Merge branch 'master' into AI3191-private_environment

Conflicts: app/models/environment.rb app/views/features/index.rhtml

Merge branch 'master' into AI3191-private_environment
Conflicts: app/models/environment.rb app/views/features/index.rhtml
Victor Costa
2 parents 14a2302f aa847970
Showing 3001 changed files with 192815 additions and 47494 deletions Show diff stats
AUTHORS
Gemfile
Gemfile.lock
INSTALL.md
MIGRATION_ISSUES
README.md
Rakefile
Vagrantfile
app/controllers/admin/admin_panel_controller.rb
app/controllers/admin/environment_design_controller.rb
app/controllers/admin/environment_role_manager_controller.rb
app/controllers/admin/features_controller.rb
app/controllers/admin/users_controller.rb
app/controllers/application_controller.rb
app/controllers/embed_controller.rb
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile/manage_products_controller.rb
app/controllers/my_profile/memberships_controller.rb
app/controllers/my_profile/profile_design_controller.rb
app/controllers/my_profile/profile_editor_controller.rb
@@ -6,6 +6,7 @@ noosfero, that&#39;s not a problem).
 Developers
 ==========
  
+Ábner Silva de Oliveira <abner.oliveira@serpro.gov.br>
 Alan Freihof Tygel <alantygel@gmail.com>
 alcampelo <alcampelo@alcampelo.(none)>
 Alessandro Palmeira <alessandro.palmeira@gmail.com>
@@ -43,6 +44,7 @@ Ana Losnak &lt;analosnak@gmail.com&gt;
 Antonio Terceiro + Carlos Morais <terceiro@colivre.coop.br>
 Antonio Terceiro + Paulo Meirelles <terceiro@colivre.coop.br>
 Antonio Terceiro <terceiro@colivre.coop.br>
+Arthur Del Esposte <arthurmde@gmail.com>
 Arthur Del Esposte <arthurmde@yahoo.com.br>
 Aurelio A. Heckert <aurelio@colivre.coop.br>
 Braulio Bhavamitra <brauliobo@gmail.com>
@@ -71,12 +73,14 @@ Caio Salgado + Renan Teruo &lt;caio.salgado@gmail.com&gt;
 Caio Salgado + Renan Teruo + Jefferson Fernandes <jeffs.fernandes@gmail.com>
 Caio Salgado + Renan Teruo <renanteruoc@gmail.com>
 Caio SBA <caio@colivre.coop.br>
+Caio Tiago Oliveira <caiotiago@colivre.coop.br>
 Carlos Andre de Souza <carlos.andre.souza@msn.com>
 Carlos Morais <carlos88morais@gmail.com>
 Carlos Morais + Diego Araújo <diegoamc90@gmail.com>
 Carlos Morais + Eduardo Morais <carlos88morais@gmail.com>
 Carlos Morais + Paulo Meirelles <carlos88morais@gmail.com>
 Carlos Morais + Pedro Leal <carlos88morais@gmail.com>
+Daniela Feitosa <dani@dohko.(none)>
 Daniel Alves + Diego Araújo <danpaulalves@gmail.com>
 Daniel Alves + Diego Araújo <diegoamc90@gmail.com>
 Daniel Alves + Diego Araújo + Guilherme Rojas <danpaulalves@gmail.com>
@@ -117,6 +121,8 @@ Diego Martinez &lt;diegoamc90@gmail.com&gt;
 Diego Martinez <diego@diego-K55A.(none)>
 Diego + Renan <renanteruoc@gmail.com>
 Eduardo Tourinho Edington <eduardo.edington@serpro.gov.br>
+Evandro Jr <evandrojr@gmail.com>
+Evandro Junior <evandrojr@gmail.com>
 Fabio Teixeira <fabio1079@gmail.com>
 Fernanda Lopes <nanda.listas+psl@gmail.com>
 Francisco Marcelo A. Lima Júnior <francisco.lima-junior@serpro.gov.br>
@@ -132,6 +138,7 @@ Italo Valcy &lt;italo@dcc.ufba.br&gt;
 Jefferson Fernandes + Diego Araujo + Rafael Manzo <jeffs.fernandes@gmail.com>
 Jefferson Fernandes + Joao M. M. da Silva <jeffs.fernandes@gmail.com>
 Jefferson Fernandes + Joao M. M. Silva <jeffs.fernandes@gmail.com>
+João da Silva + Eduardo Morais + Rafael Manzo <rr.manzo@gmail.com>
 João da Silva <jaodsilv@linux.ime.usp.br>
 João Marco Maciel da Silva + Rafael Manzo + Renan Teruo <jaodsilv@linux.ime.usp.br>
 João M. M. da Silva + Alessandro Palmeira + Diego Araújo + Caio Salgado <jaodsilv@linux.ime.usp.br>
@@ -162,9 +169,11 @@ João M. M. Silva + Rafael Manzo &lt;jaodsilv@linux.ime.usp.br&gt;
 João M. M. Silva + Renan Teruo <jaodsilv@linux.ime.usp.br>
 Joenio Costa <joenio@colivre.coop.br>
 Josef Spillner <josef.spillner@tu-dresden.de>
+Junior Silva <junior@bajor.localhost.localdomain>
 Junior Silva <juniorsilva1001@gmail.com>
 Junior Silva <juniorsilva7@juniorsilva-Aspire-5750Z.(none)>
 Junior Silva <juniorsilva@colivre.coop.br>
+juniorsilva <juniorsilva@QonoS.localhost.localdomain>
 Keilla Menezes <keilla@colivre.coop.br>
 Larissa Reis <larissa@colivre.coop.br>
 Larissa Reis <reiss.larissa@gmail.com>
@@ -175,7 +184,9 @@ Leandro Nunes dos Santos &lt;leandro.santos@serpro.gov.br&gt;
 LinguÁgil 2010 <linguagil.bahia@gmail.com>
 Lucas Melo <lucas@colivre.coop.br>
 Lucas Melo <lucaspradomelo@gmail.com>
+Luciano <lucianopcbr@gmail.com>
 Luis David Aguilar Carlos <ludwig9003@gmail.com>
+Luiz Fernando de Freitas Matos <luiz@luizff.matos@gmail.com>
 Marcos Ramos <ms.ramos@outlook.com>
 Martín Olivera <molivera@solar.org.ar>
 Moises Machado <moises@colivre.coop.br>
 source "https://rubygems.org"
+gem 'rails'
+gem 'fast_gettext'
+gem 'acts-as-taggable-on'
+gem 'prototype-rails'
+gem 'prototype_legacy_helper', '0.0.0', :path => 'vendor/prototype_legacy_helper'
+gem 'rails_autolink'
+gem 'pg'
+gem 'rmagick'
+gem 'RedCloth'
+gem 'will_paginate'
+gem 'ruby-feedparser'
+gem 'daemons'
+gem 'thin'
+gem 'hpricot'
+gem 'nokogiri'
+gem 'rake', :require => false
  
-gem 'exception_notification', '1.0.20090728'
-gem 'system_timer'
+# FIXME list here all actual dependencies (i.e. the ones in debian/control),
+# with their GEM names (not the Debian package names)
+
+group :production do
+  gem 'dalli'
+end
  
 group :test do
-  gem 'rspec', '1.2.9'
-  gem 'rspec-rails', '1.2.9'
+  gem 'rspec'
+  gem 'rspec-rails'
+  gem 'mocha', :require => false
 end
  
 group :cucumber do
-  gem 'rake', '0.8.7'
-  gem 'cucumber-rails', '0.3.2'
-  gem 'capybara', '1.1.1'
-  gem 'cucumber', '1.1.0'
+  gem 'rake'
+  gem 'cucumber-rails', :require => false
+  gem 'capybara'
+  gem 'cucumber'
   gem 'database_cleaner'
+  gem 'selenium-webdriver'
 end
  
-def program(name)
-  unless system("which #{name} > /dev/null")
-    puts "W: Program #{name} is needed, but was not found in your PATH"
-  end
+# include plugin gemfiles
+Dir.glob(File.join('config', 'plugins', '*')).each do |plugin|
+  plugin_gemfile = File.join(plugin, 'Gemfile')
+  eval File.read(plugin_gemfile) if File.exists?(plugin_gemfile)
 end
-
-program 'java'
-program 'firefox'
+PATH
+  remote: vendor/prototype_legacy_helper
+  specs:
+    prototype_legacy_helper (0.0.0)
+
 GEM
   remote: https://rubygems.org/
   specs:
-    builder (3.1.4)
-    capybara (1.1.1)
+    RedCloth (4.2.9)
+    actionmailer (3.2.6)
+      actionpack (= 3.2.6)
+      mail (~> 2.4.4)
+    actionpack (3.2.6)
+      activemodel (= 3.2.6)
+      activesupport (= 3.2.6)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.1)
+      rack (~> 1.4.0)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.1.3)
+    activemodel (3.2.6)
+      activesupport (= 3.2.6)
+      builder (~> 3.0.0)
+    activerecord (3.2.6)
+      activemodel (= 3.2.6)
+      activesupport (= 3.2.6)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.6)
+      activemodel (= 3.2.6)
+      activesupport (= 3.2.6)
+    activesupport (3.2.6)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    acts-as-taggable-on (3.0.2)
+      rails (>= 3, < 5)
+    arel (3.0.2)
+    builder (3.0.0)
+    capybara (2.1.0)
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
       rack (>= 1.0.0)
       rack-test (>= 0.5.4)
-      selenium-webdriver (~> 2.0)
-      xpath (~> 0.1.4)
-    childprocess (0.3.6)
-      ffi (~> 1.0, >= 1.0.6)
-    cucumber (1.1.0)
+      xpath (~> 2.0)
+    childprocess (0.3.3)
+      ffi (~> 1.0.6)
+    cucumber (1.0.6)
       builder (>= 2.1.2)
       diff-lcs (>= 1.1.2)
-      gherkin (~> 2.5.0)
+      gherkin (~> 2.4.18)
       json (>= 1.4.6)
       term-ansicolor (>= 1.0.6)
-    cucumber-rails (0.3.2)
-      cucumber (>= 0.8.0)
-    database_cleaner (0.9.1)
+    cucumber-rails (1.0.6)
+      capybara (>= 1.1.1)
+      cucumber (>= 1.0.6)
+      nokogiri (>= 1.5.0)
+    daemons (1.1.5)
+    dalli (2.7.0)
+    database_cleaner (1.2.0)
     diff-lcs (1.1.3)
-    exception_notification (1.0.20090728)
-    ffi (1.2.0)
-    gherkin (2.5.4)
+    erubis (2.7.0)
+    eventmachine (0.12.11)
+    fast_gettext (0.6.8)
+    ffi (1.0.11)
+    gherkin (2.4.21)
       json (>= 1.4.6)
-    json (1.7.5)
-    libwebsocket (0.1.6.1)
-      websocket
+    hike (1.2.1)
+    hpricot (0.8.6)
+    i18n (0.6.0)
+    journey (1.0.3)
+    json (1.7.3)
+    mail (2.4.4)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    metaclass (0.0.1)
     mime-types (1.19)
-    multi_json (1.3.7)
+    mocha (0.11.3)
+      metaclass (~> 0.0.1)
+    multi_json (1.3.6)
     nokogiri (1.5.5)
-    rack (1.1.0)
-    rack-test (0.6.2)
+    pg (0.13.2)
+    polyglot (0.3.3)
+    prototype-rails (3.2.1)
+      rails (~> 3.2)
+    rack (1.4.1)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.2)
+      rack
+    rack-test (0.6.1)
       rack (>= 1.0)
-    rake (0.8.7)
-    rspec (1.2.9)
-    rspec-rails (1.2.9)
-      rack (>= 1.0.0)
-      rspec (>= 1.2.9)
-    rubyzip (0.9.9)
-    selenium-webdriver (2.26.0)
+    rails (3.2.6)
+      actionmailer (= 3.2.6)
+      actionpack (= 3.2.6)
+      activerecord (= 3.2.6)
+      activeresource (= 3.2.6)
+      activesupport (= 3.2.6)
+      bundler (~> 1.0)
+      railties (= 3.2.6)
+    rails_autolink (1.1.5)
+      rails (> 3.1)
+    railties (3.2.6)
+      actionpack (= 3.2.6)
+      activesupport (= 3.2.6)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (0.9.2.2)
+    rdoc (3.9.4)
+    rmagick (2.13.1)
+    rspec (2.10.0)
+      rspec-core (~> 2.10.0)
+      rspec-expectations (~> 2.10.0)
+      rspec-mocks (~> 2.10.0)
+    rspec-core (2.10.1)
+    rspec-expectations (2.10.0)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.10.1)
+    rspec-rails (2.10.1)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec (~> 2.10.0)
+    ruby-feedparser (0.7)
+    rubyzip (1.1.2)
+    selenium-webdriver (2.39.0)
       childprocess (>= 0.2.5)
-      libwebsocket (~> 0.1.3)
       multi_json (~> 1.0)
-      rubyzip
-    system_timer (1.2.4)
+      rubyzip (~> 1.0)
+      websocket (~> 1.0.4)
+    sprockets (2.1.3)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
     term-ansicolor (1.0.7)
-    websocket (1.0.4)
-    xpath (0.1.4)
+    thin (1.3.1)
+      daemons (>= 1.0.9)
+      eventmachine (>= 0.12.6)
+      rack (>= 1.0.0)
+    thor (0.15.3)
+    tilt (1.3.3)
+    treetop (1.4.10)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.33)
+    websocket (1.0.7)
+    will_paginate (3.0.3)
+    xpath (2.0.0)
       nokogiri (~> 1.3)
  
 PLATFORMS
   ruby
  
 DEPENDENCIES
-  capybara (= 1.1.1)
-  cucumber (= 1.1.0)
-  cucumber-rails (= 0.3.2)
+  RedCloth
+  acts-as-taggable-on
+  capybara
+  cucumber
+  cucumber-rails
+  daemons
+  dalli
   database_cleaner
-  exception_notification (= 1.0.20090728)
-  rake (= 0.8.7)
-  rspec (= 1.2.9)
-  rspec-rails (= 1.2.9)
-  system_timer
+  fast_gettext
+  hpricot
+  mocha
+  nokogiri
+  pg
+  prototype-rails
+  prototype_legacy_helper (= 0.0.0)!
+  rails
+  rails_autolink
+  rake
+  rmagick
+  rspec
+  rspec-rails
+  ruby-feedparser
+  selenium-webdriver
+  thin
+  will_paginate
@@ -110,7 +110,7 @@ Setup Noosfero log and tmp directories:
     # cd /var/lib/noosfero/current
     # ./etc/init.d/noosfero setup
  
-Now it's time to setup the database. In this example we are using PostgreSQL, so if you are planning to use a different database this steps won't apply.
+Now it's time to setup the database. In this example we are using PostgreSQL, so if you are planning to use a different database this steps won't apply. Pay special attention to the default collation defined on your setup by the environment variable LC_COLLATE because it might interfere in some sorting operations on your database. For more information checkout `man locale`.
  
     # apt-get install postgresql libpgsql-ruby
     # su postgres -c 'createuser noosfero -S -d -R'
@@ -0,0 +1,41 @@
+* ruby-get-text incmopatible with rails3. Maybe we can use it's gem
+
+* all js code is inside miscellaneous.js. Would be nice to refactor this
+
+* rails 2 uses prototype instead of jquery
+
+* config/environment.rb maybe still have some code that should be on the initializers
+
+* initializers session_store.rb inflections.rb... don't exist
+
+* rails gems version have to be forced on Gemfile or it will use incompatible pre3vious versions (3.1.3)
+
+* Sweepers are now natively supported on Rails 3. Would be nice to refactor it
+
+* On Rails 3 it is no more possible to add allowed tags to avoid scape. The html_safe initializer is an option.
+
+* error when call sqlite_extensiosn
+
+* error related to action_tracker
+
+* check FIXME's in script/quick-start
+
+* check FIXME's in Gemfile
+
+* Check the FIXME in config/routes.rb
+
+* rewrite conditional routing. See FIXME in lib/route_if.rb and re-implement using the Rails 3 mechanism - http://guides.rubyonrails.org/routing.html#advanced-constraints
+
+* check FIXME's in config/environment.rb
+
+* xss_terminate sucks. We should replace it with the builtin mechanism in Rails 3
+
+* instance_eval on Ruby 1.9 yields self, so lambdas that are passed to instance_eval and do not accept exactly 1 argument will blow up. See http://www.ruby-forum.com/topic/213313 ... search for instance_eval and fix where necessary. In special, most of the blocks still need fixing.
+
+* all instances of <% *_form_for ... %> must be changed to <%= instead of <%
+
+* all ActiveRecord models have to declare explicitly which attributes must be allowed for mass assignment with attr_accessible.
+
+* check if we need to update config/locales/*
+
+* check observe_field and labelled_form_for in app/helpers/application_helper.rb
+[![Code Climate](https://codeclimate.com/github/Noosfero/noosfero.png)](https://codeclimate.com/github/Noosfero/noosfero)
+
 Noosfero - a web-based social platform
 ======================================
  
@@ -30,4 +32,4 @@ Authorship and copyright information is available in the files listed below.
     --------------------  -----------------------------------------
     AUTHORS.md            list of authors (updated at each release)
     COPYRIGHT             Copyright statement for the project
 -    COPYING               Full text of the project license
+    COPYING               Full text of the project license
 \ No newline at end of file
+#!/usr/bin/env rake
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
  
-require(File.join(File.dirname(__FILE__), 'config', 'boot'))
+require File.expand_path('../config/application', __FILE__)
  
-require 'rake'
-require 'rake/testtask'
-require 'rake/rdoctask'
-
-# rails tasks
-require 'tasks/rails'
-
-# plugins' tasks
-plugins_tasks = Dir.glob("config/plugins/*/{tasks,lib/tasks,rails/tasks}/**/*.rake").sort +
-  Dir.glob("config/plugins/*/vendor/plugins/*/{tasks,lib/tasks,rails/tasks}/**/*.rake").sort
-plugins_tasks.each{ |ext| load ext }
+Noosfero::Application.load_tasks
@@ -0,0 +1,11 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+VAGRANTFILE_API_VERSION = "2"
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  config.vm.box = "debian-wheezy"
+  config.vm.network :forwarded_port, host: 3000, guest: 3000
+  config.vm.provision :shell do |shell|
+    shell.inline = 'su vagrant -c /vagrant/script/vagrant'
+  end
+end
@@ -7,6 +7,7 @@ class AdminPanelController &lt; AdminController
   end
  
   def site_info
+    @no_design_blocks = true
     if request.post?
       if params[:environment][:languages]
         params[:environment][:languages] = params[:environment][:languages].map {|lang, value| lang if value=='true'}.compact
@@ -42,7 +43,7 @@ class AdminPanelController &lt; AdminController
         end
         redirect_to :action => 'set_portal_folders'
       else
-        session[:notice] = __('Community not found. You must insert the identifier of a community from this environment')
+        session[:notice] = _('Community not found. You must insert the identifier of a community from this environment')
       end
     end
   end
@@ -5,7 +5,7 @@ class EnvironmentDesignController &lt; BoxOrganizerController
   def available_blocks
     # TODO EnvironmentStatisticsBlock is DEPRECATED and will be removed from
     #      the Noosfero core soon, see ActionItem3045
-    @available_blocks ||= [ ArticleBlock, LoginBlock, EnvironmentStatisticsBlock, RecentDocumentsBlock, EnterprisesBlock, CommunitiesBlock, PeopleBlock, SellersSearchBlock, LinkListBlock, FeedReaderBlock, SlideshowBlock, HighlightsBlock, FeaturedProductsBlock, CategoriesBlock, RawHTMLBlock, TagsBlock ]
+    @available_blocks ||= [ ArticleBlock, LoginBlock, EnvironmentStatisticsBlock, RecentDocumentsBlock, EnterprisesBlock, CommunitiesBlock, SellersSearchBlock, LinkListBlock, FeedReaderBlock, SlideshowBlock, HighlightsBlock, FeaturedProductsBlock, CategoriesBlock, RawHTMLBlock, TagsBlock ]
     @available_blocks += plugins.dispatch(:extra_blocks, :type => Environment)
   end
  
 class EnvironmentRoleManagerController < AdminController
   protect 'manage_environment_roles', :environment
-  
+
   def index
     @admins = Person.find(:all, :conditions => ['role_assignments.resource_type = ?', 'Environment'], :include => :role_assignments )
   end
@@ -8,7 +8,7 @@ class EnvironmentRoleManagerController &lt; AdminController
   def change_roles
     @admin = Person.find(params[:id])
     @roles = Role.find(:all).select{ |r| r.has_kind?(:environment) }
-  end  
+  end
  
   def update_roles
     @roles = params[:roles] ? Role.find(params[:roles]) : []
@@ -20,7 +20,7 @@ class EnvironmentRoleManagerController &lt; AdminController
     end
     redirect_to :action => :index
   end
-  
+
   def change_role
     @roles = Role.find(:all).select{ |r| r.has_kind?(:environment) }
     @admin = Person.find(params[:id])
@@ -34,9 +34,9 @@ class FeaturesController &lt; AdminController
   def manage_enterprise_fields
     environment.custom_enterprise_fields = params[:enterprise_fields]
     if environment.save!
-      session[:notice] = __('Enterprise fields updated successfully.')
+      session[:notice] = _('Enterprise fields updated successfully.')
     else
-      flash[:error] = __('Enterprise fields not updated successfully.')
+      flash[:error] = _('Enterprise fields not updated successfully.')
     end
     redirect_to :action => 'manage_fields'
   end
@@ -79,7 +79,7 @@ class UsersController &lt; AdminController
         users = User.connection.execute(command)
         csv_content = "name;email\n"
         users.each { |u|
-          CSV.generate_row([u['name'], u['email']], 2, csv_content, fs=';')
+          csv_content << CSV.generate_line([u['name'], u['email']], {:col_sep => ';'})
         }
         render :text => csv_content, :content_type => 'text/csv', :layout => false
       end
+require 'noosfero/multi_tenancy'
+
 class ApplicationController < ActionController::Base
+  protect_from_forgery
  
   before_filter :setup_multitenancy
   before_filter :detect_stuff_by_domain
-  before_filter :init_noosfero_plugins_controller_filters
+  before_filter :init_noosfero_plugins
   before_filter :allow_cross_domain_access
   before_filter :login_required, :if => :private_environment?
   before_filter :verify_members_whitelist, :if => :user
@@ -11,6 +14,12 @@ class ApplicationController &lt; ActionController::Base
     render_access_denied unless user.is_admin? || environment.in_whitelist?(user)
   end
  
+  after_filter :set_csrf_cookie
+
+  def set_csrf_cookie
+    cookies['_noosfero_.XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery? && logged_in?
+  end
+
   def allow_cross_domain_access
     origin = request.headers['Origin']
     return if origin.blank?
@@ -27,7 +36,8 @@ class ApplicationController &lt; ActionController::Base
   include ApplicationHelper
   layout :get_layout
   def get_layout
-    return nil if request.format == :js
+    return nil if request.format == :js or request.xhr?
+
     theme_layout = theme_option(:layout)
     if theme_layout
       theme_view_file('layouts/'+theme_layout) || theme_layout
@@ -36,11 +46,9 @@ class ApplicationController &lt; ActionController::Base
     end
   end
  
-  filter_parameter_logging :password
-
   def log_processing
     super
-    return unless ENV['RAILS_ENV'] == 'production'
+    return unless Rails.env == 'production'
     if logger && logger.info?
       logger.info("  HTTP Referer: #{request.referer}")
       logger.info("  User Agent: #{request.user_agent}")
@@ -71,6 +79,7 @@ class ApplicationController &lt; ActionController::Base
     FastGettext.default_locale = environment.default_locale
     FastGettext.locale = (params[:lang] || session[:lang] || environment.default_locale || request.env['HTTP_ACCEPT_LANGUAGE'] || 'en')
     I18n.locale = FastGettext.locale
+    I18n.default_locale = FastGettext.default_locale
     if params[:lang]
       session[:lang] = params[:lang]
     end
@@ -80,18 +89,24 @@ class ApplicationController &lt; ActionController::Base
  
   attr_reader :environment
  
-  before_filter :load_terminology
-
   # declares that the given <tt>actions</tt> cannot be accessed by other HTTP
   # method besides POST.
   def self.post_only(actions, redirect = { :action => 'index'})
-    verify :method => :post, :only => actions, :redirect_to => redirect
+    before_filter(:only => actions) do |controller|
+      if !controller.request.post?
+        controller.redirect_to redirect
+      end
+    end
   end
  
   helper_method :current_person, :current_person
  
   protected
  
+  def verified_request?
+    super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
+  end
+
   def setup_multitenancy
     Noosfero::MultiTenancy.setup!(request.host)
   end
@@ -117,7 +132,10 @@ class ApplicationController &lt; ActionController::Base
       @environment = Environment.default
       if @environment.nil? && Rails.env.development?
         # This should only happen in development ...
-        @environment = Environment.create!(:name => "Noosfero", :is_default => true)
+        @environment = Environment.new
+        @environment.name = "Noosfero"
+        @environment.is_default = true
+        @environment.save!
       end
     else
       @environment = @domain.environment
@@ -133,36 +151,15 @@ class ApplicationController &lt; ActionController::Base
  
   include Noosfero::Plugin::HotSpot
  
-  # This is a generic method that initialize any possible filter defined by a
-  # plugin to the current controller being initialized.
-  def init_noosfero_plugins_controller_filters
-    plugins.each do |plugin|
-      filters = plugin.send(self.class.name.underscore + '_filters')
-      filters = [filters] if !filters.kind_of?(Array)
-      controller_filters = self.class.filter_chain.map {|c| c.method }
-      filters.each do |plugin_filter|
-        filter_method = plugin.class.name.underscore.gsub('/','_') + '_' + plugin_filter[:method_name]
-        unless controller_filters.include?(filter_method)
-          self.class.send(plugin_filter[:type], filter_method, (plugin_filter[:options] || {}))
-          self.class.send(:define_method, filter_method) do
-            instance_eval(&plugin_filter[:block]) if environment.plugin_enabled?(plugin.class)
-          end
-        end
-      end
-    end
-  end
-
-  def load_terminology
-    # cache terminology for performance
-    @@terminology_cache ||= {}
-    @@terminology_cache[environment.id] ||= environment.terminology
-    Noosfero.terminology = @@terminology_cache[environment.id]
+  # FIXME this filter just loads @plugins to children controllers and helpers
+  def init_noosfero_plugins
+    plugins
   end
  
   def render_not_found(path = nil)
     @no_design_blocks = true
     @path ||= request.path
-    render :template => 'shared/not_found.rhtml', :status => 404, :layout => get_layout
+    render :template => 'shared/not_found.html.erb', :status => 404, :layout => get_layout
   end
   alias :render_404 :render_not_found
  
@@ -170,12 +167,12 @@ class ApplicationController &lt; ActionController::Base
     @no_design_blocks = true
     @message = message
     @title = title
-    render :template => 'shared/access_denied.rhtml', :status => 403
+    render :template => 'shared/access_denied.html.erb', :status => 403
   end
  
   def load_category
     unless params[:category_path].blank?
-      path = params[:category_path].join('/')
+      path = params[:category_path]
       @category = environment.categories.find_by_path(path)
       if @category.nil?
         render_not_found(path)
@@ -4,10 +4,10 @@ class EmbedController &lt; ApplicationController
   def block
     @block = Block.find(params[:id])
     if !@block.embedable? || !@block.visible?
-      render 'unavailable.rhtml', :status => 403
+      render 'unavailable', :status => 403
     end
     rescue ActiveRecord::RecordNotFound
-      render 'not_found.rhtml', :status => 404
+      render 'not_found', :status => 404
   end
  
 end
@@ -53,8 +53,7 @@ class CmsController &lt; MyProfileController
       conditions = ['type != ?', 'RssFeed']
     end
  
-    @articles = @article.children.paginate(
-      :order => "case when type = 'Folder' then 0 when type ='Blog' then 1 else 2 end, updated_at DESC",
+    @articles = @article.children.reorder("case when type = 'Folder' then 0 when type ='Blog' then 1 else 2 end, updated_at DESC, name").paginate(
       :conditions => conditions,
       :per_page => per_page,
       :page => params[:npage]
@@ -145,6 +144,7 @@ class CmsController &lt; MyProfileController
  
     @article.profile = profile
     @article.last_changed_by = user
+    @article.created_by = user
  
     translations if @article.translatable?
  
@@ -188,7 +188,7 @@ class CmsController &lt; MyProfileController
     end
     if request.post? && params[:uploaded_files]
       params[:uploaded_files].each do |file|
-        @uploaded_files << UploadedFile.create(:uploaded_data => file, :profile => profile, :parent => @parent, :last_changed_by => user) unless file == ''
+        @uploaded_files << UploadedFile.create({:uploaded_data => file, :profile => profile, :parent => @parent, :last_changed_by => user}, :without_protection => true) unless file == ''
       end
       @errors = @uploaded_files.select { |f| f.errors.any? }
       if @errors.any?
@@ -210,7 +210,7 @@ class CmsController &lt; MyProfileController
     if request.post?
       @article.destroy
       session[:notice] = _("\"#{@article.name}\" was removed.")
-      referer = ActionController::Routing::Routes.recognize_path URI.parse(request.referer).path rescue nil
+      referer = Rails.application.routes.recognize_path URI.parse(request.referer).path rescue nil
       if referer and referer[:controller] == 'cms' and referer[:action] != 'edit'
         redirect_to referer
       elsif @article.parent
@@ -232,7 +232,7 @@ class CmsController &lt; MyProfileController
       @current_category = Category.find(params[:category_id])
       @categories = @current_category.children
     end
-    render :partial => 'shared/select_categories', :locals => {:object_name => 'article', :multiple => true}, :layout => false
+    render :template => 'shared/update_categories', :locals => { :category => @current_category }
   end
  
   def publish
@@ -253,7 +253,7 @@ class CmsController &lt; MyProfileController
         begin
           task.finish unless item[:group].moderated_articles?
         rescue Exception => ex
-           @failed[ex.clean_message] ? @failed[ex.clean_message] << item[:group].name : @failed[ex.clean_message] = [item[:group].name]
+           @failed[ex.message] ? @failed[ex.message] << item[:group].name : @failed[ex.message] = [item[:group].name]
         end
       end
       if @failed.blank?
@@ -48,6 +48,7 @@ class ManageProductsController &lt; ApplicationController
   end
  
   def new
+    @no_design_blocks = true
     @category = params[:selected_category_id] ? Category.find(params[:selected_category_id]) : nil
     @product = @profile.products.build(:product_category => @category)
     @categories = ProductCategory.top_level_for(environment)
@@ -85,7 +86,7 @@ class ManageProductsController &lt; ApplicationController
     @edit = true
     @level = @category.level
     if request.post?
-      if @product.update_attributes(:product_category_id => params[:selected_category_id])
+      if @product.update_attributes({:product_category_id => params[:selected_category_id]}, :without_protection => true)
         render :partial => 'shared/redirect_via_javascript',
           :locals => { :url => url_for(:controller => 'manage_products', :action => 'show', :id => @product) }
       else
@@ -207,7 +208,7 @@ class ManageProductsController &lt; ApplicationController
                       }.to_json
     else
       render :text => {:ok => false,
-                       :error_msg => _(cost.errors['name']) % {:fn => _('Name')}
+                       :error_msg => _(cost.errors['name'].join('\n')) % {:fn => _('Name')}
                       }.to_json
     end
   end
@@ -20,7 +20,7 @@ class MembershipsController &lt; MyProfileController
     @community.environment = environment
     @back_to = params[:back_to] || url_for(:action => 'index')
     if request.post? && @community.valid?
-      @community = Community.create_after_moderation(user, {:environment => environment}.merge(params[:community]))
+      @community = Community.create_after_moderation(user, params[:community].merge({:environment => environment}))
       redirect_to @back_to
       return
     end
@@ -9,14 +9,8 @@ class ProfileDesignController &lt; BoxOrganizerController
  
     blocks += plugins.dispatch(:extra_blocks)
  
-    # blocks exclusive for organizations
-    if profile.has_members?
-      blocks << MembersBlock
-    end
-
     # blocks exclusive to people
     if profile.person?
-      blocks << FriendsBlock
       blocks << FavoriteEnterprisesBlock
       blocks << CommunitiesBlock
       blocks << EnterprisesBlock
@@ -15,20 +15,14 @@ class ProfileEditorController &lt; MyProfileController
     @possible_domains = profile.possible_domains
     if request.post?
       params[:profile_data][:fields_privacy] ||= {} if profile.person? && params[:profile_data].is_a?(Hash)
-      begin
-        Profile.transaction do
-        Image.transaction do
-          if profile.update_attributes!(params[:profile_data])
-            redirect_to :action => 'index', :profile => profile.identifier
-          end
+      Profile.transaction do
+      Image.transaction do
+        if @profile_data.update_attributes(params[:profile_data])
+          redirect_to :action => 'index', :profile => profile.identifier
+        else
+          profile.identifier = params[:profile] if profile.identifier.blank?
         end
-        end
-      rescue Exception => ex
-        if profile.identifier.blank?
-          profile.identifier = params[:profile]
-        end
-        session[:notice] = _('Cannot update profile')
-        logger.error ex.to_s
+      end
       end
     end
   end
@@ -60,7 +54,7 @@ class ProfileEditorController &lt; MyProfileController
       @current_category = Category.find(params[:category_id])
       @categories = @current_category.children
     end
-    render :partial => 'shared/select_categories', :locals => {:object_name => 'profile_data', :multiple => true}, :layout => false
+    render :template => 'shared/update_categories', :locals => { :category => @current_category }
   end
  
   def header_footer
@@ -27,7 +27,7 @@ class TasksController &lt; MyProfileController
             task.send(decision)
           rescue Exception => ex
             message = "#{task.title} (#{task.requestor ? task.requestor.name : task.author_name})"
-            failed[ex.clean_message] ? failed[ex.clean_message] << message : failed[ex.clean_message] = [message]
+            failed[ex.message] ? failed[ex.message] << message : failed[ex.message] = [message]
           end
         end
       end
@@ -140,12 +140,8 @@ class AccountController &lt; ApplicationController
                                params[:new_password_confirmation])
         session[:notice] = _('Your password has been changed successfully!')
         redirect_to :action => 'index'
-      rescue User::IncorrectPassword => e
-        session[:notice] = _('The supplied current password is incorrect.')
-        render :action => 'change_password'
+      rescue Exception
       end
-    else
-      render :action => 'change_password'
     end
   end
  
@@ -171,12 +167,12 @@ class AccountController &lt; ApplicationController
         render :action => 'password_recovery_sent'
       rescue ActiveRecord::RecordNotFound
         if params[:value].blank?
-          @change_password.errors.add_to_base(_('Can not recover user password with blank value.'))
+          @change_password.errors[:base] << _('Can not recover user password with blank value.')
         else
-          @change_password.errors.add_to_base(_('Could not find any user with %s equal to "%s".') % [fields_label, params[:value]])
+          @change_password.errors[:base] << _('Could not find any user with %s equal to "%s".') % [fields_label, params[:value]]
         end
       rescue ActiveRecord::RecordInvald
-        @change_password.errors.add_to_base(_('Could not perform password recovery for the user.'))
+        @change_password.errors[:base] << _('Could not perform password recovery for the user.')
       end
     end
   end
@@ -19,7 +19,7 @@ class ChatController &lt; PublicController
   def avatar
     profile = environment.profiles.find_by_identifier(params[:id])
     filename, mimetype = profile_icon(profile, :minor, true)
-    data = File.read(File.join(RAILS_ROOT, 'public', filename))
+    data = File.read(File.join(Rails.root, 'public', filename))
     render :text => data, :layout => false, :content_type => mimetype
     expires_in 24.hours
   end
+require 'diffy'
+
 class ContentViewerController < ApplicationController
  
   needs_profile
@@ -6,47 +8,32 @@ class ContentViewerController &lt; ApplicationController
   helper TagsHelper
  
   def view_page
-    path = params[:page].join('/')
+    path = get_path(params[:page], params[:format])
+
     @version = params[:version].to_i
  
     if path.blank?
-      @page = profile.home_page
-      if @page.nil?
-        redirect_to :controller => 'profile', :action => 'index', :profile => profile.identifier
-        return
-      end
+      @page = profile.home_page 
+      return if redirected_to_profile_index
     else
       @page = profile.articles.find_by_path(path)
-      unless @page
-        page_from_old_path = profile.articles.find_by_old_path(path)
-        if page_from_old_path
-          redirect_to profile.url.merge(:page => page_from_old_path.explode_path)
-          return
-        end
-      end
+      return if redirected_page_from_old_path(path)
     end
  
     return unless allow_access_to_page(path)
  
     if @version > 0
       return render_access_denied unless @page.display_versions?
-      @versioned_article = @page.versions.find_by_version(@version)
-      if @versioned_article && @page.versions.latest.version != @versioned_article.version
-        render :template => 'content_viewer/versioned_article.rhtml'
-        return
-      end
+      return if rendered_versioned_article
     end
  
-    redirect_to_translation if @page.profile.redirect_l10n
+    redirect_to_translation and return if @page.profile.redirect_l10n
  
-    if request.post?
-      if @page.forum? && @page.has_terms_of_use && params[:terms_accepted] == "true"
-        @page.add_agreed_user(user)
-      end
-    elsif !@page.parent.nil? && @page.parent.forum?
-      unless @page.parent.agrees_with_terms?(user)
-        redirect_to @page.parent.url
-      end
+    if request.post? && @page.forum?
+      process_forum_terms_of_use(user, params[:terms_accepted])
+    elsif is_a_forum_topic?(@page)
+      redirect_to @page.parent.url unless @page.parent.agrees_with_terms?(user)
+      return
     end
  
     # At this point the page will be showed
@@ -54,64 +41,22 @@ class ContentViewerController &lt; ApplicationController
  
     @page = FilePresenter.for @page
  
-    if @page.download? params[:view]
-      headers['Content-Type'] = @page.mime_type
-      headers.merge! @page.download_headers
-      data = @page.data
-
-      # TODO test the condition
-      if data.nil?
-        raise "No data for file"
-      end
-
-      render :text => data, :layout => false
-      return
-    end
+    return if rendered_file_download(params[:view])
  
     @form_div = params[:form]
  
     #FIXME see a better way to do this. It's not need to pass this variable anymore
     @comment = Comment.new
  
-    if @page.has_posts?
-      posts = if params[:year] and params[:month]
-        filter_date = DateTime.parse("#{params[:year]}-#{params[:month]}-01")
-        @page.posts.by_range(filter_date..filter_date.at_end_of_month)
-      else
-        @page.posts
-      end
-
-      #FIXME Need to run this before the pagination because this version of
-      #      will_paginate returns a will_paginate collection instead of a
-      #      relation.
-      blog_with_translation = @page.blog? && @page.display_posts_in_current_language?
-      posts = posts.native_translations if blog_with_translation
-
-      @posts = posts.paginate({ :page => params[:npage], :per_page => @page.posts_per_page }.merge(Article.display_filter(user, profile)))
-
-      if blog_with_translation
-        @posts.replace @posts.map{ |p| p.get_translation_to(FastGettext.locale) }.compact
-      end
-    end
+    process_page_posts(params)
  
     if @page.folder? && @page.gallery?
-      @images = @page.images.select{ |a| a.display_to? user }
-      @images = @images.paginate(:per_page => per_page, :page => params[:npage]) unless params[:slideshow]
+      @images = get_images(@page, params[:npage], params[:slideshow])
     end
  
-    @unfollow_form = params[:unfollow] && params[:unfollow] == 'true'
-    if params[:unfollow] && params[:unfollow] == 'commit' && request.post?
-      @page.followers -= [params[:email]]
-      if @page.save
-        session[:notice] = _("Notification of new comments to '%s' was successfully canceled") % params[:email]
-      end
-    end
+    process_page_followers(params)
  
-    @comments = @page.comments.without_spam
-    @comments = @plugins.filter(:unavailable_comments, @comments)
-    @comments_count = @comments.count
-    @comments = @comments.without_reply.paginate(:per_page => per_page, :page => params[:comment_page] )
-    @comment_order = params[:comment_order].nil? ? 'oldest' : params[:comment_order]
+    process_comments(params)
  
     if request.xhr? and params[:comment_order]
       if @comment_order == 'newest'
@@ -123,12 +68,20 @@ class ContentViewerController &lt; ApplicationController
  
     if params[:slideshow]
       render :action => 'slideshow', :layout => 'slideshow'
+      return
     end
+    render :view_page, :formats => [:html]
   end
  
-  def article_versions
+  def versions_diff
     path = params[:page].join('/')
     @page = profile.articles.find_by_path(path)
+    @v1, @v2 = @page.versions.find_by_version(params[:v1]), @page.versions.find_by_version(params[:v2])
+  end
+
+  def article_versions
+    path = params[:page]
+    @page = profile.articles.find_by_path(path)
     return unless allow_access_to_page(path)
  
     render_access_denied unless @page.display_versions?
@@ -173,7 +126,7 @@ class ContentViewerController &lt; ApplicationController
     elsif !@page.display_to?(user)
       if !profile.public?
         private_profile_partial_parameters
-        render :template => 'profile/_private_profile.rhtml', :status => 403
+        render :template => 'profile/_private_profile', :status => 403
         allowed = false
       else #if !profile.visible?
         render_access_denied
@@ -192,4 +145,126 @@ class ContentViewerController &lt; ApplicationController
     user_agent.match(/\(.*https?:\/\/.*\)/)
   end
  
+  def get_path(page, format = nil)
+    path = page
+    path = path.join('/') if path.kind_of?(Array)
+    path = "#{path}.#{format}" if format
+
+    return path
+  end
+
+  def redirected_to_profile_index
+    if @page.nil?
+      redirect_to :controller => 'profile', :action => 'index', :profile => profile.identifier
+      return true
+    end
+
+    return false
+  end
+
+  def redirected_page_from_old_path(path)
+    unless @page
+      page_from_old_path = profile.articles.find_by_old_path(path)
+      if page_from_old_path
+        redirect_to profile.url.merge(:page => page_from_old_path.explode_path)
+        return true
+      end
+    end
+
+    return false
+  end
+
+  def process_forum_terms_of_use(user, terms_accepted = nil)
+    if @page.forum? && @page.has_terms_of_use && terms_accepted == "true"
+      @page.add_agreed_user(user)
+    end
+  end 
+
+  def is_a_forum_topic? (page)
+    return (!@page.parent.nil? && @page.parent.forum?)
+  end
+
+  def rendered_versioned_article
+    @versioned_article = @page.versions.find_by_version(@version)
+    if @versioned_article && @page.versions.latest.version != @versioned_article.version
+      render :template => 'content_viewer/versioned_article.html.erb'
+      return true
+    end
+
+    return false
+  end
+
+  def rendered_file_download(view = nil)
+    if @page.download? view
+      headers['Content-Type'] = @page.mime_type
+      headers.merge! @page.download_headers
+      data = @page.data
+
+      # TODO test the condition
+      if data.nil?
+        raise "No data for file"
+      end
+
+      render :text => data, :layout => false
+      return true
+    end
+
+    return false
+  end
+
+  def process_page_posts(params)
+    if @page.has_posts?
+      posts = get_posts(params[:year], params[:month])
+
+      #FIXME Need to run this before the pagination because this version of
+      #      will_paginate returns a will_paginate collection instead of a
+      #      relation.
+      posts = posts.native_translations if blog_with_translation?(@page)
+
+      @posts = posts.paginate({ :page => params[:npage], :per_page => @page.posts_per_page }.merge(Article.display_filter(user, profile))).to_a
+
+      if blog_with_translation?(@page)
+        @posts.replace @posts.map{ |p| p.get_translation_to(FastGettext.locale) }.compact
+      end
+    end
+  end
+
+  def get_posts(year = nil, month = nil)
+    if year && month
+      filter_date = DateTime.parse("#{year}-#{month}-01")
+      return @page.posts.by_range(filter_date..filter_date.at_end_of_month)
+    else
+      return @page.posts
+    end
+  end
+
+  def blog_with_translation?(page)
+    return (page.blog? && page.display_posts_in_current_language?)
+  end
+
+  def get_images(page, npage, slideshow)
+    images = page.images.select{ |a| a.display_to? user }
+    images = images.paginate(:per_page => per_page, :page => npage) unless slideshow
+
+    return images
+  end
+
+  def process_page_followers(params)
+    @unfollow_form = params[:unfollow] == 'true'
+    if params[:unfollow] == 'commit' && request.post?
+      @page.followers -= [params[:email]]
+      if @page.save
+        session[:notice] = _("Notification of new comments to '%s' was successfully canceled") % params[:email]
+      end
+    end
+  end
+
+  def process_comments(params)
+    @comments = @page.comments.without_spam
+    @comments = @plugins.filter(:unavailable_comments, @comments)
+    @comments_count = @comments.count
+    @comments = @comments.without_reply.paginate(:per_page => per_page, :page => params[:comment_page] )
+    @comment_order = params[:comment_order].nil? ? 'oldest' : params[:comment_order]
+  end
+
 end
@@ -32,7 +32,7 @@ class ProfileController &lt; PublicController
     @tag = params[:id]
     @tag_cache_key = "tag_#{CGI.escape(@tag.to_s)}_#{profile.id.to_s}_page_#{params[:npage]}"
     if is_cache_expired?(@tag_cache_key)
-      @tagged = profile.find_tagged_with(@tag).paginate(:per_page => 20, :page => params[:npage])
+      @tagged = profile.tagged_with(@tag).paginate(:per_page => 20, :page => params[:npage])
     end
   end
  
@@ -158,7 +158,7 @@ class ProfileController &lt; PublicController
       session[:notice] = _("You have unblocked %s successfully. ") % profile.name
       redirect_to :controller => 'profile', :action => 'index'
     else
-      message = __('You are not allowed to unblock enterprises in this environment.')
+      message = _('You are not allowed to unblock enterprises in this environment.')
       render_access_denied(message)
     end
   end
@@ -210,7 +210,7 @@ class ProfileController &lt; PublicController
  
     render :update do |page|
       page.insert_html :bottom, 'profile-wall-activities-comments-'+params[:activity],
-        :partial => 'comment', :collection => activity.comments.paginate(:per_page => comments_per_page, :page => comment_page)
+        :partial => 'comment', :collection => activity.comments.flatten.paginate(:per_page => comments_per_page, :page => comment_page)
  
       if no_more_pages
         page.remove 'profile-wall-activities-comments-more-'+params[:activity]
@@ -29,7 +29,7 @@ class SearchController &lt; PublicController
       @asset = key
       send(key)
       @order << key
-      @names[key] = getterm(description)
+      @names[key] = _(description)
     end
     @asset = nil
  
@@ -80,7 +80,7 @@ class SearchController &lt; PublicController
   end
  
   def enterprises
-    @scope = visible_profiles(Enterprise, [{:products => :product_category}])
+    @scope = visible_profiles(Enterprise)
     full_text_search
   end
  
@@ -133,7 +133,7 @@ class SearchController &lt; PublicController
     @tag = params[:tag]
     @tag_cache_key = "tag_#{CGI.escape(@tag.to_s)}_env_#{environment.id.to_s}_page_#{params[:npage]}"
     if is_cache_expired?(@tag_cache_key)
-      @searches[@asset] = {:results => environment.articles.find_tagged_with(@tag).paginate(paginate_options)}
+      @searches[@asset] = {:results => environment.articles.tagged_with(@tag).paginate(paginate_options)}
     end
   end
  
@@ -159,7 +159,7 @@ class SearchController &lt; PublicController
     if params[:category_path].blank?
       render_not_found if params[:action] == 'category_index'
     else
-      path = params[:category_path].join('/')
+      path = params[:category_path]
       @category = environment.categories.find_by_path(path)
       if @category.nil?
         render_not_found(path)
@@ -15,12 +15,17 @@ module AccountHelper
  
   def suggestion_based_on_username(requested_username='')
     return "" if requested_username.empty?
+
+    requested_username = requested_username.downcase.tr("^#{Profile::IDENTIFIER_FORMAT}", '')
     usernames = []
+    tries = 0
     3.times do
       begin
         valid_name = requested_username + rand(1000).to_s
-      end while (usernames.include?(valid_name) || !Person.is_available?(valid_name, environment))
-      usernames << valid_name
+        tries += 1
+        invalid = usernames.include?(valid_name) || !Person.is_available?(valid_name, environment)
+      end while tries <= 10 && invalid
+      usernames << valid_name unless invalid
     end
     usernames
   end
+# encoding: UTF-8
+
 require 'redcloth'
  
 # Methods added to this helper will be available to all templates in the
@@ -175,7 +177,7 @@ module ApplicationHelper
   # should be a current profile (i.e. while viewing some profile's pages, or the
   # profile info, etc), because if there is no profile an exception is thrown.
   def profile
-    @controller.send(:profile)
+    controller.send(:profile)
   end
  
   def category_color
@@ -277,10 +279,9 @@ module ApplicationHelper
     options[:class].nil? ?
       options[:class]='button-bar' :
       options[:class]+=' button-bar'
-    concat(content_tag('div', capture(&block) + tag('br', :style => 'clear: left;'), options))
+    concat(content_tag('div', capture(&block).to_s + tag('br', :style => 'clear: left;'), options))
   end
  
-  VIEW_EXTENSIONS = %w[.rhtml .html.erb]
  
   def partial_for_class_in_view_path(klass, view_path, prefix = nil, suffix = nil)
     return nil if klass.nil?
@@ -294,10 +295,8 @@ module ApplicationHelper
       search_name = "_" + search_name
     end
  
-    VIEW_EXTENSIONS.each do |ext|
-      path = defined?(params) && params[:controller] ? File.join(view_path, params[:controller], search_name+ext) : File.join(view_path, search_name+ext)
-      return name if File.exists?(File.join(path))
-    end
+    path = defined?(params) && params[:controller] ? File.join(view_path, params[:controller], search_name + '.html.erb') : File.join(view_path, search_name + '.html.erb')
+    return name if File.exists?(File.join(path))
  
     partial_for_class_in_view_path(klass.superclass, view_path, prefix, suffix)
   end
@@ -305,7 +304,7 @@ module ApplicationHelper
   def partial_for_class(klass, prefix=nil, suffix=nil)
     raise ArgumentError, 'No partial for object. Is there a partial for any class in the inheritance hierarchy?' if klass.nil?
     name = klass.name.underscore
-    @controller.view_paths.each do |view_path|
+    controller.view_paths.reverse_each do |view_path|
       partial = partial_for_class_in_view_path(klass, view_path, prefix, suffix)
       return partial if partial
     end
@@ -317,15 +316,13 @@ module ApplicationHelper
     raise ArgumentError, 'No profile actions view for this class.' if klass.nil?
  
     name = klass.name.underscore
-    VIEW_EXTENSIONS.each do |ext|
-      return "blocks/profile_info_actions/"+name+ext if File.exists?(File.join(RAILS_ROOT, 'app', 'views', 'blocks', 'profile_info_actions', name+ext))
-    end
+    return "blocks/profile_info_actions/" + name + '.html.erb' if File.exists?(Rails.root.join('app', 'views', 'blocks', 'profile_info_actions', name + '.html.erb'))
  
     view_for_profile_actions(klass.superclass)
   end
  
   def user
-    @controller.send(:user)
+    controller.send(:user)
   end
  
   # DEPRECATED. Do not use this.
@@ -337,7 +334,7 @@ module ApplicationHelper
       "\n" +
       sources.flatten.map do |source|
         filename = filename_for_stylesheet(source.to_s, themed_source)
-        if File.exists?(File.join(RAILS_ROOT, 'public', filename))
+        if File.exists?(Rails.root.join('public', filename[1..-1]))
           "@import url(#{filename});\n"
         else
           "/* Not included: url(#{filename}) */\n"
@@ -378,10 +375,10 @@ module ApplicationHelper
           # utility for developers: set the theme to 'random' in development mode and
           # you will get a different theme every request. This is interesting for
           # testing
-          if ENV['RAILS_ENV'] == 'development' && environment.theme == 'random'
+          if Rails.env.development? && environment.theme == 'random'
             @random_theme ||= Dir.glob('public/designs/themes/*').map { |f| File.basename(f) }.rand
             @random_theme
-          elsif ENV['RAILS_ENV'] == 'development' && respond_to?(:params) && params[:theme] && File.exists?(File.join(Rails.root, 'public/designs/themes', params[:theme]))
+          elsif Rails.env.development? && respond_to?(:params) && params[:theme] && File.exists?(Rails.root.join('public/designs/themes', params[:theme]))
             params[:theme]
           else
             if profile && !profile.theme.nil?
@@ -404,10 +401,10 @@ module ApplicationHelper
   end
  
   def theme_view_file(template)
-    ['.rhtml', '.html.erb'].each do |ext|
-      file = (RAILS_ROOT + '/public' + theme_path + '/' + template + ext)
-      return file if File.exists?(file)
-    end
+    # Since we cannot control what people are doing in external themes, we
+    # will keep looking for the deprecated .rhtml extension here.
+    file = Rails.root.join('public', theme_path[1..-1], template + '.html.erb')
+    return file if File.exists?(file)
     nil
   end
  
@@ -423,7 +420,7 @@ module ApplicationHelper
  
   def theme_favicon
     return '/designs/themes/' + current_theme + '/favicon.ico' if profile.nil? || profile.theme.nil?
-    if File.exists?(File.join(RAILS_ROOT, 'public', theme_path, 'favicon.ico'))
+    if File.exists?(Rails.root.join('public', theme_path, 'favicon.ico'))
       '/designs/themes/' + profile.theme + '/favicon.ico'
     else
       favicon = profile.articles.find_by_path('favicon.ico')
@@ -452,7 +449,7 @@ module ApplicationHelper
   end
  
   def is_testing_theme
-    !@controller.session[:theme].nil?
+    !controller.session[:theme].nil?
   end
  
   def theme_owner
@@ -493,7 +490,7 @@ module ApplicationHelper
   end
  
   def default_or_themed_icon(icon)
-    if File.exists?(File.join(Rails.root, 'public', theme_path, icon))
+    if File.exists?(Rails.root.join('public', theme_path, icon))
       theme_path + icon
     else
       icon
@@ -514,24 +511,25 @@ module ApplicationHelper
  
   def profile_cat_icons( profile )
     if profile.class == Enterprise
-      icons = profile.product_categories.map{ |c| c.size > 1 ? c[1] : nil }.
-        compact.uniq.map do |c|
-          cat_name = c.gsub( /[-_\s,.;'"]+/, '_' )
-          cat_icon = "/images/icons-cat/#{cat_name}.png"
-          if ! File.exists? RAILS_ROOT.to_s() + '/public/' + cat_icon
-            cat_icon = '/images/icons-cat/undefined.png'
-          end
-          content_tag('span',
-            content_tag( 'span', c ),
-            :title => c,
-            :class => 'product-cat-icon cat_icon_' + cat_name,
-            :style => "background-image:url(#{cat_icon})"
-          )
-        end.join("\n").html_safe
-        content_tag('div',
-          content_tag( 'span', _('Principal Product Categories'), :class => 'header' ) +"\n"+ icons,
-          :class => 'product-category-icons'
+      icons = profile.product_categories.unique_by_level(2).limit(3).map do |c|
+        filtered_category = c.filtered_category.blank? ? c.path.split('/').last : c.filtered_category
+        category_title = filtered_category.split(/[-_\s,.;'"]+/).map(&:capitalize).join(' ')
+        category_name = category_title.gsub(' ', '_' )
+        category_icon = "/images/icons-cat/#{category_name}.png"
+        if ! File.exists?(Rails.root.join('public', category_icon))
+          category_icon = '/images/icons-cat/undefined.png'
+        end
+        content_tag('span',
+          content_tag( 'span', category_title ),
+          :title => category_title,
+          :class => 'product-cat-icon cat_icon_' + category_name,
+          :style => "background-image:url(#{category_icon})"
         )
+      end.join("\n").html_safe
+      content_tag('div',
+        content_tag( 'span', _('Principal Product Categories'), :class => 'header' ) +"\n"+ icons,
+        :class => 'product-category-icons'
+      )
     else
       ''
     end
@@ -573,7 +571,7 @@ module ApplicationHelper
   # #profile_image) and its name below it.
   def profile_image_link( profile, size=:portrait, tag='li', extra_info = nil )
     if content = @plugins.dispatch_first(:profile_image_link, profile, size, tag, extra_info)
-      return instance_eval(&content)
+      return instance_exec(&content)
     end
     name = profile.short_name
     if profile.person?
@@ -591,7 +589,7 @@ module ApplicationHelper
     extra_info = extra_info.nil? ? '' : content_tag( 'span', extra_info, :class => 'extra_info' )
     links = links_for_balloon(profile)
     content_tag('div', content_tag(tag,
-                                   (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ? link_to( content_tag( 'span', _('Profile links')), '#', :onclick => "toggleSubmenu(this, '#{profile.short_name}', #{links.to_json}); return false", :class => "menu-submenu-trigger #{trigger_class}", :url => url) : "") +
+                                   (environment.enabled?(:show_balloon_with_profile_links_when_clicked) ? link_to( content_tag( 'span', _('Profile links')), '#', :onclick => "toggleSubmenu(this, '#{profile.short_name}', #{CGI::escapeHTML(links.to_json)}); return false", :class => "menu-submenu-trigger #{trigger_class}", :url => url) : "") +
     link_to(
       content_tag( 'span', profile_image( profile, size ), :class => 'profile-image' ) +
       content_tag( 'span', h(name), :class => ( profile.class == Person ? 'fn' : 'org' ) ) +
@@ -623,7 +621,7 @@ module ApplicationHelper
   end
  
   def theme_option(opt = nil)
-    conf = RAILS_ROOT.to_s() +
+    conf = Rails.root.to_s() +
            '/public' + theme_path +
            '/theme.yml'
     if File.exists?(conf)
@@ -650,7 +648,7 @@ module ApplicationHelper
       lightbox_link_to '<span class="icon-menu-search"></span>'+ _('Search'), {
                        :controller => 'search',
                        :action => 'popup',
-                       :category_path => (@category ? @category.explode_path : []) },
+                       :category_path => (@category ? @category.explode_path : nil)},
                        :id => 'open_search'
     end
   end
@@ -662,7 +660,7 @@ module ApplicationHelper
     option.each do |file|
       file = theme_path +
              '/javascript/'+ file +'.js'
-      if File.exists? RAILS_ROOT.to_s() +'/public'+ file
+      if File.exists? Rails.root.to_s() +'/public'+ file
         html << javascript_src_tag( file, {} )
       else
         html << '<!-- Not included: '+ file +' -->'
@@ -673,7 +671,7 @@ module ApplicationHelper
  
   def theme_javascript_ng
     script = File.join(theme_path, 'theme.js')
-    if File.exists?(File.join(Rails.root, 'public', script))
+    if File.exists?(Rails.root.join('public', script))
       javascript_include_tag script
     else
       nil
@@ -736,6 +734,10 @@ module ApplicationHelper
     (field_helpers - %w(hidden_field)).each do |selector|
       src = <<-END_SRC
         def #{selector}(field, *args, &proc)
+          begin
+            object ||= @template.instance_variable_get("@"+object_name.to_s)
+          rescue
+          end
           text = object.class.respond_to?(:human_attribute_name) && object.class.human_attribute_name(field.to_s) || field.to_s.humanize
           NoosferoFormBuilder::output_field(text, super)
         end
@@ -767,7 +769,7 @@ module ApplicationHelper
         end
       }
       html += "<br />\n".html_safe if line_size == 0 || ( values.size % line_size ) > 0
-      column = object.class.columns_hash[method.to_s]
+      column = object.class.columns_hash[method.to_s] if object
       text =
         ( column ?
           column.human_name :
@@ -803,9 +805,8 @@ module ApplicationHelper
     fields_for(name, object, { :builder => NoosferoFormBuilder }.merge(options), &proc)
   end
  
-  def labelled_form_for(name, object = nil, options = {}, &proc)
-    object ||= instance_variable_get("@#{name}")
-    form_for(name, object, { :builder => NoosferoFormBuilder }.merge(options), &proc)
+  def labelled_form_for(name, options = {}, &proc)
+    form_for(name, { :builder => NoosferoFormBuilder }.merge(options), &proc)
   end
  
   def optional_field(profile, name, field_html = nil, only_required = false, &block)
@@ -862,6 +863,7 @@ module ApplicationHelper
     article_helper = ActionView::Base.new
     article_helper.controller = controller
     article_helper.extend ArticleHelper
+    article_helper.extend Rails.application.routes.url_helpers
     begin
       class_name = article.class.name + 'Helper'
       klass = class_name.constantize
@@ -887,19 +889,31 @@ module ApplicationHelper
     end
   end
  
+  def icon_theme_stylesheet_path
+    icon_themes = []
+    theme_icon_themes = theme_option(:icon_theme) || []
+    for icon_theme in theme_icon_themes do
+      theme_path = "/designs/icons/#{icon_theme}/style.css"
+      if File.exists?(Rails.root.join('public', theme_path[1..-1]))
+        icon_themes << theme_path
+      end
+    end
+    icon_themes
+  end
+
   def page_title
     (@page ? @page.title + ' - ' : '') +
     (@topic ? @topic.title + ' - ' : '') +
     (@section ? @section.title + ' - ' : '') +
     (@toc ? _('Online Manual') + ' - ' : '') +
-    (@controller.controller_name == 'chat' ? _('Chat') + ' - ' : '') +
+    (controller.controller_name == 'chat' ? _('Chat') + ' - ' : '') +
     (profile ? profile.short_name : environment.name) +
     (@category ? " - #{@category.full_name}" : '')
   end
  
   # DEPRECATED. Do not use this.
   def import_controller_stylesheets(options = {})
-    stylesheet_import( "controller_"+ @controller.controller_name(), options )
+    stylesheet_import( "controller_"+ controller.controller_name(), options )
   end
  
   def link_to_email(email)
@@ -913,7 +927,7 @@ module ApplicationHelper
   def article_to_html(article, options = {})
     options.merge!(:page => params[:npage])
     content = article.to_html(options)
-    content = content.kind_of?(Proc) ? self.instance_eval(&content).html_safe : content.html_safe
+    content = content.kind_of?(Proc) ? self.instance_exec(&content).html_safe : content.html_safe
     filter_html(content, article)
   end
  
@@ -947,14 +961,6 @@ module ApplicationHelper
     html
   end
  
-  def colorpicker_field(object_name, method, options = {})
-    text_field(object_name, method, options.merge(:class => 'colorpicker_field'))
-  end
-
-  def colorpicker_field_tag(name, value = nil, options = {})
-    text_field_tag(name, value, options.merge(:class => 'colorpicker_field'))
-  end
-
   def ui_icon(icon_class, extra_class = '')
     "<span class='ui-icon #{icon_class} #{extra_class}' style='float:left; margin-right:7px;'></span>".html_safe
   end
@@ -968,7 +974,7 @@ module ApplicationHelper
   end
  
   def jquery_theme
-    theme_option(:jquery_theme) || 'smoothness_mod'
+    theme_option(:jquery_theme) || 'smoothness'
   end
  
   def ui_error(message)
@@ -996,17 +1002,26 @@ module ApplicationHelper
   def display_category_menu(block, categories, root = true)
     categories = categories.sort{|x,y| x.name <=> y.name}
     return "" if categories.blank?
-    content_tag(:ul,
+    content_tag(:ul) do
       categories.map do |category|
         category_path = category.kind_of?(ProductCategory) ? {:controller => 'search', :action => 'assets', :asset => 'products', :product_category => category.id} : { :controller => 'search', :action => 'category_index', :category_path => category.explode_path }
-        category.display_in_menu? ?
-        content_tag(:li,
-          ( !category.is_leaf_displayable_in_menu? ? content_tag(:a, collapsed_item_icon, :href => "#", :id => "block_#{block.id}_category_#{category.id}", :class => 'category-link-expand ' + (root ? 'category-root' : 'category-no-root'), :onclick => "expandCategory(#{block.id}, #{category.id}); return false", :style => 'display: none') : leaf_item_icon) +
-          link_to(content_tag(:span, category.name, :class => 'category-name'), category_path, :class => ("category-leaf" if category.is_leaf_displayable_in_menu?)) +
-          content_tag(:div, display_category_menu(block, category.children, false), :id => "block_#{block.id}_category_content_#{category.id}", :class => 'child-category')
-        ) : ''
-      end
-    ) +
+        if category.display_in_menu?
+          content_tag(:li) do
+            if !category.is_leaf_displayable_in_menu?
+              content_tag(:a, collapsed_item_icon, :href => "#", :id => "block_#{block.id}_category_#{category.id}", :class => "category-link-expand " + (root ? "category-root" : "category-no-root"), :onclick => "expandCategory(#{block.id}, #{category.id}); return false", :style => "display: none")
+            else
+              leaf_item_icon
+            end +
+            link_to(content_tag(:span, category.name, :class => "category-name"), category_path, :class => ("category-leaf" if category.is_leaf_displayable_in_menu?)) +
+            content_tag(:div, :id => "block_#{block.id}_category_content_#{category.id}", :class => 'child-category') do
+              display_category_menu(block, category.children, false)
+            end
+          end
+        else
+          ""
+        end
+      end.join.html_safe
+    end +
     content_tag(:p) +
     (root ? javascript_tag("
       jQuery('.child-category').hide();
@@ -1027,8 +1042,8 @@ module ApplicationHelper
       links.push(_('New content') => colorbox_options({:href => url_for({:controller => 'cms', :action => 'new', :profile => current_user.login, :cms => true})}))
     end
  
-    link_to(content_tag(:span, _('Contents'), :class => 'icon-menu-articles'), {:controller => "search", :action => 'contents', :category_path => ''}, :id => 'submenu-contents') +
-    link_to(content_tag(:span, _('Contents menu')), '#', :onclick => "toggleSubmenu(this,'',#{links.to_json}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-contents-trigger')
+    link_to(content_tag(:span, _('Contents'), :class => 'icon-menu-articles'), {:controller => "search", :action => 'contents', :category_path => nil}, :id => 'submenu-contents') +
+    link_to(content_tag(:span, _('Contents menu')), '#', :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-contents-trigger')
   end
   alias :browse_contents_menu :search_contents_menu
  
@@ -1044,7 +1059,7 @@ module ApplicationHelper
      end
  
     link_to(content_tag(:span, _('People'), :class => 'icon-menu-people'), {:controller => "search", :action => 'people', :category_path => ''}, :id => 'submenu-people') +
-    link_to(content_tag(:span, _('People menu')), '#', :onclick => "toggleSubmenu(this,'',#{links.to_json}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-people-trigger')
+    link_to(content_tag(:span, _('People menu')), '#', :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-people-trigger')
   end
   alias :browse_people_menu :search_people_menu
  
@@ -1060,7 +1075,7 @@ module ApplicationHelper
      end
  
     link_to(content_tag(:span, _('Communities'), :class => 'icon-menu-community'), {:controller => "search", :action => 'communities'}, :id => 'submenu-communities') +
-    link_to(content_tag(:span, _('Communities menu')), '#', :onclick => "toggleSubmenu(this,'',#{links.to_json}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-communities-trigger')
+    link_to(content_tag(:span, _('Communities menu')), '#', :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false", :class => 'menu-submenu-trigger up', :id => 'submenu-communities-trigger')
   end
   alias :browse_communities_menu :search_communities_menu
  
@@ -1072,7 +1087,7 @@ module ApplicationHelper
   def render_environment_features(folder)
     result = ''
     environment.enabled_features.keys.each do |feature|
-      file = File.join(@controller.view_paths.last, 'shared', folder.to_s, "#{feature}.rhtml")
+      file = Rails.root.join('app/views/shared', folder.to_s, "#{feature}.html.erb")
       if File.exists?(file)
         result << render(:file => file, :use_full_path => false)
       end
@@ -1085,10 +1100,10 @@ module ApplicationHelper
       link_to_all = nil
       if list.count > 5
         list = list.first(5)
-        link_to_all = link_to(content_tag('strong', _('See all')), :controller => 'memberships', :profile => current_user.login)
+        link_to_all = link_to(content_tag('strong', _('See all')), :controller => 'memberships', :profile => user.identifier)
       end
       link = list.map do |element|
-        link_to(content_tag('strong', [_('<span>Manage</span> %s') % element.short_name(25)]), @environment.top_url + "/myprofile/#{element.identifier}", :class => "icon-menu-"+element.class.identification.underscore, :title => [_('Manage %s') % element.short_name])
+        link_to(content_tag('strong', _('<span>Manage</span> %s') % element.short_name(25)), element.admin_url, :class => "icon-menu-"+element.class.identification.underscore, :title => _('Manage %s') % element.short_name)
       end
       if link_to_all
         link << link_to_all
@@ -1098,29 +1113,33 @@ module ApplicationHelper
   end
  
   def manage_enterprises
-    return unless user && user.environment.enabled?(:display_my_enterprises_on_user_menu)
-    manage_link(user.enterprises, :enterprises)
+    return '' unless user && user.environment.enabled?(:display_my_enterprises_on_user_menu)
+    manage_link(user.enterprises, :enterprises).to_s
   end
  
   def manage_communities
-    return unless user && user.environment.enabled?(:display_my_communities_on_user_menu)
+    return '' unless user && user.environment.enabled?(:display_my_communities_on_user_menu)
     administered_communities = user.communities.more_popular.select {|c| c.admins.include? user}
-    manage_link(administered_communities, :communities)
+    manage_link(administered_communities, :communities).to_s
+  end
+
+  def admin_link
+    user.is_admin?(environment) ? link_to('<i class="icon-menu-admin"></i><strong>' + _('Administration') + '</strong>', environment.admin_url, :title => _("Configure the environment"), :class => 'admin-link') : ''
   end
  
   def usermenu_logged_in
     pending_tasks_count = ''
     count = user ? Task.to(user).pending.count : -1
     if count > 0
-      pending_tasks_count = link_to(count.to_s, @environment.top_url + '/myprofile/{login}/tasks', :id => 'pending-tasks-count', :title => _("Manage your pending tasks"))
+      pending_tasks_count = link_to(count.to_s, user.tasks_url, :id => 'pending-tasks-count', :title => _("Manage your pending tasks"))
     end
  
-    (_("<span class='welcome'>Welcome,</span> %s") % link_to('<i style="background-image:url({avatar})"></i><strong>{login}</strong>', @environment.top_url + '/{login}', :id => "homepage-link", :title => _('Go to your homepage'))) +
+    (_("<span class='welcome'>Welcome,</span> %s") % link_to("<i style='background-image:url(#{user.profile_custom_icon(gravatar_default)})'></i><strong>#{user.identifier}</strong>", user.public_profile_url, :id => "homepage-link", :title => _('Go to your homepage'))) +
     render_environment_features(:usermenu) +
-    link_to('<i class="icon-menu-admin"></i><strong>' + _('Administration') + '</strong>', @environment.top_url + '/admin', :title => _("Configure the environment"), :class => 'admin-link', :style => 'display: none') +
-    manage_enterprises.to_s +
-    manage_communities.to_s +
-    link_to('<i class="icon-menu-ctrl-panel"></i><strong>' + _('Control panel') + '</strong>', @environment.top_url + '/myprofile/{login}', :class => 'ctrl-panel', :title => _("Configure your personal account and content")) +
+    admin_link +
+    manage_enterprises +
+    manage_communities +
+    link_to('<i class="icon-menu-ctrl-panel"></i><strong>' + _('Control panel') + '</strong>', user.admin_url, :class => 'ctrl-panel', :title => _("Configure your personal account and content")) +
     pending_tasks_count +
     link_to('<i class="icon-menu-logout"></i><strong>' + _('Logout') + '</strong>', { :controller => 'account', :action => 'logout'} , :id => "logout", :title => _("Leave the system"))
   end
@@ -1130,7 +1149,7 @@ module ApplicationHelper
       text_area(object_name, method, { :id => text_area_id, :onkeyup => "limited_text_area('#{text_area_id}', #{limit})" }.merge(options)),
       content_tag(:p, content_tag(:span, limit) + ' ' + _(' characters left'), :id => text_area_id + '_left'),
       content_tag(:p, _('Limit of characters reached'), :id => text_area_id + '_limit', :style => 'display: none')
-    ], :class => 'limited-text-area')
+    ].join, :class => 'limited-text-area')
   end
  
   def expandable_text_area(object_name, method, text_area_id, options = {})
@@ -1148,6 +1167,7 @@ module ApplicationHelper
   #FIXME Use time_ago_in_words instead of this method if you're using Rails 2.2+
   def time_ago_as_sentence(from_time, include_seconds = false)
     to_time = Time.now
+    from_time = Time.parse(from_time.to_s)
     from_time = from_time.to_time if from_time.respond_to?(:to_time)
     to_time = to_time.to_time if to_time.respond_to?(:to_time)
     distance_in_minutes = (((to_time - from_time).abs)/60).round
@@ -1328,6 +1348,25 @@ module ApplicationHelper
     expirable_content_reference content, action, text, url, options
   end
  
+  def error_messages_for(*args)
+    options = args.pop if args.last.is_a?(Hash)
+    errors = []
+    args.each do |name|
+      object = instance_variable_get("@#{name}")
+      object.errors.full_messages.each do |msg|
+        errors << msg
+      end if object
+    end
+    return '' if errors.empty?
+
+    content_tag(:div, :class => 'errorExplanation', :id => 'errorExplanation') do
+      content_tag(:h2, _('Errors while saving')) +
+      content_tag(:ul) do
+        errors.map { |err| content_tag(:li, err) }.join
+      end
+    end
+  end
+
   def private_profile_partial_parameters
     if profile.person?
       @action = :add_friend
@@ -1357,7 +1396,7 @@ module ApplicationHelper
     doc.search('.macro').each do |macro|
       macro_name = macro['data-macro']
       result = @plugins.parse_macro(macro_name, macro, source)
-      macro.inner_html = result.kind_of?(Proc) ? self.instance_eval(&result) : result
+      macro.inner_html = result.kind_of?(Proc) ? self.instance_exec(&result) : result
     end
     doc.html
   end
 module ArticleHelper
  
+  include PrototypeHelper
   include TokenHelper
  
   def custom_options_for_article(article, tokenized_children)
@@ -7,9 +7,9 @@ module AssetsHelper
       [ options.merge(:asset => 'articles'), "icon-menu-articles",   _('Articles') ],
       [ options.merge(:asset => 'people'), "icon-menu-people",     _('People') ],
       [ options.merge(:asset => 'products'), "icon-menu-product",    _('Products') ],
-      [ options.merge(:asset => 'enterprises'), "icon-menu-enterprise", __('Enterprises') ],
-      [ options.merge(:asset => 'communities'), "icon-menu-community",  __('Communities') ],
-      [ options.merge(:asset => 'events'), "icon-event",   __('Events') ],
+      [ options.merge(:asset => 'enterprises'), "icon-menu-enterprise", _('Enterprises') ],
+      [ options.merge(:asset => 'communities'), "icon-menu-community",  _('Communities') ],
+      [ options.merge(:asset => 'events'), "icon-event",   _('Events') ],
  
     ].select do |target, css_class, name|
       !environment.enabled?('disable_asset_' + target[:asset])
 module BoxesHelper
  
   def insert_boxes(content)
-    if @controller.send(:boxes_editor?) && @controller.send(:uses_design_blocks?)
-      content + display_boxes_editor(@controller.boxes_holder)
+    if controller.send(:boxes_editor?) && controller.send(:uses_design_blocks?)
+      content + display_boxes_editor(controller.boxes_holder)
     else
-      maybe_display_custom_element(@controller.boxes_holder, :custom_header_expanded, :id => 'profile-header') +
-      if @controller.send(:uses_design_blocks?)
-        display_boxes(@controller.boxes_holder, content)
+      maybe_display_custom_element(controller.boxes_holder, :custom_header_expanded, :id => 'profile-header') +
+      if controller.send(:uses_design_blocks?)
+        display_boxes(controller.boxes_holder, content)
       else
         content_tag('div',
           content_tag('div',
@@ -16,7 +16,7 @@ module BoxesHelper
           :class => 'no-boxes'
         )
       end +
-      maybe_display_custom_element(@controller.boxes_holder, :custom_footer_expanded, :id => 'profile-footer')
+      maybe_display_custom_element(controller.boxes_holder, :custom_footer_expanded, :id => 'profile-footer')
     end
   end
  
@@ -221,7 +221,7 @@ module BoxesHelper
  
     if block.embedable?
       embed_code = block.embed_code
-      embed_code = instance_eval(&embed_code) if embed_code.respond_to?(:call)
+      embed_code = instance_exec(&embed_code) if embed_code.respond_to?(:call)
       html = content_tag('div',
               content_tag('h2', _('Embed block code')) +
               content_tag('div', _('Below, you''ll see a field containing embed code for the block. Just copy the code and paste it into your website or blogging software.'), :style => 'margin-bottom: 1em;') +
@@ -234,7 +234,7 @@ module BoxesHelper
   end
  
   def current_blocks
-    @controller.boxes_holder.boxes.map(&:blocks).inject([]){|ac, a| ac + a}
+    controller.boxes_holder.boxes.map(&:blocks).inject([]){|ac, a| ac + a}
   end
  
   # DEPRECATED. Do not use this.
@@ -9,11 +9,9 @@ module CatalogHelper
       @categories = ProductCategory.on_level(params[:level]).order(:name)
     end
  
-    @products = profile.products.from_category(@category).paginate(
-      :order => 'available desc, highlighted desc, name asc',
-      :per_page => @profile.products_per_catalog_page,
-      :page => options[:page]
-    )
+    @products = profile.products.from_category(@category).
+      reorder('available desc, highlighted desc, name asc').
+      paginate(:per_page => @profile.products_per_catalog_page, :page => options[:page])
   end
  
   def breadcrumb(category)
@@ -41,7 +39,7 @@ module CatalogHelper
       cat_link = category_link sub_category
       sub_categories << content_tag('li', cat_link) unless cat_link.nil?
     end
-    content_tag('ul', sub_categories) if sub_categories.size > 0
+    content_tag('ul', sub_categories.join) if sub_categories.size > 0
   end
  
 end
@@ -50,10 +50,17 @@ module CategoriesHelper
  
   #FIXME make this test
   def selected_category_link(cat)
-    content_tag('div', button_to_function_without_text(:remove, _('Remove'), nil) {|page| page["selected-category-#{cat.id}"].remove} +
-      link_to_function(cat.full_name(' &rarr; '), nil, :id => "remove-selected-category-#{cat.id}-button", :class => 'select-subcategory-link') {|page| page["selected-category-#{cat.id}"].remove},
+    js_remove = "jQuery('#selected-category-#{cat.id}').remove();"
+    content_tag('div', button_to_function_without_text(:remove, _('Remove'), js_remove) +
+      link_to_function(cat.full_name(' &rarr; '), js_remove, :id => "remove-selected-category-#{cat.id}-button", :class => 'select-subcategory-link'),
       :class => 'selected-category'
     )
   end
  
+  def update_categories_link(body, category_id=nil, html_options={})
+    link_to body,
+      { :action => "update_categories", :category_id => category_id, :id => @object },
+      {:id => category_id ? "select-category-#{category_id}-link" : nil, :remote => true, :class => 'select-subcategory-link'}.merge(html_options)
+  end
+
 end
@@ -11,7 +11,7 @@ module CmsHelper
  
   def add_upload_file_field(name, locals)
     button_to_function :add, name, nil do |page|
-      page.insert_html :bottom, :uploaded_files, :partial => 'upload_file', :locals => locals, :object => UploadedFile.new
+      page.insert_html :bottom, :uploaded_files, CGI::escapeHTML(render(:partial => 'upload_file', :locals => locals, :object => UploadedFile.new))
     end
   end
  
@@ -23,7 +23,7 @@ module CommentHelper
  
   def comment_extra_contents(comment)
     @plugins.dispatch(:comment_extra_contents, comment).collect do |extra_content|
-      extra_content.kind_of?(Proc) ? self.instance_eval(&extra_content) : extra_content
+      extra_content.kind_of?(Proc) ? self.instance_exec(&extra_content) : extra_content
     end.join('\n')
   end
  
@@ -41,7 +41,7 @@ module CommentHelper
   def links_for_comment_actions(comment)
     actions = [link_for_report_abuse(comment), link_for_spam(comment), link_for_edit(comment), link_for_remove(comment)]
     @plugins.dispatch(:comment_actions, comment).collect do |action|
-      actions << (action.kind_of?(Proc) ? self.instance_eval(&action) : action)
+      actions << (action.kind_of?(Proc) ? self.instance_exec(&action) : action)
     end
     actions.flatten.compact
   end
@@ -56,9 +56,9 @@ module CommentHelper
   def link_for_spam(comment)
     if comment.can_be_marked_as_spam_by?(user)
       if comment.spam?
-        {:link => link_to_function(_('Mark as NOT SPAM'), 'remove_comment(this, %s); return false;' % url_for(:profile => profile.identifier, :mark_comment_as_ham => comment.id).to_json, :class => 'comment-footer comment-footer-link comment-footer-hide')}
+        {:link => link_to_function(_('Mark as NOT SPAM'), 'remove_comment(this, \'%s\'); return false;' % url_for(:profile => profile.identifier, :mark_comment_as_ham => comment.id), :class => 'comment-footer comment-footer-link comment-footer-hide')}
       else
-        {:link => link_to_function(_('Mark as SPAM'), 'remove_comment(this, %s, %s); return false;' % [url_for(:profile => profile.identifier, :controller => 'comment', :action => :mark_as_spam, :id => comment.id).to_json, _('Are you sure you want to mark this comment as SPAM?').to_json], :class => 'comment-footer comment-footer-link comment-footer-hide')}
+        {:link => link_to_function(_('Mark as SPAM'), 'remove_comment(this, \'%s\', \'%s\'); return false;' % [url_for(:profile => profile.identifier, :controller => 'comment', :action => :mark_as_spam, :id => comment.id), _('Are you sure you want to mark this comment as SPAM?')], :class => 'comment-footer comment-footer-link comment-footer-hide')}
       end
     end
   end
@@ -71,7 +71,7 @@ module CommentHelper
  
   def link_for_remove(comment)
     if comment.can_be_destroyed_by?(user)
-      {:link => link_to_function(_('Remove'), 'remove_comment(this, %s, %s); return false ;' % [url_for(:profile => profile.identifier, :controller => 'comment', :action => :destroy, :id => comment.id).to_json, _('Are you sure you want to remove this comment and all its replies?').to_json], :class => 'comment-footer comment-footer-link comment-footer-hide remove-children')}
+      {:link => link_to_function(_('Remove'), 'remove_comment(this, \'%s\', \'%s\'); return false ;' % [url_for(:profile => profile.identifier, :controller => 'comment', :action => :destroy, :id => comment.id), _('Are you sure you want to remove this comment and all its replies?')], :class => 'comment-footer comment-footer-link comment-footer-hide remove-children')}
     end
   end
  
@@ -26,7 +26,7 @@ module ContentViewerHelper
       end
       title << content_tag('span',
         content_tag('span', show_date(article.published_at), :class => 'date') +
-        content_tag('span', [_(", by %s") % link_to(article.author_name, article.author_url)], :class => 'author') +
+        content_tag('span', _(", by %s") % link_to(article.author_name, article.author_url), :class => 'author') +
         content_tag('span', comments, :class => 'comments'),
         :class => 'created-at'
       )
@@ -52,7 +52,7 @@ module ContentViewerHelper
   end
  
   def addthis_image_tag
-    if File.exists?(File.join(Rails.root, 'public', theme_path, 'images', 'addthis.gif'))
+    if File.exists?(Rails.root.join('public', theme_path, 'images', 'addthis.gif'))
       image_tag(File.join(theme_path, 'images', 'addthis.gif'), :border => 0, :alt => '')
     else
       image_tag("/images/bt-bookmark.gif", :width => 53, :height => 16, :border => 0, :alt => '')
-class CountriesHelper
+# encoding: UTF-8
  
-  include Singleton
+module CountriesHelper
+
+  class Object
+    include ::CountriesHelper
+    include Singleton
+  end
  
   # a dump of iso_3166.xml from Debian source package iso-codes
   COUNTRIES = [
@@ -262,7 +267,7 @@ class CountriesHelper
   end
  
   def countries
-    self.class.countries.map {|item| [gettext(item[0]), item[1] ]}.sort_by { |entry| entry.first.transliterate }
+    CountriesHelper.countries.map {|item| [gettext(item[0]), item[1] ]}.sort_by { |entry| entry.first.transliterate }
   end
  
   def lookup(code)
+require 'short_filename'
+
 module FolderHelper
  
   include ShortFilename
 module FormsHelper
-
-  def generate_form( name, obj, fields={} )
-    labelled_form_for name, obj do |f|
-      f.text_field(:name)
-    end
-  end
-
   def labelled_radio_button( human_name, name, value, checked = false, options = {} )
     options[:id] ||= 'radio-' + FormsHelper.next_id_number
     radio_button_tag( name, value, checked, options ) +
@@ -41,6 +34,7 @@ module FormsHelper
       the_class << ' ' << html_options[:class]
     end
  
+    html_options.delete(:cancel)
     bt_submit = submit_tag(label, html_options.merge(:class => the_class))
  
     bt_submit + bt_cancel
@@ -36,7 +36,7 @@ module ForumHelper
                              :id => "post-#{art.id}"
                             )
     }
-    content_tag('table', content) + (pagination or '')
+    content_tag('table', content.join) + (pagination or '')
   end
  
   def last_topic_update(article)
@@ -22,7 +22,7 @@ module LanguageHelper
     if options[:element] == 'dropdown'
       select_tag('lang', 
         options_for_select(locales.map{|code,name| [name, code]}, current),
-        :onchange => "document.location.href= #{url_for(params.merge(:lang => 'LANGUAGE')).inspect}.replace(/LANGUAGE/, this.value) ;",
+        :onchange => "document.location.href= #{url_for(params.merge(:lang => 'LANGUAGE'))}.replace(/LANGUAGE/, this.value) ;",
         :help => _('The language you choose here is the language used for options, buttons, etc. It does not affect the language of the content created by other users.')
       )
     else
@@ -2,14 +2,14 @@ module LayoutHelper
  
   def body_classes
     # Identify the current controller and action for the CSS:
-    " controller-#{@controller.controller_name}" +
-    " action-#{@controller.controller_name}-#{@controller.action_name}" +
-    " template-#{profile.nil? ? "default" : profile.layout_template}" +
+    " controller-#{controller.controller_name}" +
+    " action-#{controller.controller_name}-#{controller.action_name}" +
+    " template-#{@layout_template || if profile.blank? then 'default' else profile.layout_template end}" +
     (!profile.nil? && profile.is_on_homepage?(request.path,@page) ? " profile-homepage" : "")
   end
  
   def noosfero_javascript
-    plugins_javascripts = @plugins.map { |plugin| plugin.js_files.map { |js| plugin.class.public_path(js) } }.flatten
+    plugins_javascripts = @plugins.map { |plugin| [plugin.js_files].flatten.map { |js| plugin.class.public_path(js) } }.flatten
  
     output = ''
     output += render :file =>  'layouts/_javascript'
@@ -26,14 +26,13 @@ module LayoutHelper
       'search',
       'thickbox',
       'lightbox',
-      'colorpicker',
       'colorbox',
       pngfix_stylesheet_path,
     ] + tokeninput_stylesheets
     plugins_stylesheets = @plugins.select(&:stylesheet?).map { |plugin| plugin.class.public_path('style.css') }
  
     output = ''
-    output += stylesheet_link_tag standard_stylesheets, :cache => 'cache'
+    output += stylesheet_link_tag standard_stylesheets, :cache => 'cache/application'
     output += stylesheet_link_tag template_stylesheet_path
     output += stylesheet_link_tag icon_theme_stylesheet_path
     output += stylesheet_link_tag jquery_ui_theme_stylesheet_path
@@ -69,7 +68,7 @@ module LayoutHelper
     theme_icon_themes = theme_option(:icon_theme) || []
     for icon_theme in theme_icon_themes do
       theme_path = "/designs/icons/#{icon_theme}/style.css"
-      if File.exists?(File.join(RAILS_ROOT, 'public', theme_path))
+      if File.exists?(Rails.root.join('public', theme_path))
         icon_themes << theme_path
       end
     end
@@ -77,7 +76,7 @@ module LayoutHelper
   end
  
   def jquery_ui_theme_stylesheet_path
-    'jquery.ui/' + jquery_theme + '/jquery-ui-1.8.2.custom'
+    "https://code.jquery.com/ui/1.10.4/themes/#{jquery_theme}/jquery-ui.css"
   end
  
   def theme_stylesheet_path
@@ -86,7 +85,7 @@ module LayoutHelper
  
   def addthis_javascript
     if NOOSFERO_CONF['addthis_enabled']
-      '<script src="http://s7.addthis.com/js/152/addthis_widget.js"></script>'
+      '<script src="https://s7.addthis.com/js/152/addthis_widget.js"></script>'
     end
   end
  
@@ -39,7 +39,7 @@ module MacrosHelper
     plugins_javascripts = []
     @plugins.dispatch(:macros).map do |macro|
       if macro.configuration[:js_files]
-        macro.configuration[:js_files].map { |js| plugins_javascripts << macro.plugin.public_path(js) }
+        [macro.configuration[:js_files]].flatten.map { |js| plugins_javascripts << macro.plugin.public_path(js) }
       end
     end
     javascript_include_tag(plugins_javascripts, :cache => 'cache/plugins-' + Digest::MD5.hexdigest(plugins_javascripts.to_s)) unless plugins_javascripts.empty?
@@ -49,7 +49,7 @@ module MacrosHelper
     plugins_css = []
     @plugins.dispatch(:macros).map do |macro|
       if macro.configuration[:css_files]
-        macro.configuration[:css_files].map { |css| plugins_css << macro.plugin.public_path(css) }
+        [macro.configuration[:css_files]].flatten.map { |css| plugins_css << macro.plugin.public_path(css) }
       end
     end
     plugins_css.join(',')
+# encoding: UTF-8
+
 module ManageProductsHelper
  
   def remote_function_to_update_categories_selection(container_id, options = {})
@@ -26,27 +28,10 @@ module ManageProductsHelper
   def hierarchy_category_navigation(current_category, options = {})
     hierarchy = []
     if current_category
-      count_chars = 0
-      unless options[:hide_current_category]
-        hierarchy << current_category.name
-        count_chars += current_category.name.length
-      end
+      hierarchy << current_category.name unless options[:hide_current_category]
       ancestors = current_category.ancestors
-      toplevel = ancestors.pop
-      if toplevel
-        count_chars += toplevel.name.length
-      end
       ancestors.each do |category|
-        if count_chars > 55
-          hierarchy << hierarchy_category_item(category, options[:make_links], '( … )')
-          break
-        else
-          hierarchy << hierarchy_category_item(category, options[:make_links])
-        end
-        count_chars += category.name.length
-      end
-      if toplevel
-        hierarchy << hierarchy_category_item(toplevel, options[:make_links])
+        hierarchy << hierarchy_category_item(category, options[:make_links])
       end
     end
     hierarchy.reverse.join(options[:separator] || ' &rarr; ')
@@ -55,7 +40,7 @@ module ManageProductsHelper
   def options_for_select_categories(categories, selected = nil)
     categories.sort_by{|cat| cat.name.transliterate}.map do |category|
       selected_attribute = selected.nil? ? '' : (category == selected ? "selected='selected'" : '')
-      "<option value='#{category.id}' title='#{category.name}' #{selected_attribute}>#{truncate(category.name, :length => 33) + (category.leaf? ? '': ' &raquo;')}</option>"
+      "<option value='#{category.id}' title='#{category.name}' #{selected_attribute}>#{category.name + (category.leaf? ? '': ' &raquo;')}</option>"
     end.join("\n")
   end
  
@@ -161,7 +146,7 @@ module ManageProductsHelper
   def cancel_edit_product_link(product, field, html_options = {})
     return '' unless (user && user.has_permission?('manage_products', profile))
     button_to_function(:cancel, _('Cancel'), nil, html_options) do |page|
-      page.replace_html "product-#{field}", :partial => "display_#{field}", :locals => {:product => product}
+      page.replace_html "product-#{field}", CGI::escapeHTML(render :partial => "display_#{field}", :locals => {:product => product})
     end
   end
  
@@ -101,7 +101,7 @@ module ProfileEditorHelper
   end
  
   def country_helper
-    @country_helper ||= CountriesHelper.instance
+    @country_helper ||= CountriesHelper::Object.instance
   end
  
   def select_country(title, object, method, html_options = {}, options = {})
@@ -129,7 +129,7 @@ module ProfileEditorHelper
     else
       domains = environment.domains
     end
-    labelled_form_field(__('Preferred domain name:'), select(object, :preferred_domain_id, domains.map {|item| [item.name, item.id]}, :prompt => '&lt;' + _('Select domain') + '&gt;'))
+    labelled_form_field(_('Preferred domain name:'), select(object, :preferred_domain_id, domains.map {|item| [item.name, item.id]}, :prompt => '&lt;' + _('Select domain') + '&gt;'))
   end
  
   def control_panel(&block)
@@ -18,9 +18,7 @@ module SweeperHelper
       expire_timeout_fragment(profile.manage_friends_cache_key(:npage => i.to_s))
     end
  
-    # friends blocks
-    blocks = profile.blocks.select{|b| b.kind_of?(FriendsBlock)}
-    BlockSweeper.expire_blocks(blocks)
+    expire_blocks_cache(profile, [:profile])
   end
  
   def expire_communities(profile)
+# encoding: UTF-8
+
 module TagsHelper
  
   module Cloud
@@ -7,7 +9,7 @@ module TagsHelper
  
   # <tt>tags</tt> must be a hash where the keys are tag names and the values
   # the count of elements tagged with the tag, as returned by
-  # Profile#find_tagged_with. If not tags were returned, just returns
+  # Profile#tagged_with. If not tags were returned, just returns
   # _('No tags yet.')
   #
   # <tagname_option> must be a symbol representing the key to be inserted in
@@ -39,15 +41,11 @@ module TagsHelper
     max = tags.values.max.to_f
     min = tags.values.min.to_f
  
-    # Uses iconv to translate utf8 strings to ascii.
-    # If can't translate a character, ignore it.
-    require 'iconv'
-    utf8_to_ascii = Iconv.new("ASCII//TRANSLIT//IGNORE","UTF8")
     # Sorts first based on translated strings and then, if they are equal, based on the original form.
     # This way variant characters falls on the same level as their base characters and don't end up
     # at the end of the tag list.
     # Example: AA ÁA AB Z instead of AA AB Z ÁA
-    tags.collect{ |k,v| [utf8_to_ascii.iconv(k).downcase, [k,v]] }.sort.collect { |ascii, t| t }.map do |tag,count|
+    tags.collect{ |k,v| [ActiveSupport::Inflector.transliterate(k).downcase, [k,v]] }.sort.collect { |ascii, t| t }.map do |tag,count|
       if ( max == min )
         v = 0.5
       else
@@ -18,7 +18,7 @@ module UsersHelper
     )
   end
  
-  def filter_title(filter)
+  def users_filter_title(filter)
     FILTER_TRANSLATION[filter]
   end
  
@@ -0,0 +1,40 @@
+class Comment::Notifier < ActionMailer::Base
+  def notification(comment)
+    profile = comment.article.profile
+    @recipient = profile.nickname || profile.name
+    @sender = comment.author_name
+    @sender_link = comment.author_link
+    @article_title = comment.article.name
+    @comment_url = comment.url
+    @comment_title = comment.title
+    @comment_body = comment.body
+    @environment = profile.environment.name
+    @url = profile.environment.top_url
+
+    mail(
+      to: comment.notification_emails,
+      from: "#{profile.environment.name} <#{profile.environment.noreply_email}>",
+      subject: _("[%s] you got a new comment!") % [profile.environment.name]
+    )
+  end
+
+  def mail_to_followers(comment, emails)
+    profile = comment.article.profile
+    @recipient = profile.nickname || profile.name
+    @sender = comment.author_name
+    @sender_link = comment.author_link
+    @article_title = comment.article.name
+    @comment_url = comment.url
+    @unsubscribe_url = comment.article.view_url.merge({:unfollow => true})
+    @comment_title = comment.title
+    @comment_body = comment.body
+    @environment = profile.environment.name
+    @url = profile.environment.top_url
+
+    mail(
+      bcc: emails,
+      from: "#{profile.environment.name} <#{profile.environment.noreply_email}>",
+      subject: _("[%s] %s commented on a content of %s") % [profile.environment.name, comment.author_name, profile.short_name]
+    )
+  end
+end
@@ -0,0 +1,64 @@
+class Contact
+
+  include ActiveModel::Validations
+
+  def initialize(attributes = nil)
+    if attributes
+      attributes.each do |attr,value|
+        self.send("#{attr}=", value)
+      end
+    end
+  end
+
+  attr_accessor :name
+  attr_accessor :subject
+  attr_accessor :message
+  attr_accessor :email
+  attr_accessor :state
+  attr_accessor :city
+  attr_accessor :receive_a_copy
+  attr_accessor :dest
+  attr_accessor :sender
+
+  N_('Subject'); N_('Message'); N_('City and state'); N_('e-Mail'); N_('Name')
+
+  validates_presence_of :subject, :email, :message, :name
+  validates_format_of :email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda {|o| !o.email.blank?})
+
+  def deliver
+    return false unless self.valid?
+    Contact::Sender.notification(self).deliver
+  end
+
+  class Sender < ActionMailer::Base
+    def notification(contact)
+      @name = contact.name
+      @email = contact.email
+      @city = contact.city
+      @state = contact.state
+      @message = contact.message
+      @environment = contact.dest.environment.name
+      @url = url_for(:host => contact.dest.environment.default_hostname, :controller => 'home')
+      @target = contact.dest.name
+
+      options = {
+        content_type: 'text/html',
+        to: contact.dest.notification_emails,
+        reply_to: contact.email,
+        subject: "[#{contact.dest.short_name(30)}] " + contact.subject,
+        from: "#{contact.name} <#{contact.dest.environment.noreply_email}>"
+      }
+
+      if contact.sender
+        options.merge!('X-Noosfero-Sender' => contact.sender.identifier)
+      end
+
+      if contact.receive_a_copy
+        options.merge!(cc: "#{contact.name} <#{contact.email}>")
+      end
+
+      mail(options)
+    end
+  end
+
+end
@@ -0,0 +1,25 @@
+class EnvironmentMailing < Mailing
+
+  def recipients(offset=0, limit=100)
+   source.people.all(:order => :id, :offset => offset, :limit => limit, :joins => "LEFT OUTER JOIN mailing_sents m ON (m.mailing_id = #{id} AND m.person_id = profiles.id)", :conditions => { "m.person_id" => nil })
+  end
+
+  def each_recipient
+    offset = 0
+    limit = 100
+    while !(people = recipients(offset, limit)).empty?
+      people.each do |person|
+          yield person
+      end
+      offset = offset + limit
+    end
+  end
+
+  def signature_message
+    _('Sent by %s.') % source.name
+  end
+
+  def url
+    source.top_url
+  end
+end
@@ -0,0 +1,65 @@
+require 'mailing_job'
+
+class Mailing < ActiveRecord::Base
+
+  attr_accessible :subject, :body
+  validates_presence_of :source_id, :subject, :body
+  belongs_to :source, :foreign_key => :source_id, :polymorphic => true
+  belongs_to :person
+
+  has_many :mailing_sents
+
+  xss_terminate :only => [ :subject, :body ], :with => 'white_list', :on => 'validation'
+
+  after_create do |mailing|
+    mailing.schedule
+  end
+
+  def schedule
+    Delayed::Job.enqueue MailingJob.new(self.id)
+  end
+
+  def generate_from
+    "#{source.name} <#{if source.is_a? Environment then source.noreply_email else source.contact_email end}>"
+  end
+
+  def generate_subject
+    '[%s] %s' % [source.name, subject]
+  end
+
+  def signature_message
+    _('Sent by Noosfero.')
+  end
+
+  def url
+    ''
+  end
+
+  def deliver
+    each_recipient do |recipient|
+      begin
+        Mailing::Sender.notification(self, recipient.email).deliver
+        self.mailing_sents.create(:person => recipient)
+      rescue Exception
+        # FIXME should not discard errors silently. An idea is to collect all
+        # errors and generate a task (notification) for the +source+
+        # (environment/organization) listing these errors.
+      end
+    end
+  end
+
+  class Sender < ActionMailer::Base
+    def notification(mailing, recipient)
+      @message = mailing.body
+      @signature_message = mailing.signature_message
+      @url = mailing.url
+      mail(
+        :content_type => 'text/html',
+        :to => recipient,
+        :from => mailing.generate_from,
+        :reply_to => mailing.person.email,
+        :subject => mailing.generate_subject
+      )
+    end
+  end
+end
@@ -0,0 +1,30 @@
+class OrganizationMailing < Mailing
+
+  def generate_from
+    "#{person.name} <#{source.environment.noreply_email}>"
+  end
+
+  def recipients(offset=0, limit=100)
+    source.members.all(:order => :id, :offset => offset, :limit => limit, :joins => "LEFT OUTER JOIN mailing_sents m ON (m.mailing_id = #{id} AND m.person_id = profiles.id)", :conditions => { "m.person_id" => nil })
+  end
+
+  def each_recipient
+    offset = 0
+    limit = 50
+    while !(people = recipients(offset, limit)).empty?
+      people.each do |person|
+        yield person
+      end
+      offset = offset + limit
+    end
+  end
+
+  def signature_message
+    _('Sent by community %s.') % source.name
+  end
+
+  include Rails.application.routes.url_helpers
+  def url
+    url_for(source.url)
+  end
+end
@@ -0,0 +1,19 @@
+class PendingTaskNotifier < ActionMailer::Base
+
+  def notification(person)
+    @person = person
+    @tasks = person.tasks.pending
+    @organizations_with_pending_tasks = person.organizations_with_pending_tasks
+    @environment = person.environment.name
+    @url = url_for(:host => person.environment.default_hostname, :controller => 'home')
+    @default_hostname = person.environment.default_hostname
+    @url_for_pending_tasks = url_for(:host => person.environment.default_hostname, :controller => 'tasks', :profile => person.identifier)
+
+    mail(
+      to: person.email,
+      from: "#{person.environment.name} <#{person.environment.noreply_email}>",
+      subject: _("[%s] Pending tasks") % person.environment.name
+    )
+  end
+
+end
@@ -0,0 +1,17 @@
+class Scrap::Notifier < ActionMailer::Base
+  def notification(scrap)
+    sender, receiver = scrap.sender, scrap.receiver
+    @recipient = receiver.name
+    @sender = sender.name
+    @sender_link = sender.url
+    @scrap_content = scrap.content
+    @wall_url = scrap.scrap_wall_url
+    @environment = sender.environment.name
+    @url = sender.environment.top_url
+    mail(
+      to: receiver.email,
+      from: "#{sender.environment.name} <#{sender.environment.noreply_email}>",
+      subject: _("[%s] You received a scrap!") % [sender.environment.name]
+    )
+  end
+end
@@ -0,0 +1,62 @@
+class TaskMailer < ActionMailer::Base
+
+  def target_notification(task, message)
+    @message = extract_message(message)
+    @target = task.target.name
+    @environment = task.environment.name
+    @url = generate_environment_url(task, :controller => 'home')
+    url_for_tasks_list = task.target.kind_of?(Environment) ? '' : url_for(task.target.tasks_url)
+    @tasks_url = url_for_tasks_list
+
+    mail(
+      to: task.target.notification_emails.compact,
+      from: self.class.generate_from(task),
+      subject: "[%s] %s" % [task.environment.name, task.target_notification_description]
+    )
+  end
+
+  def invitation_notification(task)
+    msg = task.expanded_message
+    @message = msg.gsub /<url>/, generate_environment_url(task, :controller => 'account', :action => 'signup', :invitation_code => task.code)
+
+    mail(
+      to: task.friend_email,
+      from: self.class.generate_from(task),
+      subject: '[%s] %s' % [ task.requestor.environment.name, task.target_notification_description ]
+    )
+  end
+
+  def generic_message(name, task)
+    return if !task.respond_to?("#{name}_message")
+
+    @message = extract_message(task.send("#{name}_message"))
+    @requestor = task.requestor.name
+    @environment = task.requestor.environment.name
+    @url = url_for(:host => task.requestor.environment.default_hostname, :controller => 'home')
+
+    mail(
+      to: task.requestor.notification_emails,
+      from: self.class.generate_from(task),
+      subject: '[%s] %s' % [task.requestor.environment.name, task.target_notification_description]
+    )
+  end
+
+  protected
+
+  def extract_message(message)
+    if message.kind_of?(Proc)
+      self.instance_exec(&message)
+    else
+      message.to_s
+    end
+  end
+
+  def self.generate_from(task)
+    "#{task.environment.name} <#{task.environment.noreply_email}>"
+  end
+
+  def generate_environment_url(task, url = {})
+    url_for(Noosfero.url_options.merge(:host => task.environment.default_hostname).merge(url))
+  end
+
+end
@@ -0,0 +1,49 @@
+class UserMailer < ActionMailer::Base
+  def activation_email_notify(user)
+    user_email = "#{user.login}@#{user.email_domain}"
+    @name = user.name
+    @email = user_email
+    @webmail = MailConf.webmail_url(user.login, user.email_domain)
+    @environment = user.environment.name
+    @url = url_for(:host => user.environment.default_hostname, :controller => 'home')
+
+    mail(
+      to: user_email,
+      from: "#{user.environment.name} <#{user.environment.contact_email}>",
+      subject: _("[%{environment}] Welcome to %{environment} mail!") % { :environment => user.environment.name }
+    )
+  end
+
+  def activation_code(user)
+    @recipient = user.name
+    @activation_code = user.activation_code
+    @environment = user.environment.name
+    @url = user.environment.top_url
+    @redirection = (true if user.return_to)
+    @join = (user.community_to_join if user.community_to_join)
+
+    mail(
+      from: "#{user.environment.name} <#{user.environment.contact_email}>",
+      to: user.email,
+      subject: _("[%s] Activate your account") % [user.environment.name],
+    )
+  end
+
+  def signup_welcome_email(user)
+    @body = user.environment.signup_welcome_text_body.gsub('{user_name}', user.name)
+    email_subject = user.environment.signup_welcome_text_subject
+    mail(
+      content_type: 'text/html',
+      to: user.email,
+      from: "#{user.environment.name} <#{user.environment.contact_email}>",
+      subject: email_subject.blank? ? _("Welcome to environment %s") % [user.environment.name] : email_subject,
+      body: @body
+    )
+  end
+
+  class Job < Struct.new(:user, :method)
+    def perform
+      UserMailer.send(method, user).deliver
+    end
+  end
+end
 class AbuseReport < ActiveRecord::Base
  
+  attr_accessible :content, :reason
+
   belongs_to :reporter, :class_name => 'Person'
   belongs_to :abuse_complaint
   has_many :reported_images, :dependent => :destroy
@@ -8,6 +8,8 @@ class ActionTrackerNotification &lt; ActiveRecord::Base
   validates_presence_of :profile_id, :action_tracker_id
   validates_uniqueness_of :action_tracker_id, :scope => :profile_id
  
+  attr_accessible :profile_id, :action_tracker_id
+
 end
  
 ActionTracker::Record.has_many :action_tracker_notifications, :class_name => 'ActionTrackerNotification', :foreign_key => 'action_tracker_id', :dependent => :destroy
@@ -48,7 +48,7 @@ class ApproveArticle &lt; Task
   end
  
   def perform
-    article.copy!(:name => name, :abstract => abstract, :body => body, :profile => target, :reference_article => article, :parent => article_parent, :highlighted => highlighted, :source => article.source, :last_changed_by_id => article.author_id)
+    article.copy!(:name => name, :abstract => abstract, :body => body, :profile => target, :reference_article => article, :parent => article_parent, :highlighted => highlighted, :source => article.source, :last_changed_by_id => article.last_changed_by_id, :created_by_id => article.created_by_id)
   end
  
   def title
@@ -6,7 +6,11 @@ class ApproveComment &lt; Task
   validates_presence_of :comment_attributes
  
   def comment
-    @comment ||= Comment.new(ActiveSupport::JSON.decode(self.comment_attributes)) unless self.comment_attributes.nil?
+    unless @comment || self.comment_attributes.nil?
+      @comment = Comment.new
+      @comment.assign_attributes(ActiveSupport::JSON.decode(self.comment_attributes), :without_protection => true)
+    end
+    @comment
   end
  
   def requestor_name
@@ -2,6 +2,8 @@ require &#39;hpricot&#39;
  
 class Article < ActiveRecord::Base
  
+  attr_accessible :name, :body, :abstract, :profile, :tag_list, :parent, :allow_members_to_edit, :translation_of_id, :language, :license_id, :parent_id, :display_posts_in_current_language, :category_ids, :posts_per_page, :moderate_comments, :accept_comments, :feed, :published, :source, :highlighted, :notify_comments, :display_hits, :slug, :external_feed_builder, :display_versions, :external_link
+
   acts_as_having_image
  
   SEARCHABLE_FIELDS = {
@@ -38,12 +40,6 @@ class Article &lt; ActiveRecord::Base
   # xss_terminate plugin can't sanitize array fields
   before_save :sanitize_tag_list
  
-  before_create do |article|
-    if article.last_changed_by_id
-      article.author_name = Person.find(article.last_changed_by_id).name
-    end
-  end
-
   belongs_to :profile
   validates_presence_of :profile_id, :name
   validates_presence_of :slug, :path, :if => lambda { |article| !article.name.blank? }
@@ -53,6 +49,7 @@ class Article &lt; ActiveRecord::Base
   validates_uniqueness_of :slug, :scope => ['profile_id', 'parent_id'], :message => N_('The title (article name) is already being used by another article, please use another title.'), :if => lambda { |article| !article.slug.blank? }
  
   belongs_to :last_changed_by, :class_name => 'Person', :foreign_key => 'last_changed_by_id'
+  belongs_to :created_by, :class_name => 'Person', :foreign_key => 'created_by_id'
  
   has_many :comments, :class_name => 'Comment', :foreign_key => 'source_id', :dependent => :destroy, :order => 'created_at asc'
  
@@ -87,6 +84,11 @@ class Article &lt; ActiveRecord::Base
         article.parent = article.profile.blog
       end
     end
+
+    if article.created_by
+      article.author_name = article.created_by.name
+    end
+
   end
  
   after_destroy :destroy_activity
@@ -96,11 +98,11 @@ class Article &lt; ActiveRecord::Base
  
   xss_terminate :only => [ :name ], :on => 'validation', :with => 'white_list'
  
-  named_scope :in_category, lambda { |category|
+  scope :in_category, lambda { |category|
     {:include => 'categories_including_virtual', :conditions => { 'categories.id' => category.id }}
   }
  
-  named_scope :by_range, lambda { |range| {
+  scope :by_range, lambda { |range| {
     :conditions => [
       'published_at BETWEEN :start_date AND :end_date', { :start_date => range.first, :end_date => range.last }
     ]
@@ -148,7 +150,7 @@ class Article &lt; ActiveRecord::Base
     self.profile
   end
  
-  def self.human_attribute_name(attrib)
+  def self.human_attribute_name(attrib, options = {})
     case attrib.to_sym
     when :name
       _('Title')
@@ -203,6 +205,10 @@ class Article &lt; ActiveRecord::Base
   acts_as_versioned
   self.non_versioned_columns << 'setting'
  
+  def version_condition_met?
+    (['name', 'body', 'abstract', 'filename', 'start_date', 'end_date', 'image_id', 'license_id'] & changed).length > 0
+  end
+
   def comment_data
     comments.map {|item| [item.title, item.body].join(' ') }.join(' ')
   end
@@ -219,14 +225,19 @@ class Article &lt; ActiveRecord::Base
  
   # retrieves all articles belonging to the given +profile+ that are not
   # sub-articles of any other article.
-  named_scope :top_level_for, lambda { |profile|
+  scope :top_level_for, lambda { |profile|
     {:conditions => [ 'parent_id is null and profile_id = ?', profile.id ]}
   }
  
-  named_scope :join_profile, :joins => [:profile]
+  scope :public,
+    :conditions => [ "advertise = ? AND published = ? AND profiles.visible = ? AND profiles.public_profile = ?", true, true, true, true ], :joins => [:profile]
  
-  named_scope :public,
-    :conditions => [ "advertise = ? AND published = ? AND profiles.visible = ? AND profiles.public_profile = ?", true, true, true, true ]
+  scope :more_recent,
+    :conditions => [ "advertise = ? AND published = ? AND profiles.visible = ? AND profiles.public_profile = ? AND
+      ((articles.type != ?) OR articles.type is NULL)",
+      true, true, true, true, 'RssFeed'
+    ],
+    :order => 'articles.published_at desc, articles.id desc'
  
   # retrives the most commented articles, sorted by the comment count (largest
   # first)
@@ -234,7 +245,8 @@ class Article &lt; ActiveRecord::Base
     paginate(:order => 'comments_count DESC', :page => 1, :per_page => limit)
   end
  
-  named_scope :relevant_as_recent, :conditions => ["(articles.type != 'UploadedFile' and articles.type != 'RssFeed' and articles.type != 'Blog') OR articles.type is NULL"]
+  scope :more_popular, :order => 'hits DESC'
+  scope :relevant_as_recent, :conditions => ["(articles.type != 'UploadedFile' and articles.type != 'RssFeed' and articles.type != 'Blog') OR articles.type is NULL"]
  
   def self.recent(limit = nil, extra_conditions = {}, pagination = true)
     result = scoped({:conditions => extra_conditions}).
@@ -243,13 +255,6 @@ class Article &lt; ActiveRecord::Base
       limit(limit).
       order(['articles.published_at desc', 'articles.id desc'])
  
-    if !( scoped_methods && scoped_methods.last &&
-        scoped_methods.last[:find] &&
-        scoped_methods.last[:find][:joins] &&
-        scoped_methods.last[:find][:joins].index('profiles') )
-      result = result.includes(:profile)
-    end
-
     pagination ? result.paginate({:page => 1, :per_page => limit}) : result
   end
  
@@ -261,16 +266,18 @@ class Article &lt; ActiveRecord::Base
   # (To override short format representation, override the lead method)
   def to_html(options = {})
     if options[:format] == 'short'
-      display_short_format(self)
+      article = self
+      proc do
+        display_short_format(article)
+      end
     else
       body || ''
     end
   end
  
-  include ApplicationHelper
   def reported_version(options = {})
     article = self
-    search_path = File.join(Rails.root, 'app', 'views', 'shared', 'reported_versions')
+    search_path = Rails.root.join('app', 'views', 'shared', 'reported_versions')
     partial_path = File.join('shared', 'reported_versions', partial_for_class_in_view_path(article.class, search_path))
     lambda { render_to_string(:partial => partial_path, :locals => {:article => article}) }
   end
@@ -371,7 +378,7 @@ class Article &lt; ActiveRecord::Base
     {}
   end
  
-  named_scope :native_translations, :conditions => { :translation_of_id => nil }
+  scope :native_translations, :conditions => { :translation_of_id => nil }
  
   def translatable?
     false
@@ -407,7 +414,7 @@ class Article &lt; ActiveRecord::Base
  
   def native_translation_must_have_language
     unless self.translation_of.nil?
-      errors.add_to_base(N_('A language must be choosen for the native article')) if self.translation_of.language.blank?
+      errors.add(:base, N_('A language must be choosen for the native article')) if self.translation_of.language.blank?
     end
   end
  
@@ -449,17 +456,17 @@ class Article &lt; ActiveRecord::Base
     ['TextArticle', 'TextileArticle', 'TinyMceArticle']
   end
  
-  named_scope :published, :conditions => { :published => true }
-  named_scope :folders, lambda {|profile|{:conditions => { :type => profile.folder_types} }}
-  named_scope :no_folders, lambda {|profile|{:conditions => ['type NOT IN (?)', profile.folder_types]}}
-  named_scope :galleries, :conditions => { :type => 'Gallery' }
-  named_scope :images, :conditions => { :is_image => true }
-  named_scope :text_articles, :conditions => [ 'articles.type IN (?)', text_article_types ]
-  named_scope :with_types, lambda { |types| { :conditions => [ 'articles.type IN (?)', types ] } }
+  scope :published, :conditions => { :published => true }
+  scope :folders, lambda {|profile|{:conditions => { :type => profile.folder_types} }}
+  scope :no_folders, lambda {|profile|{:conditions => ['type NOT IN (?)', profile.folder_types]}}
+  scope :galleries, :conditions => { :type => 'Gallery' }
+  scope :images, :conditions => { :is_image => true }
+  scope :text_articles, :conditions => [ 'articles.type IN (?)', text_article_types ]
+  scope :with_types, lambda { |types| { :conditions => [ 'articles.type IN (?)', types ] } }
  
-  named_scope :more_popular, :order => 'hits DESC'
-  named_scope :more_comments, :order => "comments_count DESC"
-  named_scope :more_recent, :order => "created_at DESC"
+  scope :more_popular, :order => 'hits DESC'
+  scope :more_comments, :order => "comments_count DESC"
+  scope :more_recent, :order => "created_at DESC"
  
   def self.display_filter(user, profile)
     return {:conditions => ['published = ?', true]} if !user
@@ -531,13 +538,23 @@ class Article &lt; ActiveRecord::Base
   def copy(options = {})
     attrs = attributes.reject! { |key, value| ATTRIBUTES_NOT_COPIED.include?(key.to_sym) }
     attrs.merge!(options)
-    self.class.create(attrs)
+    object = self.class.new
+    attrs.each do |key, value|
+      object.send(key.to_s+'=', value)
+    end
+    object.save
+    object
   end
  
   def copy!(options = {})
     attrs = attributes.reject! { |key, value| ATTRIBUTES_NOT_COPIED.include?(key.to_sym) }
     attrs.merge!(options)
-    self.class.create!(attrs)
+    object = self.class.new
+    attrs.each do |key, value|
+      object.send(key.to_s+'=', value)
+    end
+    object.save!
+    object
   end
  
   ATTRIBUTES_NOT_COPIED = [
@@ -617,30 +634,28 @@ class Article &lt; ActiveRecord::Base
  
   def author(version_number = nil)
     if version_number
-      version = versions.find_by_version(version_number)
+      version = self.versions.find_by_version(version_number)
       author_id = version.last_changed_by_id if version
-      Person.exists?(author_id) ? Person.find(author_id) : nil
     else
-      if versions.empty?
-        last_changed_by
-      else
-        author_id = versions.first.last_changed_by_id
-        Person.exists?(author_id) ? Person.find(author_id) : nil
-      end
+      author_id = self.created_by_id
     end
+
+    environment.people.find_by_id(author_id)
   end
  
   def author_name(version_number = nil)
-    person = version_number ? author(version_number) : author
+    person = author(version_number)
     person ? person.name : (setting[:author_name] || _('Unknown'))
   end
  
-  def author_url
-    author ? author.url : nil
+  def author_url(version_number = nil)
+    person = author(version_number)
+    person ? person.url : nil
   end
  
-  def author_id
-    author ? author.id : nil
+  def author_id(version_number = nil)
+    person = author(version_number)
+    person ? person.id : nil
   end
  
   def version_license(version_number = nil)
@@ -734,7 +749,7 @@ class Article &lt; ActiveRecord::Base
  
   def sanitize_tag_list
     sanitizer = HTML::FullSanitizer.new
-    self.tag_list.names.map!{|i| strip_tag_name sanitizer.sanitize(i) }
+    self.tag_list.map!{|i| strip_tag_name sanitizer.sanitize(i) }
   end
  
   def strip_tag_name(tag_name)
 class ArticleBlock < Block
  
+  attr_accessible :article_id
+
   def self.description
     _('Display one of your contents')
   end
@@ -10,7 +12,7 @@ class ArticleBlock &lt; Block
  
   def content(args={})
     block = self
-    lambda do
+    proc do
       block_title(block.title) +
       (block.article ? article_to_html(FilePresenter.for(block.article),
           :gallery_view => false,
 class Block < ActiveRecord::Base
  
+  attr_accessible :title, :display, :limit, :box_id, :posts_per_page, :visualization_format, :language, :display_user, :box
+
   # to be able to generate HTML
   include ActionView::Helpers::UrlHelper
   include ActionView::Helpers::TagHelper
@@ -14,7 +16,7 @@ class Block &lt; ActiveRecord::Base
  
   acts_as_having_settings
  
-  named_scope :enabled, :conditions => { :enabled => true }
+  scope :enabled, :conditions => { :enabled => true }
  
   def embedable?
     false
@@ -22,7 +24,7 @@ class Block &lt; ActiveRecord::Base
  
   def embed_code
     me = self
-    lambda do
+    proc do
       content_tag('iframe', '',
         :src => url_for(:controller => 'embed', :action => 'block', :id => me.id, :only_path => false),
         :frameborder => 0,
@@ -196,10 +198,10 @@ class Block &lt; ActiveRecord::Base
   end
  
   DISPLAY_OPTIONS = {
-    'always'           => __('In all pages'),
-    'home_page_only'   => __('Only in the homepage'),
-    'except_home_page' => __('In all pages, except in the homepage'),
-    'never'            => __('Don\'t display'),
+    'always'           => _('In all pages'),
+    'home_page_only'   => _('Only in the homepage'),
+    'except_home_page' => _('In all pages, except in the homepage'),
+    'never'            => _('Don\'t display'),
   }
  
   def display_options_available
@@ -212,14 +214,14 @@ class Block &lt; ActiveRecord::Base
  
   def display_user_options
     @display_user_options ||= {
-      'all'            => __('All users'),
-      'logged'         => __('Logged'),
-      'not_logged'     => __('Not logged'),
+      'all'            => _('All users'),
+      'logged'         => _('Logged'),
+      'not_logged'     => _('Not logged'),
     }
   end
  
   def duplicate
-    duplicated_block = self.clone
+    duplicated_block = self.dup
     duplicated_block.display = 'never'
     duplicated_block.created_at = nil
     duplicated_block.updated_at = nil
 class Blog < Folder
  
+  attr_accessible :visualization_format
+
   acts_as_having_posts
   include PostsLimit
  
@@ -26,7 +28,7 @@ class Blog &lt; Folder
   include ActionView::Helpers::TagHelper
   def to_html(options = {})
     me = self
-    lambda do
+    proc do
       render :file => 'content_viewer/blog_page', :locals => { :blog=>me, :inside_block=>options[:inside_block] }
     end
   end
@@ -46,12 +48,14 @@ class Blog &lt; Folder
     self.external_feed_data = efeed
   end
  
-  def validate
+  validate :prepare_external_feed
+
+  def prepare_external_feed
     unless self.external_feed_data.nil?
       if self.external_feed(true) && self.external_feed.id == self.external_feed_data[:id].to_i
         self.external_feed.attributes = self.external_feed_data
       else
-        self.build_external_feed(self.external_feed_data)
+        self.build_external_feed(self.external_feed_data, :without_protection => true)
       end
       self.external_feed.valid?
       self.external_feed.errors.delete(:blog_id) # dont validate here relation: external_feed <-> blog
@@ -2,7 +2,8 @@ class BlogArchivesBlock &lt; Block
  
   include ActionView::Helpers::TagHelper
   include ActionView::Helpers::UrlHelper
-  include ActionController::UrlWriter
+  include ActionView::Helpers
+  include Rails.application.routes.url_helpers
   include ActionView::Helpers::AssetTagHelper
   include DatesHelper
  
@@ -31,10 +32,10 @@ class BlogArchivesBlock &lt; Block
     return nil unless owner_blog
     results = ''
     posts = visible_posts(args[:person])
-    posts.count(:all, :group => 'EXTRACT(YEAR FROM published_at)').sort_by {|year, count| -year.to_i}.each do |year, count|
+    posts.except(:order).count(:all, :group => 'EXTRACT(YEAR FROM published_at)').sort_by {|year, count| -year.to_i}.each do |year, count|
       results << content_tag('li', content_tag('strong', "#{year} (#{count})"))
       results << "<ul class='#{year}-archive'>"
-      posts.count(:all, :conditions => ['EXTRACT(YEAR FROM published_at)=?', year], :group => 'EXTRACT(MONTH FROM published_at)').sort_by {|month, count| -month.to_i}.each do |month, count|
+      posts.except(:order).count(:all, :conditions => ['EXTRACT(YEAR FROM published_at)=?', year], :group => 'EXTRACT(MONTH FROM published_at)').sort_by {|month, count| -month.to_i}.each do |month, count|
         month_name = gettext(MONTHS[month.to_i - 1])
         results << content_tag('li', link_to("#{month_name} (#{count})", owner_blog.url.merge(:year => year, :month => month)))
       end
@@ -3,9 +3,11 @@ class Box &lt; ActiveRecord::Base
   acts_as_list :scope => 'owner_id = #{owner_id} and owner_type = \'#{owner_type}\''
   has_many :blocks, :dependent => :destroy, :order => 'position'
  
+  attr_accessible :owner
+
   include Noosfero::Plugin::HotSpot
  
-  named_scope :with_position, :conditions => ['boxes.position > 0']
+  scope :with_position, :conditions => ['boxes.position > 0']
  
   def environment
     owner ? (owner.kind_of?(Environment) ? owner : owner.environment) : nil
@@ -32,14 +34,11 @@ class Box &lt; ActiveRecord::Base
       FansBlock,
       FavoriteEnterprisesBlock,
       FeedReaderBlock,
-      FriendsBlock,
       HighlightsBlock,
       LinkListBlock,
       LoginBlock,
       MainBlock,
-      MembersBlock,
       MyNetworkBlock,
-      PeopleBlock,
       ProfileImageBlock,
       RawHTMLBlock,
       RecentDocumentsBlock,
@@ -61,14 +60,11 @@ class Box &lt; ActiveRecord::Base
       FavoriteEnterprisesBlock,
       FeaturedProductsBlock,
       FeedReaderBlock,
-      FriendsBlock,
       HighlightsBlock,
       LinkListBlock,
       LocationBlock,
       LoginBlock,
-      MembersBlock,
       MyNetworkBlock,
-      PeopleBlock,
       ProductsBlock,
       ProductCategoriesBlock,
       ProfileImageBlock,
@@ -8,6 +8,8 @@ class CategoriesBlock &lt; Block
  
   settings_items :category_types, :type => Array, :default => []
  
+  attr_accessible :category_types
+
   def self.description
     _("Categories Menu")
   end
@@ -30,7 +32,7 @@ class CategoriesBlock &lt; Block
  
   def content(args={})
     block = self
-    lambda do
+    proc do
       render :file => 'blocks/categories', :locals => { :block => block }
     end
   end
 class Category < ActiveRecord::Base
  
+  attr_accessible :name, :parent_id, :display_color, :display_in_menu, :image_builder, :environment, :parent
+
   SEARCHABLE_FIELDS = {
     :name => 10,
     :acronym => 5,
@@ -16,11 +18,11 @@ class Category &lt; ActiveRecord::Base
   validates_uniqueness_of :display_color, :scope => :environment_id, :if => (lambda { |cat| ! cat.display_color.nil? }), :message => N_('{fn} was already assigned to another category.').fix_i18n
  
   # Finds all top level categories for a given environment. 
-  named_scope :top_level_for, lambda { |environment|
+  scope :top_level_for, lambda { |environment|
     {:conditions => ['parent_id is null and environment_id = ?', environment.id ]}
   }
  
-  named_scope :on_level, lambda { |parent| {:conditions => {:parent_id => parent}} }
+  scope :on_level, lambda { |parent| {:conditions => {:parent_id => parent}} }
  
   acts_as_filesystem
  
@@ -40,7 +42,7 @@ class Category &lt; ActiveRecord::Base
  
   acts_as_having_image
  
-  named_scope :from_types, lambda { |types|
+  scope :from_types, lambda { |types|
     types.select{ |t| t.blank? }.empty? ?
       { :conditions => { :type => types } } :
       { :conditions => [ "type IN (?) OR type IS NULL", types.reject{ |t| t.blank? } ] }
@@ -67,7 +69,7 @@ class Category &lt; ActiveRecord::Base
   end
  
   def recent_comments(limit = 10)
-    comments.paginate(:all, :order => 'created_at DESC, comments.id DESC', :page => 1, :per_page => limit)
+    comments.paginate(:order => 'created_at DESC, comments.id DESC', :page => 1, :per_page => limit)
   end
  
   def most_commented_articles(limit = 10)
 class Certifier < ActiveRecord::Base
  
+  attr_accessible :name, :environment
+
   SEARCHABLE_FIELDS = {
     :name => 10,
     :description => 3,
@@ -2,7 +2,7 @@ class ChangePassword &lt; Task
  
   attr_accessor :password, :password_confirmation
  
-  def self.human_attribute_name(attrib)
+  def self.human_attribute_name(attrib, options = {})
     case attrib.to_sym
     when :password
       _('Password')
@@ -58,13 +58,13 @@ class ChangePassword &lt; Task
     _('Your password was changed successfully.')
   end
  
-  include ActionController::UrlWriter
+  include Rails.application.routes.url_helpers
   def task_created_message
     hostname = self.requestor.environment.default_hostname
     code = self.code
     url = url_for(:host => hostname, :controller => 'account', :action => 'new_password', :code => code)
  
-    lambda do
+    proc do
       _("In order to change your password, please visit the following address:\n\n%s\n\nIf you did not required any change to your password just desconsider this email.") % url
     end
   end
 class City < Region
+  attr_accessible :name, :parent_id
 end
@@ -6,6 +6,8 @@ class Comment &lt; ActiveRecord::Base
     :body => 2,
   }
  
+  attr_accessible :body, :author, :name, :email, :title, :reply_of_id, :source
+
   validates_presence_of :body
  
   belongs_to :source, :counter_cache => true, :polymorphic => true
@@ -16,7 +18,7 @@ class Comment &lt; ActiveRecord::Base
   has_many :children, :class_name => 'Comment', :foreign_key => 'reply_of_id', :dependent => :destroy
   belongs_to :reply_of, :class_name => 'Comment', :foreign_key => 'reply_of_id'
  
-  named_scope :without_reply, :conditions => ['reply_of_id IS NULL']
+  scope :without_reply, :conditions => ['reply_of_id IS NULL']
  
   # unauthenticated authors:
   validates_presence_of :name, :if => (lambda { |record| !record.email.blank? })
@@ -127,11 +129,11 @@ class Comment &lt; ActiveRecord::Base
   def notify_by_mail
     if source.kind_of?(Article) && article.notify_comments?
       if !notification_emails.empty?
-        Comment::Notifier.deliver_mail(self)
+        Comment::Notifier.notification(self).deliver
       end
       emails = article.followers - [author_email]
       if !emails.empty?
-        Comment::Notifier.deliver_mail_to_followers(self, emails)
+        Comment::Notifier.mail_to_followers(self, emails).deliver
       end
     end
   end
@@ -168,40 +170,6 @@ class Comment &lt; ActiveRecord::Base
     body || ''
   end
  
-  class Notifier < ActionMailer::Base
-    def mail(comment)
-      profile = comment.article.profile
-      recipients comment.notification_emails
-      from "#{profile.environment.name} <#{profile.environment.noreply_email}>"
-      subject _("[%s] you got a new comment!") % [profile.environment.name]
-      body :recipient => profile.nickname || profile.name,
-        :sender => comment.author_name,
-        :sender_link => comment.author_link,
-        :article_title => comment.article.name,
-        :comment_url => comment.url,
-        :comment_title => comment.title,
-        :comment_body => comment.body,
-        :environment => profile.environment.name,
-        :url => profile.environment.top_url
-    end
-    def mail_to_followers(comment, emails)
-      profile = comment.article.profile
-      bcc emails
-      from "#{profile.environment.name} <#{profile.environment.noreply_email}>"
-      subject _("[%s] %s commented on a content of %s") % [profile.environment.name, comment.author_name, profile.short_name]
-      body :recipient => profile.nickname || profile.name,
-        :sender => comment.author_name,
-        :sender_link => comment.author_link,
-        :article_title => comment.article.name,
-        :comment_url => comment.url,
-        :unsubscribe_url => comment.article.view_url.merge({:unfollow => true}),
-        :comment_title => comment.title,
-        :comment_body => comment.body,
-        :environment => profile.environment.name,
-        :url => profile.environment.top_url
-    end
-  end
-
   def rejected?
     @rejected
   end
 class CommunitiesBlock < ProfileListBlock
  
+  attr_accessible :accessor_id, :accessor_type, :role_id, :resource_id, :resource_type
+
   def self.description
-    __('Communities')
+    _('Communities')
   end
  
   def default_title
-    n__('{#} community', '{#} communities', profile_count)
+    n_('{#} community', '{#} communities', profile_count)
   end
  
   def help
-    __('This block displays the communities in which the user is a member.')
+    _('This block displays the communities in which the user is a member.')
   end
  
   def footer
     owner = self.owner
     case owner
     when Profile
-      lambda do
+      lambda do |context|
         link_to s_('communities|View all'), :profile => owner.identifier, :controller => 'profile', :action => 'communities'
       end
     when Environment
-      lambda do
+      lambda do |context|
         link_to s_('communities|View all'), :controller => 'search', :action => 'communities'
       end
     else
 class Community < Organization
  
+  attr_accessible :accessor_id, :accessor_type, :role_id, :resource_id, :resource_type, :address_reference, :district, :tag_list, :language
+  after_destroy :check_invite_member_for_destroy
+
   def self.type_name
     _('Community')
   end
@@ -8,7 +11,6 @@ class Community &lt; Organization
   N_('Language')
  
   settings_items :language
-  settings_items :zip_code, :city, :state, :country
  
   extend SetProfileRegionFromCityState::ClassMethods
   set_profile_region_from_city_state
@@ -17,12 +19,22 @@ class Community &lt; Organization
     community.moderated_articles = true if community.environment.enabled?('organizations_are_moderated_by_default')
   end
  
+  def check_invite_member_for_destroy
+      InviteMember.pending.select { |task| task.community_id == self.id }.map(&:destroy)
+  end
+
+  # Since it's not a good idea to add the environment as accessible through
+  # mass-assignment, we set it manually here. Note that this requires that the
+  # places that call this method are safe from mass-assignment by setting the
+  # environment key themselves.
   def self.create_after_moderation(requestor, attributes = {})
+    environment = attributes.delete(:environment)
     community = Community.new(attributes)
+    community.environment = environment
     if community.environment.enabled?('admin_must_approve_new_communities')
-      CreateCommunity.create(attributes.merge(:requestor => requestor))
+      CreateCommunity.create!(attributes.merge(:requestor => requestor, :environment => environment))
     else
-      community = Community.create(attributes)
+      community.save!
       community.add_admin(requestor)
     end
     community
@@ -38,8 +50,9 @@ class Community &lt; Organization
     super + FIELDS
   end
  
-  def validate
-    super
+  validate :presence_of_required_fieds
+
+  def presence_of_required_fieds
     self.required_fields.each do |field|
       if self.send(field).blank?
         self.errors.add_on_blank(field)
@@ -72,10 +85,6 @@ class Community &lt; Organization
     recent_documents(limit, ["articles.type != ? AND articles.highlighted = ?", 'Folder', highlight])
   end
  
-  def blocks_to_expire_cache
-    [MembersBlock]
-  end
-
   def each_member(offset=0)
     while member = self.members.first(:order => :id, :offset => offset)
       yield member
@@ -84,7 +93,7 @@ class Community &lt; Organization
   end
  
   def control_panel_settings_button
-    {:title => __('Community Info and settings'), :icon => 'edit-profile-group'}
+    {:title => _('Community Info and settings'), :icon => 'edit-profile-group'}
   end
  
   def activities
@@ -1,49 +0,0 @@
-class Contact < ActiveRecord::Base #WithoutTable
-  tableless :columns => [
-    [:name, :string],
-    [:subject, :string],
-    [:message, :string],
-    [:email, :string],
-    [:state, :string],
-    [:city, :string],
-    [:receive_a_copy, :boolean]
-  ]
-  attr_accessor :dest
-  attr_accessor :sender
-
-  N_('Subject'); N_('Message'); N_('City and state'); N_('e-Mail'); N_('Name')
-
-  validates_presence_of :subject, :email, :message, :name
-  validates_format_of :email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda {|o| !o.email.blank?})
-
-  def deliver
-    return false unless self.valid?
-    Contact::Sender.deliver_mail(self)
-  end
-
-  class Sender < ActionMailer::Base
-    def mail(contact)
-      content_type 'text/html'
-      emails = contact.dest.notification_emails
-      recipients emails
-      from "#{contact.name} <#{contact.dest.environment.noreply_email}>"
-      reply_to contact.email
-      if contact.sender
-        headers 'X-Noosfero-Sender' => contact.sender.identifier
-      end
-      if contact.receive_a_copy
-        cc "#{contact.name} <#{contact.email}>"
-      end
-      subject "[#{contact.dest.short_name(30)}] " + contact.subject
-      body :name => contact.name,
-        :email => contact.email,
-        :city => contact.city,
-        :state => contact.state,
-        :message => contact.message,
-        :environment => contact.dest.environment.name,
-        :url => url_for(:host => contact.dest.environment.default_hostname, :controller => 'home'),
-        :target => contact.dest.name
-    end
-  end
-
-end
@@ -16,12 +16,16 @@ class ContactList &lt; ActiveRecord::Base
  
   def register_auth_error
     msg = _('There was an error while authenticating. Did you enter correct login and password?')
-    self.update_attributes(:fetched => true, :error_fetching => msg)
+    self.fetched = true
+    self.error_fetching = msg
+    self.save!
   end
  
   def register_error
     msg = _('There was an error while looking for your contact list. Please, try again')
-    self.update_attributes(:fetched => true, :error_fetching => msg)
+    self.fetched = true
+    self.error_fetching = msg
+    self.save!
   end
  
 end
@@ -36,14 +36,18 @@ class CreateEnterprise &lt; Task
   validates_presence_of :reject_explanation, :if => (lambda { |record| record.status == Task::Status::CANCELLED } )
   xss_terminate :only => [ :acronym, :address, :contact_person, :contact_phone, :economic_activity, :legal_form, :management_information, :name ], :on => 'validation'
  
-  def validate
+  validate :validator_correct_region
+  validate :not_used_identifier
  
+  def validator_correct_region
     if self.region && self.target
       unless self.region.validators.include?(self.target) || self.target_type == "Environment"
         self.errors.add(:target, _('{fn} is not a validator for the chosen region').fix_i18n)
       end
     end
+  end
  
+  def not_used_identifier
     if self.status != Task::Status::CANCELLED && self.identifier && Profile.exists?(:identifier => self.identifier)
       self.errors.add(:identifier, _('{fn} is already being as identifier by another enterprise, organization or person.').fix_i18n)
     end
@@ -165,18 +169,18 @@ class CreateEnterprise &lt; Task
   end
  
   def task_finished_message
-    __('Your request for registering the enterprise "%{enterprise}" was approved. You can access %{environment} now and provide start providing all relevant information your new enterprise.') % { :enterprise => self.name, :environment => self.environment }
+    _('Your request for registering the enterprise "%{enterprise}" was approved. You can access %{environment} now and provide start providing all relevant information your new enterprise.') % { :enterprise => self.name, :environment => self.environment }
   end
  
   def task_cancelled_message
-    __("Your request for registering the enterprise %{enterprise} at %{environment} was NOT approved by the validator organization. The following explanation was given: \n\n%{explanation}") % { :enterprise => self.name, :environment => self.environment, :explanation => self.reject_explanation }
+    _("Your request for registering the enterprise %{enterprise} at %{environment} was NOT approved by the validator organization. The following explanation was given: \n\n%{explanation}") % { :enterprise => self.name, :environment => self.environment, :explanation => self.reject_explanation }
   end
  
   def target_notification_message
     msg = ""
-    msg << __("Enterprise \"%{enterprise}\" just requested to enter %{environment}. You have to approve or reject it through the \"Pending Validations\" section in your control panel.\n") % { :enterprise => self.name, :environment => self.environment }
+    msg << _("Enterprise \"%{enterprise}\" just requested to enter %{environment}. You have to approve or reject it through the \"Pending Validations\" section in your control panel.\n") % { :enterprise => self.name, :environment => self.environment }
     msg << "\n"
-    msg << __("The data provided by the enterprise was the following:\n") << "\n"
+    msg << _("The data provided by the enterprise was the following:\n") << "\n"
  
  
     msg << (_("Name: %s") % self.name) << "\n"
@@ -186,12 +190,12 @@ class CreateEnterprise &lt; Task
     msg << (_("Foundation Year: %d") % self.foundation_year) << "\n" unless self.foundation_year.blank?
     msg << (_("Economic activity: %s") % self.economic_activity) << "\n"
  
-    msg << __("Information about enterprise's management:\n") << self.management_information.to_s << "\n"
+    msg << _("Information about enterprise's management:\n") << self.management_information.to_s << "\n"
  
     msg << (_("Contact phone: %s") % self.contact_phone) << "\n"
     msg << (_("Contact person: %s") % self.contact_person) << "\n"
  
-    msg << __('CreateEnterprise|Identifier')
+    msg << _('CreateEnterprise|Identifier')
  
     msg
   end
 class DisabledEnterpriseMessageBlock < Block
  
   def self.description
-    __('"Disabled enterprise" message')
+    _('"Disabled enterprise" message')
   end
  
   def help
-    __('Shows a message for disabled enterprises.')
+    _('Shows a message for disabled enterprises.')
   end
  
   def default_title
@@ -14,7 +14,7 @@ class DisabledEnterpriseMessageBlock &lt; Block
  
   def content(args={})
     message = self.owner.environment.message_for_disabled_enterprise || ''
-    lambda do
+    lambda do |_|
        render :file => 'blocks/disabled_enterprise_message', :locals => {:message => message}
     end
   end
@@ -31,7 +31,7 @@ class DocItem
       search_path.unshift("/designs/themes/#{theme}#{translation}") # higher priority
       search_path.push("/designs/themes/#{theme}#{image}") # lower priority
     end
-    search_path.find {|file| File.exist?("#{RAILS_ROOT}/public#{file}") }
+    search_path.find {|file| File.exist?(Rails.root.join('public', file[1..-1])) }
   end
  
 end
 class DocSection < DocItem
  
   def self.root_dir
-    @root_dir ||= File.join(RAILS_ROOT, 'doc', 'noosfero')
+    @root_dir ||= Rails.root.join('doc', 'noosfero')
   end
  
   def items
+require 'noosfero/multi_tenancy'
+
 class Domain < ActiveRecord::Base
  
+  attr_accessible :name, :owner
+
   # relationships
   ###############
  
@@ -15,7 +19,9 @@ class Domain &lt; ActiveRecord::Base
   # checks validations that could not be expressed using Rails' predefined
   # validations. In particular:
   # * <tt>name</tt> must not start with 'www.'
-  def validate
+  validate :no_www
+
+  def no_www
     if self.name =~ /^www\./
       self.errors.add(:name, _('{fn} must not start with www.').fix_i18n)
     end
 class EmailActivation < Task
  
   validates_presence_of :requestor_id, :target_id
+  validate :already_requested, :on => :create
  
   alias :environment :target
   alias :person :requestor
  
-  def validate_on_create
+  def already_requested
     if !self.requestor.nil? && self.requestor.user.email_activation_pending?
-      self.errors.add_to_base(_('You have already requested activation of your mailbox.'))
+      self.errors.add(:base, _('You have already requested activation of your mailbox.'))
     end
   end
  
@@ -33,7 +34,7 @@ class EmailActivation &lt; Task
  
   # :nodoc:
   def after_finish
-    User::Mailer.deliver_activation_email_notify(person.user)
+    UserMailer.activation_email_notify(person.user).deliver
   end
  
   def sends_email?
@@ -2,6 +2,8 @@
 # only enterprises can offer products and services.
 class Enterprise < Organization
  
+  attr_accessible :business_name, :address_reference, :district, :tag_list, :organization_website, :historic_and_current_context, :activities_short_description, :products_per_catalog_page
+
   SEARCH_DISPLAYS += %w[map full]
  
   def self.type_name
@@ -17,12 +19,12 @@ class Enterprise &lt; Organization
   has_and_belongs_to_many :fans, :class_name => 'Person', :join_table => 'favorite_enteprises_people'
  
   def product_categories
-    products.includes(:product_category).map{|p| p.category_full_name}.compact
+    ProductCategory.by_enterprise(self)
   end
  
   N_('Organization website'); N_('Historic and current context'); N_('Activities short description'); N_('City'); N_('State'); N_('Country'); N_('ZIP code')
  
-  settings_items :organization_website, :historic_and_current_context, :activities_short_description, :zip_code, :city, :state, :country
+  settings_items :organization_website, :historic_and_current_context, :activities_short_description
   settings_items :products_per_catalog_page, :type => :integer, :default => 6
  
   extend SetProfileRegionFromCityState::ClassMethods
@@ -54,8 +56,9 @@ class Enterprise &lt; Organization
     super + FIELDS
   end
  
-  def validate
-    super
+  validate :presence_of_required_fieds
+
+  def presence_of_required_fieds
     self.required_fields.each do |field|
       if self.send(field).blank?
         self.errors.add_on_blank(field)
@@ -97,14 +100,18 @@ class Enterprise &lt; Organization
     save
   end
  
+  def activation_task
+    self.tasks.where(:type => 'EnterpriseActivation').first
+  end
+
   def enable(owner)
     return if enabled
-    affiliate(owner, Profile::Roles.all_roles(environment.id))
-    update_attribute(:enabled,true)
-    if environment.replace_enterprise_template_when_enable
-      apply_template(template)
-    end
-    save_without_validation!
+    # must be set first for the following to work
+    self.enabled = true
+    self.affiliate owner, Profile::Roles.all_roles(self.environment.id) if owner
+    self.apply_template template if self.environment.replace_enterprise_template_when_enable
+    self.activation_task.update_attribute :status, Task::Status::FINISHED rescue nil
+    self.save(:validate => false)
   end
  
   def question
@@ -168,7 +175,7 @@ class Enterprise &lt; Organization
   alias_method_chain :template, :inactive_enterprise
  
   def control_panel_settings_button
-    {:title => __('Enterprise Info and settings'), :icon => 'edit-profile-enterprise'}
+    {:title => _('Enterprise Info and settings'), :icon => 'edit-profile-enterprise'}
   end
  
   settings_items :enable_contact_us, :type => :boolean, :default => true
@@ -178,7 +185,7 @@ class Enterprise &lt; Organization
   end
  
   def control_panel_settings_button
-    {:title => __('Enterprise Info and settings'), :icon => 'edit-profile-enterprise'}
+    {:title => _('Enterprise Info and settings'), :icon => 'edit-profile-enterprise'}
   end
  
   def create_product?
 class EnterpriseActivation < Task
  
-  class RequestorRequired < Exception; end
+  alias :person :requestor
+  alias :person= :requestor=
  
-  settings_items :enterprise_id, :integer
+  alias :enterprise :target
+  alias :enterprise= :target=
  
-  validates_presence_of :enterprise_id
-
-  def enterprise
-    Enterprise.find(enterprise_id)
-  end
-
-  def enterprise=(ent)
-    self.enterprise_id = ent.id
-  end
+  validates_presence_of :enterprise
  
   def perform
-    raise EnterpriseActivation::RequestorRequired if requestor.nil?
-    self.enterprise.enable(requestor)
+    self.enterprise.enable self.requestor
   end
  
   def title
@@ -28,15 +21,27 @@ class EnterpriseActivation &lt; Task
   end
  
   def information
-    {:message => _('%{requestor} wants to activate enterprise %{linked_subject}.')}
+    if self.requestor
+      {:message => _('%{requestor} wants to activate enterprise %{linked_subject}.')}
+    else
+      {:message => _('Pending activation of enterprise %{linked_subject}.')}
+    end
   end
  
   def icon
-    {:type => :profile_image, :profile => requestor, :url => requestor.url}
+    if self.requestor
+      {:type => :profile_image, :profile => self.requestor, :url => self.requestor.url}
+    else
+      {:type => :profile_image, :profile => self.enterprise, :url => self.enterprise.url}
+    end
   end
  
   def target_notification_description
-    _('%{requestor} wants to activate enterprise %{enterprise}.') % {:requestor => requestor.name, :enterprise => enterprise.name}
+    if self.requestor
+      _('%{requestor} wants to activate enterprise %{enterprise}.') % {:requestor => self.requestor.name, :enterprise => self.enterprise.name}
+    else
+      _('Pending activation of enterprise %{enterprise}.') % {:enterprise => self.enterprise.name}
+    end
   end
  
 end
@@ -5,7 +5,7 @@ class EnterpriseHomepage &lt; Article
   end
  
   def self.short_description
-    __('Enterprise homepage')
+    _('Enterprise homepage')
   end
  
   def self.description
@@ -18,7 +18,7 @@ class EnterpriseHomepage &lt; Article
  
   def to_html(options = {})
     enterprise_homepage = self
-    lambda do
+    proc do
       extend EnterpriseHomepageHelper
       extend CatalogHelper
       catalog_load_index :page => 1, :show_categories => false
@@ -26,6 +26,11 @@ class EnterpriseHomepage &lt; Article
     end
   end
  
+  # disable cache because of products
+  def cache_key params = {}, the_profile = nil, language = 'en'
+    rand
+  end
+
   def can_display_hits?
     false
   end
 class EnterprisesBlock < ProfileListBlock
  
   def default_title
-    n__('{#} enterprise', '{#} enterprises', profile_count)
+    n_('{#} enterprise', '{#} enterprises', profile_count)
   end
  
   def help
-    __('This block displays the enterprises where this user works.')
+    _('This block displays the enterprises where this user works.')
   end
  
   def self.description
-    __('Enterprises')
+    _('Enterprises')
   end
  
   def footer
     owner = self.owner
     case owner
     when Profile
-      lambda do
+      proc do
         link_to s_('enterprises|View all'), :profile => owner.identifier, :controller => 'profile', :action => 'enterprises'
       end
     when Environment
-      lambda do
+      proc do
         link_to s_('enterprises|View all'), :controller => 'search', :action => 'assets', :asset => 'enterprises'
       end
     else
@@ -3,6 +3,8 @@
 # domains.
 class Environment < ActiveRecord::Base
  
+  attr_accessible :name, :is_default, :signup_welcome_text_subject, :signup_welcome_text_body, :terms_of_use, :message_for_disabled_enterprise, :news_amount_by_folder, :default_language, :languages, :description, :organization_approval_method, :enabled_plugins, :enabled_features, :redirection_after_login, :redirection_after_signup, :contact_email, :theme, :reports_lower_bound, :noreply_email, :signup_welcome_screen_body
+
   has_many :users
  
   self.partial_updates = false
@@ -91,9 +93,9 @@ class Environment &lt; ActiveRecord::Base
   def self.available_features
     {
       'disable_asset_articles' => _('Disable search for articles '),
-      'disable_asset_enterprises' => __('Disable search for enterprises'),
+      'disable_asset_enterprises' => _('Disable search for enterprises'),
       'disable_asset_people' => _('Disable search for people'),
-      'disable_asset_communities' => __('Disable search for communities'),
+      'disable_asset_communities' => _('Disable search for communities'),
       'disable_asset_products' => _('Disable search for products'),
       'disable_asset_events' => _('Disable search for events'),
       'disable_categories' => _('Disable categories'),
@@ -104,11 +106,11 @@ class Environment &lt; ActiveRecord::Base
       'disable_contact_person' => _('Disable contact for people'),
       'disable_contact_community' => _('Disable contact for groups/communities'),
  
-      'products_for_enterprises' => __('Enable products for enterprises'),
-      'enterprise_registration' => __('Enterprise registration'),
-      'enterprise_activation' => __('Enable activation of enterprises'),
-      'enterprises_are_disabled_when_created' => __('Enterprises are disabled when created'),
-      'enterprises_are_validated_when_created' => __('Enterprises are validated when created'),
+      'products_for_enterprises' => _('Enable products for enterprises'),
+      'enterprise_registration' => _('Enterprise registration'),
+      'enterprise_activation' => _('Enable activation of enterprises'),
+      'enterprises_are_disabled_when_created' => _('Enterprises are disabled when created'),
+      'enterprises_are_validated_when_created' => _('Enterprises are validated when created'),
  
       'media_panel' => _('Media panel in WYSIWYG editor'),
       'select_preferred_domain' => _('Select preferred domains per profile'),
@@ -181,7 +183,6 @@ class Environment &lt; ActiveRecord::Base
  
     # "right" area
     env.boxes[2].blocks << CommunitiesBlock.new(:limit => 6)
-    env.boxes[2].blocks << PeopleBlock.new(:limit => 6)
   end
  
   # One Environment can be reached by many domains
@@ -200,6 +201,8 @@ class Environment &lt; ActiveRecord::Base
  
   has_many :product_categories, :conditions => { :type => 'ProductCategory'}
   has_many :regions
+  has_many :states
+  has_many :cities
  
   has_many :roles, :dependent => :destroy
  
@@ -295,6 +298,12 @@ class Environment &lt; ActiveRecord::Base
   settings_items :access_control_allow_origin, :type => Array, :default => []
   settings_items :access_control_allow_methods, :type => String
  
+  settings_items :signup_welcome_screen_body, :type => String
+
+  def has_custom_welcome_screen?
+    settings[:signup_welcome_screen_body].present?
+  end
+
   settings_items :members_whitelist_enabled, :type => :boolean, :default => false
   settings_items :members_whitelist, :type => Array, :default => []
  
@@ -364,19 +373,22 @@ class Environment &lt; ActiveRecord::Base
     features.delete_if{ |k, v| !self.enabled?(k) }
   end
  
+  DEFAULT_FEATURES = %w(
+    disable_asset_products
+    disable_gender_icon
+    products_for_enterprises
+    disable_select_city_for_contact
+    enterprise_registration
+    media_panel
+    organizations_are_moderated_by_default
+    show_balloon_with_profile_links_when_clicked
+    show_zoom_button_on_article_images
+    use_portal_community
+  )
+
   before_create :enable_default_features
   def enable_default_features
-    %w(
-      disable_asset_products
-      disable_gender_icon
-      products_for_enterprises
-      disable_select_city_for_contact
-      enterprise_registration
-      media_panel
-      organizations_are_moderated_by_default
-      show_balloon_with_profile_links_when_clicked
-      use_portal_community
-    ).each do |feature|
+    DEFAULT_FEATURES.each do |feature|
       enable(feature, false)
     end
   end
@@ -420,22 +432,6 @@ class Environment &lt; ActiveRecord::Base
     self.settings[:organization_approval_method] = actual_value
   end
  
-  def terminology
-    if self.settings[:terminology]
-      self.settings[:terminology].constantize.instance
-    else
-      Noosfero.terminology
-    end
-  end
-
-  def terminology=(value)
-    if value
-      self.settings[:terminology] = value.class.name
-    else
-      self.settings[:terminology] = nil
-    end
-  end
-
   def custom_person_fields
     self.settings[:custom_person_fields].nil? ? {} : self.settings[:custom_person_fields]
   end
@@ -626,7 +622,10 @@ class Environment &lt; ActiveRecord::Base
   validates_numericality_of :reports_lower_bound, :allow_nil => false, :only_integer => true, :greater_than_or_equal_to => 0
  
   include WhiteListFilter
-  filter_iframes :message_for_disabled_enterprise, :whitelist => lambda { trusted_sites_for_iframe }
+  filter_iframes :message_for_disabled_enterprise
+  def iframe_whitelist
+    trusted_sites_for_iframe
+  end
  
   # #################################################
   # Business logic in general
@@ -655,6 +654,10 @@ class Environment &lt; ActiveRecord::Base
     domain
   end
  
+  def admin_url
+    { :controller => 'admin_panel', :action => 'index' }
+  end
+
   def top_url
     url = 'http://'
     url << (Noosfero.url_options.key?(:host) ? Noosfero.url_options[:host] : default_hostname)
@@ -676,9 +679,7 @@ class Environment &lt; ActiveRecord::Base
   has_many :tags, :through => :articles
  
   def tag_counts
-    options = Article.find_options_for_tag_counts.merge(:conditions => ['profiles.environment_id = ?', self.id])
-    options[:joins] = options[:joins] + ' LEFT OUTER JOIN profiles on profiles.id = articles.profile_id'
-    Tag.find(:all, options).inject({}) do |memo,tag|
+    articles.tag_counts.inject({}) do |memo,tag|
       memo[tag.name] = tag.count
       memo
     end
@@ -811,31 +812,68 @@ class Environment &lt; ActiveRecord::Base
   after_create :create_templates
  
   def create_templates
-    pre = self.name.to_slug + '_'
-    ent_id = Enterprise.create!(:name => 'Enterprise template', :identifier => pre + 'enterprise_template', :environment => self, :visible => false, :is_template => true).id
-    inactive_enterprise_tmpl = Enterprise.create!(:name => 'Inactive Enterprise template', :identifier => pre + 'inactive_enterprise_template', :environment => self, :visible => false, :is_template => true)
-    com_id = Community.create!(:name => 'Community template', :identifier => pre + 'community_template', :environment => self, :visible => false, :is_template => true).id
+    prefix = self.name.to_slug + '_'
+
+    enterprise_template = Enterprise.new(
+      :name => 'Enterprise template',
+      :identifier => prefix + 'enterprise_template'
+    )
+
+    inactive_enterprise_template = Enterprise.new(
+      :name => 'Inactive Enterprise template',
+      :identifier => prefix + 'inactive_enterprise_template'
+    )
+
+    community_template = Community.new(
+      :name => 'Community template',
+      :identifier => prefix + 'community_template'
+    )
+
+    [
+      enterprise_template,
+      inactive_enterprise_template,
+      community_template
+    ].each do |profile|
+      profile.is_template = true
+      profile.visible = false
+      profile.environment = self
+      profile.save!
+    end
+
     pass = Digest::MD5.hexdigest rand.to_s
-    user = User.create!(:login => (pre + 'person_template'), :email => (pre + 'template@template.noo'), :password => pass, :password_confirmation => pass, :environment => self).person
-    user.update_attributes(:visible => false, :name => "Person template", :is_template => true)
-    usr_id = user.id
-    self.settings[:enterprise_template_id] = ent_id
-    self.inactive_enterprise_template = inactive_enterprise_tmpl
-    self.settings[:community_template_id] = com_id
-    self.settings[:person_template_id] = usr_id
+    user = User.new(:login => (prefix + 'person_template'), :email => (prefix + 'template@template.noo'), :password => pass, :password_confirmation => pass)
+    user.environment = self
+    user.save!
+
+    person_template = user.person
+    person_template.name = "Person template"
+    person_template.is_template = true
+    person_template.visible = false
+    person_template.save!
+
+    self.enterprise_template = enterprise_template
+    self.inactive_enterprise_template = inactive_enterprise_template
+    self.community_template = community_template
+    self.person_template = person_template
     self.save!
   end
  
   after_create :create_default_licenses
   def create_default_licenses
-    License.create!(:name => 'CC (by)', :url => 'http://creativecommons.org/licenses/by/3.0/legalcode', :environment => self)
-    License.create!(:name => 'CC (by-nd)', :url => 'http://creativecommons.org/licenses/by-nd/3.0/legalcode', :environment => self)
-    License.create!(:name => 'CC (by-sa)', :url => 'http://creativecommons.org/licenses/by-sa/3.0/legalcode', :environment => self)
-    License.create!(:name => 'CC (by-nc)', :url => 'http://creativecommons.org/licenses/by-nc/3.0/legalcode', :environment => self)
-    License.create!(:name => 'CC (by-nc-nd)', :url => 'http://creativecommons.org/licenses/by-nc-nd/3.0/legalcode', :environment => self)
-    License.create!(:name => 'CC (by-nc-sa)', :url => 'http://creativecommons.org/licenses/by-nc-sa/3.0/legalcode', :environment => self)
-    License.create!(:name => 'Free Art', :url => 'http://artlibre.org/licence/lal/en', :environment => self)
-    License.create!(:name => 'GNU FDL', :url => 'http://www.gnu.org/licenses/fdl-1.3.txt', :environment => self)
+    [
+      { :name => 'CC (by)', :url => 'http://creativecommons.org/licenses/by/3.0/legalcode'},
+      { :name => 'CC (by-nd)', :url => 'http://creativecommons.org/licenses/by-nd/3.0/legalcode'},
+      { :name => 'CC (by-sa)', :url => 'http://creativecommons.org/licenses/by-sa/3.0/legalcode'},
+      { :name => 'CC (by-nc)', :url => 'http://creativecommons.org/licenses/by-nc/3.0/legalcode'},
+      { :name => 'CC (by-nc-nd)', :url => 'http://creativecommons.org/licenses/by-nc-nd/3.0/legalcode'},
+      { :name => 'CC (by-nc-sa)', :url => 'http://creativecommons.org/licenses/by-nc-sa/3.0/legalcode'},
+      { :name => 'Free Art', :url => 'http://artlibre.org/licence/lal/en'},
+      { :name => 'GNU FDL', :url => 'http://www.gnu.org/licenses/fdl-1.3.txt'},
+    ].each do |data|
+      license = License.new(data)
+      license.environment = self
+      license.save!
+    end
   end
  
   def highlighted_products_with_image(options = {})
@@ -1,25 +0,0 @@
-class EnvironmentMailing < Mailing
-
-  def recipients(offset=0, limit=100)
-   source.people.all(:order => :id, :offset => offset, :limit => limit, :joins => "LEFT OUTER JOIN mailing_sents m ON (m.mailing_id = #{id} AND m.person_id = profiles.id)", :conditions => { "m.person_id" => nil })
-  end
-
-  def each_recipient
-    offset = 0
-    limit = 100
-    while !(people = recipients(offset, limit)).empty?
-      people.each do |person|
-          yield person
-      end
-      offset = offset + limit
-    end
-  end
-
-  def signature_message
-    _('Sent by %s.') % source.name
-  end
-
-  def url
-    source.top_url
-  end
-end
@@ -23,9 +23,9 @@ class EnvironmentStatisticsBlock &lt; Block
     info = []
     info << (n_('One user', '%{num} users', users) % { :num => users })
     unless owner.enabled?('disable_asset_enterprises')
-      info << (n__('One enterprise', '%{num} enterprises', enterprises) % { :num => enterprises })
+      info << (n_('One enterprise', '%{num} enterprises', enterprises) % { :num => enterprises })
     end
-    info << (n__('One community', '%{num} communities', communities) % { :num => communities })
+    info << (n_('One community', '%{num} communities', communities) % { :num => communities })
  
     block_title(title) + content_tag('ul', info.map {|item| content_tag('li', item) }.join("\n"))
   end
+require 'noosfero/translatable_content'
+require 'builder'
+
 class Event < Article
  
+  attr_accessible :start_date, :end_date, :link, :address
+
   def self.type_name
     _('Event')
   end
@@ -29,27 +34,30 @@ class Event &lt; Article
     end
   end
  
-  named_scope :by_day, lambda { |date|
+  scope :by_day, lambda { |date|
     { :conditions => ['start_date = :date AND end_date IS NULL OR (start_date <= :date AND end_date >= :date)', {:date => date}],
       :order => 'start_date ASC'
     }
   }
  
-  named_scope :next_events_from_month, lambda { |date|
+  scope :next_events_from_month, lambda { |date|
     date_temp = date.strftime("%Y-%m-%d")
     { :conditions => ["start_date >= ?","#{date_temp}"],
       :order => 'start_date ASC'
     }
   }
  
-  named_scope :by_month, lambda { |date|
+  scope :by_month, lambda { |date|
     { :conditions => ["EXTRACT(YEAR FROM start_date) = ? AND EXTRACT(MONTH FROM start_date) = ?",date.year,date.month],
       :order => 'start_date ASC'
     }
   }
  
   include WhiteListFilter
-  filter_iframes :body, :link, :address, :whitelist => lambda { profile && profile.environment && profile.environment.trusted_sites_for_iframe }
+  filter_iframes :body, :link, :address
+  def iframe_whitelist
+    profile && profile.environment && profile.environment.trusted_sites_for_iframe
+  end
  
   def self.description
     _('A calendar event.')
@@ -63,7 +71,7 @@ class Event &lt; Article
     'event'
   end
  
-  named_scope :by_range, lambda { |range| {
+  scope :by_range, lambda { |range| {
     :conditions => [
       'start_date BETWEEN :start_day AND :end_day OR end_date BETWEEN :start_day AND :end_day',
       { :start_day => range.first, :end_day => range.last }
@@ -93,29 +101,27 @@ class Event &lt; Article
   # FIXME this shouldn't be needed
   include ActionView::Helpers::TagHelper
   include ActionView::Helpers::UrlHelper
-  include ActionController::UrlWriter
   include DatesHelper
  
   def to_html(options = {})
  
     result = ''
-    html = Builder::XmlMarkup.new(:target => result)
+    html = ::Builder::XmlMarkup.new(:target => result)
  
     html.div(:class => 'event-info' ) {
-
       html.ul(:class => 'event-data' ) {
         html.li(:class => 'event-dates' ) {
           html.span _('When:')
           html.text! show_period(start_date, end_date)
-        }
+        } if start_date.present? || end_date.present?
         html.li {
           html.span _('URL:')
           html.a(self.link || "", 'href' => self.link || "")
-        }
+        } if self.link.present?
         html.li {
           html.span _('Address:')
           html.text! self.address || ""
-        }
+        } if self.address.present?
       }
  
       # TODO: some good soul, please clean this ugly hack:
@@ -5,11 +5,13 @@ class ExternalFeed &lt; ActiveRecord::Base
   validates_presence_of :address, :if => lambda {|efeed| efeed.enabled}
   validates_uniqueness_of :blog_id
  
-  named_scope :enabled, :conditions => { :enabled => true }
-  named_scope :expired, lambda {
+  scope :enabled, :conditions => { :enabled => true }
+  scope :expired, lambda {
     { :conditions => ['(fetched_at is NULL) OR (fetched_at < ?)', Time.now - FeedUpdater.update_interval] }
   }
  
+  attr_accessible :address, :enabled
+
   def add_item(title, link, date, content)
     doc = Hpricot(content)
     doc.search('*').each do |p|
@@ -20,7 +22,14 @@ class ExternalFeed &lt; ActiveRecord::Base
     end
     content = doc.to_s
  
-    article = TinyMceArticle.new(:name => title, :profile => blog.profile, :body => content, :published_at => date, :source => link, :profile => blog.profile, :parent => blog)
+    article = TinyMceArticle.new
+    article.name = title
+    article.profile = blog.profile
+    article.body = content 
+    article.published_at = date 
+    article.source = link 
+    article.profile = blog.profile 
+    article.parent = blog
     unless blog.children.exists?(:slug => article.slug)
       article.save!
       article.delay.create_activity
@@ -5,7 +5,7 @@ class FansBlock &lt; ProfileListBlock
   end
  
   def default_title
-    n__('{#} fan', '{#} fans', profile_count)
+    n_('{#} fan', '{#} fans', profile_count)
   end
  
   def help
@@ -14,7 +14,7 @@ class FansBlock &lt; ProfileListBlock
  
   def footer
     profile = self.owner
-    lambda do
+    proc do
       link_to _('View all'), :profile => profile.identifier, :controller =>
       'profile', :action => 'fans'
     end
 class FavoriteEnterprisesBlock < ProfileListBlock
  
   def default_title
-    __('Favorite Enterprises')
+    _('Favorite Enterprises')
   end
  
   def help
-    __('This block lists your favorite enterprises.')
+    _('This block lists your favorite enterprises.')
   end
  
   def self.description
-    __('Favorite Enterprises')
+    _('Favorite Enterprises')
   end
  
   def footer
     owner = self.owner
     return '' unless owner.kind_of?(Person)
-    lambda do
-      link_to __('View all'), :profile => owner.identifier, :controller => 'profile', :action => 'favorite_enterprises'
+    proc do
+      link_to _('View all'), :profile => owner.identifier, :controller => 'profile', :action => 'favorite_enterprises'
     end
   end
  
@@ -28,7 +28,7 @@ class FeaturedProductsBlock &lt; Block
  
   def content(args={})
     block = self
-    lambda do
+    proc do
       render :file => 'blocks/featured_products', :locals => { :block => block }
     end
   end
 class FeedReaderBlock < Block
  
-  def initialize(attributes = nil)
+  attr_accessible :address, :update_errors
+
+  def initialize(attributes = nil, options = {})
     data = attributes || {}
-    super({ :enabled => !data[:address].blank? }.merge(data))
+    super(data)
+    self.enabled= !data[:address].blank?
   end
  
   include DatesHelper
@@ -24,7 +27,7 @@ class FeedReaderBlock &lt; Block
   settings_items :update_errors, :type => :integer, :default => 0
   settings_items :error_message, :type => :string
  
-  named_scope :expired, lambda {
+  scope :expired, lambda {
     { :conditions => [ '(fetched_at is NULL) OR (fetched_at < ?)', Time.now - FeedUpdater.update_interval] }
   }
  
@@ -15,7 +15,10 @@ class Folder &lt; Article
   xss_terminate :only => [ :body ], :with => 'white_list', :on => 'validation'
  
   include WhiteListFilter
-  filter_iframes :body, :whitelist => lambda { profile && profile.environment && profile.environment.trusted_sites_for_iframe }
+  filter_iframes :body
+  def iframe_whitelist
+    profile && profile.environment && profile.environment.trusted_sites_for_iframe
+  end
  
   def self.short_description
     _('Folder')
@@ -32,7 +35,7 @@ class Folder &lt; Article
   include ActionView::Helpers::TagHelper
   def to_html(options = {})
     folder = self
-    lambda do
+    proc do
       render :file => 'content_viewer/folder', :locals => {:folder => folder}
     end
   end
@@ -3,6 +3,8 @@ class Forum &lt; Folder
   acts_as_having_posts :order => 'updated_at DESC'
   include PostsLimit
  
+  attr_accessible :has_terms_of_use, :terms_of_use, :allows_members_to_create_topics
+
   settings_items :terms_of_use, :type => :string, :default => ""
   settings_items :has_terms_of_use, :type => :boolean, :default => false
   settings_items :allows_members_to_create_topics, :type => :boolean, :default => false
@@ -33,7 +35,7 @@ class Forum &lt; Folder
  
   include ActionView::Helpers::TagHelper
   def to_html(options = {})
-    lambda do
+    proc do
       render :file => 'content_viewer/forum_page'
     end
   end
@@ -1,26 +0,0 @@
-class FriendsBlock < ProfileListBlock
-
-  def self.description
-    __('Friends')
-  end
-
-  def default_title
-    n__('{#} friend', '{#} friends', profile_count)
-  end
-
-  def help
-    _('This block displays your friends.')
-  end
-
-  def footer
-    owner_id = owner.identifier
-    lambda do
-      link_to s_('friends|View all'), :profile => owner_id, :controller => 'profile', :action => 'friends'
-    end
-  end
-
-  def profiles
-    owner.friends
-  end
-
-end
...	...	@@ -6,6 +6,7 @@ noosfero, that's not a problem).
6	6	Developers
7	7	==========
8	8
	9	+Ábner Silva de Oliveira <abner.oliveira@serpro.gov.br>
9	10	Alan Freihof Tygel <alantygel@gmail.com>
10	11	alcampelo <alcampelo@alcampelo.(none)>
11	12	Alessandro Palmeira <alessandro.palmeira@gmail.com>
...	...	@@ -43,6 +44,7 @@ Ana Losnak <analosnak@gmail.com>
43	44	Antonio Terceiro + Carlos Morais <terceiro@colivre.coop.br>
44	45	Antonio Terceiro + Paulo Meirelles <terceiro@colivre.coop.br>
45	46	Antonio Terceiro <terceiro@colivre.coop.br>
	47	+Arthur Del Esposte <arthurmde@gmail.com>
46	48	Arthur Del Esposte <arthurmde@yahoo.com.br>
47	49	Aurelio A. Heckert <aurelio@colivre.coop.br>
48	50	Braulio Bhavamitra <brauliobo@gmail.com>
...	...	@@ -71,12 +73,14 @@ Caio Salgado + Renan Teruo <caio.salgado@gmail.com>
71	73	Caio Salgado + Renan Teruo + Jefferson Fernandes <jeffs.fernandes@gmail.com>
72	74	Caio Salgado + Renan Teruo <renanteruoc@gmail.com>
73	75	Caio SBA <caio@colivre.coop.br>
	76	+Caio Tiago Oliveira <caiotiago@colivre.coop.br>
74	77	Carlos Andre de Souza <carlos.andre.souza@msn.com>
75	78	Carlos Morais <carlos88morais@gmail.com>
76	79	Carlos Morais + Diego Araújo <diegoamc90@gmail.com>
77	80	Carlos Morais + Eduardo Morais <carlos88morais@gmail.com>
78	81	Carlos Morais + Paulo Meirelles <carlos88morais@gmail.com>
79	82	Carlos Morais + Pedro Leal <carlos88morais@gmail.com>
	83	+Daniela Feitosa <dani@dohko.(none)>
80	84	Daniel Alves + Diego Araújo <danpaulalves@gmail.com>
81	85	Daniel Alves + Diego Araújo <diegoamc90@gmail.com>
82	86	Daniel Alves + Diego Araújo + Guilherme Rojas <danpaulalves@gmail.com>
...	...	@@ -117,6 +121,8 @@ Diego Martinez <diegoamc90@gmail.com>
117	121	Diego Martinez <diego@diego-K55A.(none)>
118	122	Diego + Renan <renanteruoc@gmail.com>
119	123	Eduardo Tourinho Edington <eduardo.edington@serpro.gov.br>
	124	+Evandro Jr <evandrojr@gmail.com>
	125	+Evandro Junior <evandrojr@gmail.com>
120	126	Fabio Teixeira <fabio1079@gmail.com>
121	127	Fernanda Lopes <nanda.listas+psl@gmail.com>
122	128	Francisco Marcelo A. Lima Júnior <francisco.lima-junior@serpro.gov.br>
...	...	@@ -132,6 +138,7 @@ Italo Valcy <italo@dcc.ufba.br>
132	138	Jefferson Fernandes + Diego Araujo + Rafael Manzo <jeffs.fernandes@gmail.com>
133	139	Jefferson Fernandes + Joao M. M. da Silva <jeffs.fernandes@gmail.com>
134	140	Jefferson Fernandes + Joao M. M. Silva <jeffs.fernandes@gmail.com>
	141	+João da Silva + Eduardo Morais + Rafael Manzo <rr.manzo@gmail.com>
135	142	João da Silva <jaodsilv@linux.ime.usp.br>
136	143	João Marco Maciel da Silva + Rafael Manzo + Renan Teruo <jaodsilv@linux.ime.usp.br>
137	144	João M. M. da Silva + Alessandro Palmeira + Diego Araújo + Caio Salgado <jaodsilv@linux.ime.usp.br>
...	...	@@ -162,9 +169,11 @@ João M. M. Silva + Rafael Manzo <jaodsilv@linux.ime.usp.br>
162	169	João M. M. Silva + Renan Teruo <jaodsilv@linux.ime.usp.br>
163	170	Joenio Costa <joenio@colivre.coop.br>
164	171	Josef Spillner <josef.spillner@tu-dresden.de>
	172	+Junior Silva <junior@bajor.localhost.localdomain>
165	173	Junior Silva <juniorsilva1001@gmail.com>
166	174	Junior Silva <juniorsilva7@juniorsilva-Aspire-5750Z.(none)>
167	175	Junior Silva <juniorsilva@colivre.coop.br>
	176	+juniorsilva <juniorsilva@QonoS.localhost.localdomain>
168	177	Keilla Menezes <keilla@colivre.coop.br>
169	178	Larissa Reis <larissa@colivre.coop.br>
170	179	Larissa Reis <reiss.larissa@gmail.com>
...	...	@@ -175,7 +184,9 @@ Leandro Nunes dos Santos <leandro.santos@serpro.gov.br>
175	184	LinguÁgil 2010 <linguagil.bahia@gmail.com>
176	185	Lucas Melo <lucas@colivre.coop.br>
177	186	Lucas Melo <lucaspradomelo@gmail.com>
	187	+Luciano <lucianopcbr@gmail.com>
178	188	Luis David Aguilar Carlos <ludwig9003@gmail.com>
	189	+Luiz Fernando de Freitas Matos <luiz@luizff.matos@gmail.com>
179	190	Marcos Ramos <ms.ramos@outlook.com>
180	191	Martín Olivera <molivera@solar.org.ar>
181	192	Moises Machado <moises@colivre.coop.br>
...	...
1	1	source "https://rubygems.org"
	2	+gem 'rails'
	3	+gem 'fast_gettext'
	4	+gem 'acts-as-taggable-on'
	5	+gem 'prototype-rails'
	6	+gem 'prototype_legacy_helper', '0.0.0', :path => 'vendor/prototype_legacy_helper'
	7	+gem 'rails_autolink'
	8	+gem 'pg'
	9	+gem 'rmagick'
	10	+gem 'RedCloth'
	11	+gem 'will_paginate'
	12	+gem 'ruby-feedparser'
	13	+gem 'daemons'
	14	+gem 'thin'
	15	+gem 'hpricot'
	16	+gem 'nokogiri'
	17	+gem 'rake', :require => false
2	18
3		-gem 'exception_notification', '1.0.20090728'
4		-gem 'system_timer'
	19	+# FIXME list here all actual dependencies (i.e. the ones in debian/control),
	20	+# with their GEM names (not the Debian package names)
	21	+
	22	+group :production do
	23	+ gem 'dalli'
	24	+end
5	25
6	26	group :test do
7		- gem 'rspec', '1.2.9'
8		- gem 'rspec-rails', '1.2.9'
	27	+ gem 'rspec'
	28	+ gem 'rspec-rails'
	29	+ gem 'mocha', :require => false
9	30	end
10	31
11	32	group :cucumber do
12		- gem 'rake', '0.8.7'
13		- gem 'cucumber-rails', '0.3.2'
14		- gem 'capybara', '1.1.1'
15		- gem 'cucumber', '1.1.0'
	33	+ gem 'rake'
	34	+ gem 'cucumber-rails', :require => false
	35	+ gem 'capybara'
	36	+ gem 'cucumber'
16	37	gem 'database_cleaner'
	38	+ gem 'selenium-webdriver'
17	39	end
18	40
19		-def program(name)
20		- unless system("which #{name} > /dev/null")
21		- puts "W: Program #{name} is needed, but was not found in your PATH"
22		- end
	41	+# include plugin gemfiles
	42	+Dir.glob(File.join('config', 'plugins', '*')).each do \|plugin\|
	43	+ plugin_gemfile = File.join(plugin, 'Gemfile')
	44	+ eval File.read(plugin_gemfile) if File.exists?(plugin_gemfile)
23	45	end
24		-
25		-program 'java'
26		-program 'firefox'
...	...
	1	+PATH
	2	+ remote: vendor/prototype_legacy_helper
	3	+ specs:
	4	+ prototype_legacy_helper (0.0.0)
	5	+
1	6	GEM
2	7	remote: https://rubygems.org/
3	8	specs:
4		- builder (3.1.4)
5		- capybara (1.1.1)
	9	+ RedCloth (4.2.9)
	10	+ actionmailer (3.2.6)
	11	+ actionpack (= 3.2.6)
	12	+ mail (~> 2.4.4)
	13	+ actionpack (3.2.6)
	14	+ activemodel (= 3.2.6)
	15	+ activesupport (= 3.2.6)
	16	+ builder (~> 3.0.0)
	17	+ erubis (~> 2.7.0)
	18	+ journey (~> 1.0.1)
	19	+ rack (~> 1.4.0)
	20	+ rack-cache (~> 1.2)
	21	+ rack-test (~> 0.6.1)
	22	+ sprockets (~> 2.1.3)
	23	+ activemodel (3.2.6)
	24	+ activesupport (= 3.2.6)
	25	+ builder (~> 3.0.0)
	26	+ activerecord (3.2.6)
	27	+ activemodel (= 3.2.6)
	28	+ activesupport (= 3.2.6)
	29	+ arel (~> 3.0.2)
	30	+ tzinfo (~> 0.3.29)
	31	+ activeresource (3.2.6)
	32	+ activemodel (= 3.2.6)
	33	+ activesupport (= 3.2.6)
	34	+ activesupport (3.2.6)
	35	+ i18n (~> 0.6)
	36	+ multi_json (~> 1.0)
	37	+ acts-as-taggable-on (3.0.2)
	38	+ rails (>= 3, < 5)
	39	+ arel (3.0.2)
	40	+ builder (3.0.0)
	41	+ capybara (2.1.0)
6	42	mime-types (>= 1.16)
7	43	nokogiri (>= 1.3.3)
8	44	rack (>= 1.0.0)
9	45	rack-test (>= 0.5.4)
10		- selenium-webdriver (~> 2.0)
11		- xpath (~> 0.1.4)
12		- childprocess (0.3.6)
13		- ffi (~> 1.0, >= 1.0.6)
14		- cucumber (1.1.0)
	46	+ xpath (~> 2.0)
	47	+ childprocess (0.3.3)
	48	+ ffi (~> 1.0.6)
	49	+ cucumber (1.0.6)
15	50	builder (>= 2.1.2)
16	51	diff-lcs (>= 1.1.2)
17		- gherkin (~> 2.5.0)
	52	+ gherkin (~> 2.4.18)
18	53	json (>= 1.4.6)
19	54	term-ansicolor (>= 1.0.6)
20		- cucumber-rails (0.3.2)
21		- cucumber (>= 0.8.0)
22		- database_cleaner (0.9.1)
	55	+ cucumber-rails (1.0.6)
	56	+ capybara (>= 1.1.1)
	57	+ cucumber (>= 1.0.6)
	58	+ nokogiri (>= 1.5.0)
	59	+ daemons (1.1.5)
	60	+ dalli (2.7.0)
	61	+ database_cleaner (1.2.0)
23	62	diff-lcs (1.1.3)
24		- exception_notification (1.0.20090728)
25		- ffi (1.2.0)
26		- gherkin (2.5.4)
	63	+ erubis (2.7.0)
	64	+ eventmachine (0.12.11)
	65	+ fast_gettext (0.6.8)
	66	+ ffi (1.0.11)
	67	+ gherkin (2.4.21)
27	68	json (>= 1.4.6)
28		- json (1.7.5)
29		- libwebsocket (0.1.6.1)
30		- websocket
	69	+ hike (1.2.1)
	70	+ hpricot (0.8.6)
	71	+ i18n (0.6.0)
	72	+ journey (1.0.3)
	73	+ json (1.7.3)
	74	+ mail (2.4.4)
	75	+ i18n (>= 0.4.0)
	76	+ mime-types (~> 1.16)
	77	+ treetop (~> 1.4.8)
	78	+ metaclass (0.0.1)
31	79	mime-types (1.19)
32		- multi_json (1.3.7)
	80	+ mocha (0.11.3)
	81	+ metaclass (~> 0.0.1)
	82	+ multi_json (1.3.6)
33	83	nokogiri (1.5.5)
34		- rack (1.1.0)
35		- rack-test (0.6.2)
	84	+ pg (0.13.2)
	85	+ polyglot (0.3.3)
	86	+ prototype-rails (3.2.1)
	87	+ rails (~> 3.2)
	88	+ rack (1.4.1)
	89	+ rack-cache (1.2)
	90	+ rack (>= 0.4)
	91	+ rack-ssl (1.3.2)
	92	+ rack
	93	+ rack-test (0.6.1)
36	94	rack (>= 1.0)
37		- rake (0.8.7)
38		- rspec (1.2.9)
39		- rspec-rails (1.2.9)
40		- rack (>= 1.0.0)
41		- rspec (>= 1.2.9)
42		- rubyzip (0.9.9)
43		- selenium-webdriver (2.26.0)
	95	+ rails (3.2.6)
	96	+ actionmailer (= 3.2.6)
	97	+ actionpack (= 3.2.6)
	98	+ activerecord (= 3.2.6)
	99	+ activeresource (= 3.2.6)
	100	+ activesupport (= 3.2.6)
	101	+ bundler (~> 1.0)
	102	+ railties (= 3.2.6)
	103	+ rails_autolink (1.1.5)
	104	+ rails (> 3.1)
	105	+ railties (3.2.6)
	106	+ actionpack (= 3.2.6)
	107	+ activesupport (= 3.2.6)
	108	+ rack-ssl (~> 1.3.2)
	109	+ rake (>= 0.8.7)
	110	+ rdoc (~> 3.4)
	111	+ thor (>= 0.14.6, < 2.0)
	112	+ rake (0.9.2.2)
	113	+ rdoc (3.9.4)
	114	+ rmagick (2.13.1)
	115	+ rspec (2.10.0)
	116	+ rspec-core (~> 2.10.0)
	117	+ rspec-expectations (~> 2.10.0)
	118	+ rspec-mocks (~> 2.10.0)
	119	+ rspec-core (2.10.1)
	120	+ rspec-expectations (2.10.0)
	121	+ diff-lcs (~> 1.1.3)
	122	+ rspec-mocks (2.10.1)
	123	+ rspec-rails (2.10.1)
	124	+ actionpack (>= 3.0)
	125	+ activesupport (>= 3.0)
	126	+ railties (>= 3.0)
	127	+ rspec (~> 2.10.0)
	128	+ ruby-feedparser (0.7)
	129	+ rubyzip (1.1.2)
	130	+ selenium-webdriver (2.39.0)
44	131	childprocess (>= 0.2.5)
45		- libwebsocket (~> 0.1.3)
46	132	multi_json (~> 1.0)
47		- rubyzip
48		- system_timer (1.2.4)
	133	+ rubyzip (~> 1.0)
	134	+ websocket (~> 1.0.4)
	135	+ sprockets (2.1.3)
	136	+ hike (~> 1.2)
	137	+ multi_json (~> 1.0)
	138	+ rack (~> 1.0)
	139	+ tilt (~> 1.1, != 1.3.0)
49	140	term-ansicolor (1.0.7)
50		- websocket (1.0.4)
51		- xpath (0.1.4)
	141	+ thin (1.3.1)
	142	+ daemons (>= 1.0.9)
	143	+ eventmachine (>= 0.12.6)
	144	+ rack (>= 1.0.0)
	145	+ thor (0.15.3)
	146	+ tilt (1.3.3)
	147	+ treetop (1.4.10)
	148	+ polyglot
	149	+ polyglot (>= 0.3.1)
	150	+ tzinfo (0.3.33)
	151	+ websocket (1.0.7)
	152	+ will_paginate (3.0.3)
	153	+ xpath (2.0.0)
52	154	nokogiri (~> 1.3)
53	155
54	156	PLATFORMS
55	157	ruby
56	158
57	159	DEPENDENCIES
58		- capybara (= 1.1.1)
59		- cucumber (= 1.1.0)
60		- cucumber-rails (= 0.3.2)
	160	+ RedCloth
	161	+ acts-as-taggable-on
	162	+ capybara
	163	+ cucumber
	164	+ cucumber-rails
	165	+ daemons
	166	+ dalli
61	167	database_cleaner
62		- exception_notification (= 1.0.20090728)
63		- rake (= 0.8.7)
64		- rspec (= 1.2.9)
65		- rspec-rails (= 1.2.9)
66		- system_timer
	168	+ fast_gettext
	169	+ hpricot
	170	+ mocha
	171	+ nokogiri
	172	+ pg
	173	+ prototype-rails
	174	+ prototype_legacy_helper (= 0.0.0)!
	175	+ rails
	176	+ rails_autolink
	177	+ rake
	178	+ rmagick
	179	+ rspec
	180	+ rspec-rails
	181	+ ruby-feedparser
	182	+ selenium-webdriver
	183	+ thin
	184	+ will_paginate
...	...
...	...	@@ -110,7 +110,7 @@ Setup Noosfero log and tmp directories:
110	110	# cd /var/lib/noosfero/current
111	111	# ./etc/init.d/noosfero setup
112	112
113		-Now it's time to setup the database. In this example we are using PostgreSQL, so if you are planning to use a different database this steps won't apply.
	113	+Now it's time to setup the database. In this example we are using PostgreSQL, so if you are planning to use a different database this steps won't apply. Pay special attention to the default collation defined on your setup by the environment variable LC_COLLATE because it might interfere in some sorting operations on your database. For more information checkout `man locale`.
114	114
115	115	# apt-get install postgresql libpgsql-ruby
116	116	# su postgres -c 'createuser noosfero -S -d -R'
...	...
...	...	@@ -0,0 +1,41 @@
	1	+* ruby-get-text incmopatible with rails3. Maybe we can use it's gem
	2	+
	3	+* all js code is inside miscellaneous.js. Would be nice to refactor this
	4	+
	5	+* rails 2 uses prototype instead of jquery
	6	+
	7	+* config/environment.rb maybe still have some code that should be on the initializers
	8	+
	9	+* initializers session_store.rb inflections.rb... don't exist
	10	+
	11	+* rails gems version have to be forced on Gemfile or it will use incompatible pre3vious versions (3.1.3)
	12	+
	13	+* Sweepers are now natively supported on Rails 3. Would be nice to refactor it
	14	+
	15	+* On Rails 3 it is no more possible to add allowed tags to avoid scape. The html_safe initializer is an option.
	16	+
	17	+* error when call sqlite_extensiosn
	18	+
	19	+* error related to action_tracker
	20	+
	21	+* check FIXME's in script/quick-start
	22	+
	23	+* check FIXME's in Gemfile
	24	+
	25	+* Check the FIXME in config/routes.rb
	26	+
	27	+* rewrite conditional routing. See FIXME in lib/route_if.rb and re-implement using the Rails 3 mechanism - http://guides.rubyonrails.org/routing.html#advanced-constraints
	28	+
	29	+* check FIXME's in config/environment.rb
	30	+
	31	+* xss_terminate sucks. We should replace it with the builtin mechanism in Rails 3
	32	+
	33	+* instance_eval on Ruby 1.9 yields self, so lambdas that are passed to instance_eval and do not accept exactly 1 argument will blow up. See http://www.ruby-forum.com/topic/213313 ... search for instance_eval and fix where necessary. In special, most of the blocks still need fixing.
	34	+
	35	+* all instances of <% *_form_for ... %> must be changed to <%= instead of <%
	36	+
	37	+* all ActiveRecord models have to declare explicitly which attributes must be allowed for mass assignment with attr_accessible.
	38	+
	39	+* check if we need to update config/locales/*
	40	+
	41	+* check observe_field and labelled_form_for in app/helpers/application_helper.rb
...	...
	1	+[![Code Climate](https://codeclimate.com/github/Noosfero/noosfero.png)](https://codeclimate.com/github/Noosfero/noosfero)
	2	+
1	3	Noosfero - a web-based social platform
2	4	======================================
3	5
...	...	@@ -30,4 +32,4 @@ Authorship and copyright information is available in the files listed below.
30	32	-------------------- -----------------------------------------
31	33	AUTHORS.md list of authors (updated at each release)
32	34	COPYRIGHT Copyright statement for the project
33	35	- COPYING Full text of the project license
	36	+ COPYING Full text of the project license
34	37	\ No newline at end of file
...	...
	1	+#!/usr/bin/env rake
1	2	# Add your own tasks in files placed in lib/tasks ending in .rake,
2	3	# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
3	4
4		-require(File.join(File.dirname(__FILE__), 'config', 'boot'))
	5	+require File.expand_path('../config/application', __FILE__)
5	6
6		-require 'rake'
7		-require 'rake/testtask'
8		-require 'rake/rdoctask'
9		-
10		-# rails tasks
11		-require 'tasks/rails'
12		-
13		-# plugins' tasks
14		-plugins_tasks = Dir.glob("config/plugins//{tasks,lib/tasks,rails/tasks}//.rake").sort +
15		- Dir.glob("config/plugins//vendor/plugins//{tasks,lib/tasks,rails/tasks}/*/.rake").sort
16		-plugins_tasks.each{ \|ext\| load ext }
	7	+Noosfero::Application.load_tasks
...	...
...	...	@@ -0,0 +1,11 @@
	1	+# -- mode: ruby --
	2	+# vi: set ft=ruby :
	3	+
	4	+VAGRANTFILE_API_VERSION = "2"
	5	+Vagrant.configure(VAGRANTFILE_API_VERSION) do \|config\|
	6	+ config.vm.box = "debian-wheezy"
	7	+ config.vm.network :forwarded_port, host: 3000, guest: 3000
	8	+ config.vm.provision :shell do \|shell\|
	9	+ shell.inline = 'su vagrant -c /vagrant/script/vagrant'
	10	+ end
	11	+end
...	...
...	...	@@ -7,6 +7,7 @@ class AdminPanelController < AdminController
7	7	end
8	8
9	9	def site_info
	10	+ @no_design_blocks = true
10	11	if request.post?
11	12	if params[:environment][:languages]
12	13	params[:environment][:languages] = params[:environment][:languages].map {\|lang, value\| lang if value=='true'}.compact
...	...	@@ -42,7 +43,7 @@ class AdminPanelController < AdminController
42	43	end
43	44	redirect_to :action => 'set_portal_folders'
44	45	else
45		- session[:notice] = __('Community not found. You must insert the identifier of a community from this environment')
	46	+ session[:notice] = _('Community not found. You must insert the identifier of a community from this environment')
46	47	end
47	48	end
48	49	end
...	...
...	...	@@ -5,7 +5,7 @@ class EnvironmentDesignController < BoxOrganizerController
5	5	def available_blocks
6	6	# TODO EnvironmentStatisticsBlock is DEPRECATED and will be removed from
7	7	# the Noosfero core soon, see ActionItem3045
8		- @available_blocks \|\|= [ ArticleBlock, LoginBlock, EnvironmentStatisticsBlock, RecentDocumentsBlock, EnterprisesBlock, CommunitiesBlock, PeopleBlock, SellersSearchBlock, LinkListBlock, FeedReaderBlock, SlideshowBlock, HighlightsBlock, FeaturedProductsBlock, CategoriesBlock, RawHTMLBlock, TagsBlock ]
	8	+ @available_blocks \|\|= [ ArticleBlock, LoginBlock, EnvironmentStatisticsBlock, RecentDocumentsBlock, EnterprisesBlock, CommunitiesBlock, SellersSearchBlock, LinkListBlock, FeedReaderBlock, SlideshowBlock, HighlightsBlock, FeaturedProductsBlock, CategoriesBlock, RawHTMLBlock, TagsBlock ]
9	9	@available_blocks += plugins.dispatch(:extra_blocks, :type => Environment)
10	10	end
11	11
...	...