Merge branch 'master' into redemoinho-improvements

Rodrigo Souto
2 parents 427fa1d1 b71625c8
Showing 174 changed files with 12846 additions and 7416 deletions Show diff stats
AUTHORS.md
Gemfile
Rakefile
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile/profile_editor_controller.rb
app/controllers/public/account_controller.rb
app/controllers/public/api_controller.rb
app/controllers/public/content_viewer_controller.rb
app/controllers/public/profile_controller.rb
app/helpers/article_helper.rb
app/models/add_friend.rb
app/models/add_member.rb
app/models/approve_article.rb
app/models/article.rb
app/models/change_password.rb
app/models/comment.rb
app/models/create_community.rb
app/models/create_enterprise.rb
app/models/email_activation.rb
app/models/enterprise_activation.rb
@@ -90,15 +90,17 @@ Matheus Faria &lt;matheus.sousa.faria@gmail.com&gt;
 Maurilio Atila <cabelotaina@gmail.com>
 M for Momo <mo@rtnp.org>
 Michal Čihař <michal@cihar.com>
-Michel Felipe <mfelipeof@gmail.com>
+Michel Felipe de Oliveira Ferreira <michel.ferreira@serpro.gov.br>
 Moises Machado <moises@colivre.coop.br>
 Naíla Alves <naila@colivre.coop.br>
 Nanda Lopes <nanda.listas+psl@gmail.com>
 Niemand Jedermann <predatorix@web.de>
+Omar Junior <omarroinuj@gmail.com>
 Parley Martins <parleypachecomartins@gmail.com>
 Paulo Meirelles <paulo@softwarelivre.org>
 Pedro de Lyra <pedrodelyra@gmail.com>
 Pedro Leal
+Phillip Rohmberger <rohmberger@hotmail.de>
 Rafael de Souza Queiroz <querafael@live.com>
 Rafael Gomes <rafaelgomes@techfree.com.br>
 Rafael Martins <rmmartins@gmail.com>
@@ -112,6 +114,7 @@ Rodrigo Medeiros &lt;rodrigo.mss01@gmail.com&gt;
 Rodrigo Souto <rodrigo@colivre.coop.br>
 Ronny Kursawe <kursawe.ronny@googlemail.com>
 Samuel R. C. Vale <srcvale@holoscopio.com>
+Simiao Carvalho <simiaosimis@gmail.com>
 Tallys Martins <tallysmartins@yahoo.com.br>
 Thiago Casotti <thiago.casotti@uol.com.br>
 Thiago Kairala <thiagor.kairala@gmail.com>
@@ -123,6 +126,7 @@ Valessio Brito &lt;contato@valessiobrito.com.br&gt;
 Victor Costa <vfcosta@gmail.com>
 Victor Hugo Alves de Carvalho <victorhugodf.ac@gmail.com>
 Vinicius Cubas Brand <viniciuscb@gmail.com>
+Vitor Barbosa <vitornga15@gmail.com>
 Wilton Rodrigues <braynwilton@gmail.com>
 Yann Lugrin <yann.lugrin@liquid-concept.ch>
  
@@ -10,7 +10,7 @@ gem &#39;RedCloth&#39;,                 &#39;~&gt; 4.2.9&#39;
 gem 'will_paginate',            '~> 3.0.3'
 gem 'ruby-feedparser',          '~> 0.7'
 gem 'daemons',                  '~> 1.1.5'
-gem 'thin',                     '~> 1.3.1'
+gem 'unicorn',                  '~> 4.8'
 gem 'nokogiri',                 '~> 1.5.5'
 gem 'rake', :require => false
 gem 'rest-client',              '~> 1.6.7'
@@ -21,6 +21,13 @@ gem &#39;whenever&#39;, :require =&gt; false
 gem 'eita-jrails', '~> 0.9.5', require: 'jrails'
 gem 'slim'
  
+# API dependencies
+gem 'grape',                    '~> 0.12'
+gem 'grape-entity'
+gem 'grape_logging'
+gem 'rack-cors'
+gem 'rack-contrib'
+
 # asset pipeline
 gem 'uglifier', '>= 1.0.3'
 gem 'sass-rails'
@@ -15,4 +15,38 @@ Noosfero::Application.load_tasks
   Dir.glob(pattern).sort
 end.flatten.each do |taskfile|
   load taskfile
+end 
+
+# plugins' tasks
+plugins_tasks = Dir.glob("config/plugins/*/{tasks,lib/tasks,rails/tasks}/**/*.rake").sort +
+  Dir.glob("config/plugins/*/vendor/plugins/*/{tasks,lib/tasks,rails/tasks}/**/*.rake").sort
+plugins_tasks.each{ |ext| load ext }
+
+
+desc "Print out grape routes"
+task :grape_routes => :environment do
+  #require 'api/api.rb'
+  Noosfero::API::API.routes.each do |route|
+    puts route
+    method = route.route_method
+    path = route.route_path
+    puts "     #{method} #{path}"
+  end
+end
+
+# plugins' tasks
+plugins_tasks = Dir.glob("config/plugins/*/{tasks,lib/tasks,rails/tasks}/**/*.rake").sort +
+  Dir.glob("config/plugins/*/vendor/plugins/*/{tasks,lib/tasks,rails/tasks}/**/*.rake").sort
+plugins_tasks.each{ |ext| load ext }
+
+
+desc "Print out grape routes"
+task :grape_routes => :environment do
+  #require 'api/api.rb'
+  Noosfero::API::API.routes.each do |route|
+    puts route
+    method = route.route_method
+    path = route.route_path
+    puts "     #{method} #{path}"
+  end
 end
@@ -27,20 +27,13 @@ class CmsController &lt; MyProfileController
  
   helper_method :file_types
  
-  protect_if :only => :upload_files do |c, user, profile|
-    article_id = c.params[:parent_id]
-    (!article_id.blank? && profile.articles.find(article_id).allow_create?(user)) ||
-    (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
-  end
-
-  protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :publish_on_portal_community, :publish_on_communities, :search_communities_to_publish, :upload_files, :new] do |c, user, profile|
+  protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new] do |c, user, profile|
     user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))
   end
  
-  protect_if :only => :new do |c, user, profile|
-    article = profile.articles.find_by_id(c.params[:parent_id])
-    (!article.nil? && (article.allow_create?(user) || article.parent.allow_create?(user))) ||
-    (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
+  protect_if :only => [:new, :upload_files] do |c, user, profile|
+    parent = profile.articles.find_by_id(c.params[:parent_id])
+    user && user.can_post_content?(profile, parent)
   end
  
   protect_if :only => :destroy do |c, user, profile|
@@ -118,10 +111,7 @@ class CmsController &lt; MyProfileController
       end
     end
  
-    unless @article.kind_of?(RssFeed)
-      @escaped_body = CGI::escapeHTML(@article.body || '')
-      @escaped_abstract = CGI::escapeHTML(@article.abstract || '')
-    end
+    escape_fields @article
   end
  
   def new
@@ -192,6 +182,8 @@ class CmsController &lt; MyProfileController
       end
     end
  
+    escape_fields @article
+
     render :action => 'edit'
   end
  
@@ -541,4 +533,10 @@ class CmsController &lt; MyProfileController
     end
   end
  
+  def escape_fields article
+    unless article.kind_of?(RssFeed)
+      @escaped_body = CGI::escapeHTML(article.body || '')
+      @escaped_abstract = CGI::escapeHTML(article.abstract || '')
+    end
+  end
 end
@@ -133,6 +133,13 @@ class ProfileEditorController &lt; MyProfileController
     redirect_to_previous_location
   end
  
+  def reset_private_token
+    profile = environment.profiles.find(params[:id])
+    profile.user.generate_private_token!
+
+    redirect_to_previous_location
+  end
+
   protected
  
   def redirect_to_previous_location
@@ -97,12 +97,9 @@ class AccountController &lt; ApplicationController
     @block_bot = !!session[:may_be_a_bot]
     @invitation_code = params[:invitation_code]
     begin
-      @user = User.new(params[:user])
+      @user = User.build(params[:user], params[:profile_data], environment)
       @user.session = session
-      @user.terms_of_use = environment.terms_of_use
-      @user.environment = environment
       @terms_of_use = environment.terms_of_use
-      @user.person_data = params[:profile_data]
       @user.return_to = session[:return_to]
       @person = Person.new(params[:profile_data])
       @person.environment = @user.environment
@@ -0,0 +1,19 @@
+class ApiController < PublicController
+
+  no_design_blocks
+
+  helper_method :endpoints
+
+  def index
+  end
+
+  def playground
+  end
+
+  private
+
+  def endpoints
+    Noosfero::API::API.endpoints(environment)
+  end
+
+end
@@ -8,6 +8,7 @@ class ContentViewerController &lt; ApplicationController
   helper TagsHelper
  
   def view_page
+
     path = get_path(params[:page], params[:format])
  
     @version = params[:version].to_i
@@ -38,7 +39,7 @@ class ContentViewerController &lt; ApplicationController
     end
  
     # At this point the page will be showed
-    @page.hit unless user_is_a_bot?
+    @page.hit unless user_is_a_bot? || already_visited?(@page)
  
     @page = FilePresenter.for @page
  
@@ -272,4 +273,18 @@ class ContentViewerController &lt; ApplicationController
     @comment_order = params[:comment_order].nil? ? 'oldest' : params[:comment_order]
   end
  
+  private
+
+  def already_visited?(element)
+    user_id = if user.nil? then -1 else current_user.id end
+    user_id = "#{user_id}_#{element.id}_#{element.class}"
+
+    if cookies.signed[:visited] == user_id
+      return true
+    else
+      cookies.permanent.signed[:visited] = user_id
+      return false
+    end
+  end
+
 end
@@ -66,7 +66,10 @@ class ProfileController &lt; PublicController
  
   def members
     if is_cache_expired?(profile.members_cache_key(params))
-      @members = profile.members_by_name.includes(relations_to_include).paginate(:per_page => members_per_page, :page => params[:npage], :total_entries => profile.members.count)
+      sort = (params[:sort] == 'desc') ? params[:sort] : 'asc'
+      @profile_admins = profile.admins.includes(relations_to_include).order("name #{sort}").paginate(:per_page => members_per_page, :page => params[:npage])
+      @profile_members = profile.members.includes(relations_to_include).order("name #{sort}").paginate(:per_page => members_per_page, :page => params[:npage])
+      @profile_members_url = url_for(:controller => 'profile', :action => 'members')
     end
   end
  
@@ -88,7 +88,7 @@ module ArticleHelper
     content_tag( 'small', _('Who will be able to create new topics on this forum?')) +
     content_tag('div', '', slider_options) +
     hidden_field_tag('article[topic_creation]', article.topic_creation) +
-    javascript_include_tag('topic-creation-config')
+    javascript_include_tag("#{Noosfero.root}/assets/topic-creation-config.js")
   end
  
   def privacity_exceptions(article, tokenized_children)
@@ -14,6 +14,9 @@ class AddFriend &lt; Task
   alias :friend :target
   alias :friend= :target=
  
+	validates :requestor, :kind_of => { :kind => Person }
+	validates :target, :kind_of => { :kind => Person }
+
   after_create do |task|
     TaskMailer.invitation_notification(task).deliver unless task.friend
     remove_from_suggestion_list(task)
@@ -2,6 +2,9 @@ class AddMember &lt; Task
  
   validates_presence_of :requestor_id, :target_id
  
+  validates :requestor, kind_of: {kind: Person}
+  validates :target, kind_of: {kind: Organization}
+
   alias :person :requestor
   alias :person= :requestor=
  
 class ApproveArticle < Task
   validates_presence_of :requestor_id, :target_id
  
+  validates :requestor, kind_of: {kind: Person}
+  validate :allowed_requestor
+
+  def allowed_requestor
+    if target
+      if target.person? && requestor != target
+        self.errors.add(:requestor, _('You can not post articles to other users.'))
+      end
+      if target.organization? && !target.members.include?(requestor) && target.environment.portal_community != target
+        self.errors.add(:requestor, _('Only members can post articles on communities.'))
+      end
+    end
+  end
+
   def article_title
     article ? article.title : _('(The original text was removed)')
   end
-  
+
   def article
     Article.find_by_id data[:article_id]
   end
@@ -128,4 +142,9 @@ class ApproveArticle &lt; Task
     message
   end
  
+  def request_is_member_of_target
+    unless requestor.is_member_of?(target)
+      errors.add(:approve_article, N_('Requestor must be a member of target.'))
+    end
+  end
 end
@@ -130,6 +130,8 @@ class Article &lt; ActiveRecord::Base
     {:include => 'categories_including_virtual', :conditions => { 'categories.id' => category.id }}
   }
  
+  include TimeScopes
+
   scope :by_range, lambda { |range| {
     :conditions => [
       'articles.published_at BETWEEN :start_date AND :end_date', { :start_date => range.first, :end_date => range.last }
@@ -627,6 +629,11 @@ class Article &lt; ActiveRecord::Base
     self.hits += 1
   end
  
+  def self.hit(articles)
+    Article.where(:id => articles.map(&:id)).update_all('hits = hits + 1')
+    articles.each { |a| a.hits += 1 }
+  end
+
   def can_display_hits?
     true
   end
@@ -718,6 +725,11 @@ class Article &lt; ActiveRecord::Base
     person ? person.id : nil
   end
  
+  #FIXME make this test
+  def author_custom_image(size = :icon)
+    author ? author.profile_custom_image(size) : nil
+  end
+
   def version_license(version_number = nil)
     return license if version_number.nil?
     profile.environment.licenses.find_by_id(get_version(version_number).license_id)
@@ -18,6 +18,8 @@ class ChangePassword &lt; Task
  
   validates_presence_of :requestor
  
+  validates :requestor, kind_of: {kind: Person}
+
   ###################################################
   # validations for updating a ChangePassword task 
  
@@ -20,6 +20,8 @@ class Comment &lt; ActiveRecord::Base
  
   scope :without_reply, :conditions => ['reply_of_id IS NULL']
  
+  include TimeScopes
+
   # unauthenticated authors:
   validates_presence_of :name, :if => (lambda { |record| !record.email.blank? })
   validates_presence_of :email, :if => (lambda { |record| !record.name.blank? })
@@ -67,6 +69,11 @@ class Comment &lt; ActiveRecord::Base
     author ? author.url : nil
   end
  
+  #FIXME make this test
+  def author_custom_image(size = :icon)
+    author ? author.profile_custom_image(size) : nil
+  end
+
   def url
     article.view_url.merge(:anchor => anchor)
   end
@@ -3,6 +3,9 @@ class CreateCommunity &lt; Task
   validates_presence_of :requestor_id, :target_id
   validates_presence_of :name
  
+  validates :requestor, kind_of: {kind: Person}
+  validates :target, kind_of: {kind: Environment}
+
   alias :environment :target
   alias :environment= :target=
  
@@ -27,6 +27,8 @@ class CreateEnterprise &lt; Task
   # checks for actual attributes
   validates_presence_of :requestor_id, :target_id
  
+  validates :requestor, kind_of: {kind: Person}
+
   # checks for admins required attributes
   DATA_FIELDS.each do |attribute|
     validates_presence_of attribute, :if => lambda { |obj| obj.environment.required_enterprise_fields.include?(attribute) }
 class EmailActivation < Task
  
   validates_presence_of :requestor_id, :target_id
+
+  validates :requestor, kind_of: {kind: Person}
+  validates :target, kind_of: {kind: Environment}
+
   validate :already_requested, :on => :create
  
   alias :environment :target
   alias :person :requestor
  
   def already_requested
-    if !self.requestor.nil? && self.requestor.user.email_activation_pending?
+    if !self.requestor.nil? && self.requestor.person? && self.requestor.user.email_activation_pending?
       self.errors.add(:base, _('You have already requested activation of your mailbox.'))
     end
   end
@@ -8,6 +8,8 @@ class EnterpriseActivation &lt; Task
  
   validates_presence_of :enterprise
  
+  validates :target, kind_of: {kind: Enterprise}
+
   def perform
     self.enterprise.enable self.requestor
   end
@@ -6,6 +6,8 @@ class Invitation &lt; Task
  
   validates_presence_of :target_id, :if => Proc.new{|invite| invite.friend_email.blank?}
  
+  validates :requestor, kind_of: {kind: Person}
+
   validates_presence_of :friend_email, :if => Proc.new{|invite| invite.target_id.blank?}
   validates_format_of :friend_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => Proc.new{|invite| invite.target_id.blank?}
  
@@ -34,7 +36,7 @@ class Invitation &lt; Task
   end
  
   def not_invite_yourself
-    email = friend ? friend.user.email : friend_email
+    email = friend && friend.person? ? friend.user.email : friend_email
     if person && email && person.user.email == email
       self.errors.add(:base, _("You can't invite youself"))
     end
@@ -136,7 +138,11 @@ class Invitation &lt; Task
   end
  
   def environment
-    self.requestor.environment
+    if self.requestor
+      self.requestor.environment
+    else
+      nil
+    end
   end
  
 end
@@ -7,6 +7,8 @@ class ModerateUserRegistration &lt; Task
  
   after_create :schedule_spam_checking
  
+  validates :target, kind_of: {kind: Environment}
+
   alias :environment :target
   alias :environment= :target=
  
@@ -8,6 +8,30 @@ class Organization &lt; Profile
     :display => %w[compact]
   }
  
+  # An Organization is considered visible to a given person if one of the
+  # following conditions are met:
+  #   1) The user is an environment administrator.
+  #   2) The user is an administrator of the organization.
+  #   3) The user is a member of the organization and the organization is
+  #   visible.
+  #   4) The user is not a member of the organization but the organization is
+  #   visible, public and enabled.
+  def self.visible_for_person(person)
+    joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id"
+          AND "role_assignments"."resource_type" = \'Profile\') OR (
+          "role_assignments"."resource_id" = "profiles"."environment_id" AND
+          "role_assignments"."resource_type" = \'Environment\' )')
+    .joins('LEFT JOIN "roles" ON "role_assignments"."role_id" = "roles"."id"')
+    .where(
+      ['( (roles.key = ? OR roles.key = ?) AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? )
+        OR
+        ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR
+            ( profiles.public_profile = ? AND profiles.enabled = ? ) ) AND
+          ( profiles.visible = ? ) )',
+      'profile_admin', 'environment_administrator', Profile.name, person.id,
+      Profile.name, person.id,  true, true, true]
+    ).uniq
+  end
  
   settings_items :closed, :type => :boolean, :default => false
   def closed?
@@ -39,6 +39,19 @@ roles] }
     { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] }
   }
  
+  scope :visible_for_person, lambda { |person|
+    joins('LEFT JOIN "role_assignments" ON
+          "role_assignments"."resource_id" = "profiles"."environment_id" AND
+          "role_assignments"."resource_type" = \'Environment\'')
+    .joins('LEFT JOIN "roles" ON "role_assignments"."role_id" = "roles"."id"')
+    .joins('LEFT JOIN "friendships" ON "friendships"."friend_id" = "profiles"."id"')
+    .where(
+      ['( roles.key = ? AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR (
+        ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )', 'environment_administrator', Profile.name, person.id, person.id,  true, true]
+    ).uniq
+  }
+
+
   def has_permission_with_admin?(permission, resource)
     return true if resource.blank? || resource.admins.include?(self)
     return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self)
@@ -128,6 +141,11 @@ roles] }
     self.tracked_notifications.exists?(activity)
   end
  
+  def can_post_content?(profile, parent=nil)
+    (!parent.nil? && (parent.allow_create?(self))) ||
+      (self.has_permission?('post_content', profile) || self.has_permission?('publish_content', profile))
+  end
+
   # Sets the identifier for this person. Raises an exception when called on a
   # existing person (since peoples' identifiers cannot be changed)
   def identifier=(value)
@@ -56,6 +56,25 @@ class Product &lt; ActiveRecord::Base
     {:joins => :product_category, :conditions => ['categories.path LIKE ?', "%#{category.slug}%"]} if category
   }
  
+  scope :visible_for_person, lambda { |person|
+    joins('INNER JOIN "profiles" enterprises ON enterprises."id" = "products"."profile_id"')
+    .joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = enterprises."id"
+          AND "role_assignments"."resource_type" = \'Profile\') OR (
+          "role_assignments"."resource_id" = enterprises."environment_id" AND
+          "role_assignments"."resource_type" = \'Environment\' )')
+    .joins('LEFT JOIN "roles" ON "role_assignments"."role_id" = "roles"."id"')
+    .where(
+      ['( (roles.key = ? OR roles.key = ?) AND role_assignments.accessor_type = \'Profile\' AND role_assignments.accessor_id = ? )
+        OR
+        ( ( ( role_assignments.accessor_type = \'Profile\' AND
+              role_assignments.accessor_id = ? ) OR
+            ( enterprises.public_profile = ? AND enterprises.enabled = ? ) ) AND
+          ( enterprises.visible = ? ) )',
+      'profile_admin', 'environment_administrator', person.id, person.id,
+      true, true, true]
+    ).uniq
+  }
+
   after_update :save_image
  
   def lat
@@ -102,6 +102,50 @@ class Profile &lt; ActiveRecord::Base
   }
   scope :no_templates, {:conditions => {:is_template => false}}
  
+  # Returns a scoped object to select profiles in a given location or in a radius
+  # distance from the given location center.
+  # The parameter can be the `request.params` with the keys:
+  # * `country`: Country code string.
+  # * `state`: Second-level administrative country subdivisions.
+  # * `city`: City full name for center definition, or as set by users.
+  # * `lat`: The latitude to define the center of georef search.
+  # * `lng`: The longitude to define the center of georef search.
+  # * `distance`: Define the search radius in kilometers.
+  # NOTE: This method may return an exception object, to inform filter error.
+  # When chaining scopes, is hardly recommended you to add this as the last one,
+  # if you can't be sure about the provided parameters.
+  def self.by_location(params)
+    params = params.with_indifferent_access
+    if params[:distance].blank?
+      where_code = []
+      [ :city, :state, :country ].each do |place|
+        unless params[place].blank?
+          # ... So we must to find on this named location
+          # TODO: convert location attrs to a table collumn
+          where_code << "(profiles.data like '%#{place}: #{params[place]}%')"
+        end
+      end
+      self.where where_code.join(' AND ')
+    else # Filter in a georef circle
+      unless params[:lat].blank? && params[:lng].blank?
+        lat, lng = [ params[:lat].to_f, params[:lng].to_f ]
+      end
+      if !lat
+        location = [ params[:city], params[:state], params[:country] ].compact.join(', ')
+        if location.blank?
+          return Exception.new (
+            _('You must to provide `lat` and `lng`, or `city` and `country` to define the center of the search circle, defined by `distance`.')
+          )
+        end
+        lat, lng = Noosfero::GeoRef.location_to_georef location
+      end
+      dist = params[:distance].to_f
+      self.where "#{Noosfero::GeoRef.sql_dist lat, lng} <= #{dist}"
+    end
+  end
+
+  include TimeScopes
+
   def members
     scopes = plugins.dispatch_scopes(:organization_members, self)
     scopes << Person.members_of(self)
@@ -913,7 +957,8 @@ private :generate_url, :url_options
  
   def members_cache_key(params = {})
     page = params[:npage] || '1'
-    cache_key + '-members-page-' + page
+    sort = (params[:sort] ==  'desc') ? params[:sort] : 'asc'
+    cache_key + '-members-page-' + page + '-' + sort
   end
  
   def more_recent_label
@@ -951,6 +996,13 @@ private :generate_url, :url_options
     image.public_filename(:icon) if image.present?
   end
  
+  #FIXME make this test
+  def profile_custom_image(size = :icon)
+    image_path = profile_custom_icon if size == :icon
+    image_path ||= image.public_filename(size) if image.present?
+    image_path
+  end
+
   def jid(options = {})
     domain = options[:domain] || environment.default_hostname
     "#{identifier}@#{domain}"
@@ -16,6 +16,7 @@ class ProfileActivity &lt; ActiveRecord::Base
  
   def self.update_activity activity
     profile_activity = ProfileActivity.where(activity_id: activity.id, activity_type: activity.class.base_class.name).first
+    return unless profile_activity
     profile_activity.send :copy_timestamps
     profile_activity.save!
     profile_activity
@@ -11,6 +11,12 @@ class Qualifier &lt; ActiveRecord::Base
   has_many :qualifier_certifiers, :dependent => :destroy
   has_many :certifiers, :through => :qualifier_certifiers
  
+  def used_certs
+    Certifier.joins('INNER JOIN product_qualifiers' +
+                    ' ON certifiers.id = product_qualifiers.certifier_id')
+             .where(product_qualifiers: {qualifier_id: self.id})
+  end
+
   has_many :product_qualifiers, :dependent => :destroy
   has_many :products, :through => :product_qualifiers, :source => :product
  
@@ -22,11 +22,11 @@ class Scrap &lt; ActiveRecord::Base
  
   scope :not_replies, :conditions => {:scrap_id => nil}
  
-  track_actions :leave_scrap, :after_create, :keep_params => ['sender.name', 'content', 'receiver.name', 'receiver.url'], :if => Proc.new{|s| s.sender != s.receiver && s.sender != s.top_root.receiver}, :custom_target => :action_tracker_target
+  track_actions :leave_scrap, :after_create, :keep_params => ['sender.name', 'content', 'receiver.name', 'receiver.url'], :if => Proc.new{|s| s.sender != s.receiver && s.sender != s.top_root.receiver}, :custom_target => :action_tracker_target, :custom_user => :sender
  
-  track_actions :leave_scrap_to_self, :after_create, :keep_params => ['sender.name', 'content'], :if => Proc.new{|s| s.sender == s.receiver}
+  track_actions :leave_scrap_to_self, :after_create, :keep_params => ['sender.name', 'content'], :if => Proc.new{|s| s.sender == s.receiver}, :custom_user => :sender
  
-  track_actions :reply_scrap_on_self, :after_create, :keep_params => ['sender.name', 'content'], :if => Proc.new{|s| s.sender != s.receiver && s.sender == s.top_root.receiver}
+  track_actions :reply_scrap_on_self, :after_create, :keep_params => ['sender.name', 'content'], :if => Proc.new{|s| s.sender != s.receiver && s.sender == s.top_root.receiver}, :custom_user => :sender
  
   after_create :send_notification
  
@@ -41,6 +41,7 @@ class SuggestArticle &lt; Task
       return type if type < Article
     end
     TinyMceArticle
+    (article[:type] || 'TinyMceArticle').constantize
   end
  
   def perform
@@ -91,4 +92,5 @@ class SuggestArticle &lt; Task
   def after_ham!
     self.delay.marked_as_ham
   end
+
 end
@@ -116,6 +116,51 @@ class Task &lt; ActiveRecord::Base
     end
   end
  
+  class KindOfValidator < ActiveModel::EachValidator
+    def validate_each(record, attribute, value)
+      environment = record.environment || Environment.default
+      klass = options[:kind]
+      group = klass.to_s.downcase.pluralize
+      id = attribute.to_s + "_id"
+      if environment.respond_to?(group)
+        attrb = value || environment.send(group).find_by_id(record.send(id))
+      else
+        attrb = value || klass.find_by_id(record.send(id))
+      end
+      if attrb.respond_to?(klass.to_s.downcase + "?")
+        unless attrb.send(klass.to_s.downcase + "?")
+          record.errors[attribute] << (options[:message] || "should be "+ klass.to_s.downcase)
+        end
+      else
+        unless attrb.class == klass
+          record.errors[attribute] << (options[:message] || "should be "+ klass.to_s.downcase)
+        end
+      end
+    end
+  end
+
+  def requestor_is_of_kind(klass, message = nil)
+    error_message = message ||= _('Task requestor must be '+klass.to_s.downcase)
+    group = klass.to_s.downcase.pluralize
+    if environment.respond_to?(group) and requestor_id
+      requestor = requestor ||= environment.send(klass.to_s.downcase.pluralize).find_by_id(requestor_id)
+    end
+    unless requestor.class == klass
+      errors.add(error_message)
+    end
+  end
+
+  def target_is_of_kind(klass, message = nil)
+    error_message = message ||= _('Task target must be '+klass.to_s.downcase)
+    group = klass.to_s.downcase.pluralize
+    if environment.respond_to?(group) and target_id
+      target = target ||= environment.send(klass.to_s.downcase.pluralize).find_by_id(target_id)
+    end
+    unless target.class == klass
+      errors.add(error_message)
+    end
+  end
+
   def close(status, closed_by)
     self.status = status
     self.end_date = Time.now
@@ -269,6 +314,19 @@ class Task &lt; ActiveRecord::Base
  
   include Spammable
  
+  #FIXME make this test
+  def display_to?(user = nil)
+    return true if self.target == user
+    return false if !self.target.kind_of?(Environment) && self.target.person?
+
+    if self.target.kind_of?(Environment)
+      user.is_admin?(self.target)
+    else
+      self.target.members.by_role(self.target.roles.reject {|r| !r.has_permission?('perform_task')}).include?(user)
+    end
+  end
+
+
   protected
  
   # This method must be overrided in subclasses, and its implementation must do
 require 'digest/sha1'
 require 'user_activation_job'
+require 'securerandom'
  
 # User models the system users, and is generated by the acts_as_authenticated
 # Rails generator.
@@ -41,6 +42,14 @@ class User &lt; ActiveRecord::Base
     alias_method_chain :human_attribute_name, :customization
   end
  
+  def self.build(user_data, person_data, environment)
+    user = User.new(user_data)
+    user.terms_of_use = environment.terms_of_use
+    user.environment = environment
+    user.person_data = person_data
+    user
+  end
+
   before_create do |user|
     if user.environment.nil?
       user.environment = Environment.default
@@ -116,6 +125,7 @@ class User &lt; ActiveRecord::Base
   validates_uniqueness_of   :login, :email, :case_sensitive => false, :scope => :environment_id
   before_save :encrypt_password
   before_save :normalize_email, if: proc{ |u| u.email.present? }
+  before_save :generate_private_token_if_not_exist
   validates_format_of :email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda {|user| !user.email.blank?})
  
   validates_inclusion_of :terms_accepted, :in => [ '1' ], :if => lambda { |u| ! u.terms_of_use.blank? }, :message => N_('{fn} must be checked in order to signup.').fix_i18n
@@ -131,13 +141,39 @@ class User &lt; ActiveRecord::Base
  
     u = self.has_login?(login, login, environment.id)
     u = u.first if u.is_a?(ActiveRecord::Relation)
-    u && u.authenticated?(password) ? u : nil
+
+    if u && u.authenticated?(password)
+      u.generate_private_token_if_not_exist
+      return u
+    end
+    return nil
   end
  
   def register_login
     self.update_attribute :last_login_at, Time.now
   end
  
+  def generate_private_token
+    self.private_token = SecureRandom.hex
+    self.private_token_generated_at = DateTime.now
+  end
+
+  def generate_private_token!
+    self.generate_private_token
+    save(:validate => false)
+  end
+
+  def generate_private_token_if_not_exist
+    unless self.private_token
+      self.generate_private_token
+    end
+  end
+
+  TOKEN_VALIDITY = 2.weeks
+  def private_token_expired?
+    self.private_token.nil? || (self.private_token_generated_at + TOKEN_VALIDITY < DateTime.now)
+  end
+
   # Activates the user in the database.
   def activate
     return false unless self.person
@@ -0,0 +1,20 @@
+<h1>EndPoints</h1>
+
+<div style="float: right">
+<%= s_('api-playground|Try the %s') % link_to('API Playground', '/api/playground') %>
+</div>
+
+<%= endpoints.map do |endpoint|
+  app = endpoint.options[:app].to_s
+  unless app.blank?
+    content_tag(:h2, app.split('::').last.to_s, title: app) +
+    (content_tag :ul do
+      endpoint.routes.map do |route|
+        content_tag :li do
+          content_tag(:strong, route.route_method) + ' ' +
+          route.route_path.gsub(':version', content_tag(:b, route.route_version))
+        end
+      end.join "\n"
+    end)
+  end
+end.join "\n" %>
@@ -0,0 +1,36 @@
+<h1>API Playground</h1>
+
+<script>
+var endpoints = <%=
+endpoints.map do |endpoint|
+  app = endpoint.options[:app].to_s
+  unless app.blank?
+    endpoint.routes.map do |route|
+      {
+        method: route.route_method,
+        path: route.route_path.gsub(':version', route.route_version).split('(').first
+      }
+    end
+  end
+end.flatten.compact.sort{|a,b|
+  a[:path]=='/api/v1/login' ? -1 :
+  b[:path]=='/api/v1/login' ?  1 :
+  a[:path] <=> b[:path]
+}.to_json %>;
+</script>
+
+<form id="api-form">
+  <label id="endpoint">Endpoint:
+    <select name="endpoint" onchange="playground.selEndpoint()"></select>
+  </label>
+  <label id="api-token">Token:
+    <%= tag :input, size: 32, placeholder: _('Use the login endpoint') %>
+  </label>
+</form>
+<div id="playground-ctrl">
+  <button onclick="playground.addFormParam()"><%=_('Add parameter')%></button>
+  <button onclick="playground.run()" style="font-weight:bold">&nbsp; <%=_('Run')%> &nbsp;</button>
+</div>
+<pre id="api-response" class="empty"></pre>
+
+<script src="/javascripts/api-playground.js"></script>
@@ -5,8 +5,6 @@
  
   <%= hidden_field_tag("type", @type) if @type %>
  
-  <%= hidden_field_tag('parent_id', @parent_id) if @parent_id %>
-
   <%= hidden_field_tag('back_to', @back_to) %>
  
   <%= hidden_field_tag('success_back_to', @success_back_to) %>
@@ -29,10 +29,10 @@
         <%= expirable_button @page, :locale, content, url %>
       <% end %>
  
-      <%= modal_button(:new, label_for_new_article(@page), profile.admin_url.merge(:controller => 'cms', :action => 'new', :parent_id => (@page.folder? ? @page : (@page.parent.nil? ? nil : @page.parent)))) unless remove_content_button(:new, @page) %>
+      <%= modal_button(:new, label_for_new_article(@page), profile.admin_url.merge(:controller => 'cms', :action => 'new', :parent_id => (@page.folder? ? @page : @page.parent))) unless remove_content_button(:new, @page) %>
  
       <% content = content_tag('span', label_for_clone_article(@page)) %>
-      <% url = profile.admin_url.merge({ :controller => 'cms', :action => 'new', :id => @page.id, :clone => true, :type => @page.class }) %>
+      <% url = profile.admin_url.merge({ :controller => 'cms', :action => 'new', :id => @page.id, :clone => true,  :parent_id => (@page.folder? ? @page : @page.parent), :type => @page.class}) %>
       <%= expirable_button @page, :clone, content, url %>
     <% end %>
  
@@ -0,0 +1,16 @@
+<div id="profile-members-sort-options">
+  <%= label_tag("sort-#{role}", _("Sort by:")) %>
+  <%= select_tag("sort-#{role}",
+    options_for_select([
+      [_("Name A-Z"), 'asc'],
+      [_("Name Z-A"), 'desc'],
+    ], :selected => params[:sort])
+  ) %>
+</div>
+<ul class="profile-list-<%= role %>" >
+  <% users.each do |u| %>
+    <%= profile_image_link(u) %>
+  <% end %>
+</ul>
+
+<%= pagination_links users, :param_name => 'npage' %>
 <div class="common-profile-list-block">
  
-<h1><%= _("%s's members") % profile.name %></h1>
+<h1><%= _("Members (%d)") % @profile_members.total_entries %></h1>
+<h2 class="community-name"><%= profile.name %></h2>
  
 <% cache_timeout(profile.members_cache_key(params), 4.hours) do %>
-  <ul class='profile-list'>
-    <% @members.each do |member| %>
-      <%= profile_image_link(member) %>
-    <% end %>
-  </ul>
+  <div class="profile-members-tabs-container">
+    <% tabs = [] %>
+
+    <% div_members = content_tag :div, :class => "profile-members" do
+      render :partial => 'profile_members_list',
+                            :locals => {
+                            :users => @profile_members,
+                            :role => "members"
+                            }
+    end %>
+
+    <% tabs << {:title =>  _("%d Members") % @profile_members.total_entries,
+                     :id => "members-tab",
+                     :content => div_members
+                     } %>
  
-  <div id='pagination-profiles'>
-    <%= pagination_links @members, :param_name => 'npage' %>
-  </div>
+    <% div_admins = content_tag :div, :class => "profile-admins" do
+      render :partial => 'profile_members_list',
+                            :locals => {
+                            :users => @profile_admins,
+                            :role => "admins"
+                            }
+    end %>
+
+    <% tabs << {:title => _("%d Administrators") % @profile_admins.total_entries,
+                            :id => "admins-tab",
+                            :content => div_admins
+                            } %>
+
+    <%= render_tabs(tabs) %>
+  </div><!-- end of class="profile-members-tabs-container" -->
 <% end %>
  
 <% button_bar do %>
@@ -26,4 +49,7 @@
   <% end %>
 <% end %>
  
-</div><!-- fim class="common-profile-list-block" -->
+<%= hidden_field_tag "profile_url", @profile_members_url %>
+</div><!-- end of class="common-profile-list-block" -->
+
+<%= javascript_include_tag "members_page.js" %>
@@ -18,6 +18,14 @@
  
   <%= @plugins.dispatch(:profile_info_extra_contents).collect { |content| instance_exec(&content) }.join("") %>
  
+  <div class="formfieldline">
+    <%= label_tag("private_token", _("Private Token")) %>
+    <div class="formfield type-text">
+      <%= text_field_tag("a", @profile.user.private_token, :size => 30) %>
+    </div>
+  </div>
+  <%= link_to("Reset token", {:controller => :profile_editor, :action => :reset_private_token, :id => @profile.id}, :class => "button with-text") %>
+
   <%= render :partial => 'person_form', :locals => {:f => f} %>
  
   <h2><%= _('Notification options') %></h2>
@@ -14,6 +14,5 @@
   <%= labelled_form_field(_('Highlight this article'), a.check_box(:highlighted)) %>
  
   <%= a.hidden_field(:type) %>
-
   <%= render :partial => 'shared/lead_and_body', :locals => {:tiny_mce => true, :f => a, :lead_id => task.id} %>
 <% end %>
 # This file is used by Rack-based servers to start the application.
  
 require ::File.expand_path('../config/environment',  __FILE__)
-run Noosfero::Application
+
+use Rack::Cors do
+  allow do
+    origins '*'
+    resource '/api/*', :headers => :any, :methods => [:get, :post]
+  end
+end
+
+rails_app = Rack::Builder.new do
+  if ENV['RAILS_RELATIVE_URL_ROOT']
+    map ENV['RAILS_RELATIVE_URL_ROOT'] do
+      run Noosfero::Application
+    end
+  else
+    run Noosfero::Application
+  end
+end
+
+run Rack::Cascade.new([
+  Noosfero::API::API,
+  rails_app
+])
 ActionDispatch::Reloader.to_prepare do
+  require_relative '../../app/models/session'
   ActiveRecord::SessionStore.session_class = Session
 end
  
@@ -11,7 +11,14 @@ development:
   max_upload_size: 5MB
   hours_until_user_activation_check: 72
   exclude_profile_identifier_pattern: index(\..*)?|home(\..*)?
+  api_recaptcha_site_key:      '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-'
+  api_recaptcha_private_key:   '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY'
+  api_recaptcha_verify_uri:    'https://www.google.com/recaptcha/api/siteverify'  
  
 test:
  
 production:
+  api_recaptcha_site_key:      '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i'
+  api_recaptcha_private_key:   '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-'
+  api_recaptcha_verify_uri:    'https://www.google.com/recaptcha/api/siteverify'
+  
 \ No newline at end of file
@@ -22,6 +22,7 @@ Noosfero::Application.routes.draw do
   root :to => 'home#index', :constraints => EnvironmentDomainConstraint.new
  
   match 'site(/:action)', :controller => 'home'
+  match 'api(/:action)', :controller => 'api'
  
   match 'images(/*stuff)' => 'not_found#nothing'
   match 'stylesheets(/*stuff)' => 'not_found#nothing'
@@ -1,13 +0,0 @@
----
-pid: tmp/pids/thin.pid
-address: 127.0.0.1
-user: noosfero
-timeout: 30
-port: 50000
-log: log/thin.log
-max_conns: 1024
-servers: 1
-max_persistent_conns: 512
-environment: production
-daemonize: true
-chdir: /usr/share/noosfero
@@ -0,0 +1,5 @@
+listen "127.0.0.1:3000"
+
+worker_processes 1
+
+# vim: ft=ruby
@@ -0,0 +1,11 @@
+class AddPrivateTokenInfoToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :private_token, :string
+    add_column :users, :private_token_generated_at, :datetime
+  end
+
+  def self.down
+    remove_column :users, :private_token
+    remove_column :users, :private_token_generated_at
+  end
+end
@@ -754,24 +754,26 @@ ActiveRecord::Schema.define(:version =&gt; 20150722042714) do
   create_table "users", :force => true do |t|
     t.string   "login"
     t.string   "email"
-    t.string   "crypted_password",          :limit => 40
-    t.string   "salt",                      :limit => 40
+    t.string   "crypted_password",           :limit => 40
+    t.string   "salt",                       :limit => 40
     t.datetime "created_at"
     t.datetime "updated_at"
     t.string   "remember_token"
     t.datetime "remember_token_expires_at"
     t.text     "terms_of_use"
-    t.string   "terms_accepted",            :limit => 1
+    t.string   "terms_accepted",             :limit => 1
     t.integer  "environment_id"
     t.string   "password_type"
-    t.boolean  "enable_email",                            :default => false
-    t.string   "last_chat_status",                        :default => ""
-    t.string   "chat_status",                             :default => ""
+    t.boolean  "enable_email",                             :default => false
+    t.string   "last_chat_status",                         :default => ""
+    t.string   "chat_status",                              :default => ""
     t.datetime "chat_status_at"
-    t.string   "activation_code",           :limit => 40
+    t.string   "activation_code",            :limit => 40
     t.datetime "activated_at"
     t.string   "return_to"
     t.datetime "last_login_at"
+    t.string   "private_token"
+    t.datetime "private_token_generated_at"
   end
  
   create_table "validation_infos", :force => true do |t|
@@ -1,8 +0,0 @@
-<Proxy balancer://noosfero>
-  Include /etc/noosfero/apache/cluster.conf
-  Order Allow,Deny
-  Allow from All
-</Proxy>
-
-# vim: ft=apache
-
@@ -15,7 +15,11 @@ RewriteRule ^/$ /index.html [QSA]
 RewriteRule ^([^.]+)$ $1.html [QSA]
  
 RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
-RewriteRule ^.*$ balancer://noosfero%{REQUEST_URI} [P,QSA,L]
+RewriteRule ^.*$ http://127.0.0.1:50000%{REQUEST_URI} [P,QSA,L]
+<Proxy http://127.0.0.1:50000>
+  Order Allow,Deny
+  Allow from All
+</Proxy>
  
 ErrorDocument 503 /503.html
  
+noosfero (1.3~0.0) UNRELEASED; urgency=medium
+
+  * Noosfero 1.3 ALPHA 0
+
+ -- Antonio Terceiro <terceiro@debian.org>  Wed, 09 Sep 2015 21:27:05 -0300
+
 noosfero (1.2) wheezy; urgency=low
  
   * Noosfero 1.2
@@ -49,12 +49,17 @@ Depends: adduser,
          ruby-feedparser,
          ruby-feedparser (>= 0.7-3~),
          ruby-gettext,
+         ruby-grape,
+         ruby-grape-entity,
+         ruby-grape-logging,
          ruby-memcache-client,
          ruby-minitest,
          ruby-nokogiri,
          ruby-pg,
          ruby-progressbar,
          ruby-rack (>= 1.4.5-2~),
+         ruby-rack-contrib,
+         ruby-rack-cors,
          ruby-rails-autolink,
          ruby-redcloth,
          ruby-rest-client,
@@ -65,7 +70,7 @@ Depends: adduser,
          ruby-whenever,
          ruby-will-paginate (>= 2.3.12-1~),
          tango-icon-theme,
-         thin,
+         unicorn (>= 4.8),
          ${misc:Depends}
 Recommends: postgresql, postgresql-client
 Description: free web-based platform for social networks
-debian/apache2/conf.d/noosfero-cluster.conf     etc/apache2/conf.d
 debian/apache2/virtualhost.conf                 etc/noosfero/apache
 debian/update-noosfero-apache                   usr/sbin
@@ -19,7 +19,7 @@ debian/noosfero-check-dbconfig    usr/sbin
 debian/noosfero-console           usr/sbin
 debian/noosfero-runner            usr/sbin
 debian/noosfero.yml               etc/noosfero
-debian/thin.yml                   etc/noosfero
+debian/unicorn.rb                 etc/noosfero
 doc                               usr/share/noosfero
 doc/noosfero                      usr/share/noosfero/doc
 etc/init.d/noosfero               etc/init.d
 var/tmp/noosfero                                    usr/share/noosfero/tmp
 var/log/noosfero                                    usr/share/noosfero/log
 etc/noosfero/database.yml                           usr/share/noosfero/config/database.yml
-etc/noosfero/thin.yml                               usr/share/noosfero/config/thin.yml
+etc/noosfero/unicorn.rb                             usr/share/noosfero/config/unicorn.rb
 etc/noosfero/plugins                                usr/share/noosfero/config/plugins
 etc/noosfero/noosfero.yml                           usr/share/noosfero/config/noosfero.yml
 etc/noosfero/local.rb                               usr/share/noosfero/config/local.rb
@@ -10,23 +10,23 @@ makedir() {
 }
  
  
-# migrate mongrel configuration to thin
-mongrel_config=/etc/noosfero/mongrel_cluster.yml
+# migrate thin configuration to unicorn
+unicorn_config=/etc/noosfero/unicorn.rb
 thin_config=/etc/noosfero/thin.yml
-mongrel_orig_sha1=602c642c03f79349969c08330112a6f29d4c32aa
-if [ -r $mongrel_config ]; then
-  mongrel_sha1=$(sha1sum $mongrel_config | awk '{print $1}')
-  if [ "$mongrel_sha1" != "$mongrel_orig_sha1" ]; then
-    port=$(awk '{ if ($1 == "port:") { print($2) } }' $mongrel_config)
-    servers=$(awk '{ if ($1 == "servers:") { print($2) } }' $mongrel_config)
+thin_orig_sha1=47cee6728a7896a13f4d66544086ab88b02e89a7
+if [ -r $thin_config ]; then
+  thin_sha1=$(sha1sum $thin_config | awk '{print $1}')
+  if [ "$thin_sha1" != "$thin_orig_sha1" ]; then
+    port=$(awk '{ if ($1 == "port:") { print($2) } }' $thin_config)
+    servers=$(awk '{ if ($1 == "servers:") { print($2) } }' $thin_config)
     if test -n "$port"  && test "$port" -ne 50000  || test -n "$servers" && test "$servers" -ne 1 ; then
-      # mongrel configuration was changed; update thin configuration
+      # thin configuration was changed; update unicorn configuration
       # accordingly
-      sed -i -e "s/port: .*/port: $port/" $thin_config
-      sed -i -e "s/servers: .*/servers: $servers/" $thin_config
+      sed -i -e "s/listen.*/listen '127.0.0.1:$port'/" $unicorn_config
+      sed -i -e "s/worker_processes.*/worker_processes $servers/" $unicorn_config
     fi
   fi
-  mv $mongrel_config $mongrel_config.bak
+  mv $thin_config $thin_config.bak
 fi
  
 # create user noosfero in a portable way, while creating the log directory.
@@ -1,13 +0,0 @@
---- 
-pid: tmp/pids/thin.pid
-address: 127.0.0.1
-user: noosfero
-timeout: 0
-port: 50000
-log: log/thin.log
-max_conns: 1024
-servers: 1
-max_persistent_conns: 512
-environment: production
-daemonize: true
-chdir: /usr/share/noosfero
@@ -0,0 +1,3 @@
+listen "127.0.0.1:50000"
+
+worker_processes `nproc`.to_i
@@ -2,20 +2,9 @@
  
 set -e
  
-# automatically update configuration, but if package noosfero is also installed
+# automatically update configuration, but only if package noosfero is also
+# installed
 if test -x /usr/share/noosfero/script/apacheconf; then
-  datadir="/etc/noosfero/apache"
-  mongrel_file="$datadir/mongrel.conf"
-  cluster_file="$datadir/cluster.conf"
-  if test -e "$cluster_file"; then
-    echo "Overwriting $cluster_file ..."
-  fi
-  /usr/share/noosfero/script/apacheconf thin > "$cluster_file"
-  if test -e "$mongrel_file"; then
-    echo "Moving existing $mongrel_file away ..."
-    mv "$mongrel_file" "$mongrel_file".bak
-    (cd $datadir && ln -sf cluster.conf mongrel.conf)
-  fi
  
   apache_site='/etc/apache2/sites-available/noosfero'
   if ! test -e "$apache_site"; then
@@ -10,7 +10,7 @@ config/session.secret
 config/noosfero.yml
 config/mongrel_cluster.yml
 config/plugins
-config/thin.yml
+config/unicorn.rb
 config/local.rb
 index
 locale
@@ -2,17 +2,21 @@ module AuthenticatedSystem
  
   protected
  
-    # See impl. from http://stackoverflow.com/a/2513456/670229
-    def self.included? base
-      base.around_filter do
+    def self.included base
+      # See impl. from http://stackoverflow.com/a/2513456/670229
+      base.around_filter do |&block|
         begin
           User.current = current_user
-          yield
+          block.call
         ensure
           # to address the thread variable leak issues in Puma/Thin webserver
           User.current = nil
         end
       end
+
+      # Inclusion hook to make #current_user and #logged_in?
+      # available as ActionView helper methods.
+      base.send :helper_method, :current_user, :logged_in?
     end
  
     # Returns true or false if the user is logged in.
@@ -134,12 +138,6 @@ module AuthenticatedSystem
       end
     end
  
-    # Inclusion hook to make #current_user and #logged_in?
-    # available as ActionView helper methods.
-    def self.included(base)
-      base.send :helper_method, :current_user, :logged_in?
-    end
-
     # When called with before_filter :login_from_cookie will check for an :auth_token
     # cookie and log the user back in if apropriate
     def login_from_cookie
@@ -0,0 +1,82 @@
+require 'grape'
+#require 'rack/contrib'
+
+Dir["#{Rails.root}/lib/noosfero/api/*.rb"].each {|file| require file unless file =~ /api\.rb/}
+module Noosfero
+  module API
+    class API < Grape::API
+      use Rack::JSONP
+
+      logger = Logger.new(File.join(Rails.root, 'log', "#{ENV['RAILS_ENV'] || 'production'}_api.log"))
+      logger.formatter = GrapeLogging::Formatters::Default.new
+      #use GrapeLogging::Middleware::RequestLogger, { logger: logger }
+
+      rescue_from :all do |e|
+        logger.error e
+      end
+
+      @@NOOSFERO_CONF = nil
+
+      def self.NOOSFERO_CONF
+        if @@NOOSFERO_CONF
+          @@NOOSFERO_CONF
+        else
+          file = Rails.root.join('config', 'noosfero.yml')
+          @@NOOSFERO_CONF = File.exists?(file) ? YAML.load_file(file)[Rails.env] || {} : {}
+        end
+      end
+
+      before { setup_multitenancy }
+      before { detect_stuff_by_domain }
+      before { filter_disabled_plugins_endpoints }
+      after { set_session_cookie }
+
+      version 'v1'
+      prefix "api"
+      format :json
+      content_type :txt, "text/plain"
+
+      helpers APIHelpers
+
+      mount V1::Articles
+      mount V1::Comments
+      mount V1::Communities
+      mount V1::People
+      mount V1::Enterprises
+      mount V1::Categories
+      mount V1::Tasks
+      mount Session
+
+      # hook point which allow plugins to add Grape::API extensions to API::API
+      #finds for plugins which has api mount points classes defined (the class should extends Grape::API)
+      @plugins = Noosfero::Plugin.all.map { |p| p.constantize }
+      @plugins.each do |klass|
+        if klass.public_methods.include? :api_mount_points
+          klass.api_mount_points.each do |mount_class|
+              mount mount_class if mount_class && ( mount_class < Grape::API )
+          end
+        end
+      end
+
+      def self.endpoint_unavailable?(endpoint, environment)
+        api_class = endpoint.options[:app] || endpoint.options[:for]
+        if api_class.present?
+          klass = api_class.name.deconstantize.constantize
+          return klass < Noosfero::Plugin && !environment.plugin_enabled?(klass)
+        end
+      end
+
+      class << self
+        def endpoints_with_plugins(environment = nil)
+          if environment.present?
+            cloned_endpoints = endpoints_without_plugins.dup
+            cloned_endpoints.delete_if { |endpoint| endpoint_unavailable?(endpoint, environment) }
+          else
+            endpoints_without_plugins
+          end
+        end
+        alias_method_chain :endpoints, :plugins
+      end
+    end
+  end
+end
@@ -0,0 +1,121 @@
+module Noosfero
+  module API
+    module Entities
+
+      Entity.format_with :timestamp do |date|
+        date.strftime('%Y/%m/%d %H:%M:%S') if date
+      end
+
+      class Image < Entity
+        root 'images', 'image'
+
+        expose  :url do |image, options|
+          image.public_filename
+        end
+
+        expose  :icon_url do |image, options|
+          image.public_filename(:icon)
+        end
+
+        expose  :minor_url do |image, options|
+          image.public_filename(:minor)
+        end
+
+        expose  :portrait_url do |image, options|
+          image.public_filename(:portrait)
+        end
+
+        expose  :thumb_url do |image, options|
+          image.public_filename(:thumb)
+        end
+      end
+
+      class Profile < Entity
+        expose :identifier, :name, :id
+        expose :created_at, :format_with => :timestamp
+        expose :updated_at, :format_with => :timestamp
+        expose :image, :using => Image
+      end
+
+      class User < Entity
+        expose :id
+        expose :login
+      end
+
+      class Person < Profile
+        root 'people', 'person'
+        expose :user, :using => User
+      end
+      class Enterprise < Profile
+        root 'enterprises', 'enterprise'
+      end
+      class Community < Profile
+        root 'communities', 'community'
+        expose :description
+        expose :categories
+        expose :members, :using => Person
+      end
+
+      class CategoryBase < Entity
+        root 'categories', 'category'
+        expose :name, :id
+      end
+
+      class Category < CategoryBase
+        root 'categories', 'category'
+        expose :slug
+        expose :full_name do |category, options|
+          category.full_name
+        end
+        expose :parent, :using => CategoryBase, if: { parent: true }
+        expose :children, :using => CategoryBase, if: { children: true }
+        expose :image, :using => Image
+      end
+
+      class ArticleBase < Entity
+        root 'articles', 'article'
+        expose :id
+        expose :body
+        expose :abstract
+        expose :created_at, :format_with => :timestamp
+        expose :updated_at, :format_with => :timestamp
+        expose :title, :documentation => {:type => "String", :desc => "Title of the article"}
+        expose :created_by, :as => :author, :using => Profile
+        expose :profile, :using => Profile
+        expose :categories, :using => Category
+        expose :image, :using => Image
+        #TODO Apply vote stuff in core and make this test
+        expose :votes_for
+        expose :votes_against
+        expose :setting
+        expose :position
+        expose :hits
+        expose :path
+      end
+
+      class Article < ArticleBase
+        root 'articles', 'article'
+        expose :parent, :using => ArticleBase
+        expose :children, :using => ArticleBase
+      end
+
+      class Comment < Entity
+        root 'comments', 'comment'
+        expose :body, :title, :id
+        expose :created_at, :format_with => :timestamp
+        expose :author, :using => Profile
+      end
+
+      class UserLogin < User
+        expose :private_token
+      end
+
+      class Task < Entity
+        root 'tasks', 'task'
+        expose :id
+        expose :type
+      end
+
+    end
+  end
+end
@@ -0,0 +1,39 @@
+class Noosfero::API::Entity < Grape::Entity
+
+  def initialize(object, options = {})
+    object = nil if object.is_a? Exception
+    super object, options
+  end
+
+  def self.represent(objects, options = {})
+    if options[:has_exception]
+      data = super objects, options.merge(is_inner_data: true)
+      if objects.is_a? Exception
+        data.merge ok: false, error: {
+          type: objects.class.name,
+          message: objects.message
+        }
+      else
+        data = data.serializable_hash if data.is_a? Noosfero::API::Entity
+        data.merge ok: true, error: { type: 'Success', message: '' }
+      end
+    else
+      super objects, options
+    end
+  end
+
+  def self.fields_condition(fields)
+    lambda do |object, options|
+      return true if options[:fields].blank?
+      fields.map { |field| options[:fields].include?(field.to_s)}.grep(true).present?
+    end
+  end
+
+  def self.expose(*args, &block)
+    hash = args.last.is_a?(Hash) ? args.pop : {}
+    hash.merge!({:if => fields_condition(args)}) if hash[:if].blank?
+    args << hash
+    super
+  end
+
+end
@@ -0,0 +1,314 @@
+module Noosfero
+  module API
+    module APIHelpers
+      PRIVATE_TOKEN_PARAM = :private_token
+      DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type]
+
+      def current_user
+        private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
+        @current_user ||= User.find_by_private_token(private_token)
+        @current_user = nil if !@current_user.nil? && @current_user.private_token_expired?
+        @current_user
+      end
+
+      def current_person
+        current_user.person unless current_user.nil?
+      end
+
+      def logout
+        @current_user = nil
+      end
+
+      def environment
+        @environment
+      end
+
+      def limit
+        limit = params[:limit].to_i
+        limit = default_limit if limit <= 0
+        limit
+      end
+
+      def period(from_date, until_date)
+        return nil if from_date.nil? && until_date.nil?
+
+        begin_period = from_date.nil? ? Time.at(0).to_datetime : from_date
+        end_period = until_date.nil? ? DateTime.now : until_date
+
+        begin_period..end_period
+      end
+
+      def parse_content_type(content_type)
+        return nil if content_type.blank?
+        content_type.split(',').map do |content_type|
+          content_type.camelcase
+        end
+      end
+
+      ARTICLE_TYPES = ['Article'] + Article.descendants.map{|a| a.to_s}
+      TASK_TYPES = ['Task'] + Task.descendants.map{|a| a.to_s}
+
+      def find_article(articles, id)
+        article = articles.find(id)
+        article.display_to?(current_user.person) ? article : forbidden!
+      end
+
+      def post_article(asset, params)
+        return forbidden! unless current_person.can_post_content?(asset)
+
+        klass_type= params[:content_type].nil? ? 'TinyMceArticle' : params[:content_type]
+        return forbidden! unless ARTICLE_TYPES.include?(klass_type)
+
+        article = klass_type.constantize.new(params[:article])
+        article.last_changed_by = current_person
+        article.created_by= current_person
+        article.profile = asset
+
+        if !article.save
+          render_api_errors!(article.errors.full_messages)
+        end
+        present article, :with => Entities::Article, :fields => params[:fields]
+      end
+
+      def present_article(asset)
+        article = find_article(asset.articles, params[:id])
+        present article, :with => Entities::Article, :fields => params[:fields]
+      end
+
+      def present_articles(asset)
+        articles = select_filtered_collection_of(asset, 'articles', params)
+        articles = articles.display_filter(current_person, nil)
+        present articles, :with => Entities::Article, :fields => params[:fields]
+      end
+
+      def find_task(asset, id)
+        task = asset.tasks.find(id)
+        current_person.has_permission?(task.permission, asset) ? task : forbidden!
+      end
+
+      def post_task(asset, params)
+        klass_type= params[:content_type].nil? ? 'Task' : params[:content_type]
+        return forbidden! unless TASK_TYPES.include?(klass_type)
+
+        task = klass_type.constantize.new(params[:task])
+        task.requestor_id = current_person.id
+        task.target_id = asset.id
+        task.target_type = 'Profile'
+
+        if !task.save
+          render_api_errors!(task.errors.full_messages)
+        end
+        present task, :with => Entities::Task, :fields => params[:fields]
+      end
+
+      def present_task(asset)
+        task = find_task(asset, params[:id])
+        present task, :with => Entities::Task, :fields => params[:fields]
+      end
+
+      def present_tasks(asset)
+        tasks = select_filtered_collection_of(asset, 'tasks', params)
+        tasks = tasks.select {|t| current_person.has_permission?(t.permission, asset)}
+        return forbidden! if tasks.empty? && !current_person.has_permission?(:perform_task, asset)
+        present tasks, :with => Entities::Task, :fields => params[:fields]
+      end
+
+      def make_conditions_with_parameter(params = {})
+        parsed_params = parser_params(params)
+        conditions = {}
+        from_date = DateTime.parse(parsed_params.delete(:from)) if parsed_params[:from]
+        until_date = DateTime.parse(parsed_params.delete(:until)) if parsed_params[:until]
+
+        conditions[:type] = parse_content_type(parsed_params.delete(:content_type)) unless parsed_params[:content_type].nil?
+
+        conditions[:created_at] = period(from_date, until_date) if from_date || until_date
+        conditions.merge!(parsed_params)
+
+        conditions
+      end
+
+      def make_order_with_parameters(params)
+        params[:order] || "created_at DESC"
+      end
+
+      def make_page_number_with_parameters(params)
+        params[:page] || 1
+      end
+
+      def make_per_page_with_parameters(params)
+        params[:per_page] ||= limit
+        params[:per_page].to_i
+      end
+
+      def make_timestamp_with_parameters_and_method(params, method)
+        timestamp = nil
+        if params[:timestamp]
+          datetime = DateTime.parse(params[:timestamp])
+          table_name = method.to_s.singularize.camelize.constantize.table_name
+          timestamp = "#{table_name}.updated_at >= '#{datetime}'"
+        end
+
+        timestamp
+      end
+
+      def by_reference(scope, params)
+        if params[:reference_id]
+          created_at = scope.find(params[:reference_id]).created_at
+          scope.send("#{params.key?(:oldest) ? 'older_than' : 'younger_than'}", created_at)
+        else
+          scope
+        end
+      end
+
+      def select_filtered_collection_of(object, method, params)
+        conditions = make_conditions_with_parameter(params)
+        order = make_order_with_parameters(params)
+        page_number = make_page_number_with_parameters(params)
+        per_page = make_per_page_with_parameters(params)
+        timestamp = make_timestamp_with_parameters_and_method(params, method)
+
+        objects = object.send(method)
+        objects = by_reference(objects, params)
+
+        objects = objects.where(conditions).where(timestamp).page(page_number).per_page(per_page).order(order)
+
+        objects
+      end
+
+      def authenticate!
+        unauthorized! unless current_user
+      end
+
+      # Checks the occurrences of uniqueness of attributes, each attribute must be present in the params hash
+      # or a Bad Request error is invoked.
+      #
+      # Parameters:
+      #   keys (unique) - A hash consisting of keys that must be unique
+      def unique_attributes!(obj, keys)
+        keys.each do |key|
+          cant_be_saved_request!(key) if obj.send("find_by_#{key.to_s}", params[key])
+        end
+      end
+
+      def attributes_for_keys(keys)
+        attrs = {}
+        keys.each do |key|
+          attrs[key] = params[key] if params[key].present? or (params.has_key?(key) and params[key] == false)
+        end
+        attrs
+      end
+
+      def verify_recaptcha_v2(remote_ip, g_recaptcha_response, private_key, api_recaptcha_verify_uri)
+        verify_hash = {
+          "secret"    => private_key,
+          "remoteip"  => remote_ip,
+          "response"  => g_recaptcha_response
+        }
+        uri = URI(api_recaptcha_verify_uri)
+        https = Net::HTTP.new(uri.host, uri.port)
+        https.use_ssl = true
+        request = Net::HTTP::Post.new(uri.path)
+        request.set_form_data(verify_hash)
+        JSON.parse(https.request(request).body)
+      end
+
+      ##########################################
+      #              error helpers             #
+      ##########################################
+
+      def not_found!
+        render_api_error!('404 Not found', 404)
+      end
+
+      def forbidden!
+        render_api_error!('403 Forbidden', 403)
+      end
+
+      def cant_be_saved_request!(attribute)
+        message = _("(Invalid request) #{attribute} can't be saved")
+        render_api_error!(message, 400)
+      end
+
+      def bad_request!(attribute)
+        message = _("(Bad request) #{attribute} not given")
+        render_api_error!(message, 400)
+      end
+
+      def something_wrong!
+        message = _("Something wrong happened")
+        render_api_error!(message, 400)
+      end
+
+      def unauthorized!
+        render_api_error!(_('Unauthorized'), 401)
+      end
+
+      def not_allowed!
+        render_api_error!(_('Method Not Allowed'), 405)
+      end
+
+      def render_api_error!(message, status)
+        error!({'message' => message, :code => status}, status)
+      end
+
+      def render_api_errors!(messages)
+        render_api_error!(messages.join(','), 400)
+      end
+      protected
+
+      def set_session_cookie
+        cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
+      end
+
+      def setup_multitenancy
+        Noosfero::MultiTenancy.setup!(request.host)
+      end
+
+      def detect_stuff_by_domain
+        @domain = Domain.find_by_name(request.host)
+        if @domain.nil?
+          @environment = Environment.default
+          if @environment.nil? && Rails.env.development?
+            # This should only happen in development ...
+            @environment = Environment.create!(:name => "Noosfero", :is_default => true)
+          end
+        else
+          @environment = @domain.environment
+        end
+      end
+
+      def filter_disabled_plugins_endpoints
+        not_found! if Noosfero::API::API.endpoint_unavailable?(self, !@environment)
+      end
+
+      private
+
+      def parser_params(params)
+        parsed_params = {}
+        params.map do |k,v|
+          parsed_params[k.to_sym] = v if DEFAULT_ALLOWED_PARAMETERS.include?(k.to_sym)
+        end
+        parsed_params
+      end
+
+      def default_limit
+        20
+      end
+
+      def parse_content_type(content_type)
+        return nil if content_type.blank?
+        content_type.split(',').map do |content_type|
+          content_type.camelcase
+        end
+      end
+
+      def period(from_date, until_date)
+        begin_period = from_date.nil? ? Time.at(0).to_datetime : from_date
+        end_period = until_date.nil? ? DateTime.now : until_date
+
+        begin_period..end_period
+      end
+
+    end
+  end
+end
@@ -0,0 +1,61 @@
+require "uri"
+
+module Noosfero
+  module API
+
+    class Session < Grape::API
+
+      # Login to get token
+      #
+      # Parameters:
+      #   login (*required) - user login or email
+      #   password (required) - user password
+      #
+      # Example Request:
+      #  POST http://localhost:3000/api/v1/login?login=adminuser&password=admin
+      post "/login" do
+        user ||= User.authenticate(params[:login], params[:password], environment)
+
+        return unauthorized! unless user
+        @current_user = user
+        present user, :with => Entities::UserLogin
+      end
+
+      # Create user.
+      #
+      # Parameters:
+      #   email (required)                  - Email
+      #   password (required)               - Password
+      #   login                             - login
+      # Example Request:
+      #   POST /register?email=some@mail.com&password=pas&login=some
+      params do
+        requires :email, type: String, desc: _("Email")
+        requires :login, type: String, desc: _("Login")
+        requires :password, type: String, desc: _("Password")
+      end
+      post "/register" do
+        unique_attributes! User, [:email, :login]
+        attrs = attributes_for_keys [:email, :login, :password]
+        attrs[:password_confirmation] = attrs[:password]
+
+        #Commented for stress tests
+
+        # remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
+        # private_key = API.NOOSFERO_CONF['api_recaptcha_private_key']
+        # api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_verify_uri']
+        # captcha_result = verify_recaptcha_v2(remote_ip, params['g-recaptcha-response'], private_key, api_recaptcha_verify_uri)
+        user = User.new(attrs)
+#        if captcha_result["success"] and user.save
+        if user.save
+          user.activate
+          user.generate_private_token!
+          present user, :with => Entities::UserLogin
+        else
+          message = user.errors.to_json
+          render_api_error!(message, 400)
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,121 @@
+module Noosfero
+  module API
+    module V1
+      class Articles < Grape::API
+        before { authenticate! }
+
+        ARTICLE_TYPES = Article.descendants.map{|a| a.to_s}
+
+        resource :articles do
+
+          # Collect articles
+          #
+          # Parameters:
+          #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
+          #   oldest           - Collect the oldest articles. If nothing is passed the newest articles are collected
+          #   limit            - amount of articles returned. The default value is 20
+          #
+          # Example Request:
+          #  GET host/api/v1/articles?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317
+          get do
+            present_articles(environment)
+          end
+
+          desc "Return the article id"
+          get ':id' do
+            present_article(environment)
+          end
+
+          get ':id/children' do
+            article = find_article(environment.articles, params[:id])
+
+            #TODO make tests for this situation
+            votes_order = params.delete(:order) if params[:order]=='votes_score'
+            articles = select_filtered_collection_of(article, 'children', params)
+            articles = articles.display_filter(current_person, nil)
+
+
+            #TODO make tests for this situation
+            if votes_order
+              articles = articles.joins('left join votes on articles.id=votes.voteable_id').group('articles.id').reorder('sum(coalesce(votes.vote, 0)) DESC')
+            end
+
+            Article.hit(articles)
+            present articles, :with => Entities::Article, :fields => params[:fields]
+          end
+
+          get ':id/children/:child_id' do
+            article = find_article(environment.articles, params[:id])
+            present find_article(article.children, params[:child_id]), :with => Entities::Article, :fields => params[:fields]
+          end
+
+          post ':id/children/suggest' do
+            parent_article = environment.articles.find(params[:id])
+
+            suggest_article = SuggestArticle.new
+            suggest_article.article = params[:article]
+            suggest_article.article[:parent_id] = parent_article.id
+            suggest_article.target = parent_article.profile
+            suggest_article.requestor = current_person
+
+            unless suggest_article.save
+              render_api_errors!(suggest_article.article_object.errors.full_messages)
+            end
+            present suggest_article, :with => Entities::Task, :fields => params[:fields]
+          end
+
+          # Example Request:
+          #  POST api/v1/articles/:id/children?private_token=234298743290432&article[name]=title&article[body]=body
+          post ':id/children' do
+
+            parent_article = environment.articles.find(params[:id])
+            return forbidden! unless parent_article.allow_create?(current_person)
+
+            klass_type= params[:content_type].nil? ? 'TinyMceArticle' : params[:content_type]
+            #FIXME see how to check the article types
+            #return forbidden! unless ARTICLE_TYPES.include?(klass_type)
+
+            article = klass_type.constantize.new(params[:article])
+            article.parent = parent_article
+            article.last_changed_by = current_person
+            article.created_by= current_person
+            article.author= current_person
+            article.profile = parent_article.profile
+
+            if !article.save
+              render_api_errors!(article.errors.full_messages)
+            end
+            present article, :with => Entities::Article, :fields => params[:fields]
+          end
+
+        end
+
+        kinds = %w[community person enterprise]
+        kinds.each do |kind|
+          resource kind.pluralize.to_sym do
+            segment "/:#{kind}_id" do
+              resource :articles do
+                get do
+                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                  present_articles(profile)
+                end
+
+                get ':id' do
+                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                  present_article(profile)
+                end
+
+                # Example Request:
+                #  POST api/v1/{people,communities,enterprises}/:asset_id/articles?private_token=234298743290432&article[name]=title&article[body]=body
+                post do
+                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                  post_article(profile, params)
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,28 @@
+module Noosfero
+  module API
+    module V1
+      class Categories < Grape::API
+        before { authenticate! }
+
+        resource :categories do
+
+          get do
+            type = params[:category_type]
+            include_parent = params[:include_parent] == 'true'
+            include_children = params[:include_children] == 'true'
+
+            categories = type.nil? ?  environment.categories : environment.categories.where(:type => type)
+            present categories, :with => Entities::Category, parent: include_parent, children: include_children
+          end
+
+          desc "Return the category by id"
+          get ':id' do
+            present environment.categories.find(params[:id]), :with => Entities::Category, parent: true, children: true
+          end
+
+        end
+
+      end
+    end
+  end
+end
@@ -0,0 +1,41 @@
+module Noosfero
+  module API
+    module V1
+      class Comments < Grape::API
+        before { authenticate! }
+
+        resource :articles do
+          # Collect comments from articles
+          #
+          # Parameters:
+          #   reference_id     - comment id used as reference to collect comment
+          #   oldest           - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
+          #   limit            - amount of comments returned. The default value is 20
+          #
+          # Example Request:
+          #  GET /articles/12/comments?oldest&limit=10&reference_id=23
+          get ":id/comments" do
+            article = find_article(environment.articles, params[:id])
+            comments = select_filtered_collection_of(article, :comments, params)
+
+            present comments, :with => Entities::Comment
+          end
+
+          get ":id/comments/:comment_id" do
+            article = find_article(environment.articles, params[:id])
+            present article.comments.find(params[:comment_id]), :with => Entities::Comment
+          end
+
+          # Example Request:
+          #  POST api/v1/articles/12/comments?private_token=2298743290432&body=new comment&title=New
+          post ":id/comments" do
+            article = find_article(environment.articles, params[:id])
+            options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person)
+            present article.comments.create(options), :with => Entities::Comment
+          end
+        end
+
+      end
+    end
+  end
+end
@@ -0,0 +1,73 @@
+module Noosfero
+  module API
+    module V1
+      class Communities < Grape::API
+        before { authenticate! }
+
+        resource :communities do
+
+          # Collect comments from articles
+          #
+          # Parameters:
+          #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
+          #   oldest           - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
+          #   limit            - amount of comments returned. The default value is 20
+          #
+          # Example Request:
+          #  GET /communities?from=2013-04-04-14:41:43&until=2014-04-04-14:41:43&limit=10
+          #  GET /communities?reference_id=10&limit=10&oldest
+          get do
+            communities = select_filtered_collection_of(environment, 'communities', params)
+            communities = communities.visible_for_person(current_person)
+            communities = communities.by_location(params) # Must be the last. May return Exception obj.
+            present communities, :with => Entities::Community
+          end
+
+
+          # Example Request:
+          #  POST api/v1/communties?private_token=234298743290432&community[name]=some_name
+          post do
+            params[:community] ||= {}
+            begin
+              community = Community.create_after_moderation(current_person, params[:community].merge({:environment => environment}))
+            rescue
+              community = Community.new(params[:community])
+            end
+
+            if !community.save
+              render_api_errors!(community.errors.full_messages)
+            end
+
+            present community, :with => Entities::Community
+          end
+
+          get ':id' do
+            community = environment.communities.visible_for_person(current_person).find_by_id(params[:id])
+            present community, :with => Entities::Community
+          end
+
+        end
+
+        resource :people do
+
+          segment '/:person_id' do
+
+            resource :communities do
+
+              get do
+                person = environment.people.find(params[:person_id])
+                communities = select_filtered_collection_of(person, 'communities', params)
+                communities = communities.visible
+                present communities, :with => Entities::Community
+              end
+
+            end
+
+          end
+
+        end
+
+      end
+    end
+  end
+end
@@ -0,0 +1,58 @@
+module Noosfero
+  module API
+    module V1
+      class Enterprises < Grape::API
+        before { authenticate! }
+
+        resource :enterprises do
+
+          # Collect enterprises from environment
+          #
+          # Parameters:
+          #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
+          #   oldest           - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
+          #   limit            - amount of comments returned. The default value is 20
+          #   georef params    - read `Profile.by_location` for more information.
+          #
+          # Example Request:
+          #  GET /enterprises?from=2013-04-04-14:41:43&until=2014-04-04-14:41:43&limit=10
+          #  GET /enterprises?reference_id=10&limit=10&oldest
+          get do
+            enterprises = select_filtered_collection_of(environment, 'enterprises', params)
+            enterprises = enterprises.visible_for_person(current_person)
+            enterprises = enterprises.by_location(params) # Must be the last. May return Exception obj.
+            present enterprises, :with => Entities::Enterprise
+          end
+
+          desc "Return one enterprise by id"
+          get ':id' do
+            enterprise = environment.enterprises.visible_for_person(current_person).find_by_id(params[:id])
+            present enterprise, :with => Entities::Enterprise
+          end
+
+        end
+
+        resource :people do
+
+          segment '/:person_id' do
+
+            resource :enterprises do
+
+              get do
+                person = environment.people.find(params[:person_id])
+                enterprises = select_filtered_collection_of(person, 'enterprises', params)
+                enterprises = enterprises.visible.by_location(params)
+                present enterprises, :with => Entities::Enterprise
+              end
+
+            end
+
+          end
+
+        end
+
+
+      end
+    end
+  end
+end
@@ -0,0 +1,96 @@
+module Noosfero
+  module API
+    module V1
+      class People < Grape::API
+        before { authenticate! }
+
+        desc 'API Root'
+
+        resource :people do
+
+          # -- A note about privacy --
+          # We wold find people by location, but we must test if the related
+          # fields are public. We can't do it now, with SQL, while the location
+          # data and the fields_privacy are a serialized settings.
+          # We must build a new table for profile data, where we can set meta-data
+          # like:
+          # | id | profile_id | key  | value    | privacy_level | source    |
+          # |  1 |         99 | city | Salvador | friends       | user      |
+          # |  2 |         99 | lng  |  -38.521 | me only       | automatic |
+
+          # Collect people from environment
+          #
+          # Parameters:
+          #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
+          #   oldest           - Collect the oldest comments from reference_id comment. If nothing is passed the newest comments are collected
+          #   limit            - amount of comments returned. The default value is 20
+          #
+          # Example Request:
+          #  GET /people?from=2013-04-04-14:41:43&until=2014-04-04-14:41:43&limit=10
+          #  GET /people?reference_id=10&limit=10&oldest
+
+          desc "Find environment's people"
+          get do
+            people = select_filtered_collection_of(environment, 'people', params)
+            people = people.visible_for_person(current_person)
+            present people, :with => Entities::Person
+          end
+
+          desc "Return the logged user information"
+          get "/me" do
+            present current_person, :with => Entities::Person
+          end
+
+          desc "Return the person information"
+          get ':id' do
+            person = environment.people.visible_for_person(current_person).find_by_id(params[:id])
+            return not_found! if person.blank?
+            present person, :with => Entities::Person
+          end
+
+          # Example Request:
+          #  POST api/v1/people?person[login]=some_login&person[password]=some_password&person[name]=Jack
+          desc "Create person"
+          post do
+            user_data = {}
+            user_data[:login] = params[:person].delete(:login) || params[:person][:identifier]
+            user_data[:email] = params[:person].delete(:email)
+            user_data[:password] = params[:person].delete(:password)
+            user_data[:password_confirmation] = params[:person].delete(:password_confirmation)
+            user = User.build(user_data, params[:person], environment)
+            begin
+              user.signup!
+            rescue ActiveRecord::RecordInvalid
+              render_api_errors!(user.errors.full_messages)
+            end
+
+            present user.person, :with => Entities::Person
+          end
+
+          desc "Return the person friends"
+          get ':id/friends' do
+            person = environment.people.visible_for_person(current_person).find_by_id(params[:id])
+            return not_found! if person.blank?
+            friends = person.friends.visible
+            present friends, :with => Entities::Person
+          end
+
+          desc "Return the person permissions on other profiles"
+          get ":id/permissions" do
+            person = environment.people.find(params[:id])
+            return not_found! if person.blank?
+            return forbidden! unless current_person == person || environment.admins.include?(current_person)
+
+            output = {}
+            person.role_assignments.map do |role_assigment|
+              if role_assigment.resource.respond_to?(:identifier)
+                output[role_assigment.resource.identifier] = role_assigment.role.permissions
+              end
+            end
+            present output
+          end
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,59 @@
+module Noosfero
+  module API
+    module V1
+      class Tasks < Grape::API
+#        before { authenticate! }
+
+#        ARTICLE_TYPES = Article.descendants.map{|a| a.to_s}
+
+        resource :tasks do
+
+          # Collect tasks
+          #
+          # Parameters:
+          #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
+          #   oldest           - Collect the oldest articles. If nothing is passed the newest articles are collected
+          #   limit            - amount of articles returned. The default value is 20
+          #
+          # Example Request:
+          #  GET host/api/v1/tasks?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317
+          get do
+            tasks = select_filtered_collection_of(environment, 'tasks', params)
+            tasks = tasks.select {|t| current_person.has_permission?(t.permission, environment)}
+            present tasks, :with => Entities::Task, :fields => params[:fields]
+          end
+
+          desc "Return the task id"
+          get ':id' do
+            task = find_task(environment, params[:id])
+            present task, :with => Entities::Task, :fields => params[:fields]
+          end
+        end
+
+        kinds = %w[community person enterprise]
+        kinds.each do |kind|
+          resource kind.pluralize.to_sym do
+            segment "/:#{kind}_id" do
+              resource :tasks do
+                get do
+                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                  present_tasks(profile)
+                end
+
+                get ':id' do
+                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                  present_task(profile)
+                end
+
+                post do
+                  profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
+                  post_task(profile, params)
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end
 module Noosfero::GeoRef
  
-  KM_LAT = 111.2 # aproximate distance in km for 1 degree latitude
-  KM_LNG = 85.3 # aproximate distance in km for 1 degree longitude
+  # May replace this module by http://www.postgresql.org/docs/9.3/static/earthdistance.html
+
+  EARTH_RADIUS = 6378 # aproximate in km
+
+  class << self
+
+    def dist(lat1, lng1, lat2, lng2)
+      def deg2rad(d); (d*Math::PI)/180; end
+      def c(n); Math.cos(n); end
+      def s(n); Math.sin(n); end
+      lat1 = deg2rad lat1
+      lat2 = deg2rad lat2
+      dlng = deg2rad(lng2) - deg2rad(lng1)
+      EARTH_RADIUS * Math.atan2(
+        Math.sqrt(
+          ( c(lat2) * s(dlng) )**2 +
+          ( c(lat1) * s(lat2) - s(lat1) * c(lat2) * c(dlng) )**2
+        ),
+        s(lat1) * s(lat2) + c(lat1) * c(lat2) * c(dlng)
+      )
+    end
+
+    # Write a SQL expression to return the distance from a profile to a
+    # reference point, in kilometers.
+    # http://www.plumislandmedia.net/mysql/vicenty-great-circle-distance-formula
+    def sql_dist(ref_lat, ref_lng)
+      "2*PI()*#{EARTH_RADIUS}*(
+        DEGREES(
+          ATAN2(
+            SQRT(
+              POW(COS(RADIANS(#{ref_lat}))*SIN(RADIANS(#{ref_lng}-lng)),2) +
+              POW(
+                COS(RADIANS(lat)) * SIN(RADIANS(#{ref_lat})) - (
+                  SIN(RADIANS(lat)) * COS(RADIANS(#{ref_lat})) * COS(RADIANS(#{ref_lng}-lng))
+                ), 2
+              )
+            ),
+            SIN(RADIANS(lat)) * SIN(RADIANS(#{ref_lat})) +
+            COS(RADIANS(lat)) * COS(RADIANS(#{ref_lat})) * COS(RADIANS(#{ref_lng}-lng))
+          )
+        )/360
+      )"
+    end
+
+    # Asks Google for the georef of a location.
+    def location_to_georef(location)
+      key = location.downcase
+      ll = Rails.cache.read key
+      return ll + [:CACHE] if ll.kind_of? Array
+      resp = RestClient.get 'https://maps.googleapis.com/maps/api/geocode/json?' +
+                            'sensor=false&address=' + url_encode(location)
+      if resp.nil? || resp.code.to_i != 200
+        if ENV['RAILS_ENV'] == 'test'
+          print " Google Maps API fail (code #{resp ? resp.code : :nil}) "
+        else
+          Rails.logger.warn "Google Maps API request information for " +
+                            "\"#{location}\" fail. (code #{resp ? resp.code : :nil})"
+        end
+        return [ 0, 0, "HTTP_FAIL_#{resp.code}".to_sym ] # do not cache failed response
+      else
+        json = JSON.parse resp.body
+        if json && (r=json['results']) && (r=r[0]) && (r=r['geometry']) &&
+           (r=r['location']) && r['lat']
+          ll = [ r['lat'], r['lng'], :SUCCESS ]
+        else
+          status = json['status'] || 'Undefined Error'
+          message = "Google Maps API cant find \"#{location}\" (#{status})"
+          if ENV['RAILS_ENV'] == 'test'
+            print " #{message} "
+          else
+            Rails.logger.warn message
+          end
+          ll = [ 0, 0, status.to_sym ]
+        end
+        Rails.cache.write key, ll
+      end
+      ll
+    end
+
+  end
  
 end
@@ -171,7 +171,6 @@ class Noosfero::Plugin
     def all
       @all ||= available_plugins.map{ |dir| (File.basename(dir) + "_plugin").camelize }
     end
-
   end
  
   def expanded_template(file_path, locals = {})
@@ -241,6 +240,16 @@ class Noosfero::Plugin
     nil
   end
  
+  # -> Customize the way comments are counted for Profiles and Environment
+  # considering more than just articles comments
+  # Used on statistic block
+  # Ex: a plugin may want that Communities receive comments themselves
+  # as evaluations
+  # returns = the number of comments to be sum on the statistics
+  def more_comments_count owner
+    nil
+  end
+
   # -> Adds tabs to the profile
   # returns   = { :title => title, :id => id, :content => content, :start => start }
   #   title   = name that will be displayed.
@@ -54,6 +54,11 @@ class Noosfero::Plugin
       File.exists?(File.join(root_path, 'controllers', "#{self.identifier}_admin_controller.rb"))
     end
  
+    # -> define grape class used to map resource api provided by the plugin
+    def api_mount_points
+      []
+    end
+
     def controllers
       @controllers ||= Dir.glob("#{self.root_path}/controllers/*/*").map do |controller_file|
         next unless controller_file =~ /_controller.rb$/
@@ -0,0 +1,20 @@
+# our defaults
+listen "0.0.0.0:3000"
+pid 'tmp/pids/unicorn.pid'
+
+preload_app true
+GC.respond_to?(:copy_on_write_friendly=) and
+  GC.copy_on_write_friendly = true
+
+before_fork do |server, worker|
+  ActiveRecord::Base.connection.disconnect! if defined?(ActiveRecord::Base)
+end
+
+after_fork do |server, worker|
+  ActiveRecord::Base.establish_connection if defined?(ActiveRecord::Base)
+end
+
+# load local configuration file, if it exists
+config = File.join(File.dirname(__FILE__), '../../config/unicorn.rb')
+instance_eval(File.read(config), config) if File.exists?(config)
+
 module Noosfero
   PROJECT = 'noosfero'
-  VERSION = '1.2'
+  VERSION = '1.3~0.0'
 end
  
 root = File.expand_path(File.dirname(__FILE__) + '/../..')
@@ -0,0 +1,21 @@
+module TimeScopes
+  def self.included(recipient)
+    recipient.extend(ClassMethods)
+  end
+
+  module ClassMethods
+    def self.extended (base)
+      if base.respond_to?(:scope) && base.attribute_names.include?('created_at')
+        base.class_eval do
+          scope :younger_than, lambda { |created_at|
+            {:conditions => ["#{table_name}.created_at > ?", created_at]}
+          }
+
+          scope :older_than, lambda { |created_at|
+            {:conditions => ["#{table_name}.created_at < ?", created_at]}
+          }
+        end
+      end
+    end
+  end
+end
@@ -13,6 +13,7 @@ Dependences
 See the Noosfero install file. After install Noosfero, install LDAP dependences:
  
 $ gem install net-ldap -v 0.3.1
+$ sudo apt-get install ruby-magic
  
 Enable Plugin
 -------------
@@ -19,6 +19,7 @@ require &#39;rubygems&#39;
 require 'iconv'
 require 'net/ldap'
 require 'net/ldap/dn'
+require 'magic'
  
 class LdapAuthentication
  
@@ -134,7 +135,18 @@ class LdapAuthentication
  
   def self.get_attr(entry, attr_name)
     if !attr_name.blank?
-      entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
+      val = entry[attr_name].is_a?(Array) ? entry[attr_name].first : entry[attr_name]
+      if val.nil?
+        Rails.logger.warn "LDAP entry #{entry.dn} has no attr #{attr_name}."
+        nil
+      elsif val == '' || val == ' '
+        Rails.logger.warn "LDAP entry #{entry.dn} has attr #{attr_name} empty."
+        ''
+      else
+        charset = Magic.guess_string_mime_encoding(val)
+        val.encode 'utf-8', charset, invalid: :replace, undef: :replace
+      end
     end
   end
+
 end
+# encoding: UTF-8
 require File.dirname(__FILE__) + '/../test_helper'
  
 class LdapAuthenticationTest < ActiveSupport::TestCase
  
+  def pseudoEntry(data)
+    entry = data.clone
+    def entry.dn; 'testDN'; end
+    entry
+  end
+
   def setup
     @ldap_config = load_ldap_config
   end
  
-  should "host be nil as default" do
+  should 'host be nil as default' do
     ldap = LdapAuthentication.new
     assert_nil ldap.host
   end
  
-  should "create with host passed as parameter" do
+  should 'create with host passed as parameter' do
     value = 'http://myhost.com'
     ldap = LdapAuthentication.new('host' => value)
     assert_equal value, ldap.host
   end
  
-  should "port be 389 as default" do
+  should 'port be 389 as default' do
     ldap = LdapAuthentication.new
     assert_equal 389, ldap.port
   end
  
-  should "create with port passed as parameter" do
+  should 'create with port passed as parameter' do
     value = 555
     ldap = LdapAuthentication.new('port' => value)
     assert_equal value, ldap.port
   end
  
-  should "account be nil as default" do
+  should 'account be nil as default' do
     ldap = LdapAuthentication.new
     assert_nil ldap.account
   end
  
-  should "create with account passed as parameter" do
+  should 'create with account passed as parameter' do
     value = 'uid=sector,ou=Service,ou=corp,dc=company,dc=com,dc=br'
     ldap = LdapAuthentication.new('account' => value)
     assert_equal value, ldap.account
   end
  
-  should "account_password be nil as default" do
+  should 'account_password be nil as default' do
     ldap = LdapAuthentication.new
     assert_nil ldap.account_password
   end
  
-  should "create with account_password passed as parameter" do
+  should 'create with account_password passed as parameter' do
     value = 'password'
     ldap = LdapAuthentication.new('account_password' => value)
     assert_equal value, ldap.account_password
   end
  
-  should "base_dn be nil as default" do
+  should 'base_dn be nil as default' do
     ldap = LdapAuthentication.new
     assert_nil ldap.base_dn
   end
  
-  should "create with base_dn passed as parameter" do
+  should 'create with base_dn passed as parameter' do
     value = 'dc=company,dc=com,dc=br'
     ldap = LdapAuthentication.new('base_dn' => value)
     assert_equal value, ldap.base_dn
   end
  
-  should "attr_login be nil as default" do
+  should 'attr_login be nil as default' do
     ldap = LdapAuthentication.new
     assert_nil ldap.attr_login
   end
  
-  should "create with attr_login passed as parameter" do
+  should 'create with attr_login passed as parameter' do
     value = 'uid'
     ldap = LdapAuthentication.new('attr_login' => value)
     assert_equal value, ldap.attr_login
   end
  
-  should "attr_fullname be nil as default" do
+  should 'attr_fullname be nil as default' do
     ldap = LdapAuthentication.new
     assert_nil ldap.attr_fullname
   end
  
-  should "create with attr_fullname passed as parameter" do
+  should 'create with attr_fullname passed as parameter' do
     value = 'Noosfero System'
     ldap = LdapAuthentication.new('attr_fullname' => value)
     assert_equal value, ldap.attr_fullname
   end
  
-  should "attr_mail be nil as default" do
+  should 'attr_mail be nil as default' do
     ldap = LdapAuthentication.new
     assert_nil ldap.attr_mail
   end
  
-  should "create with attr_mail passed as parameter" do
+  should 'create with attr_mail passed as parameter' do
     value = 'test@noosfero.com'
     ldap = LdapAuthentication.new('attr_mail' => value)
     assert_equal value, ldap.attr_mail
   end
  
-  should "onthefly_register be false as default" do
+  should 'onthefly_register be false as default' do
     ldap = LdapAuthentication.new
     refute ldap.onthefly_register
   end
  
-  should "create with onthefly_register passed as parameter" do
+  should 'create with onthefly_register passed as parameter' do
     value = true
     ldap = LdapAuthentication.new('onthefly_register' => value)
     assert_equal value, ldap.onthefly_register
   end
  
-  should "filter be nil as default" do
+  should 'filter be nil as default' do
     ldap = LdapAuthentication.new
     assert_nil ldap.filter
   end
  
-  should "create with filter passed as parameter" do
+  should 'create with filter passed as parameter' do
     value = 'test'
     ldap = LdapAuthentication.new('filter' => value)
     assert_equal value, ldap.filter
   end
  
-  should "tls be false as default" do
+  should 'tls be false as default' do
     ldap = LdapAuthentication.new
     refute ldap.tls
   end
  
-  should "create with tls passed as parameter" do
+  should 'create with tls passed as parameter' do
     value = true
     ldap = LdapAuthentication.new('tls' => value)
     assert_equal value, ldap.tls
   end
  
-  should "onthefly_register? return true if onthefly_register is true" do
+  should 'onthefly_register? return true if onthefly_register is true' do
     ldap = LdapAuthentication.new('onthefly_register' => true)
     assert ldap.onthefly_register?
   end
  
-  should "onthefly_register? return false if onthefly_register is false" do
+  should 'onthefly_register? return false if onthefly_register is false' do
     ldap = LdapAuthentication.new('onthefly_register' => false)
     refute ldap.onthefly_register?
   end
  
+  should 'detect and convert non utf-8 charset from ldap' do
+    entry = pseudoEntry('name' => "Jos\xE9 Jo\xE3o")
+    name = LdapAuthentication.get_attr entry, 'name'
+    assert_equal name, 'José João'
+  end
+
+  should 'dont crash when entry key is empty string' do
+    entry = pseudoEntry('name' => "")
+    name = LdapAuthentication.get_attr entry, 'name'
+    assert_equal name, ''
+  end
+
+  should 'dont crash when entry key has only a space char' do
+    entry = pseudoEntry('name' => " ")
+    name = LdapAuthentication.get_attr entry, 'name'
+    assert_equal name, ''
+  end
+
+  should 'dont crash when entry key is nil' do
+    entry = pseudoEntry('name' => nil)
+    name = LdapAuthentication.get_attr entry, 'name'
+    assert_equal name, nil
+  end
+
+  should 'dont crash when entry key does not exists' do
+    entry = pseudoEntry({})
+    name = LdapAuthentication.get_attr entry, 'name'
+    assert_equal name, nil
+  end
+
   if ldap_configured?
     should 'return the user attributes' do
       auth = LdapAuthentication.new(@ldap_config['server'])
@@ -0,0 +1,19 @@
+class OrganizationRatingsPluginAdminController < PluginAdminController
+
+  include RatingsHelper
+  helper :ratings
+  append_view_path File.join(File.dirname(__FILE__) + '/../views')
+
+  def index
+  end
+
+  def update
+    if env_organization_ratings_config.update_attributes(params[:organization_ratings_config])
+      session[:notice] = _('Configuration updated successfully.')
+    else
+      session[:notice] = _('Configuration could not be saved.')
+    end
+    render :action => 'index'
+  end
+
+end
 \ No newline at end of file
@@ -0,0 +1,76 @@
+class OrganizationRatingsPluginProfileController < ProfileController
+  include RatingsHelper
+  helper :ratings
+
+  def new_rating
+    @rating_available = user_can_rate_now?
+    @users_ratings = get_ratings(profile.id).paginate(
+                      :per_page => env_organization_ratings_config.per_page,
+                      :page => params[:npage]
+                    )
+    if request.post?
+      if @rating_available
+        create_new_rate
+      else
+        session[:notice] = _("You can not vote on this %s") % profile.class.name
+      end
+    end
+  end
+
+  private
+
+  def user_can_rate_now?
+    return false unless user
+    ratings = OrganizationRating.where(
+      :organization_id => profile.id,
+      :person_id => user.id
+    )
+
+    return false if (!ratings.empty? && env_organization_ratings_config.vote_once)
+
+    if ratings.empty?
+      true
+    else
+      elapsed_time_since_last_rating = Time.zone.now - ratings.last.created_at
+      elapsed_time_since_last_rating > env_organization_ratings_config.cooldown.hours
+    end
+  end
+
+  def create_new_rate
+    rating = OrganizationRating.new(params[:organization_rating])
+    rating.person = current_user.person
+    rating.organization = profile
+    rating.value = params[:organization_rating_value] if params[:organization_rating_value]
+
+    if rating.save
+      create_rating_comment(rating)
+      session[:notice] = _("%s successfully rated!") % profile.name
+    else
+      session[:notice] = _("Sorry, there were problems rating this profile.")
+    end
+
+    redirect_to :controller => 'profile',  :action => 'index'
+  end
+
+  def create_rating_comment(rating)
+    if params[:comments]
+        comment_task = CreateOrganizationRatingComment.create!(
+          params[:comments].merge(
+            :requestor => rating.person,
+            :organization_rating_id => rating.id,
+            :target => rating.organization
+          )
+        )
+        comment_task.finish if can_perform?(params)
+    end
+  end
+
+  def can_perform? (params)
+    (params[:comments][:body].blank? ||
+    !env_organization_ratings_config.are_moderated)
+  end
+
+  def permission
+    :manage_memberships
+  end
+end
@@ -0,0 +1,12 @@
+class CreateOrganizationRatings < ActiveRecord::Migration
+  def change
+    create_table :organization_ratings do |t|
+      t.belongs_to :organization
+      t.belongs_to :person
+      t.belongs_to :comment
+      t.integer :value
+
+      t.timestamps
+    end
+  end
+end
@@ -0,0 +1,14 @@
+class CreateOrganizationRatingsConfig < ActiveRecord::Migration
+
+  def change
+    create_table :organization_ratings_configs do |t|
+     t.belongs_to :environment
+     t.integer :cooldown, :integer, :default => 24
+     t.integer :default_rating, :integer, :default => 1
+     t.string  :order, :string, :default => "recent"
+     t.integer :per_page, :integer, :default => 10
+     t.boolean :vote_once, :boolean, :default => false
+     t.boolean :are_moderated, :boolean, :default => true
+    end
+  end
+end
@@ -0,0 +1,11 @@
+class AddCommentsCountToProfile < ActiveRecord::Migration
+  def self.up
+    change_table :profiles do |t|
+      t.integer :comments_count
+    end
+  end
+
+  def self.down
+    remove_column :profiles, :comments_count
+  end
+end
 \ No newline at end of file
@@ -0,0 +1,30 @@
+Feature: rate_community
+  As a user
+  I want to be able rate a community
+  So that users can see my feedback about that community
+
+  Background:
+    Given plugin "OrganizationRatings" is enabled on environment
+    Given the following user
+      | login     | name       |
+      | joaosilva | Joao Silva |
+    And the following community
+      | identifier  | name         |
+      | mycommunity | My Community |
+    And the following blocks
+      | owner       | type                |
+      | mycommunity | AverageRatingBlock  |
+      | mycommunity | OrganizationRatingsBlock  |
+    And the environment domain is "localhost"
+    And I am logged in as "joaosilva"
+
+  @selenium
+  Scenario: display rate button inside average block
+    Given I am on mycommunity's homepage
+    Then I should see "Rate this Community" within ".average-rating-block"
+    And I should see "Be the first to rate" within ".average-rating-block"
+
+  @selenium
+  Scenario: display rate button inside communities ratings block
+    Given I am on mycommunity's homepage
+    Then I should see "Rate Community" within ".make-report-block"
@@ -0,0 +1,30 @@
+class AverageRatingBlock < Block
+  include RatingsHelper
+
+  def self.description
+    _('Organization Average Rating')
+  end
+
+  def help
+    _('This block displays the organization average rating.')
+  end
+
+  def content(args = {})
+    profile_identifier = self.owner.identifier
+    average_rating = OrganizationRating.average_rating self.owner.id
+
+    proc do
+      render(
+        :file => 'blocks/display_organization_average_rating',
+        :locals => {
+          :profile_identifier => profile_identifier,
+          :average_rating => average_rating
+        }
+      )
+    end
+  end
+
+  def cacheable?
+    false
+  end
+end
@@ -0,0 +1,131 @@
+class CreateOrganizationRatingComment < Task
+  include Rails.application.routes.url_helpers
+
+  validates_presence_of :requestor_id, :organization_rating_id, :target_id
+
+  settings_items :organization_rating_id, :type => Integer, :default => nil
+  settings_items :organization_rating_comment_id, :type => Integer, :default => nil
+
+  attr_accessible :organization_rating_id, :body, :requestor
+  attr_accessible :reject_explanation, :target
+
+  before_save :update_comment_body
+
+  DATA_FIELDS = ['body']
+  DATA_FIELDS.each do |field|
+    settings_items field.to_sym
+  end
+
+  def update_comment_body
+    if self.organization_rating_comment_id.nil?
+      create_comment
+    else
+      comment = Comment.find_by_id(self.organization_rating_comment_id)
+      comment.body = get_comment_message
+      comment.save
+    end
+  end
+
+  def create_comment
+    if (self.body && !self.body.blank?)
+      comment_body = _("Comment waiting for approval")
+      comment = Comment.create!(:source => self.target, :body => comment_body, :author => self.requestor)
+
+
+      self.organization_rating_comment_id = comment.id
+      link_comment_with_its_rating(comment)
+    end
+  end
+
+  def link_comment_with_its_rating(user_comment)
+    rating = OrganizationRating.find(self.organization_rating_id)
+    rating.comment = user_comment
+    rating.save
+  end
+
+  def get_comment_message
+    if self.status == Status::CANCELLED
+      _("Comment rejected")
+    elsif self.status == Status::FINISHED
+      self.body
+    else
+      _("No comment")
+    end
+  end
+
+  def accept_details
+    true
+  end
+
+  def title
+    _("New Comment")
+  end
+
+  def information
+    message = _("<a href=%{requestor_url}>%{requestor}</a> wants to create a comment in this %{target_class}") %
+    {:requestor_url => url_for(self.requestor.url), :requestor => self.requestor.name, :target_class => self.target.class.name.downcase}
+
+    {:message => message}
+  end
+
+  def reject_details
+    true
+  end
+
+  def icon
+    {:type => :profile_image, :profile => requestor, :url => requestor.url}
+  end
+
+  # tells if this request was rejected
+  def rejected?
+    self.status == Task::Status::CANCELLED
+  end
+
+  # tells if this request was appoved
+  def approved?
+    self.status == Task::Status::FINISHED
+  end
+
+  def target_notification_description
+    _("%{requestor} wants to create a comment in this \"%{target}\"") %
+    {:requestor => self.requestor.name, :target => self.target.class.name.downcase }
+  end
+
+  def target_notification_message
+    _("User \"%{user}\" just requested to create a comment in the %{target_class}
+      \"%{target_name}\".
+      You have to approve or reject it through the \"Pending Validations\"
+      section in your control panel.\n") %
+    { :user => self.requestor.name, :target_class => self.target.class.name.downcase, :target_name => self.target.name }
+  end
+
+  def task_created_message
+    _("Your request for commenting at %{target} was
+      just sent. Environment administrator will receive it and will approve or
+      reject your request according to his methods and criteria.
+      You will be notified as soon as environment administrator has a position
+      about your request.") %
+    { :target => self.target.name }
+  end
+
+  def task_cancelled_message
+    _("Your request for commenting at %{target} was
+      not approved by the environment administrator. The following explanation
+      was given: \n\n%{explanation}") %
+    { :target => self.target.name,
+      :explanation => self.reject_explanation }
+  end
+
+  def task_finished_message
+    _('Your request for commenting was approved.
+      You can access %{url} to see your comment.') %
+    { :url => ratings_url }
+  end
+
+  private
+
+  def ratings_url
+    url = url_for(self.target.public_profile_url) + "/plugin/organization_ratings/new_rating"
+  end
+
+end
@@ -0,0 +1,6 @@
+require_dependency "comment"
+
+Comment.class_eval do
+
+  has_one :organization_rating
+end
@@ -0,0 +1,5 @@
+require_dependency "environment"
+
+class Environment
+  has_one :organization_ratings_config
+end
@@ -0,0 +1,7 @@
+require_dependency 'organization'
+
+Organization.class_eval do
+  has_many :organization_ratings
+
+  has_many :comments, :class_name => 'Comment', :foreign_key => 'source_id', :dependent => :destroy, :order => 'created_at asc'
+end
@@ -0,0 +1,5 @@
+require_dependency 'person'
+
+Person.class_eval do
+  has_many :organization_ratings
+end
@@ -0,0 +1,25 @@
+class OrganizationRating < ActiveRecord::Base
+  belongs_to :person
+  belongs_to :organization
+  belongs_to :comment
+
+  attr_accessible :value, :person, :organization, :comment
+
+  validates :value,
+            :presence => true, :inclusion => {
+              in: 1..5, message: _("must be between 1 and 5")
+            }
+
+  validates :organization_id, :person_id,
+            :presence => true
+
+
+  def self.average_rating organization_id
+    average = OrganizationRating.where(organization_id: organization_id).average(:value)
+
+    if average
+      (average - average.truncate) >= 0.5 ? average.ceil : average.floor
+    end
+  end
+
+end
@@ -0,0 +1,30 @@
+class OrganizationRatingsBlock < Block
+  include RatingsHelper
+
+  def self.description
+    _('Organization Ratings')
+  end
+
+  def help
+    _('This block displays the community ratings.')
+  end
+
+  def content(args = {})
+    block = self
+
+    proc do
+      render(
+        :file => 'blocks/organization_ratings_block',
+        :locals => {:block => block}
+      )
+    end
+  end
+
+  def limit_number_of_ratings
+    env_organization_ratings_config.per_page
+  end
+
+  def cacheable?
+    false
+  end
+end
@@ -0,0 +1,53 @@
+class OrganizationRatingsConfig < ActiveRecord::Base
+
+  belongs_to :environment
+
+  attr_accessible :cooldown, :default_rating, :order, :per_page
+  attr_accessible :vote_once, :are_moderated, :environment_id
+
+  ORDER_OPTIONS = {recent: _('More Recent'), best: _('Best Ratings')}
+
+  MINIMUM_RATING = 1
+  MAX_COOLDOWN = 1000
+
+  validates :default_rating,
+            :presence => true, :numericality => {
+              greater_than_or_equal_to: MINIMUM_RATING,
+              less_than_or_equal_to: 5
+            }
+
+  validates :cooldown,
+            :presence => true, :numericality => {
+              greater_than_or_equal_to: 0,
+              less_than_or_equal_to: MAX_COOLDOWN
+            }
+
+  validates :per_page,
+            :presence => true, :numericality => {
+              :greater_than_or_equal_to => 5,
+              :less_than_or_equal_to  => 20
+            }
+
+
+  def order_options
+    ORDER_OPTIONS
+  end
+
+  def minimum_ratings
+    MINIMUM_RATING
+  end
+
+  def max_cooldown
+    MAX_COOLDOWN
+  end
+
+  class << self
+    def instance
+      environment = Environment.default
+      environment.organization_ratings_config || create(environment_id: environment.id)
+    end
+
+    private :new
+  end
+
+end
@@ -0,0 +1,73 @@
+class OrganizationRatingsPlugin < Noosfero::Plugin
+  include Noosfero::Plugin::HotSpot
+
+  def self.plugin_name
+    "Organization Ratings"
+  end
+
+  def self.plugin_description
+    _("A plugin that allows you to rate a organization and comment about it.")
+  end
+
+  module Hotspots
+    def organization_ratings_plugin_comments_extra_fields
+      nil
+    end
+
+    def organization_ratings_title
+      nil
+    end
+
+    def organization_ratings_plugin_star_message
+      nil
+    end
+
+    def organization_ratings_plugin_extra_fields_show_data user_rating
+      nil
+    end
+  end
+
+  # Plugin Hotspot to display the average rating
+  def display_organization_average_rating organization
+    unless organization.nil?
+      average_rating = OrganizationRating.average_rating organization.id
+
+      Proc::new {
+        render :file => 'blocks/display_organization_average_rating',
+               :locals => {
+                 :profile_identifier => organization.identifier,
+                 :average_rating => average_rating
+               }
+      }
+    end
+  end
+
+  def more_comments_count owner
+    if owner.kind_of?(Environment) then
+      owner.profiles.sum(:comments_count)
+    elsif owner.kind_of?(Profile) then
+      owner.comments_count
+    else
+      0
+    end
+  end
+
+  def self.extra_blocks
+    {
+      OrganizationRatingsBlock => {:type => [Enterprise, Community], :position => ['1']},
+      AverageRatingBlock => {:type => [Enterprise, Community]}
+    }
+  end
+
+  def stylesheet?
+    true
+  end
+
+  def js_files
+    %w(
+      public/rate.js
+      public/comunities_rating_management.js
+    )
+  end
+
+end
@@ -0,0 +1,15 @@
+module RatingsHelper
+
+  def env_organization_ratings_config
+    OrganizationRatingsConfig.instance
+  end
+
+  def get_ratings (profile_id)
+    order_options = env_organization_ratings_config.order_options
+    if env_organization_ratings_config.order.downcase == order_options[:recent]
+      ratings = OrganizationRating.where(organization_id: profile_id).order("value DESC")
+    else
+      ratings = OrganizationRating.where(organization_id: profile_id).order("created_at DESC")
+    end
+  end
+end
 \ No newline at end of file
...	...	@@ -90,15 +90,17 @@ Matheus Faria <matheus.sousa.faria@gmail.com>
90	90	Maurilio Atila <cabelotaina@gmail.com>
91	91	M for Momo <mo@rtnp.org>
92	92	Michal Čihař <michal@cihar.com>
93		-Michel Felipe <mfelipeof@gmail.com>
	93	+Michel Felipe de Oliveira Ferreira <michel.ferreira@serpro.gov.br>
94	94	Moises Machado <moises@colivre.coop.br>
95	95	Naíla Alves <naila@colivre.coop.br>
96	96	Nanda Lopes <nanda.listas+psl@gmail.com>
97	97	Niemand Jedermann <predatorix@web.de>
	98	+Omar Junior <omarroinuj@gmail.com>
98	99	Parley Martins <parleypachecomartins@gmail.com>
99	100	Paulo Meirelles <paulo@softwarelivre.org>
100	101	Pedro de Lyra <pedrodelyra@gmail.com>
101	102	Pedro Leal
	103	+Phillip Rohmberger <rohmberger@hotmail.de>
102	104	Rafael de Souza Queiroz <querafael@live.com>
103	105	Rafael Gomes <rafaelgomes@techfree.com.br>
104	106	Rafael Martins <rmmartins@gmail.com>
...	...	@@ -112,6 +114,7 @@ Rodrigo Medeiros <rodrigo.mss01@gmail.com>
112	114	Rodrigo Souto <rodrigo@colivre.coop.br>
113	115	Ronny Kursawe <kursawe.ronny@googlemail.com>
114	116	Samuel R. C. Vale <srcvale@holoscopio.com>
	117	+Simiao Carvalho <simiaosimis@gmail.com>
115	118	Tallys Martins <tallysmartins@yahoo.com.br>
116	119	Thiago Casotti <thiago.casotti@uol.com.br>
117	120	Thiago Kairala <thiagor.kairala@gmail.com>
...	...	@@ -123,6 +126,7 @@ Valessio Brito <contato@valessiobrito.com.br>
123	126	Victor Costa <vfcosta@gmail.com>
124	127	Victor Hugo Alves de Carvalho <victorhugodf.ac@gmail.com>
125	128	Vinicius Cubas Brand <viniciuscb@gmail.com>
	129	+Vitor Barbosa <vitornga15@gmail.com>
126	130	Wilton Rodrigues <braynwilton@gmail.com>
127	131	Yann Lugrin <yann.lugrin@liquid-concept.ch>
128	132
...	...
...	...	@@ -10,7 +10,7 @@ gem 'RedCloth', '~> 4.2.9'
10	10	gem 'will_paginate', '~> 3.0.3'
11	11	gem 'ruby-feedparser', '~> 0.7'
12	12	gem 'daemons', '~> 1.1.5'
13		-gem 'thin', '~> 1.3.1'
	13	+gem 'unicorn', '~> 4.8'
14	14	gem 'nokogiri', '~> 1.5.5'
15	15	gem 'rake', :require => false
16	16	gem 'rest-client', '~> 1.6.7'
...	...	@@ -21,6 +21,13 @@ gem 'whenever', :require => false
21	21	gem 'eita-jrails', '~> 0.9.5', require: 'jrails'
22	22	gem 'slim'
23	23
	24	+# API dependencies
	25	+gem 'grape', '~> 0.12'
	26	+gem 'grape-entity'
	27	+gem 'grape_logging'
	28	+gem 'rack-cors'
	29	+gem 'rack-contrib'
	30	+
24	31	# asset pipeline
25	32	gem 'uglifier', '>= 1.0.3'
26	33	gem 'sass-rails'
...	...
...	...	@@ -15,4 +15,38 @@ Noosfero::Application.load_tasks
15	15	Dir.glob(pattern).sort
16	16	end.flatten.each do \|taskfile\|
17	17	load taskfile
	18	+end
	19	+
	20	+# plugins' tasks
	21	+plugins_tasks = Dir.glob("config/plugins//{tasks,lib/tasks,rails/tasks}//.rake").sort +
	22	+ Dir.glob("config/plugins//vendor/plugins//{tasks,lib/tasks,rails/tasks}/*/.rake").sort
	23	+plugins_tasks.each{ \|ext\| load ext }
	24	+
	25	+
	26	+desc "Print out grape routes"
	27	+task :grape_routes => :environment do
	28	+ #require 'api/api.rb'
	29	+ Noosfero::API::API.routes.each do \|route\|
	30	+ puts route
	31	+ method = route.route_method
	32	+ path = route.route_path
	33	+ puts " #{method} #{path}"
	34	+ end
	35	+end
	36	+
	37	+# plugins' tasks
	38	+plugins_tasks = Dir.glob("config/plugins//{tasks,lib/tasks,rails/tasks}//.rake").sort +
	39	+ Dir.glob("config/plugins//vendor/plugins//{tasks,lib/tasks,rails/tasks}/*/.rake").sort
	40	+plugins_tasks.each{ \|ext\| load ext }
	41	+
	42	+
	43	+desc "Print out grape routes"
	44	+task :grape_routes => :environment do
	45	+ #require 'api/api.rb'
	46	+ Noosfero::API::API.routes.each do \|route\|
	47	+ puts route
	48	+ method = route.route_method
	49	+ path = route.route_path
	50	+ puts " #{method} #{path}"
	51	+ end
18	52	end
...	...
...	...	@@ -27,20 +27,13 @@ class CmsController < MyProfileController
27	27
28	28	helper_method :file_types
29	29
30		- protect_if :only => :upload_files do \|c, user, profile\|
31		- article_id = c.params[:parent_id]
32		- (!article_id.blank? && profile.articles.find(article_id).allow_create?(user)) \|\|
33		- (user && (user.has_permission?('post_content', profile) \|\| user.has_permission?('publish_content', profile)))
34		- end
35		-
36		- protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :publish_on_portal_community, :publish_on_communities, :search_communities_to_publish, :upload_files, :new] do \|c, user, profile\|
	30	+ protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new] do \|c, user, profile\|
37	31	user && (user.has_permission?('post_content', profile) \|\| user.has_permission?('publish_content', profile))
38	32	end
39	33
40		- protect_if :only => :new do \|c, user, profile\|
41		- article = profile.articles.find_by_id(c.params[:parent_id])
42		- (!article.nil? && (article.allow_create?(user) \|\| article.parent.allow_create?(user))) \|\|
43		- (user && (user.has_permission?('post_content', profile) \|\| user.has_permission?('publish_content', profile)))
	34	+ protect_if :only => [:new, :upload_files] do \|c, user, profile\|
	35	+ parent = profile.articles.find_by_id(c.params[:parent_id])
	36	+ user && user.can_post_content?(profile, parent)
44	37	end
45	38
46	39	protect_if :only => :destroy do \|c, user, profile\|
...	...	@@ -118,10 +111,7 @@ class CmsController < MyProfileController
118	111	end
119	112	end
120	113
121		- unless @article.kind_of?(RssFeed)
122		- @escaped_body = CGI::escapeHTML(@article.body \|\| '')
123		- @escaped_abstract = CGI::escapeHTML(@article.abstract \|\| '')
124		- end
	114	+ escape_fields @article
125	115	end
126	116
127	117	def new
...	...	@@ -192,6 +182,8 @@ class CmsController < MyProfileController
192	182	end
193	183	end
194	184
	185	+ escape_fields @article
	186	+
195	187	render :action => 'edit'
196	188	end
197	189
...	...	@@ -541,4 +533,10 @@ class CmsController < MyProfileController
541	533	end
542	534	end
543	535
	536	+ def escape_fields article
	537	+ unless article.kind_of?(RssFeed)
	538	+ @escaped_body = CGI::escapeHTML(article.body \|\| '')
	539	+ @escaped_abstract = CGI::escapeHTML(article.abstract \|\| '')
	540	+ end
	541	+ end
544	542	end
...	...
...	...	@@ -133,6 +133,13 @@ class ProfileEditorController < MyProfileController
133	133	redirect_to_previous_location
134	134	end
135	135
	136	+ def reset_private_token
	137	+ profile = environment.profiles.find(params[:id])
	138	+ profile.user.generate_private_token!
	139	+
	140	+ redirect_to_previous_location
	141	+ end
	142	+
136	143	protected
137	144
138	145	def redirect_to_previous_location
...	...
...	...	@@ -97,12 +97,9 @@ class AccountController < ApplicationController
97	97	@block_bot = !!session[:may_be_a_bot]
98	98	@invitation_code = params[:invitation_code]
99	99	begin
100		- @user = User.new(params[:user])
	100	+ @user = User.build(params[:user], params[:profile_data], environment)
101	101	@user.session = session
102		- @user.terms_of_use = environment.terms_of_use
103		- @user.environment = environment
104	102	@terms_of_use = environment.terms_of_use
105		- @user.person_data = params[:profile_data]
106	103	@user.return_to = session[:return_to]
107	104	@person = Person.new(params[:profile_data])
108	105	@person.environment = @user.environment
...	...
...	...	@@ -0,0 +1,19 @@
	1	+class ApiController < PublicController
	2	+
	3	+ no_design_blocks
	4	+
	5	+ helper_method :endpoints
	6	+
	7	+ def index
	8	+ end
	9	+
	10	+ def playground
	11	+ end
	12	+
	13	+ private
	14	+
	15	+ def endpoints
	16	+ Noosfero::API::API.endpoints(environment)
	17	+ end
	18	+
	19	+end
...	...
...	...	@@ -8,6 +8,7 @@ class ContentViewerController < ApplicationController
8	8	helper TagsHelper
9	9
10	10	def view_page
	11	+
11	12	path = get_path(params[:page], params[:format])
12	13
13	14	@version = params[:version].to_i
...	...	@@ -38,7 +39,7 @@ class ContentViewerController < ApplicationController
38	39	end
39	40
40	41	# At this point the page will be showed
41		- @page.hit unless user_is_a_bot?
	42	+ @page.hit unless user_is_a_bot? \|\| already_visited?(@page)
42	43
43	44	@page = FilePresenter.for @page
44	45
...	...	@@ -272,4 +273,18 @@ class ContentViewerController < ApplicationController
272	273	@comment_order = params[:comment_order].nil? ? 'oldest' : params[:comment_order]
273	274	end
274	275
	276	+ private
	277	+
	278	+ def already_visited?(element)
	279	+ user_id = if user.nil? then -1 else current_user.id end
	280	+ user_id = "#{user_id}_#{element.id}_#{element.class}"
	281	+
	282	+ if cookies.signed[:visited] == user_id
	283	+ return true
	284	+ else
	285	+ cookies.permanent.signed[:visited] = user_id
	286	+ return false
	287	+ end
	288	+ end
	289	+
275	290	end
...	...
...	...	@@ -66,7 +66,10 @@ class ProfileController < PublicController
66	66
67	67	def members
68	68	if is_cache_expired?(profile.members_cache_key(params))
69		- @members = profile.members_by_name.includes(relations_to_include).paginate(:per_page => members_per_page, :page => params[:npage], :total_entries => profile.members.count)
	69	+ sort = (params[:sort] == 'desc') ? params[:sort] : 'asc'
	70	+ @profile_admins = profile.admins.includes(relations_to_include).order("name #{sort}").paginate(:per_page => members_per_page, :page => params[:npage])
	71	+ @profile_members = profile.members.includes(relations_to_include).order("name #{sort}").paginate(:per_page => members_per_page, :page => params[:npage])
	72	+ @profile_members_url = url_for(:controller => 'profile', :action => 'members')
70	73	end
71	74	end
72	75
...	...
...	...	@@ -88,7 +88,7 @@ module ArticleHelper
88	88	content_tag( 'small', _('Who will be able to create new topics on this forum?')) +
89	89	content_tag('div', '', slider_options) +
90	90	hidden_field_tag('article[topic_creation]', article.topic_creation) +
91		- javascript_include_tag('topic-creation-config')
	91	+ javascript_include_tag("#{Noosfero.root}/assets/topic-creation-config.js")
92	92	end
93	93
94	94	def privacity_exceptions(article, tokenized_children)
...	...