diff --git a/app/controllers/my_profile/cms_controller.rb b/app/controllers/my_profile/cms_controller.rb
index 47d4600..c70285a 100644
--- a/app/controllers/my_profile/cms_controller.rb
+++ b/app/controllers/my_profile/cms_controller.rb
@@ -30,10 +30,6 @@ class CmsController < MyProfileController
     (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
   end
 
-  def self.add_as_exception?(action)
-    false 
-  end
-
   protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new] do |c, user, profile|
     user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))
   end
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index daf844b..e928f9f 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -866,13 +866,11 @@ module ApplicationHelper
   end
 
   def helper_for_article(article)
-    puts "teste "*20
     article_helper = ActionView::Base.new
     article_helper.controller = controller
     article_helper.extend ArticleHelper
     article_helper.extend Rails.application.routes.url_helpers
     begin
-      puts "erro "*20
       class_name = article.class.name + 'Helper'
       klass = class_name.constantize
       article_helper.extend klass
diff --git a/plugins/work_assignment/controllers/work_assignment_plugin_myprofile_controller.rb b/plugins/work_assignment/controllers/work_assignment_plugin_myprofile_controller.rb
index 8f0de69..8035770 100644
--- a/plugins/work_assignment/controllers/work_assignment_plugin_myprofile_controller.rb
+++ b/plugins/work_assignment/controllers/work_assignment_plugin_myprofile_controller.rb
@@ -1,19 +1,18 @@
 class WorkAssignmentPluginMyprofileController < MyProfileController
 
-include ArticleHelper
-include CmsHelper
+helper ArticleHelper
+helper CmsHelper
 
 before_filter :protect_if, :only => [:edit_visibility]
 
-
 def protect_if
-  article = c.environment.articles.find_by_id(c.params[:article_id])
-  (user && !article.nil? && (user.is_member_of? article.profile) &&
-  article.parent.allow_privacy_edition && article.folder? &&
+  article = environment.articles.find_by_id(params[:article_id])
+  render_access_denied unless (user && !article.nil? && (user.is_member_of? article.profile) &&
+  article.parent.allow_visibility_edition && article.folder? &&
   (article.author == user || user.has_permission?('view_private_content', profile)))
 end 
 
-def edit_privacy
+def edit_visibility
   unless params[:article_id].blank?
     folder = profile.environment.articles.find_by_id(params[:article_id])
     @back_to = url_for(folder.parent.url)
@@ -27,4 +26,10 @@ def edit_privacy
     end    
   end
  end
-end
\ No newline at end of file
+
+  def search_article_privacy_exceptions
+    arg = params[:q].downcase
+    result = profile.members.find(:all, :conditions => ['LOWER(name) LIKE ?', "%#{arg}%"])
+    render :text => prepare_to_token_input(result).to_json
+  end
+end
diff --git a/plugins/work_assignment/lib/ext/cms_controller.rb b/plugins/work_assignment/lib/ext/cms_controller.rb
deleted file mode 100644
index 8db2504..0000000
--- a/plugins/work_assignment/lib/ext/cms_controller.rb
+++ /dev/null
@@ -1,36 +0,0 @@
-require_dependency 'cms_controller'
-
-class CmsController
-
-protect_if :only => :edit_visibility do |c, user, profile|
-  article = c.environment.articles.find_by_id(c.params[:article_id])
-  (user && !article.nil? && (user.is_member_of? article.profile) &&
-  article.parent.allow_privacy_edition && article.folder? &&
-  (article.author == user || user.has_permission?('view_private_content', profile)))
-end
-
-def edit_visibility
-  unless params[:article_id].blank?
-    folder = profile.environment.articles.find_by_id(params[:article_id])
-    @back_to = url_for(folder.parent.url)
-    unless params[:article].blank?
-      folder.published = params[:article][:published]
-      unless params[:q].nil?
-        folder.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}
-      end
-      folder.save!
-      redirect_to @back_to
-    end    
-  end
- end
-
-def self.add_as_exception?(action)
-    actions = "edit_visibility, search_article_privacy_exceptions"
-    if actions.include? action
-      true
-    else
-      false
-    end
-  end
-
-end
diff --git a/plugins/work_assignment/lib/ext/email_contact.rb b/plugins/work_assignment/lib/ext/email_contact.rb
index 7ae5023..605b2be 100644
--- a/plugins/work_assignment/lib/ext/email_contact.rb
+++ b/plugins/work_assignment/lib/ext/email_contact.rb
@@ -52,8 +52,7 @@ class EmailContact
   def build_mail_message!(environment, uploaded_files, parent_id)
     article = environment.articles.find_by_id(parent_id)
     message = ""
-    #kind_of?
-    if !article.nil? && article.type == "WorkAssignmentPlugin::WorkAssignment"
+    if !article.nil? && article.kind_of?(WorkAssignmentPlugin::WorkAssignment)
       message = article.default_email + "<br>"
     end
     uploaded_files.each do |file|
diff --git a/plugins/work_assignment/lib/ext/folder.rb b/plugins/work_assignment/lib/ext/folder.rb
index 14a767e..0128b1d 100644
--- a/plugins/work_assignment/lib/ext/folder.rb
+++ b/plugins/work_assignment/lib/ext/folder.rb
@@ -10,4 +10,4 @@ class Folder < Article
       end
     end
   end
-end
\ No newline at end of file
+end
diff --git a/plugins/work_assignment/lib/work_assignment_plugin/helper.rb b/plugins/work_assignment/lib/work_assignment_plugin/helper.rb
index 907b19d..a77e93f 100644
--- a/plugins/work_assignment/lib/work_assignment_plugin/helper.rb
+++ b/plugins/work_assignment/lib/work_assignment_plugin/helper.rb
@@ -1,6 +1,6 @@
 module WorkAssignmentPlugin::Helper
   include CmsHelper
-  include ArticleHelper
+  
   def display_submissions(work_assignment, user)
     return if work_assignment.submissions.empty?
     content_tag('table',
@@ -73,41 +73,21 @@ module WorkAssignmentPlugin::Helper
   end
 
   def display_privacy_button(author_folder, user)
-    #ver if
-    if author_folder
-      folder = environment.articles.find_by_id(author_folder.id)
-      work_assignment = folder.parent
-      @back_to = url_for(folder.parent.url)
-      if(user && work_assignment.allow_privacy_edition &&
-        ((author_folder.author_id == user.id && (user.is_member_of? work_assignment.profile)) || 
-        user.has_permission?('view_private_content', work_assignment.profile)))#@profile?
+    folder = environment.articles.find_by_id(author_folder.id)
+    work_assignment = folder.parent
+    @back_to = url_for(work_assignment.url)
 
-        @tokenized_children = prepare_to_token_input(
-                              profile.members.includes(:articles_with_access).find_all{ |m|
-                                m.articles_with_access.include?(folder)
-                              })
-        button :edit, _('Edit'), { :controller => 'work_assignment_plugin_myprofile',
-        :action => 'edit_privacy', :article_id => folder.id,
-        :tokenized_children => @tokenized_children, :back_to => @back_to}, :method => :post
-      end
-    end
-  end
+    if(user && work_assignment.allow_visibility_edition &&
+      ((author_folder.author_id == user.id && (user.is_member_of? profile)) ||
+      user.has_permission?('view_private_content', profile)))
 
-  def visibility_options(article, tokenized_children)
-    content_tag('h4', _('Visibility')) +
-    content_tag('div',
-      content_tag('div',
-        radio_button(:article, :published, true) +
-          content_tag('label', _('Public (visible to other people)'), :for => 'article_published_true')
-           ) +
-      content_tag('div',
-        radio_button(:article, :published, false) +
-          content_tag('label', _('Private'), :for => 'article_published_false', :id => "label_private")
-       ) +
-      (article.profile.community? ? content_tag('div',
-        content_tag('label', _('Fill in the search field to add the exception users to see this content'), :id => "text-input-search-exception-users") +
-        token_input_field_tag(:q, 'search-article-privacy-exceptions', {:action => 'search_article_privacy_exceptions'},
-          {:focus => false, :hint_text => _('Type in a search term for a user'), :pre_populate => tokenized_children})) :
-          ''))
+      @tokenized_children = prepare_to_token_input(
+                            profile.members.includes(:articles_with_access).find_all{ |m|
+                              m.articles_with_access.include?(folder)
+                            })
+      button :edit, _('Edit'), { :controller => 'work_assignment_plugin_myprofile',
+      :action => 'edit_visibility', :article_id => folder.id,
+      :tokenized_children => @tokenized_children, :back_to => @back_to}, :method => :post
+    end
   end
 end
diff --git a/plugins/work_assignment/lib/work_assignment_plugin/work_assignment.rb b/plugins/work_assignment/lib/work_assignment_plugin/work_assignment.rb
index 26c0278..a27f0a2 100644
--- a/plugins/work_assignment/lib/work_assignment_plugin/work_assignment.rb
+++ b/plugins/work_assignment/lib/work_assignment_plugin/work_assignment.rb
@@ -2,11 +2,11 @@ class WorkAssignmentPlugin::WorkAssignment < Folder
 
   settings_items :publish_submissions, :type => :boolean, :default => false
   settings_items :default_email, :type => :string, :default => ""
-  settings_items :allow_privacy_edition, :type => :boolean, :default => false
+  settings_items :allow_visibility_edition, :type => :boolean, :default => false
 
   attr_accessible :publish_submissions
   attr_accessible :default_email
-  attr_accessible :allow_privacy_edition
+  attr_accessible :allow_visibility_edition
   
   def self.icon_name(article = nil)
     'work-assignment'
diff --git a/plugins/work_assignment/test/functional/cms_controller_test.rb b/plugins/work_assignment/test/functional/cms_controller_test.rb
index 94b25a7..df204bf 100644
--- a/plugins/work_assignment/test/functional/cms_controller_test.rb
+++ b/plugins/work_assignment/test/functional/cms_controller_test.rb
@@ -6,14 +6,6 @@ class CmsController; def rescue_action(e) raise e end; end
 
 class CmsControllerTest < ActionController::TestCase
 
-  include NoosferoTestHelper
-  #necessario?
-  fixtures :environments
-
-
-  attr_reader :profile
-  attr_accessor :person
-
   def setup
     @controller = CmsController.new
     @request    = ActionController::TestRequest.new
@@ -34,7 +26,7 @@ class CmsControllerTest < ActionController::TestCase
   end
 
   should 'allow members to upload submissions on work_assignment' do
-    @organization.add_member(person)
+    @organization.add_member(@person)
     # then he trys to upload new stuff
     work_assignment = create_work_assignment('Work Assignment', @organization, nil, nil)
     get :upload_files, :profile => @organization.identifier, :parent_id => work_assignment.id
@@ -42,7 +34,7 @@ class CmsControllerTest < ActionController::TestCase
   end
 
   should 'redirect to Work Assignment view page after upload submission' do
-    @organization.add_member(person)
+    @organization.add_member(@person)
     work_assignment = create_work_assignment('Work Assignment', @organization, nil, nil)
     post :upload_files, :profile => @organization.identifier, :parent_id => work_assignment.id, :uploaded_files => [fixture_file_upload('/files/test.txt', 'text/plain')] , :back_to => @work_assignment.url
     assert_redirected_to work_assignment.url
@@ -50,20 +42,20 @@ class CmsControllerTest < ActionController::TestCase
 
   should 'upload submission and automatically move it to the author folder' do
     work_assignment = create_work_assignment('Work Assignment', @organization, nil, nil)
-    @organization.add_member(person)
+    @organization.add_member(@person)
     post :upload_files, :profile => @organization.identifier, :parent_id => work_assignment.id, :uploaded_files => [fixture_file_upload('/files/test.txt', 'text/plain')]
     submission = UploadedFile.last
-    assert_equal work_assignment.find_or_create_author_folder(person), submission.parent
+    assert_equal work_assignment.find_or_create_author_folder(@person), submission.parent
   end
 
-  should 'work_assignment attribute allow_privacy_edition is true when set a new work_assignment' do
+  should 'work_assignment attribute allow_visibility_edition is true when set a new work_assignment' do
     work_assignment = create_work_assignment('Work Assignment', @organization, nil, true)
-    @organization.add_member(person)
-    assert_equal true, work_assignment.allow_privacy_edition
+    @organization.add_member(@person)
+    assert_equal true, work_assignment.allow_visibility_edition
   end
 
   should 'a submission and parent attribute "published" be equal to Work Assignment attribute publish submissions' do
-    @organization.add_member(person)
+    @organization.add_member(@person)
     work_assignment = create_work_assignment('Work Assignment', @organization, true, nil)
     assert_equal true, work_assignment.publish_submissions
     post :upload_files, :profile => @organization.identifier, :parent_id => work_assignment.id, :uploaded_files => [fixture_file_upload('/files/test.txt', 'text/plain')]
@@ -79,143 +71,8 @@ class CmsControllerTest < ActionController::TestCase
     assert_equal other_work_assignment.publish_submissions, submission.parent.published
   end
 
-  should 'submission edit visibility deny access to users and admin when Work Assignment allow_privacy_edition is false' do
-    @organization.add_member(person)
-    ##### Testing with normal user
-    work_assignment = create_work_assignment('Work Assignment', @organization, nil, nil)
-    post :upload_files, :profile => @organization.identifier, :parent_id => work_assignment.id, :uploaded_files => [fixture_file_upload('/files/test.txt', 'text/plain')]
-    submission = UploadedFile.last
-    assert_equal false, submission.published
-    assert_equal false, submission.parent.published
-
-    post :edit_visibility, :profile => @organization.identifier, :article_id => submission.parent.id
-    assert_template 'access_denied'
-    post :edit_visibility, :profile => @organization.identifier, :article_id => submission.parent.id, :article => { :published => true }
-    assert_template 'access_denied'
-
-    submission.reload
-    assert_equal false, submission.published
-    assert_equal false, submission.parent.published
-
-    #### Even with admin user
-    e = Environment.default
-    assert_equal false, person.is_admin?
-    e.add_admin(person)
-    e.save!
-    assert_equal true, person.is_admin?
-
-    post :edit_visibility, :profile => @organization.identifier, :article_id => submission.parent.id
-    assert_template 'access_denied'
-    post :edit_visibility, :profile => @organization.identifier, :article_id => submission.parent.id, :article => { :published => true }
-    assert_template 'access_denied'
-
-    submission.reload
-    assert_equal false, submission.published
-  end
-
-  should 'redirect an unlogged user to the login page if he tryes to access the edit visibility page and work_assignment allow_privacy_edition is true' do
-    @organization.add_member(person)
-    work_assignment = create_work_assignment('Work Assignment', @organization, nil, nil)
-    work_assignment.allow_privacy_edition = true # the user can edit the privacy
-    assert_equal true, work_assignment.allow_privacy_edition
-    work_assignment.save!
-    parent = work_assignment.find_or_create_author_folder(person)
-    UploadedFile.create(
-            {
-              :uploaded_data => fixture_file_upload('/files/test.txt', 'text/plain'),
-              :profile => @organization,
-              :parent => parent,
-              :last_changed_by => person,
-              :author => person,
-            },
-            :without_protection => true
-          )
-    logout
-    submission = UploadedFile.last
-    assert_equal false, submission.parent.published
-    assert_equal false, submission.published
-
-    post :edit_visibility, :profile => @organization.identifier, :article_id => submission.parent.id
-    assert_redirected_to '/account/login'
-    post :edit_visibility, :profile => @organization.identifier, :article_id => submission.parent.id, :article => { :published => true }
-    assert_redirected_to '/account/login'
-    submission.reload
-    assert_equal false, submission.parent.published
-    assert_equal false, submission.published
-  end
-
-  should 'submission edit_visibility deny access to not owner when WorkAssignment edit_visibility is true' do
-    @organization.add_member(person) # current_user is a member
-    work_assignment = create_work_assignment('Another Work Assignment', @organization, nil, true)
-    @parent = work_assignment.find_or_create_author_folder(person)
-    UploadedFile.create(
-            {
-              :uploaded_data => fixture_file_upload('/files/test.txt', 'text/plain'),
-              :profile => @organization,
-              :parent => @parent,
-              :last_changed_by => person,
-              :author => person,
-            },
-            :without_protection => true
-          )
-    logout
-
-
-    other_person = create_user('other_user').person
-    @organization.add_member(other_person)
-    login_as :other_user
-
-    @organization.add_member(other_person)
-    submission = UploadedFile.last
-    assert_equal(submission.author, person)
-
-    post :edit_visibility, :profile => @organization.identifier, :article_id => submission.parent.id
-    assert_template 'access_denied'
-
-    post :edit_visibility, :profile => @organization.identifier, :article_id => submission.parent.id, :article => { :published => true }
-    assert_template 'access_denied'
-
-    submission.reload
-    assert_equal false, submission.parent.published
-    assert_equal false, submission.published
-  end
-
-  should 'submission white list give permission to an user that has been added' do
-    other_person = create_user('other_user').person
-    @organization.add_member(person)
-    @organization.add_member(other_person)
-    work_assignment = create_work_assignment('Another Work Assignment', @organization, false,  true)
-    post :upload_files, :profile => @organization.identifier, :parent_id => work_assignment.id, :uploaded_files => [fixture_file_upload('/files/test.txt', 'text/plain')]
-    submission = UploadedFile.last
-    assert_equal false, submission.display_unpublished_article_to?(other_person)
-    post :edit_visibility, :profile => @organization.identifier, :article_id  => submission.parent.id, :article => { :published => false }, :q => other_person.id
-    submission.reload
-    assert_equal true, submission.parent.display_unpublished_article_to?(other_person)
-    assert_equal true, submission.display_unpublished_article_to?(other_person)
-  end
-
-  should 'submission edit_visibility deny access to owner if not organization member' do
-    @organization.add_member(person) # current_user is a member
-    work_assignment = create_work_assignment('Work Assignment', @organization, nil, true)
-    post :upload_files, :profile => @organization.identifier, :parent_id => work_assignment.id, :uploaded_files => [fixture_file_upload('/files/test.txt', 'text/plain')]
-    @organization.remove_member(person)
-    submission = UploadedFile.last
-
-    assert_equal false, (person.is_member_of? submission.profile)
-
-    post :edit_visibility, :profile => @organization.identifier, :article_id => submission.parent.id
-    assert_template 'access_denied'
-
-    post :edit_visibility, :profile => @organization.identifier, :article_id => submission.parent.id, :article => { :published => true }
-    assert_template 'access_denied'
-
-    submission.reload
-    assert_equal false, submission.parent.published
-    assert_equal false, submission.published
-  end
-
   private
-    def create_work_assignment(name = nil, profile = nil, publish_submissions = nil, allow_privacy_edition = nil)
-      @work_assignment = WorkAssignmentPlugin::WorkAssignment.create!(:name => name, :profile => profile, :publish_submissions => publish_submissions, :allow_privacy_edition => allow_privacy_edition)
+    def create_work_assignment(name = nil, profile = nil, publish_submissions = nil, allow_visibility_edition = nil)
+      @work_assignment = WorkAssignmentPlugin::WorkAssignment.create!(:name => name, :profile => profile, :publish_submissions => publish_submissions, :allow_visibility_edition => allow_visibility_edition)
     end
 end
diff --git a/plugins/work_assignment/test/functional/content_viewer_controller_test.rb b/plugins/work_assignment/test/functional/content_viewer_controller_test.rb
index 9de1af2..19ed308 100644
--- a/plugins/work_assignment/test/functional/content_viewer_controller_test.rb
+++ b/plugins/work_assignment/test/functional/content_viewer_controller_test.rb
@@ -15,6 +15,7 @@ class ContentViewerControllerTest < ActionController::TestCase
     @organization = fast_create(Organization)
     @work_assignment = WorkAssignmentPlugin::WorkAssignment.create!(:name => 'Work Assignment', :profile => @organization)
     @person = create_user('test_user').person
+    @organization.add_member(@person)
     @environment = @organization.environment
     @environment.enable_plugin(WorkAssignmentPlugin)
     @environment.save!
@@ -23,19 +24,17 @@ class ContentViewerControllerTest < ActionController::TestCase
   attr_reader :organization, :person, :profile, :work_assignment
 
   should 'can download work_assignment' do
-    random_member = fast_create(Person)
-    organization.add_member(random_member)
-    folder = work_assignment.find_or_create_author_folder(random_member)
+    folder = work_assignment.find_or_create_author_folder(@person)
     submission = UploadedFile.create!(:uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'), :profile => organization, :parent => folder)
     WorkAssignmentPlugin.stubs(:can_download_submission?).returns(false)
 
-    get :view_page, :profile => organization.identifier, :page => submission.explode_path
+    get :view_page, :profile => @organization.identifier, :page => submission.path
     assert_response :forbidden
     assert_template 'access_denied'
 
     WorkAssignmentPlugin.stubs(:can_download_submission?).returns(true)
 
-    get :view_page, :profile => organization.identifier, :page => submission.explode_path
+    get :view_page, :profile => @organization.identifier, :page => submission.path
     assert_response :success
   end
 
diff --git a/plugins/work_assignment/test/functional/work_assignment_plugin_myprofile_controller_test.rb b/plugins/work_assignment/test/functional/work_assignment_plugin_myprofile_controller_test.rb
new file mode 100644
index 0000000..dcea2d2
--- /dev/null
+++ b/plugins/work_assignment/test/functional/work_assignment_plugin_myprofile_controller_test.rb
@@ -0,0 +1,191 @@
+require File.expand_path(File.dirname(__FILE__) + "/../../../../test/test_helper")
+require 'work_assignment_plugin_myprofile_controller'
+
+# Re-raise errors caught by the controller.
+class WorkAssignmentPluginMyprofileController; def rescue_action(e) raise e end; end
+
+class WorkAssignmentPluginMyprofileControllerTest < ActionController::TestCase
+
+  def setup
+    @controller = WorkAssignmentPluginMyprofileController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+    @person = create_user('test_user').person
+    login_as :test_user
+    e = Environment.default
+    e.enabled_plugins = ['WorkAssignmentPlugin']
+    e.save!
+    @organization = fast_create(Organization) #
+  end
+
+  should 'submission edit visibility deny access to users and admin when Work Assignment allow_visibility_edition is false' do
+    @organization.add_member(@person)
+    ##### Testing with normal user
+    work_assignment = create_work_assignment('Work Assignment', @organization, nil, false)
+    work_assignment.save!
+    assert_equal false, work_assignment.allow_visibility_edition
+    parent = work_assignment.find_or_create_author_folder(@person)
+    UploadedFile.create(
+            {
+              :uploaded_data => fixture_file_upload('/files/test.txt', 'text/plain'),
+              :profile => @organization,
+              :parent => parent,
+              :last_changed_by => @person,
+              :author => @person,
+            },
+            :without_protection => true
+          )
+    submission = UploadedFile.find_by_filename("test.txt")
+    assert_equal false, submission.published
+    assert_equal false, submission.parent.published
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id
+    assert_template 'access_denied'
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id, :article => { :published => true }
+    assert_template 'access_denied'
+
+    submission.reload
+    assert_equal false, submission.published
+    assert_equal false, submission.parent.published
+
+    #### Even with admin user
+    e = Environment.default
+    assert_equal false, @person.is_admin?
+    e.add_admin(@person)
+    e.save!
+    assert_equal true, @person.is_admin?
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id
+    assert_template 'access_denied'
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id, :article => { :published => true }
+    assert_template 'access_denied'
+
+    submission.reload
+    assert_equal false, submission.published
+  end
+
+  should 'redirect an unlogged user to the login page if he tryes to access the edit visibility page and work_assignment allow_visibility_edition is true' do
+    @organization.add_member(@person)
+    work_assignment = create_work_assignment('Work Assignment', @organization, nil, true)
+    assert_equal true, work_assignment.allow_visibility_edition
+    work_assignment.save!
+    parent = work_assignment.find_or_create_author_folder(@person)
+    UploadedFile.create(
+            {
+              :uploaded_data => fixture_file_upload('/files/test.txt', 'text/plain'),
+              :profile => @organization,
+              :parent => parent,
+              :last_changed_by => @person,
+              :author => @person,
+            },
+            :without_protection => true
+          )
+    logout
+    submission = UploadedFile.find_by_filename("test.txt")
+    assert_equal false, submission.parent.published
+    assert_equal false, submission.published
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id
+    assert_redirected_to '/account/login'
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id, :article => { :published => true }
+    assert_redirected_to '/account/login'
+    submission.reload
+    assert_equal false, submission.parent.published
+    assert_equal false, submission.published
+  end
+
+  should 'submission edit_visibility deny access to not owner when WorkAssignment edit_visibility is true' do
+    @organization.add_member(@person) # current_user is a member
+    work_assignment = create_work_assignment('Another Work Assignment', @organization, nil, true)
+    parent = work_assignment.find_or_create_author_folder(@person)
+    UploadedFile.create(
+            {
+              :uploaded_data => fixture_file_upload('/files/test.txt', 'text/plain'),
+              :profile => @organization,
+              :parent => parent,
+              :last_changed_by => @person,
+              :author => @person,
+            },
+            :without_protection => true
+          )
+    logout
+
+
+    other_person = create_user('other_user').person
+    @organization.add_member(other_person)
+    login_as :other_user
+
+    @organization.add_member(other_person)
+    submission = UploadedFile.find_by_filename("test.txt")
+    assert_equal(submission.author, @person)
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id
+    assert_template 'access_denied'
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id, :article => { :published => true }
+    assert_template 'access_denied'
+
+    submission.reload
+    assert_equal false, submission.parent.published
+    assert_equal false, submission.published
+  end
+
+  should 'submission white list give permission to an user that has been added' do
+    other_person = create_user('other_user').person
+    @organization.add_member(@person)
+    @organization.add_member(other_person)
+    work_assignment = create_work_assignment('Another Work Assignment', @organization, false,  true)
+    parent = work_assignment.find_or_create_author_folder(@person)
+    UploadedFile.create(
+            {
+              :uploaded_data => fixture_file_upload('/files/test.txt', 'text/plain'),
+              :profile => @organization,
+              :parent => parent,
+              :last_changed_by => @person,
+              :author => @person,
+            },
+            :without_protection => true
+          )
+    submission = UploadedFile.find_by_filename("test.txt")
+    assert_equal false, submission.article_privacy_exceptions.include?(other_person)
+    post :edit_visibility, :profile => @organization.identifier, :article_id  => parent.id, :article => { :published => false }, :q => other_person.id
+    submission.reload
+    assert_equal true, submission.parent.article_privacy_exceptions.include?(other_person)
+    assert_equal true, submission.article_privacy_exceptions.include?(other_person)
+  end
+
+  should 'submission edit_visibility deny access to owner if not organization member' do
+    @organization.add_member(@person) # current_user is a member
+    work_assignment = create_work_assignment('Work Assignment', @organization, nil, true)
+    parent = work_assignment.find_or_create_author_folder(@person)
+    UploadedFile.create(
+            {
+              :uploaded_data => fixture_file_upload('/files/test.txt', 'text/plain'),
+              :profile => @organization,
+              :parent => parent,
+              :last_changed_by => @person,
+              :author => @person,
+            },
+            :without_protection => true
+          )
+    @organization.remove_member(@person)
+    submission = UploadedFile.find_by_filename("test.txt")
+
+    assert_equal false, (@person.is_member_of? submission.profile)
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id
+    assert_template 'access_denied'
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id, :article => { :published => true }
+    assert_template 'access_denied'
+
+    submission.reload
+    assert_equal false, submission.parent.published
+    assert_equal false, submission.published
+  end
+
+  private
+    def create_work_assignment(name = nil, profile = nil, publish_submissions = nil, allow_visibility_edition = nil)
+      @work_assignment = WorkAssignmentPlugin::WorkAssignment.create!(:name => name, :profile => profile, :publish_submissions => publish_submissions, :allow_visibility_edition => allow_visibility_edition)
+    end
+end
diff --git a/plugins/work_assignment/views/cms/work_assignment_plugin/_work_assignment.html.erb b/plugins/work_assignment/views/cms/work_assignment_plugin/_work_assignment.html.erb
index 6339586..39376c8 100644
--- a/plugins/work_assignment/views/cms/work_assignment_plugin/_work_assignment.html.erb
+++ b/plugins/work_assignment/views/cms/work_assignment_plugin/_work_assignment.html.erb
@@ -4,4 +4,4 @@
 
 <%=labelled_check_box(_('Publish submissions'), 'article[publish_submissions]', true, @article.publish_submissions) %>
 
-<%=labelled_check_box(_('Allow users set privacy?'), 'article[allow_privacy_edition]', true, @article.allow_privacy_edition) %>
+<%=labelled_check_box(_('Allow users change submissions privacy?'), 'article[allow_visibility_edition]', true, @article.allow_visibility_edition) %>
diff --git a/plugins/work_assignment/views/work_assignment_plugin_myprofile/edit_privacy.html.erb b/plugins/work_assignment/views/work_assignment_plugin_myprofile/edit_privacy.html.erb
deleted file mode 100644
index e6cc462..0000000
--- a/plugins/work_assignment/views/work_assignment_plugin_myprofile/edit_privacy.html.erb
+++ /dev/null
@@ -1,24 +0,0 @@
-<div class="select-privacy-options">
-
-<%= labelled_form_for 'article', :html => { :multipart => true, :class => @type } do |f| %>
-
-  <% @article = environment.articles.find_by_id((params[:article_id]))%>
-
-  <% @tokenized_children = params[:tokenized_children]%>
-
-  <%= hidden_field_tag('article_id', @article.id) %>
-
-  <div id='edit-article-options'>
-    <%= visibility_options(@article, @tokenized_children) %>
-  </div>
-
-  <% button_bar do %>
-    <%= submit_button :save, _('Save') %>
-    <%= button :cancel, _('Cancel'), @back_to %>
-  <% end %>
-<% end %>
-</div>
-
-<br style='clear: both'/>
-
-<%= javascript_include_tag "article.js" %>
diff --git a/plugins/work_assignment/views/work_assignment_plugin_myprofile/edit_visibility.html.erb b/plugins/work_assignment/views/work_assignment_plugin_myprofile/edit_visibility.html.erb
new file mode 100644
index 0000000..3690f78
--- /dev/null
+++ b/plugins/work_assignment/views/work_assignment_plugin_myprofile/edit_visibility.html.erb
@@ -0,0 +1,24 @@
+<div class="select-visibility-options">
+
+<%= labelled_form_for 'article', :html => { :multipart => true, :class => @type } do |f| %>
+
+  <% @article = environment.articles.find_by_id((params[:article_id]))%>
+
+  <% @tokenized_children = params[:tokenized_children]%>
+
+  <%= hidden_field_tag('article_id', @article.id) %>
+
+  <div id='edit-article-options'>
+    <%= visibility_options(@article, @tokenized_children) %>
+  </div>
+
+  <% button_bar do %>
+    <%= submit_button :save, _('Save') %>
+    <%= button :cancel, _('Cancel'), @back_to %>
+  <% end %>
+<% end %>
+</div>
+
+<br style='clear: both'/>
+
+<%= javascript_include_tag "article.js" %>
--
libgit2 0.21.2