Merge branch 'master' into rails3

Conflicts: app/helpers/boxes_helper.rb app/models/comment.rb app/views/comment/_comment.rhtml app/views/comment/_comment_form.rhtml app/views/content_viewer/_comment.html.erb app/views/content_viewer/_comment.rhtml app/views/content_viewer/_comment_form.html.erb app/views/content_viewer/_comment_form.rhtml app/views/profile/send_mail.html.erb config/routes.rb debian/control

Merge branch 'master' into rails3
Conflicts: app/helpers/boxes_helper.rb app/models/comment.rb app/views/comment/_comment.rhtml app/views/comment/_comment_form.rhtml app/views/content_viewer/_comment.html.erb app/views/content_viewer/_comment.rhtml app/views/content_viewer/_comment_form.html.erb app/views/content_viewer/_comment_form.rhtml app/views/profile/send_mail.html.erb config/routes.rb debian/control
Antonio Terceiro
2 parents 212e8b0b c5635326
Showing 147 changed files with 4492 additions and 1529 deletions Show diff stats
AUTHORS
INSTALL.chat
RELEASING
app/controllers/admin/trusted_sites_controller.rb
app/controllers/application_controller.rb
app/controllers/my_profile/cms_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/catalog_controller.rb
app/controllers/public/comment_controller.rb
app/controllers/public/content_viewer_controller.rb
app/controllers/public/profile_controller.rb
app/helpers/application_helper.rb
app/helpers/article_helper.rb
app/helpers/boxes_helper.rb
app/helpers/catalog_helper.rb
app/helpers/comment_helper.rb
app/helpers/content_viewer_helper.rb
app/helpers/forms_helper.rb
app/helpers/forum_helper.rb
app/helpers/layout_helper.rb
@@ -110,6 +110,7 @@ Diego Martinez &lt;diegoamc90@gmail.com&gt;
 Diego Martinez <diego@diego-K55A.(none)>
 Diego + Renan <renanteruoc@gmail.com>
 Fernanda Lopes <nanda.listas+psl@gmail.com>
+Francisco Marcelo de Araujo Lima Junior <79350259591@serpro-1457614.(none)>
 Grazieno Pellegrino <grazieno@gmail.com>
 Isaac Canan <isaac@intelletto.com.br>
 Italo Valcy <italo@dcc.ufba.br>
@@ -153,6 +154,7 @@ Leandro Nunes dos Santos &lt;leandronunes@gmail.com&gt;
 Leandro Nunes dos Santos <leandro.santos@serpro.gov.br>
 LinguÁgil 2010 <linguagil.bahia@gmail.com>
 Lucas Melo <lucas@colivre.coop.br>
+Lucas Melo <lucaspradomelo@gmail.com>
 Luis David Aguilar Carlos <ludwig9003@gmail.com>
 Martín Olivera <molivera@solar.org.ar>
 Moises Machado <moises@colivre.coop.br>
@@ -6,15 +6,13 @@ To configure XMPP/BOSH in Noosfero you need:
 * SystemTimer - http://ph7spot.com/musings/system-timer
 * Pidgin data files - http://www.pidgin.im/
  
-If you use Debian Lenny:
+If you use Debian Wheezy:
  
-# apt-get install librestclient-ruby (from backports)
-# apt-get install pidgin-data
-# apt-get install ruby1.8-dev
+# apt-get install librestclient-ruby pidgin-data ruby1.8-dev
 # gem install SystemTimer
  
-Take a look at util/chat directory to see samples of config file to configure a
-XMPP/BOSH server with ejabberd, postgresql and apache2.
+The samples of config file to configure a XMPP/BOSH server with
+ejabberd, postgresql and apache2 can be found at util/chat directory.
  
 == XMPP/Chat Server Setup
  
@@ -22,8 +20,7 @@ This is a step-by-step guide to get a XMPP service working, in a Debian system.
  
 1. Install the required packages
  
-# apt-get -t lenny-backports install ejabberd
-# apt-get install odbc-postgresql
+# apt-get install ejabberd odbc-postgresql
  
 2. Ejabberd configuration
  
@@ -108,7 +105,7 @@ Unused modules can be disabled, for example:
  * web_admin
  * mod_pubsub
  * mod_irc
- * mod_offine
+ * mod_offline
  * mod_admin_extra
  * mod_register
  
@@ -132,7 +129,7 @@ This will create a new schema inside the noosfero database, called &#39;ejabberd&#39;.
  
 Note 'noosfero' user should have permission to create Postgresql schemas. Also,
 there should be at least one domain with 'is_default = true' in 'domains'
-table, otherwise people couldn't see your friends online.
+table, otherwise people won't be able to see their friends online.
  
  
 4. ODBC configuration
@@ -168,9 +165,12 @@ Debug       = 0
 CommLog     = 1
 UsageCount  = 3
  
- * testing all:
+ 4.1 testing all:
  
-# isql 'PostgreSQLEjabberdNoosfero' DBUSER
+# isql 'PostgreSQLEjabberdNoosfero'
+
+If the configuration was done right, the message "Connected!"
+will be displayed.
  
  
 5. Enabling kernel polling and SMP in /etc/default/ejabberd
@@ -19,11 +19,12 @@ To prepare a release of noosfero, you must follow the steps below:
  
 * Finish all requirements and bugs assigned to the to-be-released version
 * Make sure all tests pass
-* Change the version in lib/noosfero.rb and debian/changelog to the
-  to-be-released version (e.g. 0.2.0, 0.3.1)
 * Write release notes at the version's wiki topic
-* Generate packages with <tt>rake noosfero:release</tt>. Your tarball and deb
-  pkg will be under the pkg/ directory. This task will create a git tag too.
+* Generate packages with <tt>rake noosfero:release[(stable|test)]</tt>. This task will:
+  * Update the version in lib/noosfero.rb and debian/changelog.
+  * Create the tarbal and the deb pkg under pkg/ directory.
+  * Create a git tag and push it.
+  * Upload the pkg to the configured repository (if configured) on ~/.dput.cf.
 * Test that the tarball and deb package are ok
 * Go to the version's wiki topic and edit it to reflect the new reality
 * Edit the topic WebPreferences and update DEBIAN_REPOSITORY_TOPICS setting
@@ -31,7 +32,6 @@ To prepare a release of noosfero, you must follow the steps below:
   sha1 of the package (with sha1sum and paste the SHA1 hash as comment in the
   attachment form)
 * Download the attached and verify the MD5 hash
-* Push the new version tag (with git push --tags)
 * Update an eventual demonstration version that you run.
 * Write an announcement e-mail to the relevant mailing lists pointing to the
   release notes, and maybe to the demonstration version.
@@ -0,0 +1,82 @@
+class TrustedSitesController < AdminController
+  protect 'manage_environment_trusted_sites', :environment
+
+  def index
+    @sites = environment.trusted_sites_for_iframe
+  end
+
+  def new
+    @site = ""
+  end
+
+  def create
+    if add_trusted_site(params[:site])
+      session[:notice] = _('New trusted site added.')
+      redirect_to :action => 'index'
+    else
+      session[:notice] = _('Failed to add trusted site.')
+      render :action => 'new'
+    end
+  end
+
+  def edit
+    if is_trusted_site? params[:site]
+      @site = params[:site]
+    else
+      session[:notice] = _('Trusted site was not found')
+      redirect_to :action => 'index'
+    end
+  end
+
+  def update
+    site = params[:site]
+    orig_site = params[:orig_site]
+    if rename_trusted_site(orig_site, site)
+      redirect_to :action => 'edit', :site => @site
+    else
+      session[:notice] = _('Failed to edit trusted site.')
+      render :action => 'edit'
+    end
+  end
+
+  def destroy
+    if delete_trusted_site(params[:site])
+      session[:notice] = _('Trusted site removed')
+    else
+      session[:notice] = _('Trusted site could not be removed')
+    end
+    redirect_to :action => 'index'
+  end
+
+  protected
+  def add_trusted_site (site)
+    trusted_sites = environment.trusted_sites_for_iframe
+    trusted_sites << site
+    environment.trusted_sites_for_iframe = trusted_sites
+    environment.save
+  end
+
+  def rename_trusted_site(orig_site, site)
+    trusted_sites = environment.trusted_sites_for_iframe
+    i = trusted_sites.index orig_site
+    if i.nil?
+      return false
+    else
+      trusted_sites[i] = site
+      environment.trusted_sites_for_iframe = trusted_sites
+      environment.save
+    end
+  end
+
+
+  def delete_trusted_site (site)
+    trusted_sites = environment.trusted_sites_for_iframe
+    trusted_sites.delete site
+    environment.trusted_sites_for_iframe = trusted_sites
+    environment.save
+  end
+
+  def is_trusted_site? (site)
+    environment.trusted_sites_for_iframe.include? site
+  end
+end
@@ -6,6 +6,20 @@ class ApplicationController &lt; ActionController::Base
   before_filter :setup_multitenancy
   before_filter :detect_stuff_by_domain
   before_filter :init_noosfero_plugins
+  before_filter :allow_cross_domain_access
+
+  def allow_cross_domain_access
+    origin = request.headers['Origin']
+    return if origin.blank?
+    if environment.access_control_allow_origin.include? origin
+      response.headers["Access-Control-Allow-Origin"] = origin
+      unless environment.access_control_allow_methods.blank?
+        response.headers["Access-Control-Allow-Methods"] = environment.access_control_allow_methods
+      end
+    elsif environment.restrict_to_access_control_origins
+      render_access_denied _('Origin not in allowed.')
+    end
+  end
  
   include ApplicationHelper
   layout :get_layout
@@ -82,11 +96,10 @@ class ApplicationController &lt; ActionController::Base
     false
   end
  
-
   def user
     current_user.person if logged_in?
   end
-  
+
   alias :current_person :user
  
   # TODO: move this logic somewhere else (Domain class?)
@@ -104,6 +117,12 @@ class ApplicationController &lt; ActionController::Base
     else
       @environment = @domain.environment
       @profile = @domain.profile
+
+      # Check if the requested profile belongs to another domain
+      if @profile && !params[:profile].blank? && params[:profile] != @profile.identifier
+        @profile = @environment.profiles.find_by_identifier params[:profile]
+        redirect_to params.merge(:host => @profile.default_hostname)
+      end
     end
   end
  
@@ -156,7 +175,7 @@ class ApplicationController &lt; ActionController::Base
   def find_by_contents(asset, scope, query, paginate_options={:page => 1}, options={})
     scope = scope.send(options[:filter]) if options[:filter]
  
-    @plugins.first(:find_by_contents, asset, scope, query, paginate_options, options) ||
+    @plugins.dispatch_first(:find_by_contents, asset, scope, query, paginate_options, options) ||
     fallback_find_by_contents(asset, scope, query, paginate_options, options)
   end
  
@@ -182,7 +182,14 @@ class CmsController &lt; MyProfileController
     if request.post?
       @article.destroy
       session[:notice] = _("\"#{@article.name}\" was removed.")
-      redirect_to :action => (@article.parent ? 'view' : 'index'), :id => @article.parent
+      referer = ActionController::Routing::Routes.recognize_path URI.parse(request.referer).path rescue nil
+      if referer and referer[:controller] == 'cms'
+        redirect_to referer
+      elsif @article.parent
+        redirect_to @article.parent.url
+      else
+        redirect_to profile.url
+      end
     end
   end
  
@@ -26,7 +26,8 @@ class AccountController &lt; ApplicationController
  
   # action to perform login to the application
   def login
-    store_location(request.referer) unless session[:return_to]
+    store_location(request.referer) unless params[:return_to] or session[:return_to]
+
     return unless request.post?
  
     self.current_user = plugins_alternative_authentication
@@ -125,7 +126,7 @@ class AccountController &lt; ApplicationController
   def change_password
     if request.post?
       @user = current_user
-      begin 
+      begin
         @user.change_password!(params[:current_password],
                                params[:new_password],
                                params[:new_password_confirmation])
@@ -218,7 +219,7 @@ class AccountController &lt; ApplicationController
     @question = @enterprise.question
     return unless check_answer
     return unless check_acceptance_of_terms
-    
+
     activation = load_enterprise_activation
     if activation && user
       activation.requestor = user
@@ -355,7 +356,9 @@ class AccountController &lt; ApplicationController
   end
  
   def go_to_initial_page
-    if environment.enabled?('allow_change_of_redirection_after_login')
+    if params[:return_to]
+      redirect_to params[:return_to]
+    elsif environment.enabled?('allow_change_of_redirection_after_login')
       case user.preferred_login_redirection
         when 'keep_on_same_page'
           redirect_back_or_default(user.admin_url)
@@ -5,15 +5,14 @@ class CatalogController &lt; PublicController
   before_filter :check_enterprise_and_environment
  
   def index
-    @category = params[:level] ? ProductCategory.find(params[:level]) : nil
-    @products = @profile.products.from_category(@category).paginate(:order => 'available desc, highlighted desc, name asc', :per_page => 9, :page => params[:page])
-    @categories = ProductCategory.on_level(params[:level]).order(:name)
+    extend CatalogHelper
+    catalog_load_index
   end
  
   protected
  
   def check_enterprise_and_environment
-    unless @profile.kind_of?(Enterprise) && !@profile.environment.enabled?('disable_products_for_enterprises')
+    unless profile.kind_of?(Enterprise) && !profile.environment.enabled?('disable_products_for_enterprises')
       redirect_to :controller => 'profile', :profile => profile.identifier, :action => 'index'
     end
   end
@@ -0,0 +1,164 @@
+class CommentController < ApplicationController
+
+  needs_profile
+
+  before_filter :can_update?, :only => [:edit, :update]
+
+  def create
+    begin
+      @page = profile.articles.find(params[:id])
+    rescue
+      @page = nil
+    end
+
+    # page not found, give error
+    if @page.nil?
+      respond_to do |format|
+        format.js do
+           render :json => { :msg => _('Page not found.')}
+         end
+       end
+      return
+    end
+
+    unless @page.accept_comments?
+      respond_to do |format|
+        format.js do
+           render :json => { :msg => _('Comment not allowed in this article')}
+         end
+       end
+      return
+    end
+
+    @comment = Comment.new(params[:comment])
+    @comment.author = user if logged_in?
+    @comment.article = @page
+    @comment.ip_address = request.remote_ip
+    @comment.user_agent = request.user_agent
+    @comment.referrer = request.referrer
+    @plugins.dispatch(:filter_comment, @comment)
+
+    if @comment.rejected?
+      respond_to do |format|
+        format.js do
+           render :json => { :msg => _('Comment was rejected')}
+         end
+       end
+      return
+    end
+
+    if !@comment.valid? || (not pass_without_comment_captcha? and not verify_recaptcha(:model => @comment, :message => _('Please type the words correctly')))
+      respond_to do |format|
+        format.js do
+          render :json => {
+             :render_target => 'form',
+             :html => render_to_string(:partial => 'comment_form', :object => @comment, :locals => {:comment => @comment, :display_link => true, :show_form => true})
+          }
+        end
+      end
+      return
+    end
+
+    if @comment.need_moderation?
+      @comment.created_at = Time.now
+      ApproveComment.create!(:requestor => @comment.author, :target => profile, :comment_attributes => @comment.attributes.to_json)
+
+      respond_to do |format|
+        format.js do
+          render :json => { :render_target => nil, :msg => _('Your comment is waiting for approval.') }
+        end
+      end
+      return
+    end
+
+    @comment.save
+
+    respond_to do |format|
+      format.js do
+        comment_to_render = @comment.comment_root
+        render :json => { 
+            :render_target => comment_to_render.anchor,
+            :html => render_to_string(:partial => 'comment', :locals => {:comment => comment_to_render, :display_link => true}),
+            :msg => _('Comment successfully created.')
+         }
+      end
+    end
+  end
+
+  def destroy
+    comment = profile.comments_received.find(params[:id])
+
+    if comment && comment.can_be_destroyed_by?(user) && comment.destroy
+      render :text => {'ok' => true}.to_json, :content_type => 'application/json'
+    else
+      session[:notice] = _("The comment was not removed.")
+      render :text => {'ok' => false}.to_json, :content_type => 'application/json'
+    end
+  end
+
+  def mark_as_spam
+    comment = profile.comments_received.find(params[:id])
+    if comment.can_be_marked_as_spam_by?(user)
+      comment.spam!
+      render :text => {'ok' => true}.to_json, :content_type => 'application/json'
+    else
+      session[:notice] = _("You couldn't mark this comment as spam.")
+      render :text => {'ok' => false}.to_json, :content_type => 'application/json'
+    end
+  end
+
+  def edit
+    render :partial => "comment_form", :locals => {:comment => @comment, :display_link => params[:reply_of_id].present?, :edition_mode => true, :show_form => true}
+  end
+
+  def update
+    if @comment.update_attributes(params[:comment])
+      respond_to do |format|
+        format.js do
+          comment_to_render = @comment.comment_root
+          render :json => {
+            :ok => true,
+            :render_target => comment_to_render.anchor,
+            :html => render_to_string(:partial => 'comment', :locals => {:comment => comment_to_render})
+          }
+        end
+      end
+    else
+     respond_to do |format|
+       format.js do
+         render :json => {
+           :ok => false,
+           :render_target => 'form',
+           :html => render_to_string(:partial => 'comment_form', :object => @comment, :locals => {:comment => @comment, :display_link => false, :edition_mode => true, :show_form => true})
+         }
+       end
+     end
+   end
+  end
+
+  def check_actions
+    comment = profile.comments_received.find(params[:id])
+    ids = @plugins.dispatch(:check_comment_actions, comment).collect do |action|
+      action.kind_of?(Proc) ? self.instance_eval(&action) : action
+    end.flatten.compact
+    render :json => {:ids => ids}
+  end
+
+  protected
+
+  def pass_without_comment_captcha?
+    logged_in? && !environment.enabled?('captcha_for_logged_users')
+  end
+  helper_method :pass_without_comment_captcha?
+
+  def can_update?
+    begin
+      @comment = profile.comments_received.find(params[:id])
+      raise ActiveRecord::RecordNotFound unless @comment.can_be_updated_by?(user) # Not reveal that the comment exists
+    rescue ActiveRecord::RecordNotFound
+      render_not_found
+      return
+    end
+  end
+
+end
@@ -2,8 +2,6 @@ class ContentViewerController &lt; ApplicationController
  
   needs_profile
  
-  before_filter :comment_author, :only => :edit_comment
-
   helper ProfileHelper
   helper TagsHelper
  
@@ -70,24 +68,8 @@ class ContentViewerController &lt; ApplicationController
  
     @form_div = params[:form]
  
-    if params[:comment] && params[:confirm] == 'true'
-      @comment = Comment.new(params[:comment])
-      if request.post? && @page.accept_comments?
-        add_comment
-      end
-    else
-      @comment = Comment.new
-    end
-
-    if request.post?
-      if params[:remove_comment]
-        remove_comment
-        return
-      elsif params[:mark_comment_as_spam]
-        mark_comment_as_spam
-        return
-      end
-    end
+    #FIXME see a better way to do this. It's not need to pass this variable anymore
+    @comment = Comment.new
  
     if @page.has_posts?
       posts = if params[:year] and params[:month]
@@ -117,89 +99,18 @@ class ContentViewerController &lt; ApplicationController
       end
     end
  
-    comments = @page.comments.without_spam
-    @comments = comments.as_thread
-    @comments_count = comments.count
+    @comments = @page.comments.without_spam
+    @comments_count = @comments.count
+    @comments = @plugins.filter(:unavailable_comments, @comments.without_reply)
+    @comments = @comments.paginate(:per_page => per_page, :page => params[:comment_page] )
+
     if params[:slideshow]
       render :action => 'slideshow', :layout => 'slideshow'
     end
   end
  
-  def edit_comment
-    path = params[:page].join('/')
-    @page = profile.articles.find_by_path(path)
-    @form_div = 'opened'
-    @comment = @page.comments.find_by_id(params[:id])
-    if @comment
-      if request.post?
-        begin
-          @comment.update_attributes(params[:comment])
-          session[:notice] = _('Comment succesfully updated')
-          redirect_to :action => 'view_page', :profile => profile.identifier, :page => @comment.article.explode_path
-        rescue
-          session[:notice] = _('Comment could not be updated')
-        end
-      end
-    else
-      redirect_to @page.view_url
-      session[:notice] = _('Could not find the comment in the article')
-    end
-  end
-
   protected
  
-  def add_comment
-    @comment.author = user if logged_in?
-    @comment.article = @page
-    @comment.ip_address = request.remote_ip
-    @comment.user_agent = request.user_agent
-    @comment.referrer = request.referrer
-    plugins_filter_comment(@comment)
-    return if @comment.rejected?
-    if (pass_without_comment_captcha? || verify_recaptcha(:model => @comment, :message => _('Please type the words correctly'))) && @comment.save
-      @page.touch
-      @comment = nil # clear the comment form
-      redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
-    else
-      @form_div = 'opened' if params[:comment][:reply_of_id].blank?
-    end
-  end
-
-  def plugins_filter_comment(comment)
-    @plugins.each do |plugin|
-      plugin.filter_comment(comment)
-    end
-  end
-
-  def pass_without_comment_captcha?
-    logged_in? && !environment.enabled?('captcha_for_logged_users')
-  end
-  helper_method :pass_without_comment_captcha?
-
-  def remove_comment
-    @comment = @page.comments.find(params[:remove_comment])
-    if (user == @comment.author || user == @page.profile || user.has_permission?(:moderate_comments, @page.profile))
-      @comment.destroy
-    end
-    finish_comment_handling
-  end
-
-  def mark_comment_as_spam
-    @comment = @page.comments.find(params[:mark_comment_as_spam])
-    if logged_in? && (user == @page.profile || user.has_permission?(:moderate_comments, @page.profile))
-      @comment.spam!
-    end
-    finish_comment_handling
-  end
-
-  def finish_comment_handling
-    if request.xhr?
-      render :text => {'ok' => true}.to_json, :content_type => 'application/json'
-    else
-      redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
-    end
-  end
-
   def per_page
     12
   end
@@ -223,13 +134,9 @@ class ContentViewerController &lt; ApplicationController
     end
   end
  
-  def comment_author
-    comment = Comment.find_by_id(params[:id])
-    if comment
-      render_access_denied if comment.author.blank? || comment.author != user
-    else
-      render_not_found
-    end
+  def pass_without_comment_captcha?
+    logged_in? && !environment.enabled?('captcha_for_logged_users')
   end
+  helper_method :pass_without_comment_captcha?
  
 end
@@ -278,7 +278,7 @@ class ProfileController &lt; PublicController
   end
  
   def register_report
-    if !verify_recaptcha
+    unless user.is_admin? || verify_recaptcha
       render :text => {
         :ok => false,
         :error => {
@@ -32,6 +32,8 @@ module ApplicationHelper
  
   include AccountHelper
  
+  include CommentHelper
+
   include BlogHelper
  
   include ContentViewerHelper
@@ -956,10 +958,7 @@ module ApplicationHelper
     options.merge!(:page => params[:npage])
     content = article.to_html(options)
     content = content.kind_of?(Proc) ? self.instance_eval(&content).html_safe : content.html_safe
-    @plugins && @plugins.each do |plugin|
-      content = plugin.parse_content(content)
-    end
-    content
+    filter_html(content, article)
   end
  
   # Please, use link_to by default!
@@ -1357,10 +1356,7 @@ module ApplicationHelper
     options[:on_ready] ||= 'null'
  
     result = text_field_tag(name, nil, text_field_options.merge(html_options.merge({:id => element_id})))
-    result +=
-    "
-    <script type='text/javascript'>
-      jQuery('##{element_id}')
+    result += javascript_tag("jQuery('##{element_id}')
       .tokenInput('#{url_for(search_action)}', {
         minChars: #{options[:min_chars].to_json},
         prePopulate: #{options[:pre_populate].to_json},
@@ -1376,16 +1372,15 @@ module ApplicationHelper
         onAdd: #{options[:on_add]},
         onDelete: #{options[:on_delete]},
         onReady: #{options[:on_ready]},
-      })
-    "
-    result += options[:focus] ? ".focus();" : ";"
+      });
+    ")
+    result += javascript_tag("jQuery('##{element_id}').focus();") if options[:focus]
     if options[:avoid_enter]
-      result += "jQuery('#token-input-#{element_id}')
+      result += javascript_tag("jQuery('#token-input-#{element_id}')
                     .live('keydown', function(event){
                     if(event.keyCode == '13') return false;
-                  });"
+                    });")
     end
-    result += "</script>"
     result
   end
  
@@ -1396,12 +1391,12 @@ module ApplicationHelper
   end
  
   def expirable_button(content, action, text, url, options = {})
-    options[:class] = "button with-text icon-#{action.to_s}"
+    options[:class] = ["button with-text icon-#{action.to_s}", options[:class]].compact.join(' ')
     expirable_content_reference content, action, text, url, options
   end
  
   def expirable_comment_link(content, action, text, url, options = {})
-    options[:class] = "comment-footer comment-footer-link comment-footer-hide"
+    options[:class] = ["comment-footer comment-footer-link comment-footer-hide", options[:class]].compact.join(' ')
     expirable_content_reference content, action, text, url, options
   end
  
@@ -1440,6 +1435,29 @@ module ApplicationHelper
     @no_design_blocks = true
   end
  
+  def filter_html(html, source)
+    if @plugins
+      html = convert_macro(html, source)
+      #TODO This parse should be done through the macro infra, but since there
+      #     are old things that do not support it we are keeping this hot spot.
+      html = @plugins.pipeline(:parse_content, html, source).first
+    end
+    html
+  end
+
+  def convert_macro(html, source)
+    doc = Hpricot(html)
+    #TODO This way is more efficient but do not support macro inside of
+    #     macro. You must parse them from the inside-out in order to enable
+    #     that.
+    doc.search('.macro').each do |macro|
+      macro_name = macro['data-macro']
+      result = @plugins.parse_macro(macro_name, macro, source)
+      macro.inner_html = result.kind_of?(Proc) ? self.instance_eval(&result) : result
+    end
+    doc.html
+  end
+
   def default_folder_for_image_upload(profile)
     default_folder = profile.folders.find_by_type('Gallery')
     default_folder = profile.folders.find_by_type('Folder') if default_folder.nil?
@@ -35,7 +35,13 @@ module ArticleHelper
         'div',
         check_box(:article, :notify_comments) +
         content_tag('label', _('I want to receive a notification of each comment written by e-mail'), :for => 'article_notify_comments') +
-        observe_field(:article_accept_comments, :function => "$('article_notify_comments').disabled = ! $('article_accept_comments').checked") 
+        observe_field(:article_accept_comments, :function => "$('article_notify_comments').disabled = ! $('article_accept_comments').checked;$('article_moderate_comments').disabled = ! $('article_accept_comments').checked") 
+      ) +
+
+      content_tag(
+        'div',
+        check_box(:article, :moderate_comments) +
+        content_tag('label', _('I want to approve comments on this article'), :for => 'article_moderate_comments')
       ) +
  
       (article.can_display_hits? ?
@@ -99,8 +99,8 @@ module BoxesHelper
     unless block.visible?
       options[:title] = _("This block is invisible. Your visitors will not see it.")
     end
-    controller.send(:content_editor?) || @plugins.each do |plugin|
-      result = plugin.parse_content(result)
+    if @controller.send(:content_editor?)
+      result = filter_html(result, block)
     end
     box_decorator.block_target(block.box, block) +
       content_tag('div',
@@ -3,9 +3,18 @@ module CatalogHelper
   include DisplayHelper
   include ManageProductsHelper
  
+  def catalog_load_index options = {:page => params[:page], :show_categories => true}
+    if options[:show_categories]
+      @category = params[:level] ? ProductCategory.find(params[:level]) : nil
+      @categories = ProductCategory.on_level(params[:level]).order(:name)
+    end
+
+    @products = profile.products.from_category(@category).paginate(:order => 'available desc, highlighted desc, name asc', :per_page => 9, :page => options[:page])
+  end
+
   def breadcrumb(category)
-    start = link_to(_('Start'), {:action => 'index'})
-    ancestors = category.ancestors.map { |c| link_to(c.name, {:action => 'index', :level => c.id}) }.reverse
+    start = link_to(_('Start'), {:controller => :catalog, :action => 'index'})
+    ancestors = category.ancestors.map { |c| link_to(c.name, {:controller => :catalog, :action => 'index', :level => c.id}) }.reverse
     current_level = content_tag('strong', category.name)
     all_items = [start] + ancestors + [current_level]
     content_tag('div', all_items.join(' &rarr; '), :id => 'breadcrumb')
@@ -15,7 +24,7 @@ module CatalogHelper
     count = profile.products.from_category(category).count
     name = truncate(category.name, :length => 22 - count.to_s.size)
     link_name = sub ? name : content_tag('strong', name)
-    link = link_to(link_name, {:action => 'index', :level => category.id}, :title => category.name)
+    link = link_to(link_name, {:controller => :catalog, :action => 'index', :level => category.id}, :title => category.name)
     content_tag('li', "#{link} (#{count})") if count > 0
   end
  
@@ -0,0 +1,70 @@
+module CommentHelper
+
+  def article_title(article, args = {})
+    title = article.title
+    title = article.display_title if article.kind_of?(UploadedFile) && article.image?
+    title = content_tag('h1', h(title), :class => 'title')
+    if article.belongs_to_blog?
+      unless args[:no_link]
+        title = content_tag('h1', link_to(article.name, article.url), :class => 'title')
+      end
+      comments = ''
+      unless args[:no_comments] || !article.accept_comments
+        comments = (" - %s") % link_to_comments(article)
+      end
+      title << content_tag('span',
+        content_tag('span', show_date(article.published_at), :class => 'date') +
+        content_tag('span', [_(", by %s") % link_to(article.author_name, article.author_url)], :class => 'author') +
+        content_tag('span', comments, :class => 'comments'),
+        :class => 'created-at'
+      )
+    end
+    title
+  end
+
+  def comment_actions(comment)
+    url = url_for(:profile => profile.identifier, :controller => :comment, :action => :check_actions, :id => comment.id)
+    links = links_for_comment_actions(comment)
+    content_tag(:li, link_to(content_tag(:span, _('Contents menu')), '#', :onclick => "toggleSubmenu(this,'',#{links.to_json}); return false", :class => 'menu-submenu-trigger comment-trigger', :url => url), :class=> 'vcard') unless links.empty?
+  end
+
+  private
+
+  def links_for_comment_actions(comment)
+    actions = [link_for_report_abuse(comment), link_for_spam(comment), link_for_edit(comment), link_for_remove(comment)]
+    @plugins.dispatch(:comment_actions, comment).collect do |action|
+      actions << (action.kind_of?(Proc) ? self.instance_eval(&action) : action)
+    end
+    actions.flatten.compact
+  end
+
+  def link_for_report_abuse(comment)
+    if comment.author
+      report_abuse_link = report_abuse(comment.author, :comment_link, comment)
+      {:link => report_abuse_link} if report_abuse_link
+    end
+  end
+
+  def link_for_spam(comment)
+    if comment.can_be_marked_as_spam_by?(user)
+      if comment.spam?
+        {:link => link_to_function(_('Mark as NOT SPAM'), 'remove_comment(this, %s); return false;' % url_for(:profile => profile.identifier, :mark_comment_as_ham => comment.id).to_json, :class => 'comment-footer comment-footer-link comment-footer-hide')}
+      else
+        {:link => link_to_function(_('Mark as SPAM'), 'remove_comment(this, %s, %s); return false;' % [url_for(:profile => profile.identifier, :controller => 'comment', :action => :mark_as_spam, :id => comment.id).to_json, _('Are you sure you want to mark this comment as SPAM?').to_json], :class => 'comment-footer comment-footer-link comment-footer-hide')}
+      end
+    end
+  end
+
+  def link_for_edit(comment)
+    if comment.can_be_updated_by?(user)
+      {:link => expirable_comment_link(comment, :edit, _('Edit'), url_for(:profile => profile.identifier, :controller => :comment, :action => :edit, :id => comment.id),:class => 'colorbox')}
+    end
+  end
+
+  def link_for_remove(comment)
+    if comment.can_be_destroyed_by?(user)
+      {:link => link_to_function(_('Remove'), 'remove_comment(this, %s, %s); return false ;' % [url_for(:profile => profile.identifier, :controller => 'comment', :action => :destroy, :id => comment.id).to_json, _('Are you sure you want to remove this comment and all its replies?').to_json], :class => 'comment-footer comment-footer-link comment-footer-hide remove-children')}
+    end
+  end
+
+end
@@ -3,13 +3,14 @@ module ContentViewerHelper
   include BlogHelper
   include ForumHelper
  
+  def display_number_of_comments(n)
+    base_str = "<span class='comment-count hide'>#{n}</span>"
+    amount_str = n == 0 ? _('no comments yet') : (n == 1 ? _('One comment') : _('%s comments') % n)
+    base_str + "<span class='comment-count-write-out'>#{amount_str}</span>"
+  end
+
   def number_of_comments(article)
-    n = article.comments.without_spam.count
-    if n == 0
-     _('No comments yet')
-    else
-     n_('One comment', '<span class="comment-count">%{comments}</span> comments', n) % { :comments => n }
-    end
+    display_number_of_comments(article.comments.without_spam.count)
   end
  
   def article_title(article, args = {})
@@ -244,7 +244,7 @@ module FormsHelper
         yearSuffix: #{datepicker_options[:year_suffix].to_json}
       })
     </script>
-    "
+    ".html_safe
     result
   end
  
@@ -29,9 +29,9 @@ module ForumHelper
       css_add << 'not-published' if !art.published?
       css_add << position
       content << content_tag('tr',
-                             content_tag('td', link_to(art.title, art.url)) +
-                             content_tag('td', link_to(art.comments.count, art.url.merge(:anchor => 'comments_list'))) +
-                             content_tag('td', last_topic_update(art)),
+                             content_tag('td', link_to(art.title, art.url), :class => "forum-post-title") +
+                             content_tag('td', link_to(art.comments.count, art.url.merge(:anchor => 'comments_list')), :class => "forum-post-answers") +
+                             content_tag('td', last_topic_update(art), :class => "forum-post-last-answer"),
                              :class => 'forum-post ' + css_add.join(' '),
                              :id => "post-#{art.id}"
                             )
@@ -84,5 +84,11 @@ module LayoutHelper
     theme_path + '/style.css'
   end
  
+  def addthis_javascript
+    if NOOSFERO_CONF['addthis_enabled']
+      '<script src="http://s7.addthis.com/js/152/addthis_widget.js"></script>'
+    end
+  end
+
 end
  
@@ -0,0 +1,92 @@
+module MacrosHelper
+
+  def macros_in_menu
+    @plugins.dispatch(:macros).reject{ |macro| macro.configuration[:icon_path] }
+  end
+
+  def macros_with_buttons
+    @plugins.dispatch(:macros).reject{ |macro| !macro.configuration[:icon_path] }
+  end
+
+  def macro_title(macro)
+    macro.configuration[:title] || macro.name.humanize
+  end
+
+  def generate_macro_config_dialog(macro)
+    if macro.configuration[:skip_dialog]
+      "function(){#{macro_generator(macro)}}"
+    else
+      "function(){
+        jQuery('<div>'+#{macro_configuration_dialog(macro).to_json}+'</div>').dialog({
+          title: #{macro_title(macro).to_json},
+          modal: true,
+          buttons: [
+            {text: #{_('Ok').to_json}, click: function(){
+              tinyMCE.activeEditor.execCommand('mceInsertContent', false,
+              (function(dialog){ #{macro_generator(macro)} })(this));
+              jQuery(this).dialog('close');
+            }},
+            {text: #{_('Cancel').to_json}, click: function(){jQuery(this).dialog('close');}}
+          ]
+        });
+      }"
+    end
+  end
+
+  def include_macro_js_files
+    plugins_javascripts = []
+    @plugins.dispatch(:macros).map do |macro|
+      if macro.configuration[:js_files]
+        macro.configuration[:js_files].map { |js| plugins_javascripts << macro.plugin.public_path(js) }
+      end
+    end
+    javascript_include_tag(plugins_javascripts, :cache => 'cache/plugins-' + Digest::MD5.hexdigest(plugins_javascripts.to_s)) unless plugins_javascripts.empty?
+  end
+
+  def macro_css_files
+    plugins_css = []
+    @plugins.dispatch(:macros).map do |macro|
+      if macro.configuration[:css_files]
+        macro.configuration[:css_files].map { |css| plugins_css << macro.plugin.public_path(css) }
+      end
+    end
+    plugins_css.join(',')
+  end
+
+  protected
+
+  def macro_generator(macro)
+    if macro.configuration[:generator]
+      macro.configuration[:generator]
+    else
+      macro_default_generator(macro)
+    end
+
+  end
+
+  def macro_default_generator(macro)
+    code = "var params = {};"
+    configuration = macro_configuration(macro)
+    configuration[:params].map do |field|
+      code += "params.#{field[:name]} = jQuery('*[name=#{field[:name]}]', dialog).val();"
+    end
+    code + "
+      var html = jQuery('<div class=\"macro mceNonEditable\" data-macro=\"#{macro.identifier}\">'+#{macro_title(macro).to_json}+'</div>')[0];
+      for(key in params) html.setAttribute('data-macro-'+key,params[key]);
+      return html.outerHTML;
+    "
+  end
+
+  def macro_configuration_dialog(macro)
+    macro.configuration[:params].map do |field|
+      label_name = field[:label] || field[:name].to_s.humanize
+      case field[:type]
+      when 'text'
+        labelled_form_field(label_name, text_field_tag(field[:name], field[:default]))
+      when 'select'
+        labelled_form_field(label_name, select_tag(field[:name], options_for_select(field[:values], field[:default])))
+      end
+    end.join("\n")
+  end
+
+end
@@ -0,0 +1,104 @@
+class ApproveComment < Task
+  validates_presence_of :target_id
+
+  settings_items :comment_attributes, :closing_statment
+
+  validates_presence_of :comment_attributes
+
+  def comment
+    @comment ||= Comment.new(JSON.parse(self.comment_attributes)) unless self.comment_attributes.nil?
+  end
+
+  def requestor_name
+    requestor ? requestor.name : (comment.name || _('Anonymous'))
+  end
+
+  def article
+    Article.find_by_id comment.source_id unless self.comment.nil?
+  end
+
+  def article_name
+    article ? article.name : _("Article removed.")
+  end
+
+  def perform
+    comment.save!
+  end
+
+  def title
+    _("New comment to article")
+  end
+
+  def icon
+    result = {:type => :defined_image, :src => '/images/icons-app/article-minor.png'}
+    result.merge!({:url => article.url}) if article
+    result
+  end
+
+  def linked_subject
+    {:text => article_name, :url => article.url} if article
+  end
+
+  def information
+    if article
+      if requestor
+        {:message => _('%{requestor} commented on the the article: %{linked_subject}.')}
+      else
+        { :message => _('%{requestor} commented on the the article: %{linked_subject}.'),
+          :variables => {:requestor => requestor_name} }
+      end
+    else
+      {:message => _("The article was removed.")}
+    end
+  end
+
+  def accept_details
+    true
+  end
+
+  def reject_details
+    true
+  end
+
+  def default_decision
+    if article
+      'skip'
+    else
+      'reject'
+    end
+  end
+
+  def accept_disabled?
+    article.blank?
+  end
+
+  def target_notification_description
+    if article
+      _('%{requestor} wants to comment the article: %{article}.') % {:requestor => requestor_name, :article => article.name}
+    else
+      _('%{requestor} wanted to comment the article but it was removed.') % {:requestor => requestor_name}
+    end
+  end
+
+  def target_notification_message
+    target_notification_description + "\n\n" +
+    _('You need to login on %{system} in order to approve or reject this comment.') % { :system => target.environment.name }
+  end
+
+  def task_finished_message
+    if !closing_statment.blank?
+      _("Your comment to the article \"%{article}\" was approved. Here is the comment left by the admin who approved your comment:\n\n%{comment} ") % {:article => article_name, :comment => closing_statment}
+    else
+      _('Your request for comment the article "%{article}" was approved.') % {:article => article_name}
+    end
+  end
+
+  def task_cancelled_message
+    message = _('Your request for commenting the article "%{article}" was rejected.') % {:article => article_name}
+    if !reject_explanation.blank?
+      message += " " + _("Here is the reject explanation left by the administrator who rejected your comment: \n\n%{reject_explanation}") % {:reject_explanation => reject_explanation}
+    end
+    message
+  end
+
+end
@@ -67,6 +67,7 @@ class Article &lt; ActiveRecord::Base
   settings_items :display_hits, :type => :boolean, :default => true
   settings_items :author_name, :type => :string, :default => ""
   settings_items :allow_members_to_edit, :type => :boolean, :default => false
+  settings_items :moderate_comments, :type => :boolean, :default => false
   settings_items :followers, :type => Array, :default => []
  
   belongs_to :reference_article, :class_name => "Article", :foreign_key => 'reference_article_id'
@@ -329,6 +330,14 @@ class Article &lt; ActiveRecord::Base
     @view_url ||= image? ? url.merge(:view => true) : url
   end
  
+  def comment_url_structure(comment, action = :edit)
+    if comment.new_record?
+      profile.url.merge(:page => path.split("/"), :controller => :comment, :action => :create)
+    else
+      profile.url.merge(:page => path.split("/"), :controller => :comment, :action => action || :edit, :id => comment.id)
+    end
+  end
+
   def allow_children?
     true
   end
@@ -491,6 +500,14 @@ class Article &lt; ActiveRecord::Base
     allow_post_content?(user) || user && allow_members_to_edit && user.is_member_of?(profile)
   end
  
+  def moderate_comments?
+    moderate_comments == true
+  end
+
+  def comments_updated
+    solr_save
+  end
+
   def accept_category?(cat)
     !cat.is_a?(ProductCategory)
   end
@@ -597,7 +614,7 @@ class Article &lt; ActiveRecord::Base
   end
  
   def lead
-    abstract.blank? ? first_paragraph : abstract
+    abstract.blank? ? first_paragraph.html_safe : abstract.html_safe
   end
  
   def short_lead
 class Blog < Folder
  
   acts_as_having_posts
+  include PostsLimit
  
   #FIXME This should be used until there is a migration to fix all blogs that
   # already have folders inside them
@@ -81,4 +82,8 @@ class Blog &lt; Folder
     posts.empty?
   end
  
+  def last_posts(limit=3)
+    posts.where("type != 'RssFeed'").order(:updated_at).limit(limit)
+  end
+
 end
@@ -21,18 +21,22 @@ class BlogArchivesBlock &lt; Block
   end
  
   def visible_posts(person)
-    blog.posts.native_translations.select {|post| post.display_to?(person)}
+    #FIXME Performance issues with display_to. Must convert it to a scope.
+    # Checkout this page for further information: http://noosfero.org/Development/ActionItem2705
+    blog.posts.published.native_translations #.select {|post| post.display_to?(person)}
   end
  
   def content(args={})
     owner_blog = self.blog
     return nil unless owner_blog
     results = ''
-    visible_posts(args[:person]).group_by {|i| i.published_at.year }.sort_by { |year,count| -year }.each do |year, results_by_year|
-      results << content_tag('li', content_tag('strong', "#{year} (#{results_by_year.size})"))
+    posts = visible_posts(args[:person])
+    posts.count(:all, :group => 'EXTRACT(YEAR FROM published_at)').sort_by {|year, count| -year.to_i}.each do |year, count|
+      results << content_tag('li', content_tag('strong', "#{year} (#{count})"))
       results << "<ul class='#{year}-archive'>"
-      results_by_year.group_by{|i| [ ('%02d' % i.published_at.month()), gettext(MONTHS[i.published_at.month() - 1])]}.sort.reverse.each do |month, results_by_month|
-        results << content_tag('li', link_to("#{month[1]} (#{results_by_month.size})", owner_blog.url.merge(:year => year, :month => month[0])))
+      posts.count(:all, :conditions => ['EXTRACT(YEAR FROM published_at)=?', year], :group => 'EXTRACT(MONTH FROM published_at)').sort_by {|month, count| -month.to_i}.each do |month, count|
+        month_name = gettext(MONTHS[month.to_i - 1])
+        results << content_tag('li', link_to("#{month_name} (#{count})", owner_blog.url.merge(:year => year, :month => month)))
       end
       results << "</ul>"
     end
@@ -17,6 +17,7 @@ class Comment &lt; ActiveRecord::Base
   belongs_to :reply_of, :class_name => 'Comment', :foreign_key => 'reply_of_id'
  
   scope :without_spam, :conditions => ['spam IS NULL OR spam = ?', false]
+  scope :without_reply, :conditions => ['reply_of_id IS NULL']
   scope :spam, :conditions => ['spam = ?', true]
  
   # unauthenticated authors:
@@ -34,7 +35,9 @@ class Comment &lt; ActiveRecord::Base
  
   xss_terminate :only => [ :body, :title, :name ], :on => 'validation'
  
-  delegate :environment, :to => :source
+  def comment_root
+    (reply_of && reply_of.comment_root) || self
+  end
  
   def action_tracker_target
     self.article.profile
@@ -150,21 +153,6 @@ class Comment &lt; ActiveRecord::Base
     @replies = comments_list
   end
  
-  def self.as_thread
-    result = {}
-    root = []
-    order(:id).each do |c|
-      c.replies = []
-      result[c.id] ||= c
-      if result[c.reply_of_id]
-        result[c.reply_of_id].replies << c
-      else
-        root << c
-      end
-    end
-    root
-  end
-
   include ApplicationHelper
   def reported_version(options = {})
     comment = self
@@ -248,4 +236,22 @@ class Comment &lt; ActiveRecord::Base
     plugins.dispatch(:comment_marked_as_ham, self)
   end
  
+  def need_moderation?
+    article.moderate_comments? && (author.nil? || article.author != author)
+  end
+
+  def can_be_destroyed_by?(user)
+    return if user.nil?
+    user == author || user == profile || user.has_permission?(:moderate_comments, profile)
+  end
+
+  def can_be_marked_as_spam_by?(user)
+    return if user.nil?
+    user == profile || user.has_permission?(:moderate_comments, profile)
+  end
+
+  def can_be_updated_by?(user)
+    user.present? && user == author
+  end
+
 end
@@ -20,7 +20,8 @@ class EnterpriseHomepage &lt; Article
     enterprise_homepage = self
     lambda do
       extend EnterpriseHomepageHelper
-      @products = profile.products.paginate(:order => 'id asc', :per_page => 9, :page => 1)
+      extend CatalogHelper
+      catalog_load_index :page => 1, :show_categories => false
       render :partial => 'content_viewer/enterprise_homepage', :object => enterprise_homepage
     end
   end
@@ -28,6 +28,7 @@ class Environment &lt; ActiveRecord::Base
     'manage_environment_users' => N_('Manage environment users'),
     'manage_environment_templates' => N_('Manage environment templates'),
     'manage_environment_licenses' => N_('Manage environment licenses'),
+    'manage_environment_trusted_sites' => N_('Manage environment trusted sites')
   }
  
   module Roles
@@ -270,6 +271,13 @@ class Environment &lt; ActiveRecord::Base
  
   settings_items :search_hints, :type => Hash, :default => {}
  
+  # Set to return http forbidden to host not on the allow origin list bellow
+  settings_items :restrict_to_access_control_origins, :default => false
+  # Set this according to http://www.w3.org/TR/cors/. Headers are set at every response
+  # For multiple domains acts as suggested in http://stackoverflow.com/questions/1653308/access-control-allow-origin-multiple-origin-domains
+  settings_items :access_control_allow_origin, :type => Array
+  settings_items :access_control_allow_methods, :type => String
+
   def news_amount_by_folder=(amount)
     settings[:news_amount_by_folder] = amount.to_i
   end
@@ -16,7 +16,6 @@ class Event &lt; Article
     maybe_add_http(self.setting[:link])
   end
  
-  xss_terminate :only => [ :link ], :on => 'validation'
   xss_terminate :only => [ :body, :link, :address ], :with => 'white_list', :on => 'validation'
  
   def initialize(*args)
 class Forum < Folder
  
   acts_as_having_posts :order => 'updated_at DESC'
+  include PostsLimit
  
   def self.type_name
     _('Forum')
@@ -15,6 +15,10 @@ class LayoutTemplate
     @id = id
   end
  
+  def name
+    @config['name']
+  end
+
   def title
     @config['title']
   end
@@ -0,0 +1,21 @@
+module PostsLimit
+  module ClassMethods
+    def posts_per_page_limit
+      15
+    end
+
+    def posts_per_page_options
+      [5, 10, 15]
+    end
+  end
+
+  def self.included(klass)
+    klass.send(:extend, PostsLimit::ClassMethods)
+    klass.class_eval do
+      def posts_per_page_with_limit
+        [self.class.posts_per_page_limit, posts_per_page_without_limit].min
+      end
+      alias_method_chain :posts_per_page, :limit
+    end
+  end
+end
@@ -74,7 +74,7 @@ class Task &lt; ActiveRecord::Base
   end
  
   def self.all_types
-    %w[Invitation EnterpriseActivation AddMember Ticket SuggestArticle  AddFriend CreateCommunity AbuseComplaint ApproveArticle CreateEnterprise ChangePassword EmailActivation InviteFriend InviteMember]
+    %w[Invitation EnterpriseActivation AddMember Ticket SuggestArticle  AddFriend CreateCommunity AbuseComplaint ApproveComment ApproveArticle CreateEnterprise ChangePassword EmailActivation InviteFriend InviteMember]
   end
  
   # this method finished the task. It calls #perform, which must be overriden
@@ -312,7 +312,8 @@ class User &lt; ActiveRecord::Base
       'email_domain' => self.enable_email ? self.email_domain : nil,
       'friends_list' => friends_list,
       'enterprises' => enterprises,
-      'amount_of_friends' => friends_list.count
+      'amount_of_friends' => friends_list.count,
+      'chat_enabled' => person.environment.enabled?('xmpp_chat')
     }
   end
  
@@ -9,6 +9,7 @@
   <tr><td><%= link_to _('Sideboxes'), :controller => 'environment_design'%></td></tr>
   <tr><td><%= link_to _('Homepage'), :action => 'set_portal_community' %></td></tr>
   <tr><td><%= link_to _('Licenses'), :controller =>'licenses' %></td></tr>
+  <tr><td><%= link_to _('Trusted sites'), :controller =>'trusted_sites' %></td></tr>
 </table>
  
 <h2><%= _('Profiles') %></h2>
@@ -3,26 +3,28 @@
  
 <h1><%= _('Products/Services') %></h1>
  
-<%= breadcrumb(@category) if params[:level] %>
-
-<div class='l-sidebar-left-bar'>
-  <ul>
-    <%= content_tag('li', link_to(_('Homepage'), profile.url), :class => 'catalog-categories-link') %>
-    <%= content_tag('li', link_to(_('Catalog start'), profile.catalog_url), :class => 'catalog-categories-link') %>
-    <% if @categories.present? %>
-      <% @categories.each do |category| %>
-        <%= category_link(category) %>
-        <%= category_sub_links(category) %>
+<% if @categories %>
+  <%= breadcrumb(@category) if params[:level] %>
+
+  <div class='l-sidebar-left-bar'>
+    <ul>
+      <%= content_tag('li', link_to(_('Homepage'), profile.url), :class => 'catalog-categories-link') %>
+      <%= content_tag('li', link_to(_('Catalog start'), profile.catalog_url), :class => 'catalog-categories-link') %>
+      <% if @categories.present? %>
+        <% @categories.each do |category| %>
+          <%= category_link(category) %>
+          <%= category_sub_links(category) %>
+        <% end %>
+      <% elsif @category.present? %>
+        <%= content_tag('li', _('There are no sub-categories for %s') % @category.name, :id => 'catalog-categories-notice') %>
+      <% else %>
+        <%= content_tag('li', _('There are no categories available.'), :id => 'catalog-categories-notice') %>
       <% end %>
-    <% elsif @category.present? %>
-      <%= content_tag('li', _('There are no sub-categories for %s') % @category.name, :id => 'catalog-categories-notice') %>
-    <% else %>
-      <%= content_tag('li', _('There are no categories available.'), :id => 'catalog-categories-notice') %>
-    <% end %>
-  </ul>
-</div>
-
-<ul id="product-list" class="l-sidebar-left-content">
+    </ul>
+  </div>
+<% end %>
+
+<ul id="product-list" class="<%="l-sidebar-left-content" if @categories %>">
   <% @products.each do |product| %>
     <% extra_content = @plugins.dispatch(:catalog_item_extras, product).collect { |content| instance_eval(&content) } %>
     <% extra_content_list = @plugins.dispatch(:catalog_list_item_extras, product).collect { |content| instance_eval(&content) } %>
@@ -56,7 +56,7 @@
  
 <%= labelled_form_field(_('How to display posts:'), f.select(:visualization_format, [ [ _('Full post'), 'full'], [ _('First paragraph'), 'short'] ])) %>
  
-<%= labelled_form_field(_('Posts per page:'), f.select(:posts_per_page, [5, 10, 20, 50, 100])) %>
+<%= labelled_form_field(_('Posts per page:'), f.select(:posts_per_page, Blog.posts_per_page_options)) %>
  
 <%= labelled_check_box(_("List only translated posts"), 'article[display_posts_in_current_language]', '1', @article.display_posts_in_current_language?) %>
  
@@ -10,4 +10,4 @@
  
 <%= labelled_form_field(_('Description:'), text_area(:article, :body, :cols => 64, :rows => 10)) %>
  
-<%= labelled_form_field(_('Posts per page:'), f.select(:posts_per_page, [5, 10, 20, 50, 100])) %>
+<%= labelled_form_field(_('Posts per page:'), f.select(:posts_per_page, Forum.posts_per_page_options)) %>
@@ -0,0 +1,85 @@
+<li id="<%= comment.anchor %>" class="article-comment">
+  <div class="article-comment-inner">
+
+  <div class="comment-content comment-logged-<%= comment.author ? 'in' : 'out' %> <%= 'comment-from-owner' if ( comment.author && (profile == comment.author) ) %>">
+
+  <% if comment.author %>
+    <%= link_to image_tag(profile_icon(comment.author, :minor)) +
+                content_tag('span', comment.author_name, :class => 'comment-info'),
+        comment.author.url,
+        :class => 'comment-picture',
+        :title => comment.author_name
+    %>
+  <% else %>
+    <% url_image, status_class = comment.author_id ?
+       [comment.removed_user_image, 'icon-user-removed'] :
+       [str_gravatar_url_for( comment.email, :size => 50, :d=>404 ), 'icon-user-unknown'] %>
+
+    <%= link_to(
+          image_tag(url_image, :onerror=>'gravatarCommentFailback(this)',
+                   'data-gravatar'=>str_gravatar_url_for(comment.email, :size=>50)) +
+          content_tag('span', comment.author_name, :class => 'comment-info') +
+          content_tag('span', comment.message,
+                             :class => 'comment-user-status ' + status_class),
+        gravatar_profile_url(comment.email),
+        :target => '_blank',
+        :class => 'comment-picture',
+        :title => '%s %s' % [comment.author_name, comment.message]
+    )%>
+  <% end %>
+
+  <% comment_balloon do %>
+
+    <div class="comment-details">
+      <div class="comment-header">
+        <ul>
+          <div class="comment-actions">
+            <%= comment_actions(comment) %>
+          </div>
+        </ul>
+      <% unless comment.spam? %>
+        <%= link_to_function '',
+          "var f = add_comment_reply_form(this, %s); f.find('comment_title, textarea').val(''); return false" % comment.id,
+          :class => 'comment-footer comment-footer-link comment-footer-hide comment-actions-reply button',
+          :id => 'comment-reply-to-' + comment.id.to_s,
+          :title => _('Reply')
+        %>
+      <% end %>
+      </div>
+
+      <div class="comment-created-at">
+        <%= show_time(comment.created_at) %>
+      </div>
+      <h4><%= comment.title.blank? && '&nbsp;' || comment.title %></h4>
+      <div class="comment-text">
+        <p/>
+        <%= txt2html comment.body %>
+      </div>
+    </div>
+
+    <div class="comment_reply post_comment_box closed" id="comment_reply_to_<%= comment.id %>">
+      <% if @comment && @comment.errors.any? && @comment.reply_of_id.to_i == comment.id %>
+        <%= error_messages_for :comment %>
+        <script type="text/javascript">
+          jQuery(function() {
+            document.location.href = '#<%= comment.anchor %>';
+            add_comment_reply_form('#comment-reply-to-<%= comment.id %>', <%= comment.id %>);
+          });
+        </script>
+      <% end %>
+    </div>
+
+  <% end %>
+
+  </div>
+
+  <% unless comment.replies.blank? || comment.spam? %>
+  <ul class="comment-replies">
+    <% comment.replies.each do |reply| %>
+      <%= render :partial => 'comment/comment', :locals => { :comment => reply } %>
+    <% end %>
+  </ul>
+  <% end %>
+
+  </div>
+</li>
@@ -0,0 +1,98 @@
+<% edition_mode = (defined? edition_mode) ? edition_mode : false %>
+<div class="<%= edition_mode ? '' : 'page-comment-form' %>">
+
+<% focus_on = logged_in? ? 'title' : 'name' %>
+
+
+<% if !edition_mode && !pass_without_comment_captcha? %>
+  <div id="recaptcha-container" style="display: none">
+    <h3><%= _('Please type the two words below') %></h3>
+    <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %>
+    <% button_bar do %>
+      <%= button_to_function :add, _('Confirm'), "return false", :id => "confirm-captcha" %>
+      <%= button_to_function :cancel, _('Cancel'), "jQuery.colorbox.close()" %>
+    <% end %>
+  </div>
+
+  <script type="text/javascript">
+    jQuery(document).bind('cbox_cleanup', function() {
+      jQuery('#recaptcha-container').hide();
+    });
+  </script>
+<% end %>
+
+<script type="text/javascript">
+function check_captcha(button, confirm_action) {
+  <% if edition_mode %>
+  return true;
+  <% elsif pass_without_comment_captcha? %>
+  button.form.confirm.value = 'true';
+  button.disabled = true;
+  return true;
+  <% else %>
+  jQuery('#recaptcha-container').show();
+  jQuery.colorbox({ inline : true, href : '#recaptcha-container', maxWidth : '600px', maxHeight : '300px' });
+  jQuery('#confirm-captcha').unbind('click');
+  jQuery('#confirm-captcha').bind('click', function() {
+    jQuery.colorbox.close();
+    button.form.recaptcha_response_field.value = jQuery('#recaptcha_response_field').val();
+    button.form.recaptcha_challenge_field.value = jQuery('#recaptcha_challenge_field').val();
+    button.form.confirm.value = 'true';
+    button.disabled = false;
+    confirm_action(button);
+  });
+  return false;
+  <% end %>
+}
+</script>
+
+<% if @comment && @comment.errors.any? %>
+  <%= error_messages_for :comment %>
+<% end %>
+
+<div class="post_comment_box <%= ((defined? show_form) && show_form) ? 'opened' : 'closed' %>">
+
+  <%= link_to(_('Post a comment'), '#', :class => 'display-comment-form') if display_link && @comment.reply_of_id.blank? %>
+<% remote_form_for(:comment, comment, :url => {:profile => profile.identifier, :controller => 'comment', :action => (edition_mode ? 'update' : 'create'), :id => (edition_mode ?  comment.id : @page.id)}, :html => { :class => 'comment_form' } ) do |f| %>
+
+  <%= required_fields_message %>
+
+  <% unless logged_in? %>
+
+    <%= required labelled_form_field(_('Name'), f.text_field(:name)) %>
+    <%= required labelled_form_field(_('e-mail'), f.text_field(:email)) %>
+    <p>
+    <%= _('If you are a registered user, you can login and be automatically recognized.') %>
+    </p>
+
+  <% end %>
+
+  <% if !edition_mode && !pass_without_comment_captcha? %>
+    <%= hidden_field_tag(:recaptcha_response_field, nil, :id => nil) %>
+    <%= hidden_field_tag(:recaptcha_challenge_field, nil, :id => nil) %>
+  <% end %>
+
+  <%= labelled_form_field(_('Title'), f.text_field(:title)) %>
+  <%= required labelled_form_field(_('Enter your comment'), f.text_area(:body, :rows => 5)) %>
+
+  <%= hidden_field_tag(:confirm, 'false') %>
+  <%= hidden_field_tag(:view, params[:view])%>
+  <%= f.hidden_field(:reply_of_id) %>
+
+  <%= @plugins.dispatch(:comment_form_extra_contents, local_assigns).collect { |content| instance_eval(&content) }.join("") %>
+
+  <% button_bar do %>
+    <%= submit_button('add', _('Post comment'), :onclick => "if(check_captcha(this)) { save_comment(this) } else { check_captcha(this, save_comment)};return false;") %>
+    <% if !edition_mode %>
+      <%= button :cancel, _('Cancel'), '', :id => 'cancel-comment' %>
+    <% else %>
+      <%= button :cancel, _('Cancel'), '#', :onclick => "jQuery.colorbox.close();" %>
+    <% end %>
+  <% end %>
+<% end %>
+
+
+</div><!-- end class="post_comment_box" -->
+</div><!-- end class="page-comment-form" -->
+
+<%= javascript_include_tag 'comment_form'%>
@@ -19,7 +19,10 @@
     <%= labelled_form_field _('City and state'), location_fields %>
   <% end %>
   <%= required f.text_field(:subject) %>
-  <%= required f.text_area(:message, :rows => 10, :cols => 60) %>
+
+  <%= render :file => 'shared/tiny_mce' %>
+  <%= required f.text_area(:message, :class => 'mceEditor') %>
+
   <%= labelled_form_field check_box(:contact, :receive_a_copy) + _('I want to receive a copy of the message in my e-mail.'), '' %>
  
   <%= submit_button(:send, _('Send'), :onclick => "$('confirm').value = 'true'") %>
@@ -1,3 +0,0 @@
-<h1><%= _('Edit comment') %></h1>
-
-<%= render :partial => 'comment_form', :locals => {:url => {:action => 'edit_comment', :profile => profile.identifier}, :display_link => false, :cancel_triggers_hide => false} %>
@@ -8,6 +8,12 @@
  
 <%= render :partial => 'confirm_unfollow' %>
  
+<script type="text/javascript">
+    window.ONE_COMMENT = "<%= _('One comment') %>";
+    window.COMMENT_PLURAL = "<%= _('comments') %>";
+    window.NO_COMMENT_YET = "<%= _('No comments yet') %>";
+</script>
+
 <div id="article-toolbar"></div>
  
 <script type="text/javascript">
@@ -60,7 +66,6 @@
   addthis_options = '<%= escape_javascript( NOOSFERO_CONF['addthis_options'] ) %>';
 </script>
 <a href="http://www.addthis.com/bookmark.php" id="bt_addThis" target="_blank" onmouseover="return addthis_open(this, '', '[URL]')" onmouseout="addthis_close()" onclick="return addthis_sendto()"><%= addthis_image_tag %></a>
-<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
 </div>
 <% end %>
  
@@ -85,20 +90,21 @@
  
   <% if @page.accept_comments? || @comments_count > 0 %>
     <h3 <%= 'class="no-comments-yet"' if @comments_count == 0 %>>
-      <%= number_of_comments(@page) %>
+      <%= display_number_of_comments(@comments_count) %>
     </h3>
   <% end %>
  
-  <% if @page.accept_comments? && @comments_count > 1 %>
-    <%= link_to(_('Post a comment'), '#', :class => 'display-comment-form', :id => 'top-post-comment-button') %>
+  <% if @page.accept_comments? && @comments.count > 1 %>
+    <%= link_to(_('Post a comment'), '#', :class => 'display-comment-form', :id => 'top-post-comment-button', :onclick => "jQuery('#page-comment-form .display-comment-form').first().click();") %>
   <% end %>
  
   <ul class="article-comments-list">
-    <%= render :partial => 'comment', :collection => @comments %>
+    <%= render :partial => 'comment/comment', :collection => @comments %>
+    <%= pagination_links @comments, :param_name => 'comment_page' %>
   </ul>
  
   <% if @page.accept_comments? %>
-    <div id="page-comment-form"><%= render :partial => 'comment_form', :locals => {:url => url_for(@page.view_url.merge({:only_path => true})), :display_link => true, :cancel_triggers_hide => true}%></div>
+    <div id='page-comment-form' class='page-comment-form'><%= render :partial => 'comment/comment_form', :locals =>{:comment => Comment.new, :url => {:controller => :comment, :action => :create}, :display_link => true, :cancel_triggers_hide => true}%></div>
   <% end %>
 </div><!-- end class="comments" -->
  
@@ -17,6 +17,10 @@
         content.respond_to?(:call) ? content.call : content
       end.join("\n")
     %>
+
+    <script type='text/javascript'>
+      DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'" %>;
+    </script>
   </head>
   <body class="<%= body_classes %>">
     <a href="#content" id="link-go-content"><span><%= _("Go to the content") %></span></a>
@@ -56,5 +60,6 @@
     </div><!-- end id="theme-footer" -->
     <%= noosfero_layout_features %>
     <%= theme_javascript_ng %>
+    <%= addthis_javascript %>
   </body>
 </html>
@@ -4,7 +4,9 @@
   <%= hidden_field_tag(:content_type, params[:content_type]) %>
   <%= hidden_field_tag(:content_id, params[:content_id]) %>
  
-  <p><%= recaptcha_tags :ajax => true, :display => {:theme => 'clean'} %> </p>
+  <% unless user.is_admin? %>
+    <p><%= recaptcha_tags :ajax => true, :display => {:theme => 'clean'} %> </p>
+  <% end %>
  
   <%= submit_button(:send, _('Report profile'), :style => 'float: left; cursor: pointer;', :id => 'report-abuse-submit-button', :onclick => "jQuery('#form-submit-loading').show()") %>
   <%= button(:cancel, _('Cancel'), {}, :style => 'float: left; padding-top: 0px; padding-bottom: 0px;', :onclick => 'jQuery.colorbox.close(); return false;')%>
@@ -4,11 +4,13 @@
  
 <%= error_messages_for :mailing %>
  
-<%= render :file => 'shared/tiny_mce' %>
-
 <%= form_for :mailing, :url => {:action => 'send_mail'}, :html => {:id => 'mailing-form'} do |f| %>
+
   <%= labelled_form_field(_('Subject:'), f.text_field(:subject)) %>
+
+  <%= render :file => 'shared/tiny_mce' %>
   <%= labelled_form_field(_('Body:'), f.text_area(:body, :class => 'mceEditor')) %>
+
   <%= submit_button(:send, _('Send')) %>
   <%= button :cancel, _('Cancel e-mail'), :back %>
 <% end %>
@@ -7,12 +7,12 @@
     <tr class="search-blog-items">
       <td class="search-field-label"><%= _("Last posts") %></td>
  
-      <% r = blog.children.find(:all, :order => :updated_at, :conditions => ['type != ?', 'RssFeed']).last(3) %>
-      <td class="<%= "search-field-none" if r.empty? %>">
-        <% r.each do |a| %>
-          <%= link_to a.title, a.view_url, :class => 'search-blog-sample-item '+icon_for_article(a) %>
+      <% last_posts = blog.last_posts %>
+      <td class="<%= "search-field-none" if last_posts.empty? %>">
+        <% last_posts.each do |post| %>
+          <%= link_to post.title, post.view_url, :class => 'search-blog-sample-item '+icon_for_article(post) %>
         <% end %>
-        <%= _('None') if r.empty? %>
+        <%= _('None') if last_posts.empty? %>
       </td>
     </tr>
  
@@ -6,6 +6,6 @@
     </div>
   </div>
   <a href='#' id='chat-online-users-title' onclick='return false;'>
-    <div class='header'><i class='icon-chat'></i><span><%= _("Friends in chat <span class='amount_of_friends'>(%{amount})</span>") %></span></div>
+    <div class='header'><i class='icon-chat'></i><span><%= _("Friends in chat (<span class='amount_of_friends'>%{amount}</span>)") %></span></div>
   </a>
 </div>
+<% extend MacrosHelper %>
 <%= javascript_include_tag 'tinymce/jscripts/tiny_mce/tiny_mce.js' %>
+<%= include_macro_js_files %>
 <script type="text/javascript">
-  var myplugins = "searchreplace,print,table,contextmenu";
+  var myplugins = "searchreplace,print,table,contextmenu,-macrosPlugin";
   var first_line, second_line;
   var mode = '<%= mode ||= false %>'
   <% if mode %>
@@ -8,36 +10,80 @@
     second_line = ""
   <% else %>
     first_line = "print,separator,copy,paste,separator,undo,redo,separator,search,replace,separator,forecolor,fontsizeselect,formatselect"
-    second_line = "bold,italic,underline,strikethrough,separator,bullist,numlist,separator,justifyleft,justifycenter,justifyright,justifyfull,separator,link,unlink,image,table,separator,cleanup,code"
+    second_line = "bold,italic,underline,strikethrough,separator,bullist,numlist,separator,justifyleft,justifycenter,justifyright,justifyfull,separator,link,unlink,image,table,separator,cleanup,code,macros"
+    <% macros_with_buttons.each do |macro| %>
+      second_line += ',<%=macro.identifier %>'
+    <% end %>
   <% end %>
  
   if (tinymce.isIE) {
     // the paste plugin is only useful in Internet Explorer
     myplugins = "paste," + myplugins;
   }
+
+tinymce.create('tinymce.plugins.MacrosPlugin', {
+  createControl: function(n, cm) {
+    switch (n) {
+       case 'macros':
+         <% unless macros_in_menu.empty? %>
+           var c = cm.createMenuButton('macros', {
+             title : 'Macros',
+             image : '/designs/icons/tango/Tango/16x16/emblems/emblem-system.png',
+             icons : false
+           });
+
+           <% macros_in_menu.each do |macro| %>
+             c.onRenderMenu.add(function(c, m) {
+               m.add({
+                 title: <%= macro_title(macro).to_json %>,
+                 onclick: <%= generate_macro_config_dialog(macro) %>
+               });
+             });
+           <% end %>
+
+           // Return the new menu button instance
+           return c;
+         <% end %>
+    }
+    return null;
+  }
+});
+
+// Register plugin with a short name
+tinymce.PluginManager.add('macrosPlugin', tinymce.plugins.MacrosPlugin);
+
 tinyMCE.init({
-        mode : "textareas",
-        editor_selector : "mceEditor",
-        theme : "advanced",
-        relative_urls : false,
-        remove_script_host : false,
-        document_base_url : <%= environment.top_url.to_json %>,
-        plugins: myplugins,
-        theme_advanced_toolbar_location : "top",
-        theme_advanced_layout_manager: 'SimpleLayout',
-        theme_advanced_buttons1 : first_line,
-        theme_advanced_buttons2 : second_line,
-        theme_advanced_buttons3 : "",
-        theme_advanced_blockformats :"p,address,pre,h2,h3,h4,h5,h6",
-        paste_auto_cleanup_on_paste : true,
-        paste_insert_word_content_callback : "convertWord",
-        paste_use_dialog: false,
-        apply_source_formatting : true,
-        extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling],embed[title|src|type|height|width]",
-        content_css: '/stylesheets/tinymce.css',
-        language: <%= tinymce_language.inspect %>,
-        entity_encoding: 'raw'
-        });
+  mode : "textareas",
+  editor_selector : "mceEditor",
+  theme : "advanced",
+  relative_urls : false,
+  remove_script_host : false,
+  document_base_url : <%= environment.top_url.to_json %>,
+  plugins: myplugins,
+  theme_advanced_toolbar_location : "top",
+  theme_advanced_layout_manager: 'SimpleLayout',
+  theme_advanced_buttons1 : first_line,
+  theme_advanced_buttons2 : second_line,
+  theme_advanced_buttons3 : "",
+  theme_advanced_blockformats :"p,address,pre,h2,h3,h4,h5,h6",
+  paste_auto_cleanup_on_paste : true,
+  paste_insert_word_content_callback : "convertWord",
+  paste_use_dialog: false,
+  apply_source_formatting : true,
+  extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling],embed[title|src|type|height|width]",
+  content_css: '/stylesheets/tinymce.css,<%= macro_css_files %>',
+  language: <%= tinymce_language.inspect %>,
+  entity_encoding: 'raw',
+  setup : function(ed) {
+    <% macros_with_buttons.each do |macro| %>
+           ed.addButton('<%= macro.identifier %>', {
+               title: <%= macro_title(macro).to_json %>,
+               onclick: <%= generate_macro_config_dialog(macro) %>,
+               image : '<%= macro.configuration[:icon_path]%>'
+             });
+    <% end %>
+  }
+});
  
 function convertWord(type, content) {
   switch (type) {
@@ -8,7 +8,7 @@
 <div id='article'>
   <div class="comments" id="comments_list">
     <ul class="article-comments-list">
-      <%= render :partial => 'content_viewer/comment', :collection => @spam %>
+      <%= render :partial => 'comment/comment', :collection => @spam %>
     </ul>
   </div>
 </div>
@@ -0,0 +1,7 @@
+<p>
+  <b><%= _('Title: ') %></b>
+  <%= task.comment.title %>
+</p>
+<p>
+  <%= task.comment.body %>
+</p>
@@ -12,7 +12,7 @@
           "/designs/templates/#{template.id}/thumbnail.png",
           :alt => _('The "%s" template')) +
         '<div class="opt-info">'.html_safe +
-        content_tag('strong', template.id, :class => 'name') +
+        content_tag('strong', template.name, :class => 'name') +
         ' <br/> '.html_safe
  
         if @current_template == template.id  # selected
@@ -0,0 +1,15 @@
+<h2> <%= _("Editing trusted site") %> </h2>
+
+<% form_tag :action => :update do %>
+
+  <%= text_field_tag :site, @site %>
+  <%= hidden_field_tag :orig_site, @site %>
+
+  <% button_bar do %>
+    <%= submit_button('save', _('Save changes'), :cancel => {:action => 'index'} ) %>
+  <% end %>
+<% end %>
+
+<script>
+  jQuery(function() { jQuery('input#site').focus(); } );
+</script>
@@ -0,0 +1,28 @@
+<h1><%= _('Manage trusted sites') %></h1>
+
+<p>
+<%=  _('Here you can manage the list of trusted sites of your environment. A trusted site is a site that you consider safe enough to incorporate their content through <em>iframes</em>.') %>
+</p>
+
+<table>
+  <tr>
+    <th><%= _('Site') %></th>
+    <th><%= _('Actions') %></th>
+  </tr>
+  <% @sites.each do |site| %>
+    <tr>
+      <td>
+        <%= link_to site, :action => 'show', :site => site %>
+      </td>
+      <td style='white-space: nowrap;'>
+        <%= button_without_text :edit, _('Edit'), :action => 'edit', :site => site %>
+        <%= button_without_text :remove,  _('Remove'), {:action => :destroy, :site => site}, :method => :delete, :confirm => _('Are you sure you want to remove this site from the list of trusted sites?') %>
+      </td>
+    </tr>
+  <% end %>
+</table>
+
+<% button_bar do %>
+  <%= button :add, _('Add a trusted site'), :action => 'new' %>
+  <%= button :back, _('Back to admin panel'), :controller => 'admin_panel' %>
+<% end %>
@@ -0,0 +1,14 @@
+<h2> <%= _("Add a new trusted site") %> </h2>
+
+<% form_tag :action => :create do %>
+
+  <%= text_field_tag :site, @site %>
+
+  <% button_bar do %>
+    <%= submit_button('save', _('Add trusted site'), :cancel => {:action => 'index'} ) %>
+  <% end %>
+<% end %>
+
+<script>
+  jQuery(function() { jQuery('input#site').focus(); } );
+</script>
@@ -76,6 +76,9 @@ Noosfero::Application.routes.draw do
   # profile search
   match 'profile/:profile/search', :controller => 'profile_search', :action => 'index', :profile => /#{Noosfero.identifier_format}/
  
+  # comments
+  map.comment 'profile/:profile/comment/:action/:id', :controller => 'comment', :profile => /#{Noosfero.identifier_format}/
+
   # public profile information
   match 'profile/:profile(/:action(/:id))', :controller => 'profile', :action => 'index', :id => /[^\/]*/, :profile => /#{Noosfero.identifier_format}/
  
@@ -121,8 +124,6 @@ Noosfero::Application.routes.draw do
   # cache stuff - hack
   match 'public/:action/:id', :controller => 'public'
  
-  match ':profile/edit_comment/:id/*page', :controller => 'content_viewer', :action => 'edit_comment', :profile => /#{Noosfero.identifier_format}/
-
   # match requests for profiles that don't have a custom domain
   match ':profile(/*page)', :controller => 'content_viewer', :action => 'view_page', :profile => /#{Noosfero.identifier_format}/, :constraints => EnvironmentDomainConstraint.new
  
@@ -0,0 +1,9 @@
+class ChangeArticlePublishedAtFromDateToDatetime < ActiveRecord::Migration
+  def self.up
+    change_column :articles, :published_at, :datetime
+  end
+
+  def self.down
+    change_column :articles, :published_at, :date
+  end
+end
@@ -0,0 +1,9 @@
+class ChangeArticleVersionsPublishedAtFromDateToDatetime < ActiveRecord::Migration
+  def self.up
+    change_column :article_versions, :published_at, :datetime
+  end
+
+  def self.down
+    change_column :article_versions, :published_at, :date
+  end
+end
@@ -0,0 +1,17 @@
+class AddManageEnvironmentTrustedSitesToAdminRole < ActiveRecord::Migration
+  def self.up
+    Environment.all.map(&:id).each do |id|
+      role = Environment::Roles.admin(id)
+      role.permissions << 'manage_environment_trusted_sites'
+      role.save!
+    end
+  end
+
+  def self.down
+    Environment.all.map(&:id).each do |id|
+      role = Environment::Roles.admin(id)
+      role.permissions -= ['manage_environment_trusted_sites']
+      role.save!
+    end
+  end
+end
@@ -9,7 +9,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
  
-ActiveRecord::Schema.define(:version => 20130429214630) do
+ActiveRecord::Schema.define(:version => 20130606110602) do
  
   create_table "abuse_reports", :force => true do |t|
     t.integer  "reporter_id"
@@ -76,7 +76,7 @@ ActiveRecord::Schema.define(:version =&gt; 20130429214630) do
     t.text     "setting"
     t.boolean  "notify_comments",      :default => false
     t.integer  "hits",                 :default => 0
-    t.date     "published_at"
+    t.datetime "published_at"
     t.string   "source"
     t.boolean  "highlighted",          :default => false
     t.string   "external_link"
@@ -119,7 +119,7 @@ ActiveRecord::Schema.define(:version =&gt; 20130429214630) do
     t.text     "setting"
     t.boolean  "notify_comments",      :default => true
     t.integer  "hits",                 :default => 0
-    t.date     "published_at"
+    t.datetime "published_at"
     t.string   "source"
     t.boolean  "highlighted",          :default => false
     t.string   "external_link"
@@ -221,6 +221,7 @@ ActiveRecord::Schema.define(:version =&gt; 20130429214630) do
     t.string   "source_type"
     t.string   "user_agent"
     t.string   "referrer"
+    t.integer  "group_id"
   end
  
   add_index "comments", ["source_id", "spam"], :name => "index_comments_on_source_id_and_spam"
@@ -264,11 +265,11 @@ ActiveRecord::Schema.define(:version =&gt; 20130429214630) do
     t.text     "design_data"
     t.text     "custom_header"
     t.text     "custom_footer"
-    t.string   "theme",                        :default => "default", :null => false
+    t.string   "theme",                        :default => "default",           :null => false
     t.text     "terms_of_use_acceptance_text"
     t.datetime "created_at"
     t.datetime "updated_at"
-    t.integer  "reports_lower_bound",          :default => 0,         :null => false
+    t.integer  "reports_lower_bound",          :default => 0,                   :null => false
     t.string   "redirection_after_login",      :default => "keep_on_same_page"
     t.text     "signup_welcome_text"
     t.string   "languages"
@@ -428,7 +429,7 @@ ActiveRecord::Schema.define(:version =&gt; 20130429214630) do
     t.string   "type"
     t.string   "identifier"
     t.integer  "environment_id"
-    t.boolean  "active",                             :default => true
+    t.boolean  "active",                                :default => true
     t.string   "address"
     t.string   "contact_phone"
     t.integer  "home_page_id"
@@ -439,21 +440,21 @@ ActiveRecord::Schema.define(:version =&gt; 20130429214630) do
     t.float    "lat"
     t.float    "lng"
     t.integer  "geocode_precision"
-    t.boolean  "enabled",                            :default => true
-    t.string   "nickname",             :limit => 16
+    t.boolean  "enabled",                               :default => true
+    t.string   "nickname",                :limit => 16
     t.text     "custom_header"
     t.text     "custom_footer"
     t.string   "theme"
-    t.boolean  "public_profile",                     :default => true
+    t.boolean  "public_profile",                        :default => true
     t.date     "birth_date"
     t.integer  "preferred_domain_id"
     t.datetime "updated_at"
-    t.boolean  "visible",                            :default => true
+    t.boolean  "visible",                               :default => true
     t.integer  "image_id"
-    t.boolean  "validated",                          :default => true
+    t.boolean  "validated",                             :default => true
     t.string   "cnpj"
     t.string   "national_region_code"
-    t.boolean  "is_template",                        :default => false
+    t.boolean  "is_template",                           :default => false
     t.integer  "template_id"
     t.string   "redirection_after_login"
   end
+noosfero (0.44.0) unstable; urgency=low
+
+  * New features release
+
+ -- Rodrigo Souto <rodrigo@colivre.coop.br>  Wed, 17 Jul 2013 02:19:44 -0300
+
+noosfero (0.43.1) unstable; urgency=low
+
+  * Bugfix release
+
+ -- Rodrigo Souto <rodrigo@colivre.coop.br>  Wed, 17 Jul 2013 01:20:46 -0300
+
+noosfero (0.43.0) unstable; urgency=low
+
+  * Solr search converted to a plugin
+
+ -- Rodrigo Souto <rodrigo@ravioli>  Tue, 18 Jun 2013 11:14:56 -0300
+
 noosfero (0.43.0~rc20130529152434) squeeze-test; urgency=low
  
   * RC of 0.43.0 with solr as a plugin
@@ -10,7 +10,6 @@ Build-Depends:
  ruby-sqlite3,
  rake,
  rails3 (>= 3.2.6-1~),
- openjdk-6-jre,
  ruby-will-paginate,
  tango-icon-theme,
  rcov
@@ -0,0 +1,21 @@
+#!/usr/bin/ruby
+
+require 'yaml'
+
+DBCONFIG = ARGV.first || '/etc/database/database.yml'
+
+$dbconfig = {}
+
+checks = [
+  lambda { File.exists?(DBCONFIG) },
+  lambda { $dbconfig = YAML.load_file(DBCONFIG) },
+  lambda { $dbconfig['production'] },
+  lambda { $dbconfig['production']['adapter'] },
+  lambda { $dbconfig['production']['database'] },
+]
+
+if checks.all?(&:call)
+  exit 0
+else
+  exit 1
+end
@@ -38,3 +38,4 @@ locale                            usr/share/noosfero
 doc/noosfero                      usr/share/noosfero/doc
  
 debian/noosfero-console           usr/sbin
+debian/noosfero-check-dbconfig    usr/sbin
@@ -44,6 +44,13 @@ if [ -z &quot;$NOOSFERO_DIR&quot; ] || [ -z &quot;$NOOSFERO_USER&quot; ]; then
   exit 0
 fi
  
+if test -x /usr/sbin/noosfero-check-dbconfig ; then
+  if ! noosfero-check-dbconfig; then
+    echo "Noosfero database access not configured, service disabled."
+    exit 0
+  fi
+fi
+
 ######################
  
 main_script() {
@@ -17,14 +17,6 @@ Feature: comment
     And feature "captcha_for_logged_users" is disabled on environment
     And I am logged in as "booking"
  
-  Scenario: not post a comment without javascript
-    Given I am on /booking/article-to-comment
-    And I follow "Post a comment"
-    And I fill in "Title" with "Hey ho, let's go!"
-    And I fill in "Enter your comment" with "Hey ho, let's go!"
-    When I press "Post comment"
-    Then I should not see "Hey ho, let's go"
-
   # This test requires some way to overcome the captcha with unauthenticated
   # user.
   @selenium-fixme
@@ -79,14 +71,14 @@ Feature: comment
  
   @selenium
   Scenario: render comment form and go to bottom
-    Given I am on /booking/article-with-comment
+    Given I am on /booking/article-to-comment
     When I follow "Post a comment"
     Then I should see "Enter your comment"
-    And I should be on /booking/article-with-comment
+    And I should be on /booking/article-to-comment
  
   @selenium
   Scenario: keep comments field filled while trying to do a comment
-    Given I am on /booking/article-with-comment
+    Given I am on /booking/article-to-comment
     And I follow "Post a comment"
     And I fill in "Title" with "Joey Ramone"
     When I press "Post comment"
@@ -15,15 +15,9 @@ Feature: comment
       | article to comment | booking | root comment | this comment is not a reply |
       | another article    | booking | some comment | this is my very own comment |
  
-  Scenario: not post a comment without javascript
-    Given I am on /booking/article-to-comment
-    When I follow "Reply" within ".comment-balloon"
-    Then I should not see "Enter your comment" within "div.comment-balloon"
-
   Scenario: not show any reply form by default
     When I go to /booking/article-to-comment
     Then I should not see "Enter your comment" within "div.comment-balloon"
-    And I should see "Reply" within "div.comment-balloon"
  
   @selenium-fixme
   Scenario: show error messages when make a blank comment reply
@@ -35,18 +29,13 @@ Feature: comment
     And I should see "Body can't be blank" within "div.comment_reply"
  
   @selenium
-  Scenario: not show any reply form by default
-    When I go to /booking/article-to-comment
-    Then I should not see "Enter your comment" within "div.comment-balloon"
-    And I should see "Reply" within "div.comment-balloon"
-
-  @selenium
   Scenario: render reply form
     Given I am on /booking/article-to-comment
     When I follow "Reply" within ".comment-balloon"
     Then I should see "Enter your comment" within "div.comment_reply.opened"
  
-  @selenium
+  # The text is hidden but the detector gets it anyway
+  @selenium-fixme
   Scenario: cancel comment reply
     Given I am on /booking/article-to-comment
     When I follow "Reply" within ".comment-balloon"
@@ -39,7 +39,7 @@ Feature: search
       | login      | name        |
       | joaosilva  | Joao Silva  |
     And the following articles
-      | owner     | name                 |
+      | owner     | name       |
       | joaosilva | article #1 |
       | joaosilva | article #2 |
       | joaosilva | article #3 |
@@ -52,8 +52,6 @@ Feature: search
     When I go to the search page
     And I fill in "search-input" with "article"
     And I press "Search"
-    Then I should see "article #8" within ".search-results-articles"
-    And I should not see "article #9" within ".search-results-articles"
     And I should see "see all (9)"
     When I follow "see all (9)"
     Then I should be on the search articles page
@@ -29,7 +29,7 @@ module ActsAsHavingBoxes
   # returns 3 unless the class table has a boxes_limit column. In that case
   # return the value of the column. 
   def boxes_limit
-    LayoutTemplate.find(layout_template).number_of_boxes || 3
+    @boxes_limit ||= LayoutTemplate.find(layout_template).number_of_boxes || 3
   end
  
 end
@@ -4,7 +4,7 @@ require &#39;fast_gettext&#39;
  
 module Noosfero
   PROJECT = 'noosfero'
-  VERSION = '0.43.0~rc20130529152434'
+  VERSION = '0.44.0'
  
   def self.pattern_for_controllers_in_directory(dir)
     disjunction = controllers_in_directory(dir).join('|')
@@ -4,6 +4,10 @@ class Noosfero::Plugin
  
   attr_accessor :context
  
+  def initialize(context=nil)
+    self.context = context
+  end
+
   class << self
  
     attr_writer :should_load
@@ -151,6 +155,12 @@ class Noosfero::Plugin
     blocks || []
   end
  
+  def macros
+    self.class.constants.map do |constant_name|
+      self.class.const_get(constant_name)
+    end.select {|klass| klass < Noosfero::Plugin::Macro}
+  end
+
   # Here the developer may specify the events to which the plugins can
   # register and must return true or false. The default value must be false.
  
@@ -253,8 +263,8 @@ class Noosfero::Plugin
  
   # -> Parse and possibly make changes of content (article, block, etc) during HTML rendering
   # returns = content as string after parser and changes
-  def parse_content(raw_content)
-    raw_content
+  def parse_content(html, source)
+    [html, source]
   end
  
   # -> Adds links to the admin panel
@@ -290,6 +300,18 @@ class Noosfero::Plugin
   def filter_comment(comment)
   end
  
+  # Define custom logic to filter loaded comments.
+  #
+  # Example:
+  #
+  #   def unavailable_comments(scope)
+  #     scope.without_spams
+  #   end
+  #
+  def unavailable_comments(scope)
+    scope
+  end
+
   # This method is called by the CommentHandler background job before sending
   # the notification email. If the comment is marked as spam (i.e. by calling
   # <tt>comment.spam!</tt>), then the notification email will *not* be sent.
@@ -331,6 +353,30 @@ class Noosfero::Plugin
   def comment_marked_as_ham(comment)
   end
  
+  # Adds extra actions for comments
+  # returns = list of hashes or lambda block that creates a list of hashes
+  # example:
+  #
+  #   def comment_actions(comment)
+  #     [{:link => link_to_function(...)}]
+  #   end
+  #
+  def comment_actions(comment)
+    nil
+  end
+
+  # This method is called when the user click on comment actions menu.
+  # returns = list or lambda block that return ids of enabled menu items for comments
+  # example:
+  #
+  #   def check_comment_actions(comment)
+  #     ['#action1', '#action2']
+  #   end
+  #
+  def check_comment_actions(comment)
+    []
+  end
+
   # -> Adds fields to the signup form
   # returns = lambda block that creates html code
   def signup_extra_contents
@@ -405,6 +451,12 @@ class Noosfero::Plugin
     nil
   end
  
+  # -> Adds adicional content to comment form
+  # returns = lambda block that creates html code
+  def comment_form_extra_contents(args)
+    nil
+  end
+
   # -> Finds objects by their contents
   # returns = {:results => [a, b, c, ...], ...}
   # P.S.: The plugin might add other informations on the return hash for its
@@ -0,0 +1,63 @@
+class Noosfero::Plugin::Macro
+
+  attr_accessor :context
+
+  class << self
+    # Options
+    #
+    # [:icon_path]  Determines the path to icon to be used in the button on
+    #               tinymce
+    # [:title]      Former name of the macro
+    # [:skip_dialog]  Skip configuration dialog on tinymce
+    # [:js_files]     Javascripts that should be included on tinymce
+    # [:css_files     Css files that should be included on tinymce
+    # [:generator]    Javascript code that will be loaded when the macro button
+    #                 is clicked on tinymce
+    # [:params]       Hash of macro fields that the user might configure
+    #
+    def configuration
+      {}
+    end
+
+    def plugin
+      name.split('::')[0...-1].join('::').constantize
+    end
+
+    def identifier
+      name.underscore
+    end
+  end
+
+  def initialize(context=nil)
+    self.context = context
+  end
+
+  def attributes(macro)
+    macro.attributes.to_hash.
+      select {|key, value| key[0..10] == 'data-macro-'}.
+      inject({}){|result, a| result.merge({a[0][11..-1] => a[1]})}.
+      with_indifferent_access
+  end
+
+  def convert(macro, source)
+    macro_name = macro['data-macro']
+    attrs = attributes(macro)
+
+    begin
+      content = parse(attrs, macro.inner_html, source)
+      macro['class'] = "parsed-macro #{macro_name}"
+    rescue Exception => exception
+      content = _("Unsupported macro %s!") % macro_name
+      macro['class'] = "failed-macro #{macro_name}"
+    end
+
+    attrs.each {|key, value| macro.remove_attribute("data-macro-#{key}")}
+    content
+  end
+
+  # This is the method the macros should override
+  def parse(attrs, inner_html, source)
+    raise
+  end
+
+end
@@ -23,7 +23,7 @@ class Noosfero::Plugin::Manager
     dispatch_without_flatten(event, *args).flatten
   end
  
-  def dispatch_plugins(event, *args)
+  def fetch_plugins(event, *args)
     map { |plugin| plugin.class if plugin.send(event, *args) }.compact.flatten
   end
  
@@ -33,7 +33,7 @@ class Noosfero::Plugin::Manager
  
   alias :dispatch_scopes :dispatch_without_flatten
  
-  def first(event, *args)
+  def dispatch_first(event, *args)
     result = nil
     each do |plugin|
       result = plugin.send(event, *args)
@@ -42,7 +42,7 @@ class Noosfero::Plugin::Manager
     result
   end
  
-  def first_plugin(event, *args)
+  def fetch_first_plugin(event, *args)
     result = nil
     each do |plugin|
       if plugin.send(event, *args)
@@ -53,11 +53,38 @@ class Noosfero::Plugin::Manager
     result
   end
  
+  def pipeline(event, *args)
+    each do |plugin|
+      result = plugin.send(event, *args)
+      result = result.kind_of?(Array) ? result : [result]
+      raise ArgumentError, "Pipeline broken by #{plugin.class.name} on #{event} with #{result.length} arguments instead of #{args.length}." if result.length != args.length
+      args = result
+    end
+    args.length < 2 ? args.first : args
+  end
+
+  def filter(property, data)
+    inject(data) {|data, plugin| data = plugin.send(property, data)}
+  end
+
+  def parse_macro(macro_name, macro, source = nil)
+    macro_instance = enabled_macros[macro_name] || default_macro
+    macro_instance.convert(macro, source)
+  end
+
   def enabled_plugins
     @enabled_plugins ||= (Noosfero::Plugin.all & environment.enabled_plugins).map do |plugin|
-      p = plugin.constantize.new
-      p.context = context
-      p
+      plugin.constantize.new(context)
+    end
+  end
+
+  def default_macro
+    @default_macro ||= Noosfero::Plugin::Macro.new(context)
+  end
+
+  def enabled_macros
+    @enabled_macros ||= dispatch(:macros).inject({}) do |memo, macro|
+      memo.merge!(macro.identifier => macro.new(context))
     end
   end
  
@@ -0,0 +1,16 @@
+class CommentGroupPluginProfileController < ProfileController
+  append_view_path File.join(File.dirname(__FILE__) + '/../views')
+
+  def view_comments
+    article_id = params[:article_id]
+    group_id = params[:group_id]
+
+    article = profile.articles.find(article_id)
+    comments = article.group_comments.without_spam.in_group(group_id)
+    render :update do |page|
+      page.replace_html "comments_list_group_#{group_id}", :partial => 'comment/comment.rhtml', :collection => comments
+      page.replace_html "comment-count-#{group_id}", comments.count
+    end
+  end
+
+end
@@ -0,0 +1,8 @@
+class CommentGroupPluginPublicController < PublicController
+  append_view_path File.join(File.dirname(__FILE__) + '/../views')
+
+  def comment_group
+    render :json => { :group_id => Comment.find(params[:id]).group_id }
+  end
+
+end
@@ -0,0 +1,9 @@
+class AddGroupIdToComment < ActiveRecord::Migration
+  def self.up
+    add_column :comments, :group_id, :integer
+  end
+
+  def self.down
+    remove_column :comments, :group_id
+  end
+end
@@ -0,0 +1,32 @@
+require_dependency 'comment_group_plugin/ext/article'
+require_dependency 'comment_group_plugin/ext/comment'
+
+class CommentGroupPlugin < Noosfero::Plugin
+
+  def self.plugin_name
+    "Comment Group"
+  end
+
+  def self.plugin_description
+    _("A plugin that display comment groups.")
+  end
+
+  def unavailable_comments(scope)
+    scope.without_group
+  end
+
+  def comment_form_extra_contents(args)
+    comment = args[:comment]
+    group_id = comment.group_id || args[:group_id]
+    lambda {
+      hidden_field_tag('comment[group_id]', group_id) if group_id
+    }
+  end
+
+  def js_files
+    'comment_group_macro.js'
+  end
+
+end
+
+require_dependency 'comment_group_plugin/macros/allow_comment'
@@ -0,0 +1,21 @@
+require_dependency 'article'
+
+class Article
+
+  #FIXME make this test
+  has_many :group_comments, :class_name => 'Comment', :foreign_key => 'source_id', :dependent => :destroy, :order => 'created_at asc', :conditions => [ 'group_id IS NOT NULL']
+
+  #FIXME make this test
+  validate :not_empty_group_comments_removed
+
+  #FIXME make this test
+  def not_empty_group_comments_removed
+    if body
+      groups_with_comments = group_comments.collect {|comment| comment.group_id}.uniq
+      groups = Hpricot(body.to_s).search('.macro').collect{|element| element['data-macro-group_id'].to_i}
+      errors.add_to_base(N_('Not empty group comment cannot be removed')) unless (groups_with_comments-groups).empty?
+    end
+  end
+
+end
+
@@ -0,0 +1,12 @@
+require_dependency 'comment'
+
+class Comment
+
+  named_scope :without_group, :conditions => {:group_id => nil }
+
+  named_scope :in_group, lambda { |group_id| {
+      :conditions => ['group_id = ?', group_id]
+    }
+  }
+
+end
@@ -0,0 +1,22 @@
+#FIXME See a better way to generalize this parameter.
+ActionView::Base.sanitized_allowed_attributes += ['data-macro', 'data-macro-group_id']
+
+class CommentGroupPlugin::AllowComment < Noosfero::Plugin::Macro
+  def self.configuration
+    { :params => [],
+      :skip_dialog => true,
+      :generator => 'makeCommentable();',
+      :js_files => 'comment_group.js',
+      :icon_path => '/designs/icons/tango/Tango/16x16/emblems/emblem-system.png',
+      :css_files => 'comment_group.css' }
+  end
+
+  #FIXME Make this test
+  def parse(params, inner_html, source)
+    group_id = params[:group_id].to_i
+    article = source
+    count = article.group_comments.without_spam.in_group(group_id).count
+
+    lambda {render :partial => 'plugins/comment_group/views/comment_group.rhtml', :locals => {:group_id => group_id, :article_id => article.id, :inner_html => inner_html, :count => count, :profile_identifier => article.profile.identifier }}
+  end
+end
@@ -0,0 +1,6 @@
+div.article_comments {
+  background-color:#dddddd;
+  border-style: solid;
+  border-color:#bbbbbb;
+  border-width:2px;
+}
@@ -0,0 +1,47 @@
+function getNextGroupId() {
+  max = -1;
+  groups = jQuery('#article_body_ifr').contents().find('.article_comments');
+  groups.each(function(key, value) {
+    value = jQuery(value).attr('data-macro-group_id');
+    if(value>max) max = parseInt(value);
+  });
+  return max+1;
+}
+
+function makeCommentable() {
+  tinyMCE.activeEditor.focus();
+  start = jQuery(tinyMCE.activeEditor.selection.getStart()).closest('p');
+  end = jQuery(tinyMCE.activeEditor.selection.getEnd()).closest('p');
+
+  //text = start.parent().children();
+  text = jQuery('#article_body_ifr').contents().find('*');
+  selection = text.slice(text.index(start), text.index(end)+1);
+
+  hasTag = false;
+  selection.each(function(key, value) {
+    commentTag = jQuery(value).closest('.article_comments');
+    if(commentTag.length) {
+      commentTag.children().unwrap('<div class=\"article_comments\"/>');
+      hasTag = true;
+    }
+  });
+
+  if(!hasTag) {
+    tags = start.siblings().add(start);
+    tags = tags.slice(tags.index(start), tags.index(end)>=0?tags.index(end)+1:tags.index(start)+1);
+    tags.wrapAll('<div class=\"macro article_comments\" data-macro=\"comment_group_plugin/allow_comment\" data-macro-group_id=\"'+getNextGroupId()+'\"/>');
+
+    contents = jQuery('#article_body_ifr').contents();
+    lastP = contents.find('p.article_comments_last_paragraph');
+    if(lastP.text().trim().length > 0) {
+      lastP.removeClass('article_comments_last_paragraph');
+    } else {
+      lastP.remove();
+    }
+    lastDiv = contents.find('div.article_comments').last();
+    if(lastDiv.next().length==0) {
+      lastDiv.after("<p class='article_comments_last_paragraph'>&nbsp;</p>");
+    }
+  }
+}
+
@@ -0,0 +1,39 @@
+var comment_group_anchor;
+jQuery(document).ready(function($) {
+  var anchor = window.location.hash;
+  if(anchor.length==0) return;
+
+  var val = anchor.split('-'); //anchor format = #comment-\d+
+  if(val.length!=2 || val[0]!='#comment') return;
+  if($('div[data-macro=comment_group_plugin/allow_comment]').length==0) return; //comment_group_plugin/allow_comment div must exists
+  var comment_id = val[1];
+  if(!/^\d+$/.test(comment_id)) return; //test for integer
+
+  comment_group_anchor = anchor;
+  var url = '/plugin/comment_group/public/comment_group/'+comment_id;
+  $.getJSON(url, function(data) {
+    if(data.group_id!=null) {
+      var button = $('div.comment_group_'+ data.group_id + ' a');
+      button.click();
+      $.scrollTo(button);
+    }
+  });
+});
+
+function toggleGroup(group) {
+  var div = jQuery('div.comments_list_toggle_group_'+group);
+  var visible = div.is(':visible');
+  if(!visible)
+    jQuery('div.comment-group-loading-'+group).addClass('comment-button-loading');
+
+  div.toggle('fast');
+  return visible;
+}
+
+function loadCompleted(group) {
+  jQuery('div.comment-group-loading-'+group).removeClass('comment-button-loading')
+  if(comment_group_anchor) {
+    jQuery.scrollTo(jQuery(comment_group_anchor));
+    comment_group_anchor = null;
+  }
+}
@@ -0,0 +1,38 @@
+require File.dirname(__FILE__) + '/../../../../test/test_helper'
+require File.dirname(__FILE__) + '/../../controllers/profile/comment_group_plugin_profile_controller'
+
+# Re-raise errors caught by the controller.
+class CommentGroupPluginProfileController; def rescue_action(e) raise e end; end
+
+class CommentGroupPluginProfileControllerTest < ActionController::TestCase
+
+  def setup
+    @controller = CommentGroupPluginProfileController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+
+    @profile = create_user('testuser').person
+    @article = profile.articles.build(:name => 'test')
+    @article.save!
+  end
+  attr_reader :article
+  attr_reader :profile
+
+  should 'be able to show group comments' do
+    comment = fast_create(Comment, :source_id => article, :author_id => profile, :title => 'a comment', :body => 'lalala', :group_id => 0)
+    xhr :get, :view_comments, :profile => @profile.identifier, :article_id => article.id, :group_id => 0
+    assert_template 'comment/_comment.rhtml'
+    assert_match /comments_list_group_0/, @response.body
+    assert_match /\"comment-count-0\", \"1\"/, @response.body
+  end
+
+  should 'do not show global comments' do
+    comment = fast_create(Comment, :source_id => article, :author_id => profile, :title => 'global comment', :body => 'global', :group_id => nil)
+    comment = fast_create(Comment, :source_id => article, :author_id => profile, :title => 'a comment', :body => 'lalala', :group_id => 0)
+    xhr :get, :view_comments, :profile => @profile.identifier, :article_id => article.id, :group_id => 0
+    assert_template 'comment/_comment.rhtml'
+    assert_match /comments_list_group_0/, @response.body
+    assert_match /\"comment-count-0\", \"1\"/, @response.body
+  end
+
+end
@@ -0,0 +1,33 @@
+require File.dirname(__FILE__) + '/../../../../test/test_helper'
+require File.dirname(__FILE__) + '/../../controllers/public/comment_group_plugin_public_controller'
+
+# Re-raise errors caught by the controller.
+class CommentGroupPluginPublicController; def rescue_action(e) raise e end; end
+
+class CommentGroupPluginPublicControllerTest < ActionController::TestCase
+
+  def setup
+    @controller = CommentGroupPluginPublicController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+
+    @profile = create_user('testuser').person
+    @article = profile.articles.build(:name => 'test')
+    @article.save!
+  end
+  attr_reader :article
+  attr_reader :profile
+
+  should 'be able to return group_id for a comment' do
+    comment = fast_create(Comment, :source_id => article, :author_id => profile, :title => 'a comment', :body => 'lalala', :group_id => 0)
+    xhr :get, :comment_group, :id => comment.id
+    assert_match /\{\"group_id\":0\}/, @response.body
+  end
+
+  should 'return group_id=null for a global comment' do
+    comment = fast_create(Comment, :source_id => article, :author_id => profile, :title => 'a comment', :body => 'lalala' )
+    xhr :get, :comment_group, :id => comment.id
+    assert_match /\{\"group_id\":null\}/, @response.body
+  end
+
+end
@@ -0,0 +1,24 @@
+require File.dirname(__FILE__) + '/../../../../test/test_helper'
+
+class CommentGroupPluginTest < ActiveSupport::TestCase
+
+  include Noosfero::Plugin::HotSpot
+
+  def setup
+    @environment = Environment.default
+  end
+
+  attr_reader :environment
+
+  should 'filter_comments returns all the comments wihout group of an article passed as parameter' do
+    article = fast_create(Article)
+    c1 = fast_create(Comment, :source_id => article.id, :group_id => 1)
+    c2 = fast_create(Comment, :source_id => article.id)
+    c3 = fast_create(Comment, :source_id => article.id)
+
+    plugin = CommentGroupPlugin.new
+    assert_equal [], [c2, c3] - plugin.filter_comments(article.comments)
+    assert_equal [], plugin.filter_comments(article.comments) - [c2, c3]
+  end
+
+end
@@ -0,0 +1,26 @@
+<div class="comments">
+  <div class="comment_group_<%= group_id %>" style="float: left">
+    <div style="float: left">
+    <%= link_to_remote(image_tag("/plugins/comment_group/images/comments.gif"),
+        :url => { :profile => profile_identifier, :controller => 'comment_group_plugin_profile', :action => 'view_comments', :group_id => group_id, :article_id => article_id},
+        :loaded => visual_effect(:highlight, "comments_list_group_#{group_id}"),
+        :method => :post,
+        :condition => "!toggleGroup(#{group_id})",
+        :complete => "loadCompleted(#{group_id})")%>
+    </div>
+    <!-- FIXME: css file -->
+    <div id="comments_group_count_<%= group_id %>" style="float: right; vertical-align: middle; padding-left: 3px; padding-right: 5px; color: #5AC1FC"><span id="comment-count-<%= group_id %>" class='comment-count'><%= count %></span></div>
+
+  </div>
+
+  <div>
+    <%= inner_html %>
+  </div>
+
+  <div class="comment-group-loading-<%= group_id %>"/>
+
+  <div class="comments_list_toggle_group_<%= group_id %>" style="display:none">
+    <div class="article-comments-list" id="comments_list_group_<%= group_id %>"></div>
+    <div id="page-comment-form-<%= group_id %>" class='post_comment_box closed'><%= render :partial => 'comment/comment_form', :locals => {:comment => Comment.new, :display_link => true, :cancel_triggers_hide => true, :group_id => group_id}%></div>
+  </div>
+</div>
@@ -70,7 +70,8 @@ class CustomFormsPluginMyprofileController &lt; MyProfileController
   private
  
   def new_fields(params)
-    result = params[:fields].map {|id, hash| hash.has_key?(:real_id) ? nil : hash}.compact
+    keys = params[:fields].keys.sort{|a, b| a.to_i <=> b.to_i}
+    result = keys.map { |id| (hash = params[:fields][id]).has_key?(:real_id) ? nil : hash}.compact
     result.delete_if {|field| field[:name].blank?}
     result
   end
@@ -27,6 +27,7 @@ class CustomFormsPluginProfileController &lt; ProfileController
           failed_answers.each do |answer|
             @submission.errors.add(answer.field.name.to_sym, answer.errors[answer.field.slug.to_sym])
           end
+          raise 'Submission failed: answers not valid'
         end
         session[:notice] = _('Submission saved')
         redirect_to :action => 'show'
@@ -0,0 +1,13 @@
+class AddPositionToCustomFormsPluginFields < ActiveRecord::Migration
+  def self.up
+    change_table :custom_forms_plugin_fields do |t|
+      t.integer :position, :default => 0
+    end
+  end
+
+  def self.down
+    change_table :custom_forms_plugin_fields do |t|
+      t.remove :position
+    end
+  end
+end
@@ -12,5 +12,11 @@ class CustomFormsPlugin::Field &lt; ActiveRecord::Base
   before_validation do |field|
     field.slug = field.name.to_slug if field.name.present?
   end
+
+  before_create do |field|
+    if field.form.fields.exists?
+      field.position = field.form.fields.order('position').last.position + 1
+    end
+  end
 end
  
 class CustomFormsPlugin::Form < Noosfero::Plugin::ActiveRecord
   belongs_to :profile
  
-  has_many :fields, :class_name => 'CustomFormsPlugin::Field', :dependent => :destroy
+  has_many :fields, :class_name => 'CustomFormsPlugin::Field', :dependent => :destroy, :order => 'position'
   has_many :submissions, :class_name => 'CustomFormsPlugin::Submission'
  
   serialize :access
@@ -103,14 +103,17 @@ module CustomFormsPlugin::Helper
  
   def build_answers(submission, form)
     answers = []
-    submission.each do |slug, value|
-      field = form.fields.select {|field| field.slug==slug}.first
-      if value.kind_of?(String)
-        final_value = value
-      elsif value.kind_of?(Array)
-        final_value = value.join(',')
-      elsif value.kind_of?(Hash)
-        final_value = value.map {|option, present| present == '1' ? option : nil}.compact.join(',')
+    form.fields.each do |field|
+      final_value = ''
+      if submission.has_key?(field.slug)
+        value = submission[field.slug]
+        if value.kind_of?(String)
+          final_value = value
+        elsif value.kind_of?(Array)
+          final_value = value.join(',')
+        elsif value.kind_of?(Hash)
+          final_value = value.map {|option, present| present == '1' ? option : nil}.compact.join(',')
+        end
       end
       answers << CustomFormsPlugin::Answer.new(:field => field, :value => final_value)
     end
@@ -8,7 +8,6 @@ jQuery(&#39;.icon-edit&#39;).live(&#39;click&#39;, function() {
       id = jQuery(elem).attr('field_id');
       type = jQuery('#fields_'+id+'_type').val().split('_')[0];
       selector = '#edit-'+type+'-'+id
-      jQuery(selector).show();
       return selector
     }
   });
@@ -28,3 +28,6 @@
 .edit-information {
   display: none;
 }
+#colorbox .edit-information {
+  display: block;
+}
@@ -40,7 +40,7 @@ class CustomFormsPluginMyprofileControllerTest &lt; ActionController::TestCase
   should 'create a form' do
     format = '%Y-%m-%d %H:%M'
     begining = Time.now.strftime(format)
-    ending = (Time.now + 1.day).strftime('%Y-%m-%d %H:%M')
+    ending = (Time.now + 1.day).strftime(format)
     assert_difference CustomFormsPlugin::Form, :count, 1 do
       post :create, :profile => profile.identifier,
         :form => {
@@ -90,12 +90,42 @@ class CustomFormsPluginMyprofileControllerTest &lt; ActionController::TestCase
     assert f2.kind_of?(CustomFormsPlugin::SelectField)
   end
  
+  should 'create fields in the order they are sent' do
+    format = '%Y-%m-%d %H:%M'
+    num_fields = 10
+    begining = Time.now.strftime(format)
+    ending = (Time.now + 1.day).strftime(format)
+    fields = {}
+    num_fields.times do |i|
+      fields[i.to_s] = {
+        :name => i.to_s,
+        :default_value => '',
+        :type => 'text_field'
+      }
+    end
+    assert_difference CustomFormsPlugin::Form, :count, 1 do
+      post :create, :profile => profile.identifier,
+        :form => {
+        :name => 'My Form',
+        :access => 'logged',
+        :begining => begining,
+        :ending => ending,
+        :description => 'Cool form'},
+        :fields => fields
+    end
+    form = CustomFormsPlugin::Form.find_by_name('My Form')
+    assert_equal num_fields, form.fields.count
+    form.fields.find_each do |f|
+      assert_equal f.position, f.name.to_i
+    end
+  end
+
   should 'edit a form' do
     form = CustomFormsPlugin::Form.create!(:profile => profile, :name => 'Free Software')
     field = CustomFormsPlugin::TextField.create!(:form => form, :name => 'License')
     format = '%Y-%m-%d %H:%M'
     begining = Time.now.strftime(format)
-    ending = (Time.now + 1.day).strftime('%Y-%m-%d %H:%M')
+    ending = (Time.now + 1.day).strftime(format)
  
     post :edit, :profile => profile.identifier, :id => form.id,
       :form => {:name => 'My Form', :access => 'logged', :begining => begining, :ending => ending, :description => 'Cool form'},
@@ -0,0 +1,31 @@
+require File.dirname(__FILE__) + '/../../../../test/test_helper'
+require File.dirname(__FILE__) + '/../../controllers/custom_forms_plugin_profile_controller'
+
+# Re-raise errors caught by the controller.
+class CustomFormsPluginProfileController; def rescue_action(e) raise e end; end
+
+class CustomFormsPluginProfileControllerTest < ActionController::TestCase
+  def setup
+    @controller = CustomFormsPluginProfileController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+    @profile = create_user('profile').person
+    login_as(@profile.identifier)
+    environment = Environment.default
+    environment.enable_plugin(CustomFormsPlugin)
+  end
+
+  attr_reader :profile
+
+  should 'save submission if fields are ok' do
+    form = CustomFormsPlugin::Form.create!(:profile => profile, :name => 'Free Software')
+    field1 = CustomFormsPlugin::TextField.create(:name => 'Name', :form => form, :mandatory => true)
+    field2 = CustomFormsPlugin::TextField.create(:name => 'License', :form => form)
+
+    assert_difference CustomFormsPlugin::Submission, :count, 1 do
+      post :show, :profile => profile.identifier, :id => form.id, :submission => {field1.name.to_slug => 'Noosfero', field2.name.to_slug => 'GPL'}
+    end
+    assert !session[:notice].include?('not saved')
+    assert_redirected_to :action => 'show'
+  end
+end
@@ -71,5 +71,15 @@ class CustomFormsPlugin::FieldTest &lt; ActiveSupport::TestCase
     end
     assert_equal form.fields, [license_field]
   end
+
+  should 'give positions by creation order' do
+    form = CustomFormsPlugin::Form.create!(:name => 'Free Software', :profile => fast_create(Profile))
+    field_0 = CustomFormsPlugin::Field.create!(:name => 'License', :form => form)
+    field_1 = CustomFormsPlugin::Field.create!(:name => 'URL', :form => form)
+    field_2 = CustomFormsPlugin::Field.create!(:name => 'Wiki', :form => form)
+    assert_equal 0, field_0.position
+    assert_equal 1, field_1.position
+    assert_equal 2, field_2.position
+  end
 end
...	...	@@ -110,6 +110,7 @@ Diego Martinez <diegoamc90@gmail.com>
110	110	Diego Martinez <diego@diego-K55A.(none)>
111	111	Diego + Renan <renanteruoc@gmail.com>
112	112	Fernanda Lopes <nanda.listas+psl@gmail.com>
	113	+Francisco Marcelo de Araujo Lima Junior <79350259591@serpro-1457614.(none)>
113	114	Grazieno Pellegrino <grazieno@gmail.com>
114	115	Isaac Canan <isaac@intelletto.com.br>
115	116	Italo Valcy <italo@dcc.ufba.br>
...	...	@@ -153,6 +154,7 @@ Leandro Nunes dos Santos <leandronunes@gmail.com>
153	154	Leandro Nunes dos Santos <leandro.santos@serpro.gov.br>
154	155	LinguÁgil 2010 <linguagil.bahia@gmail.com>
155	156	Lucas Melo <lucas@colivre.coop.br>
	157	+Lucas Melo <lucaspradomelo@gmail.com>
156	158	Luis David Aguilar Carlos <ludwig9003@gmail.com>
157	159	Martín Olivera <molivera@solar.org.ar>
158	160	Moises Machado <moises@colivre.coop.br>
...	...
...	...	@@ -6,15 +6,13 @@ To configure XMPP/BOSH in Noosfero you need:
6	6	* SystemTimer - http://ph7spot.com/musings/system-timer
7	7	* Pidgin data files - http://www.pidgin.im/
8	8
9		-If you use Debian Lenny:
	9	+If you use Debian Wheezy:
10	10
11		-# apt-get install librestclient-ruby (from backports)
12		-# apt-get install pidgin-data
13		-# apt-get install ruby1.8-dev
	11	+# apt-get install librestclient-ruby pidgin-data ruby1.8-dev
14	12	# gem install SystemTimer
15	13
16		-Take a look at util/chat directory to see samples of config file to configure a
17		-XMPP/BOSH server with ejabberd, postgresql and apache2.
	14	+The samples of config file to configure a XMPP/BOSH server with
	15	+ejabberd, postgresql and apache2 can be found at util/chat directory.
18	16
19	17	== XMPP/Chat Server Setup
20	18
...	...	@@ -22,8 +20,7 @@ This is a step-by-step guide to get a XMPP service working, in a Debian system.
22	20
23	21	1. Install the required packages
24	22
25		-# apt-get -t lenny-backports install ejabberd
26		-# apt-get install odbc-postgresql
	23	+# apt-get install ejabberd odbc-postgresql
27	24
28	25	2. Ejabberd configuration
29	26
...	...	@@ -108,7 +105,7 @@ Unused modules can be disabled, for example:
108	105	* web_admin
109	106	* mod_pubsub
110	107	* mod_irc
111		- * mod_offine
	108	+ * mod_offline
112	109	* mod_admin_extra
113	110	* mod_register
114	111
...	...	@@ -132,7 +129,7 @@ This will create a new schema inside the noosfero database, called 'ejabberd'.
132	129
133	130	Note 'noosfero' user should have permission to create Postgresql schemas. Also,
134	131	there should be at least one domain with 'is_default = true' in 'domains'
135		-table, otherwise people couldn't see your friends online.
	132	+table, otherwise people won't be able to see their friends online.
136	133
137	134
138	135	4. ODBC configuration
...	...	@@ -168,9 +165,12 @@ Debug = 0
168	165	CommLog = 1
169	166	UsageCount = 3
170	167
171		- * testing all:
	168	+ 4.1 testing all:
172	169
173		-# isql 'PostgreSQLEjabberdNoosfero' DBUSER
	170	+# isql 'PostgreSQLEjabberdNoosfero'
	171	+
	172	+If the configuration was done right, the message "Connected!"
	173	+will be displayed.
174	174
175	175
176	176	5. Enabling kernel polling and SMP in /etc/default/ejabberd
...	...
...	...	@@ -19,11 +19,12 @@ To prepare a release of noosfero, you must follow the steps below:
19	19
20	20	* Finish all requirements and bugs assigned to the to-be-released version
21	21	* Make sure all tests pass
22		-* Change the version in lib/noosfero.rb and debian/changelog to the
23		- to-be-released version (e.g. 0.2.0, 0.3.1)
24	22	* Write release notes at the version's wiki topic
25		-* Generate packages with <tt>rake noosfero:release</tt>. Your tarball and deb
26		- pkg will be under the pkg/ directory. This task will create a git tag too.
	23	+* Generate packages with <tt>rake noosfero:release[(stable\|test)]</tt>. This task will:
	24	+ * Update the version in lib/noosfero.rb and debian/changelog.
	25	+ * Create the tarbal and the deb pkg under pkg/ directory.
	26	+ * Create a git tag and push it.
	27	+ * Upload the pkg to the configured repository (if configured) on ~/.dput.cf.
27	28	* Test that the tarball and deb package are ok
28	29	* Go to the version's wiki topic and edit it to reflect the new reality
29	30	* Edit the topic WebPreferences and update DEBIAN_REPOSITORY_TOPICS setting
...	...	@@ -31,7 +32,6 @@ To prepare a release of noosfero, you must follow the steps below:
31	32	sha1 of the package (with sha1sum and paste the SHA1 hash as comment in the
32	33	attachment form)
33	34	* Download the attached and verify the MD5 hash
34		-* Push the new version tag (with git push --tags)
35	35	* Update an eventual demonstration version that you run.
36	36	* Write an announcement e-mail to the relevant mailing lists pointing to the
37	37	release notes, and maybe to the demonstration version.
...	...
...	...	@@ -0,0 +1,82 @@
	1	+class TrustedSitesController < AdminController
	2	+ protect 'manage_environment_trusted_sites', :environment
	3	+
	4	+ def index
	5	+ @sites = environment.trusted_sites_for_iframe
	6	+ end
	7	+
	8	+ def new
	9	+ @site = ""
	10	+ end
	11	+
	12	+ def create
	13	+ if add_trusted_site(params[:site])
	14	+ session[:notice] = _('New trusted site added.')
	15	+ redirect_to :action => 'index'
	16	+ else
	17	+ session[:notice] = _('Failed to add trusted site.')
	18	+ render :action => 'new'
	19	+ end
	20	+ end
	21	+
	22	+ def edit
	23	+ if is_trusted_site? params[:site]
	24	+ @site = params[:site]
	25	+ else
	26	+ session[:notice] = _('Trusted site was not found')
	27	+ redirect_to :action => 'index'
	28	+ end
	29	+ end
	30	+
	31	+ def update
	32	+ site = params[:site]
	33	+ orig_site = params[:orig_site]
	34	+ if rename_trusted_site(orig_site, site)
	35	+ redirect_to :action => 'edit', :site => @site
	36	+ else
	37	+ session[:notice] = _('Failed to edit trusted site.')
	38	+ render :action => 'edit'
	39	+ end
	40	+ end
	41	+
	42	+ def destroy
	43	+ if delete_trusted_site(params[:site])
	44	+ session[:notice] = _('Trusted site removed')
	45	+ else
	46	+ session[:notice] = _('Trusted site could not be removed')
	47	+ end
	48	+ redirect_to :action => 'index'
	49	+ end
	50	+
	51	+ protected
	52	+ def add_trusted_site (site)
	53	+ trusted_sites = environment.trusted_sites_for_iframe
	54	+ trusted_sites << site
	55	+ environment.trusted_sites_for_iframe = trusted_sites
	56	+ environment.save
	57	+ end
	58	+
	59	+ def rename_trusted_site(orig_site, site)
	60	+ trusted_sites = environment.trusted_sites_for_iframe
	61	+ i = trusted_sites.index orig_site
	62	+ if i.nil?
	63	+ return false
	64	+ else
	65	+ trusted_sites[i] = site
	66	+ environment.trusted_sites_for_iframe = trusted_sites
	67	+ environment.save
	68	+ end
	69	+ end
	70	+
	71	+
	72	+ def delete_trusted_site (site)
	73	+ trusted_sites = environment.trusted_sites_for_iframe
	74	+ trusted_sites.delete site
	75	+ environment.trusted_sites_for_iframe = trusted_sites
	76	+ environment.save
	77	+ end
	78	+
	79	+ def is_trusted_site? (site)
	80	+ environment.trusted_sites_for_iframe.include? site
	81	+ end
	82	+end
...	...
...	...	@@ -6,6 +6,20 @@ class ApplicationController < ActionController::Base
6	6	before_filter :setup_multitenancy
7	7	before_filter :detect_stuff_by_domain
8	8	before_filter :init_noosfero_plugins
	9	+ before_filter :allow_cross_domain_access
	10	+
	11	+ def allow_cross_domain_access
	12	+ origin = request.headers['Origin']
	13	+ return if origin.blank?
	14	+ if environment.access_control_allow_origin.include? origin
	15	+ response.headers["Access-Control-Allow-Origin"] = origin
	16	+ unless environment.access_control_allow_methods.blank?
	17	+ response.headers["Access-Control-Allow-Methods"] = environment.access_control_allow_methods
	18	+ end
	19	+ elsif environment.restrict_to_access_control_origins
	20	+ render_access_denied _('Origin not in allowed.')
	21	+ end
	22	+ end
9	23
10	24	include ApplicationHelper
11	25	layout :get_layout
...	...	@@ -82,11 +96,10 @@ class ApplicationController < ActionController::Base
82	96	false
83	97	end
84	98
85		-
86	99	def user
87	100	current_user.person if logged_in?
88	101	end
89		-
	102	+
90	103	alias :current_person :user
91	104
92	105	# TODO: move this logic somewhere else (Domain class?)
...	...	@@ -104,6 +117,12 @@ class ApplicationController < ActionController::Base
104	117	else
105	118	@environment = @domain.environment
106	119	@profile = @domain.profile
	120	+
	121	+ # Check if the requested profile belongs to another domain
	122	+ if @profile && !params[:profile].blank? && params[:profile] != @profile.identifier
	123	+ @profile = @environment.profiles.find_by_identifier params[:profile]
	124	+ redirect_to params.merge(:host => @profile.default_hostname)
	125	+ end
107	126	end
108	127	end
109	128
...	...	@@ -156,7 +175,7 @@ class ApplicationController < ActionController::Base
156	175	def find_by_contents(asset, scope, query, paginate_options={:page => 1}, options={})
157	176	scope = scope.send(options[:filter]) if options[:filter]
158	177
159		- @plugins.first(:find_by_contents, asset, scope, query, paginate_options, options) \|\|
	178	+ @plugins.dispatch_first(:find_by_contents, asset, scope, query, paginate_options, options) \|\|
160	179	fallback_find_by_contents(asset, scope, query, paginate_options, options)
161	180	end
162	181
...	...
...	...	@@ -182,7 +182,14 @@ class CmsController < MyProfileController
182	182	if request.post?
183	183	@article.destroy
184	184	session[:notice] = _("\"#{@article.name}\" was removed.")
185		- redirect_to :action => (@article.parent ? 'view' : 'index'), :id => @article.parent
	185	+ referer = ActionController::Routing::Routes.recognize_path URI.parse(request.referer).path rescue nil
	186	+ if referer and referer[:controller] == 'cms'
	187	+ redirect_to referer
	188	+ elsif @article.parent
	189	+ redirect_to @article.parent.url
	190	+ else
	191	+ redirect_to profile.url
	192	+ end
186	193	end
187	194	end
188	195
...	...
...	...	@@ -26,7 +26,8 @@ class AccountController < ApplicationController
26	26
27	27	# action to perform login to the application
28	28	def login
29		- store_location(request.referer) unless session[:return_to]
	29	+ store_location(request.referer) unless params[:return_to] or session[:return_to]
	30	+
30	31	return unless request.post?
31	32
32	33	self.current_user = plugins_alternative_authentication
...	...	@@ -125,7 +126,7 @@ class AccountController < ApplicationController
125	126	def change_password
126	127	if request.post?
127	128	@user = current_user
128		- begin
	129	+ begin
129	130	@user.change_password!(params[:current_password],
130	131	params[:new_password],
131	132	params[:new_password_confirmation])
...	...	@@ -218,7 +219,7 @@ class AccountController < ApplicationController
218	219	@question = @enterprise.question
219	220	return unless check_answer
220	221	return unless check_acceptance_of_terms
221		-
	222	+
222	223	activation = load_enterprise_activation
223	224	if activation && user
224	225	activation.requestor = user
...	...	@@ -355,7 +356,9 @@ class AccountController < ApplicationController
355	356	end
356	357
357	358	def go_to_initial_page
358		- if environment.enabled?('allow_change_of_redirection_after_login')
	359	+ if params[:return_to]
	360	+ redirect_to params[:return_to]
	361	+ elsif environment.enabled?('allow_change_of_redirection_after_login')
359	362	case user.preferred_login_redirection
360	363	when 'keep_on_same_page'
361	364	redirect_back_or_default(user.admin_url)
...	...
...	...	@@ -5,15 +5,14 @@ class CatalogController < PublicController
5	5	before_filter :check_enterprise_and_environment
6	6
7	7	def index
8		- @category = params[:level] ? ProductCategory.find(params[:level]) : nil
9		- @products = @profile.products.from_category(@category).paginate(:order => 'available desc, highlighted desc, name asc', :per_page => 9, :page => params[:page])
10		- @categories = ProductCategory.on_level(params[:level]).order(:name)
	8	+ extend CatalogHelper
	9	+ catalog_load_index
11	10	end
12	11
13	12	protected
14	13
15	14	def check_enterprise_and_environment
16		- unless @profile.kind_of?(Enterprise) && !@profile.environment.enabled?('disable_products_for_enterprises')
	15	+ unless profile.kind_of?(Enterprise) && !profile.environment.enabled?('disable_products_for_enterprises')
17	16	redirect_to :controller => 'profile', :profile => profile.identifier, :action => 'index'
18	17	end
19	18	end
...	...
...	...	@@ -0,0 +1,164 @@
	1	+class CommentController < ApplicationController
	2	+
	3	+ needs_profile
	4	+
	5	+ before_filter :can_update?, :only => [:edit, :update]
	6	+
	7	+ def create
	8	+ begin
	9	+ @page = profile.articles.find(params[:id])
	10	+ rescue
	11	+ @page = nil
	12	+ end
	13	+
	14	+ # page not found, give error
	15	+ if @page.nil?
	16	+ respond_to do \|format\|
	17	+ format.js do
	18	+ render :json => { :msg => _('Page not found.')}
	19	+ end
	20	+ end
	21	+ return
	22	+ end
	23	+
	24	+ unless @page.accept_comments?
	25	+ respond_to do \|format\|
	26	+ format.js do
	27	+ render :json => { :msg => _('Comment not allowed in this article')}
	28	+ end
	29	+ end
	30	+ return
	31	+ end
	32	+
	33	+ @comment = Comment.new(params[:comment])
	34	+ @comment.author = user if logged_in?
	35	+ @comment.article = @page
	36	+ @comment.ip_address = request.remote_ip
	37	+ @comment.user_agent = request.user_agent
	38	+ @comment.referrer = request.referrer
	39	+ @plugins.dispatch(:filter_comment, @comment)
	40	+
	41	+ if @comment.rejected?
	42	+ respond_to do \|format\|
	43	+ format.js do
	44	+ render :json => { :msg => _('Comment was rejected')}
	45	+ end
	46	+ end
	47	+ return
	48	+ end
	49	+
	50	+ if !@comment.valid? \|\| (not pass_without_comment_captcha? and not verify_recaptcha(:model => @comment, :message => _('Please type the words correctly')))
	51	+ respond_to do \|format\|
	52	+ format.js do
	53	+ render :json => {
	54	+ :render_target => 'form',
	55	+ :html => render_to_string(:partial => 'comment_form', :object => @comment, :locals => {:comment => @comment, :display_link => true, :show_form => true})
	56	+ }
	57	+ end
	58	+ end
	59	+ return
	60	+ end
	61	+
	62	+ if @comment.need_moderation?
	63	+ @comment.created_at = Time.now
	64	+ ApproveComment.create!(:requestor => @comment.author, :target => profile, :comment_attributes => @comment.attributes.to_json)
	65	+
	66	+ respond_to do \|format\|
	67	+ format.js do
	68	+ render :json => { :render_target => nil, :msg => _('Your comment is waiting for approval.') }
	69	+ end
	70	+ end
	71	+ return
	72	+ end
	73	+
	74	+ @comment.save
	75	+
	76	+ respond_to do \|format\|
	77	+ format.js do
	78	+ comment_to_render = @comment.comment_root
	79	+ render :json => {
	80	+ :render_target => comment_to_render.anchor,
	81	+ :html => render_to_string(:partial => 'comment', :locals => {:comment => comment_to_render, :display_link => true}),
	82	+ :msg => _('Comment successfully created.')
	83	+ }
	84	+ end
	85	+ end
	86	+ end
	87	+
	88	+ def destroy
	89	+ comment = profile.comments_received.find(params[:id])
	90	+
	91	+ if comment && comment.can_be_destroyed_by?(user) && comment.destroy
	92	+ render :text => {'ok' => true}.to_json, :content_type => 'application/json'
	93	+ else
	94	+ session[:notice] = _("The comment was not removed.")
	95	+ render :text => {'ok' => false}.to_json, :content_type => 'application/json'
	96	+ end
	97	+ end
	98	+
	99	+ def mark_as_spam
	100	+ comment = profile.comments_received.find(params[:id])
	101	+ if comment.can_be_marked_as_spam_by?(user)
	102	+ comment.spam!
	103	+ render :text => {'ok' => true}.to_json, :content_type => 'application/json'
	104	+ else
	105	+ session[:notice] = _("You couldn't mark this comment as spam.")
	106	+ render :text => {'ok' => false}.to_json, :content_type => 'application/json'
	107	+ end
	108	+ end
	109	+
	110	+ def edit
	111	+ render :partial => "comment_form", :locals => {:comment => @comment, :display_link => params[:reply_of_id].present?, :edition_mode => true, :show_form => true}
	112	+ end
	113	+
	114	+ def update
	115	+ if @comment.update_attributes(params[:comment])
	116	+ respond_to do \|format\|
	117	+ format.js do
	118	+ comment_to_render = @comment.comment_root
	119	+ render :json => {
	120	+ :ok => true,
	121	+ :render_target => comment_to_render.anchor,
	122	+ :html => render_to_string(:partial => 'comment', :locals => {:comment => comment_to_render})
	123	+ }
	124	+ end
	125	+ end
	126	+ else
	127	+ respond_to do \|format\|
	128	+ format.js do
	129	+ render :json => {
	130	+ :ok => false,
	131	+ :render_target => 'form',
	132	+ :html => render_to_string(:partial => 'comment_form', :object => @comment, :locals => {:comment => @comment, :display_link => false, :edition_mode => true, :show_form => true})
	133	+ }
	134	+ end
	135	+ end
	136	+ end
	137	+ end
	138	+
	139	+ def check_actions
	140	+ comment = profile.comments_received.find(params[:id])
	141	+ ids = @plugins.dispatch(:check_comment_actions, comment).collect do \|action\|
	142	+ action.kind_of?(Proc) ? self.instance_eval(&action) : action
	143	+ end.flatten.compact
	144	+ render :json => {:ids => ids}
	145	+ end
	146	+
	147	+ protected
	148	+
	149	+ def pass_without_comment_captcha?
	150	+ logged_in? && !environment.enabled?('captcha_for_logged_users')
	151	+ end
	152	+ helper_method :pass_without_comment_captcha?
	153	+
	154	+ def can_update?
	155	+ begin
	156	+ @comment = profile.comments_received.find(params[:id])
	157	+ raise ActiveRecord::RecordNotFound unless @comment.can_be_updated_by?(user) # Not reveal that the comment exists
	158	+ rescue ActiveRecord::RecordNotFound
	159	+ render_not_found
	160	+ return
	161	+ end
	162	+ end
	163	+
	164	+end
...	...
...	...	@@ -2,8 +2,6 @@ class ContentViewerController < ApplicationController
2	2
3	3	needs_profile
4	4
5		- before_filter :comment_author, :only => :edit_comment
6		-
7	5	helper ProfileHelper
8	6	helper TagsHelper
9	7
...	...	@@ -70,24 +68,8 @@ class ContentViewerController < ApplicationController
70	68
71	69	@form_div = params[:form]
72	70
73		- if params[:comment] && params[:confirm] == 'true'
74		- @comment = Comment.new(params[:comment])
75		- if request.post? && @page.accept_comments?
76		- add_comment
77		- end
78		- else
79		- @comment = Comment.new
80		- end
81		-
82		- if request.post?
83		- if params[:remove_comment]
84		- remove_comment
85		- return
86		- elsif params[:mark_comment_as_spam]
87		- mark_comment_as_spam
88		- return
89		- end
90		- end
	71	+ #FIXME see a better way to do this. It's not need to pass this variable anymore
	72	+ @comment = Comment.new
91	73
92	74	if @page.has_posts?
93	75	posts = if params[:year] and params[:month]
...	...	@@ -117,89 +99,18 @@ class ContentViewerController < ApplicationController
117	99	end
118	100	end
119	101
120		- comments = @page.comments.without_spam
121		- @comments = comments.as_thread
122		- @comments_count = comments.count
	102	+ @comments = @page.comments.without_spam
	103	+ @comments_count = @comments.count
	104	+ @comments = @plugins.filter(:unavailable_comments, @comments.without_reply)
	105	+ @comments = @comments.paginate(:per_page => per_page, :page => params[:comment_page] )
	106	+
123	107	if params[:slideshow]
124	108	render :action => 'slideshow', :layout => 'slideshow'
125	109	end
126	110	end
127	111
128		- def edit_comment
129		- path = params[:page].join('/')
130		- @page = profile.articles.find_by_path(path)
131		- @form_div = 'opened'
132		- @comment = @page.comments.find_by_id(params[:id])
133		- if @comment
134		- if request.post?
135		- begin
136		- @comment.update_attributes(params[:comment])
137		- session[:notice] = _('Comment succesfully updated')
138		- redirect_to :action => 'view_page', :profile => profile.identifier, :page => @comment.article.explode_path
139		- rescue
140		- session[:notice] = _('Comment could not be updated')
141		- end
142		- end
143		- else
144		- redirect_to @page.view_url
145		- session[:notice] = _('Could not find the comment in the article')
146		- end
147		- end
148		-
149	112	protected
150	113
151		- def add_comment
152		- @comment.author = user if logged_in?
153		- @comment.article = @page
154		- @comment.ip_address = request.remote_ip
155		- @comment.user_agent = request.user_agent
156		- @comment.referrer = request.referrer
157		- plugins_filter_comment(@comment)
158		- return if @comment.rejected?
159		- if (pass_without_comment_captcha? \|\| verify_recaptcha(:model => @comment, :message => _('Please type the words correctly'))) && @comment.save
160		- @page.touch
161		- @comment = nil # clear the comment form
162		- redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
163		- else
164		- @form_div = 'opened' if params[:comment][:reply_of_id].blank?
165		- end
166		- end
167		-
168		- def plugins_filter_comment(comment)
169		- @plugins.each do \|plugin\|
170		- plugin.filter_comment(comment)
171		- end
172		- end
173		-
174		- def pass_without_comment_captcha?
175		- logged_in? && !environment.enabled?('captcha_for_logged_users')
176		- end
177		- helper_method :pass_without_comment_captcha?
178		-
179		- def remove_comment
180		- @comment = @page.comments.find(params[:remove_comment])
181		- if (user == @comment.author \|\| user == @page.profile \|\| user.has_permission?(:moderate_comments, @page.profile))
182		- @comment.destroy
183		- end
184		- finish_comment_handling
185		- end
186		-
187		- def mark_comment_as_spam
188		- @comment = @page.comments.find(params[:mark_comment_as_spam])
189		- if logged_in? && (user == @page.profile \|\| user.has_permission?(:moderate_comments, @page.profile))
190		- @comment.spam!
191		- end
192		- finish_comment_handling
193		- end
194		-
195		- def finish_comment_handling
196		- if request.xhr?
197		- render :text => {'ok' => true}.to_json, :content_type => 'application/json'
198		- else
199		- redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
200		- end
201		- end
202		-
203	114	def per_page
204	115	12
205	116	end
...	...	@@ -223,13 +134,9 @@ class ContentViewerController < ApplicationController
223	134	end
224	135	end
225	136
226		- def comment_author
227		- comment = Comment.find_by_id(params[:id])
228		- if comment
229		- render_access_denied if comment.author.blank? \|\| comment.author != user
230		- else
231		- render_not_found
232		- end
	137	+ def pass_without_comment_captcha?
	138	+ logged_in? && !environment.enabled?('captcha_for_logged_users')
233	139	end
	140	+ helper_method :pass_without_comment_captcha?
234	141
235	142	end
...	...