Merge branch 'move-api' into 'master'

Move api to app/api `lib` can't depend on `app`, just the opposite. See merge request !917

Merge branch 'move-api' into 'master'
Move api to app/api `lib` can't depend on `app`, just the opposite. See merge request !917
Victor Costa
2 parents da1968e4 a3659ade
Showing 59 changed files with 2000 additions and 2039 deletions Show diff stats
app/api/app.rb
app/api/entities.rb
app/api/entity.rb
app/api/helpers.rb
app/api/v1/activities.rb
app/api/v1/articles.rb
app/api/v1/blocks.rb
app/api/v1/boxes.rb
app/api/v1/categories.rb
app/api/v1/comments.rb
app/api/v1/communities.rb
app/api/v1/contacts.rb
app/api/v1/enterprises.rb
app/api/v1/environments.rb
app/api/v1/people.rb
app/api/v1/profiles.rb
app/api/v1/search.rb
app/api/v1/session.rb
app/api/v1/tags.rb
app/api/v1/tasks.rb
@@ -0,0 +1,89 @@
+require_dependency 'api/helpers'
+
+module Api
+  class App < Grape::API
+    use Rack::JSONP
+
+    logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] || 'production'}_api.log"))
+    logger.formatter = GrapeLogging::Formatters::Default.new
+    #use GrapeLogging::Middleware::RequestLogger, { logger: logger }
+
+    rescue_from :all do |e|
+      logger.error e
+      error! e.message, 500
+    end unless Rails.env.test?
+
+    @@NOOSFERO_CONF = nil
+    def self.NOOSFERO_CONF
+      if @@NOOSFERO_CONF
+        @@NOOSFERO_CONF
+      else
+        file = Rails.root.join('config', 'noosfero.yml')
+        @@NOOSFERO_CONF = File.exists?(file) ? YAML.load_file(file)[Rails.env] || {} : {}
+      end
+    end
+
+    before { set_locale  }
+    before { setup_multitenancy }
+    before { detect_stuff_by_domain }
+    before { filter_disabled_plugins_endpoints }
+    before { init_noosfero_plugins }
+    after { set_session_cookie }
+
+    version 'v1'
+    prefix [ENV['RAILS_RELATIVE_URL_ROOT'], "api"].compact.join('/')
+    format :json
+    content_type :txt, "text/plain"
+
+    helpers Helpers
+
+    mount V1::Session
+    mount V1::Articles
+    mount V1::Comments
+    mount V1::Users
+    mount V1::Communities
+    mount V1::People
+    mount V1::Enterprises
+    mount V1::Categories
+    mount V1::Tasks
+    mount V1::Tags
+    mount V1::Environments
+    mount V1::Search
+    mount V1::Contacts
+    mount V1::Boxes
+    mount V1::Blocks
+    mount V1::Profiles
+    mount V1::Activities
+
+    # hook point which allow plugins to add Grape::API extensions to Api::App
+    #finds for plugins which has api mount points classes defined (the class should extends Grape::API)
+    @plugins = Noosfero::Plugin.all.map { |p| p.constantize }
+    @plugins.each do |klass|
+      if klass.public_methods.include? :api_mount_points
+        klass.api_mount_points.each do |mount_class|
+          mount mount_class if mount_class && ( mount_class < Grape::API )
+        end
+      end
+    end
+
+    def self.endpoint_unavailable?(endpoint, environment)
+      api_class = endpoint.options[:app] || endpoint.options[:for]
+      if api_class.present?
+        klass = api_class.name.deconstantize.constantize
+        return klass < Noosfero::Plugin && !environment.plugin_enabled?(klass)
+      end
+    end
+
+    class << self
+      def endpoints_with_plugins(environment = nil)
+        if environment.present?
+          cloned_endpoints = endpoints_without_plugins.dup
+          cloned_endpoints.delete_if { |endpoint| endpoint_unavailable?(endpoint, environment) }
+        else
+          endpoints_without_plugins
+        end
+      end
+      alias_method_chain :endpoints, :plugins
+    end
+  end
+end
@@ -0,0 +1,267 @@
+module Api
+  module Entities
+
+    Entity.format_with :timestamp do |date|
+      date.strftime('%Y/%m/%d %H:%M:%S') if date
+    end
+
+    PERMISSIONS = {
+      :admin => 0,
+      :self  => 10,
+      :private_content => 20,
+      :logged_user => 30,
+      :anonymous => 40
+    }
+
+    def self.can_display_profile_field? profile, options, permission_options={}
+      permissions={:field => "", :permission => :private_content}
+      permissions.merge!(permission_options)
+      field = permissions[:field]
+      permission = permissions[:permission]
+      return true if profile.public? && profile.public_fields.map{|f| f.to_sym}.include?(field.to_sym)
+
+      current_person = options[:current_person]
+
+      current_permission = if current_person.present?
+        if current_person.is_admin?
+          :admin
+        elsif current_person == profile
+          :self
+        elsif profile.display_private_info_to?(current_person)
+          :private_content
+        else
+          :logged_user
+        end
+      else
+        :anonymous
+      end
+      PERMISSIONS[current_permission] <= PERMISSIONS[permission]
+    end
+
+    class Image < Entity
+      root 'images', 'image'
+
+      expose  :url do |image, options|
+        image.public_filename
+      end
+
+      expose  :icon_url do |image, options|
+        image.public_filename(:icon)
+      end
+
+      expose  :minor_url do |image, options|
+        image.public_filename(:minor)
+      end
+
+      expose  :portrait_url do |image, options|
+        image.public_filename(:portrait)
+      end
+
+      expose  :thumb_url do |image, options|
+        image.public_filename(:thumb)
+      end
+    end
+
+    class CategoryBase < Entity
+      root 'categories', 'category'
+      expose :name, :id, :slug
+    end
+
+    class Category < CategoryBase
+      root 'categories', 'category'
+      expose :full_name do |category, options|
+        category.full_name
+      end
+      expose :parent, :using => CategoryBase, if: { parent: true }
+      expose :children, :using => CategoryBase, if: { children: true }
+      expose :image, :using => Image
+      expose :display_color
+    end
+
+    class Region < Category
+      root 'regions', 'region'
+      expose :parent_id
+    end
+
+    class Block < Entity
+      root 'blocks', 'block'
+      expose :id, :type, :settings, :position, :enabled
+      expose :mirror, :mirror_block_id, :title
+      expose :api_content, if: lambda { |object, options| options[:display_api_content] || object.display_api_content_by_default? }
+    end
+
+    class Box < Entity
+      root 'boxes', 'box'
+      expose :id, :position
+      expose :blocks, :using => Block
+    end
+
+    class Profile < Entity
+      expose :identifier, :name, :id
+      expose :created_at, :format_with => :timestamp
+      expose :updated_at, :format_with => :timestamp
+      expose :additional_data do |profile, options|
+        hash ={}
+        profile.public_values.each do |value|
+          hash[value.custom_field.name]=value.value
+        end
+
+        private_values = profile.custom_field_values - profile.public_values
+        private_values.each do |value|
+          if Entities.can_display_profile_field?(profile,options)
+            hash[value.custom_field.name]=value.value
+          end
+        end
+        hash
+      end
+      expose :image, :using => Image
+      expose :region, :using => Region
+      expose :type
+      expose :custom_header
+      expose :custom_footer
+    end
+
+    class UserBasic < Entity
+      expose :id
+      expose :login
+    end
+
+    class Person < Profile
+      root 'people', 'person'
+      expose :user, :using => UserBasic, documentation: {type: 'User', desc: 'The user data of a person' }
+      expose :vote_count
+      expose :comments_count do |person, options|
+        person.comments.count
+      end
+      expose :following_articles_count do |person, options|
+        person.following_articles.count
+      end
+      expose :articles_count do |person, options|
+        person.articles.count
+      end
+    end
+
+    class Enterprise < Profile
+      root 'enterprises', 'enterprise'
+    end
+
+    class Community < Profile
+      root 'communities', 'community'
+      expose :description
+      expose :admins, :if => lambda { |community, options| community.display_info_to? options[:current_person]} do |community, options|
+        community.admins.map{|admin| {"name"=>admin.name, "id"=>admin.id, "username" => admin.identifier}}
+      end
+      expose :categories, :using => Category
+      expose :members, :using => Person , :if => lambda{ |community, options| community.display_info_to? options[:current_person] }
+    end
+
+    class CommentBase < Entity
+      expose :body, :title, :id
+      expose :created_at, :format_with => :timestamp
+      expose :author, :using => Profile
+      expose :reply_of, :using => CommentBase
+    end
+
+    class Comment < CommentBase
+      root 'comments', 'comment'
+      expose :children, as: :replies, :using => Comment
+    end
+
+    class ArticleBase < Entity
+      root 'articles', 'article'
+      expose :id
+      expose :body
+      expose :abstract, documentation: {type: 'String', desc: 'Teaser of the body'}
+      expose :created_at, :format_with => :timestamp
+      expose :updated_at, :format_with => :timestamp
+      expose :title, :documentation => {:type => "String", :desc => "Title of the article"}
+      expose :created_by, :as => :author, :using => Profile, :documentation => {type: 'Profile', desc: 'The profile author that create the article'}
+      expose :profile, :using => Profile, :documentation => {type: 'Profile', desc: 'The profile associated with the article'}
+      expose :categories, :using => Category
+      expose :image, :using => Image
+      expose :votes_for
+      expose :votes_against
+      expose :setting
+      expose :position
+      expose :hits
+      expose :start_date
+      expose :end_date, :documentation => {type: 'DateTime', desc: 'The date of finish of the article'}
+      expose :tag_list
+      expose :children_count
+      expose :slug, :documentation => {:type => "String", :desc => "Trimmed and parsed name of a article"}
+      expose :path
+      expose :followers_count
+      expose :votes_count
+      expose :comments_count
+      expose :archived, :documentation => {:type => "Boolean", :desc => "Defines if a article is readonly"}
+      expose :type
+      expose :comments, using: CommentBase, :if => lambda{|obj,opt| opt[:params] && ['1','true',true].include?(opt[:params][:show_comments])}
+      expose :published
+      expose :accept_comments?, as: :accept_comments
+    end
+
+    class Article < ArticleBase
+      root 'articles', 'article'
+      expose :parent, :using => ArticleBase
+      expose :children, :using => ArticleBase do |article, options|
+        article.children.published.limit(V1::Articles::MAX_PER_PAGE)
+      end
+    end
+
+    class User < Entity
+      root 'users', 'user'
+
+      attrs = [:id,:login,:email,:activated?]
+      aliases = {:activated? => :activated}
+
+      attrs.each do |attribute|
+        name = aliases.has_key?(attribute) ? aliases[attribute] : attribute
+        expose attribute, :as => name, :if => lambda{|user,options| Entities.can_display_profile_field?(user.person, options, {:field =>  attribute})}
+      end
+
+      expose :person, :using => Person, :if => lambda{|user,options| user.person.display_info_to? options[:current_person]}
+      expose :permissions, :if => lambda{|user,options| Entities.can_display_profile_field?(user.person, options, {:field => :permissions, :permission => :self})} do |user, options|
+        output = {}
+        user.person.role_assignments.map do |role_assigment|
+          if role_assigment.resource.respond_to?(:identifier) && !role_assigment.role.nil?
+            output[role_assigment.resource.identifier] = role_assigment.role.permissions
+          end
+        end
+        output
+      end
+    end
+
+    class UserLogin < User
+      root 'users', 'user'
+      expose :private_token, documentation: {type: 'String', desc: 'A valid authentication code for post/delete api actions'}, if: lambda {|object, options| object.activated? }
+    end
+
+    class Task < Entity
+      root 'tasks', 'task'
+      expose :id
+      expose :type
+    end
+
+    class Environment < Entity
+      expose :name
+      expose :id
+      expose :description
+      expose :settings, if: lambda { |instance, options| options[:is_admin] }
+    end
+
+    class Tag < Entity
+      root 'tags', 'tag'
+      expose :name
+    end
+
+    class Activity < Entity
+      root 'activities', 'activity'
+      expose :id, :params, :verb, :created_at, :updated_at, :comments_count, :visible
+      expose :user, :using => Profile
+      expose :target do |activity, opts|
+        type_map = {Profile => ::Profile, ArticleBase => ::Article}.find {|h| activity.target.kind_of?(h.last)}
+        type_map.first.represent(activity.target) unless type_map.nil?
+      end
+    end
+  end
+end
@@ -0,0 +1,27 @@
+module Api
+  class Entity < Grape::Entity
+
+    def initialize(object, options = {})
+      object = nil if object.is_a? Exception
+      super object, options
+    end
+
+    def self.represent(objects, options = {})
+      if options[:has_exception]
+        data = super objects, options.merge(is_inner_data: true)
+        if objects.is_a? Exception
+          data.merge ok: false, error: {
+            type: objects.class.name,
+            message: objects.message
+          }
+        else
+          data = data.serializable_hash if data.is_a? Entity
+          data.merge ok: true, error: { type: 'Success', message: '' }
+        end
+      else
+        super objects, options
+      end
+    end
+
+  end
+end
@@ -0,0 +1,421 @@
+require 'base64'
+require 'tempfile'
+
+module Api
+  module Helpers
+    PRIVATE_TOKEN_PARAM = :private_token
+    DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id, :identifier, :archived]
+
+    include SanitizeParams
+    include Noosfero::Plugin::HotSpot
+    include ForgotPasswordHelper
+    include SearchTermHelper
+
+    def set_locale
+      I18n.locale = (params[:lang] || request.env['HTTP_ACCEPT_LANGUAGE'] || 'en')
+    end
+
+    def init_noosfero_plugins
+      plugins
+    end
+
+    def current_user
+      private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
+      @current_user ||= User.find_by private_token: private_token
+      @current_user ||= plugins.dispatch("api_custom_login", request).first
+      @current_user
+    end
+
+    def current_person
+      current_user.person unless current_user.nil?
+    end
+
+    def is_admin?(environment)
+      return false unless current_user
+      return current_person.is_admin?(environment)
+    end
+
+    def logout
+      @current_user = nil
+    end
+
+    def environment
+      @environment
+    end
+
+    def present_partial(model, options)
+      if(params[:fields].present?)
+        begin
+          fields = JSON.parse(params[:fields])
+          if fields.present?
+            options.merge!(fields.symbolize_keys.slice(:only, :except))
+          end
+        rescue
+          fields = params[:fields]
+          fields = fields.split(',') if fields.kind_of?(String)
+          options[:only] = Array.wrap(fields)
+        end
+      end
+      present model, options
+    end
+
+    include FindByContents
+
+    ####################################################################
+    #### SEARCH
+    ####################################################################
+    def multiple_search?(searches=nil)
+      ['index', 'category_index'].include?(params[:action]) || (searches && searches.size > 1)
+    end
+    ####################################################################
+
+    def logger
+      logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] || 'production'}_api.log"))
+      logger.formatter = GrapeLogging::Formatters::Default.new
+      logger
+    end
+
+    def limit
+      limit = params[:limit].to_i
+      limit = default_limit if limit <= 0
+      limit
+    end
+
+    def period(from_date, until_date)
+      return nil if from_date.nil? && until_date.nil?
+
+      begin_period = from_date.nil? ? Time.at(0).to_datetime : from_date
+      end_period = until_date.nil? ? DateTime.now : until_date
+
+      begin_period..end_period
+    end
+
+    def parse_content_type(content_type)
+      return nil if content_type.blank?
+      content_type.split(',').map do |content_type|
+        content_type.camelcase
+      end
+    end
+
+    def find_article(articles, id)
+      article = articles.find(id)
+      article.display_to?(current_person) ? article : forbidden!
+    end
+
+    def post_article(asset, params)
+      return forbidden! unless current_person.can_post_content?(asset)
+
+      klass_type = params[:content_type] || params[:article].delete(:type) || TinyMceArticle.name
+      return forbidden! unless klass_type.constantize <= Article
+
+      article = klass_type.constantize.new(params[:article])
+      article.last_changed_by = current_person
+      article.created_by= current_person
+      article.profile = asset
+
+      if !article.save
+        render_api_errors!(article.errors.full_messages)
+      end
+      present_partial article, :with => Entities::Article
+    end
+
+    def present_article(asset)
+      article = find_article(asset.articles, params[:id])
+      present_partial article, :with => Entities::Article, :params => params
+    end
+
+    def present_articles_for_asset(asset, method = 'articles')
+      articles = find_articles(asset, method)
+      present_articles(articles)
+    end
+
+    def present_articles(articles)
+      present_partial paginate(articles), :with => Entities::Article, :params => params
+    end
+
+    def find_articles(asset, method = 'articles')
+      articles = select_filtered_collection_of(asset, method, params)
+      if current_person.present?
+        articles = articles.display_filter(current_person, nil)
+      else
+        articles = articles.published
+      end
+      articles
+    end
+
+    def find_task(asset, id)
+      task = asset.tasks.find(id)
+      current_person.has_permission?(task.permission, asset) ? task : forbidden!
+    end
+
+    def post_task(asset, params)
+      klass_type= params[:content_type].nil? ? 'Task' : params[:content_type]
+      return forbidden! unless klass_type.constantize <= Task
+
+      task = klass_type.constantize.new(params[:task])
+      task.requestor_id = current_person.id
+      task.target_id = asset.id
+      task.target_type = 'Profile'
+
+      if !task.save
+        render_api_errors!(task.errors.full_messages)
+      end
+      present_partial task, :with => Entities::Task
+    end
+
+    def present_task(asset)
+      task = find_task(asset, params[:id])
+      present_partial task, :with => Entities::Task
+    end
+
+    def present_tasks(asset)
+      tasks = select_filtered_collection_of(asset, 'tasks', params)
+      tasks = tasks.select {|t| current_person.has_permission?(t.permission, asset)}
+      return forbidden! if tasks.empty? && !current_person.has_permission?(:perform_task, asset)
+      present_partial tasks, :with => Entities::Task
+    end
+
+    def make_conditions_with_parameter(params = {})
+      parsed_params = parser_params(params)
+      conditions = {}
+      from_date = DateTime.parse(parsed_params.delete(:from)) if parsed_params[:from]
+      until_date = DateTime.parse(parsed_params.delete(:until)) if parsed_params[:until]
+
+      conditions[:type] = parse_content_type(parsed_params.delete(:content_type)) unless parsed_params[:content_type].nil?
+
+      conditions[:created_at] = period(from_date, until_date) if from_date || until_date
+      conditions.merge!(parsed_params)
+
+      conditions
+    end
+
+    # changing make_order_with_parameters to avoid sql injection
+    def make_order_with_parameters(object, method, params)
+      order = "created_at DESC"
+      unless params[:order].blank?
+        if params[:order].include? '\'' or params[:order].include? '"'
+          order = "created_at DESC"
+        elsif ['RANDOM()', 'RANDOM'].include? params[:order].upcase
+          order = 'RANDOM()'
+        else
+          field_name, direction = params[:order].split(' ')
+          assoc = object.class.reflect_on_association(method.to_sym)
+          if !field_name.blank? and assoc
+            if assoc.klass.attribute_names.include? field_name
+              if direction.present? and ['ASC','DESC'].include? direction.upcase
+                order = "#{field_name} #{direction.upcase}"
+              end
+            end
+          end
+        end
+      end
+      return order
+    end
+
+    def make_timestamp_with_parameters_and_method(params, method)
+      timestamp = nil
+      if params[:timestamp]
+        datetime = DateTime.parse(params[:timestamp])
+        table_name = method.to_s.singularize.camelize.constantize.table_name
+        timestamp = "#{table_name}.updated_at >= '#{datetime}'"
+      end
+
+      timestamp
+    end
+
+    def by_reference(scope, params)
+      reference_id = params[:reference_id].to_i == 0 ? nil : params[:reference_id].to_i
+      if reference_id.nil?
+        scope
+      else
+        created_at = scope.find(reference_id).created_at
+        scope.send("#{params.key?(:oldest) ? 'older_than' : 'younger_than'}", created_at)
+      end
+    end
+
+    def by_categories(scope, params)
+      category_ids = params[:category_ids]
+      if category_ids.nil?
+        scope
+      else
+        scope.joins(:categories).where(:categories => {:id => category_ids})
+      end
+    end
+
+    def select_filtered_collection_of(object, method, params)
+      conditions = make_conditions_with_parameter(params)
+      order = make_order_with_parameters(object,method,params)
+      timestamp = make_timestamp_with_parameters_and_method(params, method)
+
+      objects = object.send(method)
+      objects = by_reference(objects, params)
+      objects = by_categories(objects, params)
+
+      objects = objects.where(conditions).where(timestamp).reorder(order)
+
+      params[:page] ||= 1
+      params[:per_page] ||= limit
+      paginate(objects)
+    end
+
+    def authenticate!
+      unauthorized! unless current_user
+    end
+
+    def profiles_for_person(profiles, person)
+      if person
+        profiles.listed_for_person(person)
+      else
+        profiles.visible
+      end
+    end
+
+    # Checks the occurrences of uniqueness of attributes, each attribute must be present in the params hash
+    # or a Bad Request error is invoked.
+    #
+    # Parameters:
+    #   keys (unique) - A hash consisting of keys that must be unique
+    def unique_attributes!(obj, keys)
+      keys.each do |key|
+        cant_be_saved_request!(key) if obj.find_by(key.to_s => params[key])
+      end
+    end
+
+    def attributes_for_keys(keys)
+      attrs = {}
+      keys.each do |key|
+        attrs[key] = params[key] if params[key].present? or (params.has_key?(key) and params[key] == false)
+      end
+      attrs
+    end
+
+    ##########################################
+    #              error helpers             #
+    ##########################################
+
+    def not_found!
+      render_api_error!('404 Not found', 404)
+    end
+
+    def forbidden!
+      render_api_error!('403 Forbidden', 403)
+    end
+
+    def cant_be_saved_request!(attribute)
+      message = _("(Invalid request) %s can't be saved") % attribute
+      render_api_error!(message, 400)
+    end
+
+    def bad_request!(attribute)
+      message = _("(Invalid request) %s not given") % attribute
+      render_api_error!(message, 400)
+    end
+
+    def something_wrong!
+      message = _("Something wrong happened")
+      render_api_error!(message, 400)
+    end
+
+    def unauthorized!
+      render_api_error!(_('Unauthorized'), 401)
+    end
+
+    def not_allowed!
+      render_api_error!(_('Method Not Allowed'), 405)
+    end
+
+    # javascript_console_message is supposed to be executed as console.log()
+    def render_api_error!(user_message, status, log_message = nil, javascript_console_message = nil)
+      message_hash = {'message' => user_message, :code => status}
+      message_hash[:javascript_console_message] = javascript_console_message if javascript_console_message.present?
+      log_msg = "#{status}, User message: #{user_message}"
+      log_msg = "#{log_message}, #{log_msg}" if log_message.present?
+      log_msg = "#{log_msg}, Javascript Console Message: #{javascript_console_message}" if javascript_console_message.present?
+      logger.error log_msg unless Rails.env.test?
+      error!(message_hash, status)
+    end
+
+    def render_api_errors!(messages)
+      messages = messages.to_a if messages.class == ActiveModel::Errors
+      render_api_error!(messages.join(','), 400)
+    end
+
+    protected
+
+    def set_session_cookie
+      cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
+    end
+
+    def setup_multitenancy
+      Noosfero::MultiTenancy.setup!(request.host)
+    end
+
+    def detect_stuff_by_domain
+      @domain = Domain.by_name(request.host)
+      if @domain.nil?
+        @environment = Environment.default
+        if @environment.nil? && Rails.env.development?
+          # This should only happen in development ...
+          @environment = Environment.create!(:name => "Noosfero", :is_default => true)
+        end
+      else
+        @environment = @domain.environment
+      end
+    end
+
+    def filter_disabled_plugins_endpoints
+      not_found! if Api::App.endpoint_unavailable?(self, @environment)
+    end
+
+    def asset_with_image params
+      if params.has_key? :image_builder
+        asset_api_params = params
+        asset_api_params[:image_builder] = base64_to_uploadedfile(asset_api_params[:image_builder])
+        return asset_api_params
+      end
+        params
+    end
+
+    def base64_to_uploadedfile(base64_image)
+      tempfile = base64_to_tempfile base64_image
+      converted_image = base64_image
+      converted_image[:tempfile] = tempfile
+      return {uploaded_data: ActionDispatch::Http::UploadedFile.new(converted_image)}
+    end
+
+    def base64_to_tempfile base64_image
+      base64_img_str = base64_image[:tempfile]
+      decoded_base64_str = Base64.decode64(base64_img_str)
+      tempfile = Tempfile.new(base64_image[:filename])
+      tempfile.write(decoded_base64_str.encode("ascii-8bit").force_encoding("utf-8"))
+      tempfile.rewind
+      tempfile
+    end
+    private
+
+    def parser_params(params)
+      parsed_params = {}
+      params.map do |k,v|
+        parsed_params[k.to_sym] = v if DEFAULT_ALLOWED_PARAMETERS.include?(k.to_sym)
+      end
+      parsed_params
+    end
+
+    def default_limit
+      20
+    end
+
+    def parse_content_type(content_type)
+      return nil if content_type.blank?
+      content_type.split(',').map do |content_type|
+        content_type.camelcase
+      end
+    end
+
+    def period(from_date, until_date)
+      begin_period = from_date.nil? ? Time.at(0).to_datetime : from_date
+      end_period = until_date.nil? ? DateTime.now : until_date
+      begin_period..end_period
+    end
+  end
+end
@@ -0,0 +1,20 @@
+module Api
+  module V1
+    class Activities < Grape::API
+      before { authenticate! }
+
+      resource :profiles do
+
+        get ':id/activities' do
+          profile = Profile.find_by id: params[:id]
+
+          not_found! if profile.blank? || profile.secret || !profile.visible
+          forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person)
+
+          activities = profile.activities.map(&:activity)
+          present activities, :with => Entities::Activity, :current_person => current_person
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,303 @@
+module Api
+  module V1
+    class Articles < Grape::API
+
+      ARTICLE_TYPES = Article.descendants.map{|a| a.to_s}
+
+      MAX_PER_PAGE = 50
+
+      resource :articles do
+
+        paginate max_per_page: MAX_PER_PAGE
+        # Collect articles
+        #
+        # Parameters:
+        #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
+        #   oldest           - Collect the oldest articles. If nothing is passed the newest articles are collected
+        #   limit            - amount of articles returned. The default value is 20
+        #
+        # Example Request:
+        #  GET host/api/v1/articles?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317
+
+        desc 'Return all articles of all kinds' do
+          detail 'Get all articles filtered by fields in query params'
+          params Entities::Article.documentation
+          success Entities::Article
+          failure [[403, 'Forbidden']]
+          named 'ArticlesList'
+          headers [
+            'Per-Page' => {
+                  description: 'Total number of records',
+                  required: false
+              }
+            ]
+        end
+        get do
+          present_articles_for_asset(environment)
+        end
+
+        desc "Return one article by id" do
+          detail 'Get only one article by id. If not found the "forbidden" http error is showed'
+          params Entities::Article.documentation
+          success Entities::Article
+          failure [[403, 'Forbidden']]
+          named 'ArticleById'
+        end
+        get ':id', requirements: {id: /[0-9]+/} do
+          present_article(environment)
+        end
+
+        post ':id' do
+          article = environment.articles.find(params[:id])
+          return forbidden! unless article.allow_edit?(current_person)
+          article.update_attributes!(asset_with_image(params[:article]))
+          present_partial article, :with => Entities::Article
+        end
+
+        desc 'Report a abuse and/or violent content in a article by id' do
+          detail 'Submit a abuse (in general, a content violation) report about a specific article'
+          params Entities::Article.documentation
+          failure [[400, 'Bad Request']]
+          named 'ArticleReportAbuse'
+        end
+        post ':id/report_abuse' do
+          article = find_article(environment.articles, params[:id])
+          profile = article.profile
+          begin
+            abuse_report = AbuseReport.new(:reason => params[:report_abuse])
+            if !params[:content_type].blank?
+              article = params[:content_type].constantize.find(params[:content_id])
+              abuse_report.content = article_reported_version(article)
+            end
+
+            current_person.register_report(abuse_report, profile)
+
+            if !params[:content_type].blank?
+              abuse_report = AbuseReport.find_by reporter_id: current_person.id, abuse_complaint_id: profile.opened_abuse_complaint.id
+              Delayed::Job.enqueue DownloadReportedImagesJob.new(abuse_report, article)
+            end
+
+            {
+              :success => true,
+              :message => _('Your abuse report was registered. The administrators are reviewing your report.'),
+            }
+          rescue Exception => exception
+            #logger.error(exception.to_s)
+            render_api_error!(_('Your report couldn\'t be saved due to some problem. Please contact the administrator.'), 400)
+          end
+
+        end
+
+        desc "Returns the articles I voted" do
+          detail 'Get the Articles I make a vote'
+          failure [[403, 'Forbidden']]
+          named 'ArticleFollowers'
+        end
+         #FIXME refactor this method
+        get 'voted_by_me' do
+          present_articles(current_person.votes.where(:voteable_type => 'Article').collect(&:voteable))
+        end
+
+        desc 'Perform a vote on a article by id' do
+          detail 'Vote on a specific article with values: 1 (if you like) or -1 (if not)'
+          params Entities::UserLogin.documentation
+          failure [[401,'Unauthorized']]
+          named 'ArticleVote'
+        end
+        post ':id/vote' do
+          authenticate!
+          value = (params[:value] || 1).to_i
+          # FIXME verify allowed values
+          render_api_error!('Vote value not allowed', 400) unless [-1, 1].include?(value)
+          article = find_article(environment.articles, params[:id])
+          begin
+            vote = Vote.new(:voteable => article, :voter => current_person, :vote => value)
+            {:vote => vote.save!}
+          rescue ActiveRecord::RecordInvalid => e
+            render_api_error!(e.message, 400)
+          end
+        end
+
+        desc "Returns the total followers for the article" do
+          detail 'Get the followers of a specific article by id'
+          failure [[403, 'Forbidden']]
+          named 'ArticleFollowers'
+        end
+        get ':id/followers' do
+          article = find_article(environment.articles, params[:id])
+          total = article.person_followers.count
+          {:total_followers => total}
+        end
+
+        desc "Return the articles followed by me"
+        get 'followed_by_me' do
+          present_articles_for_asset(current_person, 'following_articles')
+        end
+
+        desc "Add a follower for the article" do
+          detail 'Add the current user identified by private token, like a follower of a article'
+          params Entities::UserLogin.documentation
+          failure [[401, 'Unauthorized']]
+          named 'ArticleFollow'
+        end
+        post ':id/follow' do
+          authenticate!
+          article = find_article(environment.articles, params[:id])
+          if article.article_followers.exists?(:person_id => current_person.id)
+            {:success => false, :already_follow => true}
+          else
+            article_follower = ArticleFollower.new
+            article_follower.article = article
+            article_follower.person = current_person
+            article_follower.save!
+            {:success => true}
+          end
+        end
+
+        desc 'Return the children of a article identified by id' do
+          detail 'Get all children articles of a specific article'
+          params Entities::Article.documentation
+          failure [[403, 'Forbidden']]
+          named 'ArticleChildren'
+        end
+
+        paginate per_page: MAX_PER_PAGE, max_per_page: MAX_PER_PAGE
+        get ':id/children' do
+          article = find_article(environment.articles, params[:id])
+
+          #TODO make tests for this situation
+          votes_order = params.delete(:order) if params[:order]=='votes_score'
+          articles = select_filtered_collection_of(article, 'children', params)
+          articles = articles.display_filter(current_person, article.profile)
+
+          #TODO make tests for this situation
+          if votes_order
+            articles = articles.joins('left join votes on articles.id=votes.voteable_id').group('articles.id').reorder('sum(coalesce(votes.vote, 0)) DESC')
+          end
+          Article.hit(articles)
+          present_articles(articles)
+        end
+
+        desc 'Return one child of a article identified by id' do
+          detail 'Get a child of a specific article'
+          params Entities::Article.documentation
+          success Entities::Article
+          failure [[403, 'Forbidden']]
+          named 'ArticleChild'
+        end
+        get ':id/children/:child_id' do
+          article = find_article(environment.articles, params[:id])
+          child = find_article(article.children, params[:child_id])
+          child.hit
+          present_partial child, :with => Entities::Article
+        end
+
+        desc 'Suggest a article to another profile' do
+          detail 'Suggest a article to another profile (person, community...)'
+          params Entities::Article.documentation
+          success Entities::Task
+          failure [[401,'Unauthorized']]
+          named 'ArticleSuggest'
+        end
+        post ':id/children/suggest' do
+          authenticate!
+          parent_article = environment.articles.find(params[:id])
+
+          suggest_article = SuggestArticle.new
+          suggest_article.article = params[:article]
+          suggest_article.article[:parent_id] = parent_article.id
+          suggest_article.target = parent_article.profile
+          suggest_article.requestor = current_person
+
+          unless suggest_article.save
+            render_api_errors!(suggest_article.article_object.errors.full_messages)
+          end
+          present_partial suggest_article, :with => Entities::Task
+        end
+
+        # Example Request:
+        #  POST api/v1/articles/:id/children?private_token=234298743290432&article[name]=title&article[body]=body
+        desc 'Add a child article to a parent identified by id' do
+          detail 'Create a new article and associate to a parent'
+          params Entities::Article.documentation
+          success Entities::Article
+          failure [[401,'Unauthorized']]
+          named 'ArticleAddChild'
+        end
+        post ':id/children' do
+          parent_article = environment.articles.find(params[:id])
+          params[:article][:parent_id] = parent_article.id
+          post_article(parent_article.profile, params)
+        end
+      end
+
+      resource :profiles do
+        get ':id/home_page' do
+          profiles = environment.profiles
+          profiles = profiles.visible_for_person(current_person)
+          profile = profiles.find_by id: params[:id]
+          present_partial profile.home_page, :with => Entities::Article
+        end
+      end
+
+      kinds = %w[profile community person enterprise]
+      kinds.each do |kind|
+        resource kind.pluralize.to_sym do
+          segment "/:#{kind}_id" do
+            resource :articles do
+
+              desc "Return all articles associate with a profile of type #{kind}" do
+                detail 'Get a list of articles of a profile'
+                params Entities::Article.documentation
+                success Entities::Article
+                failure [[403, 'Forbidden']]
+                named 'ArticlesOfProfile'
+              end
+              get do
+                profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+
+                if params[:path].present?
+                  article = profile.articles.find_by path: params[:path]
+                  if !article || !article.display_to?(current_person)
+                    article = forbidden!
+                  end
+
+                  present_partial article, :with => Entities::Article
+                else
+
+                  present_articles_for_asset(profile)
+                end
+              end
+
+              desc "Return a article associate with a profile of type #{kind}" do
+                detail 'Get only one article of a profile'
+                params Entities::Article.documentation
+                success Entities::Article
+                failure [[403, 'Forbidden']]
+                named 'ArticleOfProfile'
+              end
+              get ':id' do
+                profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                present_article(profile)
+              end
+
+              # Example Request:
+              #  POST api/v1/{people,communities,enterprises}/:asset_id/articles?private_token=234298743290432&article[name]=title&article[body]=body
+              desc "Add a new article associated with a profile of type #{kind}" do
+                detail 'Create a new article and associate with a profile'
+                params Entities::Article.documentation
+                success Entities::Article
+                failure [[403, 'Forbidden']]
+                named 'ArticleCreateToProfile'
+              end
+              post do
+                profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                post_article(profile, params)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,15 @@
+module Api
+  module V1
+
+    class Blocks < Grape::API
+      resource :blocks do
+        get ':id' do
+          block = Block.find(params["id"])
+          return forbidden! unless block.visible_to_user?(current_person)
+          present block, :with => Entities::Block, display_api_content: true
+        end
+      end
+    end
+
+  end
+end
@@ -0,0 +1,44 @@
+module Api
+  module V1
+
+    class Boxes < Grape::API
+
+      kinds = %w[profile community person enterprise]
+      kinds.each do |kind|
+
+        resource kind.pluralize.to_sym do
+
+          segment "/:#{kind}_id" do
+            resource :boxes do
+              get do
+                profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                present profile.boxes, :with => Entities::Box
+              end
+            end
+          end
+        end
+
+      end
+
+      resource :environments do
+        [ '/default', '/context', ':environment_id' ].each do |route|
+          segment route do
+            resource :boxes do
+              get do
+                if (route.match(/default/))
+                  env = Environment.default
+                elsif (route.match(/context/))
+                  env = environment
+                else
+                  env = Environment.find(params[:environment_id])
+                end
+                present env.boxes, :with => Entities::Box
+              end
+            end
+          end
+        end
+      end
+    end
+
+  end
+end
@@ -0,0 +1,25 @@
+module Api
+  module V1
+    class Categories < Grape::API
+
+      resource :categories do
+
+        get do
+          type = params[:category_type]
+          include_parent = params[:include_parent] == 'true'
+          include_children = params[:include_children] == 'true'
+
+          categories = type.nil? ?  environment.categories : environment.categories.where(:type => type)
+          present categories, :with => Entities::Category, parent: include_parent, children: include_children
+        end
+
+        desc "Return the category by id"
+        get ':id' do
+          present environment.categories.find(params[:id]), :with => Entities::Category, parent: true, children: true
+        end
+
+      end
+
+    end
+  end
+end
@@ -0,0 +1,49 @@
+module Api
+  module V1
+    class Comments < Grape::API
+      MAX_PER_PAGE = 20
+
+
+      resource :articles do
+        paginate max_per_page: MAX_PER_PAGE
+        # Collect comments from articles
+        #
+        # Parameters:
+        #   reference_id     - comment id used as reference to collect comment
+        #   oldest           - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
+        #   limit            - amount of comments returned. The default value is 20
+        #
+        # Example Request:
+        #  GET /articles/12/comments?oldest&limit=10&reference_id=23
+        get ":id/comments" do
+          article = find_article(environment.articles, params[:id])
+          comments = select_filtered_collection_of(article, :comments, params)
+          comments = comments.without_spam
+          comments = comments.without_reply if(params[:without_reply].present?)
+          comments = plugins.filter(:unavailable_comments, comments)
+          present paginate(comments), :with => Entities::Comment, :current_person => current_person
+        end
+
+        get ":id/comments/:comment_id" do
+          article = find_article(environment.articles, params[:id])
+          present article.comments.find(params[:comment_id]), :with => Entities::Comment, :current_person => current_person
+        end
+
+        # Example Request:
+        #  POST api/v1/articles/12/comments?private_token=2298743290432&body=new comment&title=New
+        post ":id/comments" do
+          authenticate!
+          article = find_article(environment.articles, params[:id])
+          options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article)
+          begin
+            comment = Comment.create!(options)
+          rescue ActiveRecord::RecordInvalid => e
+            render_api_error!(e.message, 400)
+          end
+          present comment, :with => Entities::Comment, :current_person => current_person
+        end
+      end
+
+    end
+  end
+end
@@ -0,0 +1,82 @@
+module Api
+  module V1
+    class Communities < Grape::API
+
+      resource :communities do
+
+        # Collect comments from articles
+        #
+        # Parameters:
+        #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
+        #   oldest           - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
+        #   limit            - amount of comments returned. The default value is 20
+        #
+        # Example Request:
+        #  GET /communities?from=2013-04-04-14:41:43&until=2014-04-04-14:41:43&limit=10
+        #  GET /communities?reference_id=10&limit=10&oldest
+        get do
+          communities = select_filtered_collection_of(environment, 'communities', params)
+          communities = profiles_for_person(communities, current_person)
+          communities = communities.by_location(params) # Must be the last. May return Exception obj
+          present communities, :with => Entities::Community, :current_person => current_person
+        end
+
+
+        # Example Request:
+        #  POST api/v1/communties?private_token=234298743290432&community[name]=some_name
+        #  for each custom field for community, add &community[field_name]=field_value to the request
+        post do
+          authenticate!
+          params[:community] ||= {}
+
+          params[:community][:custom_values]={}
+          params[:community].keys.each do |key|
+            params[:community][:custom_values][key]=params[:community].delete(key) if Community.custom_fields(environment).any?{|cf| cf.name==key}
+          end
+
+          begin
+            community = Community.create_after_moderation(current_person, params[:community].merge({:environment => environment}))
+          rescue
+            community = Community.new(params[:community])
+          end
+
+          if !community.save
+            render_api_errors!(community.errors.full_messages)
+          end
+
+          present community, :with => Entities::Community, :current_person => current_person
+        end
+
+        get ':id' do
+          community = profiles_for_person(environment.communities, current_person).find_by_id(params[:id])
+          present community, :with => Entities::Community, :current_person => current_person
+        end
+
+      end
+
+      resource :people do
+
+        segment '/:person_id' do
+
+          resource :communities do
+
+            get do
+              person = environment.people.find(params[:person_id])
+
+              not_found! if person.blank?
+              forbidden! if !person.display_info_to?(current_person)
+
+              communities = select_filtered_collection_of(person, 'communities', params)
+              communities = communities.visible
+              present communities, :with => Entities::Community, :current_person => current_person
+            end
+
+          end
+
+        end
+
+      end
+
+    end
+  end
+end
@@ -0,0 +1,26 @@
+module Api
+  module V1
+    class Contacts < Grape::API
+
+      resource :communities do
+
+        resource ':id/contact' do
+          #contact => {:name => 'some name', :email => 'test@mail.com', :subject => 'some title', :message => 'some message'}
+          desc "Send a contact message"
+          post do
+            profile = environment.communities.find(params[:id])
+            forbidden! unless profile.present?
+            contact = Contact.new params[:contact].merge(dest: profile)
+            if contact.deliver
+              {:success => true}
+            else
+              {:success => false}
+            end
+          end
+
+        end
+      end
+
+    end
+  end
+end
@@ -0,0 +1,55 @@
+module Api
+  module V1
+    class Enterprises < Grape::API
+
+      resource :enterprises do
+
+        # Collect enterprises from environment
+        #
+        # Parameters:
+        #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
+        #   oldest           - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
+        #   limit            - amount of comments returned. The default value is 20
+        #   georef params    - read `Profile.by_location` for more information.
+        #
+        # Example Request:
+        #  GET /enterprises?from=2013-04-04-14:41:43&until=2014-04-04-14:41:43&limit=10
+        #  GET /enterprises?reference_id=10&limit=10&oldest
+        get do
+          enterprises = select_filtered_collection_of(environment, 'enterprises', params)
+          enterprises = enterprises.visible
+          enterprises = enterprises.by_location(params) # Must be the last. May return Exception obj.
+          present enterprises, :with => Entities::Enterprise, :current_person => current_person
+        end
+
+        desc "Return one enterprise by id"
+        get ':id' do
+          enterprise = environment.enterprises.visible.find_by(id: params[:id])
+          present enterprise, :with => Entities::Enterprise, :current_person => current_person
+        end
+
+      end
+
+      resource :people do
+
+        segment '/:person_id' do
+
+          resource :enterprises do
+
+            get do
+              person = environment.people.find(params[:person_id])
+              enterprises = select_filtered_collection_of(person, 'enterprises', params)
+              enterprises = enterprises.visible.by_location(params)
+              present enterprises, :with => Entities::Enterprise, :current_person => current_person
+            end
+
+          end
+
+        end
+
+      end
+
+
+    end
+  end
+end
@@ -0,0 +1,28 @@
+module Api
+  module V1
+    class Environments < Grape::API
+
+      resource :environment do
+
+        desc "Return the person information"
+        get '/signup_person_fields' do
+          present environment.signup_person_fields
+        end
+
+        get ':id' do
+          local_environment = nil
+          if (params[:id] == "default")
+            local_environment = Environment.default
+          elsif (params[:id] == "context")
+            local_environment = environment
+          else
+            local_environment = Environment.find(params[:id])
+          end
+          present_partial local_environment, :with => Entities::Environment, :is_admin => is_admin?(local_environment)
+        end
+
+      end
+
+    end
+  end
+end
@@ -0,0 +1,127 @@
+module Api
+  module V1
+    class People < Grape::API
+
+      MAX_PER_PAGE = 50
+
+      desc 'API Root'
+
+      resource :people do
+        paginate max_per_page: MAX_PER_PAGE
+
+        # -- A note about privacy --
+        # We wold find people by location, but we must test if the related
+        # fields are public. We can't do it now, with SQL, while the location
+        # data and the fields_privacy are a serialized settings.
+        # We must build a new table for profile data, where we can set meta-data
+        # like:
+        # | id | profile_id | key  | value    | privacy_level | source    |
+        # |  1 |         99 | city | Salvador | friends       | user      |
+        # |  2 |         99 | lng  |  -38.521 | me only       | automatic |
+
+        # Collect people from environment
+        #
+        # Parameters:
+        #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
+        #   oldest           - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
+        #   limit            - amount of comments returned. The default value is 20
+        #
+        # Example Request:
+        #  GET /people?from=2013-04-04-14:41:43&until=2014-04-04-14:41:43&limit=10
+        #  GET /people?reference_id=10&limit=10&oldest
+
+        desc "Find environment's people"
+        get do
+          people = select_filtered_collection_of(environment, 'people', params)
+          people = people.visible
+          present_partial people, :with => Entities::Person, :current_person => current_person
+        end
+
+        desc "Return the logged user information"
+        get "/me" do
+          authenticate!
+          present_partial current_person, :with => Entities::Person, :current_person => current_person
+        end
+
+        desc "Return the person information"
+        get ':id' do
+          person = environment.people.visible.find_by(id: params[:id])
+          return not_found! if person.blank?
+          present person, :with => Entities::Person, :current_person => current_person
+        end
+
+        desc "Update person information"
+        post ':id' do
+          authenticate!
+          return forbidden! if current_person.id.to_s != params[:id]
+          current_person.update_attributes!(asset_with_image(params[:person]))
+          present current_person, :with => Entities::Person, :current_person => current_person
+        end
+
+        #  POST api/v1/people?person[login]=some_login&person[password]=some_password&person[name]=Jack
+        #  for each custom field for person, add &person[field_name]=field_value to the request
+        desc "Create person"
+        post do
+          authenticate!
+          user_data = {}
+          user_data[:login] = params[:person].delete(:login) || params[:person][:identifier]
+          user_data[:email] = params[:person].delete(:email)
+          user_data[:password] = params[:person].delete(:password)
+          user_data[:password_confirmation] = params[:person].delete(:password_confirmation)
+
+          params[:person][:custom_values]={}
+          params[:person].keys.each do |key|
+            params[:person][:custom_values][key]=params[:person].delete(key) if Person.custom_fields(environment).any?{|cf| cf.name==key}
+          end
+
+          user = User.build(user_data, asset_with_image(params[:person]), environment)
+
+          begin
+            user.signup!
+          rescue ActiveRecord::RecordInvalid
+            render_api_errors!(user.errors.full_messages)
+          end
+
+          present user.person, :with => Entities::Person, :current_person => user.person
+        end
+
+        desc "Return the person friends"
+        get ':id/friends' do
+          person = environment.people.visible.find_by(id: params[:id])
+          return not_found! if person.blank?
+          friends = person.friends.visible
+          present friends, :with => Entities::Person, :current_person => current_person
+        end
+
+        desc "Return the person permissions on other profiles"
+        get ":id/permissions" do
+          authenticate!
+          person = environment.people.find(params[:id])
+          return not_found! if person.blank?
+          return forbidden! unless current_person == person || environment.admins.include?(current_person)
+
+          output = {}
+          person.role_assignments.map do |role_assigment|
+            if role_assigment.resource.respond_to?(:identifier)
+              output[role_assigment.resource.identifier] = role_assigment.role.permissions
+            end
+          end
+          present output
+        end
+      end
+
+      resource :profiles do
+        segment '/:profile_id' do
+          resource :members do
+            paginate max_per_page: MAX_PER_PAGE
+            get do
+              profile = environment.profiles.find_by id: params[:profile_id]
+              members = select_filtered_collection_of(profile, 'members', params)
+              present members, :with => Entities::Person, :current_person => current_person
+            end
+          end
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,42 @@
+module Api
+  module V1
+    class Profiles < Grape::API
+
+      resource :profiles do
+
+        get do
+          profiles = select_filtered_collection_of(environment, 'profiles', params)
+          profiles = profiles.visible
+          profiles = profiles.by_location(params) # Must be the last. May return Exception obj.
+          present profiles, :with => Entities::Profile, :current_person => current_person
+        end
+
+        get ':id' do
+          profiles = environment.profiles
+          profiles = profiles.visible
+          profile = profiles.find_by id: params[:id]
+
+          if profile
+            present profile, :with => Entities::Profile, :current_person => current_person
+          else
+            not_found!
+          end
+        end
+
+        delete ':id' do
+          authenticate!
+          profiles = environment.profiles
+          profile = profiles.find_by id: params[:id]
+
+          not_found! if profile.blank?
+
+          if current_person.has_permission?(:destroy_profile, profile)
+            profile.destroy
+          else
+            forbidden!
+          end
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,37 @@
+module Api
+  module V1
+    class Search < Grape::API
+
+      resource :search do
+        resource :article do
+          paginate max_per_page: 200
+          get do
+            # Security checks
+            sanitize_params_hash(params)
+            # Api::Helpers
+            asset = :articles
+            context = environment
+
+            profile = environment.profiles.find(params[:profile_id]) if params[:profile_id]
+            scope = profile.nil? ? environment.articles.is_public : profile.articles.is_public
+            scope = scope.where(:type => params[:type]) if params[:type] && !(params[:type] == 'Article')
+            scope = scope.where(make_conditions_with_parameter(params))
+            scope = scope.joins(:categories).where(:categories => {:id => params[:category_ids]}) if params[:category_ids].present?
+            scope = scope.where('articles.children_count > 0') if params[:has_children].present?
+            query = params[:query] || ""
+            order = "more_recent"
+
+            options = {:filter => order, :template_id => params[:template_id]}
+
+            search_result = find_by_contents(asset, context, scope, query, {:page => 1}, options)
+
+            articles = search_result[:results]
+
+            present_articles(articles)
+          end
+        end
+      end
+
+    end
+  end
+end
@@ -0,0 +1,157 @@
+require "uri"
+
+module Api
+  module V1
+    class Session < Grape::API
+
+      # Login to get token
+      #
+      # Parameters:
+      #   login (*required) - user login or email
+      #   password (required) - user password
+      #
+      # Example Request:
+      #  POST http://localhost:3000/api/v1/login?login=adminuser&password=admin
+      post "/login" do
+        begin
+          user ||= User.authenticate(params[:login], params[:password], environment)
+        rescue User::UserNotActivated => e
+          render_api_error!(e.message, 401)
+        end
+
+        return unauthorized! unless user
+        @current_user = user
+        present user, :with => Entities::UserLogin, :current_person => current_person
+      end
+
+      post "/login_from_cookie" do
+        return unauthorized! if cookies[:auth_token].blank?
+        user = User.where(remember_token: cookies[:auth_token]).first
+        return unauthorized! unless user && user.activated?
+        @current_user = user
+        present user, :with => Entities::UserLogin, :current_person => current_person
+      end
+
+      # Create user.
+      #
+      # Parameters:
+      #   email (required)                  - Email
+      #   password (required)               - Password
+      #   login                             - login
+      # Example Request:
+      #   POST /register?email=some@mail.com&password=pas&password_confirmation=pas&login=some
+      params do
+        requires :email, type: String, desc: _("Email")
+        requires :login, type: String, desc: _("Login")
+        requires :password, type: String, desc: _("Password")
+      end
+
+      post "/register" do
+        attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields
+        name = params[:name].present? ? params[:name] : attrs[:email]
+        attrs[:password_confirmation] = attrs[:password] if !attrs.has_key?(:password_confirmation)
+        user = User.new(attrs.merge(:name => name))
+
+        begin
+          user.signup!
+          user.generate_private_token! if user.activated?
+          present user, :with => Entities::UserLogin, :current_person => user.person
+        rescue ActiveRecord::RecordInvalid
+          message = user.errors.as_json.merge((user.person.present? ? user.person.errors : {}).as_json).to_json
+          render_api_error!(message, 400)
+        end
+      end
+
+      params do
+        requires :activation_code, type: String, desc: _("Activation token")
+      end
+
+      # Activate a user.
+      #
+      # Parameter:
+      #   activation_code (required)                  - Activation token
+      # Example Request:
+      #   PATCH /activate?activation_code=28259abd12cc6a64ef9399cf3286cb998b96aeaf
+      patch "/activate" do
+        user = User.find_by activation_code: params[:activation_code]
+        if user
+          unless user.environment.enabled?('admin_must_approve_new_users')
+            if user.activate
+                user.generate_private_token!
+                present user, :with => Entities::UserLogin, :current_person => current_person
+            end
+          else
+            if user.create_moderate_task
+              user.activation_code = nil
+              user.save!
+
+              # Waiting for admin moderate user registration
+              status 202
+              body({
+                :message => 'Waiting for admin moderate user registration'
+              })
+            end
+          end
+        else
+          # Token not found in database
+          render_api_error!(_('Token is invalid'), 412)
+        end
+      end
+
+      # Request a new password.
+      #
+      # Parameters:
+      #   value (required)                  - Email or login
+      # Example Request:
+      #   POST /forgot_password?value=some@mail.com
+      post "/forgot_password" do
+        requestors = fetch_requestors(params[:value])
+        not_found! if requestors.blank?
+        remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
+        requestors.each do |requestor|
+          ChangePassword.create!(:requestor => requestor)
+        end
+      end
+
+      # Resend activation code.
+      #
+      # Parameters:
+      #   value (required)                  - Email or login
+      # Example Request:
+      #   POST /resend_activation_code?value=some@mail.com
+      post "/resend_activation_code" do
+        requestors = fetch_requestors(params[:value])
+        not_found! if requestors.blank?
+        remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
+        requestors.each do |requestor|
+          requestor.user.resend_activation_code
+        end
+        present requestors.map(&:user), :with => Entities::UserLogin
+      end
+
+      params do
+        requires :code, type: String, desc: _("Forgot password code")
+      end
+      # Change password
+      #
+      # Parameters:
+      #   code (required)                  - Change password code
+      #   password (required)
+      #   password_confirmation (required)
+      # Example Request:
+      #   PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret
+      patch "/new_password" do
+        change_password = ChangePassword.find_by code: params[:code]
+        not_found! if change_password.nil?
+
+        if change_password.update_attributes(:password => params[:password], :password_confirmation => params[:password_confirmation])
+          change_password.finish
+          present change_password.requestor.user, :with => Entities::UserLogin, :current_person => current_person
+        else
+          something_wrong!
+        end
+      end
+
+    end
+  end
+end
@@ -0,0 +1,26 @@
+module Api
+  module V1
+    class Tags < Grape::API
+      before { authenticate! }
+
+      resource :articles do
+
+        resource ':id/tags' do
+
+          get do
+            article = find_article(environment.articles, params[:id])
+            present article.tag_list
+          end
+
+          desc "Add a tag to an article"
+          post do
+            article = find_article(environment.articles, params[:id])
+            article.tag_list=params[:tags]
+            article.save
+            present article.tag_list
+          end
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,57 @@
+module Api
+  module V1
+    class Tasks < Grape::API
+#      before { authenticate! }
+
+#      ARTICLE_TYPES = Article.descendants.map{|a| a.to_s}
+
+      resource :tasks do
+
+        # Collect tasks
+        #
+        # Parameters:
+        #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
+        #   oldest           - Collect the oldest articles. If nothing is passed the newest articles are collected
+        #   limit            - amount of articles returned. The default value is 20
+        #
+        # Example Request:
+        #  GET host/api/v1/tasks?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317
+        get do
+          tasks = select_filtered_collection_of(environment, 'tasks', params)
+          tasks = tasks.select {|t| current_person.has_permission?(t.permission, environment)}
+          present_partial tasks, :with => Entities::Task
+        end
+
+        desc "Return the task id"
+        get ':id' do
+          task = find_task(environment, params[:id])
+          present_partial task, :with => Entities::Task
+        end
+      end
+
+      kinds = %w[community person enterprise]
+      kinds.each do |kind|
+        resource kind.pluralize.to_sym do
+          segment "/:#{kind}_id" do
+            resource :tasks do
+              get do
+                profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                present_tasks(profile)
+              end
+
+              get ':id' do
+                profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                present_task(profile)
+              end
+
+              post do
+                profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                post_task(profile, params)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,43 @@
+module Api
+  module V1
+    class Users < Grape::API
+
+      resource :users do
+
+        get do
+          users = select_filtered_collection_of(environment, 'users', params)
+          users = users.select{|u| u.person.display_info_to? current_person}
+          present users, :with => Entities::User, :current_person => current_person
+        end
+
+        get "/me" do
+          authenticate!
+          present current_user, :with => Entities::User, :current_person => current_person
+        end
+
+        get ":id" do
+          user = environment.users.find_by id: params[:id]
+          if user
+            present user, :with => Entities::User, :current_person => current_person
+          else
+            not_found!
+          end
+        end
+
+        get ":id/permissions" do
+          authenticate!
+          user = environment.users.find(params[:id])
+          output = {}
+          user.person.role_assignments.map do |role_assigment|
+            if role_assigment.resource.respond_to?(:identifier) && role_assigment.resource.identifier == params[:profile]
+              output[:permissions] = role_assigment.role.permissions
+            end
+          end
+          present output
+        end
+
+      end
+
+    end
+  end
+end
@@ -13,7 +13,7 @@ class ApiController &lt; PublicController
   private
   def endpoints
-    Noosfero::API::API.endpoints(environment)
+    Api::App.endpoints(environment)
   end
 end
@@ -1093,6 +1093,11 @@ private :generate_url, :url_options
     self.data[:fields_privacy]
   end
+  # abstract
+  def active_fields
+    []
+  end
+
   def public_fields
     self.active_fields
   end
@@ -31,7 +31,7 @@ class RecentDocumentsBlock &lt; Block
   end
   def api_content
-    Noosfero::API::Entities::ArticleBase.represent(docs).as_json
+    Api::Entities::ArticleBase.represent(docs).as_json
   end
   def display_api_content_by_default?
 <h1>API Playground</h1>
 <script>
-<% prefix = Noosfero::API::API.prefix %>
+<% prefix = Api::App.prefix %>
 var prefix = <%= prefix.to_json %>;
 var endpoints = <%=
 endpoints.map do |endpoint|
@@ -20,6 +20,6 @@ rails_app = Rack::Builder.new do
 end
 run Rack::Cascade.new([
-  Noosfero::API::API,
+  Api::App,
   rails_app
 ])
@@ -39,6 +39,7 @@ module Noosfero
     # Custom directories with classes and modules you want to be autoloadable.
     config.autoload_paths << config.root.join('lib')
+    config.autoload_paths << config.root.join('app')
     config.autoload_paths << config.root.join('app/jobs')
     config.autoload_paths << config.root.join('app/sweepers')
     config.autoload_paths.concat Dir["#{config.root}/app/controllers/**/"]
@@ -1,94 +0,0 @@
-require 'grape'
-#require 'rack/contrib'
-Dir["#{Rails.root}/lib/noosfero/api/*.rb"].each {|file| require file unless file =~ /api\.rb/}
-
-module Noosfero
-  module API
-    class API < Grape::API
-      use Rack::JSONP
-
-      logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] || 'production'}_api.log"))
-      logger.formatter = GrapeLogging::Formatters::Default.new
-      #use GrapeLogging::Middleware::RequestLogger, { logger: logger }
-
-      rescue_from :all do |e|
-        logger.error e
-        error! e.message, 500
-      end
-
-      @@NOOSFERO_CONF = nil
-      def self.NOOSFERO_CONF
-        if @@NOOSFERO_CONF
-          @@NOOSFERO_CONF
-        else
-          file = Rails.root.join('config', 'noosfero.yml')
-          @@NOOSFERO_CONF = File.exists?(file) ? YAML.load_file(file)[Rails.env] || {} : {}
-        end
-      end
-
-      before { set_locale  }
-      before { setup_multitenancy }
-      before { detect_stuff_by_domain }
-      before { filter_disabled_plugins_endpoints }
-      before { init_noosfero_plugins }
-      after { set_session_cookie }
-
-      version 'v1'
-      prefix [ENV['RAILS_RELATIVE_URL_ROOT'], "api"].compact.join('/')
-      format :json
-      content_type :txt, "text/plain"
-
-      helpers APIHelpers
-
-      mount V1::Articles
-      mount V1::Comments
-      mount V1::Users
-      mount V1::Communities
-      mount V1::People
-      mount V1::Enterprises
-      mount V1::Categories
-      mount V1::Tasks
-      mount V1::Tags
-      mount V1::Environments
-      mount V1::Search
-      mount V1::Contacts
-      mount V1::Boxes
-      mount V1::Blocks
-      mount V1::Profiles
-      mount V1::Activities
-
-      mount Session
-
-      # hook point which allow plugins to add Grape::API extensions to API::API
-      #finds for plugins which has api mount points classes defined (the class should extends Grape::API)
-      @plugins = Noosfero::Plugin.all.map { |p| p.constantize }
-      @plugins.each do |klass|
-        if klass.public_methods.include? :api_mount_points
-          klass.api_mount_points.each do |mount_class|
-              mount mount_class if mount_class && ( mount_class < Grape::API )
-          end
-        end
-      end
-
-      def self.endpoint_unavailable?(endpoint, environment)
-        api_class = endpoint.options[:app] || endpoint.options[:for]
-        if api_class.present?
-          klass = api_class.name.deconstantize.constantize
-          return klass < Noosfero::Plugin && !environment.plugin_enabled?(klass)
-        end
-      end
-
-      class << self
-        def endpoints_with_plugins(environment = nil)
-          if environment.present?
-            cloned_endpoints = endpoints_without_plugins.dup
-            cloned_endpoints.delete_if { |endpoint| endpoint_unavailable?(endpoint, environment) }
-          else
-            endpoints_without_plugins
-          end
-        end
-        alias_method_chain :endpoints, :plugins
-      end
-    end
-  end
-end
@@ -1,269 +0,0 @@
-module Noosfero
-  module API
-    module Entities
-
-      Entity.format_with :timestamp do |date|
-        date.strftime('%Y/%m/%d %H:%M:%S') if date
-      end
-
-      PERMISSIONS = {
-        :admin => 0,
-        :self  => 10,
-        :private_content => 20,
-        :logged_user => 30,
-        :anonymous => 40
-      }
-
-      def self.can_display_profile_field? profile, options, permission_options={}
-        permissions={:field => "", :permission => :private_content}
-        permissions.merge!(permission_options)
-        field = permissions[:field]
-        permission = permissions[:permission]
-        return true if profile.public? && profile.public_fields.map{|f| f.to_sym}.include?(field.to_sym)
-
-        current_person = options[:current_person]
-
-        current_permission = if current_person.present?
-          if current_person.is_admin?
-            :admin
-          elsif current_person == profile
-            :self
-          elsif profile.display_private_info_to?(current_person)
-            :private_content
-          else
-            :logged_user
-          end
-        else
-          :anonymous
-        end
-        PERMISSIONS[current_permission] <= PERMISSIONS[permission]
-      end
-
-      class Image < Entity
-        root 'images', 'image'
-
-        expose  :url do |image, options|
-          image.public_filename
-        end
-
-        expose  :icon_url do |image, options|
-          image.public_filename(:icon)
-        end
-
-        expose  :minor_url do |image, options|
-          image.public_filename(:minor)
-        end
-
-        expose  :portrait_url do |image, options|
-          image.public_filename(:portrait)
-        end
-
-        expose  :thumb_url do |image, options|
-          image.public_filename(:thumb)
-        end
-      end
-
-      class CategoryBase < Entity
-        root 'categories', 'category'
-        expose :name, :id, :slug
-      end
-
-      class Category < CategoryBase
-        root 'categories', 'category'
-        expose :full_name do |category, options|
-          category.full_name
-        end
-        expose :parent, :using => CategoryBase, if: { parent: true }
-        expose :children, :using => CategoryBase, if: { children: true }
-        expose :image, :using => Image
-        expose :display_color
-      end
-
-      class Region < Category
-        root 'regions', 'region'
-        expose :parent_id
-      end
-
-      class Block < Entity
-        root 'blocks', 'block'
-        expose :id, :type, :settings, :position, :enabled
-        expose :mirror, :mirror_block_id, :title
-        expose :api_content, if: lambda { |object, options| options[:display_api_content] || object.display_api_content_by_default? }
-      end
-
-      class Box < Entity
-        root 'boxes', 'box'
-        expose :id, :position
-        expose :blocks, :using => Block
-      end
-
-      class Profile < Entity
-        expose :identifier, :name, :id
-        expose :created_at, :format_with => :timestamp
-        expose :updated_at, :format_with => :timestamp
-        expose :additional_data do |profile, options|
-          hash ={}
-          profile.public_values.each do |value|
-            hash[value.custom_field.name]=value.value
-          end
-
-          private_values = profile.custom_field_values - profile.public_values
-          private_values.each do |value|
-            if Entities.can_display_profile_field?(profile,options)
-              hash[value.custom_field.name]=value.value
-            end
-          end
-          hash
-        end
-        expose :image, :using => Image
-        expose :region, :using => Region
-        expose :type
-        expose :custom_header
-        expose :custom_footer
-      end
-
-      class UserBasic < Entity
-        expose :id
-        expose :login
-      end
-
-      class Person < Profile
-        root 'people', 'person'
-        expose :user, :using => UserBasic, documentation: {type: 'User', desc: 'The user data of a person' }
-        expose :vote_count
-        expose :comments_count do |person, options|
-          person.comments.count
-        end
-        expose :following_articles_count do |person, options|
-          person.following_articles.count
-        end
-        expose :articles_count do |person, options|
-          person.articles.count
-        end
-      end
-
-      class Enterprise < Profile
-        root 'enterprises', 'enterprise'
-      end
-
-      class Community < Profile
-        root 'communities', 'community'
-        expose :description
-        expose :admins, :if => lambda { |community, options| community.display_info_to? options[:current_person]} do |community, options|
-          community.admins.map{|admin| {"name"=>admin.name, "id"=>admin.id, "username" => admin.identifier}}
-        end
-        expose :categories, :using => Category
-        expose :members, :using => Person , :if => lambda{ |community, options| community.display_info_to? options[:current_person] }
-      end
-
-      class CommentBase < Entity
-        expose :body, :title, :id
-        expose :created_at, :format_with => :timestamp
-        expose :author, :using => Profile
-        expose :reply_of, :using => CommentBase
-      end
-
-      class Comment < CommentBase
-        root 'comments', 'comment'
-        expose :children, as: :replies, :using => Comment
-      end
-
-      class ArticleBase < Entity
-        root 'articles', 'article'
-        expose :id
-        expose :body
-        expose :abstract, documentation: {type: 'String', desc: 'Teaser of the body'}
-        expose :created_at, :format_with => :timestamp
-        expose :updated_at, :format_with => :timestamp
-        expose :title, :documentation => {:type => "String", :desc => "Title of the article"}
-        expose :created_by, :as => :author, :using => Profile, :documentation => {type: 'Profile', desc: 'The profile author that create the article'}
-        expose :profile, :using => Profile, :documentation => {type: 'Profile', desc: 'The profile associated with the article'}
-        expose :categories, :using => Category
-        expose :image, :using => Image
-        expose :votes_for
-        expose :votes_against
-        expose :setting
-        expose :position
-        expose :hits
-        expose :start_date
-        expose :end_date, :documentation => {type: 'DateTime', desc: 'The date of finish of the article'}
-        expose :tag_list
-        expose :children_count
-        expose :slug, :documentation => {:type => "String", :desc => "Trimmed and parsed name of a article"}
-        expose :path
-        expose :followers_count
-        expose :votes_count
-        expose :comments_count
-        expose :archived, :documentation => {:type => "Boolean", :desc => "Defines if a article is readonly"}
-        expose :type
-        expose :comments, using: CommentBase, :if => lambda{|obj,opt| opt[:params] && ['1','true',true].include?(opt[:params][:show_comments])}
-        expose :published
-        expose :accept_comments?, as: :accept_comments
-      end
-
-      class Article < ArticleBase
-        root 'articles', 'article'
-        expose :parent, :using => ArticleBase
-        expose :children, :using => ArticleBase do |article, options|
-          article.children.published.limit(Noosfero::API::V1::Articles::MAX_PER_PAGE)
-        end
-      end
-
-      class User < Entity
-        root 'users', 'user'
-
-        attrs = [:id,:login,:email,:activated?]
-        aliases = {:activated? => :activated}
-
-        attrs.each do |attribute|
-          name = aliases.has_key?(attribute) ? aliases[attribute] : attribute
-          expose attribute, :as => name, :if => lambda{|user,options| Entities.can_display_profile_field?(user.person, options, {:field =>  attribute})}
-        end
-
-        expose :person, :using => Person, :if => lambda{|user,options| user.person.display_info_to? options[:current_person]}
-        expose :permissions, :if => lambda{|user,options| Entities.can_display_profile_field?(user.person, options, {:field => :permissions, :permission => :self})} do |user, options|
-          output = {}
-          user.person.role_assignments.map do |role_assigment|
-            if role_assigment.resource.respond_to?(:identifier) && !role_assigment.role.nil?
-              output[role_assigment.resource.identifier] = role_assigment.role.permissions
-            end
-          end
-          output
-        end
-      end
-
-      class UserLogin < User
-        root 'users', 'user'
-        expose :private_token, documentation: {type: 'String', desc: 'A valid authentication code for post/delete api actions'}, if: lambda {|object, options| object.activated? }
-      end
-
-      class Task < Entity
-        root 'tasks', 'task'
-        expose :id
-        expose :type
-      end
-
-      class Environment < Entity
-        expose :name
-        expose :id
-        expose :description
-        expose :settings, if: lambda { |instance, options| options[:is_admin] }
-      end
-
-      class Tag < Entity
-        root 'tags', 'tag'
-        expose :name
-      end
-
-      class Activity < Entity
-        root 'activities', 'activity'
-        expose :id, :params, :verb, :created_at, :updated_at, :comments_count, :visible
-        expose :user, :using => Profile
-        expose :target do |activity, opts|
-          type_map = {Profile => ::Profile, ArticleBase => ::Article}.find {|h| activity.target.kind_of?(h.last)}
-          type_map.first.represent(activity.target) unless type_map.nil?
-        end
-      end
-    end
-  end
-end
@@ -1,25 +0,0 @@
-class Noosfero::API::Entity < Grape::Entity
-
-  def initialize(object, options = {})
-    object = nil if object.is_a? Exception
-    super object, options
-  end
-
-  def self.represent(objects, options = {})
-    if options[:has_exception]
-      data = super objects, options.merge(is_inner_data: true)
-      if objects.is_a? Exception
-        data.merge ok: false, error: {
-          type: objects.class.name,
-          message: objects.message
-        }
-      else
-        data = data.serializable_hash if data.is_a? Noosfero::API::Entity
-        data.merge ok: true, error: { type: 'Success', message: '' }
-      end
-    else
-      super objects, options
-    end
-  end
-
-end
@@ -1,425 +0,0 @@
-require 'grape'
-require 'base64'
-require 'tempfile'
-require_relative '../../find_by_contents'
-
-module Noosfero;
-  module API
-    module APIHelpers
-      PRIVATE_TOKEN_PARAM = :private_token
-      DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id, :identifier, :archived]
-
-      include SanitizeParams
-      include Noosfero::Plugin::HotSpot
-      include ForgotPasswordHelper
-      include SearchTermHelper
-
-      def set_locale
-        I18n.locale = (params[:lang] || request.env['HTTP_ACCEPT_LANGUAGE'] || 'en')
-      end
-
-      def init_noosfero_plugins
-        plugins
-      end
-
-      def current_user
-        private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
-        @current_user ||= User.find_by private_token: private_token
-        @current_user ||= plugins.dispatch("api_custom_login", request).first
-        @current_user
-      end
-
-      def current_person
-        current_user.person unless current_user.nil?
-      end
-
-      def is_admin?(environment)
-        return false unless current_user
-        return current_person.is_admin?(environment)
-      end
-
-      def logout
-        @current_user = nil
-      end
-
-      def environment
-        @environment
-      end
-
-      def present_partial(model, options)
-        if(params[:fields].present?)
-          begin
-            fields = JSON.parse(params[:fields])
-            if fields.present?
-              options.merge!(fields.symbolize_keys.slice(:only, :except))
-            end
-          rescue
-            fields = params[:fields]
-            fields = fields.split(',') if fields.kind_of?(String)
-            options[:only] = Array.wrap(fields)
-          end
-        end
-        present model, options
-      end
-
-      include FindByContents
-
-      ####################################################################
-      #### SEARCH
-      ####################################################################
-      def multiple_search?(searches=nil)
-        ['index', 'category_index'].include?(params[:action]) || (searches && searches.size > 1)
-      end
-      ####################################################################
-
-      def logger
-        logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] || 'production'}_api.log"))
-        logger.formatter = GrapeLogging::Formatters::Default.new
-        logger
-      end
-
-      def limit
-        limit = params[:limit].to_i
-        limit = default_limit if limit <= 0
-        limit
-      end
-
-      def period(from_date, until_date)
-        return nil if from_date.nil? && until_date.nil?
-
-        begin_period = from_date.nil? ? Time.at(0).to_datetime : from_date
-        end_period = until_date.nil? ? DateTime.now : until_date
-
-        begin_period..end_period
-      end
-
-      def parse_content_type(content_type)
-        return nil if content_type.blank?
-        content_type.split(',').map do |content_type|
-          content_type.camelcase
-        end
-      end
-
-      def find_article(articles, id)
-        article = articles.find(id)
-        article.display_to?(current_person) ? article : forbidden!
-      end
-
-      def post_article(asset, params)
-        return forbidden! unless current_person.can_post_content?(asset)
-
-        klass_type = params[:content_type] || params[:article].delete(:type) || TinyMceArticle.name
-        return forbidden! unless klass_type.constantize <= Article
-
-        article = klass_type.constantize.new(params[:article])
-        article.last_changed_by = current_person
-        article.created_by= current_person
-        article.profile = asset
-
-        if !article.save
-          render_api_errors!(article.errors.full_messages)
-        end
-        present_partial article, :with => Entities::Article
-      end
-
-      def present_article(asset)
-        article = find_article(asset.articles, params[:id])
-        present_partial article, :with => Entities::Article, :params => params
-      end
-
-      def present_articles_for_asset(asset, method = 'articles')
-        articles = find_articles(asset, method)
-        present_articles(articles)
-      end
-
-      def present_articles(articles)
-        present_partial paginate(articles), :with => Entities::Article, :params => params
-      end
-
-      def find_articles(asset, method = 'articles')
-        articles = select_filtered_collection_of(asset, method, params)
-        if current_person.present?
-          articles = articles.display_filter(current_person, nil)
-        else
-          articles = articles.published
-        end
-        articles
-      end
-
-      def find_task(asset, id)
-        task = asset.tasks.find(id)
-        current_person.has_permission?(task.permission, asset) ? task : forbidden!
-      end
-
-      def post_task(asset, params)
-        klass_type= params[:content_type].nil? ? 'Task' : params[:content_type]
-        return forbidden! unless klass_type.constantize <= Task
-
-        task = klass_type.constantize.new(params[:task])
-        task.requestor_id = current_person.id
-        task.target_id = asset.id
-        task.target_type = 'Profile'
-
-        if !task.save
-          render_api_errors!(task.errors.full_messages)
-        end
-        present_partial task, :with => Entities::Task
-      end
-
-      def present_task(asset)
-        task = find_task(asset, params[:id])
-        present_partial task, :with => Entities::Task
-      end
-
-      def present_tasks(asset)
-        tasks = select_filtered_collection_of(asset, 'tasks', params)
-        tasks = tasks.select {|t| current_person.has_permission?(t.permission, asset)}
-        return forbidden! if tasks.empty? && !current_person.has_permission?(:perform_task, asset)
-        present_partial tasks, :with => Entities::Task
-      end
-
-      def make_conditions_with_parameter(params = {})
-        parsed_params = parser_params(params)
-        conditions = {}
-        from_date = DateTime.parse(parsed_params.delete(:from)) if parsed_params[:from]
-        until_date = DateTime.parse(parsed_params.delete(:until)) if parsed_params[:until]
-
-        conditions[:type] = parse_content_type(parsed_params.delete(:content_type)) unless parsed_params[:content_type].nil?
-
-        conditions[:created_at] = period(from_date, until_date) if from_date || until_date
-        conditions.merge!(parsed_params)
-
-        conditions
-      end
-
-      # changing make_order_with_parameters to avoid sql injection
-      def make_order_with_parameters(object, method, params)
-        order = "created_at DESC"
-        unless params[:order].blank?
-          if params[:order].include? '\'' or params[:order].include? '"'
-            order = "created_at DESC"
-          elsif ['RANDOM()', 'RANDOM'].include? params[:order].upcase
-            order = 'RANDOM()'
-          else
-            field_name, direction = params[:order].split(' ')
-            assoc = object.class.reflect_on_association(method.to_sym)
-            if !field_name.blank? and assoc
-              if assoc.klass.attribute_names.include? field_name
-                if direction.present? and ['ASC','DESC'].include? direction.upcase
-                  order = "#{field_name} #{direction.upcase}"
-                end
-              end
-            end
-          end
-        end
-        return order
-      end
-
-      def make_timestamp_with_parameters_and_method(params, method)
-        timestamp = nil
-        if params[:timestamp]
-          datetime = DateTime.parse(params[:timestamp])
-          table_name = method.to_s.singularize.camelize.constantize.table_name
-          timestamp = "#{table_name}.updated_at >= '#{datetime}'"
-        end
-
-        timestamp
-      end
-
-      def by_reference(scope, params)
-        reference_id = params[:reference_id].to_i == 0 ? nil : params[:reference_id].to_i
-        if reference_id.nil?
-          scope
-        else
-          created_at = scope.find(reference_id).created_at
-          scope.send("#{params.key?(:oldest) ? 'older_than' : 'younger_than'}", created_at)
-        end
-      end
-
-      def by_categories(scope, params)
-        category_ids = params[:category_ids]
-        if category_ids.nil?
-          scope
-        else
-          scope.joins(:categories).where(:categories => {:id => category_ids})
-        end
-      end
-
-      def select_filtered_collection_of(object, method, params)
-        conditions = make_conditions_with_parameter(params)
-        order = make_order_with_parameters(object,method,params)
-        timestamp = make_timestamp_with_parameters_and_method(params, method)
-
-        objects = object.send(method)
-        objects = by_reference(objects, params)
-        objects = by_categories(objects, params)
-
-        objects = objects.where(conditions).where(timestamp).reorder(order)
-
-        params[:page] ||= 1
-        params[:per_page] ||= limit
-        paginate(objects)
-      end
-
-      def authenticate!
-        unauthorized! unless current_user
-      end
-
-      def profiles_for_person(profiles, person)
-        if person
-          profiles.listed_for_person(person)
-        else
-          profiles.visible
-        end
-      end
-
-      # Checks the occurrences of uniqueness of attributes, each attribute must be present in the params hash
-      # or a Bad Request error is invoked.
-      #
-      # Parameters:
-      #   keys (unique) - A hash consisting of keys that must be unique
-      def unique_attributes!(obj, keys)
-        keys.each do |key|
-          cant_be_saved_request!(key) if obj.find_by(key.to_s => params[key])
-        end
-      end
-
-      def attributes_for_keys(keys)
-        attrs = {}
-        keys.each do |key|
-          attrs[key] = params[key] if params[key].present? or (params.has_key?(key) and params[key] == false)
-        end
-        attrs
-      end
-
-      ##########################################
-      #              error helpers             #
-      ##########################################
-
-      def not_found!
-        render_api_error!('404 Not found', 404)
-      end
-
-      def forbidden!
-        render_api_error!('403 Forbidden', 403)
-      end
-
-      def cant_be_saved_request!(attribute)
-        message = _("(Invalid request) %s can't be saved") % attribute
-        render_api_error!(message, 400)
-      end
-
-      def bad_request!(attribute)
-        message = _("(Invalid request) %s not given") % attribute
-        render_api_error!(message, 400)
-      end
-
-      def something_wrong!
-        message = _("Something wrong happened")
-        render_api_error!(message, 400)
-      end
-
-      def unauthorized!
-        render_api_error!(_('Unauthorized'), 401)
-      end
-
-      def not_allowed!
-        render_api_error!(_('Method Not Allowed'), 405)
-      end
-
-      # javascript_console_message is supposed to be executed as console.log()
-      def render_api_error!(user_message, status, log_message = nil, javascript_console_message = nil)
-        message_hash = {'message' => user_message, :code => status}
-        message_hash[:javascript_console_message] = javascript_console_message if javascript_console_message.present?
-        log_msg = "#{status}, User message: #{user_message}"
-        log_msg = "#{log_message}, #{log_msg}" if log_message.present?
-        log_msg = "#{log_msg}, Javascript Console Message: #{javascript_console_message}" if javascript_console_message.present?
-        logger.error log_msg unless Rails.env.test?
-        error!(message_hash, status)
-      end
-
-      def render_api_errors!(messages)
-        messages = messages.to_a if messages.class == ActiveModel::Errors
-        render_api_error!(messages.join(','), 400)
-      end
-
-      protected
-
-      def set_session_cookie
-        cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
-      end
-
-      def setup_multitenancy
-        Noosfero::MultiTenancy.setup!(request.host)
-      end
-
-      def detect_stuff_by_domain
-        @domain = Domain.by_name(request.host)
-        if @domain.nil?
-          @environment = Environment.default
-          if @environment.nil? && Rails.env.development?
-            # This should only happen in development ...
-            @environment = Environment.create!(:name => "Noosfero", :is_default => true)
-          end
-        else
-          @environment = @domain.environment
-        end
-      end
-
-      def filter_disabled_plugins_endpoints
-        not_found! if Noosfero::API::API.endpoint_unavailable?(self, @environment)
-      end
-
-      def asset_with_image params
-        if params.has_key? :image_builder
-          asset_api_params = params
-          asset_api_params[:image_builder] = base64_to_uploadedfile(asset_api_params[:image_builder])
-          return asset_api_params
-        end
-          params
-      end
-
-      def base64_to_uploadedfile(base64_image)
-        tempfile = base64_to_tempfile base64_image
-        converted_image = base64_image
-        converted_image[:tempfile] = tempfile
-        return {uploaded_data: ActionDispatch::Http::UploadedFile.new(converted_image)}
-      end
-
-      def base64_to_tempfile base64_image
-        base64_img_str = base64_image[:tempfile]
-        decoded_base64_str = Base64.decode64(base64_img_str)
-        tempfile = Tempfile.new(base64_image[:filename])
-        tempfile.write(decoded_base64_str.encode("ascii-8bit").force_encoding("utf-8"))
-        tempfile.rewind
-        tempfile
-      end
-      private
-
-      def parser_params(params)
-        parsed_params = {}
-        params.map do |k,v|
-          parsed_params[k.to_sym] = v if DEFAULT_ALLOWED_PARAMETERS.include?(k.to_sym)
-        end
-        parsed_params
-      end
-
-      def default_limit
-        20
-      end
-
-      def parse_content_type(content_type)
-        return nil if content_type.blank?
-        content_type.split(',').map do |content_type|
-          content_type.camelcase
-        end
-      end
-
-      def period(from_date, until_date)
-        begin_period = from_date.nil? ? Time.at(0).to_datetime : from_date
-        end_period = until_date.nil? ? DateTime.now : until_date
-        begin_period..end_period
-      end
-    end
-  end
-end
@@ -1,157 +0,0 @@
-require "uri"
-
-module Noosfero
-  module API
-    class Session < Grape::API
-
-      # Login to get token
-      #
-      # Parameters:
-      #   login (*required) - user login or email
-      #   password (required) - user password
-      #
-      # Example Request:
-      #  POST http://localhost:3000/api/v1/login?login=adminuser&password=admin
-      post "/login" do
-        begin
-          user ||= User.authenticate(params[:login], params[:password], environment)
-        rescue User::UserNotActivated => e
-          render_api_error!(e.message, 401)
-        end
-
-        return unauthorized! unless user
-        @current_user = user
-        present user, :with => Entities::UserLogin, :current_person => current_person
-      end
-
-      post "/login_from_cookie" do
-        return unauthorized! if cookies[:auth_token].blank?
-        user = User.where(remember_token: cookies[:auth_token]).first
-        return unauthorized! unless user && user.activated?
-        @current_user = user
-        present user, :with => Entities::UserLogin, :current_person => current_person
-      end
-
-      # Create user.
-      #
-      # Parameters:
-      #   email (required)                  - Email
-      #   password (required)               - Password
-      #   login                             - login
-      # Example Request:
-      #   POST /register?email=some@mail.com&password=pas&password_confirmation=pas&login=some
-      params do
-        requires :email, type: String, desc: _("Email")
-        requires :login, type: String, desc: _("Login")
-        requires :password, type: String, desc: _("Password")
-      end
-
-      post "/register" do
-        attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields
-        name = params[:name].present? ? params[:name] : attrs[:email]
-        attrs[:password_confirmation] = attrs[:password] if !attrs.has_key?(:password_confirmation)
-        user = User.new(attrs.merge(:name => name))
-
-        begin
-          user.signup!
-          user.generate_private_token! if user.activated?
-          present user, :with => Entities::UserLogin, :current_person => user.person
-        rescue ActiveRecord::RecordInvalid
-          message = user.errors.as_json.merge((user.person.present? ? user.person.errors : {}).as_json).to_json
-          render_api_error!(message, 400)
-        end
-      end
-
-      params do
-        requires :activation_code, type: String, desc: _("Activation token")
-      end
-
-      # Activate a user.
-      #
-      # Parameter:
-      #   activation_code (required)                  - Activation token
-      # Example Request:
-      #   PATCH /activate?activation_code=28259abd12cc6a64ef9399cf3286cb998b96aeaf
-      patch "/activate" do
-        user = User.find_by activation_code: params[:activation_code]
-        if user
-          unless user.environment.enabled?('admin_must_approve_new_users')
-            if user.activate
-                user.generate_private_token!
-                present user, :with => Entities::UserLogin, :current_person => current_person
-            end
-          else
-            if user.create_moderate_task
-              user.activation_code = nil
-              user.save!
-
-              # Waiting for admin moderate user registration
-              status 202
-              body({
-                :message => 'Waiting for admin moderate user registration'
-              })
-            end
-          end
-        else
-          # Token not found in database
-          render_api_error!(_('Token is invalid'), 412)
-        end
-      end
-
-      # Request a new password.
-      #
-      # Parameters:
-      #   value (required)                  - Email or login
-      # Example Request:
-      #   POST /forgot_password?value=some@mail.com
-      post "/forgot_password" do
-        requestors = fetch_requestors(params[:value])
-        not_found! if requestors.blank?
-        remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
-        requestors.each do |requestor|
-          ChangePassword.create!(:requestor => requestor)
-        end
-      end
-
-      # Resend activation code.
-      #
-      # Parameters:
-      #   value (required)                  - Email or login
-      # Example Request:
-      #   POST /resend_activation_code?value=some@mail.com
-      post "/resend_activation_code" do
-        requestors = fetch_requestors(params[:value])
-        not_found! if requestors.blank?
-        remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
-        requestors.each do |requestor|
-          requestor.user.resend_activation_code
-        end
-        present requestors.map(&:user), :with => Entities::UserLogin
-      end
-
-      params do
-        requires :code, type: String, desc: _("Forgot password code")
-      end
-      # Change password
-      #
-      # Parameters:
-      #   code (required)                  - Change password code
-      #   password (required)
-      #   password_confirmation (required)
-      # Example Request:
-      #   PATCH /new_password?code=xxxx&password=secret&password_confirmation=secret
-      patch "/new_password" do
-        change_password = ChangePassword.find_by code: params[:code]
-        not_found! if change_password.nil?
-
-        if change_password.update_attributes(:password => params[:password], :password_confirmation => params[:password_confirmation])
-          change_password.finish
-          present change_password.requestor.user, :with => Entities::UserLogin, :current_person => current_person
-        else
-          something_wrong!
-        end
-      end
-
-    end
-  end
-end
@@ -1,22 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Activities < Grape::API
-        before { authenticate! }
-
-        resource :profiles do
-
-          get ':id/activities' do
-            profile = Profile.find_by id: params[:id]
-
-            not_found! if profile.blank? || profile.secret || !profile.visible
-            forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person)
-
-            activities = profile.activities.map(&:activity)
-            present activities, :with => Entities::Activity, :current_person => current_person
-          end
-        end
-      end
-    end
-  end
-end
@@ -1,305 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Articles < Grape::API
-
-        ARTICLE_TYPES = Article.descendants.map{|a| a.to_s}
-
-        MAX_PER_PAGE = 50
-
-        resource :articles do
-
-          paginate max_per_page: MAX_PER_PAGE
-          # Collect articles
-          #
-          # Parameters:
-          #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
-          #   oldest           - Collect the oldest articles. If nothing is passed the newest articles are collected
-          #   limit            - amount of articles returned. The default value is 20
-          #
-          # Example Request:
-          #  GET host/api/v1/articles?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317
-
-          desc 'Return all articles of all kinds' do
-            detail 'Get all articles filtered by fields in query params'
-            params Noosfero::API::Entities::Article.documentation
-            success Noosfero::API::Entities::Article
-            failure [[403, 'Forbidden']]
-            named 'ArticlesList'
-            headers [
-              'Per-Page' => {
-                    description: 'Total number of records',
-                    required: false
-                }
-              ]
-          end
-          get do
-            present_articles_for_asset(environment)
-          end
-
-          desc "Return one article by id" do
-            detail 'Get only one article by id. If not found the "forbidden" http error is showed'
-            params Noosfero::API::Entities::Article.documentation
-            success Noosfero::API::Entities::Article
-            failure [[403, 'Forbidden']]
-            named 'ArticleById'
-          end
-          get ':id', requirements: {id: /[0-9]+/} do
-            present_article(environment)
-          end
-
-          post ':id' do
-            article = environment.articles.find(params[:id])
-            return forbidden! unless article.allow_edit?(current_person)
-            article.update_attributes!(asset_with_image(params[:article]))
-            present_partial article, :with => Entities::Article
-          end
-
-          desc 'Report a abuse and/or violent content in a article by id' do
-            detail 'Submit a abuse (in general, a content violation) report about a specific article'
-            params Noosfero::API::Entities::Article.documentation
-            failure [[400, 'Bad Request']]
-            named 'ArticleReportAbuse'
-          end
-          post ':id/report_abuse' do
-            article = find_article(environment.articles, params[:id])
-            profile = article.profile
-            begin
-              abuse_report = AbuseReport.new(:reason => params[:report_abuse])
-              if !params[:content_type].blank?
-                article = params[:content_type].constantize.find(params[:content_id])
-                abuse_report.content = article_reported_version(article)
-              end
-
-              current_person.register_report(abuse_report, profile)
-
-              if !params[:content_type].blank?
-                abuse_report = AbuseReport.find_by reporter_id: current_person.id, abuse_complaint_id: profile.opened_abuse_complaint.id
-                Delayed::Job.enqueue DownloadReportedImagesJob.new(abuse_report, article)
-              end
-
-              {
-                :success => true,
-                :message => _('Your abuse report was registered. The administrators are reviewing your report.'),
-              }
-            rescue Exception => exception
-              #logger.error(exception.to_s)
-              render_api_error!(_('Your report couldn\'t be saved due to some problem. Please contact the administrator.'), 400)
-            end
-
-          end
-
-          desc "Returns the articles I voted" do
-            detail 'Get the Articles I make a vote'
-            failure [[403, 'Forbidden']]
-            named 'ArticleFollowers'
-          end
-           #FIXME refactor this method
-          get 'voted_by_me' do
-            present_articles(current_person.votes.where(:voteable_type => 'Article').collect(&:voteable))
-          end
-
-          desc 'Perform a vote on a article by id' do
-            detail 'Vote on a specific article with values: 1 (if you like) or -1 (if not)'
-            params Noosfero::API::Entities::UserLogin.documentation
-            failure [[401,'Unauthorized']]
-            named 'ArticleVote'
-          end
-          post ':id/vote' do
-            authenticate!
-            value = (params[:value] || 1).to_i
-            # FIXME verify allowed values
-            render_api_error!('Vote value not allowed', 400) unless [-1, 1].include?(value)
-            article = find_article(environment.articles, params[:id])
-            begin
-              vote = Vote.new(:voteable => article, :voter => current_person, :vote => value)
-              {:vote => vote.save!}
-            rescue ActiveRecord::RecordInvalid => e
-              render_api_error!(e.message, 400)
-            end
-          end
-
-          desc "Returns the total followers for the article" do
-            detail 'Get the followers of a specific article by id'
-            failure [[403, 'Forbidden']]
-            named 'ArticleFollowers'
-          end
-          get ':id/followers' do
-            article = find_article(environment.articles, params[:id])
-            total = article.person_followers.count
-            {:total_followers => total}
-          end
-
-          desc "Return the articles followed by me"
-          get 'followed_by_me' do
-            present_articles_for_asset(current_person, 'following_articles')
-          end
-
-          desc "Add a follower for the article" do
-            detail 'Add the current user identified by private token, like a follower of a article'
-            params Noosfero::API::Entities::UserLogin.documentation
-            failure [[401, 'Unauthorized']]
-            named 'ArticleFollow'
-          end
-          post ':id/follow' do
-            authenticate!
-            article = find_article(environment.articles, params[:id])
-            if article.article_followers.exists?(:person_id => current_person.id)
-              {:success => false, :already_follow => true}
-            else
-              article_follower = ArticleFollower.new
-              article_follower.article = article
-              article_follower.person = current_person
-              article_follower.save!
-              {:success => true}
-            end
-          end
-
-          desc 'Return the children of a article identified by id' do
-            detail 'Get all children articles of a specific article'
-            params Noosfero::API::Entities::Article.documentation
-            failure [[403, 'Forbidden']]
-            named 'ArticleChildren'
-          end
-
-          paginate per_page: MAX_PER_PAGE, max_per_page: MAX_PER_PAGE
-          get ':id/children' do
-            article = find_article(environment.articles, params[:id])
-
-            #TODO make tests for this situation
-            votes_order = params.delete(:order) if params[:order]=='votes_score'
-            articles = select_filtered_collection_of(article, 'children', params)
-            articles = articles.display_filter(current_person, article.profile)
-
-            #TODO make tests for this situation
-            if votes_order
-              articles = articles.joins('left join votes on articles.id=votes.voteable_id').group('articles.id').reorder('sum(coalesce(votes.vote, 0)) DESC')
-            end
-            Article.hit(articles)
-            present_articles(articles)
-          end
-
-          desc 'Return one child of a article identified by id' do
-            detail 'Get a child of a specific article'
-            params Noosfero::API::Entities::Article.documentation
-            success Noosfero::API::Entities::Article
-            failure [[403, 'Forbidden']]
-            named 'ArticleChild'
-          end
-          get ':id/children/:child_id' do
-            article = find_article(environment.articles, params[:id])
-            child = find_article(article.children, params[:child_id])
-            child.hit
-            present_partial child, :with => Entities::Article
-          end
-
-          desc 'Suggest a article to another profile' do
-            detail 'Suggest a article to another profile (person, community...)'
-            params Noosfero::API::Entities::Article.documentation
-            success Noosfero::API::Entities::Task
-            failure [[401,'Unauthorized']]
-            named 'ArticleSuggest'
-          end
-          post ':id/children/suggest' do
-            authenticate!
-            parent_article = environment.articles.find(params[:id])
-
-            suggest_article = SuggestArticle.new
-            suggest_article.article = params[:article]
-            suggest_article.article[:parent_id] = parent_article.id
-            suggest_article.target = parent_article.profile
-            suggest_article.requestor = current_person
-
-            unless suggest_article.save
-              render_api_errors!(suggest_article.article_object.errors.full_messages)
-            end
-            present_partial suggest_article, :with => Entities::Task
-          end
-
-          # Example Request:
-          #  POST api/v1/articles/:id/children?private_token=234298743290432&article[name]=title&article[body]=body
-          desc 'Add a child article to a parent identified by id' do
-            detail 'Create a new article and associate to a parent'
-            params Noosfero::API::Entities::Article.documentation
-            success Noosfero::API::Entities::Article
-            failure [[401,'Unauthorized']]
-            named 'ArticleAddChild'
-          end
-          post ':id/children' do
-            parent_article = environment.articles.find(params[:id])
-            params[:article][:parent_id] = parent_article.id
-            post_article(parent_article.profile, params)
-          end
-        end
-
-        resource :profiles do
-          get ':id/home_page' do
-            profiles = environment.profiles
-            profiles = profiles.visible_for_person(current_person)
-            profile = profiles.find_by id: params[:id]
-            present_partial profile.home_page, :with => Entities::Article
-          end
-        end
-
-        kinds = %w[profile community person enterprise]
-        kinds.each do |kind|
-          resource kind.pluralize.to_sym do
-            segment "/:#{kind}_id" do
-              resource :articles do
-
-                desc "Return all articles associate with a profile of type #{kind}" do
-                  detail 'Get a list of articles of a profile'
-                  params Noosfero::API::Entities::Article.documentation
-                  success Noosfero::API::Entities::Article
-                  failure [[403, 'Forbidden']]
-                  named 'ArticlesOfProfile'
-                end
-                get do
-                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
-
-                  if params[:path].present?
-                    article = profile.articles.find_by path: params[:path]
-                    if !article || !article.display_to?(current_person)
-                      article = forbidden!
-                    end
-
-                    present_partial article, :with => Entities::Article
-                  else
-
-                    present_articles_for_asset(profile)
-                  end
-                end
-
-                desc "Return a article associate with a profile of type #{kind}" do
-                  detail 'Get only one article of a profile'
-                  params Noosfero::API::Entities::Article.documentation
-                  success Noosfero::API::Entities::Article
-                  failure [[403, 'Forbidden']]
-                  named 'ArticleOfProfile'
-                end
-                get ':id' do
-                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
-                  present_article(profile)
-                end
-
-                # Example Request:
-                #  POST api/v1/{people,communities,enterprises}/:asset_id/articles?private_token=234298743290432&article[name]=title&article[body]=body
-                desc "Add a new article associated with a profile of type #{kind}" do
-                  detail 'Create a new article and associate with a profile'
-                  params Noosfero::API::Entities::Article.documentation
-                  success Noosfero::API::Entities::Article
-                  failure [[403, 'Forbidden']]
-                  named 'ArticleCreateToProfile'
-                end
-                post do
-                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
-                  post_article(profile, params)
-                end
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end
@@ -1,17 +0,0 @@
-module Noosfero
-  module API
-    module V1
-
-      class Blocks < Grape::API
-        resource :blocks do
-          get ':id' do
-            block = Block.find(params["id"])
-            return forbidden! unless block.visible_to_user?(current_person)
-            present block, :with => Entities::Block, display_api_content: true
-          end
-        end
-      end
-
-    end
-  end
-end
@@ -1,46 +0,0 @@
-module Noosfero
-  module API
-    module V1
-
-      class Boxes < Grape::API
-
-        kinds = %w[profile community person enterprise]
-        kinds.each do |kind|
-
-          resource kind.pluralize.to_sym do
-
-            segment "/:#{kind}_id" do
-              resource :boxes do
-                get do
-                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
-                  present profile.boxes, :with => Entities::Box
-                end
-              end
-            end
-          end
-
-        end
-
-        resource :environments do
-          [ '/default', '/context', ':environment_id' ].each do |route|
-            segment route do
-              resource :boxes do
-                get do
-                  if (route.match(/default/))
-                    env = Environment.default
-                  elsif (route.match(/context/))
-                    env = environment
-                  else
-                    env = Environment.find(params[:environment_id])
-                  end
-                  present env.boxes, :with => Entities::Box
-                end
-              end
-            end
-          end
-        end
-      end
-
-    end
-  end
-end
@@ -1,27 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Categories < Grape::API
-
-        resource :categories do
-
-          get do
-            type = params[:category_type]
-            include_parent = params[:include_parent] == 'true'
-            include_children = params[:include_children] == 'true'
-
-            categories = type.nil? ?  environment.categories : environment.categories.where(:type => type)
-            present categories, :with => Entities::Category, parent: include_parent, children: include_children
-          end
-
-          desc "Return the category by id"
-          get ':id' do
-            present environment.categories.find(params[:id]), :with => Entities::Category, parent: true, children: true
-          end
-
-        end
-
-      end
-    end
-  end
-end
@@ -1,51 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Comments < Grape::API
-        MAX_PER_PAGE = 20
-
-
-        resource :articles do
-          paginate max_per_page: MAX_PER_PAGE
-          # Collect comments from articles
-          #
-          # Parameters:
-          #   reference_id     - comment id used as reference to collect comment
-          #   oldest           - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
-          #   limit            - amount of comments returned. The default value is 20
-          #
-          # Example Request:
-          #  GET /articles/12/comments?oldest&limit=10&reference_id=23
-          get ":id/comments" do
-            article = find_article(environment.articles, params[:id])
-            comments = select_filtered_collection_of(article, :comments, params)
-            comments = comments.without_spam
-            comments = comments.without_reply if(params[:without_reply].present?)
-            comments = plugins.filter(:unavailable_comments, comments)
-            present paginate(comments), :with => Entities::Comment, :current_person => current_person
-          end
-
-          get ":id/comments/:comment_id" do
-            article = find_article(environment.articles, params[:id])
-            present article.comments.find(params[:comment_id]), :with => Entities::Comment, :current_person => current_person
-          end
-
-          # Example Request:
-          #  POST api/v1/articles/12/comments?private_token=2298743290432&body=new comment&title=New
-          post ":id/comments" do
-            authenticate!
-            article = find_article(environment.articles, params[:id])
-            options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article)
-            begin
-              comment = Comment.create!(options)
-            rescue ActiveRecord::RecordInvalid => e
-              render_api_error!(e.message, 400)
-            end
-            present comment, :with => Entities::Comment, :current_person => current_person
-          end
-        end
-
-      end
-    end
-  end
-end
@@ -1,84 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Communities < Grape::API
-
-        resource :communities do
-
-          # Collect comments from articles
-          #
-          # Parameters:
-          #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
-          #   oldest           - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
-          #   limit            - amount of comments returned. The default value is 20
-          #
-          # Example Request:
-          #  GET /communities?from=2013-04-04-14:41:43&until=2014-04-04-14:41:43&limit=10
-          #  GET /communities?reference_id=10&limit=10&oldest
-          get do
-            communities = select_filtered_collection_of(environment, 'communities', params)
-            communities = profiles_for_person(communities, current_person)
-            communities = communities.by_location(params) # Must be the last. May return Exception obj
-            present communities, :with => Entities::Community, :current_person => current_person
-          end
-
-
-          # Example Request:
-          #  POST api/v1/communties?private_token=234298743290432&community[name]=some_name
-          #  for each custom field for community, add &community[field_name]=field_value to the request
-          post do
-            authenticate!
-            params[:community] ||= {}
-
-            params[:community][:custom_values]={}
-            params[:community].keys.each do |key|
-              params[:community][:custom_values][key]=params[:community].delete(key) if Community.custom_fields(environment).any?{|cf| cf.name==key}
-            end
-
-            begin
-              community = Community.create_after_moderation(current_person, params[:community].merge({:environment => environment}))
-            rescue
-              community = Community.new(params[:community])
-            end
-
-            if !community.save
-              render_api_errors!(community.errors.full_messages)
-            end
-
-            present community, :with => Entities::Community, :current_person => current_person
-          end
-
-          get ':id' do
-            community = profiles_for_person(environment.communities, current_person).find_by_id(params[:id])
-            present community, :with => Entities::Community, :current_person => current_person
-          end
-
-        end
-
-        resource :people do
-
-          segment '/:person_id' do
-
-            resource :communities do
-
-              get do
-                person = environment.people.find(params[:person_id])
-
-                not_found! if person.blank?
-                forbidden! if !person.display_info_to?(current_person)
-
-                communities = select_filtered_collection_of(person, 'communities', params)
-                communities = communities.visible
-                present communities, :with => Entities::Community, :current_person => current_person
-              end
-
-            end
-
-          end
-
-        end
-
-      end
-    end
-  end
-end
@@ -1,28 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Contacts < Grape::API
-
-        resource :communities do
-
-          resource ':id/contact' do
-            #contact => {:name => 'some name', :email => 'test@mail.com', :subject => 'some title', :message => 'some message'}
-            desc "Send a contact message"
-            post do
-              profile = environment.communities.find(params[:id])
-              forbidden! unless profile.present?
-              contact = Contact.new params[:contact].merge(dest: profile)
-              if contact.deliver
-                {:success => true}
-              else
-                {:success => false}
-              end
-            end
-
-          end
-        end
-
-      end
-    end
-  end
-end
@@ -1,57 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Enterprises < Grape::API
-
-        resource :enterprises do
-
-          # Collect enterprises from environment
-          #
-          # Parameters:
-          #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
-          #   oldest           - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
-          #   limit            - amount of comments returned. The default value is 20
-          #   georef params    - read `Profile.by_location` for more information.
-          #
-          # Example Request:
-          #  GET /enterprises?from=2013-04-04-14:41:43&until=2014-04-04-14:41:43&limit=10
-          #  GET /enterprises?reference_id=10&limit=10&oldest
-          get do
-            enterprises = select_filtered_collection_of(environment, 'enterprises', params)
-            enterprises = enterprises.visible
-            enterprises = enterprises.by_location(params) # Must be the last. May return Exception obj.
-            present enterprises, :with => Entities::Enterprise, :current_person => current_person
-          end
-
-          desc "Return one enterprise by id"
-          get ':id' do
-            enterprise = environment.enterprises.visible.find_by(id: params[:id])
-            present enterprise, :with => Entities::Enterprise, :current_person => current_person
-          end
-
-        end
-
-        resource :people do
-
-          segment '/:person_id' do
-
-            resource :enterprises do
-
-              get do
-                person = environment.people.find(params[:person_id])
-                enterprises = select_filtered_collection_of(person, 'enterprises', params)
-                enterprises = enterprises.visible.by_location(params)
-                present enterprises, :with => Entities::Enterprise, :current_person => current_person
-              end
-
-            end
-
-          end
-
-        end
-
-
-      end
-    end
-  end
-end
@@ -1,30 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Environments < Grape::API
-  
-        resource :environment do
-  
-          desc "Return the person information"
-          get '/signup_person_fields' do
-            present environment.signup_person_fields
-          end
-
-          get ':id' do
-            local_environment = nil
-            if (params[:id] == "default")
-              local_environment = Environment.default
-            elsif (params[:id] == "context")
-              local_environment = environment
-            else
-              local_environment = Environment.find(params[:id])
-            end
-            present_partial local_environment, :with => Entities::Environment, :is_admin => is_admin?(local_environment)
-          end
-
-        end
-  
-      end
-    end
-  end
-end
@@ -1,129 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class People < Grape::API
-
-        MAX_PER_PAGE = 50
-
-        desc 'API Root'
-
-        resource :people do
-          paginate max_per_page: MAX_PER_PAGE
-
-          # -- A note about privacy --
-          # We wold find people by location, but we must test if the related
-          # fields are public. We can't do it now, with SQL, while the location
-          # data and the fields_privacy are a serialized settings.
-          # We must build a new table for profile data, where we can set meta-data
-          # like:
-          # | id | profile_id | key  | value    | privacy_level | source    |
-          # |  1 |         99 | city | Salvador | friends       | user      |
-          # |  2 |         99 | lng  |  -38.521 | me only       | automatic |
-
-          # Collect people from environment
-          #
-          # Parameters:
-          #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
-          #   oldest           - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
-          #   limit            - amount of comments returned. The default value is 20
-          #
-          # Example Request:
-          #  GET /people?from=2013-04-04-14:41:43&until=2014-04-04-14:41:43&limit=10
-          #  GET /people?reference_id=10&limit=10&oldest
-
-          desc "Find environment's people"
-          get do
-            people = select_filtered_collection_of(environment, 'people', params)
-            people = people.visible
-            present_partial people, :with => Entities::Person, :current_person => current_person
-          end
-
-          desc "Return the logged user information"
-          get "/me" do
-            authenticate!
-            present_partial current_person, :with => Entities::Person, :current_person => current_person
-          end
-
-          desc "Return the person information"
-          get ':id' do
-            person = environment.people.visible.find_by(id: params[:id])
-            return not_found! if person.blank?
-            present person, :with => Entities::Person, :current_person => current_person
-          end
-
-          desc "Update person information"
-          post ':id' do
-            authenticate!
-            return forbidden! if current_person.id.to_s != params[:id]
-            current_person.update_attributes!(asset_with_image(params[:person]))
-            present current_person, :with => Entities::Person, :current_person => current_person
-          end
-          
-          #  POST api/v1/people?person[login]=some_login&person[password]=some_password&person[name]=Jack
-          #  for each custom field for person, add &person[field_name]=field_value to the request
-          desc "Create person"
-          post do
-            authenticate!
-            user_data = {}
-            user_data[:login] = params[:person].delete(:login) || params[:person][:identifier]
-            user_data[:email] = params[:person].delete(:email)
-            user_data[:password] = params[:person].delete(:password)
-            user_data[:password_confirmation] = params[:person].delete(:password_confirmation)
-
-            params[:person][:custom_values]={}
-            params[:person].keys.each do |key|
-              params[:person][:custom_values][key]=params[:person].delete(key) if Person.custom_fields(environment).any?{|cf| cf.name==key}
-            end
-
-            user = User.build(user_data, asset_with_image(params[:person]), environment)
-
-            begin
-              user.signup!
-            rescue ActiveRecord::RecordInvalid
-              render_api_errors!(user.errors.full_messages)
-            end
-
-            present user.person, :with => Entities::Person, :current_person => user.person
-          end
-
-          desc "Return the person friends"
-          get ':id/friends' do
-            person = environment.people.visible.find_by(id: params[:id])
-            return not_found! if person.blank?
-            friends = person.friends.visible
-            present friends, :with => Entities::Person, :current_person => current_person
-          end
-
-          desc "Return the person permissions on other profiles"
-          get ":id/permissions" do
-            authenticate!
-            person = environment.people.find(params[:id])
-            return not_found! if person.blank?
-            return forbidden! unless current_person == person || environment.admins.include?(current_person)
-
-            output = {}
-            person.role_assignments.map do |role_assigment|
-              if role_assigment.resource.respond_to?(:identifier)
-                output[role_assigment.resource.identifier] = role_assigment.role.permissions
-              end
-            end
-            present output
-          end
-        end
-
-        resource :profiles do
-          segment '/:profile_id' do
-            resource :members do
-              paginate max_per_page: MAX_PER_PAGE
-              get do
-                profile = environment.profiles.find_by id: params[:profile_id]
-                members = select_filtered_collection_of(profile, 'members', params)
-                present members, :with => Entities::Person, :current_person => current_person
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end
@@ -1,44 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Profiles < Grape::API
-
-        resource :profiles do
-
-          get do
-            profiles = select_filtered_collection_of(environment, 'profiles', params)
-            profiles = profiles.visible
-            profiles = profiles.by_location(params) # Must be the last. May return Exception obj.
-            present profiles, :with => Entities::Profile, :current_person => current_person
-          end
-
-          get ':id' do
-            profiles = environment.profiles
-            profiles = profiles.visible
-            profile = profiles.find_by id: params[:id]
-
-            if profile
-              present profile, :with => Entities::Profile, :current_person => current_person
-            else
-              not_found!
-            end
-          end
-
-          delete ':id' do
-            authenticate!
-            profiles = environment.profiles
-            profile = profiles.find_by id: params[:id]
-
-            not_found! if profile.blank?
-
-            if current_person.has_permission?(:destroy_profile, profile)
-              profile.destroy
-            else
-              forbidden!
-            end
-          end
-        end
-      end
-    end
-  end
-end
@@ -1,39 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Search < Grape::API
-
-        resource :search do
-          resource :article do
-            paginate max_per_page: 200
-            get do
-              # Security checks
-              sanitize_params_hash(params)
-              # APIHelpers
-              asset = :articles
-              context = environment
-
-              profile = environment.profiles.find(params[:profile_id]) if params[:profile_id]
-              scope = profile.nil? ? environment.articles.is_public : profile.articles.is_public
-              scope = scope.where(:type => params[:type]) if params[:type] && !(params[:type] == 'Article')
-              scope = scope.where(make_conditions_with_parameter(params))
-              scope = scope.joins(:categories).where(:categories => {:id => params[:category_ids]}) if params[:category_ids].present?
-              scope = scope.where('articles.children_count > 0') if params[:has_children].present?
-              query = params[:query] || ""
-              order = "more_recent"
-
-              options = {:filter => order, :template_id => params[:template_id]}
-
-              search_result = find_by_contents(asset, context, scope, query, {:page => 1}, options)
-
-              articles = search_result[:results]
-
-              present_articles(articles)
-            end
-          end
-        end
-
-      end
-    end
-  end
-end
@@ -1,28 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Tags < Grape::API
-        before { authenticate! }
-
-        resource :articles do
-
-          resource ':id/tags' do
-
-            get do
-              article = find_article(environment.articles, params[:id])
-              present article.tag_list
-            end
-
-            desc "Add a tag to an article"
-            post do
-              article = find_article(environment.articles, params[:id])
-              article.tag_list=params[:tags]
-              article.save
-              present article.tag_list
-            end
-          end
-        end
-      end
-    end
-  end
-end
@@ -1,59 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Tasks < Grape::API
-#        before { authenticate! }
-
-#        ARTICLE_TYPES = Article.descendants.map{|a| a.to_s}
-
-        resource :tasks do
-
-          # Collect tasks
-          #
-          # Parameters:
-          #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
-          #   oldest           - Collect the oldest articles. If nothing is passed the newest articles are collected
-          #   limit            - amount of articles returned. The default value is 20
-          #
-          # Example Request:
-          #  GET host/api/v1/tasks?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317
-          get do
-            tasks = select_filtered_collection_of(environment, 'tasks', params)
-            tasks = tasks.select {|t| current_person.has_permission?(t.permission, environment)}
-            present_partial tasks, :with => Entities::Task
-          end
-
-          desc "Return the task id"
-          get ':id' do
-            task = find_task(environment, params[:id])
-            present_partial task, :with => Entities::Task
-          end
-        end
-
-        kinds = %w[community person enterprise]
-        kinds.each do |kind|
-          resource kind.pluralize.to_sym do
-            segment "/:#{kind}_id" do
-              resource :tasks do
-                get do
-                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
-                  present_tasks(profile)
-                end
-
-                get ':id' do
-                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
-                  present_task(profile)
-                end
-
-                post do
-                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
-                  post_task(profile, params)
-                end
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end
@@ -1,45 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Users < Grape::API
-
-        resource :users do
-
-          get do
-            users = select_filtered_collection_of(environment, 'users', params)
-            users = users.select{|u| u.person.display_info_to? current_person}
-            present users, :with => Entities::User, :current_person => current_person
-          end
-
-          get "/me" do
-            authenticate!
-            present current_user, :with => Entities::User, :current_person => current_person
-          end
-
-          get ":id" do
-            user = environment.users.find_by id: params[:id]
-            if user
-              present user, :with => Entities::User, :current_person => current_person
-            else
-              not_found!
-            end
-          end
-
-          get ":id/permissions" do
-            authenticate!
-            user = environment.users.find(params[:id])
-            output = {}
-            user.person.role_assignments.map do |role_assigment|
-              if role_assigment.resource.respond_to?(:identifier) && role_assigment.resource.identifier == params[:profile]
-                output[:permissions] = role_assigment.role.permissions
-              end
-            end
-            present output
-          end
-
-        end
-
-      end
-    end
-  end
-end
 desc "Print out grape routes"
 task :grape_routes => :environment do
   #require 'api/api.rb'
-  Noosfero::API::API.routes.each do |route|
+  Api::App.routes.each do |route|
     puts route
     method = route.route_method
     path = route.route_path
+# Can't be called Api as will result in:
+# warning: toplevel constant Api referenced by CommentParagraphPlugin::Api
+# To fix this CommentParagraphPlugin should be a module
 class CommentParagraphPlugin::API < Grape::API
   MAX_PER_PAGE = 20
@@ -9,7 +12,7 @@ class CommentParagraphPlugin::API &lt; Grape::API
       comments = comments.without_spam
       comments = comments.in_paragraph(params[:paragraph_uuid])
       comments = comments.without_reply if(params[:without_reply].present?)
-      present paginate(comments), :with => Noosfero::API::Entities::Comment, :current_person => current_person
+      present paginate(comments), :with => Api::Entities::Comment, :current_person => current_person
     end
     {activate: true, deactivate: false}.each do |method, value|
@@ -19,7 +22,7 @@ class CommentParagraphPlugin::API &lt; Grape::API
         return forbidden! unless article.comment_paragraph_plugin_enabled? && article.allow_edit?(current_person)
         article.comment_paragraph_plugin_activate = value
         article.save!
-        present_partial article, :with => Noosfero::API::Entities::Article
+        present_partial article, :with => Api::Entities::Article
       end
     end
-require File.join(Rails.root,'lib','noosfero','api','entities')
-module Noosfero
-  module API
-    module Entities
-      class Comment < CommentBase
-        expose :paragraph_uuid
-        expose :comment_paragraph_selected_area
-        expose :comment_paragraph_selected_content
-      end
+require_dependency 'api/entities'
+
+module Api
+  module Entities
+    class Comment
+      expose :paragraph_uuid
+      expose :comment_paragraph_selected_area
+      expose :comment_paragraph_selected_content
     end
   end
 end
@@ -39,7 +39,7 @@ class PushNotificationPlugin &lt; Noosfero::Plugin
   end
   def self.api_mount_points
-    [PushNotificationPlugin::API]
+    [PushNotificationPlugin::Api]
   end
   def self.plugin_description
-require File.dirname(__FILE__) + '/../../../../../lib/noosfero/api/helpers'
+require_dependency 'api/helpers'
 require_relative 'api_entities'
-class PushNotificationPlugin::API < Grape::API
+class PushNotificationPlugin::Api < Grape::API
-  include Noosfero::API::APIHelpers
+  include Api::Helpers
   resource :push_notification_plugin do
 module PushNotificationPlugin::Entities
-  class DeviceUser < Noosfero::API::Entities::User
+  class DeviceUser < Api::Entities::User
     expose :device_token_list, :as => :device_tokens
     expose :notification_settings do |user, options|
       user.notification_settings.hash_flags
@@ -50,7 +50,7 @@ class RecentContentBlock &lt; Block
   def api_content
     children = self.articles_of_folder(self.root, self.total_items)
-    Noosfero::API::Entities::ArticleBase.represent(children).as_json
+    Api::Entities::ArticleBase.represent(children).as_json
   end
   def display_api_content_by_default?
-require File.join(Rails.root,'lib','noosfero','api','entities')
-module Noosfero
-  module API
-    module Entities
-      class Block < Entity
-        available_counters = (StatisticsBlock::USER_COUNTERS + StatisticsBlock::COMMUNITY_COUNTERS + StatisticsBlock::ENTERPRISE_COUNTERS).uniq
-        expose :statistics, :if => lambda { |block, options| block.is_a? StatisticsBlock } do |block, options|
-          statistics = []
-          available_counters.each do |counter_attr|
-            counter_method = counter_attr.to_s.gsub('_counter','').pluralize.to_sym
-            counter = {
-                name:  counter_method,
-                display: block.is_counter_available?(counter_attr) && block.is_visible?(counter_attr),
-                quantity: (block.respond_to?(counter_method) && block.is_visible?(counter_attr)) ? block.send(counter_method) :  nil
-            }
-            statistics << counter
-          end
-          statistics
-        end
+require_dependency 'api/entities'
+module Api
+  module Entities
+    class Block
+      available_counters = (StatisticsBlock::USER_COUNTERS + StatisticsBlock::COMMUNITY_COUNTERS + StatisticsBlock::ENTERPRISE_COUNTERS).uniq
+      expose :statistics, :if => lambda { |block, options| block.is_a? StatisticsBlock } do |block, options|
+        statistics = []
+        available_counters.each do |counter_attr|
+          counter_method = counter_attr.to_s.gsub('_counter','').pluralize.to_sym
+          counter = {
+              name:  counter_method,
+              display: block.is_counter_available?(counter_attr) && block.is_visible?(counter_attr),
+              quantity: (block.respond_to?(counter_method) && block.is_visible?(counter_attr)) ? block.send(counter_method) :  nil
+          }
+          statistics << counter
+        end
+        statistics
       end
+
     end
   end
 end
-
 require_relative 'test_helper'
-class MyPlugin < Noosfero::Plugin;end
-class MyPlugin::API;end
+class MyPlugin < Noosfero::Plugin; end
+class MyPlugin::Api; end
-class APITest < ActiveSupport::TestCase
+class ApiTest < ActiveSupport::TestCase
   should 'endpoint should not be available if its plugin is unavailable' do
     endpoint = mock()
     environment = Environment.default
     environment.stubs(:plugin_enabled?).returns(false)
-    endpoint.stubs(:options).returns({:for => MyPlugin::API})
+    endpoint.stubs(:options).returns({:for => MyPlugin::Api})
-    assert Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
+    assert Api::App.endpoint_unavailable?(endpoint, environment)
   end
   should 'endpoint should be available if its plugin is available' do
-    class MyPlugin < Noosfero::Plugin;end
-    class MyPlugin::API;end
-
     endpoint = mock()
     environment = Environment.default
     environment.stubs(:plugin_enabled?).returns(true)
-    endpoint.stubs(:options).returns({:for => MyPlugin::API})
+    endpoint.stubs(:options).returns({:for => MyPlugin::Api})
-    assert !Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
+    assert !Api::App.endpoint_unavailable?(endpoint, environment)
   end
 end
 require_relative 'test_helper'
-require "base64"
-require 'noosfero/api/helpers'
+require 'base64'
-class APIHelpersTest < ActiveSupport::TestCase
+class Api::HelpersTest < ActiveSupport::TestCase
-  include Noosfero::API::APIHelpers
+  include Api::Helpers
   def setup
     create_and_activate_user
@@ -206,7 +205,7 @@ class APIHelpersTest &lt; ActiveSupport::TestCase
   end
   should 'render not_found if endpoint is unavailable' do
-    Noosfero::API::API.stubs(:endpoint_unavailable?).returns(true)
+    Api::App.stubs(:endpoint_unavailable?).returns(true)
     self.expects(:not_found!)
     filter_disabled_plugins_endpoints
@@ -8,7 +8,7 @@ class ActiveSupport::TestCase
   USER_LOGIN = "testapi"
   def app
-    Noosfero::API::API
+    Api::App
   end
   def create_and_activate_user
@@ -0,0 +1,89 @@		@@ -0,0 +1,89 @@
	1	+require_dependency 'api/helpers'
	2	+
	3	+module Api
	4	+ class App < Grape::API
	5	+ use Rack::JSONP
	6	+
	7	+ logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] \|\| 'production'}_api.log"))
	8	+ logger.formatter = GrapeLogging::Formatters::Default.new
	9	+ #use GrapeLogging::Middleware::RequestLogger, { logger: logger }
	10	+
	11	+ rescue_from :all do \|e\|
	12	+ logger.error e
	13	+ error! e.message, 500
	14	+ end unless Rails.env.test?
	15	+
	16	+ @@NOOSFERO_CONF = nil
	17	+ def self.NOOSFERO_CONF
	18	+ if @@NOOSFERO_CONF
	19	+ @@NOOSFERO_CONF
	20	+ else
	21	+ file = Rails.root.join('config', 'noosfero.yml')
	22	+ @@NOOSFERO_CONF = File.exists?(file) ? YAML.load_file(file)[Rails.env] \|\| {} : {}
	23	+ end
	24	+ end
	25	+
	26	+ before { set_locale }
	27	+ before { setup_multitenancy }
	28	+ before { detect_stuff_by_domain }
	29	+ before { filter_disabled_plugins_endpoints }
	30	+ before { init_noosfero_plugins }
	31	+ after { set_session_cookie }
	32	+
	33	+ version 'v1'
	34	+ prefix [ENV['RAILS_RELATIVE_URL_ROOT'], "api"].compact.join('/')
	35	+ format :json
	36	+ content_type :txt, "text/plain"
	37	+
	38	+ helpers Helpers
	39	+
	40	+ mount V1::Session
	41	+ mount V1::Articles
	42	+ mount V1::Comments
	43	+ mount V1::Users
	44	+ mount V1::Communities
	45	+ mount V1::People
	46	+ mount V1::Enterprises
	47	+ mount V1::Categories
	48	+ mount V1::Tasks
	49	+ mount V1::Tags
	50	+ mount V1::Environments
	51	+ mount V1::Search
	52	+ mount V1::Contacts
	53	+ mount V1::Boxes
	54	+ mount V1::Blocks
	55	+ mount V1::Profiles
	56	+ mount V1::Activities
	57	+
	58	+ # hook point which allow plugins to add Grape::API extensions to Api::App
	59	+ #finds for plugins which has api mount points classes defined (the class should extends Grape::API)
	60	+ @plugins = Noosfero::Plugin.all.map { \|p\| p.constantize }
	61	+ @plugins.each do \|klass\|
	62	+ if klass.public_methods.include? :api_mount_points
	63	+ klass.api_mount_points.each do \|mount_class\|
	64	+ mount mount_class if mount_class && ( mount_class < Grape::API )
	65	+ end
	66	+ end
	67	+ end
	68	+
	69	+ def self.endpoint_unavailable?(endpoint, environment)
	70	+ api_class = endpoint.options[:app] \|\| endpoint.options[:for]
	71	+ if api_class.present?
	72	+ klass = api_class.name.deconstantize.constantize
	73	+ return klass < Noosfero::Plugin && !environment.plugin_enabled?(klass)
	74	+ end
	75	+ end
	76	+
	77	+ class << self
	78	+ def endpoints_with_plugins(environment = nil)
	79	+ if environment.present?
	80	+ cloned_endpoints = endpoints_without_plugins.dup
	81	+ cloned_endpoints.delete_if { \|endpoint\| endpoint_unavailable?(endpoint, environment) }
	82	+ else
	83	+ endpoints_without_plugins
	84	+ end
	85	+ end
	86	+ alias_method_chain :endpoints, :plugins
	87	+ end
	88	+ end
	89	+end
@@ -0,0 +1,267 @@		@@ -0,0 +1,267 @@
	1	+module Api
	2	+ module Entities
	3	+
	4	+ Entity.format_with :timestamp do \|date\|
	5	+ date.strftime('%Y/%m/%d %H:%M:%S') if date
	6	+ end
	7	+
	8	+ PERMISSIONS = {
	9	+ :admin => 0,
	10	+ :self => 10,
	11	+ :private_content => 20,
	12	+ :logged_user => 30,
	13	+ :anonymous => 40
	14	+ }
	15	+
	16	+ def self.can_display_profile_field? profile, options, permission_options={}
	17	+ permissions={:field => "", :permission => :private_content}
	18	+ permissions.merge!(permission_options)
	19	+ field = permissions[:field]
	20	+ permission = permissions[:permission]
	21	+ return true if profile.public? && profile.public_fields.map{\|f\| f.to_sym}.include?(field.to_sym)
	22	+
	23	+ current_person = options[:current_person]
	24	+
	25	+ current_permission = if current_person.present?
	26	+ if current_person.is_admin?
	27	+ :admin
	28	+ elsif current_person == profile
	29	+ :self
	30	+ elsif profile.display_private_info_to?(current_person)
	31	+ :private_content
	32	+ else
	33	+ :logged_user
	34	+ end
	35	+ else
	36	+ :anonymous
	37	+ end
	38	+ PERMISSIONS[current_permission] <= PERMISSIONS[permission]
	39	+ end
	40	+
	41	+ class Image < Entity
	42	+ root 'images', 'image'
	43	+
	44	+ expose :url do \|image, options\|
	45	+ image.public_filename
	46	+ end
	47	+
	48	+ expose :icon_url do \|image, options\|
	49	+ image.public_filename(:icon)
	50	+ end
	51	+
	52	+ expose :minor_url do \|image, options\|
	53	+ image.public_filename(:minor)
	54	+ end
	55	+
	56	+ expose :portrait_url do \|image, options\|
	57	+ image.public_filename(:portrait)
	58	+ end
	59	+
	60	+ expose :thumb_url do \|image, options\|
	61	+ image.public_filename(:thumb)
	62	+ end
	63	+ end
	64	+
	65	+ class CategoryBase < Entity
	66	+ root 'categories', 'category'
	67	+ expose :name, :id, :slug
	68	+ end
	69	+
	70	+ class Category < CategoryBase
	71	+ root 'categories', 'category'
	72	+ expose :full_name do \|category, options\|
	73	+ category.full_name
	74	+ end
	75	+ expose :parent, :using => CategoryBase, if: { parent: true }
	76	+ expose :children, :using => CategoryBase, if: { children: true }
	77	+ expose :image, :using => Image
	78	+ expose :display_color
	79	+ end
	80	+
	81	+ class Region < Category
	82	+ root 'regions', 'region'
	83	+ expose :parent_id
	84	+ end
	85	+
	86	+ class Block < Entity
	87	+ root 'blocks', 'block'
	88	+ expose :id, :type, :settings, :position, :enabled
	89	+ expose :mirror, :mirror_block_id, :title
	90	+ expose :api_content, if: lambda { \|object, options\| options[:display_api_content] \|\| object.display_api_content_by_default? }
	91	+ end
	92	+
	93	+ class Box < Entity
	94	+ root 'boxes', 'box'
	95	+ expose :id, :position
	96	+ expose :blocks, :using => Block
	97	+ end
	98	+
	99	+ class Profile < Entity
	100	+ expose :identifier, :name, :id
	101	+ expose :created_at, :format_with => :timestamp
	102	+ expose :updated_at, :format_with => :timestamp
	103	+ expose :additional_data do \|profile, options\|
	104	+ hash ={}
	105	+ profile.public_values.each do \|value\|
	106	+ hash[value.custom_field.name]=value.value
	107	+ end
	108	+
	109	+ private_values = profile.custom_field_values - profile.public_values
	110	+ private_values.each do \|value\|
	111	+ if Entities.can_display_profile_field?(profile,options)
	112	+ hash[value.custom_field.name]=value.value
	113	+ end
	114	+ end
	115	+ hash
	116	+ end
	117	+ expose :image, :using => Image
	118	+ expose :region, :using => Region
	119	+ expose :type
	120	+ expose :custom_header
	121	+ expose :custom_footer
	122	+ end
	123	+
	124	+ class UserBasic < Entity
	125	+ expose :id
	126	+ expose :login
	127	+ end
	128	+
	129	+ class Person < Profile
	130	+ root 'people', 'person'
	131	+ expose :user, :using => UserBasic, documentation: {type: 'User', desc: 'The user data of a person' }
	132	+ expose :vote_count
	133	+ expose :comments_count do \|person, options\|
	134	+ person.comments.count
	135	+ end
	136	+ expose :following_articles_count do \|person, options\|
	137	+ person.following_articles.count
	138	+ end
	139	+ expose :articles_count do \|person, options\|
	140	+ person.articles.count
	141	+ end
	142	+ end
	143	+
	144	+ class Enterprise < Profile
	145	+ root 'enterprises', 'enterprise'
	146	+ end
	147	+
	148	+ class Community < Profile
	149	+ root 'communities', 'community'
	150	+ expose :description
	151	+ expose :admins, :if => lambda { \|community, options\| community.display_info_to? options[:current_person]} do \|community, options\|
	152	+ community.admins.map{\|admin\| {"name"=>admin.name, "id"=>admin.id, "username" => admin.identifier}}
	153	+ end
	154	+ expose :categories, :using => Category
	155	+ expose :members, :using => Person , :if => lambda{ \|community, options\| community.display_info_to? options[:current_person] }
	156	+ end
	157	+
	158	+ class CommentBase < Entity
	159	+ expose :body, :title, :id
	160	+ expose :created_at, :format_with => :timestamp
	161	+ expose :author, :using => Profile
	162	+ expose :reply_of, :using => CommentBase
	163	+ end
	164	+
	165	+ class Comment < CommentBase
	166	+ root 'comments', 'comment'
	167	+ expose :children, as: :replies, :using => Comment
	168	+ end
	169	+
	170	+ class ArticleBase < Entity
	171	+ root 'articles', 'article'
	172	+ expose :id
	173	+ expose :body
	174	+ expose :abstract, documentation: {type: 'String', desc: 'Teaser of the body'}
	175	+ expose :created_at, :format_with => :timestamp
	176	+ expose :updated_at, :format_with => :timestamp
	177	+ expose :title, :documentation => {:type => "String", :desc => "Title of the article"}
	178	+ expose :created_by, :as => :author, :using => Profile, :documentation => {type: 'Profile', desc: 'The profile author that create the article'}
	179	+ expose :profile, :using => Profile, :documentation => {type: 'Profile', desc: 'The profile associated with the article'}
	180	+ expose :categories, :using => Category
	181	+ expose :image, :using => Image
	182	+ expose :votes_for
	183	+ expose :votes_against
	184	+ expose :setting
	185	+ expose :position
	186	+ expose :hits
	187	+ expose :start_date
	188	+ expose :end_date, :documentation => {type: 'DateTime', desc: 'The date of finish of the article'}
	189	+ expose :tag_list
	190	+ expose :children_count
	191	+ expose :slug, :documentation => {:type => "String", :desc => "Trimmed and parsed name of a article"}
	192	+ expose :path
	193	+ expose :followers_count
	194	+ expose :votes_count
	195	+ expose :comments_count
	196	+ expose :archived, :documentation => {:type => "Boolean", :desc => "Defines if a article is readonly"}
	197	+ expose :type
	198	+ expose :comments, using: CommentBase, :if => lambda{\|obj,opt\| opt[:params] && ['1','true',true].include?(opt[:params][:show_comments])}
	199	+ expose :published
	200	+ expose :accept_comments?, as: :accept_comments
	201	+ end
	202	+
	203	+ class Article < ArticleBase
	204	+ root 'articles', 'article'
	205	+ expose :parent, :using => ArticleBase
	206	+ expose :children, :using => ArticleBase do \|article, options\|
	207	+ article.children.published.limit(V1::Articles::MAX_PER_PAGE)
	208	+ end
	209	+ end
	210	+
	211	+ class User < Entity
	212	+ root 'users', 'user'
	213	+
	214	+ attrs = [:id,:login,:email,:activated?]
	215	+ aliases = {:activated? => :activated}
	216	+
	217	+ attrs.each do \|attribute\|
	218	+ name = aliases.has_key?(attribute) ? aliases[attribute] : attribute
	219	+ expose attribute, :as => name, :if => lambda{\|user,options\| Entities.can_display_profile_field?(user.person, options, {:field => attribute})}
	220	+ end
	221	+
	222	+ expose :person, :using => Person, :if => lambda{\|user,options\| user.person.display_info_to? options[:current_person]}
	223	+ expose :permissions, :if => lambda{\|user,options\| Entities.can_display_profile_field?(user.person, options, {:field => :permissions, :permission => :self})} do \|user, options\|
	224	+ output = {}
	225	+ user.person.role_assignments.map do \|role_assigment\|
	226	+ if role_assigment.resource.respond_to?(:identifier) && !role_assigment.role.nil?
	227	+ output[role_assigment.resource.identifier] = role_assigment.role.permissions
	228	+ end
	229	+ end
	230	+ output
	231	+ end
	232	+ end
	233	+
	234	+ class UserLogin < User
	235	+ root 'users', 'user'
	236	+ expose :private_token, documentation: {type: 'String', desc: 'A valid authentication code for post/delete api actions'}, if: lambda {\|object, options\| object.activated? }
	237	+ end
	238	+
	239	+ class Task < Entity
	240	+ root 'tasks', 'task'
	241	+ expose :id
	242	+ expose :type
	243	+ end
	244	+
	245	+ class Environment < Entity
	246	+ expose :name
	247	+ expose :id
	248	+ expose :description
	249	+ expose :settings, if: lambda { \|instance, options\| options[:is_admin] }
	250	+ end
	251	+
	252	+ class Tag < Entity
	253	+ root 'tags', 'tag'
	254	+ expose :name
	255	+ end
	256	+
	257	+ class Activity < Entity
	258	+ root 'activities', 'activity'
	259	+ expose :id, :params, :verb, :created_at, :updated_at, :comments_count, :visible
	260	+ expose :user, :using => Profile
	261	+ expose :target do \|activity, opts\|
	262	+ type_map = {Profile => ::Profile, ArticleBase => ::Article}.find {\|h\| activity.target.kind_of?(h.last)}
	263	+ type_map.first.represent(activity.target) unless type_map.nil?
	264	+ end
	265	+ end
	266	+ end
	267	+end
@@ -0,0 +1,27 @@		@@ -0,0 +1,27 @@
	1	+module Api
	2	+ class Entity < Grape::Entity
	3	+
	4	+ def initialize(object, options = {})
	5	+ object = nil if object.is_a? Exception
	6	+ super object, options
	7	+ end
	8	+
	9	+ def self.represent(objects, options = {})
	10	+ if options[:has_exception]
	11	+ data = super objects, options.merge(is_inner_data: true)
	12	+ if objects.is_a? Exception
	13	+ data.merge ok: false, error: {
	14	+ type: objects.class.name,
	15	+ message: objects.message
	16	+ }
	17	+ else
	18	+ data = data.serializable_hash if data.is_a? Entity
	19	+ data.merge ok: true, error: { type: 'Success', message: '' }
	20	+ end
	21	+ else
	22	+ super objects, options
	23	+ end
	24	+ end
	25	+
	26	+ end
	27	+end
@@ -0,0 +1,421 @@		@@ -0,0 +1,421 @@
	1	+require 'base64'
	2	+require 'tempfile'
	3	+
	4	+module Api
	5	+ module Helpers
	6	+ PRIVATE_TOKEN_PARAM = :private_token
	7	+ DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id, :identifier, :archived]
	8	+
	9	+ include SanitizeParams
	10	+ include Noosfero::Plugin::HotSpot
	11	+ include ForgotPasswordHelper
	12	+ include SearchTermHelper
	13	+
	14	+ def set_locale
	15	+ I18n.locale = (params[:lang] \|\| request.env['HTTP_ACCEPT_LANGUAGE'] \|\| 'en')
	16	+ end
	17	+
	18	+ def init_noosfero_plugins
	19	+ plugins
	20	+ end
	21	+
	22	+ def current_user
	23	+ private_token = (params[PRIVATE_TOKEN_PARAM] \|\| headers['Private-Token']).to_s
	24	+ @current_user \|\|= User.find_by private_token: private_token
	25	+ @current_user \|\|= plugins.dispatch("api_custom_login", request).first
	26	+ @current_user
	27	+ end
	28	+
	29	+ def current_person
	30	+ current_user.person unless current_user.nil?
	31	+ end
	32	+
	33	+ def is_admin?(environment)
	34	+ return false unless current_user
	35	+ return current_person.is_admin?(environment)
	36	+ end
	37	+
	38	+ def logout
	39	+ @current_user = nil
	40	+ end
	41	+
	42	+ def environment
	43	+ @environment
	44	+ end
	45	+
	46	+ def present_partial(model, options)
	47	+ if(params[:fields].present?)
	48	+ begin
	49	+ fields = JSON.parse(params[:fields])
	50	+ if fields.present?
	51	+ options.merge!(fields.symbolize_keys.slice(:only, :except))
	52	+ end
	53	+ rescue
	54	+ fields = params[:fields]
	55	+ fields = fields.split(',') if fields.kind_of?(String)
	56	+ options[:only] = Array.wrap(fields)
	57	+ end
	58	+ end
	59	+ present model, options
	60	+ end
	61	+
	62	+ include FindByContents
	63	+
	64	+ ####################################################################
	65	+ #### SEARCH
	66	+ ####################################################################
	67	+ def multiple_search?(searches=nil)
	68	+ ['index', 'category_index'].include?(params[:action]) \|\| (searches && searches.size > 1)
	69	+ end
	70	+ ####################################################################
	71	+
	72	+ def logger
	73	+ logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] \|\| 'production'}_api.log"))
	74	+ logger.formatter = GrapeLogging::Formatters::Default.new
	75	+ logger
	76	+ end
	77	+
	78	+ def limit
	79	+ limit = params[:limit].to_i
	80	+ limit = default_limit if limit <= 0
	81	+ limit
	82	+ end
	83	+
	84	+ def period(from_date, until_date)
	85	+ return nil if from_date.nil? && until_date.nil?
	86	+
	87	+ begin_period = from_date.nil? ? Time.at(0).to_datetime : from_date
	88	+ end_period = until_date.nil? ? DateTime.now : until_date
	89	+
	90	+ begin_period..end_period
	91	+ end
	92	+
	93	+ def parse_content_type(content_type)
	94	+ return nil if content_type.blank?
	95	+ content_type.split(',').map do \|content_type\|
	96	+ content_type.camelcase
	97	+ end
	98	+ end
	99	+
	100	+ def find_article(articles, id)
	101	+ article = articles.find(id)
	102	+ article.display_to?(current_person) ? article : forbidden!
	103	+ end
	104	+
	105	+ def post_article(asset, params)
	106	+ return forbidden! unless current_person.can_post_content?(asset)
	107	+
	108	+ klass_type = params[:content_type] \|\| params[:article].delete(:type) \|\| TinyMceArticle.name
	109	+ return forbidden! unless klass_type.constantize <= Article
	110	+
	111	+ article = klass_type.constantize.new(params[:article])
	112	+ article.last_changed_by = current_person
	113	+ article.created_by= current_person
	114	+ article.profile = asset
	115	+
	116	+ if !article.save
	117	+ render_api_errors!(article.errors.full_messages)
	118	+ end
	119	+ present_partial article, :with => Entities::Article
	120	+ end
	121	+
	122	+ def present_article(asset)
	123	+ article = find_article(asset.articles, params[:id])
	124	+ present_partial article, :with => Entities::Article, :params => params
	125	+ end
	126	+
	127	+ def present_articles_for_asset(asset, method = 'articles')
	128	+ articles = find_articles(asset, method)
	129	+ present_articles(articles)
	130	+ end
	131	+
	132	+ def present_articles(articles)
	133	+ present_partial paginate(articles), :with => Entities::Article, :params => params
	134	+ end
	135	+
	136	+ def find_articles(asset, method = 'articles')
	137	+ articles = select_filtered_collection_of(asset, method, params)
	138	+ if current_person.present?
	139	+ articles = articles.display_filter(current_person, nil)
	140	+ else
	141	+ articles = articles.published
	142	+ end
	143	+ articles
	144	+ end
	145	+
	146	+ def find_task(asset, id)
	147	+ task = asset.tasks.find(id)
	148	+ current_person.has_permission?(task.permission, asset) ? task : forbidden!
	149	+ end
	150	+
	151	+ def post_task(asset, params)
	152	+ klass_type= params[:content_type].nil? ? 'Task' : params[:content_type]
	153	+ return forbidden! unless klass_type.constantize <= Task
	154	+
	155	+ task = klass_type.constantize.new(params[:task])
	156	+ task.requestor_id = current_person.id
	157	+ task.target_id = asset.id
	158	+ task.target_type = 'Profile'
	159	+
	160	+ if !task.save
	161	+ render_api_errors!(task.errors.full_messages)
	162	+ end
	163	+ present_partial task, :with => Entities::Task
	164	+ end
	165	+
	166	+ def present_task(asset)
	167	+ task = find_task(asset, params[:id])
	168	+ present_partial task, :with => Entities::Task
	169	+ end
	170	+
	171	+ def present_tasks(asset)
	172	+ tasks = select_filtered_collection_of(asset, 'tasks', params)
	173	+ tasks = tasks.select {\|t\| current_person.has_permission?(t.permission, asset)}
	174	+ return forbidden! if tasks.empty? && !current_person.has_permission?(:perform_task, asset)
	175	+ present_partial tasks, :with => Entities::Task
	176	+ end
	177	+
	178	+ def make_conditions_with_parameter(params = {})
	179	+ parsed_params = parser_params(params)
	180	+ conditions = {}
	181	+ from_date = DateTime.parse(parsed_params.delete(:from)) if parsed_params[:from]
	182	+ until_date = DateTime.parse(parsed_params.delete(:until)) if parsed_params[:until]
	183	+
	184	+ conditions[:type] = parse_content_type(parsed_params.delete(:content_type)) unless parsed_params[:content_type].nil?
	185	+
	186	+ conditions[:created_at] = period(from_date, until_date) if from_date \|\| until_date
	187	+ conditions.merge!(parsed_params)
	188	+
	189	+ conditions
	190	+ end
	191	+
	192	+ # changing make_order_with_parameters to avoid sql injection
	193	+ def make_order_with_parameters(object, method, params)
	194	+ order = "created_at DESC"
	195	+ unless params[:order].blank?
	196	+ if params[:order].include? '\'' or params[:order].include? '"'
	197	+ order = "created_at DESC"
	198	+ elsif ['RANDOM()', 'RANDOM'].include? params[:order].upcase
	199	+ order = 'RANDOM()'
	200	+ else
	201	+ field_name, direction = params[:order].split(' ')
	202	+ assoc = object.class.reflect_on_association(method.to_sym)
	203	+ if !field_name.blank? and assoc
	204	+ if assoc.klass.attribute_names.include? field_name
	205	+ if direction.present? and ['ASC','DESC'].include? direction.upcase
	206	+ order = "#{field_name} #{direction.upcase}"
	207	+ end
	208	+ end
	209	+ end
	210	+ end
	211	+ end
	212	+ return order
	213	+ end
	214	+
	215	+ def make_timestamp_with_parameters_and_method(params, method)
	216	+ timestamp = nil
	217	+ if params[:timestamp]
	218	+ datetime = DateTime.parse(params[:timestamp])
	219	+ table_name = method.to_s.singularize.camelize.constantize.table_name
	220	+ timestamp = "#{table_name}.updated_at >= '#{datetime}'"
	221	+ end
	222	+
	223	+ timestamp
	224	+ end
	225	+
	226	+ def by_reference(scope, params)
	227	+ reference_id = params[:reference_id].to_i == 0 ? nil : params[:reference_id].to_i
	228	+ if reference_id.nil?
	229	+ scope
	230	+ else
	231	+ created_at = scope.find(reference_id).created_at
	232	+ scope.send("#{params.key?(:oldest) ? 'older_than' : 'younger_than'}", created_at)
	233	+ end
	234	+ end
	235	+
	236	+ def by_categories(scope, params)
	237	+ category_ids = params[:category_ids]
	238	+ if category_ids.nil?
	239	+ scope
	240	+ else
	241	+ scope.joins(:categories).where(:categories => {:id => category_ids})
	242	+ end
	243	+ end
	244	+
	245	+ def select_filtered_collection_of(object, method, params)
	246	+ conditions = make_conditions_with_parameter(params)
	247	+ order = make_order_with_parameters(object,method,params)
	248	+ timestamp = make_timestamp_with_parameters_and_method(params, method)
	249	+
	250	+ objects = object.send(method)
	251	+ objects = by_reference(objects, params)
	252	+ objects = by_categories(objects, params)
	253	+
	254	+ objects = objects.where(conditions).where(timestamp).reorder(order)
	255	+
	256	+ params[:page] \|\|= 1
	257	+ params[:per_page] \|\|= limit
	258	+ paginate(objects)
	259	+ end
	260	+
	261	+ def authenticate!
	262	+ unauthorized! unless current_user
	263	+ end
	264	+
	265	+ def profiles_for_person(profiles, person)
	266	+ if person
	267	+ profiles.listed_for_person(person)
	268	+ else
	269	+ profiles.visible
	270	+ end
	271	+ end
	272	+
	273	+ # Checks the occurrences of uniqueness of attributes, each attribute must be present in the params hash
	274	+ # or a Bad Request error is invoked.
	275	+ #
	276	+ # Parameters:
	277	+ # keys (unique) - A hash consisting of keys that must be unique
	278	+ def unique_attributes!(obj, keys)
	279	+ keys.each do \|key\|
	280	+ cant_be_saved_request!(key) if obj.find_by(key.to_s => params[key])
	281	+ end
	282	+ end
	283	+
	284	+ def attributes_for_keys(keys)
	285	+ attrs = {}
	286	+ keys.each do \|key\|
	287	+ attrs[key] = params[key] if params[key].present? or (params.has_key?(key) and params[key] == false)
	288	+ end
	289	+ attrs
	290	+ end
	291	+
	292	+ ##########################################
	293	+ # error helpers #
	294	+ ##########################################
	295	+
	296	+ def not_found!
	297	+ render_api_error!('404 Not found', 404)
	298	+ end
	299	+
	300	+ def forbidden!
	301	+ render_api_error!('403 Forbidden', 403)
	302	+ end
	303	+
	304	+ def cant_be_saved_request!(attribute)
	305	+ message = _("(Invalid request) %s can't be saved") % attribute
	306	+ render_api_error!(message, 400)
	307	+ end
	308	+
	309	+ def bad_request!(attribute)
	310	+ message = _("(Invalid request) %s not given") % attribute
	311	+ render_api_error!(message, 400)
	312	+ end
	313	+
	314	+ def something_wrong!
	315	+ message = _("Something wrong happened")
	316	+ render_api_error!(message, 400)
	317	+ end
	318	+
	319	+ def unauthorized!
	320	+ render_api_error!(_('Unauthorized'), 401)
	321	+ end
	322	+
	323	+ def not_allowed!
	324	+ render_api_error!(_('Method Not Allowed'), 405)
	325	+ end
	326	+
	327	+ # javascript_console_message is supposed to be executed as console.log()
	328	+ def render_api_error!(user_message, status, log_message = nil, javascript_console_message = nil)
	329	+ message_hash = {'message' => user_message, :code => status}
	330	+ message_hash[:javascript_console_message] = javascript_console_message if javascript_console_message.present?
	331	+ log_msg = "#{status}, User message: #{user_message}"
	332	+ log_msg = "#{log_message}, #{log_msg}" if log_message.present?
	333	+ log_msg = "#{log_msg}, Javascript Console Message: #{javascript_console_message}" if javascript_console_message.present?
	334	+ logger.error log_msg unless Rails.env.test?
	335	+ error!(message_hash, status)
	336	+ end
	337	+
	338	+ def render_api_errors!(messages)
	339	+ messages = messages.to_a if messages.class == ActiveModel::Errors
	340	+ render_api_error!(messages.join(','), 400)
	341	+ end
	342	+
	343	+ protected
	344	+
	345	+ def set_session_cookie
	346	+ cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
	347	+ end
	348	+
	349	+ def setup_multitenancy
	350	+ Noosfero::MultiTenancy.setup!(request.host)
	351	+ end
	352	+
	353	+ def detect_stuff_by_domain
	354	+ @domain = Domain.by_name(request.host)
	355	+ if @domain.nil?
	356	+ @environment = Environment.default
	357	+ if @environment.nil? && Rails.env.development?
	358	+ # This should only happen in development ...
	359	+ @environment = Environment.create!(:name => "Noosfero", :is_default => true)
	360	+ end
	361	+ else
	362	+ @environment = @domain.environment
	363	+ end
	364	+ end
	365	+
	366	+ def filter_disabled_plugins_endpoints
	367	+ not_found! if Api::App.endpoint_unavailable?(self, @environment)
	368	+ end
	369	+
	370	+ def asset_with_image params
	371	+ if params.has_key? :image_builder
	372	+ asset_api_params = params
	373	+ asset_api_params[:image_builder] = base64_to_uploadedfile(asset_api_params[:image_builder])
	374	+ return asset_api_params
	375	+ end
	376	+ params
	377	+ end
	378	+
	379	+ def base64_to_uploadedfile(base64_image)
	380	+ tempfile = base64_to_tempfile base64_image
	381	+ converted_image = base64_image
	382	+ converted_image[:tempfile] = tempfile
	383	+ return {uploaded_data: ActionDispatch::Http::UploadedFile.new(converted_image)}
	384	+ end
	385	+
	386	+ def base64_to_tempfile base64_image
	387	+ base64_img_str = base64_image[:tempfile]
	388	+ decoded_base64_str = Base64.decode64(base64_img_str)
	389	+ tempfile = Tempfile.new(base64_image[:filename])
	390	+ tempfile.write(decoded_base64_str.encode("ascii-8bit").force_encoding("utf-8"))
	391	+ tempfile.rewind
	392	+ tempfile
	393	+ end
	394	+ private
	395	+
	396	+ def parser_params(params)
	397	+ parsed_params = {}
	398	+ params.map do \|k,v\|
	399	+ parsed_params[k.to_sym] = v if DEFAULT_ALLOWED_PARAMETERS.include?(k.to_sym)
	400	+ end
	401	+ parsed_params
	402	+ end
	403	+
	404	+ def default_limit
	405	+ 20
	406	+ end
	407	+
	408	+ def parse_content_type(content_type)
	409	+ return nil if content_type.blank?
	410	+ content_type.split(',').map do \|content_type\|
	411	+ content_type.camelcase
	412	+ end
	413	+ end
	414	+
	415	+ def period(from_date, until_date)
	416	+ begin_period = from_date.nil? ? Time.at(0).to_datetime : from_date
	417	+ end_period = until_date.nil? ? DateTime.now : until_date
	418	+ begin_period..end_period
	419	+ end
	420	+ end
	421	+end
@@ -0,0 +1,20 @@		@@ -0,0 +1,20 @@
	1	+module Api
	2	+ module V1
	3	+ class Activities < Grape::API
	4	+ before { authenticate! }
	5	+
	6	+ resource :profiles do
	7	+
	8	+ get ':id/activities' do
	9	+ profile = Profile.find_by id: params[:id]
	10	+
	11	+ not_found! if profile.blank? \|\| profile.secret \|\| !profile.visible
	12	+ forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person)
	13	+
	14	+ activities = profile.activities.map(&:activity)
	15	+ present activities, :with => Entities::Activity, :current_person => current_person
	16	+ end
	17	+ end
	18	+ end
	19	+ end
	20	+end
@@ -0,0 +1,303 @@		@@ -0,0 +1,303 @@
	1	+module Api
	2	+ module V1
	3	+ class Articles < Grape::API
	4	+
	5	+ ARTICLE_TYPES = Article.descendants.map{\|a\| a.to_s}
	6	+
	7	+ MAX_PER_PAGE = 50
	8	+
	9	+ resource :articles do
	10	+
	11	+ paginate max_per_page: MAX_PER_PAGE
	12	+ # Collect articles
	13	+ #
	14	+ # Parameters:
	15	+ # from - date where the search will begin. If nothing is passed the default date will be the date of the first article created
	16	+ # oldest - Collect the oldest articles. If nothing is passed the newest articles are collected
	17	+ # limit - amount of articles returned. The default value is 20
	18	+ #
	19	+ # Example Request:
	20	+ # GET host/api/v1/articles?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317
	21	+
	22	+ desc 'Return all articles of all kinds' do
	23	+ detail 'Get all articles filtered by fields in query params'
	24	+ params Entities::Article.documentation
	25	+ success Entities::Article
	26	+ failure [[403, 'Forbidden']]
	27	+ named 'ArticlesList'
	28	+ headers [
	29	+ 'Per-Page' => {
	30	+ description: 'Total number of records',
	31	+ required: false
	32	+ }
	33	+ ]
	34	+ end
	35	+ get do
	36	+ present_articles_for_asset(environment)
	37	+ end
	38	+
	39	+ desc "Return one article by id" do
	40	+ detail 'Get only one article by id. If not found the "forbidden" http error is showed'
	41	+ params Entities::Article.documentation
	42	+ success Entities::Article
	43	+ failure [[403, 'Forbidden']]
	44	+ named 'ArticleById'
	45	+ end
	46	+ get ':id', requirements: {id: /[0-9]+/} do
	47	+ present_article(environment)
	48	+ end
	49	+
	50	+ post ':id' do
	51	+ article = environment.articles.find(params[:id])
	52	+ return forbidden! unless article.allow_edit?(current_person)
	53	+ article.update_attributes!(asset_with_image(params[:article]))
	54	+ present_partial article, :with => Entities::Article
	55	+ end
	56	+
	57	+ desc 'Report a abuse and/or violent content in a article by id' do
	58	+ detail 'Submit a abuse (in general, a content violation) report about a specific article'
	59	+ params Entities::Article.documentation
	60	+ failure [[400, 'Bad Request']]
	61	+ named 'ArticleReportAbuse'
	62	+ end
	63	+ post ':id/report_abuse' do
	64	+ article = find_article(environment.articles, params[:id])
	65	+ profile = article.profile
	66	+ begin
	67	+ abuse_report = AbuseReport.new(:reason => params[:report_abuse])
	68	+ if !params[:content_type].blank?
	69	+ article = params[:content_type].constantize.find(params[:content_id])
	70	+ abuse_report.content = article_reported_version(article)
	71	+ end
	72	+
	73	+ current_person.register_report(abuse_report, profile)
	74	+
	75	+ if !params[:content_type].blank?
	76	+ abuse_report = AbuseReport.find_by reporter_id: current_person.id, abuse_complaint_id: profile.opened_abuse_complaint.id
	77	+ Delayed::Job.enqueue DownloadReportedImagesJob.new(abuse_report, article)
	78	+ end
	79	+
	80	+ {
	81	+ :success => true,
	82	+ :message => _('Your abuse report was registered. The administrators are reviewing your report.'),
	83	+ }
	84	+ rescue Exception => exception
	85	+ #logger.error(exception.to_s)
	86	+ render_api_error!(_('Your report couldn\'t be saved due to some problem. Please contact the administrator.'), 400)
	87	+ end
	88	+
	89	+ end
	90	+
	91	+ desc "Returns the articles I voted" do
	92	+ detail 'Get the Articles I make a vote'
	93	+ failure [[403, 'Forbidden']]
	94	+ named 'ArticleFollowers'
	95	+ end
	96	+ #FIXME refactor this method
	97	+ get 'voted_by_me' do
	98	+ present_articles(current_person.votes.where(:voteable_type => 'Article').collect(&:voteable))
	99	+ end
	100	+
	101	+ desc 'Perform a vote on a article by id' do
	102	+ detail 'Vote on a specific article with values: 1 (if you like) or -1 (if not)'
	103	+ params Entities::UserLogin.documentation
	104	+ failure [[401,'Unauthorized']]
	105	+ named 'ArticleVote'
	106	+ end
	107	+ post ':id/vote' do
	108	+ authenticate!
	109	+ value = (params[:value] \|\| 1).to_i
	110	+ # FIXME verify allowed values
	111	+ render_api_error!('Vote value not allowed', 400) unless [-1, 1].include?(value)
	112	+ article = find_article(environment.articles, params[:id])
	113	+ begin
	114	+ vote = Vote.new(:voteable => article, :voter => current_person, :vote => value)
	115	+ {:vote => vote.save!}
	116	+ rescue ActiveRecord::RecordInvalid => e
	117	+ render_api_error!(e.message, 400)
	118	+ end
	119	+ end
	120	+
	121	+ desc "Returns the total followers for the article" do
	122	+ detail 'Get the followers of a specific article by id'
	123	+ failure [[403, 'Forbidden']]
	124	+ named 'ArticleFollowers'
	125	+ end
	126	+ get ':id/followers' do
	127	+ article = find_article(environment.articles, params[:id])
	128	+ total = article.person_followers.count
	129	+ {:total_followers => total}
	130	+ end
	131	+
	132	+ desc "Return the articles followed by me"
	133	+ get 'followed_by_me' do
	134	+ present_articles_for_asset(current_person, 'following_articles')
	135	+ end
	136	+
	137	+ desc "Add a follower for the article" do
	138	+ detail 'Add the current user identified by private token, like a follower of a article'
	139	+ params Entities::UserLogin.documentation
	140	+ failure [[401, 'Unauthorized']]
	141	+ named 'ArticleFollow'
	142	+ end
	143	+ post ':id/follow' do
	144	+ authenticate!
	145	+ article = find_article(environment.articles, params[:id])
	146	+ if article.article_followers.exists?(:person_id => current_person.id)
	147	+ {:success => false, :already_follow => true}
	148	+ else
	149	+ article_follower = ArticleFollower.new
	150	+ article_follower.article = article
	151	+ article_follower.person = current_person
	152	+ article_follower.save!
	153	+ {:success => true}
	154	+ end
	155	+ end
	156	+
	157	+ desc 'Return the children of a article identified by id' do
	158	+ detail 'Get all children articles of a specific article'
	159	+ params Entities::Article.documentation
	160	+ failure [[403, 'Forbidden']]
	161	+ named 'ArticleChildren'
	162	+ end
	163	+
	164	+ paginate per_page: MAX_PER_PAGE, max_per_page: MAX_PER_PAGE
	165	+ get ':id/children' do
	166	+ article = find_article(environment.articles, params[:id])
	167	+
	168	+ #TODO make tests for this situation
	169	+ votes_order = params.delete(:order) if params[:order]=='votes_score'
	170	+ articles = select_filtered_collection_of(article, 'children', params)
	171	+ articles = articles.display_filter(current_person, article.profile)
	172	+
	173	+ #TODO make tests for this situation
	174	+ if votes_order
	175	+ articles = articles.joins('left join votes on articles.id=votes.voteable_id').group('articles.id').reorder('sum(coalesce(votes.vote, 0)) DESC')
	176	+ end
	177	+ Article.hit(articles)
	178	+ present_articles(articles)
	179	+ end
	180	+
	181	+ desc 'Return one child of a article identified by id' do
	182	+ detail 'Get a child of a specific article'
	183	+ params Entities::Article.documentation
	184	+ success Entities::Article
	185	+ failure [[403, 'Forbidden']]
	186	+ named 'ArticleChild'
	187	+ end
	188	+ get ':id/children/:child_id' do
	189	+ article = find_article(environment.articles, params[:id])
	190	+ child = find_article(article.children, params[:child_id])
	191	+ child.hit
	192	+ present_partial child, :with => Entities::Article
	193	+ end
	194	+
	195	+ desc 'Suggest a article to another profile' do
	196	+ detail 'Suggest a article to another profile (person, community...)'
	197	+ params Entities::Article.documentation
	198	+ success Entities::Task
	199	+ failure [[401,'Unauthorized']]
	200	+ named 'ArticleSuggest'
	201	+ end
	202	+ post ':id/children/suggest' do
	203	+ authenticate!
	204	+ parent_article = environment.articles.find(params[:id])
	205	+
	206	+ suggest_article = SuggestArticle.new
	207	+ suggest_article.article = params[:article]
	208	+ suggest_article.article[:parent_id] = parent_article.id
	209	+ suggest_article.target = parent_article.profile
	210	+ suggest_article.requestor = current_person
	211	+
	212	+ unless suggest_article.save
	213	+ render_api_errors!(suggest_article.article_object.errors.full_messages)
	214	+ end
	215	+ present_partial suggest_article, :with => Entities::Task
	216	+ end
	217	+
	218	+ # Example Request:
	219	+ # POST api/v1/articles/:id/children?private_token=234298743290432&article[name]=title&article[body]=body
	220	+ desc 'Add a child article to a parent identified by id' do
	221	+ detail 'Create a new article and associate to a parent'
	222	+ params Entities::Article.documentation
	223	+ success Entities::Article
	224	+ failure [[401,'Unauthorized']]
	225	+ named 'ArticleAddChild'
	226	+ end
	227	+ post ':id/children' do
	228	+ parent_article = environment.articles.find(params[:id])
	229	+ params[:article][:parent_id] = parent_article.id
	230	+ post_article(parent_article.profile, params)
	231	+ end
	232	+ end
	233	+
	234	+ resource :profiles do
	235	+ get ':id/home_page' do
	236	+ profiles = environment.profiles
	237	+ profiles = profiles.visible_for_person(current_person)
	238	+ profile = profiles.find_by id: params[:id]
	239	+ present_partial profile.home_page, :with => Entities::Article
	240	+ end
	241	+ end
	242	+
	243	+ kinds = %w[profile community person enterprise]
	244	+ kinds.each do \|kind\|
	245	+ resource kind.pluralize.to_sym do
	246	+ segment "/:#{kind}_id" do
	247	+ resource :articles do
	248	+
	249	+ desc "Return all articles associate with a profile of type #{kind}" do
	250	+ detail 'Get a list of articles of a profile'
	251	+ params Entities::Article.documentation
	252	+ success Entities::Article
	253	+ failure [[403, 'Forbidden']]
	254	+ named 'ArticlesOfProfile'
	255	+ end
	256	+ get do
	257	+ profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
	258	+
	259	+ if params[:path].present?
	260	+ article = profile.articles.find_by path: params[:path]
	261	+ if !article \|\| !article.display_to?(current_person)
	262	+ article = forbidden!
	263	+ end
	264	+
	265	+ present_partial article, :with => Entities::Article
	266	+ else
	267	+
	268	+ present_articles_for_asset(profile)
	269	+ end
	270	+ end
	271	+
	272	+ desc "Return a article associate with a profile of type #{kind}" do
	273	+ detail 'Get only one article of a profile'
	274	+ params Entities::Article.documentation
	275	+ success Entities::Article
	276	+ failure [[403, 'Forbidden']]
	277	+ named 'ArticleOfProfile'
	278	+ end
	279	+ get ':id' do
	280	+ profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
	281	+ present_article(profile)
	282	+ end
	283	+
	284	+ # Example Request:
	285	+ # POST api/v1/{people,communities,enterprises}/:asset_id/articles?private_token=234298743290432&article[name]=title&article[body]=body
	286	+ desc "Add a new article associated with a profile of type #{kind}" do
	287	+ detail 'Create a new article and associate with a profile'
	288	+ params Entities::Article.documentation
	289	+ success Entities::Article
	290	+ failure [[403, 'Forbidden']]
	291	+ named 'ArticleCreateToProfile'
	292	+ end
	293	+ post do
	294	+ profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
	295	+ post_article(profile, params)
	296	+ end
	297	+ end
	298	+ end
	299	+ end
	300	+ end
	301	+ end
	302	+ end
	303	+end
@@ -0,0 +1,15 @@		@@ -0,0 +1,15 @@
	1	+module Api
	2	+ module V1
	3	+
	4	+ class Blocks < Grape::API
	5	+ resource :blocks do
	6	+ get ':id' do
	7	+ block = Block.find(params["id"])
	8	+ return forbidden! unless block.visible_to_user?(current_person)
	9	+ present block, :with => Entities::Block, display_api_content: true
	10	+ end
	11	+ end
	12	+ end
	13	+
	14	+ end
	15	+end
@@ -0,0 +1,44 @@		@@ -0,0 +1,44 @@
	1	+module Api
	2	+ module V1
	3	+
	4	+ class Boxes < Grape::API
	5	+
	6	+ kinds = %w[profile community person enterprise]
	7	+ kinds.each do \|kind\|
	8	+
	9	+ resource kind.pluralize.to_sym do
	10	+
	11	+ segment "/:#{kind}_id" do
	12	+ resource :boxes do
	13	+ get do
	14	+ profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
	15	+ present profile.boxes, :with => Entities::Box
	16	+ end
	17	+ end
	18	+ end
	19	+ end
	20	+
	21	+ end
	22	+
	23	+ resource :environments do
	24	+ [ '/default', '/context', ':environment_id' ].each do \|route\|
	25	+ segment route do
	26	+ resource :boxes do
	27	+ get do
	28	+ if (route.match(/default/))
	29	+ env = Environment.default
	30	+ elsif (route.match(/context/))
	31	+ env = environment
	32	+ else
	33	+ env = Environment.find(params[:environment_id])
	34	+ end
	35	+ present env.boxes, :with => Entities::Box
	36	+ end
	37	+ end
	38	+ end
	39	+ end
	40	+ end
	41	+ end
	42	+
	43	+ end
	44	+end
@@ -0,0 +1,25 @@		@@ -0,0 +1,25 @@
	1	+module Api
	2	+ module V1
	3	+ class Categories < Grape::API
	4	+
	5	+ resource :categories do
	6	+
	7	+ get do
	8	+ type = params[:category_type]
	9	+ include_parent = params[:include_parent] == 'true'
	10	+ include_children = params[:include_children] == 'true'
	11	+
	12	+ categories = type.nil? ? environment.categories : environment.categories.where(:type => type)
	13	+ present categories, :with => Entities::Category, parent: include_parent, children: include_children
	14	+ end
	15	+
	16	+ desc "Return the category by id"
	17	+ get ':id' do
	18	+ present environment.categories.find(params[:id]), :with => Entities::Category, parent: true, children: true
	19	+ end
	20	+
	21	+ end
	22	+
	23	+ end
	24	+ end
	25	+end
@@ -0,0 +1,49 @@		@@ -0,0 +1,49 @@
	1	+module Api
	2	+ module V1
	3	+ class Comments < Grape::API
	4	+ MAX_PER_PAGE = 20
	5	+
	6	+
	7	+ resource :articles do
	8	+ paginate max_per_page: MAX_PER_PAGE
	9	+ # Collect comments from articles
	10	+ #
	11	+ # Parameters:
	12	+ # reference_id - comment id used as reference to collect comment
	13	+ # oldest - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
	14	+ # limit - amount of comments returned. The default value is 20
	15	+ #
	16	+ # Example Request:
	17	+ # GET /articles/12/comments?oldest&limit=10&reference_id=23
	18	+ get ":id/comments" do
	19	+ article = find_article(environment.articles, params[:id])
	20	+ comments = select_filtered_collection_of(article, :comments, params)
	21	+ comments = comments.without_spam
	22	+ comments = comments.without_reply if(params[:without_reply].present?)
	23	+ comments = plugins.filter(:unavailable_comments, comments)
	24	+ present paginate(comments), :with => Entities::Comment, :current_person => current_person
	25	+ end
	26	+
	27	+ get ":id/comments/:comment_id" do
	28	+ article = find_article(environment.articles, params[:id])
	29	+ present article.comments.find(params[:comment_id]), :with => Entities::Comment, :current_person => current_person
	30	+ end
	31	+
	32	+ # Example Request:
	33	+ # POST api/v1/articles/12/comments?private_token=2298743290432&body=new comment&title=New
	34	+ post ":id/comments" do
	35	+ authenticate!
	36	+ article = find_article(environment.articles, params[:id])
	37	+ options = params.select { \|key,v\| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article)
	38	+ begin
	39	+ comment = Comment.create!(options)
	40	+ rescue ActiveRecord::RecordInvalid => e
	41	+ render_api_error!(e.message, 400)
	42	+ end
	43	+ present comment, :with => Entities::Comment, :current_person => current_person
	44	+ end
	45	+ end
	46	+
	47	+ end
	48	+ end
	49	+end