Merge branch 'master' into rails3

Conflicts: app/helpers/boxes_helper.rb app/models/comment.rb app/views/comment/_comment.rhtml app/views/comment/_comment_form.rhtml app/views/content_viewer/_comment.html.erb app/views/content_viewer/_comment.rhtml app/views/content_viewer/_comment_form.html.erb app/views/content_viewer/_comment_form.rhtml app/views/profile/send_mail.html.erb config/routes.rb debian/control

Merge branch 'master' into rails3
Conflicts: app/helpers/boxes_helper.rb app/models/comment.rb app/views/comment/_comment.rhtml app/views/comment/_comment_form.rhtml app/views/content_viewer/_comment.html.erb app/views/content_viewer/_comment.rhtml app/views/content_viewer/_comment_form.html.erb app/views/content_viewer/_comment_form.rhtml app/views/profile/send_mail.html.erb config/routes.rb debian/control
Antonio Terceiro
2 parents 212e8b0b c5635326
Showing 147 changed files with 4492 additions and 1529 deletions Show diff stats
AUTHORS
INSTALL.chat
RELEASING
app/controllers/admin/trusted_sites_controller.rb
app/controllers/application_controller.rb
app/controllers/my_profile/cms_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/catalog_controller.rb
app/controllers/public/comment_controller.rb
app/controllers/public/content_viewer_controller.rb
app/controllers/public/profile_controller.rb
app/helpers/application_helper.rb
app/helpers/article_helper.rb
app/helpers/boxes_helper.rb
app/helpers/catalog_helper.rb
app/helpers/comment_helper.rb
app/helpers/content_viewer_helper.rb
app/helpers/forms_helper.rb
app/helpers/forum_helper.rb
app/helpers/layout_helper.rb
@@ -110,6 +110,7 @@ Diego Martinez &lt;diegoamc90@gmail.com&gt;
 Diego Martinez <diego@diego-K55A.(none)>
 Diego + Renan <renanteruoc@gmail.com>
 Fernanda Lopes <nanda.listas+psl@gmail.com>
+Francisco Marcelo de Araujo Lima Junior <79350259591@serpro-1457614.(none)>
 Grazieno Pellegrino <grazieno@gmail.com>
 Isaac Canan <isaac@intelletto.com.br>
 Italo Valcy <italo@dcc.ufba.br>
@@ -153,6 +154,7 @@ Leandro Nunes dos Santos &lt;leandronunes@gmail.com&gt;
 Leandro Nunes dos Santos <leandro.santos@serpro.gov.br>
 LinguÁgil 2010 <linguagil.bahia@gmail.com>
 Lucas Melo <lucas@colivre.coop.br>
+Lucas Melo <lucaspradomelo@gmail.com>
 Luis David Aguilar Carlos <ludwig9003@gmail.com>
 Martín Olivera <molivera@solar.org.ar>
 Moises Machado <moises@colivre.coop.br>
@@ -6,15 +6,13 @@ To configure XMPP/BOSH in Noosfero you need:
 * SystemTimer - http://ph7spot.com/musings/system-timer
 * Pidgin data files - http://www.pidgin.im/
-If you use Debian Lenny:
+If you use Debian Wheezy:
-# apt-get install librestclient-ruby (from backports)
-# apt-get install pidgin-data
-# apt-get install ruby1.8-dev
+# apt-get install librestclient-ruby pidgin-data ruby1.8-dev
 # gem install SystemTimer
-Take a look at util/chat directory to see samples of config file to configure a
-XMPP/BOSH server with ejabberd, postgresql and apache2.
+The samples of config file to configure a XMPP/BOSH server with
+ejabberd, postgresql and apache2 can be found at util/chat directory.
 == XMPP/Chat Server Setup
@@ -22,8 +20,7 @@ This is a step-by-step guide to get a XMPP service working, in a Debian system.
 1. Install the required packages
-# apt-get -t lenny-backports install ejabberd
-# apt-get install odbc-postgresql
+# apt-get install ejabberd odbc-postgresql
 2. Ejabberd configuration
@@ -108,7 +105,7 @@ Unused modules can be disabled, for example:
  * web_admin
  * mod_pubsub
  * mod_irc
- * mod_offine
+ * mod_offline
  * mod_admin_extra
  * mod_register
@@ -132,7 +129,7 @@ This will create a new schema inside the noosfero database, called &#39;ejabberd&#39;.
 Note 'noosfero' user should have permission to create Postgresql schemas. Also,
 there should be at least one domain with 'is_default = true' in 'domains'
-table, otherwise people couldn't see your friends online.
+table, otherwise people won't be able to see their friends online.
 4. ODBC configuration
@@ -168,9 +165,12 @@ Debug       = 0
 CommLog     = 1
 UsageCount  = 3
- * testing all:
+ 4.1 testing all:
-# isql 'PostgreSQLEjabberdNoosfero' DBUSER
+# isql 'PostgreSQLEjabberdNoosfero'
+
+If the configuration was done right, the message "Connected!"
+will be displayed.
 5. Enabling kernel polling and SMP in /etc/default/ejabberd
@@ -19,11 +19,12 @@ To prepare a release of noosfero, you must follow the steps below:
 * Finish all requirements and bugs assigned to the to-be-released version
 * Make sure all tests pass
-* Change the version in lib/noosfero.rb and debian/changelog to the
-  to-be-released version (e.g. 0.2.0, 0.3.1)
 * Write release notes at the version's wiki topic
-* Generate packages with <tt>rake noosfero:release</tt>. Your tarball and deb
-  pkg will be under the pkg/ directory. This task will create a git tag too.
+* Generate packages with <tt>rake noosfero:release[(stable|test)]</tt>. This task will:
+  * Update the version in lib/noosfero.rb and debian/changelog.
+  * Create the tarbal and the deb pkg under pkg/ directory.
+  * Create a git tag and push it.
+  * Upload the pkg to the configured repository (if configured) on ~/.dput.cf.
 * Test that the tarball and deb package are ok
 * Go to the version's wiki topic and edit it to reflect the new reality
 * Edit the topic WebPreferences and update DEBIAN_REPOSITORY_TOPICS setting
@@ -31,7 +32,6 @@ To prepare a release of noosfero, you must follow the steps below:
   sha1 of the package (with sha1sum and paste the SHA1 hash as comment in the
   attachment form)
 * Download the attached and verify the MD5 hash
-* Push the new version tag (with git push --tags)
 * Update an eventual demonstration version that you run.
 * Write an announcement e-mail to the relevant mailing lists pointing to the
   release notes, and maybe to the demonstration version.
@@ -0,0 +1,82 @@
+class TrustedSitesController < AdminController
+  protect 'manage_environment_trusted_sites', :environment
+
+  def index
+    @sites = environment.trusted_sites_for_iframe
+  end
+
+  def new
+    @site = ""
+  end
+
+  def create
+    if add_trusted_site(params[:site])
+      session[:notice] = _('New trusted site added.')
+      redirect_to :action => 'index'
+    else
+      session[:notice] = _('Failed to add trusted site.')
+      render :action => 'new'
+    end
+  end
+
+  def edit
+    if is_trusted_site? params[:site]
+      @site = params[:site]
+    else
+      session[:notice] = _('Trusted site was not found')
+      redirect_to :action => 'index'
+    end
+  end
+
+  def update
+    site = params[:site]
+    orig_site = params[:orig_site]
+    if rename_trusted_site(orig_site, site)
+      redirect_to :action => 'edit', :site => @site
+    else
+      session[:notice] = _('Failed to edit trusted site.')
+      render :action => 'edit'
+    end
+  end
+
+  def destroy
+    if delete_trusted_site(params[:site])
+      session[:notice] = _('Trusted site removed')
+    else
+      session[:notice] = _('Trusted site could not be removed')
+    end
+    redirect_to :action => 'index'
+  end
+
+  protected
+  def add_trusted_site (site)
+    trusted_sites = environment.trusted_sites_for_iframe
+    trusted_sites << site
+    environment.trusted_sites_for_iframe = trusted_sites
+    environment.save
+  end
+
+  def rename_trusted_site(orig_site, site)
+    trusted_sites = environment.trusted_sites_for_iframe
+    i = trusted_sites.index orig_site
+    if i.nil?
+      return false
+    else
+      trusted_sites[i] = site
+      environment.trusted_sites_for_iframe = trusted_sites
+      environment.save
+    end
+  end
+
+
+  def delete_trusted_site (site)
+    trusted_sites = environment.trusted_sites_for_iframe
+    trusted_sites.delete site
+    environment.trusted_sites_for_iframe = trusted_sites
+    environment.save
+  end
+
+  def is_trusted_site? (site)
+    environment.trusted_sites_for_iframe.include? site
+  end
+end
@@ -6,6 +6,20 @@ class ApplicationController &lt; ActionController::Base
   before_filter :setup_multitenancy
   before_filter :detect_stuff_by_domain
   before_filter :init_noosfero_plugins
+  before_filter :allow_cross_domain_access
+
+  def allow_cross_domain_access
+    origin = request.headers['Origin']
+    return if origin.blank?
+    if environment.access_control_allow_origin.include? origin
+      response.headers["Access-Control-Allow-Origin"] = origin
+      unless environment.access_control_allow_methods.blank?
+        response.headers["Access-Control-Allow-Methods"] = environment.access_control_allow_methods
+      end
+    elsif environment.restrict_to_access_control_origins
+      render_access_denied _('Origin not in allowed.')
+    end
+  end
   include ApplicationHelper
   layout :get_layout
@@ -82,11 +96,10 @@ class ApplicationController &lt; ActionController::Base
     false
   end
-
   def user
     current_user.person if logged_in?
   end
-  
+
   alias :current_person :user
   # TODO: move this logic somewhere else (Domain class?)
@@ -104,6 +117,12 @@ class ApplicationController &lt; ActionController::Base
     else
       @environment = @domain.environment
       @profile = @domain.profile
+
+      # Check if the requested profile belongs to another domain
+      if @profile && !params[:profile].blank? && params[:profile] != @profile.identifier
+        @profile = @environment.profiles.find_by_identifier params[:profile]
+        redirect_to params.merge(:host => @profile.default_hostname)
+      end
     end
   end
@@ -156,7 +175,7 @@ class ApplicationController &lt; ActionController::Base
   def find_by_contents(asset, scope, query, paginate_options={:page => 1}, options={})
     scope = scope.send(options[:filter]) if options[:filter]
-    @plugins.first(:find_by_contents, asset, scope, query, paginate_options, options) ||
+    @plugins.dispatch_first(:find_by_contents, asset, scope, query, paginate_options, options) ||
     fallback_find_by_contents(asset, scope, query, paginate_options, options)
   end
@@ -182,7 +182,14 @@ class CmsController &lt; MyProfileController
     if request.post?
       @article.destroy
       session[:notice] = _("\"#{@article.name}\" was removed.")
-      redirect_to :action => (@article.parent ? 'view' : 'index'), :id => @article.parent
+      referer = ActionController::Routing::Routes.recognize_path URI.parse(request.referer).path rescue nil
+      if referer and referer[:controller] == 'cms'
+        redirect_to referer
+      elsif @article.parent
+        redirect_to @article.parent.url
+      else
+        redirect_to profile.url
+      end
     end
   end
@@ -26,7 +26,8 @@ class AccountController &lt; ApplicationController
   # action to perform login to the application
   def login
-    store_location(request.referer) unless session[:return_to]
+    store_location(request.referer) unless params[:return_to] or session[:return_to]
+
     return unless request.post?
     self.current_user = plugins_alternative_authentication
@@ -125,7 +126,7 @@ class AccountController &lt; ApplicationController
   def change_password
     if request.post?
       @user = current_user
-      begin 
+      begin
         @user.change_password!(params[:current_password],
                                params[:new_password],
                                params[:new_password_confirmation])
@@ -218,7 +219,7 @@ class AccountController &lt; ApplicationController
     @question = @enterprise.question
     return unless check_answer
     return unless check_acceptance_of_terms
-    
+
     activation = load_enterprise_activation
     if activation && user
       activation.requestor = user
@@ -355,7 +356,9 @@ class AccountController &lt; ApplicationController
   end
   def go_to_initial_page
-    if environment.enabled?('allow_change_of_redirection_after_login')
+    if params[:return_to]
+      redirect_to params[:return_to]
+    elsif environment.enabled?('allow_change_of_redirection_after_login')
       case user.preferred_login_redirection
         when 'keep_on_same_page'
           redirect_back_or_default(user.admin_url)
@@ -5,15 +5,14 @@ class CatalogController &lt; PublicController
   before_filter :check_enterprise_and_environment
   def index
-    @category = params[:level] ? ProductCategory.find(params[:level]) : nil
-    @products = @profile.products.from_category(@category).paginate(:order => 'available desc, highlighted desc, name asc', :per_page => 9, :page => params[:page])
-    @categories = ProductCategory.on_level(params[:level]).order(:name)
+    extend CatalogHelper
+    catalog_load_index
   end
   protected
   def check_enterprise_and_environment
-    unless @profile.kind_of?(Enterprise) && !@profile.environment.enabled?('disable_products_for_enterprises')
+    unless profile.kind_of?(Enterprise) && !profile.environment.enabled?('disable_products_for_enterprises')
       redirect_to :controller => 'profile', :profile => profile.identifier, :action => 'index'
     end
   end
@@ -0,0 +1,164 @@
+class CommentController < ApplicationController
+
+  needs_profile
+
+  before_filter :can_update?, :only => [:edit, :update]
+
+  def create
+    begin
+      @page = profile.articles.find(params[:id])
+    rescue
+      @page = nil
+    end
+
+    # page not found, give error
+    if @page.nil?
+      respond_to do |format|
+        format.js do
+           render :json => { :msg => _('Page not found.')}
+         end
+       end
+      return
+    end
+
+    unless @page.accept_comments?
+      respond_to do |format|
+        format.js do
+           render :json => { :msg => _('Comment not allowed in this article')}
+         end
+       end
+      return
+    end
+
+    @comment = Comment.new(params[:comment])
+    @comment.author = user if logged_in?
+    @comment.article = @page
+    @comment.ip_address = request.remote_ip
+    @comment.user_agent = request.user_agent
+    @comment.referrer = request.referrer
+    @plugins.dispatch(:filter_comment, @comment)
+
+    if @comment.rejected?
+      respond_to do |format|
+        format.js do
+           render :json => { :msg => _('Comment was rejected')}
+         end
+       end
+      return
+    end
+
+    if !@comment.valid? || (not pass_without_comment_captcha? and not verify_recaptcha(:model => @comment, :message => _('Please type the words correctly')))
+      respond_to do |format|
+        format.js do
+          render :json => {
+             :render_target => 'form',
+             :html => render_to_string(:partial => 'comment_form', :object => @comment, :locals => {:comment => @comment, :display_link => true, :show_form => true})
+          }
+        end
+      end
+      return
+    end
+
+    if @comment.need_moderation?
+      @comment.created_at = Time.now
+      ApproveComment.create!(:requestor => @comment.author, :target => profile, :comment_attributes => @comment.attributes.to_json)
+
+      respond_to do |format|
+        format.js do
+          render :json => { :render_target => nil, :msg => _('Your comment is waiting for approval.') }
+        end
+      end
+      return
+    end
+
+    @comment.save
+
+    respond_to do |format|
+      format.js do
+        comment_to_render = @comment.comment_root
+        render :json => { 
+            :render_target => comment_to_render.anchor,
+            :html => render_to_string(:partial => 'comment', :locals => {:comment => comment_to_render, :display_link => true}),
+            :msg => _('Comment successfully created.')
+         }
+      end
+    end
+  end
+
+  def destroy
+    comment = profile.comments_received.find(params[:id])
+
+    if comment && comment.can_be_destroyed_by?(user) && comment.destroy
+      render :text => {'ok' => true}.to_json, :content_type => 'application/json'
+    else
+      session[:notice] = _("The comment was not removed.")
+      render :text => {'ok' => false}.to_json, :content_type => 'application/json'
+    end
+  end
+
+  def mark_as_spam
+    comment = profile.comments_received.find(params[:id])
+    if comment.can_be_marked_as_spam_by?(user)
+      comment.spam!
+      render :text => {'ok' => true}.to_json, :content_type => 'application/json'
+    else
+      session[:notice] = _("You couldn't mark this comment as spam.")
+      render :text => {'ok' => false}.to_json, :content_type => 'application/json'
+    end
+  end
+
+  def edit
+    render :partial => "comment_form", :locals => {:comment => @comment, :display_link => params[:reply_of_id].present?, :edition_mode => true, :show_form => true}
+  end
+
+  def update
+    if @comment.update_attributes(params[:comment])
+      respond_to do |format|
+        format.js do
+          comment_to_render = @comment.comment_root
+          render :json => {
+            :ok => true,
+            :render_target => comment_to_render.anchor,
+            :html => render_to_string(:partial => 'comment', :locals => {:comment => comment_to_render})
+          }
+        end
+      end
+    else
+     respond_to do |format|
+       format.js do
+         render :json => {
+           :ok => false,
+           :render_target => 'form',
+           :html => render_to_string(:partial => 'comment_form', :object => @comment, :locals => {:comment => @comment, :display_link => false, :edition_mode => true, :show_form => true})
+         }
+       end
+     end
+   end
+  end
+
+  def check_actions
+    comment = profile.comments_received.find(params[:id])
+    ids = @plugins.dispatch(:check_comment_actions, comment).collect do |action|
+      action.kind_of?(Proc) ? self.instance_eval(&action) : action
+    end.flatten.compact
+    render :json => {:ids => ids}
+  end
+
+  protected
+
+  def pass_without_comment_captcha?
+    logged_in? && !environment.enabled?('captcha_for_logged_users')
+  end
+  helper_method :pass_without_comment_captcha?
+
+  def can_update?
+    begin
+      @comment = profile.comments_received.find(params[:id])
+      raise ActiveRecord::RecordNotFound unless @comment.can_be_updated_by?(user) # Not reveal that the comment exists
+    rescue ActiveRecord::RecordNotFound
+      render_not_found
+      return
+    end
+  end
+
+end
@@ -2,8 +2,6 @@ class ContentViewerController &lt; ApplicationController
   needs_profile
-  before_filter :comment_author, :only => :edit_comment
-
   helper ProfileHelper
   helper TagsHelper
@@ -70,24 +68,8 @@ class ContentViewerController &lt; ApplicationController
     @form_div = params[:form]
-    if params[:comment] && params[:confirm] == 'true'
-      @comment = Comment.new(params[:comment])
-      if request.post? && @page.accept_comments?
-        add_comment
-      end
-    else
-      @comment = Comment.new
-    end
-
-    if request.post?
-      if params[:remove_comment]
-        remove_comment
-        return
-      elsif params[:mark_comment_as_spam]
-        mark_comment_as_spam
-        return
-      end
-    end
+    #FIXME see a better way to do this. It's not need to pass this variable anymore
+    @comment = Comment.new
     if @page.has_posts?
       posts = if params[:year] and params[:month]
@@ -117,89 +99,18 @@ class ContentViewerController &lt; ApplicationController
       end
     end
-    comments = @page.comments.without_spam
-    @comments = comments.as_thread
-    @comments_count = comments.count
+    @comments = @page.comments.without_spam
+    @comments_count = @comments.count
+    @comments = @plugins.filter(:unavailable_comments, @comments.without_reply)
+    @comments = @comments.paginate(:per_page => per_page, :page => params[:comment_page] )
+
     if params[:slideshow]
       render :action => 'slideshow', :layout => 'slideshow'
     end
   end
-  def edit_comment
-    path = params[:page].join('/')
-    @page = profile.articles.find_by_path(path)
-    @form_div = 'opened'
-    @comment = @page.comments.find_by_id(params[:id])
-    if @comment
-      if request.post?
-        begin
-          @comment.update_attributes(params[:comment])
-          session[:notice] = _('Comment succesfully updated')
-          redirect_to :action => 'view_page', :profile => profile.identifier, :page => @comment.article.explode_path
-        rescue
-          session[:notice] = _('Comment could not be updated')
-        end
-      end
-    else
-      redirect_to @page.view_url
-      session[:notice] = _('Could not find the comment in the article')
-    end
-  end
-
   protected
-  def add_comment
-    @comment.author = user if logged_in?
-    @comment.article = @page
-    @comment.ip_address = request.remote_ip
-    @comment.user_agent = request.user_agent
-    @comment.referrer = request.referrer
-    plugins_filter_comment(@comment)
-    return if @comment.rejected?
-    if (pass_without_comment_captcha? || verify_recaptcha(:model => @comment, :message => _('Please type the words correctly'))) && @comment.save
-      @page.touch
-      @comment = nil # clear the comment form
-      redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
-    else
-      @form_div = 'opened' if params[:comment][:reply_of_id].blank?
-    end
-  end
-
-  def plugins_filter_comment(comment)
-    @plugins.each do |plugin|
-      plugin.filter_comment(comment)
-    end
-  end
-
-  def pass_without_comment_captcha?
-    logged_in? && !environment.enabled?('captcha_for_logged_users')
-  end
-  helper_method :pass_without_comment_captcha?
-
-  def remove_comment
-    @comment = @page.comments.find(params[:remove_comment])
-    if (user == @comment.author || user == @page.profile || user.has_permission?(:moderate_comments, @page.profile))
-      @comment.destroy
-    end
-    finish_comment_handling
-  end
-
-  def mark_comment_as_spam
-    @comment = @page.comments.find(params[:mark_comment_as_spam])
-    if logged_in? && (user == @page.profile || user.has_permission?(:moderate_comments, @page.profile))
-      @comment.spam!
-    end
-    finish_comment_handling
-  end
-
-  def finish_comment_handling
-    if request.xhr?
-      render :text => {'ok' => true}.to_json, :content_type => 'application/json'
-    else
-      redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
-    end
-  end
-
   def per_page
     12
   end
@@ -223,13 +134,9 @@ class ContentViewerController &lt; ApplicationController
     end
   end
-  def comment_author
-    comment = Comment.find_by_id(params[:id])
-    if comment
-      render_access_denied if comment.author.blank? || comment.author != user
-    else
-      render_not_found
-    end
+  def pass_without_comment_captcha?
+    logged_in? && !environment.enabled?('captcha_for_logged_users')
   end
+  helper_method :pass_without_comment_captcha?
 end
@@ -278,7 +278,7 @@ class ProfileController &lt; PublicController
   end
   def register_report
-    if !verify_recaptcha
+    unless user.is_admin? || verify_recaptcha
       render :text => {
         :ok => false,
         :error => {
@@ -32,6 +32,8 @@ module ApplicationHelper
   include AccountHelper
+  include CommentHelper
+
   include BlogHelper
   include ContentViewerHelper
@@ -956,10 +958,7 @@ module ApplicationHelper
     options.merge!(:page => params[:npage])
     content = article.to_html(options)
     content = content.kind_of?(Proc) ? self.instance_eval(&content).html_safe : content.html_safe
-    @plugins && @plugins.each do |plugin|
-      content = plugin.parse_content(content)
-    end
-    content
+    filter_html(content, article)
   end
   # Please, use link_to by default!
@@ -1357,10 +1356,7 @@ module ApplicationHelper
     options[:on_ready] ||= 'null'
     result = text_field_tag(name, nil, text_field_options.merge(html_options.merge({:id => element_id})))
-    result +=
-    "
-    <script type='text/javascript'>
-      jQuery('##{element_id}')
+    result += javascript_tag("jQuery('##{element_id}')
       .tokenInput('#{url_for(search_action)}', {
         minChars: #{options[:min_chars].to_json},
         prePopulate: #{options[:pre_populate].to_json},
@@ -1376,16 +1372,15 @@ module ApplicationHelper
         onAdd: #{options[:on_add]},
         onDelete: #{options[:on_delete]},
         onReady: #{options[:on_ready]},
-      })
-    "
-    result += options[:focus] ? ".focus();" : ";"
+      });
+    ")
+    result += javascript_tag("jQuery('##{element_id}').focus();") if options[:focus]
     if options[:avoid_enter]
-      result += "jQuery('#token-input-#{element_id}')
+      result += javascript_tag("jQuery('#token-input-#{element_id}')
                     .live('keydown', function(event){
                     if(event.keyCode == '13') return false;
-                  });"
+                    });")
     end
-    result += "</script>"
     result
   end
@@ -1396,12 +1391,12 @@ module ApplicationHelper
   end
   def expirable_button(content, action, text, url, options = {})
-    options[:class] = "button with-text icon-#{action.to_s}"
+    options[:class] = ["button with-text icon-#{action.to_s}", options[:class]].compact.join(' ')
     expirable_content_reference content, action, text, url, options
   end
   def expirable_comment_link(content, action, text, url, options = {})
-    options[:class] = "comment-footer comment-footer-link comment-footer-hide"
+    options[:class] = ["comment-footer comment-footer-link comment-footer-hide", options[:class]].compact.join(' ')
     expirable_content_reference content, action, text, url, options
   end
@@ -1440,6 +1435,29 @@ module ApplicationHelper
     @no_design_blocks = true
   end
+  def filter_html(html, source)
+    if @plugins
+      html = convert_macro(html, source)
+      #TODO This parse should be done through the macro infra, but since there
+      #     are old things that do not support it we are keeping this hot spot.
+      html = @plugins.pipeline(:parse_content, html, source).first
+    end
+    html
+  end
+
+  def convert_macro(html, source)
+    doc = Hpricot(html)
+    #TODO This way is more efficient but do not support macro inside of
+    #     macro. You must parse them from the inside-out in order to enable
+    #     that.
+    doc.search('.macro').each do |macro|
+      macro_name = macro['data-macro']
+      result = @plugins.parse_macro(macro_name, macro, source)
+      macro.inner_html = result.kind_of?(Proc) ? self.instance_eval(&result) : result
+    end
+    doc.html
+  end
+
   def default_folder_for_image_upload(profile)
     default_folder = profile.folders.find_by_type('Gallery')
     default_folder = profile.folders.find_by_type('Folder') if default_folder.nil?
@@ -35,7 +35,13 @@ module ArticleHelper
         'div',
         check_box(:article, :notify_comments) +
         content_tag('label', _('I want to receive a notification of each comment written by e-mail'), :for => 'article_notify_comments') +
-        observe_field(:article_accept_comments, :function => "$('article_notify_comments').disabled = ! $('article_accept_comments').checked") 
+        observe_field(:article_accept_comments, :function => "$('article_notify_comments').disabled = ! $('article_accept_comments').checked;$('article_moderate_comments').disabled = ! $('article_accept_comments').checked") 
+      ) +
+
+      content_tag(
+        'div',
+        check_box(:article, :moderate_comments) +
+        content_tag('label', _('I want to approve comments on this article'), :for => 'article_moderate_comments')
       ) +
       (article.can_display_hits? ?
@@ -99,8 +99,8 @@ module BoxesHelper
     unless block.visible?
       options[:title] = _("This block is invisible. Your visitors will not see it.")
     end
-    controller.send(:content_editor?) || @plugins.each do |plugin|
-      result = plugin.parse_content(result)
+    if @controller.send(:content_editor?)
+      result = filter_html(result, block)
     end
     box_decorator.block_target(block.box, block) +
       content_tag('div',
@@ -3,9 +3,18 @@ module CatalogHelper
   include DisplayHelper
   include ManageProductsHelper
+  def catalog_load_index options = {:page => params[:page], :show_categories => true}
+    if options[:show_categories]
+      @category = params[:level] ? ProductCategory.find(params[:level]) : nil
+      @categories = ProductCategory.on_level(params[:level]).order(:name)
+    end
+
+    @products = profile.products.from_category(@category).paginate(:order => 'available desc, highlighted desc, name asc', :per_page => 9, :page => options[:page])
+  end
+
   def breadcrumb(category)
-    start = link_to(_('Start'), {:action => 'index'})
-    ancestors = category.ancestors.map { |c| link_to(c.name, {:action => 'index', :level => c.id}) }.reverse
+    start = link_to(_('Start'), {:controller => :catalog, :action => 'index'})
+    ancestors = category.ancestors.map { |c| link_to(c.name, {:controller => :catalog, :action => 'index', :level => c.id}) }.reverse
     current_level = content_tag('strong', category.name)
     all_items = [start] + ancestors + [current_level]
     content_tag('div', all_items.join(' &rarr; '), :id => 'breadcrumb')
@@ -15,7 +24,7 @@ module CatalogHelper
     count = profile.products.from_category(category).count
     name = truncate(category.name, :length => 22 - count.to_s.size)
     link_name = sub ? name : content_tag('strong', name)
-    link = link_to(link_name, {:action => 'index', :level => category.id}, :title => category.name)
+    link = link_to(link_name, {:controller => :catalog, :action => 'index', :level => category.id}, :title => category.name)
     content_tag('li', "#{link} (#{count})") if count > 0
   end
@@ -0,0 +1,70 @@
+module CommentHelper
+
+  def article_title(article, args = {})
+    title = article.title
+    title = article.display_title if article.kind_of?(UploadedFile) && article.image?
+    title = content_tag('h1', h(title), :class => 'title')
+    if article.belongs_to_blog?
+      unless args[:no_link]
+        title = content_tag('h1', link_to(article.name, article.url), :class => 'title')
+      end
+      comments = ''
+      unless args[:no_comments] || !article.accept_comments
+        comments = (" - %s") % link_to_comments(article)
+      end
+      title << content_tag('span',
+        content_tag('span', show_date(article.published_at), :class => 'date') +
+        content_tag('span', [_(", by %s") % link_to(article.author_name, article.author_url)], :class => 'author') +
+        content_tag('span', comments, :class => 'comments'),
+        :class => 'created-at'
+      )
+    end
+    title
+  end
+
+  def comment_actions(comment)
+    url = url_for(:profile => profile.identifier, :controller => :comment, :action => :check_actions, :id => comment.id)
+    links = links_for_comment_actions(comment)
+    content_tag(:li, link_to(content_tag(:span, _('Contents menu')), '#', :onclick => "toggleSubmenu(this,'',#{links.to_json}); return false", :class => 'menu-submenu-trigger comment-trigger', :url => url), :class=> 'vcard') unless links.empty?
+  end
+
+  private
+
+  def links_for_comment_actions(comment)
+    actions = [link_for_report_abuse(comment), link_for_spam(comment), link_for_edit(comment), link_for_remove(comment)]
+    @plugins.dispatch(:comment_actions, comment).collect do |action|
+      actions << (action.kind_of?(Proc) ? self.instance_eval(&action) : action)
+    end
+    actions.flatten.compact
+  end
+
+  def link_for_report_abuse(comment)
+    if comment.author
+      report_abuse_link = report_abuse(comment.author, :comment_link, comment)
+      {:link => report_abuse_link} if report_abuse_link
+    end
+  end
+
+  def link_for_spam(comment)
+    if comment.can_be_marked_as_spam_by?(user)
+      if comment.spam?
+        {:link => link_to_function(_('Mark as NOT SPAM'), 'remove_comment(this, %s); return false;' % url_for(:profile => profile.identifier, :mark_comment_as_ham => comment.id).to_json, :class => 'comment-footer comment-footer-link comment-footer-hide')}
+      else
+        {:link => link_to_function(_('Mark as SPAM'), 'remove_comment(this, %s, %s); return false;' % [url_for(:profile => profile.identifier, :controller => 'comment', :action => :mark_as_spam, :id => comment.id).to_json, _('Are you sure you want to mark this comment as SPAM?').to_json], :class => 'comment-footer comment-footer-link comment-footer-hide')}
+      end
+    end
+  end
+
+  def link_for_edit(comment)
+    if comment.can_be_updated_by?(user)
+      {:link => expirable_comment_link(comment, :edit, _('Edit'), url_for(:profile => profile.identifier, :controller => :comment, :action => :edit, :id => comment.id),:class => 'colorbox')}
+    end
+  end
+
+  def link_for_remove(comment)
+    if comment.can_be_destroyed_by?(user)
+      {:link => link_to_function(_('Remove'), 'remove_comment(this, %s, %s); return false ;' % [url_for(:profile => profile.identifier, :controller => 'comment', :action => :destroy, :id => comment.id).to_json, _('Are you sure you want to remove this comment and all its replies?').to_json], :class => 'comment-footer comment-footer-link comment-footer-hide remove-children')}
+    end
+  end
+
+end
@@ -3,13 +3,14 @@ module ContentViewerHelper
   include BlogHelper
   include ForumHelper
+  def display_number_of_comments(n)
+    base_str = "<span class='comment-count hide'>#{n}</span>"
+    amount_str = n == 0 ? _('no comments yet') : (n == 1 ? _('One comment') : _('%s comments') % n)
+    base_str + "<span class='comment-count-write-out'>#{amount_str}</span>"
+  end
+
   def number_of_comments(article)
-    n = article.comments.without_spam.count
-    if n == 0
-     _('No comments yet')
-    else
-     n_('One comment', '<span class="comment-count">%{comments}</span> comments', n) % { :comments => n }
-    end
+    display_number_of_comments(article.comments.without_spam.count)
   end
   def article_title(article, args = {})
@@ -244,7 +244,7 @@ module FormsHelper
         yearSuffix: #{datepicker_options[:year_suffix].to_json}
       })
     </script>
-    "
+    ".html_safe
     result
   end
@@ -29,9 +29,9 @@ module ForumHelper
       css_add << 'not-published' if !art.published?
       css_add << position
       content << content_tag('tr',
-                             content_tag('td', link_to(art.title, art.url)) +
-                             content_tag('td', link_to(art.comments.count, art.url.merge(:anchor => 'comments_list'))) +
-                             content_tag('td', last_topic_update(art)),
+                             content_tag('td', link_to(art.title, art.url), :class => "forum-post-title") +
+                             content_tag('td', link_to(art.comments.count, art.url.merge(:anchor => 'comments_list')), :class => "forum-post-answers") +
+                             content_tag('td', last_topic_update(art), :class => "forum-post-last-answer"),
                              :class => 'forum-post ' + css_add.join(' '),
                              :id => "post-#{art.id}"
                             )
@@ -84,5 +84,11 @@ module LayoutHelper
     theme_path + '/style.css'
   end
+  def addthis_javascript
+    if NOOSFERO_CONF['addthis_enabled']
+      '<script src="http://s7.addthis.com/js/152/addthis_widget.js"></script>'
+    end
+  end
+
 end
@@ -0,0 +1,92 @@
+module MacrosHelper
+
+  def macros_in_menu
+    @plugins.dispatch(:macros).reject{ |macro| macro.configuration[:icon_path] }
+  end
+
+  def macros_with_buttons
+    @plugins.dispatch(:macros).reject{ |macro| !macro.configuration[:icon_path] }
+  end
+
+  def macro_title(macro)
+    macro.configuration[:title] || macro.name.humanize
+  end
+
+  def generate_macro_config_dialog(macro)
+    if macro.configuration[:skip_dialog]
+      "function(){#{macro_generator(macro)}}"
+    else
+      "function(){
+        jQuery('<div>'+#{macro_configuration_dialog(macro).to_json}+'</div>').dialog({
+          title: #{macro_title(macro).to_json},
+          modal: true,
+          buttons: [
+            {text: #{_('Ok').to_json}, click: function(){
+              tinyMCE.activeEditor.execCommand('mceInsertContent', false,
+              (function(dialog){ #{macro_generator(macro)} })(this));
+              jQuery(this).dialog('close');
+            }},
+            {text: #{_('Cancel').to_json}, click: function(){jQuery(this).dialog('close');}}
+          ]
+        });
+      }"
+    end
+  end
+
+  def include_macro_js_files
+    plugins_javascripts = []
+    @plugins.dispatch(:macros).map do |macro|
+      if macro.configuration[:js_files]
+        macro.configuration[:js_files].map { |js| plugins_javascripts << macro.plugin.public_path(js) }
+      end
+    end
+    javascript_include_tag(plugins_javascripts, :cache => 'cache/plugins-' + Digest::MD5.hexdigest(plugins_javascripts.to_s)) unless plugins_javascripts.empty?
+  end
+
+  def macro_css_files
+    plugins_css = []
+    @plugins.dispatch(:macros).map do |macro|
+      if macro.configuration[:css_files]
+        macro.configuration[:css_files].map { |css| plugins_css << macro.plugin.public_path(css) }
+      end
+    end
+    plugins_css.join(',')
+  end
+
+  protected
+
+  def macro_generator(macro)
+    if macro.configuration[:generator]
+      macro.configuration[:generator]
+    else
+      macro_default_generator(macro)
+    end
+
+  end
+
+  def macro_default_generator(macro)
+    code = "var params = {};"
+    configuration = macro_configuration(macro)
+    configuration[:params].map do |field|
+      code += "params.#{field[:name]} = jQuery('*[name=#{field[:name]}]', dialog).val();"
+    end
+    code + "
+      var html = jQuery('<div class=\"macro mceNonEditable\" data-macro=\"#{macro.identifier}\">'+#{macro_title(macro).to_json}+'</div>')[0];
+      for(key in params) html.setAttribute('data-macro-'+key,params[key]);
+      return html.outerHTML;
+    "
+  end
+
+  def macro_configuration_dialog(macro)
+    macro.configuration[:params].map do |field|
+      label_name = field[:label] || field[:name].to_s.humanize
+      case field[:type]
+      when 'text'
+        labelled_form_field(label_name, text_field_tag(field[:name], field[:default]))
+      when 'select'
+        labelled_form_field(label_name, select_tag(field[:name], options_for_select(field[:values], field[:default])))
+      end
+    end.join("\n")
+  end
+
+end
@@ -0,0 +1,104 @@
+class ApproveComment < Task
+  validates_presence_of :target_id
+
+  settings_items :comment_attributes, :closing_statment
+
+  validates_presence_of :comment_attributes
+
+  def comment
+    @comment ||= Comment.new(JSON.parse(self.comment_attributes)) unless self.comment_attributes.nil?
+  end
+
+  def requestor_name
+    requestor ? requestor.name : (comment.name || _('Anonymous'))
+  end
+
+  def article
+    Article.find_by_id comment.source_id unless self.comment.nil?
+  end
+
+  def article_name
+    article ? article.name : _("Article removed.")
+  end
+
+  def perform
+    comment.save!
+  end
+
+  def title
+    _("New comment to article")
+  end
+
+  def icon
+    result = {:type => :defined_image, :src => '/images/icons-app/article-minor.png'}
+    result.merge!({:url => article.url}) if article
+    result
+  end
+
+  def linked_subject
+    {:text => article_name, :url => article.url} if article
+  end
+
+  def information
+    if article
+      if requestor
+        {:message => _('%{requestor} commented on the the article: %{linked_subject}.')}
+      else
+        { :message => _('%{requestor} commented on the the article: %{linked_subject}.'),
+          :variables => {:requestor => requestor_name} }
+      end
+    else
+      {:message => _("The article was removed.")}
+    end
+  end
+
+  def accept_details
+    true
+  end
+
+  def reject_details
+    true
+  end
+
+  def default_decision
+    if article
+      'skip'
+    else
+      'reject'
+    end
+  end
+
+  def accept_disabled?
+    article.blank?
+  end
+
+  def target_notification_description
+    if article
+      _('%{requestor} wants to comment the article: %{article}.') % {:requestor => requestor_name, :article => article.name}
+    else
+      _('%{requestor} wanted to comment the article but it was removed.') % {:requestor => requestor_name}
+    end
+  end
+
+  def target_notification_message
+    target_notification_description + "\n\n" +
+    _('You need to login on %{system} in order to approve or reject this comment.') % { :system => target.environment.name }
+  end
+
+  def task_finished_message
+    if !closing_statment.blank?
+      _("Your comment to the article \"%{article}\" was approved. Here is the comment left by the admin who approved your comment:\n\n%{comment} ") % {:article => article_name, :comment => closing_statment}
+    else
+      _('Your request for comment the article "%{article}" was approved.') % {:article => article_name}
+    end
+  end
+
+  def task_cancelled_message
+    message = _('Your request for commenting the article "%{article}" was rejected.') % {:article => article_name}
+    if !reject_explanation.blank?
+      message += " " + _("Here is the reject explanation left by the administrator who rejected your comment: \n\n%{reject_explanation}") % {:reject_explanation => reject_explanation}
+    end
+    message
+  end
+
+end
@@ -67,6 +67,7 @@ class Article &lt; ActiveRecord::Base
   settings_items :display_hits, :type => :boolean, :default => true
   settings_items :author_name, :type => :string, :default => ""
   settings_items :allow_members_to_edit, :type => :boolean, :default => false
+  settings_items :moderate_comments, :type => :boolean, :default => false
   settings_items :followers, :type => Array, :default => []
   belongs_to :reference_article, :class_name => "Article", :foreign_key => 'reference_article_id'
@@ -329,6 +330,14 @@ class Article &lt; ActiveRecord::Base
     @view_url ||= image? ? url.merge(:view => true) : url
   end
+  def comment_url_structure(comment, action = :edit)
+    if comment.new_record?
+      profile.url.merge(:page => path.split("/"), :controller => :comment, :action => :create)
+    else
+      profile.url.merge(:page => path.split("/"), :controller => :comment, :action => action || :edit, :id => comment.id)
+    end
+  end
+
   def allow_children?
     true
   end
@@ -491,6 +500,14 @@ class Article &lt; ActiveRecord::Base
     allow_post_content?(user) || user && allow_members_to_edit && user.is_member_of?(profile)
   end
+  def moderate_comments?
+    moderate_comments == true
+  end
+
+  def comments_updated
+    solr_save
+  end
+
   def accept_category?(cat)
     !cat.is_a?(ProductCategory)
   end
@@ -597,7 +614,7 @@ class Article &lt; ActiveRecord::Base
   end
   def lead
-    abstract.blank? ? first_paragraph : abstract
+    abstract.blank? ? first_paragraph.html_safe : abstract.html_safe
   end
   def short_lead
 class Blog < Folder
   acts_as_having_posts
+  include PostsLimit
   #FIXME This should be used until there is a migration to fix all blogs that
   # already have folders inside them
@@ -81,4 +82,8 @@ class Blog &lt; Folder
     posts.empty?
   end
+  def last_posts(limit=3)
+    posts.where("type != 'RssFeed'").order(:updated_at).limit(limit)
+  end
+
 end
@@ -21,18 +21,22 @@ class BlogArchivesBlock &lt; Block
   end
   def visible_posts(person)
-    blog.posts.native_translations.select {|post| post.display_to?(person)}
+    #FIXME Performance issues with display_to. Must convert it to a scope.
+    # Checkout this page for further information: http://noosfero.org/Development/ActionItem2705
+    blog.posts.published.native_translations #.select {|post| post.display_to?(person)}
   end
   def content(args={})
     owner_blog = self.blog
     return nil unless owner_blog
     results = ''
-    visible_posts(args[:person]).group_by {|i| i.published_at.year }.sort_by { |year,count| -year }.each do |year, results_by_year|
-      results << content_tag('li', content_tag('strong', "#{year} (#{results_by_year.size})"))
+    posts = visible_posts(args[:person])
+    posts.count(:all, :group => 'EXTRACT(YEAR FROM published_at)').sort_by {|year, count| -year.to_i}.each do |year, count|
+      results << content_tag('li', content_tag('strong', "#{year} (#{count})"))
       results << "<ul class='#{year}-archive'>"
-      results_by_year.group_by{|i| [ ('%02d' % i.published_at.month()), gettext(MONTHS[i.published_at.month() - 1])]}.sort.reverse.each do |month, results_by_month|
-        results << content_tag('li', link_to("#{month[1]} (#{results_by_month.size})", owner_blog.url.merge(:year => year, :month => month[0])))
+      posts.count(:all, :conditions => ['EXTRACT(YEAR FROM published_at)=?', year], :group => 'EXTRACT(MONTH FROM published_at)').sort_by {|month, count| -month.to_i}.each do |month, count|
+        month_name = gettext(MONTHS[month.to_i - 1])
+        results << content_tag('li', link_to("#{month_name} (#{count})", owner_blog.url.merge(:year => year, :month => month)))
       end
       results << "</ul>"
     end
@@ -17,6 +17,7 @@ class Comment &lt; ActiveRecord::Base
   belongs_to :reply_of, :class_name => 'Comment', :foreign_key => 'reply_of_id'
   scope :without_spam, :conditions => ['spam IS NULL OR spam = ?', false]
+  scope :without_reply, :conditions => ['reply_of_id IS NULL']
   scope :spam, :conditions => ['spam = ?', true]
   # unauthenticated authors:
@@ -34,7 +35,9 @@ class Comment &lt; ActiveRecord::Base
   xss_terminate :only => [ :body, :title, :name ], :on => 'validation'
-  delegate :environment, :to => :source
+  def comment_root
+    (reply_of && reply_of.comment_root) || self
+  end
   def action_tracker_target
     self.article.profile
@@ -150,21 +153,6 @@ class Comment &lt; ActiveRecord::Base
     @replies = comments_list
   end
-  def self.as_thread
-    result = {}
-    root = []
-    order(:id).each do |c|
-      c.replies = []
-      result[c.id] ||= c
-      if result[c.reply_of_id]
-        result[c.reply_of_id].replies << c
-      else
-        root << c
-      end
-    end
-    root
-  end
-
   include ApplicationHelper
   def reported_version(options = {})
     comment = self
@@ -248,4 +236,22 @@ class Comment &lt; ActiveRecord::Base
     plugins.dispatch(:comment_marked_as_ham, self)
   end
+  def need_moderation?
+    article.moderate_comments? && (author.nil? || article.author != author)
+  end
+
+  def can_be_destroyed_by?(user)
+    return if user.nil?
+    user == author || user == profile || user.has_permission?(:moderate_comments, profile)
+  end
+
+  def can_be_marked_as_spam_by?(user)
+    return if user.nil?
+    user == profile || user.has_permission?(:moderate_comments, profile)
+  end
+
+  def can_be_updated_by?(user)
+    user.present? && user == author
+  end
+
 end
@@ -20,7 +20,8 @@ class EnterpriseHomepage &lt; Article
     enterprise_homepage = self
     lambda do
       extend EnterpriseHomepageHelper
-      @products = profile.products.paginate(:order => 'id asc', :per_page => 9, :page => 1)
+      extend CatalogHelper
+      catalog_load_index :page => 1, :show_categories => false
       render :partial => 'content_viewer/enterprise_homepage', :object => enterprise_homepage
     end
   end
@@ -28,6 +28,7 @@ class Environment &lt; ActiveRecord::Base
     'manage_environment_users' => N_('Manage environment users'),
     'manage_environment_templates' => N_('Manage environment templates'),
     'manage_environment_licenses' => N_('Manage environment licenses'),
+    'manage_environment_trusted_sites' => N_('Manage environment trusted sites')
   }
   module Roles
@@ -270,6 +271,13 @@ class Environment &lt; ActiveRecord::Base
   settings_items :search_hints, :type => Hash, :default => {}
+  # Set to return http forbidden to host not on the allow origin list bellow
+  settings_items :restrict_to_access_control_origins, :default => false
+  # Set this according to http://www.w3.org/TR/cors/. Headers are set at every response
+  # For multiple domains acts as suggested in http://stackoverflow.com/questions/1653308/access-control-allow-origin-multiple-origin-domains
+  settings_items :access_control_allow_origin, :type => Array
+  settings_items :access_control_allow_methods, :type => String
+
   def news_amount_by_folder=(amount)
     settings[:news_amount_by_folder] = amount.to_i
   end
@@ -16,7 +16,6 @@ class Event &lt; Article
     maybe_add_http(self.setting[:link])
   end
-  xss_terminate :only => [ :link ], :on => 'validation'
   xss_terminate :only => [ :body, :link, :address ], :with => 'white_list', :on => 'validation'
   def initialize(*args)
 class Forum < Folder
   acts_as_having_posts :order => 'updated_at DESC'
+  include PostsLimit
   def self.type_name
     _('Forum')
@@ -15,6 +15,10 @@ class LayoutTemplate
     @id = id
   end
+  def name
+    @config['name']
+  end
+
   def title
     @config['title']
   end
@@ -0,0 +1,21 @@
+module PostsLimit
+  module ClassMethods
+    def posts_per_page_limit
+      15
+    end
+
+    def posts_per_page_options
+      [5, 10, 15]
+    end
+  end
+
+  def self.included(klass)
+    klass.send(:extend, PostsLimit::ClassMethods)
+    klass.class_eval do
+      def posts_per_page_with_limit
+        [self.class.posts_per_page_limit, posts_per_page_without_limit].min
+      end
+      alias_method_chain :posts_per_page, :limit
+    end
+  end
+end
@@ -74,7 +74,7 @@ class Task &lt; ActiveRecord::Base
   end
   def self.all_types
-    %w[Invitation EnterpriseActivation AddMember Ticket SuggestArticle  AddFriend CreateCommunity AbuseComplaint ApproveArticle CreateEnterprise ChangePassword EmailActivation InviteFriend InviteMember]
+    %w[Invitation EnterpriseActivation AddMember Ticket SuggestArticle  AddFriend CreateCommunity AbuseComplaint ApproveComment ApproveArticle CreateEnterprise ChangePassword EmailActivation InviteFriend InviteMember]
   end
   # this method finished the task. It calls #perform, which must be overriden
@@ -312,7 +312,8 @@ class User &lt; ActiveRecord::Base
       'email_domain' => self.enable_email ? self.email_domain : nil,
       'friends_list' => friends_list,
       'enterprises' => enterprises,
-      'amount_of_friends' => friends_list.count
+      'amount_of_friends' => friends_list.count,
+      'chat_enabled' => person.environment.enabled?('xmpp_chat')
     }
   end
@@ -9,6 +9,7 @@
   <tr><td><%= link_to _('Sideboxes'), :controller => 'environment_design'%></td></tr>
   <tr><td><%= link_to _('Homepage'), :action => 'set_portal_community' %></td></tr>
   <tr><td><%= link_to _('Licenses'), :controller =>'licenses' %></td></tr>
+  <tr><td><%= link_to _('Trusted sites'), :controller =>'trusted_sites' %></td></tr>
 </table>
 <h2><%= _('Profiles') %></h2>
@@ -3,26 +3,28 @@
 <h1><%= _('Products/Services') %></h1>
-<%= breadcrumb(@category) if params[:level] %>
-
-<div class='l-sidebar-left-bar'>
-  <ul>
-    <%= content_tag('li', link_to(_('Homepage'), profile.url), :class => 'catalog-categories-link') %>
-    <%= content_tag('li', link_to(_('Catalog start'), profile.catalog_url), :class => 'catalog-categories-link') %>
-    <% if @categories.present? %>
-      <% @categories.each do |category| %>
-        <%= category_link(category) %>
-        <%= category_sub_links(category) %>
+<% if @categories %>
+  <%= breadcrumb(@category) if params[:level] %>
+
+  <div class='l-sidebar-left-bar'>
+    <ul>
+      <%= content_tag('li', link_to(_('Homepage'), profile.url), :class => 'catalog-categories-link') %>
+      <%= content_tag('li', link_to(_('Catalog start'), profile.catalog_url), :class => 'catalog-categories-link') %>
+      <% if @categories.present? %>
+        <% @categories.each do |category| %>
+          <%= category_link(category) %>
+          <%= category_sub_links(category) %>
+        <% end %>
+      <% elsif @category.present? %>
+        <%= content_tag('li', _('There are no sub-categories for %s') % @category.name, :id => 'catalog-categories-notice') %>
+      <% else %>
+        <%= content_tag('li', _('There are no categories available.'), :id => 'catalog-categories-notice') %>
       <% end %>
-    <% elsif @category.present? %>
-      <%= content_tag('li', _('There are no sub-categories for %s') % @category.name, :id => 'catalog-categories-notice') %>
-    <% else %>
-      <%= content_tag('li', _('There are no categories available.'), :id => 'catalog-categories-notice') %>
-    <% end %>
-  </ul>
-</div>
-
-<ul id="product-list" class="l-sidebar-left-content">
+    </ul>
+  </div>
+<% end %>
+
+<ul id="product-list" class="<%="l-sidebar-left-content" if @categories %>">
   <% @products.each do |product| %>
     <% extra_content = @plugins.dispatch(:catalog_item_extras, product).collect { |content| instance_eval(&content) } %>
     <% extra_content_list = @plugins.dispatch(:catalog_list_item_extras, product).collect { |content| instance_eval(&content) } %>
@@ -56,7 +56,7 @@
 <%= labelled_form_field(_('How to display posts:'), f.select(:visualization_format, [ [ _('Full post'), 'full'], [ _('First paragraph'), 'short'] ])) %>
-<%= labelled_form_field(_('Posts per page:'), f.select(:posts_per_page, [5, 10, 20, 50, 100])) %>
+<%= labelled_form_field(_('Posts per page:'), f.select(:posts_per_page, Blog.posts_per_page_options)) %>
 <%= labelled_check_box(_("List only translated posts"), 'article[display_posts_in_current_language]', '1', @article.display_posts_in_current_language?) %>
@@ -10,4 +10,4 @@
 <%= labelled_form_field(_('Description:'), text_area(:article, :body, :cols => 64, :rows => 10)) %>
-<%= labelled_form_field(_('Posts per page:'), f.select(:posts_per_page, [5, 10, 20, 50, 100])) %>
+<%= labelled_form_field(_('Posts per page:'), f.select(:posts_per_page, Forum.posts_per_page_options)) %>
@@ -0,0 +1,85 @@
+<li id="<%= comment.anchor %>" class="article-comment">
+  <div class="article-comment-inner">
+
+  <div class="comment-content comment-logged-<%= comment.author ? 'in' : 'out' %> <%= 'comment-from-owner' if ( comment.author && (profile == comment.author) ) %>">
+
+  <% if comment.author %>
+    <%= link_to image_tag(profile_icon(comment.author, :minor)) +
+                content_tag('span', comment.author_name, :class => 'comment-info'),
+        comment.author.url,
+        :class => 'comment-picture',
+        :title => comment.author_name
+    %>
+  <% else %>
+    <% url_image, status_class = comment.author_id ?
+       [comment.removed_user_image, 'icon-user-removed'] :
+       [str_gravatar_url_for( comment.email, :size => 50, :d=>404 ), 'icon-user-unknown'] %>
+
+    <%= link_to(
+          image_tag(url_image, :onerror=>'gravatarCommentFailback(this)',
+                   'data-gravatar'=>str_gravatar_url_for(comment.email, :size=>50)) +
+          content_tag('span', comment.author_name, :class => 'comment-info') +
+          content_tag('span', comment.message,
+                             :class => 'comment-user-status ' + status_class),
+        gravatar_profile_url(comment.email),
+        :target => '_blank',
+        :class => 'comment-picture',
+        :title => '%s %s' % [comment.author_name, comment.message]
+    )%>
+  <% end %>
+
+  <% comment_balloon do %>
+
+    <div class="comment-details">
+      <div class="comment-header">
+        <ul>
+          <div class="comment-actions">
+            <%= comment_actions(comment) %>
+          </div>
+        </ul>
+      <% unless comment.spam? %>
+        <%= link_to_function '',
+          "var f = add_comment_reply_form(this, %s); f.find('comment_title, textarea').val(''); return false" % comment.id,
+          :class => 'comment-footer comment-footer-link comment-footer-hide comment-actions-reply button',
+          :id => 'comment-reply-to-' + comment.id.to_s,
+          :title => _('Reply')
+        %>
+      <% end %>
+      </div>
+
+      <div class="comment-created-at">
+        <%= show_time(comment.created_at) %>
+      </div>
+      <h4><%= comment.title.blank? && '&nbsp;' || comment.title %></h4>
+      <div class="comment-text">
+        <p/>
+        <%= txt2html comment.body %>
+      </div>
+    </div>
+
+    <div class="comment_reply post_comment_box closed" id="comment_reply_to_<%= comment.id %>">
+      <% if @comment && @comment.errors.any? && @comment.reply_of_id.to_i == comment.id %>
+        <%= error_messages_for :comment %>
+        <script type="text/javascript">
+          jQuery(function() {
+            document.location.href = '#<%= comment.anchor %>';
+            add_comment_reply_form('#comment-reply-to-<%= comment.id %>', <%= comment.id %>);
+          });
+        </script>
+      <% end %>
+    </div>
+
+  <% end %>
+
+  </div>
+
+  <% unless comment.replies.blank? || comment.spam? %>
+  <ul class="comment-replies">
+    <% comment.replies.each do |reply| %>
+      <%= render :partial => 'comment/comment', :locals => { :comment => reply } %>
+    <% end %>
+  </ul>
+  <% end %>
+
+  </div>
+</li>
@@ -0,0 +1,98 @@
+<% edition_mode = (defined? edition_mode) ? edition_mode : false %>
+<div class="<%= edition_mode ? '' : 'page-comment-form' %>">
+
+<% focus_on = logged_in? ? 'title' : 'name' %>
+
+
+<% if !edition_mode && !pass_without_comment_captcha? %>
+  <div id="recaptcha-container" style="display: none">
+    <h3><%= _('Please type the two words below') %></h3>
+    <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %>
+    <% button_bar do %>
+      <%= button_to_function :add, _('Confirm'), "return false", :id => "confirm-captcha" %>
+      <%= button_to_function :cancel, _('Cancel'), "jQuery.colorbox.close()" %>
+    <% end %>
+  </div>
+
+  <script type="text/javascript">
+    jQuery(document).bind('cbox_cleanup', function() {
+      jQuery('#recaptcha-container').hide();
+    });
+  </script>
+<% end %>
+
+<script type="text/javascript">
+function check_captcha(button, confirm_action) {
+  <% if edition_mode %>
+  return true;
+  <% elsif pass_without_comment_captcha? %>
+  button.form.confirm.value = 'true';
+  button.disabled = true;
+  return true;
+  <% else %>
+  jQuery('#recaptcha-container').show();
+  jQuery.colorbox({ inline : true, href : '#recaptcha-container', maxWidth : '600px', maxHeight : '300px' });
+  jQuery('#confirm-captcha').unbind('click');
+  jQuery('#confirm-captcha').bind('click', function() {
+    jQuery.colorbox.close();
+    button.form.recaptcha_response_field.value = jQuery('#recaptcha_response_field').val();
+    button.form.recaptcha_challenge_field.value = jQuery('#recaptcha_challenge_field').val();
+    button.form.confirm.value = 'true';
+    button.disabled = false;
+    confirm_action(button);
+  });
+  return false;
+  <% end %>
+}
+</script>
+
+<% if @comment && @comment.errors.any? %>
+  <%= error_messages_for :comment %>
+<% end %>
+
+<div class="post_comment_box <%= ((defined? show_form) && show_form) ? 'opened' : 'closed' %>">
+
+  <%= link_to(_('Post a comment'), '#', :class => 'display-comment-form') if display_link && @comment.reply_of_id.blank? %>
+<% remote_form_for(:comment, comment, :url => {:profile => profile.identifier, :controller => 'comment', :action => (edition_mode ? 'update' : 'create'), :id => (edition_mode ?  comment.id : @page.id)}, :html => { :class => 'comment_form' } ) do |f| %>
+
+  <%= required_fields_message %>
+
+  <% unless logged_in? %>
+
+    <%= required labelled_form_field(_('Name'), f.text_field(:name)) %>
+    <%= required labelled_form_field(_('e-mail'), f.text_field(:email)) %>
+    <p>
+    <%= _('If you are a registered user, you can login and be automatically recognized.') %>
+    </p>
+
+  <% end %>
+
+  <% if !edition_mode && !pass_without_comment_captcha? %>
+    <%= hidden_field_tag(:recaptcha_response_field, nil, :id => nil) %>
+    <%= hidden_field_tag(:recaptcha_challenge_field, nil, :id => nil) %>
+  <% end %>
+
+  <%= labelled_form_field(_('Title'), f.text_field(:title)) %>
+  <%= required labelled_form_field(_('Enter your comment'), f.text_area(:body, :rows => 5)) %>
+
+  <%= hidden_field_tag(:confirm, 'false') %>
+  <%= hidden_field_tag(:view, params[:view])%>
+  <%= f.hidden_field(:reply_of_id) %>
+
+  <%= @plugins.dispatch(:comment_form_extra_contents, local_assigns).collect { |content| instance_eval(&content) }.join("") %>
+
+  <% button_bar do %>
+    <%= submit_button('add', _('Post comment'), :onclick => "if(check_captcha(this)) { save_comment(this) } else { check_captcha(this, save_comment)};return false;") %>
+    <% if !edition_mode %>
+      <%= button :cancel, _('Cancel'), '', :id => 'cancel-comment' %>
+    <% else %>
+      <%= button :cancel, _('Cancel'), '#', :onclick => "jQuery.colorbox.close();" %>
+    <% end %>
+  <% end %>
+<% end %>
+
+
+</div><!-- end class="post_comment_box" -->
+</div><!-- end class="page-comment-form" -->
+
+<%= javascript_include_tag 'comment_form'%>
@@ -19,7 +19,10 @@
     <%= labelled_form_field _('City and state'), location_fields %>
   <% end %>
   <%= required f.text_field(:subject) %>
-  <%= required f.text_area(:message, :rows => 10, :cols => 60) %>
+
+  <%= render :file => 'shared/tiny_mce' %>
+  <%= required f.text_area(:message, :class => 'mceEditor') %>
+
   <%= labelled_form_field check_box(:contact, :receive_a_copy) + _('I want to receive a copy of the message in my e-mail.'), '' %>
   <%= submit_button(:send, _('Send'), :onclick => "$('confirm').value = 'true'") %>
@@ -1,3 +0,0 @@
-<h1><%= _('Edit comment') %></h1>
-
-<%= render :partial => 'comment_form', :locals => {:url => {:action => 'edit_comment', :profile => profile.identifier}, :display_link => false, :cancel_triggers_hide => false} %>
@@ -8,6 +8,12 @@
 <%= render :partial => 'confirm_unfollow' %>
+<script type="text/javascript">
+    window.ONE_COMMENT = "<%= _('One comment') %>";
+    window.COMMENT_PLURAL = "<%= _('comments') %>";
+    window.NO_COMMENT_YET = "<%= _('No comments yet') %>";
+</script>
+
 <div id="article-toolbar"></div>
 <script type="text/javascript">
@@ -60,7 +66,6 @@
   addthis_options = '<%= escape_javascript( NOOSFERO_CONF['addthis_options'] ) %>';
 </script>
 <a href="http://www.addthis.com/bookmark.php" id="bt_addThis" target="_blank" onmouseover="return addthis_open(this, '', '[URL]')" onmouseout="addthis_close()" onclick="return addthis_sendto()"><%= addthis_image_tag %></a>
-<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
 </div>
 <% end %>
@@ -85,20 +90,21 @@
   <% if @page.accept_comments? || @comments_count > 0 %>
     <h3 <%= 'class="no-comments-yet"' if @comments_count == 0 %>>
-      <%= number_of_comments(@page) %>
+      <%= display_number_of_comments(@comments_count) %>
     </h3>
   <% end %>
-  <% if @page.accept_comments? && @comments_count > 1 %>
-    <%= link_to(_('Post a comment'), '#', :class => 'display-comment-form', :id => 'top-post-comment-button') %>
+  <% if @page.accept_comments? && @comments.count > 1 %>
+    <%= link_to(_('Post a comment'), '#', :class => 'display-comment-form', :id => 'top-post-comment-button', :onclick => "jQuery('#page-comment-form .display-comment-form').first().click();") %>
   <% end %>
   <ul class="article-comments-list">
-    <%= render :partial => 'comment', :collection => @comments %>
+    <%= render :partial => 'comment/comment', :collection => @comments %>
+    <%= pagination_links @comments, :param_name => 'comment_page' %>
   </ul>
   <% if @page.accept_comments? %>
-    <div id="page-comment-form"><%= render :partial => 'comment_form', :locals => {:url => url_for(@page.view_url.merge({:only_path => true})), :display_link => true, :cancel_triggers_hide => true}%></div>
+    <div id='page-comment-form' class='page-comment-form'><%= render :partial => 'comment/comment_form', :locals =>{:comment => Comment.new, :url => {:controller => :comment, :action => :create}, :display_link => true, :cancel_triggers_hide => true}%></div>
   <% end %>
 </div><!-- end class="comments" -->
@@ -17,6 +17,10 @@
         content.respond_to?(:call) ? content.call : content
       end.join("\n")
     %>
+
+    <script type='text/javascript'>
+      DEFAULT_LOADING_MESSAGE = <%="'#{ _('loading...') }'" %>;
+    </script>
   </head>
   <body class="<%= body_classes %>">
     <a href="#content" id="link-go-content"><span><%= _("Go to the content") %></span></a>
@@ -56,5 +60,6 @@
     </div><!-- end id="theme-footer" -->
     <%= noosfero_layout_features %>
     <%= theme_javascript_ng %>
+    <%= addthis_javascript %>
   </body>
 </html>
@@ -4,7 +4,9 @@
   <%= hidden_field_tag(:content_type, params[:content_type]) %>
   <%= hidden_field_tag(:content_id, params[:content_id]) %>
-  <p><%= recaptcha_tags :ajax => true, :display => {:theme => 'clean'} %> </p>
+  <% unless user.is_admin? %>
+    <p><%= recaptcha_tags :ajax => true, :display => {:theme => 'clean'} %> </p>
+  <% end %>
   <%= submit_button(:send, _('Report profile'), :style => 'float: left; cursor: pointer;', :id => 'report-abuse-submit-button', :onclick => "jQuery('#form-submit-loading').show()") %>
   <%= button(:cancel, _('Cancel'), {}, :style => 'float: left; padding-top: 0px; padding-bottom: 0px;', :onclick => 'jQuery.colorbox.close(); return false;')%>
@@ -4,11 +4,13 @@
 <%= error_messages_for :mailing %>
-<%= render :file => 'shared/tiny_mce' %>
-
 <%= form_for :mailing, :url => {:action => 'send_mail'}, :html => {:id => 'mailing-form'} do |f| %>
+
   <%= labelled_form_field(_('Subject:'), f.text_field(:subject)) %>
+
+  <%= render :file => 'shared/tiny_mce' %>
   <%= labelled_form_field(_('Body:'), f.text_area(:body, :class => 'mceEditor')) %>
+
   <%= submit_button(:send, _('Send')) %>
   <%= button :cancel, _('Cancel e-mail'), :back %>
 <% end %>
@@ -7,12 +7,12 @@
     <tr class="search-blog-items">
       <td class="search-field-label"><%= _("Last posts") %></td>
-      <% r = blog.children.find(:all, :order => :updated_at, :conditions => ['type != ?', 'RssFeed']).last(3) %>
-      <td class="<%= "search-field-none" if r.empty? %>">
-        <% r.each do |a| %>
-          <%= link_to a.title, a.view_url, :class => 'search-blog-sample-item '+icon_for_article(a) %>
+      <% last_posts = blog.last_posts %>
+      <td class="<%= "search-field-none" if last_posts.empty? %>">
+        <% last_posts.each do |post| %>
+          <%= link_to post.title, post.view_url, :class => 'search-blog-sample-item '+icon_for_article(post) %>
         <% end %>
-        <%= _('None') if r.empty? %>
+        <%= _('None') if last_posts.empty? %>
       </td>
     </tr>
@@ -6,6 +6,6 @@
     </div>
   </div>
   <a href='#' id='chat-online-users-title' onclick='return false;'>
-    <div class='header'><i class='icon-chat'></i><span><%= _("Friends in chat <span class='amount_of_friends'>(%{amount})</span>") %></span></div>
+    <div class='header'><i class='icon-chat'></i><span><%= _("Friends in chat (<span class='amount_of_friends'>%{amount}</span>)") %></span></div>
   </a>
 </div>
+<% extend MacrosHelper %>
 <%= javascript_include_tag 'tinymce/jscripts/tiny_mce/tiny_mce.js' %>
+<%= include_macro_js_files %>
 <script type="text/javascript">
-  var myplugins = "searchreplace,print,table,contextmenu";
+  var myplugins = "searchreplace,print,table,contextmenu,-macrosPlugin";
   var first_line, second_line;
   var mode = '<%= mode ||= false %>'
   <% if mode %>
@@ -8,36 +10,80 @@
     second_line = ""
   <% else %>
     first_line = "print,separator,copy,paste,separator,undo,redo,separator,search,replace,separator,forecolor,fontsizeselect,formatselect"
-    second_line = "bold,italic,underline,strikethrough,separator,bullist,numlist,separator,justifyleft,justifycenter,justifyright,justifyfull,separator,link,unlink,image,table,separator,cleanup,code"
+    second_line = "bold,italic,underline,strikethrough,separator,bullist,numlist,separator,justifyleft,justifycenter,justifyright,justifyfull,separator,link,unlink,image,table,separator,cleanup,code,macros"
+    <% macros_with_buttons.each do |macro| %>
+      second_line += ',<%=macro.identifier %>'
+    <% end %>
   <% end %>
   if (tinymce.isIE) {
     // the paste plugin is only useful in Internet Explorer
     myplugins = "paste," + myplugins;
   }
+
+tinymce.create('tinymce.plugins.MacrosPlugin', {
+  createControl: function(n, cm) {
+    switch (n) {
+       case 'macros':
+         <% unless macros_in_menu.empty? %>
+           var c = cm.createMenuButton('macros', {
+             title : 'Macros',
+             image : '/designs/icons/tango/Tango/16x16/emblems/emblem-system.png',
+             icons : false
+           });
+
+           <% macros_in_menu.each do |macro| %>
+             c.onRenderMenu.add(function(c, m) {
+               m.add({
+                 title: <%= macro_title(macro).to_json %>,
+                 onclick: <%= generate_macro_config_dialog(macro) %>
+               });
+             });
+           <% end %>
+
+           // Return the new menu button instance
+           return c;
+         <% end %>
+    }
+    return null;
+  }
+});
+
+// Register plugin with a short name
+tinymce.PluginManager.add('macrosPlugin', tinymce.plugins.MacrosPlugin);
+
 tinyMCE.init({
-        mode : "textareas",
-        editor_selector : "mceEditor",
-        theme : "advanced",
-        relative_urls : false,
-        remove_script_host : false,
-        document_base_url : <%= environment.top_url.to_json %>,
-        plugins: myplugins,
-        theme_advanced_toolbar_location : "top",
-        theme_advanced_layout_manager: 'SimpleLayout',
-        theme_advanced_buttons1 : first_line,
-        theme_advanced_buttons2 : second_line,
-        theme_advanced_buttons3 : "",
-        theme_advanced_blockformats :"p,address,pre,h2,h3,h4,h5,h6",
-        paste_auto_cleanup_on_paste : true,
-        paste_insert_word_content_callback : "convertWord",
-        paste_use_dialog: false,
-        apply_source_formatting : true,
-        extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling],embed[title|src|type|height|width]",
-        content_css: '/stylesheets/tinymce.css',
-        language: <%= tinymce_language.inspect %>,
-        entity_encoding: 'raw'
-        });
+  mode : "textareas",
+  editor_selector : "mceEditor",
+  theme : "advanced",
+  relative_urls : false,
+  remove_script_host : false,
+  document_base_url : <%= environment.top_url.to_json %>,
+  plugins: myplugins,
+  theme_advanced_toolbar_location : "top",
+  theme_advanced_layout_manager: 'SimpleLayout',
+  theme_advanced_buttons1 : first_line,
+  theme_advanced_buttons2 : second_line,
+  theme_advanced_buttons3 : "",
+  theme_advanced_blockformats :"p,address,pre,h2,h3,h4,h5,h6",
+  paste_auto_cleanup_on_paste : true,
+  paste_insert_word_content_callback : "convertWord",
+  paste_use_dialog: false,
+  apply_source_formatting : true,
+  extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height|scrolling],embed[title|src|type|height|width]",
+  content_css: '/stylesheets/tinymce.css,<%= macro_css_files %>',
+  language: <%= tinymce_language.inspect %>,
+  entity_encoding: 'raw',
+  setup : function(ed) {
+    <% macros_with_buttons.each do |macro| %>
+           ed.addButton('<%= macro.identifier %>', {
+               title: <%= macro_title(macro).to_json %>,
+               onclick: <%= generate_macro_config_dialog(macro) %>,
+               image : '<%= macro.configuration[:icon_path]%>'
+             });
+    <% end %>
+  }
+});
 function convertWord(type, content) {
   switch (type) {
@@ -8,7 +8,7 @@
 <div id='article'>
   <div class="comments" id="comments_list">
     <ul class="article-comments-list">
-      <%= render :partial => 'content_viewer/comment', :collection => @spam %>
+      <%= render :partial => 'comment/comment', :collection => @spam %>
     </ul>
   </div>
 </div>
@@ -0,0 +1,7 @@
+<p>
+  <b><%= _('Title: ') %></b>
+  <%= task.comment.title %>
+</p>
+<p>
+  <%= task.comment.body %>
+</p>
@@ -12,7 +12,7 @@
           "/designs/templates/#{template.id}/thumbnail.png",
           :alt => _('The "%s" template')) +
         '<div class="opt-info">'.html_safe +
-        content_tag('strong', template.id, :class => 'name') +
+        content_tag('strong', template.name, :class => 'name') +
         ' <br/> '.html_safe
         if @current_template == template.id  # selected
@@ -0,0 +1,15 @@
+<h2> <%= _("Editing trusted site") %> </h2>
+
+<% form_tag :action => :update do %>
+
+  <%= text_field_tag :site, @site %>
+  <%= hidden_field_tag :orig_site, @site %>
+
+  <% button_bar do %>
+    <%= submit_button('save', _('Save changes'), :cancel => {:action => 'index'} ) %>
+  <% end %>
+<% end %>
+
+<script>
+  jQuery(function() { jQuery('input#site').focus(); } );
+</script>
@@ -0,0 +1,28 @@
+<h1><%= _('Manage trusted sites') %></h1>
+
+<p>
+<%=  _('Here you can manage the list of trusted sites of your environment. A trusted site is a site that you consider safe enough to incorporate their content through <em>iframes</em>.') %>
+</p>
+
+<table>
+  <tr>
+    <th><%= _('Site') %></th>
+    <th><%= _('Actions') %></th>
+  </tr>
+  <% @sites.each do |site| %>
+    <tr>
+      <td>
+        <%= link_to site, :action => 'show', :site => site %>
+      </td>
+      <td style='white-space: nowrap;'>
+        <%= button_without_text :edit, _('Edit'), :action => 'edit', :site => site %>
+        <%= button_without_text :remove,  _('Remove'), {:action => :destroy, :site => site}, :method => :delete, :confirm => _('Are you sure you want to remove this site from the list of trusted sites?') %>
+      </td>
+    </tr>
+  <% end %>
+</table>
+
+<% button_bar do %>
+  <%= button :add, _('Add a trusted site'), :action => 'new' %>
+  <%= button :back, _('Back to admin panel'), :controller => 'admin_panel' %>
+<% end %>
@@ -0,0 +1,14 @@
+<h2> <%= _("Add a new trusted site") %> </h2>
+
+<% form_tag :action => :create do %>
+
+  <%= text_field_tag :site, @site %>
+
+  <% button_bar do %>
+    <%= submit_button('save', _('Add trusted site'), :cancel => {:action => 'index'} ) %>
+  <% end %>
+<% end %>
+
+<script>
+  jQuery(function() { jQuery('input#site').focus(); } );
+</script>
@@ -76,6 +76,9 @@ Noosfero::Application.routes.draw do
   # profile search
   match 'profile/:profile/search', :controller => 'profile_search', :action => 'index', :profile => /#{Noosfero.identifier_format}/
+  # comments
+  map.comment 'profile/:profile/comment/:action/:id', :controller => 'comment', :profile => /#{Noosfero.identifier_format}/
+
   # public profile information
   match 'profile/:profile(/:action(/:id))', :controller => 'profile', :action => 'index', :id => /[^\/]*/, :profile => /#{Noosfero.identifier_format}/
@@ -121,8 +124,6 @@ Noosfero::Application.routes.draw do
   # cache stuff - hack
   match 'public/:action/:id', :controller => 'public'
-  match ':profile/edit_comment/:id/*page', :controller => 'content_viewer', :action => 'edit_comment', :profile => /#{Noosfero.identifier_format}/
-
   # match requests for profiles that don't have a custom domain
   match ':profile(/*page)', :controller => 'content_viewer', :action => 'view_page', :profile => /#{Noosfero.identifier_format}/, :constraints => EnvironmentDomainConstraint.new
@@ -0,0 +1,9 @@
+class ChangeArticlePublishedAtFromDateToDatetime < ActiveRecord::Migration
+  def self.up
+    change_column :articles, :published_at, :datetime
+  end
+
+  def self.down
+    change_column :articles, :published_at, :date
+  end
+end
@@ -0,0 +1,9 @@
+class ChangeArticleVersionsPublishedAtFromDateToDatetime < ActiveRecord::Migration
+  def self.up
+    change_column :article_versions, :published_at, :datetime
+  end
+
+  def self.down
+    change_column :article_versions, :published_at, :date
+  end
+end
@@ -0,0 +1,17 @@
+class AddManageEnvironmentTrustedSitesToAdminRole < ActiveRecord::Migration
+  def self.up
+    Environment.all.map(&:id).each do |id|
+      role = Environment::Roles.admin(id)
+      role.permissions << 'manage_environment_trusted_sites'
+      role.save!
+    end
+  end
+
+  def self.down
+    Environment.all.map(&:id).each do |id|
+      role = Environment::Roles.admin(id)
+      role.permissions -= ['manage_environment_trusted_sites']
+      role.save!
+    end
+  end
+end
@@ -9,7 +9,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20130429214630) do
+ActiveRecord::Schema.define(:version => 20130606110602) do
   create_table "abuse_reports", :force => true do |t|
     t.integer  "reporter_id"
@@ -76,7 +76,7 @@ ActiveRecord::Schema.define(:version =&gt; 20130429214630) do
     t.text     "setting"
     t.boolean  "notify_comments",      :default => false
     t.integer  "hits",                 :default => 0
-    t.date     "published_at"
+    t.datetime "published_at"
     t.string   "source"
     t.boolean  "highlighted",          :default => false
     t.string   "external_link"
@@ -119,7 +119,7 @@ ActiveRecord::Schema.define(:version =&gt; 20130429214630) do
     t.text     "setting"
     t.boolean  "notify_comments",      :default => true
     t.integer  "hits",                 :default => 0
-    t.date     "published_at"
+    t.datetime "published_at"
     t.string   "source"
     t.boolean  "highlighted",          :default => false
     t.string   "external_link"
@@ -221,6 +221,7 @@ ActiveRecord::Schema.define(:version =&gt; 20130429214630) do
     t.string   "source_type"
     t.string   "user_agent"
     t.string   "referrer"
+    t.integer  "group_id"
   end
   add_index "comments", ["source_id", "spam"], :name => "index_comments_on_source_id_and_spam"
@@ -264,11 +265,11 @@ ActiveRecord::Schema.define(:version =&gt; 20130429214630) do
     t.text     "design_data"
     t.text     "custom_header"
     t.text     "custom_footer"
-    t.string   "theme",                        :default => "default", :null => false
+    t.string   "theme",                        :default => "default",           :null => false
     t.text     "terms_of_use_acceptance_text"
     t.datetime "created_at"
     t.datetime "updated_at"
-    t.integer  "reports_lower_bound",          :default => 0,         :null => false
+    t.integer  "reports_lower_bound",          :default => 0,                   :null => false
     t.string   "redirection_after_login",      :default => "keep_on_same_page"
     t.text     "signup_welcome_text"
     t.string   "languages"
@@ -428,7 +429,7 @@ ActiveRecord::Schema.define(:version =&gt; 20130429214630) do
     t.string   "type"
     t.string   "identifier"
     t.integer  "environment_id"
-    t.boolean  "active",                             :default => true
+    t.boolean  "active",                                :default => true
     t.string   "address"
     t.string   "contact_phone"
     t.integer  "home_page_id"
@@ -439,21 +440,21 @@ ActiveRecord::Schema.define(:version =&gt; 20130429214630) do
     t.float    "lat"
     t.float    "lng"
     t.integer  "geocode_precision"
-    t.boolean  "enabled",                            :default => true
-    t.string   "nickname",             :limit => 16
+    t.boolean  "enabled",                               :default => true
+    t.string   "nickname",                :limit => 16
     t.text     "custom_header"
     t.text     "custom_footer"
     t.string   "theme"
-    t.boolean  "public_profile",                     :default => true
+    t.boolean  "public_profile",                        :default => true
     t.date     "birth_date"
     t.integer  "preferred_domain_id"
     t.datetime "updated_at"
-    t.boolean  "visible",                            :default => true
+    t.boolean  "visible",                               :default => true
     t.integer  "image_id"
-    t.boolean  "validated",                          :default => true
+    t.boolean  "validated",                             :default => true
     t.string   "cnpj"
     t.string   "national_region_code"
-    t.boolean  "is_template",                        :default => false
+    t.boolean  "is_template",                           :default => false
     t.integer  "template_id"
     t.string   "redirection_after_login"
   end
+noosfero (0.44.0) unstable; urgency=low
+
+  * New features release
+
+ -- Rodrigo Souto <rodrigo@colivre.coop.br>  Wed, 17 Jul 2013 02:19:44 -0300
+
+noosfero (0.43.1) unstable; urgency=low
+
+  * Bugfix release
+
+ -- Rodrigo Souto <rodrigo@colivre.coop.br>  Wed, 17 Jul 2013 01:20:46 -0300
+
+noosfero (0.43.0) unstable; urgency=low
+
+  * Solr search converted to a plugin
+
+ -- Rodrigo Souto <rodrigo@ravioli>  Tue, 18 Jun 2013 11:14:56 -0300
+
 noosfero (0.43.0~rc20130529152434) squeeze-test; urgency=low
   * RC of 0.43.0 with solr as a plugin
@@ -10,7 +10,6 @@ Build-Depends:
  ruby-sqlite3,
  rake,
  rails3 (>= 3.2.6-1~),
- openjdk-6-jre,
  ruby-will-paginate,
  tango-icon-theme,
  rcov
@@ -0,0 +1,21 @@
+#!/usr/bin/ruby
+
+require 'yaml'
+
+DBCONFIG = ARGV.first || '/etc/database/database.yml'
+
+$dbconfig = {}
+
+checks = [
+  lambda { File.exists?(DBCONFIG) },
+  lambda { $dbconfig = YAML.load_file(DBCONFIG) },
+  lambda { $dbconfig['production'] },
+  lambda { $dbconfig['production']['adapter'] },
+  lambda { $dbconfig['production']['database'] },
+]
+
+if checks.all?(&:call)
+  exit 0
+else
+  exit 1
+end
@@ -38,3 +38,4 @@ locale                            usr/share/noosfero
 doc/noosfero                      usr/share/noosfero/doc
 debian/noosfero-console           usr/sbin
+debian/noosfero-check-dbconfig    usr/sbin
@@ -44,6 +44,13 @@ if [ -z &quot;$NOOSFERO_DIR&quot; ] || [ -z &quot;$NOOSFERO_USER&quot; ]; then
   exit 0
 fi
+if test -x /usr/sbin/noosfero-check-dbconfig ; then
+  if ! noosfero-check-dbconfig; then
+    echo "Noosfero database access not configured, service disabled."
+    exit 0
+  fi
+fi
+
 ######################
 main_script() {
@@ -17,14 +17,6 @@ Feature: comment
     And feature "captcha_for_logged_users" is disabled on environment
     And I am logged in as "booking"
-  Scenario: not post a comment without javascript
-    Given I am on /booking/article-to-comment
-    And I follow "Post a comment"
-    And I fill in "Title" with "Hey ho, let's go!"
-    And I fill in "Enter your comment" with "Hey ho, let's go!"
-    When I press "Post comment"
-    Then I should not see "Hey ho, let's go"
-
   # This test requires some way to overcome the captcha with unauthenticated
   # user.
   @selenium-fixme
@@ -79,14 +71,14 @@ Feature: comment
   @selenium
   Scenario: render comment form and go to bottom
-    Given I am on /booking/article-with-comment
+    Given I am on /booking/article-to-comment
     When I follow "Post a comment"
     Then I should see "Enter your comment"
-    And I should be on /booking/article-with-comment
+    And I should be on /booking/article-to-comment
   @selenium
   Scenario: keep comments field filled while trying to do a comment
-    Given I am on /booking/article-with-comment
+    Given I am on /booking/article-to-comment
     And I follow "Post a comment"
     And I fill in "Title" with "Joey Ramone"
     When I press "Post comment"
@@ -15,15 +15,9 @@ Feature: comment
       | article to comment | booking | root comment | this comment is not a reply |
       | another article    | booking | some comment | this is my very own comment |
-  Scenario: not post a comment without javascript
-    Given I am on /booking/article-to-comment
-    When I follow "Reply" within ".comment-balloon"
-    Then I should not see "Enter your comment" within "div.comment-balloon"
-
   Scenario: not show any reply form by default
     When I go to /booking/article-to-comment
     Then I should not see "Enter your comment" within "div.comment-balloon"
-    And I should see "Reply" within "div.comment-balloon"
   @selenium-fixme
   Scenario: show error messages when make a blank comment reply
@@ -35,18 +29,13 @@ Feature: comment
     And I should see "Body can't be blank" within "div.comment_reply"
   @selenium
-  Scenario: not show any reply form by default
-    When I go to /booking/article-to-comment
-    Then I should not see "Enter your comment" within "div.comment-balloon"
-    And I should see "Reply" within "div.comment-balloon"
-
-  @selenium
   Scenario: render reply form
     Given I am on /booking/article-to-comment
     When I follow "Reply" within ".comment-balloon"
     Then I should see "Enter your comment" within "div.comment_reply.opened"
-  @selenium
+  # The text is hidden but the detector gets it anyway
+  @selenium-fixme
   Scenario: cancel comment reply
     Given I am on /booking/article-to-comment
     When I follow "Reply" within ".comment-balloon"
@@ -39,7 +39,7 @@ Feature: search
       | login      | name        |
       | joaosilva  | Joao Silva  |
     And the following articles
-      | owner     | name                 |
+      | owner     | name       |
       | joaosilva | article #1 |
       | joaosilva | article #2 |
       | joaosilva | article #3 |
@@ -52,8 +52,6 @@ Feature: search
     When I go to the search page
     And I fill in "search-input" with "article"
     And I press "Search"
-    Then I should see "article #8" within ".search-results-articles"
-    And I should not see "article #9" within ".search-results-articles"
     And I should see "see all (9)"
     When I follow "see all (9)"
     Then I should be on the search articles page
@@ -29,7 +29,7 @@ module ActsAsHavingBoxes
   # returns 3 unless the class table has a boxes_limit column. In that case
   # return the value of the column. 
   def boxes_limit
-    LayoutTemplate.find(layout_template).number_of_boxes || 3
+    @boxes_limit ||= LayoutTemplate.find(layout_template).number_of_boxes || 3
   end
 end
@@ -4,7 +4,7 @@ require &#39;fast_gettext&#39;
 module Noosfero
   PROJECT = 'noosfero'
-  VERSION = '0.43.0~rc20130529152434'
+  VERSION = '0.44.0'
   def self.pattern_for_controllers_in_directory(dir)
     disjunction = controllers_in_directory(dir).join('|')
@@ -4,6 +4,10 @@ class Noosfero::Plugin
   attr_accessor :context
+  def initialize(context=nil)
+    self.context = context
+  end
+
   class << self
     attr_writer :should_load
@@ -151,6 +155,12 @@ class Noosfero::Plugin
     blocks || []
   end
+  def macros
+    self.class.constants.map do |constant_name|
+      self.class.const_get(constant_name)
+    end.select {|klass| klass < Noosfero::Plugin::Macro}
+  end
+
   # Here the developer may specify the events to which the plugins can
   # register and must return true or false. The default value must be false.
@@ -253,8 +263,8 @@ class Noosfero::Plugin
   # -> Parse and possibly make changes of content (article, block, etc) during HTML rendering
   # returns = content as string after parser and changes
-  def parse_content(raw_content)
-    raw_content
+  def parse_content(html, source)
+    [html, source]
   end
   # -> Adds links to the admin panel
@@ -290,6 +300,18 @@ class Noosfero::Plugin
   def filter_comment(comment)
   end
+  # Define custom logic to filter loaded comments.
+  #
+  # Example:
+  #
+  #   def unavailable_comments(scope)
+  #     scope.without_spams
+  #   end
+  #
+  def unavailable_comments(scope)
+    scope
+  end
+
   # This method is called by the CommentHandler background job before sending
   # the notification email. If the comment is marked as spam (i.e. by calling
   # <tt>comment.spam!</tt>), then the notification email will *not* be sent.
@@ -331,6 +353,30 @@ class Noosfero::Plugin
   def comment_marked_as_ham(comment)
   end
+  # Adds extra actions for comments
+  # returns = list of hashes or lambda block that creates a list of hashes
+  # example:
+  #
+  #   def comment_actions(comment)
+  #     [{:link => link_to_function(...)}]
+  #   end
+  #
+  def comment_actions(comment)
+    nil
+  end
+
+  # This method is called when the user click on comment actions menu.
+  # returns = list or lambda block that return ids of enabled menu items for comments
+  # example:
+  #
+  #   def check_comment_actions(comment)
+  #     ['#action1', '#action2']
+  #   end
+  #
+  def check_comment_actions(comment)
+    []
+  end
+
   # -> Adds fields to the signup form
   # returns = lambda block that creates html code
   def signup_extra_contents
@@ -405,6 +451,12 @@ class Noosfero::Plugin
     nil
   end
+  # -> Adds adicional content to comment form
+  # returns = lambda block that creates html code
+  def comment_form_extra_contents(args)
+    nil
+  end
+
   # -> Finds objects by their contents
   # returns = {:results => [a, b, c, ...], ...}
   # P.S.: The plugin might add other informations on the return hash for its
@@ -0,0 +1,63 @@
+class Noosfero::Plugin::Macro
+
+  attr_accessor :context
+
+  class << self
+    # Options
+    #
+    # [:icon_path]  Determines the path to icon to be used in the button on
+    #               tinymce
+    # [:title]      Former name of the macro
+    # [:skip_dialog]  Skip configuration dialog on tinymce
+    # [:js_files]     Javascripts that should be included on tinymce
+    # [:css_files     Css files that should be included on tinymce
+    # [:generator]    Javascript code that will be loaded when the macro button
+    #                 is clicked on tinymce
+    # [:params]       Hash of macro fields that the user might configure
+    #
+    def configuration
+      {}
+    end
+
+    def plugin
+      name.split('::')[0...-1].join('::').constantize
+    end
+
+    def identifier
+      name.underscore
+    end
+  end
+
+  def initialize(context=nil)
+    self.context = context
+  end
+
+  def attributes(macro)
+    macro.attributes.to_hash.
+      select {|key, value| key[0..10] == 'data-macro-'}.
+      inject({}){|result, a| result.merge({a[0][11..-1] => a[1]})}.
+      with_indifferent_access
+  end
+
+  def convert(macro, source)
+    macro_name = macro['data-macro']
+    attrs = attributes(macro)
+
+    begin
+      content = parse(attrs, macro.inner_html, source)
+      macro['class'] = "parsed-macro #{macro_name}"
+    rescue Exception => exception
+      content = _("Unsupported macro %s!") % macro_name
+      macro['class'] = "failed-macro #{macro_name}"
+    end
+
+    attrs.each {|key, value| macro.remove_attribute("data-macro-#{key}")}
+    content
+  end
+
+  # This is the method the macros should override
+  def parse(attrs, inner_html, source)
+    raise
+  end
+
+end
@@ -23,7 +23,7 @@ class Noosfero::Plugin::Manager
     dispatch_without_flatten(event, *args).flatten
   end
-  def dispatch_plugins(event, *args)
+  def fetch_plugins(event, *args)
     map { |plugin| plugin.class if plugin.send(event, *args) }.compact.flatten
   end
@@ -33,7 +33,7 @@ class Noosfero::Plugin::Manager
   alias :dispatch_scopes :dispatch_without_flatten
-  def first(event, *args)
+  def dispatch_first(event, *args)
     result = nil
     each do |plugin|
       result = plugin.send(event, *args)
@@ -42,7 +42,7 @@ class Noosfero::Plugin::Manager
     result
   end
-  def first_plugin(event, *args)
+  def fetch_first_plugin(event, *args)
     result = nil
     each do |plugin|
       if plugin.send(event, *args)
@@ -53,11 +53,38 @@ class Noosfero::Plugin::Manager
     result
   end
+  def pipeline(event, *args)
+    each do |plugin|
+      result = plugin.send(event, *args)
+      result = result.kind_of?(Array) ? result : [result]
+      raise ArgumentError, "Pipeline broken by #{plugin.class.name} on #{event} with #{result.length} arguments instead of #{args.length}." if result.length != args.length
+      args = result
+    end
+    args.length < 2 ? args.first : args
+  end
+
+  def filter(property, data)
+    inject(data) {|data, plugin| data = plugin.send(property, data)}
+  end
+
+  def parse_macro(macro_name, macro, source = nil)
+    macro_instance = enabled_macros[macro_name] || default_macro
+    macro_instance.convert(macro, source)
+  end
+
   def enabled_plugins
     @enabled_plugins ||= (Noosfero::Plugin.all & environment.enabled_plugins).map do |plugin|
-      p = plugin.constantize.new
-      p.context = context
-      p
+      plugin.constantize.new(context)
+    end
+  end
+
+  def default_macro
+    @default_macro ||= Noosfero::Plugin::Macro.new(context)
+  end
+
+  def enabled_macros
+    @enabled_macros ||= dispatch(:macros).inject({}) do |memo, macro|
+      memo.merge!(macro.identifier => macro.new(context))
     end
   end
@@ -0,0 +1,16 @@
+class CommentGroupPluginProfileController < ProfileController
+  append_view_path File.join(File.dirname(__FILE__) + '/../views')
+
+  def view_comments
+    article_id = params[:article_id]
+    group_id = params[:group_id]
+
+    article = profile.articles.find(article_id)
+    comments = article.group_comments.without_spam.in_group(group_id)
+    render :update do |page|
+      page.replace_html "comments_list_group_#{group_id}", :partial => 'comment/comment.rhtml', :collection => comments
+      page.replace_html "comment-count-#{group_id}", comments.count
+    end
+  end
+
+end
@@ -0,0 +1,8 @@
+class CommentGroupPluginPublicController < PublicController
+  append_view_path File.join(File.dirname(__FILE__) + '/../views')
+
+  def comment_group
+    render :json => { :group_id => Comment.find(params[:id]).group_id }
+  end
+
+end
@@ -0,0 +1,9 @@
+class AddGroupIdToComment < ActiveRecord::Migration
+  def self.up
+    add_column :comments, :group_id, :integer
+  end
+
+  def self.down
+    remove_column :comments, :group_id
+  end
+end
@@ -0,0 +1,32 @@
+require_dependency 'comment_group_plugin/ext/article'
+require_dependency 'comment_group_plugin/ext/comment'
+
+class CommentGroupPlugin < Noosfero::Plugin
+
+  def self.plugin_name
+    "Comment Group"
+  end
+
+  def self.plugin_description
+    _("A plugin that display comment groups.")
+  end
+
+  def unavailable_comments(scope)
+    scope.without_group
+  end
+
+  def comment_form_extra_contents(args)
+    comment = args[:comment]
+    group_id = comment.group_id || args[:group_id]
+    lambda {
+      hidden_field_tag('comment[group_id]', group_id) if group_id
+    }
+  end
+
+  def js_files
+    'comment_group_macro.js'
+  end
+
+end
+
+require_dependency 'comment_group_plugin/macros/allow_comment'
@@ -0,0 +1,21 @@
+require_dependency 'article'
+
+class Article
+
+  #FIXME make this test
+  has_many :group_comments, :class_name => 'Comment', :foreign_key => 'source_id', :dependent => :destroy, :order => 'created_at asc', :conditions => [ 'group_id IS NOT NULL']
+
+  #FIXME make this test
+  validate :not_empty_group_comments_removed
+
+  #FIXME make this test
+  def not_empty_group_comments_removed
+    if body
+      groups_with_comments = group_comments.collect {|comment| comment.group_id}.uniq
+      groups = Hpricot(body.to_s).search('.macro').collect{|element| element['data-macro-group_id'].to_i}
+      errors.add_to_base(N_('Not empty group comment cannot be removed')) unless (groups_with_comments-groups).empty?
+    end
+  end
+
+end
+
@@ -0,0 +1,12 @@
+require_dependency 'comment'
+
+class Comment
+
+  named_scope :without_group, :conditions => {:group_id => nil }
+
+  named_scope :in_group, lambda { |group_id| {
+      :conditions => ['group_id = ?', group_id]
+    }
+  }
+
+end
@@ -0,0 +1,22 @@
+#FIXME See a better way to generalize this parameter.
+ActionView::Base.sanitized_allowed_attributes += ['data-macro', 'data-macro-group_id']
+
+class CommentGroupPlugin::AllowComment < Noosfero::Plugin::Macro
+  def self.configuration
+    { :params => [],
+      :skip_dialog => true,
+      :generator => 'makeCommentable();',
+      :js_files => 'comment_group.js',
+      :icon_path => '/designs/icons/tango/Tango/16x16/emblems/emblem-system.png',
+      :css_files => 'comment_group.css' }
+  end
+
+  #FIXME Make this test
+  def parse(params, inner_html, source)
+    group_id = params[:group_id].to_i
+    article = source
+    count = article.group_comments.without_spam.in_group(group_id).count
+
+    lambda {render :partial => 'plugins/comment_group/views/comment_group.rhtml', :locals => {:group_id => group_id, :article_id => article.id, :inner_html => inner_html, :count => count, :profile_identifier => article.profile.identifier }}
+  end
+end
@@ -0,0 +1,6 @@
+div.article_comments {
+  background-color:#dddddd;
+  border-style: solid;
+  border-color:#bbbbbb;
+  border-width:2px;
+}
@@ -0,0 +1,47 @@
+function getNextGroupId() {
+  max = -1;
+  groups = jQuery('#article_body_ifr').contents().find('.article_comments');
+  groups.each(function(key, value) {
+    value = jQuery(value).attr('data-macro-group_id');
+    if(value>max) max = parseInt(value);
+  });
+  return max+1;
+}
+
+function makeCommentable() {
+  tinyMCE.activeEditor.focus();
+  start = jQuery(tinyMCE.activeEditor.selection.getStart()).closest('p');
+  end = jQuery(tinyMCE.activeEditor.selection.getEnd()).closest('p');
+
+  //text = start.parent().children();
+  text = jQuery('#article_body_ifr').contents().find('*');
+  selection = text.slice(text.index(start), text.index(end)+1);
+
+  hasTag = false;
+  selection.each(function(key, value) {
+    commentTag = jQuery(value).closest('.article_comments');
+    if(commentTag.length) {
+      commentTag.children().unwrap('<div class=\"article_comments\"/>');
+      hasTag = true;
+    }
+  });
+
+  if(!hasTag) {
+    tags = start.siblings().add(start);
+    tags = tags.slice(tags.index(start), tags.index(end)>=0?tags.index(end)+1:tags.index(start)+1);
+    tags.wrapAll('<div class=\"macro article_comments\" data-macro=\"comment_group_plugin/allow_comment\" data-macro-group_id=\"'+getNextGroupId()+'\"/>');
+
+    contents = jQuery('#article_body_ifr').contents();
+    lastP = contents.find('p.article_comments_last_paragraph');
+    if(lastP.text().trim().length > 0) {
+      lastP.removeClass('article_comments_last_paragraph');
+    } else {
+      lastP.remove();
+    }
+    lastDiv = contents.find('div.article_comments').last();
+    if(lastDiv.next().length==0) {
+      lastDiv.after("<p class='article_comments_last_paragraph'>&nbsp;</p>");
+    }
+  }
+}
+
@@ -0,0 +1,39 @@
+var comment_group_anchor;
+jQuery(document).ready(function($) {
+  var anchor = window.location.hash;
+  if(anchor.length==0) return;
+
+  var val = anchor.split('-'); //anchor format = #comment-\d+
+  if(val.length!=2 || val[0]!='#comment') return;
+  if($('div[data-macro=comment_group_plugin/allow_comment]').length==0) return; //comment_group_plugin/allow_comment div must exists
+  var comment_id = val[1];
+  if(!/^\d+$/.test(comment_id)) return; //test for integer
+
+  comment_group_anchor = anchor;
+  var url = '/plugin/comment_group/public/comment_group/'+comment_id;
+  $.getJSON(url, function(data) {
+    if(data.group_id!=null) {
+      var button = $('div.comment_group_'+ data.group_id + ' a');
+      button.click();
+      $.scrollTo(button);
+    }
+  });
+});
+
+function toggleGroup(group) {
+  var div = jQuery('div.comments_list_toggle_group_'+group);
+  var visible = div.is(':visible');
+  if(!visible)
+    jQuery('div.comment-group-loading-'+group).addClass('comment-button-loading');
+
+  div.toggle('fast');
+  return visible;
+}
+
+function loadCompleted(group) {
+  jQuery('div.comment-group-loading-'+group).removeClass('comment-button-loading')
+  if(comment_group_anchor) {
+    jQuery.scrollTo(jQuery(comment_group_anchor));
+    comment_group_anchor = null;
+  }
+}
@@ -0,0 +1,38 @@
+require File.dirname(__FILE__) + '/../../../../test/test_helper'
+require File.dirname(__FILE__) + '/../../controllers/profile/comment_group_plugin_profile_controller'
+
+# Re-raise errors caught by the controller.
+class CommentGroupPluginProfileController; def rescue_action(e) raise e end; end
+
+class CommentGroupPluginProfileControllerTest < ActionController::TestCase
+
+  def setup
+    @controller = CommentGroupPluginProfileController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+
+    @profile = create_user('testuser').person
+    @article = profile.articles.build(:name => 'test')
+    @article.save!
+  end
+  attr_reader :article
+  attr_reader :profile
+
+  should 'be able to show group comments' do
+    comment = fast_create(Comment, :source_id => article, :author_id => profile, :title => 'a comment', :body => 'lalala', :group_id => 0)
+    xhr :get, :view_comments, :profile => @profile.identifier, :article_id => article.id, :group_id => 0
+    assert_template 'comment/_comment.rhtml'
+    assert_match /comments_list_group_0/, @response.body
+    assert_match /\"comment-count-0\", \"1\"/, @response.body
+  end
+
+  should 'do not show global comments' do
+    comment = fast_create(Comment, :source_id => article, :author_id => profile, :title => 'global comment', :body => 'global', :group_id => nil)
+    comment = fast_create(Comment, :source_id => article, :author_id => profile, :title => 'a comment', :body => 'lalala', :group_id => 0)
+    xhr :get, :view_comments, :profile => @profile.identifier, :article_id => article.id, :group_id => 0
+    assert_template 'comment/_comment.rhtml'
+    assert_match /comments_list_group_0/, @response.body
+    assert_match /\"comment-count-0\", \"1\"/, @response.body
+  end
+
+end
@@ -0,0 +1,33 @@
+require File.dirname(__FILE__) + '/../../../../test/test_helper'
+require File.dirname(__FILE__) + '/../../controllers/public/comment_group_plugin_public_controller'
+
+# Re-raise errors caught by the controller.
+class CommentGroupPluginPublicController; def rescue_action(e) raise e end; end
+
+class CommentGroupPluginPublicControllerTest < ActionController::TestCase
+
+  def setup
+    @controller = CommentGroupPluginPublicController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+
+    @profile = create_user('testuser').person
+    @article = profile.articles.build(:name => 'test')
+    @article.save!
+  end
+  attr_reader :article
+  attr_reader :profile
+
+  should 'be able to return group_id for a comment' do
+    comment = fast_create(Comment, :source_id => article, :author_id => profile, :title => 'a comment', :body => 'lalala', :group_id => 0)
+    xhr :get, :comment_group, :id => comment.id
+    assert_match /\{\"group_id\":0\}/, @response.body
+  end
+
+  should 'return group_id=null for a global comment' do
+    comment = fast_create(Comment, :source_id => article, :author_id => profile, :title => 'a comment', :body => 'lalala' )
+    xhr :get, :comment_group, :id => comment.id
+    assert_match /\{\"group_id\":null\}/, @response.body
+  end
+
+end
@@ -0,0 +1,24 @@
+require File.dirname(__FILE__) + '/../../../../test/test_helper'
+
+class CommentGroupPluginTest < ActiveSupport::TestCase
+
+  include Noosfero::Plugin::HotSpot
+
+  def setup
+    @environment = Environment.default
+  end
+
+  attr_reader :environment
+
+  should 'filter_comments returns all the comments wihout group of an article passed as parameter' do
+    article = fast_create(Article)
+    c1 = fast_create(Comment, :source_id => article.id, :group_id => 1)
+    c2 = fast_create(Comment, :source_id => article.id)
+    c3 = fast_create(Comment, :source_id => article.id)
+
+    plugin = CommentGroupPlugin.new
+    assert_equal [], [c2, c3] - plugin.filter_comments(article.comments)
+    assert_equal [], plugin.filter_comments(article.comments) - [c2, c3]
+  end
+
+end
@@ -0,0 +1,26 @@
+<div class="comments">
+  <div class="comment_group_<%= group_id %>" style="float: left">
+    <div style="float: left">
+    <%= link_to_remote(image_tag("/plugins/comment_group/images/comments.gif"),
+        :url => { :profile => profile_identifier, :controller => 'comment_group_plugin_profile', :action => 'view_comments', :group_id => group_id, :article_id => article_id},
+        :loaded => visual_effect(:highlight, "comments_list_group_#{group_id}"),
+        :method => :post,
+        :condition => "!toggleGroup(#{group_id})",
+        :complete => "loadCompleted(#{group_id})")%>
+    </div>
+    <!-- FIXME: css file -->
+    <div id="comments_group_count_<%= group_id %>" style="float: right; vertical-align: middle; padding-left: 3px; padding-right: 5px; color: #5AC1FC"><span id="comment-count-<%= group_id %>" class='comment-count'><%= count %></span></div>
+
+  </div>
+
+  <div>
+    <%= inner_html %>
+  </div>
+
+  <div class="comment-group-loading-<%= group_id %>"/>
+
+  <div class="comments_list_toggle_group_<%= group_id %>" style="display:none">
+    <div class="article-comments-list" id="comments_list_group_<%= group_id %>"></div>
+    <div id="page-comment-form-<%= group_id %>" class='post_comment_box closed'><%= render :partial => 'comment/comment_form', :locals => {:comment => Comment.new, :display_link => true, :cancel_triggers_hide => true, :group_id => group_id}%></div>
+  </div>
+</div>
@@ -70,7 +70,8 @@ class CustomFormsPluginMyprofileController &lt; MyProfileController
   private
   def new_fields(params)
-    result = params[:fields].map {|id, hash| hash.has_key?(:real_id) ? nil : hash}.compact
+    keys = params[:fields].keys.sort{|a, b| a.to_i <=> b.to_i}
+    result = keys.map { |id| (hash = params[:fields][id]).has_key?(:real_id) ? nil : hash}.compact
     result.delete_if {|field| field[:name].blank?}
     result
   end
@@ -27,6 +27,7 @@ class CustomFormsPluginProfileController &lt; ProfileController
           failed_answers.each do |answer|
             @submission.errors.add(answer.field.name.to_sym, answer.errors[answer.field.slug.to_sym])
           end
+          raise 'Submission failed: answers not valid'
         end
         session[:notice] = _('Submission saved')
         redirect_to :action => 'show'
@@ -0,0 +1,13 @@
+class AddPositionToCustomFormsPluginFields < ActiveRecord::Migration
+  def self.up
+    change_table :custom_forms_plugin_fields do |t|
+      t.integer :position, :default => 0
+    end
+  end
+
+  def self.down
+    change_table :custom_forms_plugin_fields do |t|
+      t.remove :position
+    end
+  end
+end
@@ -12,5 +12,11 @@ class CustomFormsPlugin::Field &lt; ActiveRecord::Base
   before_validation do |field|
     field.slug = field.name.to_slug if field.name.present?
   end
+
+  before_create do |field|
+    if field.form.fields.exists?
+      field.position = field.form.fields.order('position').last.position + 1
+    end
+  end
 end
 class CustomFormsPlugin::Form < Noosfero::Plugin::ActiveRecord
   belongs_to :profile
-  has_many :fields, :class_name => 'CustomFormsPlugin::Field', :dependent => :destroy
+  has_many :fields, :class_name => 'CustomFormsPlugin::Field', :dependent => :destroy, :order => 'position'
   has_many :submissions, :class_name => 'CustomFormsPlugin::Submission'
   serialize :access
@@ -103,14 +103,17 @@ module CustomFormsPlugin::Helper
   def build_answers(submission, form)
     answers = []
-    submission.each do |slug, value|
-      field = form.fields.select {|field| field.slug==slug}.first
-      if value.kind_of?(String)
-        final_value = value
-      elsif value.kind_of?(Array)
-        final_value = value.join(',')
-      elsif value.kind_of?(Hash)
-        final_value = value.map {|option, present| present == '1' ? option : nil}.compact.join(',')
+    form.fields.each do |field|
+      final_value = ''
+      if submission.has_key?(field.slug)
+        value = submission[field.slug]
+        if value.kind_of?(String)
+          final_value = value
+        elsif value.kind_of?(Array)
+          final_value = value.join(',')
+        elsif value.kind_of?(Hash)
+          final_value = value.map {|option, present| present == '1' ? option : nil}.compact.join(',')
+        end
       end
       answers << CustomFormsPlugin::Answer.new(:field => field, :value => final_value)
     end
@@ -8,7 +8,6 @@ jQuery(&#39;.icon-edit&#39;).live(&#39;click&#39;, function() {
       id = jQuery(elem).attr('field_id');
       type = jQuery('#fields_'+id+'_type').val().split('_')[0];
       selector = '#edit-'+type+'-'+id
-      jQuery(selector).show();
       return selector
     }
   });
@@ -28,3 +28,6 @@
 .edit-information {
   display: none;
 }
+#colorbox .edit-information {
+  display: block;
+}
@@ -40,7 +40,7 @@ class CustomFormsPluginMyprofileControllerTest &lt; ActionController::TestCase
   should 'create a form' do
     format = '%Y-%m-%d %H:%M'
     begining = Time.now.strftime(format)
-    ending = (Time.now + 1.day).strftime('%Y-%m-%d %H:%M')
+    ending = (Time.now + 1.day).strftime(format)
     assert_difference CustomFormsPlugin::Form, :count, 1 do
       post :create, :profile => profile.identifier,
         :form => {
@@ -90,12 +90,42 @@ class CustomFormsPluginMyprofileControllerTest &lt; ActionController::TestCase
     assert f2.kind_of?(CustomFormsPlugin::SelectField)
   end
+  should 'create fields in the order they are sent' do
+    format = '%Y-%m-%d %H:%M'
+    num_fields = 10
+    begining = Time.now.strftime(format)
+    ending = (Time.now + 1.day).strftime(format)
+    fields = {}
+    num_fields.times do |i|
+      fields[i.to_s] = {
+        :name => i.to_s,
+        :default_value => '',
+        :type => 'text_field'
+      }
+    end
+    assert_difference CustomFormsPlugin::Form, :count, 1 do
+      post :create, :profile => profile.identifier,
+        :form => {
+        :name => 'My Form',
+        :access => 'logged',
+        :begining => begining,
+        :ending => ending,
+        :description => 'Cool form'},
+        :fields => fields
+    end
+    form = CustomFormsPlugin::Form.find_by_name('My Form')
+    assert_equal num_fields, form.fields.count
+    form.fields.find_each do |f|
+      assert_equal f.position, f.name.to_i
+    end
+  end
+
   should 'edit a form' do
     form = CustomFormsPlugin::Form.create!(:profile => profile, :name => 'Free Software')
     field = CustomFormsPlugin::TextField.create!(:form => form, :name => 'License')
     format = '%Y-%m-%d %H:%M'
     begining = Time.now.strftime(format)
-    ending = (Time.now + 1.day).strftime('%Y-%m-%d %H:%M')
+    ending = (Time.now + 1.day).strftime(format)
     post :edit, :profile => profile.identifier, :id => form.id,
       :form => {:name => 'My Form', :access => 'logged', :begining => begining, :ending => ending, :description => 'Cool form'},
@@ -0,0 +1,31 @@
+require File.dirname(__FILE__) + '/../../../../test/test_helper'
+require File.dirname(__FILE__) + '/../../controllers/custom_forms_plugin_profile_controller'
+
+# Re-raise errors caught by the controller.
+class CustomFormsPluginProfileController; def rescue_action(e) raise e end; end
+
+class CustomFormsPluginProfileControllerTest < ActionController::TestCase
+  def setup
+    @controller = CustomFormsPluginProfileController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+    @profile = create_user('profile').person
+    login_as(@profile.identifier)
+    environment = Environment.default
+    environment.enable_plugin(CustomFormsPlugin)
+  end
+
+  attr_reader :profile
+
+  should 'save submission if fields are ok' do
+    form = CustomFormsPlugin::Form.create!(:profile => profile, :name => 'Free Software')
+    field1 = CustomFormsPlugin::TextField.create(:name => 'Name', :form => form, :mandatory => true)
+    field2 = CustomFormsPlugin::TextField.create(:name => 'License', :form => form)
+
+    assert_difference CustomFormsPlugin::Submission, :count, 1 do
+      post :show, :profile => profile.identifier, :id => form.id, :submission => {field1.name.to_slug => 'Noosfero', field2.name.to_slug => 'GPL'}
+    end
+    assert !session[:notice].include?('not saved')
+    assert_redirected_to :action => 'show'
+  end
+end
@@ -71,5 +71,15 @@ class CustomFormsPlugin::FieldTest &lt; ActiveSupport::TestCase
     end
     assert_equal form.fields, [license_field]
   end
+
+  should 'give positions by creation order' do
+    form = CustomFormsPlugin::Form.create!(:name => 'Free Software', :profile => fast_create(Profile))
+    field_0 = CustomFormsPlugin::Field.create!(:name => 'License', :form => form)
+    field_1 = CustomFormsPlugin::Field.create!(:name => 'URL', :form => form)
+    field_2 = CustomFormsPlugin::Field.create!(:name => 'Wiki', :form => form)
+    assert_equal 0, field_0.position
+    assert_equal 1, field_1.position
+    assert_equal 2, field_2.position
+  end
 end
@@ -0,0 +1,82 @@		@@ -0,0 +1,82 @@
	1	+class TrustedSitesController < AdminController
	2	+ protect 'manage_environment_trusted_sites', :environment
	3	+
	4	+ def index
	5	+ @sites = environment.trusted_sites_for_iframe
	6	+ end
	7	+
	8	+ def new
	9	+ @site = ""
	10	+ end
	11	+
	12	+ def create
	13	+ if add_trusted_site(params[:site])
	14	+ session[:notice] = _('New trusted site added.')
	15	+ redirect_to :action => 'index'
	16	+ else
	17	+ session[:notice] = _('Failed to add trusted site.')
	18	+ render :action => 'new'
	19	+ end
	20	+ end
	21	+
	22	+ def edit
	23	+ if is_trusted_site? params[:site]
	24	+ @site = params[:site]
	25	+ else
	26	+ session[:notice] = _('Trusted site was not found')
	27	+ redirect_to :action => 'index'
	28	+ end
	29	+ end
	30	+
	31	+ def update
	32	+ site = params[:site]
	33	+ orig_site = params[:orig_site]
	34	+ if rename_trusted_site(orig_site, site)
	35	+ redirect_to :action => 'edit', :site => @site
	36	+ else
	37	+ session[:notice] = _('Failed to edit trusted site.')
	38	+ render :action => 'edit'
	39	+ end
	40	+ end
	41	+
	42	+ def destroy
	43	+ if delete_trusted_site(params[:site])
	44	+ session[:notice] = _('Trusted site removed')
	45	+ else
	46	+ session[:notice] = _('Trusted site could not be removed')
	47	+ end
	48	+ redirect_to :action => 'index'
	49	+ end
	50	+
	51	+ protected
	52	+ def add_trusted_site (site)
	53	+ trusted_sites = environment.trusted_sites_for_iframe
	54	+ trusted_sites << site
	55	+ environment.trusted_sites_for_iframe = trusted_sites
	56	+ environment.save
	57	+ end
	58	+
	59	+ def rename_trusted_site(orig_site, site)
	60	+ trusted_sites = environment.trusted_sites_for_iframe
	61	+ i = trusted_sites.index orig_site
	62	+ if i.nil?
	63	+ return false
	64	+ else
	65	+ trusted_sites[i] = site
	66	+ environment.trusted_sites_for_iframe = trusted_sites
	67	+ environment.save
	68	+ end
	69	+ end
	70	+
	71	+
	72	+ def delete_trusted_site (site)
	73	+ trusted_sites = environment.trusted_sites_for_iframe
	74	+ trusted_sites.delete site
	75	+ environment.trusted_sites_for_iframe = trusted_sites
	76	+ environment.save
	77	+ end
	78	+
	79	+ def is_trusted_site? (site)
	80	+ environment.trusted_sites_for_iframe.include? site
	81	+ end
	82	+end
	@@ -182,7 +182,14 @@ class CmsController < MyProfileController		@@ -182,7 +182,14 @@ class CmsController < MyProfileController
182	if request.post?	182	if request.post?
183	@article.destroy	183	@article.destroy
184	session[:notice] = _("\"#{@article.name}\" was removed.")	184	session[:notice] = _("\"#{@article.name}\" was removed.")
185	- redirect_to :action => (@article.parent ? 'view' : 'index'), :id => @article.parent	185	+ referer = ActionController::Routing::Routes.recognize_path URI.parse(request.referer).path rescue nil
		186	+ if referer and referer[:controller] == 'cms'
		187	+ redirect_to referer
		188	+ elsif @article.parent
		189	+ redirect_to @article.parent.url
		190	+ else
		191	+ redirect_to profile.url
		192	+ end
186	end	193	end
187	end	194	end
188		195
@@ -0,0 +1,164 @@		@@ -0,0 +1,164 @@
	1	+class CommentController < ApplicationController
	2	+
	3	+ needs_profile
	4	+
	5	+ before_filter :can_update?, :only => [:edit, :update]
	6	+
	7	+ def create
	8	+ begin
	9	+ @page = profile.articles.find(params[:id])
	10	+ rescue
	11	+ @page = nil
	12	+ end
	13	+
	14	+ # page not found, give error
	15	+ if @page.nil?
	16	+ respond_to do \|format\|
	17	+ format.js do
	18	+ render :json => { :msg => _('Page not found.')}
	19	+ end
	20	+ end
	21	+ return
	22	+ end
	23	+
	24	+ unless @page.accept_comments?
	25	+ respond_to do \|format\|
	26	+ format.js do
	27	+ render :json => { :msg => _('Comment not allowed in this article')}
	28	+ end
	29	+ end
	30	+ return
	31	+ end
	32	+
	33	+ @comment = Comment.new(params[:comment])
	34	+ @comment.author = user if logged_in?
	35	+ @comment.article = @page
	36	+ @comment.ip_address = request.remote_ip
	37	+ @comment.user_agent = request.user_agent
	38	+ @comment.referrer = request.referrer
	39	+ @plugins.dispatch(:filter_comment, @comment)
	40	+
	41	+ if @comment.rejected?
	42	+ respond_to do \|format\|
	43	+ format.js do
	44	+ render :json => { :msg => _('Comment was rejected')}
	45	+ end
	46	+ end
	47	+ return
	48	+ end
	49	+
	50	+ if !@comment.valid? \|\| (not pass_without_comment_captcha? and not verify_recaptcha(:model => @comment, :message => _('Please type the words correctly')))
	51	+ respond_to do \|format\|
	52	+ format.js do
	53	+ render :json => {
	54	+ :render_target => 'form',
	55	+ :html => render_to_string(:partial => 'comment_form', :object => @comment, :locals => {:comment => @comment, :display_link => true, :show_form => true})
	56	+ }
	57	+ end
	58	+ end
	59	+ return
	60	+ end
	61	+
	62	+ if @comment.need_moderation?
	63	+ @comment.created_at = Time.now
	64	+ ApproveComment.create!(:requestor => @comment.author, :target => profile, :comment_attributes => @comment.attributes.to_json)
	65	+
	66	+ respond_to do \|format\|
	67	+ format.js do
	68	+ render :json => { :render_target => nil, :msg => _('Your comment is waiting for approval.') }
	69	+ end
	70	+ end
	71	+ return
	72	+ end
	73	+
	74	+ @comment.save
	75	+
	76	+ respond_to do \|format\|
	77	+ format.js do
	78	+ comment_to_render = @comment.comment_root
	79	+ render :json => {
	80	+ :render_target => comment_to_render.anchor,
	81	+ :html => render_to_string(:partial => 'comment', :locals => {:comment => comment_to_render, :display_link => true}),
	82	+ :msg => _('Comment successfully created.')
	83	+ }
	84	+ end
	85	+ end
	86	+ end
	87	+
	88	+ def destroy
	89	+ comment = profile.comments_received.find(params[:id])
	90	+
	91	+ if comment && comment.can_be_destroyed_by?(user) && comment.destroy
	92	+ render :text => {'ok' => true}.to_json, :content_type => 'application/json'
	93	+ else
	94	+ session[:notice] = _("The comment was not removed.")
	95	+ render :text => {'ok' => false}.to_json, :content_type => 'application/json'
	96	+ end
	97	+ end
	98	+
	99	+ def mark_as_spam
	100	+ comment = profile.comments_received.find(params[:id])
	101	+ if comment.can_be_marked_as_spam_by?(user)
	102	+ comment.spam!
	103	+ render :text => {'ok' => true}.to_json, :content_type => 'application/json'
	104	+ else
	105	+ session[:notice] = _("You couldn't mark this comment as spam.")
	106	+ render :text => {'ok' => false}.to_json, :content_type => 'application/json'
	107	+ end
	108	+ end
	109	+
	110	+ def edit
	111	+ render :partial => "comment_form", :locals => {:comment => @comment, :display_link => params[:reply_of_id].present?, :edition_mode => true, :show_form => true}
	112	+ end
	113	+
	114	+ def update
	115	+ if @comment.update_attributes(params[:comment])
	116	+ respond_to do \|format\|
	117	+ format.js do
	118	+ comment_to_render = @comment.comment_root
	119	+ render :json => {
	120	+ :ok => true,
	121	+ :render_target => comment_to_render.anchor,
	122	+ :html => render_to_string(:partial => 'comment', :locals => {:comment => comment_to_render})
	123	+ }
	124	+ end
	125	+ end
	126	+ else
	127	+ respond_to do \|format\|
	128	+ format.js do
	129	+ render :json => {
	130	+ :ok => false,
	131	+ :render_target => 'form',
	132	+ :html => render_to_string(:partial => 'comment_form', :object => @comment, :locals => {:comment => @comment, :display_link => false, :edition_mode => true, :show_form => true})
	133	+ }
	134	+ end
	135	+ end
	136	+ end
	137	+ end
	138	+
	139	+ def check_actions
	140	+ comment = profile.comments_received.find(params[:id])
	141	+ ids = @plugins.dispatch(:check_comment_actions, comment).collect do \|action\|
	142	+ action.kind_of?(Proc) ? self.instance_eval(&action) : action
	143	+ end.flatten.compact
	144	+ render :json => {:ids => ids}
	145	+ end
	146	+
	147	+ protected
	148	+
	149	+ def pass_without_comment_captcha?
	150	+ logged_in? && !environment.enabled?('captcha_for_logged_users')
	151	+ end
	152	+ helper_method :pass_without_comment_captcha?
	153	+
	154	+ def can_update?
	155	+ begin
	156	+ @comment = profile.comments_received.find(params[:id])
	157	+ raise ActiveRecord::RecordNotFound unless @comment.can_be_updated_by?(user) # Not reveal that the comment exists
	158	+ rescue ActiveRecord::RecordNotFound
	159	+ render_not_found
	160	+ return
	161	+ end
	162	+ end
	163	+
	164	+end
	@@ -2,8 +2,6 @@ class ContentViewerController < ApplicationController		@@ -2,8 +2,6 @@ class ContentViewerController < ApplicationController
2		2
3	needs_profile	3	needs_profile
4		4
5	- before_filter :comment_author, :only => :edit_comment
6	-
7	helper ProfileHelper	5	helper ProfileHelper
8	helper TagsHelper	6	helper TagsHelper
9		7
	@@ -70,24 +68,8 @@ class ContentViewerController < ApplicationController		@@ -70,24 +68,8 @@ class ContentViewerController < ApplicationController
70		68
71	@form_div = params[:form]	69	@form_div = params[:form]
72		70
73	- if params[:comment] && params[:confirm] == 'true'
74	- @comment = Comment.new(params[:comment])
75	- if request.post? && @page.accept_comments?
76	- add_comment
77	- end
78	- else
79	- @comment = Comment.new
80	- end
81	-
82	- if request.post?
83	- if params[:remove_comment]
84	- remove_comment
85	- return
86	- elsif params[:mark_comment_as_spam]
87	- mark_comment_as_spam
88	- return
89	- end
90	- end	71	+ #FIXME see a better way to do this. It's not need to pass this variable anymore
		72	+ @comment = Comment.new
91		73
92	if @page.has_posts?	74	if @page.has_posts?
93	posts = if params[:year] and params[:month]	75	posts = if params[:year] and params[:month]
	@@ -117,89 +99,18 @@ class ContentViewerController < ApplicationController		@@ -117,89 +99,18 @@ class ContentViewerController < ApplicationController
117	end	99	end
118	end	100	end
119		101
120	- comments = @page.comments.without_spam
121	- @comments = comments.as_thread
122	- @comments_count = comments.count	102	+ @comments = @page.comments.without_spam
		103	+ @comments_count = @comments.count
		104	+ @comments = @plugins.filter(:unavailable_comments, @comments.without_reply)
		105	+ @comments = @comments.paginate(:per_page => per_page, :page => params[:comment_page] )
		106	+
123	if params[:slideshow]	107	if params[:slideshow]
124	render :action => 'slideshow', :layout => 'slideshow'	108	render :action => 'slideshow', :layout => 'slideshow'
125	end	109	end
126	end	110	end
127		111
128	- def edit_comment
129	- path = params[:page].join('/')
130	- @page = profile.articles.find_by_path(path)
131	- @form_div = 'opened'
132	- @comment = @page.comments.find_by_id(params[:id])
133	- if @comment
134	- if request.post?
135	- begin
136	- @comment.update_attributes(params[:comment])
137	- session[:notice] = _('Comment succesfully updated')
138	- redirect_to :action => 'view_page', :profile => profile.identifier, :page => @comment.article.explode_path
139	- rescue
140	- session[:notice] = _('Comment could not be updated')
141	- end
142	- end
143	- else
144	- redirect_to @page.view_url
145	- session[:notice] = _('Could not find the comment in the article')
146	- end
147	- end
148	-
149	protected	112	protected
150		113
151	- def add_comment
152	- @comment.author = user if logged_in?
153	- @comment.article = @page
154	- @comment.ip_address = request.remote_ip
155	- @comment.user_agent = request.user_agent
156	- @comment.referrer = request.referrer
157	- plugins_filter_comment(@comment)
158	- return if @comment.rejected?
159	- if (pass_without_comment_captcha? \|\| verify_recaptcha(:model => @comment, :message => _('Please type the words correctly'))) && @comment.save
160	- @page.touch
161	- @comment = nil # clear the comment form
162	- redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
163	- else
164	- @form_div = 'opened' if params[:comment][:reply_of_id].blank?
165	- end
166	- end
167	-
168	- def plugins_filter_comment(comment)
169	- @plugins.each do \|plugin\|
170	- plugin.filter_comment(comment)
171	- end
172	- end
173	-
174	- def pass_without_comment_captcha?
175	- logged_in? && !environment.enabled?('captcha_for_logged_users')
176	- end
177	- helper_method :pass_without_comment_captcha?
178	-
179	- def remove_comment
180	- @comment = @page.comments.find(params[:remove_comment])
181	- if (user == @comment.author \|\| user == @page.profile \|\| user.has_permission?(:moderate_comments, @page.profile))
182	- @comment.destroy
183	- end
184	- finish_comment_handling
185	- end
186	-
187	- def mark_comment_as_spam
188	- @comment = @page.comments.find(params[:mark_comment_as_spam])
189	- if logged_in? && (user == @page.profile \|\| user.has_permission?(:moderate_comments, @page.profile))
190	- @comment.spam!
191	- end
192	- finish_comment_handling
193	- end
194	-
195	- def finish_comment_handling
196	- if request.xhr?
197	- render :text => {'ok' => true}.to_json, :content_type => 'application/json'
198	- else
199	- redirect_to :action => 'view_page', :profile => params[:profile], :page => @page.explode_path, :view => params[:view]
200	- end
201	- end
202	-
203	def per_page	114	def per_page
204	12	115	12
205	end	116	end
	@@ -223,13 +134,9 @@ class ContentViewerController < ApplicationController		@@ -223,13 +134,9 @@ class ContentViewerController < ApplicationController
223	end	134	end
224	end	135	end
225		136
226	- def comment_author
227	- comment = Comment.find_by_id(params[:id])
228	- if comment
229	- render_access_denied if comment.author.blank? \|\| comment.author != user
230	- else
231	- render_not_found
232	- end	137	+ def pass_without_comment_captcha?
		138	+ logged_in? && !environment.enabled?('captcha_for_logged_users')
233	end	139	end
		140	+ helper_method :pass_without_comment_captcha?
234		141
235	end	142	end
	@@ -278,7 +278,7 @@ class ProfileController < PublicController		@@ -278,7 +278,7 @@ class ProfileController < PublicController
278	end	278	end
279		279
280	def register_report	280	def register_report
281	- if !verify_recaptcha	281	+ unless user.is_admin? \|\| verify_recaptcha
282	render :text => {	282	render :text => {
283	:ok => false,	283	:ok => false,
284	:error => {	284	:error => {
@@ -0,0 +1,70 @@		@@ -0,0 +1,70 @@
	1	+module CommentHelper
	2	+
	3	+ def article_title(article, args = {})
	4	+ title = article.title
	5	+ title = article.display_title if article.kind_of?(UploadedFile) && article.image?
	6	+ title = content_tag('h1', h(title), :class => 'title')
	7	+ if article.belongs_to_blog?
	8	+ unless args[:no_link]
	9	+ title = content_tag('h1', link_to(article.name, article.url), :class => 'title')
	10	+ end
	11	+ comments = ''
	12	+ unless args[:no_comments] \|\| !article.accept_comments
	13	+ comments = (" - %s") % link_to_comments(article)
	14	+ end
	15	+ title << content_tag('span',
	16	+ content_tag('span', show_date(article.published_at), :class => 'date') +
	17	+ content_tag('span', [_(", by %s") % link_to(article.author_name, article.author_url)], :class => 'author') +
	18	+ content_tag('span', comments, :class => 'comments'),
	19	+ :class => 'created-at'
	20	+ )
	21	+ end
	22	+ title
	23	+ end
	24	+
	25	+ def comment_actions(comment)
	26	+ url = url_for(:profile => profile.identifier, :controller => :comment, :action => :check_actions, :id => comment.id)
	27	+ links = links_for_comment_actions(comment)
	28	+ content_tag(:li, link_to(content_tag(:span, _('Contents menu')), '#', :onclick => "toggleSubmenu(this,'',#{links.to_json}); return false", :class => 'menu-submenu-trigger comment-trigger', :url => url), :class=> 'vcard') unless links.empty?
	29	+ end
	30	+
	31	+ private
	32	+
	33	+ def links_for_comment_actions(comment)
	34	+ actions = [link_for_report_abuse(comment), link_for_spam(comment), link_for_edit(comment), link_for_remove(comment)]
	35	+ @plugins.dispatch(:comment_actions, comment).collect do \|action\|
	36	+ actions << (action.kind_of?(Proc) ? self.instance_eval(&action) : action)
	37	+ end
	38	+ actions.flatten.compact
	39	+ end
	40	+
	41	+ def link_for_report_abuse(comment)
	42	+ if comment.author
	43	+ report_abuse_link = report_abuse(comment.author, :comment_link, comment)
	44	+ {:link => report_abuse_link} if report_abuse_link
	45	+ end
	46	+ end
	47	+
	48	+ def link_for_spam(comment)
	49	+ if comment.can_be_marked_as_spam_by?(user)
	50	+ if comment.spam?
	51	+ {:link => link_to_function(_('Mark as NOT SPAM'), 'remove_comment(this, %s); return false;' % url_for(:profile => profile.identifier, :mark_comment_as_ham => comment.id).to_json, :class => 'comment-footer comment-footer-link comment-footer-hide')}
	52	+ else
	53	+ {:link => link_to_function(_('Mark as SPAM'), 'remove_comment(this, %s, %s); return false;' % [url_for(:profile => profile.identifier, :controller => 'comment', :action => :mark_as_spam, :id => comment.id).to_json, _('Are you sure you want to mark this comment as SPAM?').to_json], :class => 'comment-footer comment-footer-link comment-footer-hide')}
	54	+ end
	55	+ end
	56	+ end
	57	+
	58	+ def link_for_edit(comment)
	59	+ if comment.can_be_updated_by?(user)
	60	+ {:link => expirable_comment_link(comment, :edit, _('Edit'), url_for(:profile => profile.identifier, :controller => :comment, :action => :edit, :id => comment.id),:class => 'colorbox')}
	61	+ end
	62	+ end
	63	+
	64	+ def link_for_remove(comment)
	65	+ if comment.can_be_destroyed_by?(user)
	66	+ {:link => link_to_function(_('Remove'), 'remove_comment(this, %s, %s); return false ;' % [url_for(:profile => profile.identifier, :controller => 'comment', :action => :destroy, :id => comment.id).to_json, _('Are you sure you want to remove this comment and all its replies?').to_json], :class => 'comment-footer comment-footer-link comment-footer-hide remove-children')}
	67	+ end
	68	+ end
	69	+
	70	+end
	@@ -244,7 +244,7 @@ module FormsHelper		@@ -244,7 +244,7 @@ module FormsHelper
244	yearSuffix: #{datepicker_options[:year_suffix].to_json}	244	yearSuffix: #{datepicker_options[:year_suffix].to_json}
245	})	245	})
246	</script>	246	</script>
247	- "	247	+ ".html_safe
248	result	248	result
249	end	249	end
250		250
	@@ -84,5 +84,11 @@ module LayoutHelper		@@ -84,5 +84,11 @@ module LayoutHelper
84	theme_path + '/style.css'	84	theme_path + '/style.css'
85	end	85	end
86		86
		87	+ def addthis_javascript
		88	+ if NOOSFERO_CONF['addthis_enabled']
		89	+ '<script src="http://s7.addthis.com/js/152/addthis_widget.js"></script>'
		90	+ end
		91	+ end
		92	+
87	end	93	end
88		94
@@ -0,0 +1,92 @@		@@ -0,0 +1,92 @@
	1	+module MacrosHelper
	2	+
	3	+ def macros_in_menu
	4	+ @plugins.dispatch(:macros).reject{ \|macro\| macro.configuration[:icon_path] }
	5	+ end
	6	+
	7	+ def macros_with_buttons
	8	+ @plugins.dispatch(:macros).reject{ \|macro\| !macro.configuration[:icon_path] }
	9	+ end
	10	+
	11	+ def macro_title(macro)
	12	+ macro.configuration[:title] \|\| macro.name.humanize
	13	+ end
	14	+
	15	+ def generate_macro_config_dialog(macro)
	16	+ if macro.configuration[:skip_dialog]
	17	+ "function(){#{macro_generator(macro)}}"
	18	+ else
	19	+ "function(){
	20	+ jQuery('<div>'+#{macro_configuration_dialog(macro).to_json}+'</div>').dialog({
	21	+ title: #{macro_title(macro).to_json},
	22	+ modal: true,
	23	+ buttons: [
	24	+ {text: #{_('Ok').to_json}, click: function(){
	25	+ tinyMCE.activeEditor.execCommand('mceInsertContent', false,
	26	+ (function(dialog){ #{macro_generator(macro)} })(this));
	27	+ jQuery(this).dialog('close');
	28	+ }},
	29	+ {text: #{_('Cancel').to_json}, click: function(){jQuery(this).dialog('close');}}
	30	+ ]
	31	+ });
	32	+ }"
	33	+ end
	34	+ end
	35	+
	36	+ def include_macro_js_files
	37	+ plugins_javascripts = []
	38	+ @plugins.dispatch(:macros).map do \|macro\|
	39	+ if macro.configuration[:js_files]
	40	+ macro.configuration[:js_files].map { \|js\| plugins_javascripts << macro.plugin.public_path(js) }
	41	+ end
	42	+ end
	43	+ javascript_include_tag(plugins_javascripts, :cache => 'cache/plugins-' + Digest::MD5.hexdigest(plugins_javascripts.to_s)) unless plugins_javascripts.empty?
	44	+ end
	45	+
	46	+ def macro_css_files
	47	+ plugins_css = []
	48	+ @plugins.dispatch(:macros).map do \|macro\|
	49	+ if macro.configuration[:css_files]
	50	+ macro.configuration[:css_files].map { \|css\| plugins_css << macro.plugin.public_path(css) }
	51	+ end
	52	+ end
	53	+ plugins_css.join(',')
	54	+ end
	55	+
	56	+ protected
	57	+
	58	+ def macro_generator(macro)
	59	+ if macro.configuration[:generator]
	60	+ macro.configuration[:generator]
	61	+ else
	62	+ macro_default_generator(macro)
	63	+ end
	64	+
	65	+ end
	66	+
	67	+ def macro_default_generator(macro)
	68	+ code = "var params = {};"
	69	+ configuration = macro_configuration(macro)
	70	+ configuration[:params].map do \|field\|
	71	+ code += "params.#{field[:name]} = jQuery('*[name=#{field[:name]}]', dialog).val();"
	72	+ end
	73	+ code + "
	74	+ var html = jQuery('<div class=\"macro mceNonEditable\" data-macro=\"#{macro.identifier}\">'+#{macro_title(macro).to_json}+'</div>')[0];
	75	+ for(key in params) html.setAttribute('data-macro-'+key,params[key]);
	76	+ return html.outerHTML;
	77	+ "
	78	+ end
	79	+
	80	+ def macro_configuration_dialog(macro)
	81	+ macro.configuration[:params].map do \|field\|
	82	+ label_name = field[:label] \|\| field[:name].to_s.humanize
	83	+ case field[:type]
	84	+ when 'text'
	85	+ labelled_form_field(label_name, text_field_tag(field[:name], field[:default]))
	86	+ when 'select'
	87	+ labelled_form_field(label_name, select_tag(field[:name], options_for_select(field[:values], field[:default])))
	88	+ end
	89	+ end.join("\n")
	90	+ end
	91	+
	92	+end
@@ -0,0 +1,104 @@		@@ -0,0 +1,104 @@
	1	+class ApproveComment < Task
	2	+ validates_presence_of :target_id
	3	+
	4	+ settings_items :comment_attributes, :closing_statment
	5	+
	6	+ validates_presence_of :comment_attributes
	7	+
	8	+ def comment
	9	+ @comment \|\|= Comment.new(JSON.parse(self.comment_attributes)) unless self.comment_attributes.nil?
	10	+ end
	11	+
	12	+ def requestor_name
	13	+ requestor ? requestor.name : (comment.name \|\| _('Anonymous'))
	14	+ end
	15	+
	16	+ def article
	17	+ Article.find_by_id comment.source_id unless self.comment.nil?
	18	+ end
	19	+
	20	+ def article_name
	21	+ article ? article.name : _("Article removed.")
	22	+ end
	23	+
	24	+ def perform
	25	+ comment.save!
	26	+ end
	27	+
	28	+ def title
	29	+ _("New comment to article")
	30	+ end
	31	+
	32	+ def icon
	33	+ result = {:type => :defined_image, :src => '/images/icons-app/article-minor.png'}
	34	+ result.merge!({:url => article.url}) if article
	35	+ result
	36	+ end
	37	+
	38	+ def linked_subject
	39	+ {:text => article_name, :url => article.url} if article
	40	+ end
	41	+
	42	+ def information
	43	+ if article
	44	+ if requestor
	45	+ {:message => _('%{requestor} commented on the the article: %{linked_subject}.')}
	46	+ else
	47	+ { :message => _('%{requestor} commented on the the article: %{linked_subject}.'),
	48	+ :variables => {:requestor => requestor_name} }
	49	+ end
	50	+ else
	51	+ {:message => _("The article was removed.")}
	52	+ end
	53	+ end
	54	+
	55	+ def accept_details
	56	+ true
	57	+ end
	58	+
	59	+ def reject_details
	60	+ true
	61	+ end
	62	+
	63	+ def default_decision
	64	+ if article
	65	+ 'skip'
	66	+ else
	67	+ 'reject'
	68	+ end
	69	+ end
	70	+
	71	+ def accept_disabled?
	72	+ article.blank?
	73	+ end
	74	+
	75	+ def target_notification_description
	76	+ if article
	77	+ _('%{requestor} wants to comment the article: %{article}.') % {:requestor => requestor_name, :article => article.name}
	78	+ else
	79	+ _('%{requestor} wanted to comment the article but it was removed.') % {:requestor => requestor_name}
	80	+ end
	81	+ end
	82	+
	83	+ def target_notification_message
	84	+ target_notification_description + "\n\n" +
	85	+ _('You need to login on %{system} in order to approve or reject this comment.') % { :system => target.environment.name }
	86	+ end
	87	+
	88	+ def task_finished_message
	89	+ if !closing_statment.blank?
	90	+ _("Your comment to the article \"%{article}\" was approved. Here is the comment left by the admin who approved your comment:\n\n%{comment} ") % {:article => article_name, :comment => closing_statment}
	91	+ else
	92	+ _('Your request for comment the article "%{article}" was approved.') % {:article => article_name}
	93	+ end
	94	+ end
	95	+
	96	+ def task_cancelled_message
	97	+ message = _('Your request for commenting the article "%{article}" was rejected.') % {:article => article_name}
	98	+ if !reject_explanation.blank?
	99	+ message += " " + _("Here is the reject explanation left by the administrator who rejected your comment: \n\n%{reject_explanation}") % {:reject_explanation => reject_explanation}
	100	+ end
	101	+ message
	102	+ end
	103	+
	104	+end