_run]
+    else
+      [ "profiles.environment_id = ?", @environment.id]
+    end
+  end
+
+  def process_all_comments
+    puts 'Processing comments ...'
+    i = 0
+    comments = Comment.joins("JOIN articles ON (comments.source_id = articles.id AND comments.source_type = 'Article') JOIN profiles ON (profiles.id = articles.profile_id)").where(conditions(:comments))
+    total = comments.count
+    comments.find_each do |comment|
+      puts "Comment #{i += 1}/#{total} (#{100*i/total}%)"
+      process_comment(comment)
+    end
+  end
+
+  def process_all_people
+    puts 'Processing people ...'
+    i = 0
+    people = Person.where(conditions(:profiles))
+    total = people.count
+    people.find_each do |person|
+      puts "Person #{i += 1}/#{total} (#{100*i/total}%)"
+      process_person(person)
+    end
+  end
+
+  def process_comment(comment)
+    comment.check_for_spam
+
+    # TODO several comments with the same content:
+    #   → disable author
+    #   → mark all of them as spam
+
+    # TODO check comments that contains URL's
+  end
+
+  def process_person(person)
+    # person is author of more than 2 comments marked as spam
+    #   → burn
+    #
+    number_of_spam_comments = Comment.spam.where(author_id => person.id).count
+    if number_of_spam_comments > 2
+      mark_as_spammer(person)
+    end
+  end
+
+  def process_people_without_network
+    # people who signed up more than one month ago, have no friends and <= 1
+    # communities
+    #
+    #   → burn
+    #   → mark their comments as spam
+    #
+    Person.where(:environment_id => @environment.id).where(['created_at < ?', Time.now - 1.month]).find_each do |person|
+      # TODO progress indicator - see process_all_people above
+      number_of_friends = person.friends.count
+      number_of_communities = person.communities.count
+      if number_of_friends == 0 && number_of_communities <= 1
+        mark_as_spammer(person)
+        Comment.where(:author_id => person.id).find_each do |comment|
+          comment.spam!
+        end
+      end
+    end
+  end
+
+  def mark_as_spammer(person)
+    # FIXME create an AbuseComplaint and finish instead of calling
+    # Person#disable directly
+    person.disable
+  end
+
+end
@@ -0,0 +1,46 @@
+require 'test_helper'
+
+class AntiSpamPluginCommentWrapperTest < ActiveSupport::TestCase
+
+  def setup
+    @comment = Comment.new(
+      :title => 'comment title',
+      :body => 'comment body',
+      :name => 'foo',
+      :email => 'foo@example.com',
+      :ip_address => '1.2.3.4',
+      :user_agent => 'Some Good Browser (I hope)',
+      :referrer => 'http://noosfero.org/'
+    )
+    @wrapper = AntiSpamPlugin::CommentWrapper.new(@comment)
+  end
+
+  should 'use Rakismet::Model' do
+    assert_includes @wrapper.class.included_modules, Rakismet::Model
+  end
+
+  should 'get contents' do
+    assert_equal @comment.body, @wrapper.content
+  end
+
+  should 'get author name' do
+    assert_equal @comment.author_name, @wrapper.author
+  end
+
+  should 'get author email' do
+    assert_equal @comment.author_email, @wrapper.author_email
+  end
+
+  should 'get IP address' do
+    assert_equal @comment.ip_address, @wrapper.user_ip
+  end
+
+  should 'get User-Agent' do
+    assert_equal @comment.user_agent, @wrapper.user_agent
+  end
+
+  should 'get get Referrer' do
+    assert_equal @comment.referrer, @wrapper.referrer
+  end
+
+end
@@ -0,0 +1,29 @@
+require 'test_helper'
+
+class AntiSpamSettingsTest < ActiveSupport::TestCase
+
+  def setup
+    @environment = Environment.new
+    @settings = AntiSpamPlugin::Settings.new(@environment)
+  end
+
+  should 'store setttings in environment' do
+    @settings.host = 'foo.com'
+    @settings.api_key = '1234567890'
+    assert_equal 'foo.com', @environment.settings[:anti_spam_plugin][:host]
+    assert_equal '1234567890', @environment.settings[:anti_spam_plugin][:api_key]
+    assert_equal 'foo.com', @settings.host
+    assert_equal '1234567890', @settings.api_key
+  end
+
+  should 'save environment on save' do
+    @environment.expects(:save!)
+    @settings.save!
+  end
+
+  should 'use TypePad AntiSpam by default' do
+    assert_equal 'api.antispam.typepad.com', @settings.host
+  end
+
+
+end
@@ -0,0 +1,53 @@
+require 'test_helper'
+
+class AntiSpamPluginSpaminatorTest < ActiveSupport::TestCase
+
+  def setup
+    @environment = Environment.new
+    @environment.id = 99
+    @spaminator = AntiSpamPlugin::Spaminator.new(@environment)
+    @spaminator.stubs(:puts)
+    @now = Time.now
+    Time.stubs(:now).returns(@now)
+  end
+
+  should 'search everything in the first run' do
+    assert_equal(['profiles.environment_id = ?',99], @spaminator.send(:conditions, nil))
+  end
+
+  should 'search using recorded last date' do
+    @environment.settings[:spaminator_last_run] = @now
+    assert_equal(['profiles.environment_id = ? AND table.created_at > ?', 99, @now], @spaminator.send(:conditions, 'table'))
+  end
+
+  should 'record time of last run in environment' do
+    @spaminator.expects(:process_all_comments)
+    @spaminator.expects(:process_all_people)
+    @environment.stubs(:save!)
+    @spaminator.run
+    assert_equal @now, @environment.settings[:spaminator_last_run]
+  end
+
+  should 'find all comments' do
+    @spaminator.stubs(:process_comment)
+    @spaminator.send :process_all_comments
+  end
+
+  should 'find all people' do
+    @spaminator.stubs(:process_person)
+    @spaminator.send :process_all_people
+  end
+
+  should 'find all comments newer than a date' do
+    @environment.settings[:spaminator_last_run] = Time.now - 1.month
+    @spaminator.stubs(:process_comment)
+    @spaminator.send :process_all_comments
+  end
+
+  should 'find all people newer than a date' do
+    @environment.settings[:spaminator_last_run] = Time.now - 1.month
+    @spaminator.stubs(:process_person)
+    @spaminator.send :process_all_people
+  end
+
+end
@@ -0,0 +1,36 @@
+require 'test_helper'
+
+class AntiSpamPluginTest < ActiveSupport::TestCase
+
+  def setup
+    profile = fast_create(Profile)
+    article = fast_create(TextileArticle, :profile_id => profile.id)
+    @comment = fast_create(Comment, :source_id => article.id, :source_type => 'Article')
+
+    @settings = AntiSpamPlugin::Settings.new(@comment.environment)
+    @settings.api_key = 'b8b80ddb8084062d0c9119c945ce3bc3'
+    @settings.save!
+
+    @plugin = AntiSpamPlugin.new
+    @plugin.context = @comment
+  end
+
+  should 'check for spam and mark comment as spam if server says it is spam' do
+    AntiSpamPlugin::CommentWrapper.any_instance.expects(:spam?).returns(true)
+    @comment.expects(:save!)
+
+    @plugin.check_comment_for_spam(@comment)
+    assert @comment.spam
+  end
+
+  should 'report spam' do
+    AntiSpamPlugin::CommentWrapper.any_instance.expects(:spam!)
+    @plugin.comment_marked_as_spam(@comment)
+  end
+
+  should 'report ham' do
+    AntiSpamPlugin::CommentWrapper.any_instance.expects(:ham!)
+    @plugin.comment_marked_as_ham(@comment)
+  end
+
+end
@@ -0,0 +1,14 @@
+<h1><%= _('AntiSpam settings')%></h1>
+
+<% form_for(:settings) do |f| %>
+
+  <%= labelled_form_field _('Host'), f.text_field(:host) %>
+
+  <%= labelled_form_field _('API key'), f.text_field(:api_key, :size => 40) %>
+
+  <% button_bar do %>
+    <%= submit_button(:save, _('Save'), :cancel => {:controller => 'plugins', :action => 'index'}) %>
+  <% end %>
+
+<% end %>
+
...	...	@@ -15,6 +15,10 @@ Noosfero was tested with Varnish 2.x. If you are using a Debian Lenny (and you
15	15	should, unless Debian already released Squeeze by now), make sure you install
16	16	varnish from the lenny-backports suite.
17	17
	18	+Install the RPAF apache module (or skip this step if not using apache):
	19	+
	20	+ # apt-get install libapache2-mod-rpaf
	21	+
18	22	3) Enable varnish logging:
19	23
20	24	3a) Edit /etc/default/varnishncsa and uncomment the line that contains:
...	...
...	...	@@ -7,11 +7,12 @@ class UsersController < AdminController
7	7	format.html
8	8	format.xml do
9	9	@users = User.find(:all, :conditions => {:environment_id => environment.id}, :include => [:person])
10		- render :xml => @users.to_xml(
11		- :skip_types => true,
12		- :only => %w[email login created_at updated_at],
13		- :include => { :person => {:only => %w[name updated_at created_at address birth_date contact_phone identifier lat lng] } }
14		- )
	10	+ send_data @users.to_xml(
	11	+ :skip_types => true,
	12	+ :only => %w[email login created_at updated_at],
	13	+ :include => { :person => {:only => %w[name updated_at created_at address birth_date contact_phone identifier lat lng] } }),
	14	+ :type => 'text/xml',
	15	+ :disposition => "attachment; filename=users.xml"
15	16	end
16	17	format.csv do
17	18	@users = User.find(:all, :conditions => {:environment_id => environment.id}, :include => [:person])
...	...
...	...	@@ -101,9 +101,10 @@ class ApplicationController < ActionController::Base
101	101	end
102	102	end
103	103
	104	+ include Noosfero::Plugin::HotSpot
	105	+
104	106	def init_noosfero_plugins
105		- @plugins = Noosfero::Plugin::Manager.new(self)
106		- @plugins.each do \|plugin\|
	107	+ plugins.each do \|plugin\|
107	108	prepend_view_path(plugin.class.view_path)
108	109	end
109	110	init_noosfero_plugins_controller_filters
...	...	@@ -112,8 +113,10 @@ class ApplicationController < ActionController::Base
112	113	# This is a generic method that initialize any possible filter defined by a
113	114	# plugin to the current controller being initialized.
114	115	def init_noosfero_plugins_controller_filters
115		- @plugins.each do \|plugin\|
116		- plugin.send(self.class.name.underscore + '_filters').each do \|plugin_filter\|
	116	+ plugins.each do \|plugin\|
	117	+ filters = plugin.send(self.class.name.underscore + '_filters')
	118	+ filters = [filters] if !filters.kind_of?(Array)
	119	+ filters.each do \|plugin_filter\|
117	120	self.class.send(plugin_filter[:type], plugin.class.name.underscore + '_' + plugin_filter[:method_name], (plugin_filter[:options] \|\| {}))
118	121	self.class.send(:define_method, plugin.class.name.underscore + '_' + plugin_filter[:method_name], plugin_filter[:block])
119	122	end
...	...
...	...	@@ -68,7 +68,8 @@ class BoxOrganizerController < ApplicationController
68	68	raise ArgumentError.new("Type %s is not allowed. Go away." % type)
69	69	end
70	70	else
71		- @block_types = available_blocks
	71	+ @center_block_types = Box.acceptable_center_blocks & available_blocks
	72	+ @side_block_types = Box.acceptable_side_blocks & available_blocks
72	73	@boxes = boxes_holder.boxes
73	74	render :action => 'add_block', :layout => false
74	75	end
...	...
...	...	@@ -5,7 +5,7 @@ class ProfileDesignController < BoxOrganizerController
5	5	protect 'edit_profile_design', :profile
6	6
7	7	def available_blocks
8		- blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock, LinkListBlock, MyNetworkBlock, FeedReaderBlock, ProfileImageBlock, LocationBlock, SlideshowBlock, ProfileSearchBlock ]
	8	+ blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock, LinkListBlock, MyNetworkBlock, FeedReaderBlock, ProfileImageBlock, LocationBlock, SlideshowBlock, ProfileSearchBlock, HighlightsBlock ]
9	9
10	10	# blocks exclusive for organizations
11	11	if profile.has_members?
...	...
...	...	@@ -0,0 +1,40 @@
	1	+class SpamController < MyProfileController
	2	+
	3	+ protect :moderate_comments, :profile
	4	+
	5	+ def index
	6	+ if request.post?
	7	+ begin
	8	+ # FIXME duplicated logic
	9	+ #
	10	+ # This logic more or less replicates what is already in
	11	+ # ContentViewerController#view_page,
	12	+ # ContentViewerController#remove_comment and
	13	+ # ContentViewerController#mark_comment_as_spam
	14	+ if params[:remove_comment]
	15	+ profile.comments_received.find(params[:remove_comment]).destroy
	16	+ end
	17	+ if params[:mark_comment_as_ham]
	18	+ profile.comments_received.find(params[:mark_comment_as_ham]).ham!
	19	+ end
	20	+ if request.xhr?
	21	+ json_response(true)
	22	+ else
	23	+ redirect_to :action => :index
	24	+ end
	25	+ rescue
	26	+ json_response(false)
	27	+ end
	28	+ return
	29	+ end
	30	+
	31	+ @spam = profile.comments_received.spam.paginate({:page => params[:page]})
	32	+ end
	33	+
	34	+ protected
	35	+
	36	+ def json_response(status)
	37	+ render :text => {'ok' => status }.to_json, :content_type => 'application/json'
	38	+ end
	39	+
	40	+end
...	...
...	...	@@ -25,11 +25,13 @@ class AccountController < ApplicationController
25	25
26	26	# action to perform login to the application
27	27	def login
28		- @user = User.new
29		- @person = @user.build_person
30	28	store_location(request.referer) unless session[:return_to]
31	29	return unless request.post?
32		- self.current_user = User.authenticate(params[:user][:login], params[:user][:password], environment) if params[:user]
	30	+
	31	+ self.current_user = plugins_alternative_authentication
	32	+
	33	+ self.current_user \|\|= User.authenticate(params[:user][:login], params[:user][:password], environment) if params[:user]
	34	+
33	35	if logged_in?
34	36	if params[:remember_me] == "1"
35	37	self.current_user.remember_me
...	...	@@ -41,7 +43,6 @@ class AccountController < ApplicationController
41	43	end
42	44	else
43	45	session[:notice] = _('Incorrect username or password') if redirect?
44		- redirect_to :back if redirect?
45	46	end
46	47	end
47	48
...	...	@@ -56,6 +57,11 @@ class AccountController < ApplicationController
56	57
57	58	# action to register an user to the application
58	59	def signup
	60	+ if @plugins.dispatch(:allow_user_registration).include?(false)
	61	+ redirect_back_or_default(:controller => 'home')
	62	+ session[:notice] = _("This environment doesn't allow user registration.")
	63	+ end
	64	+
59	65	@invitation_code = params[:invitation_code]
60	66	begin
61	67	if params[:user]
...	...	@@ -125,6 +131,10 @@ class AccountController < ApplicationController
125	131	#
126	132	# Posts back.
127	133	def forgot_password
	134	+ if @plugins.dispatch(:allow_password_recovery).include?(false)
	135	+ redirect_back_or_default(:controller => 'home')
	136	+ session[:notice] = _("This environment doesn't allow password recovery.")
	137	+ end
128	138	@change_password = ChangePassword.new(params[:change_password])
129	139
130	140	if request.post?
...	...	@@ -316,4 +326,13 @@ class AccountController < ApplicationController
316	326	end
317	327	end
318	328
	329	+ def plugins_alternative_authentication
	330	+ user = nil
	331	+ @plugins.each do \|plugin\|
	332	+ user = plugin.alternative_authentication
	333	+ break unless user.nil?
	334	+ end
	335	+ user
	336	+ end
	337	+
319	338	end
...	...
...	...	@@ -2,6 +2,8 @@ class ContentViewerController < ApplicationController
2	2
3	3	needs_profile
4	4
	5	+ before_filter :comment_author, :only => :edit_comment
	6	+
5	7	helper ProfileHelper
6	8	helper TagsHelper
7	9
...	...	@@ -19,7 +21,7 @@ class ContentViewerController < ApplicationController
19	21	unless @page
20	22	page_from_old_path = profile.articles.find_by_old_path(path)
21	23	if page_from_old_path
22		- redirect_to :profile => profile.identifier, :page => page_from_old_path.explode_path
	24	+ redirect_to profile.url.merge(:page => page_from_old_path.explode_path)
23	25	return
24	26	end
25	27	end
...	...	@@ -75,8 +77,14 @@ class ContentViewerController < ApplicationController
75	77	@comment = Comment.new
76	78	end
77	79
78		- if request.post? && params[:remove_comment]
79		- remove_comment
	80	+ if request.post?
	81	+ if params[:remove_comment]
	82	+ remove_comment
	83	+ return
	84	+ elsif params[:mark_comment_as_spam]
	85	+ mark_comment_as_spam
	86	+ return
	87	+ end
80	88	end
81	89
82	90	if @page.has_posts?
...	...	@@ -107,23 +115,46 @@ class ContentViewerController < ApplicationController
107	115	end
108	116	end
109	117
110		- @comments = @page.comments(true).as_thread
111		- @comments_count = @page.comments.count
	118	+ comments = @page.comments.without_spam
	119	+ @comments = comments.as_thread
	120	+ @comments_count = comments.count
112	121	if params[:slideshow]
113	122	render :action => 'slideshow', :layout => 'slideshow'
114	123	end
115	124	end
116	125
	126	+ def edit_comment
	127	+ path = params[:page].join('/')
	128	+ @page = profile.articles.find_by_path(path)
	129	+ @form_div = 'opened'
	130	+ @comment = @page.comments.find_by_id(params[:id])
	131	+ if @comment
	132	+ if request.post?
	133	+ begin
	134	+ @comment.update_attributes(params[:comment])
	135	+ session[:notice] = _('Comment succesfully updated')
	136	+ redirect_to :action => 'view_page', :profile => profile.identifier, :page => @comment.article.explode_path
	137	+ rescue
	138	+ session[:notice] = _('Comment could not be updated')
	139	+ end
	140	+ end
	141	+ else
	142	+ redirect_to @page.view_url
	143	+ session[:notice] = _('Could not find the comment in the article')
	144	+ end
	145	+ end
	146	+
117	147	protected
118	148
119	149	def add_comment
120	150	@comment.author = user if logged_in?
121	151	@comment.article = @page
122	152	@comment.ip_address = request.remote_ip
	153	+ @comment.user_agent = request.user_agent
	154	+ @comment.referrer = request.referrer
123	155	plugins_filter_comment(@comment)
124	156	return if @comment.rejected?
125	157	if (pass_without_comment_captcha? \|\| verify_recaptcha(:model => @comment, :message => _('Please type the words correctly'))) && @comment.save
126		- plugins_comment_saved(@comment)
127	158	@page.touch
128	159	@comment = nil # clear the comment form
129	160	redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
...	...	@@ -138,12 +169,6 @@ class ContentViewerController < ApplicationController
138	169	end
139	170	end
140	171
141		- def plugins_comment_saved(comment)
142		- @plugins.each do \|plugin\|
143		- plugin.comment_saved(comment)
144		- end
145		- end
146		-
147	172	def pass_without_comment_captcha?
148	173	logged_in? && !environment.enabled?('captcha_for_logged_users')
149	174	end
...	...	@@ -153,9 +178,24 @@ class ContentViewerController < ApplicationController
153	178	@comment = @page.comments.find(params[:remove_comment])
154	179	if (user == @comment.author \|\| user == @page.profile \|\| user.has_permission?(:moderate_comments, @page.profile))
155	180	@comment.destroy
156		- session[:notice] = _('Comment succesfully deleted')
157	181	end
158		- redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
	182	+ finish_comment_handling
	183	+ end
	184	+
	185	+ def mark_comment_as_spam
	186	+ @comment = @page.comments.find(params[:mark_comment_as_spam])
	187	+ if logged_in? && (user == @page.profile \|\| user.has_permission?(:moderate_comments, @page.profile))
	188	+ @comment.spam!
	189	+ end
	190	+ finish_comment_handling
	191	+ end
	192	+
	193	+ def finish_comment_handling
	194	+ if request.xhr?
	195	+ render :text => {'ok' => true}.to_json, :content_type => 'application/json'
	196	+ else
	197	+ redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
	198	+ end
159	199	end
160	200
161	201	def per_page
...	...	@@ -181,4 +221,13 @@ class ContentViewerController < ApplicationController
181	221	end
182	222	end
183	223
	224	+ def comment_author
	225	+ comment = Comment.find_by_id(params[:id])
	226	+ if comment
	227	+ render_access_denied if comment.author.blank? \|\| comment.author != user
	228	+ else
	229	+ render_not_found
	230	+ end
	231	+ end
	232	+
184	233	end
...	...
...	...	@@ -212,9 +212,9 @@ class ProfileController < PublicController
212	212	begin
213	213	scrap = current_user.person.scraps(params[:scrap_id])
214	214	scrap.destroy
215		- render :text => _('Scrap successfully removed.')
	215	+ finish_successful_removal 'Scrap successfully removed.'
216	216	rescue
217		- render :text => _('You could not remove this scrap')
	217	+ finish_unsuccessful_removal 'You could not remove this scrap.'
218	218	end
219	219	end
220	220
...	...	@@ -227,9 +227,9 @@ class ProfileController < PublicController
227	227	else
228	228	activity.destroy
229	229	end
230		- render :text => _('Activity successfully removed.')
	230	+ finish_successful_removal 'Activity successfully removed.'
231	231	rescue
232		- render :text => _('You could not remove this activity')
	232	+ finish_unsuccessful_removal 'You could not remove this activity.'
233	233	end
234	234	end
235	235
...	...	@@ -244,6 +244,24 @@ class ProfileController < PublicController
244	244	end
245	245	end
246	246
	247	+ def finish_successful_removal(msg)
	248	+ if request.xhr?
	249	+ render :text => {'ok' => true}.to_json, :content_type => 'application/json'
	250	+ else
	251	+ session[:notice] = _(msg)
	252	+ redirect_to :action => :index
	253	+ end
	254	+ end
	255	+
	256	+ def finish_unsuccessful_removal(msg)
	257	+ session[:notice] = _(msg)
	258	+ if request.xhr?
	259	+ render :text => {'redirect' => url_for(:action => :index)}.to_json, :content_type => 'application/json'
	260	+ else
	261	+ redirect_to :action => :index
	262	+ end
	263	+ end
	264	+
247	265	def profile_info
248	266	begin
249	267	@block = profile.blocks.find(params[:block_id])
...	...	@@ -303,9 +321,10 @@ class ProfileController < PublicController
303	321	@comment = Comment.find(params[:comment_id])
304	322	if (user == @comment.author \|\| user == profile \|\| user.has_permission?(:moderate_comments, profile))
305	323	@comment.destroy
306		- session[:notice] = _('Comment successfully deleted')
	324	+ finish_successful_removal 'Comment successfully removed.'
	325	+ else
	326	+ finish_unsuccessful_removal 'You could not remove this comment.'
307	327	end
308		- redirect_to :action => :index
309	328	end
310	329
311	330	protected
...	...
...	...	@@ -4,10 +4,17 @@ class SearchController < PublicController
4	4	include SearchHelper
5	5	include ActionView::Helpers::NumberHelper
6	6
	7	+ before_filter :redirect_asset_param, :except => [:facets_browse, :assets]
7	8	before_filter :load_category
8	9	before_filter :load_search_assets
9	10	before_filter :load_query
10	11
	12	+ # Backwards compatibility with old URLs
	13	+ def redirect_asset_param
	14	+ return unless params.has_key?(:asset)
	15	+ redirect_to params.merge(:action => params.delete(:asset))
	16	+ end
	17	+
11	18	no_design_blocks
12	19
13	20	def facets_browse
...	...	@@ -250,10 +257,9 @@ class SearchController < PublicController
250	257	end
251	258
252	259	def limit
253		- searching = @searching.values.select{ \|v\| v }
254		- if params[:display] == 'map'
	260	+ if map_search?
255	261	MAP_SEARCH_LIMIT
256		- elsif searching.size <= 1
	262	+ elsif !multiple_search?
257	263	if [:people, :communities].include? @asset
258	264	BLOCKS_SEARCH_LIMIT
259	265	elsif @asset == :enterprises and @empty_query
...	...	@@ -267,31 +273,34 @@ class SearchController < PublicController
267	273	end
268	274
269	275	def paginate_options(page = params[:page])
	276	+ page = 1 if multiple_search? or params[:display] == 'map'
270	277	{ :per_page => limit, :page => page }
271	278	end
272	279
273	280	def full_text_search(filters = [], options = {})
274	281	paginate_options = paginate_options(params[:page])
275	282	asset_class = asset_class(@asset)
276		-
277	283	solr_options = options
278		- if !@results_only and asset_class.respond_to? :facets
279		- solr_options.merge! asset_class.facets_find_options(params[:facet])
280		- solr_options[:all_facets] = true
281		- solr_options[:limit] = 0 if @facets_only
282		- end
283		- solr_options[:filter_queries] \|\|= []
284		- solr_options[:filter_queries] += filters
285		- solr_options[:filter_queries] << "environment_id:#{environment.id}"
286		- solr_options[:filter_queries] << asset_class.facet_category_query.call(@category) if @category
287		-
288		- solr_options[:boost_functions] \|\|= []
289		- params[:order_by] = nil if params[:order_by] == 'none'
290		- if params[:order_by]
291		- order = SortOptions[@asset][params[:order_by].to_sym]
292		- raise "Unknown order by" if order.nil?
293		- order[:solr_opts].each do \|opt, value\|
294		- solr_options[opt] = value.is_a?(Proc) ? instance_eval(&value) : value
	284	+ pg_options = paginate_options(params[:page])
	285	+
	286	+ if !multiple_search?
	287	+ if !@results_only and asset_class.respond_to? :facets
	288	+ solr_options.merge! asset_class.facets_find_options(params[:facet])
	289	+ solr_options[:all_facets] = true
	290	+ end
	291	+ solr_options[:filter_queries] \|\|= []
	292	+ solr_options[:filter_queries] += filters
	293	+ solr_options[:filter_queries] << "environment_id:#{environment.id}"
	294	+ solr_options[:filter_queries] << asset_class.facet_category_query.call(@category) if @category
	295	+
	296	+ solr_options[:boost_functions] \|\|= []
	297	+ params[:order_by] = nil if params[:order_by] == 'none'
	298	+ if params[:order_by]
	299	+ order = SortOptions[@asset][params[:order_by].to_sym]
	300	+ raise "Unknown order by" if order.nil?
	301	+ order[:solr_opts].each do \|opt, value\|
	302	+ solr_options[opt] = value.is_a?(Proc) ? instance_eval(&value) : value
	303	+ end
295	304	end
296	305	end
297	306
...	...