Merge branch 'master' into AI3268_template_management

Leandro Santos
2 parents d6f4caa4 a6aca8e1
Showing 298 changed files with 1235 additions and 403 deletions Show diff stats
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile/profile_design_controller.rb
app/helpers/application_helper.rb
app/helpers/article_helper.rb
app/helpers/boxes_helper.rb
app/helpers/content_viewer_helper.rb
app/helpers/layout_helper.rb
app/helpers/search_helper.rb
app/models/article.rb
app/models/block.rb
app/models/blog.rb
app/models/environment.rb
app/models/external_feed.rb
app/models/invitation.rb
app/models/person.rb
app/models/product.rb
app/views/box_organizer/edit.html.erb
app/views/cms/upload_files.html.erb
app/views/cms/view.html.erb
app/views/events/events.html.erb
@@ -174,6 +174,8 @@ class CmsController &lt; MyProfileController
  
   post_only :set_home_page
   def set_home_page
+    return render_access_denied unless user.can_change_homepage?
+
     article = params[:id].nil? ? nil : profile.articles.find(params[:id])
     profile.update_attribute(:home_page, article)
  
@@ -212,6 +214,7 @@ class CmsController &lt; MyProfileController
       if @errors.any?
         render :action => 'upload_files', :parent_id => @parent_id
       else
+        session[:notice] = _('File(s) successfully uploaded') 
         if @back_to
           redirect_to @back_to
         elsif @parent
@@ -3,7 +3,16 @@ class ProfileDesignController &lt; BoxOrganizerController
   needs_profile
  
   protect 'edit_profile_design', :profile
-  
+
+  before_filter :protect_fixed_block, :only => [:save, :move_block]
+
+  def protect_fixed_block
+    block = boxes_holder.blocks.find(params[:id].gsub(/^block-/, ''))
+    if block.fixed && !current_person.is_admin?
+      render_access_denied
+    end
+  end
+
   def available_blocks
     blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock, LinkListBlock, MyNetworkBlock, FeedReaderBlock, ProfileImageBlock, LocationBlock, SlideshowBlock, ProfileSearchBlock, HighlightsBlock ]
  
@@ -945,9 +945,9 @@ module ApplicationHelper
   # from Article model for an ArticleBlock.
   def reference_to_article(text, article, anchor=nil)
     if article.profile.domains.empty?
-      href = "/#{article.url[:profile]}/"
+      href = "#{Noosfero.root}/#{article.url[:profile]}/"
     else
-      href = "http://#{article.profile.domains.first.name}/"
+      href = "http://#{article.profile.domains.first.name}#{Noosfero.root}/"
     end
     href += article.url[:page].join('/')
     href += '#' + anchor if anchor
@@ -77,12 +77,59 @@ module ArticleHelper
       content_tag('div',
         radio_button(:article, :published, false) +
           content_tag('label', _('Private'), :for => 'article_published_false', :id => "label_private")
-       ) +
-      (article.profile.community? ? content_tag('div',
-        content_tag('label', _('Fill in the search field to add the exception users to see this content'), :id => "text-input-search-exception-users") +
-        token_input_field_tag(:q, 'search-article-privacy-exceptions', {:action => 'search_article_privacy_exceptions'},
-          {:focus => false, :hint_text => _('Type in a search term for a user'), :pre_populate => tokenized_children})) :
-          ''))
+      ) +
+      privacity_exceptions(article, tokenized_children)
+    )
+  end
+
+  def privacity_exceptions(article, tokenized_children)
+    content_tag('div',
+      content_tag('div',
+        (
+          if article.profile
+            add_option_to_followers(article, tokenized_children)
+          else
+            ''
+          end
+        )
+      ),
+      :style => "margin-left:10px"
+    )
+  end
+
+  def add_option_to_followers(article, tokenized_children)
+    label_message = article.profile.organization? ? _('For all community members') : _('For all your friends')
+
+    check_box(
+      :article,
+      :show_to_followers,
+      {:class => "custom_privacy_option"}
+    ) +
+    content_tag(
+      'label',
+      label_message,
+      :for => 'article_show_to_followers',
+      :id => 'label_show_to_followers'
+    ) +
+    (article.profile.community? ?
+      content_tag(
+        'div',
+        content_tag(
+          'label',
+          _('Fill in the search field to add the exception users to see this content'),
+          :id => "text-input-search-exception-users"
+        ) +
+        token_input_field_tag(
+          :q,
+          'search-article-privacy-exceptions',
+          {:action => 'search_article_privacy_exceptions'},
+          {
+            :focus => false,
+            :hint_text => _('Type in a search term for a user'),
+            :pre_populate => tokenized_children
+          }
+        )
+      ) : '')
   end
  
   def prepare_to_token_input(array)
@@ -170,49 +170,54 @@ module BoxesHelper
       else
         "before-block-#{block.id}"
       end
-
-    content_tag('div', '&nbsp;', :id => id, :class => 'block-target' ) + drop_receiving_element(id, :url => { :action => 'move_block', :target => id }, :accept => box.acceptable_blocks, :hoverclass => 'block-target-hover')
+    if block.nil? or modifiable?(block)
+      content_tag('div', '&nbsp;', :id => id, :class => 'block-target' ) + drop_receiving_element(id, :url => { :action => 'move_block', :target => id }, :accept => box.acceptable_blocks, :hoverclass => 'block-target-hover')
+    else
+      ""
+    end
   end
  
   # makes the given block draggable so it can be moved away.
   def block_handle(block)
-    draggable_element("block-#{block.id}", :revert => true)
+    modifiable?(block) ? draggable_element("block-#{block.id}", :revert => true) : ""
   end
  
   def block_edit_buttons(block)
     buttons = []
     nowhere = 'javascript: return false;'
  
-    if block.first?
-      buttons << icon_button('up-disabled', _("Can't move up anymore."), nowhere)
-    else
-      buttons << icon_button('up', _('Move block up'), { :action => 'move_block_up', :id => block.id }, { :method => 'post' })
-    end
+    if modifiable?(block)
+      if block.first?
+        buttons << icon_button('up-disabled', _("Can't move up anymore."), nowhere)
+      else
+        buttons << icon_button('up', _('Move block up'), { :action => 'move_block_up', :id => block.id }, { :method => 'post' })
+      end
  
-    if block.last?
-      buttons << icon_button('down-disabled', _("Can't move down anymore."), nowhere)
-    else
-      buttons << icon_button(:down, _('Move block down'), { :action => 'move_block_down' ,:id => block.id }, { :method => 'post'})
-    end
+      if block.last?
+        buttons << icon_button('down-disabled', _("Can't move down anymore."), nowhere)
+      else
+        buttons << icon_button(:down, _('Move block down'), { :action => 'move_block_down' ,:id => block.id }, { :method => 'post'})
+      end
  
-    holder = block.owner
-    # move to opposite side
-    # FIXME too much hardcoded stuff
-    if holder.layout_template == 'default'
-      if block.box.position == 2 # area 2, left side => move to right side
-        buttons << icon_button('right', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[2].id.to_s, :id => block.id }, :method => 'post' )
-      elsif block.box.position == 3 # area 3, right side => move to left side
-        buttons << icon_button('left', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[1].id.to_s, :id => block.id }, :method => 'post' )
+      holder = block.owner
+      # move to opposite side
+      # FIXME too much hardcoded stuff
+      if holder.layout_template == 'default'
+        if block.box.position == 2 # area 2, left side => move to right side
+          buttons << icon_button('right', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[2].id.to_s, :id => block.id }, :method => 'post' )
+        elsif block.box.position == 3 # area 3, right side => move to left side
+          buttons << icon_button('left', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[1].id.to_s, :id => block.id }, :method => 'post' )
+        end
       end
-    end
  
-    if block.editable?
-      buttons << colorbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
-    end
+      if block.editable?
+        buttons << colorbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
+      end
  
-    if !block.main?
-      buttons << icon_button(:delete, _('Remove block'), { :action => 'remove', :id => block.id }, { :method => 'post', :confirm => _('Are you sure you want to remove this block?')})
-      buttons << icon_button(:clone, _('Clone'), { :action => 'clone_block', :id => block.id }, { :method => 'post' })
+      if !block.main?
+        buttons << icon_button(:delete, _('Remove block'), { :action => 'remove', :id => block.id }, { :method => 'post', :confirm => _('Are you sure you want to remove this block?')})
+        buttons << icon_button(:clone, _('Clone'), { :action => 'clone_block', :id => block.id }, { :method => 'post' })
+      end
     end
  
     if block.respond_to?(:help)
@@ -248,5 +253,7 @@ module BoxesHelper
     classes
   end
  
-
+  def modifiable?(block)
+    return !block.fixed || environment.admins.include?(user)
+  end
 end
@@ -45,7 +45,7 @@ module ContentViewerHelper
         { article.environment.locales[translation.language] => { :href => url_for(translation.url) } }
       end
       content_tag(:div, link_to(_('Translations'), '#',
-                                :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{links.to_json}); return false",
+                                :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{CGI::escape_html(links.to_json)}); return false",
                                 :class => 'article-translations-menu simplemenu-trigger up'),
                   :class => 'article-translations')
     end
@@ -2,6 +2,7 @@ module LayoutHelper
  
   def body_classes
     # Identify the current controller and action for the CSS:
+    (logged_in? ? " logged-in" : "") +
     " controller-#{controller.controller_name}" +
     " action-#{controller.controller_name}-#{controller.action_name}" +
     " template-#{@layout_template || if profile.blank? then 'default' else profile.layout_template end}" +
@@ -21,6 +21,12 @@ module SearchHelper
     'more_comments' => _('More comments')
   }
  
+  COMMON_PROFILE_LIST_BLOCK = [
+    :enterprises,
+    :people,
+    :communities
+  ]
+
   # FIXME remove it after search_controler refactored
   include EventsHelper
  
@@ -94,7 +100,7 @@ module SearchHelper
       compact_link = display?(asset, :compact) ? (display == 'compact' ? _('Compact') : link_to(_('Compact'), params.merge(:display => 'compact'))) : nil
       map_link = display?(asset, :map) ? (display == 'map' ? _('Map') : link_to(_('Map'), params.merge(:display => 'map'))) : nil
       full_link = display?(asset, :full) ? (display == 'full' ? _('Full') : link_to(_('Full'), params.merge(:display => 'full'))) : nil
-      content_tag('div', 
+      content_tag('div',
         content_tag('strong', _('Display')) + ': ' + [compact_link, map_link, full_link].compact.join(' | ').html_safe,
         :class => 'search-customize-options'
       )
@@ -2,7 +2,14 @@ require &#39;hpricot&#39;
  
 class Article < ActiveRecord::Base
  
-  attr_accessible :name, :body, :abstract, :profile, :tag_list, :parent, :allow_members_to_edit, :translation_of_id, :language, :license_id, :parent_id, :display_posts_in_current_language, :category_ids, :posts_per_page, :moderate_comments, :accept_comments, :feed, :published, :source, :highlighted, :notify_comments, :display_hits, :slug, :external_feed_builder, :display_versions, :external_link, :image_builder
+  attr_accessible :name, :body, :abstract, :profile, :tag_list, :parent,
+                  :allow_members_to_edit, :translation_of_id, :language,
+                  :license_id, :parent_id, :display_posts_in_current_language,
+                  :category_ids, :posts_per_page, :moderate_comments,
+                  :accept_comments, :feed, :published, :source,
+                  :highlighted, :notify_comments, :display_hits, :slug,
+                  :external_feed_builder, :display_versions, :external_link,
+                  :image_builder, :show_to_followers
  
   acts_as_having_image
  
@@ -333,7 +340,7 @@ class Article &lt; ActiveRecord::Base
   def belongs_to_blog?
     self.parent and self.parent.blog?
   end
-  
+
   def belongs_to_forum?
     self.parent and self.parent.forum?
   end
@@ -445,6 +452,7 @@ class Article &lt; ActiveRecord::Base
       if self.parent && !self.parent.published?
         return false
       end
+
       true
     else
       false
@@ -476,14 +484,17 @@ class Article &lt; ActiveRecord::Base
     {:conditions => ["  articles.published = ? OR
                         articles.last_changed_by_id = ? OR
                         articles.profile_id = ? OR
-                        ?",
-                        true, user.id, user.id, user.has_permission?(:view_private_content, profile)] }
+                        ? OR  articles.show_to_followers = ? AND ?",
+                        true, user.id, user.id, user.has_permission?(:view_private_content, profile),
+                        true, user.follows?(profile)]}
   end
  
+
   def display_unpublished_article_to?(user)
     user == author || allow_view_private_content?(user) || user == profile ||
     user.is_admin?(profile.environment) || user.is_admin?(profile) ||
-    article_privacy_exceptions.include?(user)
+    article_privacy_exceptions.include?(user) ||
+    (self.show_to_followers && user.follows?(profile))
   end
  
   def display_to?(user = nil)
 class Block < ActiveRecord::Base
  
-  attr_accessible :title, :display, :limit, :box_id, :posts_per_page, :visualization_format, :language, :display_user, :box
+  attr_accessible :title, :display, :limit, :box_id, :posts_per_page, :visualization_format, :language, :display_user, :box, :fixed
  
   # to be able to generate HTML
   include ActionView::Helpers::UrlHelper
@@ -64,7 +64,7 @@ class Block &lt; ActiveRecord::Base
   end
  
   def display_to_user?(user)
-    display_user == 'all' || (user.nil? && display_user == 'not_logged') || (user && display_user == 'logged')
+    display_user == 'all' || (user.nil? && display_user == 'not_logged') || (user && display_user == 'logged') || (user && display_user == 'followers' && user.follows?(owner))
   end
  
   def display_always(context)
@@ -110,6 +110,9 @@ class Block &lt; ActiveRecord::Base
   # * <tt>'all'</tt>: the block is always displayed
   settings_items :language, :type => :string, :default => 'all'
  
+  # The block can be configured to be fixed. Only can be edited by environment admins
+  settings_items :fixed, :type => :boolean, :default => false
+
   # returns the description of the block, used when the user sees a list of
   # blocks to choose one to include in the design.
   #
@@ -221,6 +224,7 @@ class Block &lt; ActiveRecord::Base
       'all'            => _('All users'),
       'logged'         => _('Logged'),
       'not_logged'     => _('Not logged'),
+      'followers'      => owner.organization? ? _('Members') : _('Friends')
     }
   end
  
@@ -53,7 +53,7 @@ class Blog &lt; Folder
   def prepare_external_feed
     unless self.external_feed_data.nil?
       if self.external_feed(true) && self.external_feed.id == self.external_feed_data[:id].to_i
-        self.external_feed.attributes = self.external_feed_data
+        self.external_feed.attributes = self.external_feed_data.except(:id)
       else
         self.build_external_feed(self.external_feed_data, :without_protection => true)
       end
@@ -283,6 +283,7 @@ class Environment &lt; ActiveRecord::Base
     www.flickr.com
     www.gmodules.com
     www.youtube.com
+    openstreetmap.org
   ] + ('a' .. 'z').map{|i| "#{i}.yimg.com"}
  
   settings_items :enabled_plugins, :type => Array, :default => Noosfero::Plugin.available_plugin_names
@@ -10,7 +10,7 @@ class ExternalFeed &lt; ActiveRecord::Base
     { :conditions => ['(fetched_at is NULL) OR (fetched_at < ?)', Time.now - FeedUpdater.update_interval] }
   }
  
-  attr_accessible :address, :enabled
+  attr_accessible :address, :enabled, :only_once
  
   def add_item(title, link, date, content)
     return if content.blank?
@@ -65,18 +65,16 @@ class Invitation &lt; Task
  
       task_args = if user.nil?
         {:person => person, :friend_name => friend_name, :friend_email => friend_email, :message => message}
-      elsif !user.person.is_a_friend?(person)
+      else
         {:person => person, :target => user.person}
       end
  
-      if !task_args.nil?
-        if profile.person?
-          InviteFriend.create(task_args)
-        elsif profile.community?
-          InviteMember.create(task_args.merge(:community_id => profile.id))
-        else
-          raise NotImplementedError, 'Don\'t know how to invite people to a %s' % profile.class.to_s
-        end
+      if profile.person?
+        InviteFriend.create(task_args) if user.nil? || !user.person.is_a_friend?(person)
+      elsif profile.community?
+        InviteMember.create(task_args.merge(:community_id => profile.id)) if user.nil? || !user.person.is_member_of?(profile)
+      else
+        raise NotImplementedError, 'Don\'t know how to invite people to a %s' % profile.class.to_s
       end
     end
   end
@@ -80,6 +80,10 @@ roles] }
  
   belongs_to :user, :dependent => :delete
  
+  def can_change_homepage?
+    !environment.enabled?('cant_change_homepage') || is_admin?
+  end
+
   def can_control_scrap?(scrap)
     begin
       !self.scraps(scrap).nil?
@@ -11,7 +11,7 @@ class Product &lt; ActiveRecord::Base
  
   SEARCH_DISPLAYS = %w[map full]
  
-  attr_accessible :name, :product_category, :highlighted, :price, :enterprise, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs
+  attr_accessible :name, :product_category, :highlighted, :price, :enterprise, :image_builder, :description, :available, :qualifiers, :unit_id, :discount, :inputs, :qualifiers_list
  
   def self.default_search_display
     'full'
@@ -5,6 +5,12 @@
  
     <%= labelled_form_field(_('Custom title for this block: '), text_field(:block, :title, :maxlength => 20)) %>
  
+    <% if environment.admins.include?(user) %>
+      <div class="fixed_block">
+        <%= labelled_check_box(_("Fixed"), "block[fixed]", value = "1", checked = @block.fixed) %>
+      </div>
+    <% end %>
+
     <%= render :partial => partial_for_class(@block.class) %>
  
     <div class="display">
@@ -20,5 +20,10 @@
 <h5><%= _('Uploading files to %s') % content_tag('code', @target) %></h5>
  
 <%= form_for('uploaded_file', :url => { :action => 'upload_files' }, :html => {:multipart => true}) do |f| %>
+
+  <%= @plugins.dispatch(:upload_files_extra_fields, params[:parent_id]).collect { |content| instance_exec(&content) }.join("") %>
+
   <%= render :partial => 'upload_file_form', :locals => { :size => '45'} %>
-<% end %>
+
+<% end %> 
+
@@ -2,7 +2,7 @@
   <%= _('Content management') %>
 </h1>
  
-<% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+<% if user.can_change_homepage? && !remove_content_button(:home) %>
   <div class="cms-homepage">
     <%= _('Profile homepage:') %>
     <% if profile.home_page %>
@@ -69,7 +69,7 @@
         <%= expirable_button article, :edit, _('Edit'), {:action => 'edit', :id => article.id} if !remove_content_button(:edit) %>
         <%= button_without_text :eyes, _('Public view'), article.view_url %>
         <%= display_spread_button(profile, article) unless article.folder? || remove_content_button(:spread)%>
-        <% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+        <% if user.can_change_homepage? && !remove_content_button(:home) %>
           <% if profile.home_page != article %>
             <%= expirable_button article, :home, _('Use as homepage'), { :action => 'set_home_page', :id => article.id }, :method => :post %>
           <% else %>
@@ -3,7 +3,7 @@
 <div id='agenda-toolbar'>
   <%= button :back, _('Back to %s') % profile.name, profile.url %>
   <% if user && user.has_permission?('post_content', profile) %>
-    <%= button :new, _('New event'), myprofile_url(:controller => 'cms', :action => 'new', :type => 'Event') %>
+    <%= button :new, _('New event'), myprofile_path(:controller => 'cms', :action => 'new', :type => 'Event') %>
   <% end %>
 </div>
  
@@ -47,7 +47,7 @@
     <%= button_to_function(
       :add,
       _('Add new qualifier'),
-      "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(select_qualifiers(@product))}', '#{escape_javascript(remove_qualifier_button)}')"
+      "new_qualifier_row('#product-qualifiers-list', '#{escape_javascript(CGI::escape_html(select_qualifiers(@product)))}', '#{escape_javascript(CGI::escape_html(remove_qualifier_button))}')"
     ) %>
     <%= hidden_field_tag "product[qualifiers_list][nil]" %>
   <% end %>
@@ -14,7 +14,7 @@
  
         <% display = display_filter(name, params[:display]) %>
  
-        <div class="search-results-innerbox search-results-type-<%= name.to_s.singularize %> <%= 'common-profile-list-block' if [:enterprises, :people, :communities].include?(name) %>">
+        <div class="search-results-innerbox search-results-type-<%= name.to_s.singularize %> <%= 'common-profile-list-block' if SearchHelper::COMMON_PROFILE_LIST_BLOCK.include?(name) %>">
           <ul>
             <% search[:results].each do |hit| %>
               <% partial = partial_for_class(hit.class, display) %>
@@ -0,0 +1,9 @@
+class AddShowToFollowersForArticle < ActiveRecord::Migration
+  def up
+    add_column :articles, :show_to_followers, :boolean, :default => false
+  end
+
+  def down
+    remove_column :articles, :show_to_followers
+  end
+end
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
  
-ActiveRecord::Schema.define(:version => 20140827191326) do
+ActiveRecord::Schema.define(:version => 20150113131617) do
  
   create_table "abuse_reports", :force => true do |t|
     t.integer  "reporter_id"
@@ -149,6 +149,7 @@ ActiveRecord::Schema.define(:version =&gt; 20140827191326) do
     t.integer  "spam_comments_count",  :default => 0
     t.integer  "author_id"
     t.integer  "created_by_id"
+    t.boolean  "show_to_followers",    :default => false
   end
  
   add_index "articles", ["comments_count"], :name => "index_articles_on_comments_count"
@@ -47,6 +47,28 @@ Feature: edit article
     Then I should see "Access denied"
  
   @selenium
+  Scenario: Hide token field when show to members is activated
+    Given the following communities
+      | name           | identifier    | owner     |
+      | Free Software  | freesoftware  | joaosilva |
+    And the following users
+      | login | name        |
+      | mario | Mario Souto |
+      | maria | Maria Silva |
+    And "Mario Souto" is a member of "Free Software"
+    And "Maria Silva" is a member of "Free Software"
+    And I am on freesoftware's control panel
+    And I follow "Manage Content"
+    And I should see "New content"
+    And I follow "New content"
+    And I should see "Folder"
+    When I follow "Folder"
+    And I fill in "Title" with "My Folder"
+    And I choose "article_published_false"
+    And I check "article_show_to_followers"
+    Then I should not see "Fill in the search"
+
+  @selenium
   Scenario: show exception users field when you choose the private option
     Given the following communities
       | name           | identifier    | owner     |
@@ -417,6 +417,12 @@ class Noosfero::Plugin
     nil
   end
  
+  # -> Adds adicional fields to a view
+  # returns = proc block that creates html code
+  def upload_files_extra_fields(article)
+    nil
+  end
+  
   # -> Adds fields to the signup form
   # returns = proc that creates html code
   def signup_extra_contents
@@ -0,0 +1,38 @@
+class WorkAssignmentPluginMyprofileController < MyProfileController
+
+helper ArticleHelper
+helper CmsHelper
+
+before_filter :protect_if, :only => [:edit_visibility]
+
+def edit_visibility
+  unless params[:article_id].blank?
+    folder = profile.environment.articles.find_by_id(params[:article_id])
+    @back_to = url_for(folder.parent.url)
+    unless params[:article].blank?
+      folder.published = params[:article][:published]
+      unless params[:q].nil?
+        folder.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}
+      end
+      folder.save!
+      redirect_to @back_to
+    end    
+  end
+ end
+
+  def search_article_privacy_exceptions
+    arg = params[:q].downcase
+    result = profile.members.find(:all, :conditions => ['LOWER(name) LIKE ?', "%#{arg}%"])
+    render :text => prepare_to_token_input(result).to_json
+  end
+
+  protected
+
+  def protect_if
+    article = environment.articles.find_by_id(params[:article_id])
+    render_access_denied unless (user && !article.nil? && (user.is_member_of? article.profile) &&
+    article.parent.allow_visibility_edition && article.folder? &&
+    (article.author == user || user.has_permission?('view_private_content', profile)))
+  end
+
+end
@@ -0,0 +1,20 @@
+require_dependency 'article'
+
+class Article
+  before_validation :work_assignment_save_into_author_folder
+  after_validation :work_assignment_change_visibility
+
+  def work_assignment_save_into_author_folder
+    if not self.is_a? Folder and self.parent.kind_of? WorkAssignmentPlugin::WorkAssignment
+      author_folder = self.parent.find_or_create_author_folder(self.author)
+      self.name = WorkAssignmentPlugin::WorkAssignment.versioned_name(self, author_folder)
+      self.parent = author_folder
+    end
+  end
+
+  def work_assignment_change_visibility
+    if self.parent && self.parent.parent && self.parent.parent.kind_of?(WorkAssignmentPlugin::WorkAssignment)
+      self.published = self.parent.published
+    end
+  end
+end
 \ No newline at end of file
@@ -0,0 +1,13 @@
+require_dependency 'article'
+require_dependency 'folder'
+
+class Folder < Article
+  after_save do |folder|
+    if folder.parent.kind_of?(WorkAssignmentPlugin::WorkAssignment)
+      folder.children.each do |c|
+        c.published = folder.published
+        c.article_privacy_exceptions = folder.article_privacy_exceptions
+      end
+    end
+  end
+end
@@ -1,12 +0,0 @@
-require_dependency 'article'
-require_dependency 'uploaded_file'
-
-class UploadedFile < Article
-  before_validation do |uploaded_file|
-    if uploaded_file.parent.kind_of?(WorkAssignmentPlugin::WorkAssignment)
-      author_folder = uploaded_file.parent.find_or_create_author_folder(uploaded_file.author)
-      uploaded_file.name = WorkAssignmentPlugin::WorkAssignment.versioned_name(uploaded_file, author_folder)
-      uploaded_file.parent = author_folder
-    end
-  end
-end
@@ -9,8 +9,8 @@ class WorkAssignmentPlugin &lt; Noosfero::Plugin
   end
  
   def self.can_download_submission?(user, submission)
-    work_assignment = submission.parent.parent
-    work_assignment.publish_submissions || (user && (submission.author == user || user.has_permission?('view_private_content', work_assignment.profile)))
+      submission.published? || (user && (submission.author == user || user.has_permission?('view_private_content', submission.profile) ||
+      submission.display_unpublished_article_to?(user)))
   end
  
   def self.is_submission?(content)
@@ -37,7 +37,7 @@ class WorkAssignmentPlugin &lt; Noosfero::Plugin
  
   def content_viewer_controller_filters
     block = proc do
-      path = params[:page]
+      path = get_path(params[:page], params[:format])
       content = profile.articles.find_by_path(path)
  
       if WorkAssignmentPlugin.is_submission?(content) && !WorkAssignmentPlugin.can_download_submission?(user, content)
@@ -51,4 +51,34 @@ class WorkAssignmentPlugin &lt; Noosfero::Plugin
       :block => block }
   end
  
+  def cms_controller_filters
+    block = proc do
+      if request.post? && params[:uploaded_files]
+        email_notification = params[:article_email_notification]
+        unless !email_notification || email_notification.empty?
+          email_contact = WorkAssignmentPlugin::EmailContact.new(:subject => @parent.name, :receiver => email_notification, :sender => user)
+          WorkAssignmentPlugin::EmailContact::EmailSender.build_mail_message(email_contact, @uploaded_files)
+          if email_contact.deliver
+            session[:notice] = _('Notification successfully sent')
+          else
+            session[:notice] = _('Notification not sent')
+          end
+        end
+      end
+    end
+
+    { :type => 'after_filter',
+      :method_name => 'send_email_after_upload_file',
+      :options => {:only => 'upload_files'},
+      :block => block }
+  end
+
+  def upload_files_extra_fields(article)
+    proc do
+      @article = Article.find_by_id(article)
+      if params[:parent_id] && !@article.nil? && @article.type == "WorkAssignmentPlugin::WorkAssignment"
+        render :partial => 'notify_text_field',  :locals => { :size => '45'}
+      end
+    end
+  end
 end
@@ -0,0 +1,64 @@
+class WorkAssignmentPlugin::EmailContact
+
+  include ActiveModel::Validations
+
+  def initialize(attributes = nil)
+    if attributes
+      attributes.each do |attr,value|
+        self.send("#{attr}=", value)
+      end
+    end
+  end
+
+  attr_accessor :name
+  attr_accessor :subject
+  attr_accessor :message
+  attr_accessor :email
+  attr_accessor :receive_a_copy
+  attr_accessor :sender
+  attr_accessor :receiver
+
+  N_('Subject'); N_('Message'); N_('e-Mail'); N_('Name')
+
+  validates_presence_of :receiver, :subject, :message, :sender
+  validates_format_of :receiver, :with => Noosfero::Constants::EMAIL_FORMAT, :if => (lambda {|o| !o.email.blank?})
+
+  def deliver
+    return false unless self.valid?
+    WorkAssignmentPlugin::EmailContact::EmailSender.notification(self).deliver
+  end
+
+  class EmailSender < ActionMailer::Base
+
+    def notification(email_contact)
+      name = email_contact.sender.name
+      email = email_contact.sender.email
+      message = email_contact.message
+      target = email_contact.receiver
+
+      options = {
+        content_type: 'text/html',
+        to: target,
+        reply_to: email,
+        subject: email_contact.subject,
+        body: message,
+        from: "#{email_contact.sender.environment.name} <#{email_contact.sender.environment.contact_email}>",
+      }
+
+      mail(options)
+    end
+
+    def build_mail_message(email_contact, uploaded_files)
+      message = ""
+      if uploaded_files && uploaded_files.first && uploaded_files.first.parent && uploaded_files.first.parent.parent
+        article = uploaded_files.first.parent.parent
+        message = article.default_email + "<br>"
+        uploaded_files.each do |file|
+          url = url_for(file.url)
+          message += "<br><a href='#{url}'>#{url}</a>"
+        end
+      end
+      email_contact.message = message
+    end
+  end
+end
 module WorkAssignmentPlugin::Helper
+  include CmsHelper
+  
   def display_submissions(work_assignment, user)
     return if work_assignment.submissions.empty?
     content_tag('table',
@@ -6,6 +8,7 @@ module WorkAssignmentPlugin::Helper
         content_tag('th', c_('Author'), :style => 'width: 50%') +
         content_tag('th', _('Submission date')) +
         content_tag('th', _('Versions'), :style => 'text-align: center') +
+        content_tag('th', '') +
         content_tag('th', '')
       ).html_safe +
       work_assignment.children.map {|author_folder| display_author_folder(author_folder, user)}.join("\n").html_safe
@@ -18,7 +21,8 @@ module WorkAssignmentPlugin::Helper
       content_tag('td', link_to_last_submission(author_folder, user)) +
       content_tag('td', time_format(author_folder.children.last.created_at)) +
       content_tag('td', author_folder.children.count, :style => 'text-align: center') +
-      content_tag('td', content_tag('button', _('View all versions'), :class => 'view-author-versions', 'data-folder-id' => author_folder.id))
+      content_tag('td', content_tag('button', _('View all versions'), :class => 'view-author-versions', 'data-folder-id' => author_folder.id)) +
+      content_tag('td', display_privacy_button(author_folder, user))
     ).html_safe +
     author_folder.children.map {|submission| display_submission(submission, user)}.join("\n").html_safe
   end
@@ -26,7 +30,13 @@ module WorkAssignmentPlugin::Helper
   def display_submission(submission, user)
     content_tag('tr',
       content_tag('td', link_to_submission(submission, user)) +
-      content_tag('td', time_format(submission.created_at), :colspan => 3),
+      content_tag('td', time_format(submission.created_at))+
+      content_tag('td', '') +
+      content_tag('td', 
+        if submission.parent.parent.allow_post_content?(user)
+          display_delete_button(submission)
+        end
+      ),
       :class => "submission-from-#{submission.parent.id}",
       :style => 'display: none'
     )
@@ -40,7 +50,6 @@ module WorkAssignmentPlugin::Helper
     end
   end
  
-
   def link_to_last_submission(author_folder, user)
     if WorkAssignmentPlugin.can_download_submission?(user, author_folder.children.last)
       link_to(author_folder.name, author_folder.children.last.url)
@@ -48,6 +57,7 @@ module WorkAssignmentPlugin::Helper
       author_folder.name
     end
   end
+
   # FIXME Copied from custom-froms. Consider passing it to core...
   def time_format(time)
     minutes = (time.min == 0) ? '' : ':%M'
@@ -56,4 +66,28 @@ module WorkAssignmentPlugin::Helper
     time.strftime("%Y-%m-%d#{hour+minutes+h}")
   end
  
+  def display_delete_button(article)
+    expirable_button article, :delete, _('Delete'), 
+    {:controller =>'cms', :action => 'destroy', :id => article.id },
+    :method => :post, :confirm => delete_article_message(article)
+  end
+
+  def display_privacy_button(author_folder, user)
+    folder = environment.articles.find_by_id(author_folder.id)
+    work_assignment = folder.parent
+    @back_to = url_for(work_assignment.url)
+
+    if(user && work_assignment.allow_visibility_edition &&
+      ((author_folder.author_id == user.id && (user.is_member_of? profile)) ||
+      user.has_permission?('view_private_content', profile)))
+
+      @tokenized_children = prepare_to_token_input(
+                            profile.members.includes(:articles_with_access).find_all{ |m|
+                              m.articles_with_access.include?(folder)
+                            })
+      button :edit, _('Edit'), { :controller => 'work_assignment_plugin_myprofile',
+      :action => 'edit_visibility', :article_id => folder.id,
+      :tokenized_children => @tokenized_children, :back_to => @back_to}, :method => :post
+    end
+  end
 end
 class WorkAssignmentPlugin::WorkAssignment < Folder
  
   settings_items :publish_submissions, :type => :boolean, :default => false
+  settings_items :default_email, :type => :string, :default => ""
+  settings_items :allow_visibility_edition, :type => :boolean, :default => false
  
   attr_accessible :publish_submissions
-
+  attr_accessible :default_email
+  attr_accessible :allow_visibility_edition
+  
   def self.icon_name(article = nil)
     'work-assignment'
   end
@@ -29,13 +33,22 @@ class WorkAssignmentPlugin::WorkAssignment &lt; Folder
   end
  
   def to_html(options = {})
-    proc do
+    lambda do
       render :file => 'content_viewer/work_assignment.html.erb'
     end
   end
  
   def find_or_create_author_folder(author)
-    children.find_by_slug(author.name.to_slug) || Folder.create!(:name => author.name, :parent => self, :profile => profile)
+    children.find_by_slug(author.name.to_slug) || Folder.create!(
+                                                                {
+                                                                  :name => author.name,
+                                                                  :parent => self,
+                                                                  :profile => profile,
+                                                                  :author => author,
+                                                                  :published => publish_submissions,
+                                                                }, 
+                                                                :without_protection => true
+                                                  )
   end
  
   def submissions
@@ -45,6 +58,5 @@ class WorkAssignmentPlugin::WorkAssignment &lt; Folder
   def cache_key_with_person(params = {}, user = nil, language = 'en')
     cache_key_without_person + (user && profile.members.include?(user) ? "-#{user.identifier}" : '')
   end
-  alias_method_chain :cache_key, :person
-
+  alias_method_chain :cache_key, :person  
 end
-require 'test_helper'
+require File.expand_path(File.dirname(__FILE__) + "/../../../../test/test_helper")
 require 'cms_controller'
  
 # Re-raise errors caught by the controller.
@@ -12,33 +12,67 @@ class CmsControllerTest &lt; ActionController::TestCase
     @response   = ActionController::TestResponse.new
     @person = create_user('test_user').person
     login_as :test_user
+    e = Environment.default
+    e.enabled_plugins = ['WorkAssignmentPlugin']
+    e.save!
+    @organization = fast_create(Organization) #
   end
  
-  attr_accessor :person
-
   should 'not allow non-members to upload submissions on work_assignment' do
-    organization = fast_create(Organization)
-    work_assignment = WorkAssignmentPlugin::WorkAssignment.create!(:name => 'Work Assignment', :profile => organization)
-
-    get :upload_files, :profile => organization.identifier, :parent_id => work_assignment.id
+    work_assignment = create_work_assignment('Work Assignment', @organization, nil, nil)
+    get :upload_files, :profile => @organization.identifier, :parent_id => work_assignment.id
     assert_response :forbidden
     assert_template 'access_denied'
+  end
  
-    organization.add_member(person)
-
-    get :upload_files, :profile => organization.identifier, :parent_id => work_assignment.id
+  should 'allow members to upload submissions on work_assignment' do
+    @organization.add_member(@person)
+    # then he trys to upload new stuff
+    work_assignment = create_work_assignment('Work Assignment', @organization, nil, nil)
+    get :upload_files, :profile => @organization.identifier, :parent_id => work_assignment.id
     assert_response :success
   end
  
+  should 'redirect to Work Assignment view page after upload submission' do
+    @organization.add_member(@person)
+    work_assignment = create_work_assignment('Work Assignment', @organization, nil, nil)
+    post :upload_files, :profile => @organization.identifier, :parent_id => work_assignment.id, :uploaded_files => [fixture_file_upload('/files/test.txt', 'text/plain')] , :back_to => @work_assignment.url
+    assert_redirected_to work_assignment.url
+  end
+
   should 'upload submission and automatically move it to the author folder' do
-    organization = fast_create(Organization)
-    work_assignment = WorkAssignmentPlugin::WorkAssignment.create!(:name => 'Work Assignment', :profile => organization)
-    organization.add_member(person)
-    post :upload_files, :profile => organization.identifier, :parent_id => work_assignment.id, :uploaded_files => [fixture_file_upload('/files/test.txt', 'text/plain')]
+    work_assignment = create_work_assignment('Work Assignment', @organization, nil, nil)
+    @organization.add_member(@person)
+    post :upload_files, :profile => @organization.identifier, :parent_id => work_assignment.id, :uploaded_files => [fixture_file_upload('/files/test.txt', 'text/plain')]
+    submission = UploadedFile.last
+    assert_equal work_assignment.find_or_create_author_folder(@person), submission.parent
+  end
+
+  should 'work_assignment attribute allow_visibility_edition is true when set a new work_assignment' do
+    work_assignment = create_work_assignment('Work Assignment', @organization, nil, true)
+    @organization.add_member(@person)
+    assert_equal true, work_assignment.allow_visibility_edition
+  end
  
+  should 'a submission and parent attribute "published" be equal to Work Assignment attribute publish submissions' do
+    @organization.add_member(@person)
+    work_assignment = create_work_assignment('Work Assignment', @organization, true, nil)
+    assert_equal true, work_assignment.publish_submissions
+    post :upload_files, :profile => @organization.identifier, :parent_id => work_assignment.id, :uploaded_files => [fixture_file_upload('/files/test.txt', 'text/plain')]
     submission = UploadedFile.last
-    assert_equal work_assignment.find_or_create_author_folder(person), submission.parent
+    assert_equal work_assignment.publish_submissions, submission.published
+    assert_equal work_assignment.publish_submissions, submission.parent.published
+
+    other_work_assignment = create_work_assignment('Other Work Assigment', @organization, false, nil)
+    assert_equal false, other_work_assignment.publish_submissions
+    post :upload_files, :profile => @organization.identifier, :parent_id => other_work_assignment.id, :uploaded_files => [fixture_file_upload('/files/test.txt', 'text/plain')]
+    submission = UploadedFile.last
+    assert_equal other_work_assignment.publish_submissions, submission.published
+    assert_equal other_work_assignment.publish_submissions, submission.parent.published
   end
  
+  private
+    def create_work_assignment(name = nil, profile = nil, publish_submissions = nil, allow_visibility_edition = nil)
+      @work_assignment = WorkAssignmentPlugin::WorkAssignment.create!(:name => name, :profile => profile, :publish_submissions => publish_submissions, :allow_visibility_edition => allow_visibility_edition)
+    end
 end
-
-require 'test_helper'
+require File.expand_path(File.dirname(__FILE__) + "/../../../../test/test_helper")
 require 'content_viewer_controller'
  
 # Re-raise errors caught by the controller.
@@ -15,6 +15,7 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
     @organization = fast_create(Organization)
     @work_assignment = WorkAssignmentPlugin::WorkAssignment.create!(:name => 'Work Assignment', :profile => @organization)
     @person = create_user('test_user').person
+    @organization.add_member(@person)
     @environment = @organization.environment
     @environment.enable_plugin(WorkAssignmentPlugin)
     @environment.save!
@@ -23,19 +24,17 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
   attr_reader :organization, :person, :profile, :work_assignment
  
   should 'can download work_assignment' do
-    random_member = fast_create(Person)
-    organization.add_member(random_member)
-    folder = work_assignment.find_or_create_author_folder(random_member)
+    folder = work_assignment.find_or_create_author_folder(@person)
     submission = UploadedFile.create!(:uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'), :profile => organization, :parent => folder)
     WorkAssignmentPlugin.stubs(:can_download_submission?).returns(false)
  
-    get :view_page, :profile => organization.identifier, :page => submission.path
+    get :view_page, :profile => @organization.identifier, :page => submission.path
     assert_response :forbidden
     assert_template 'access_denied'
  
     WorkAssignmentPlugin.stubs(:can_download_submission?).returns(true)
  
-    get :view_page, :profile => organization.identifier, :page => submission.path
+    get :view_page, :profile => @organization.identifier, :page => submission.path
     assert_response :success
   end
  
@@ -0,0 +1,191 @@
+require File.expand_path(File.dirname(__FILE__) + "/../../../../test/test_helper")
+require 'work_assignment_plugin_myprofile_controller'
+
+# Re-raise errors caught by the controller.
+class WorkAssignmentPluginMyprofileController; def rescue_action(e) raise e end; end
+
+class WorkAssignmentPluginMyprofileControllerTest < ActionController::TestCase
+
+  def setup
+    @controller = WorkAssignmentPluginMyprofileController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+    @person = create_user('test_user').person
+    login_as :test_user
+    e = Environment.default
+    e.enabled_plugins = ['WorkAssignmentPlugin']
+    e.save!
+    @organization = fast_create(Organization) #
+  end
+
+  should 'submission edit visibility deny access to users and admin when Work Assignment allow_visibility_edition is false' do
+    @organization.add_member(@person)
+    ##### Testing with normal user
+    work_assignment = create_work_assignment('Work Assignment', @organization, nil, false)
+    work_assignment.save!
+    assert_equal false, work_assignment.allow_visibility_edition
+    parent = work_assignment.find_or_create_author_folder(@person)
+    UploadedFile.create(
+            {
+              :uploaded_data => fixture_file_upload('/files/test.txt', 'text/plain'),
+              :profile => @organization,
+              :parent => parent,
+              :last_changed_by => @person,
+              :author => @person,
+            },
+            :without_protection => true
+          )
+    submission = UploadedFile.find_by_filename("test.txt")
+    assert_equal false, submission.published
+    assert_equal false, submission.parent.published
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id
+    assert_template 'access_denied'
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id, :article => { :published => true }
+    assert_template 'access_denied'
+
+    submission.reload
+    assert_equal false, submission.published
+    assert_equal false, submission.parent.published
+
+    #### Even with admin user
+    e = Environment.default
+    assert_equal false, @person.is_admin?
+    e.add_admin(@person)
+    e.save!
+    assert_equal true, @person.is_admin?
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id
+    assert_template 'access_denied'
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id, :article => { :published => true }
+    assert_template 'access_denied'
+
+    submission.reload
+    assert_equal false, submission.published
+  end
+
+  should 'redirect an unlogged user to the login page if he tryes to access the edit visibility page and work_assignment allow_visibility_edition is true' do
+    @organization.add_member(@person)
+    work_assignment = create_work_assignment('Work Assignment', @organization, nil, true)
+    assert_equal true, work_assignment.allow_visibility_edition
+    work_assignment.save!
+    parent = work_assignment.find_or_create_author_folder(@person)
+    UploadedFile.create(
+            {
+              :uploaded_data => fixture_file_upload('/files/test.txt', 'text/plain'),
+              :profile => @organization,
+              :parent => parent,
+              :last_changed_by => @person,
+              :author => @person,
+            },
+            :without_protection => true
+          )
+    logout
+    submission = UploadedFile.find_by_filename("test.txt")
+    assert_equal false, submission.parent.published
+    assert_equal false, submission.published
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id
+    assert_redirected_to '/account/login'
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id, :article => { :published => true }
+    assert_redirected_to '/account/login'
+    submission.reload
+    assert_equal false, submission.parent.published
+    assert_equal false, submission.published
+  end
+
+  should 'submission edit_visibility deny access to not owner when WorkAssignment edit_visibility is true' do
+    @organization.add_member(@person) # current_user is a member
+    work_assignment = create_work_assignment('Another Work Assignment', @organization, nil, true)
+    parent = work_assignment.find_or_create_author_folder(@person)
+    UploadedFile.create(
+            {
+              :uploaded_data => fixture_file_upload('/files/test.txt', 'text/plain'),
+              :profile => @organization,
+              :parent => parent,
+              :last_changed_by => @person,
+              :author => @person,
+            },
+            :without_protection => true
+          )
+    logout
+
+
+    other_person = create_user('other_user').person
+    @organization.add_member(other_person)
+    login_as :other_user
+
+    @organization.add_member(other_person)
+    submission = UploadedFile.find_by_filename("test.txt")
+    assert_equal(submission.author, @person)
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id
+    assert_template 'access_denied'
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id, :article => { :published => true }
+    assert_template 'access_denied'
+
+    submission.reload
+    assert_equal false, submission.parent.published
+    assert_equal false, submission.published
+  end
+
+  should 'submission white list give permission to an user that has been added' do
+    other_person = create_user('other_user').person
+    @organization.add_member(@person)
+    @organization.add_member(other_person)
+    work_assignment = create_work_assignment('Another Work Assignment', @organization, false,  true)
+    parent = work_assignment.find_or_create_author_folder(@person)
+    UploadedFile.create(
+            {
+              :uploaded_data => fixture_file_upload('/files/test.txt', 'text/plain'),
+              :profile => @organization,
+              :parent => parent,
+              :last_changed_by => @person,
+              :author => @person,
+            },
+            :without_protection => true
+          )
+    submission = UploadedFile.find_by_filename("test.txt")
+    assert_equal false, submission.article_privacy_exceptions.include?(other_person)
+    post :edit_visibility, :profile => @organization.identifier, :article_id  => parent.id, :article => { :published => false }, :q => other_person.id
+    submission.reload
+    assert_equal true, submission.parent.article_privacy_exceptions.include?(other_person)
+    assert_equal true, submission.article_privacy_exceptions.include?(other_person)
+  end
+
+  should 'submission edit_visibility deny access to owner if not organization member' do
+    @organization.add_member(@person) # current_user is a member
+    work_assignment = create_work_assignment('Work Assignment', @organization, nil, true)
+    parent = work_assignment.find_or_create_author_folder(@person)
+    UploadedFile.create(
+            {
+              :uploaded_data => fixture_file_upload('/files/test.txt', 'text/plain'),
+              :profile => @organization,
+              :parent => parent,
+              :last_changed_by => @person,
+              :author => @person,
+            },
+            :without_protection => true
+          )
+    @organization.remove_member(@person)
+    submission = UploadedFile.find_by_filename("test.txt")
+
+    assert_equal false, (@person.is_member_of? submission.profile)
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id
+    assert_template 'access_denied'
+
+    post :edit_visibility, :profile => @organization.identifier, :article_id => parent.id, :article => { :published => true }
+    assert_template 'access_denied'
+
+    submission.reload
+    assert_equal false, submission.parent.published
+    assert_equal false, submission.published
+  end
+
+  private
+    def create_work_assignment(name = nil, profile = nil, publish_submissions = nil, allow_visibility_edition = nil)
+      @work_assignment = WorkAssignmentPlugin::WorkAssignment.create!(:name => name, :profile => profile, :publish_submissions => publish_submissions, :allow_visibility_edition => allow_visibility_edition)
+    end
+end
-require "test_helper"
+require File.expand_path(File.dirname(__FILE__) + "/../../../../../test/test_helper")
  
 class WorkAssignmentTest < ActiveSupport::TestCase
   should 'find or create sub-folder based on author identifier' do
-require 'test_helper'
+require File.expand_path(File.dirname(__FILE__) + "/../../../../test/test_helper")
  
 class WorkAssignmentPluginTest < ActiveSupport::TestCase
   should 'verify if a content is a work_assignment submission' do
     organization = fast_create(Organization)
-    content = create(UploadedFile, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'), :profile => organization, :author => fast_create(Person))
+    folder = fast_create(Folder)
+    person = fast_create(Person)
+    content = UploadedFile.create(
+            {
+              :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'),
+              :profile => organization,
+              :parent => folder,
+              :last_changed_by => person,
+              :author => person,
+            },
+            :without_protection => true
+          )
     assert !WorkAssignmentPlugin.is_submission?(content)
  
     work_assignment = WorkAssignmentPlugin::WorkAssignment.create!(:name => 'Work Assignment', :profile => organization)
@@ -22,7 +33,9 @@ class WorkAssignmentPluginTest &lt; ActiveSupport::TestCase
     work_assignment = submission.parent.parent
     work_assignment.publish_submissions = true
     work_assignment.save!
-    assert WorkAssignmentPlugin.can_download_submission?(nil, submission)
+
+    other_submission = create_submission(nil, work_assignment)
+    assert WorkAssignmentPlugin.can_download_submission?(nil, other_submission)
   end
  
   should 'be able to download submission if the user is author of it' do
@@ -45,12 +58,21 @@ class WorkAssignmentPluginTest &lt; ActiveSupport::TestCase
  
   private
  
-  def create_submission(author=nil)
+  def create_submission(author=nil, work_assignment=nil)
     author ||= fast_create(Person)
     organization = fast_create(Organization)
-
-    work_assignment = WorkAssignmentPlugin::WorkAssignment.create!(:name => 'Work Assignment', :profile => organization)
+    organization.add_member(author)
+    work_assignment ||= WorkAssignmentPlugin::WorkAssignment.create!(:name => 'Work Assignment', :profile => organization)
     author_folder = work_assignment.find_or_create_author_folder(author)
-    create(UploadedFile, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'), :profile => organization, :parent => author_folder, :author => author, :last_changed_by => author)
+    content = UploadedFile.create(
+            {
+              :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'),
+              :profile => organization,
+              :parent => author_folder,
+              :last_changed_by => author,
+              :author => author,
+            },
+            :without_protection => true
+          )
   end
 end
@@ -0,0 +1,3 @@
+<h5><%= _('If you want to notify someone about this action, fill the field below with the emails of the destinies, separated by comma.') %></h5>
+
+<%= labelled_text_field(_('Send notification to: '), 'article_email_notification', user.email, :style => 'width: 60%;') %>
 <%= render :partial => 'folder', :locals => {:f => f} %>
  
-<%= labelled_check_box(_('Publish submissions'), 'article[publish_submissions]', true, @article.publish_submissions) %>
+<%= labelled_form_field(_('Default email message:'), text_area(:article, :default_email, :rows => 3, :cols => 64)) %>
+
+<%=labelled_check_box(_('Publish submissions'), 'article[publish_submissions]', true, @article.publish_submissions) %>
+
+<%=labelled_check_box(_('Allow users change submissions privacy?'), 'article[allow_visibility_edition]', true, @article.allow_visibility_edition) %>
@@ -0,0 +1,24 @@
+<div class="select-visibility-options">
+
+<%= labelled_form_for 'article', :html => { :multipart => true, :class => @type } do |f| %>
+
+  <% @article = environment.articles.find_by_id((params[:article_id]))%>
+
+  <% @tokenized_children = params[:tokenized_children]%>
+
+  <%= hidden_field_tag('article_id', @article.id) %>
+
+  <div id='edit-article-options'>
+    <%= visibility_options(@article, @tokenized_children) %>
+  </div>
+
+  <% button_bar do %>
+    <%= submit_button :save, _('Save') %>
+    <%= button :cancel, _('Cancel'), @back_to %>
+  <% end %>
+<% end %>
+</div>
+
+<br style='clear: both'/>
+
+<%= javascript_include_tag "article.js" %>
@@ -136,7 +136,7 @@ jQuery(function($) {
       if (data.length && data.length > 0) {
         $('#media-search-results').slideDown();
       }
-    $('#media-search-box .header').toggleClass('icon-loading');
+      $('#media-search-box .header').toggleClass('icon-loading');
     });
     return false;
   });
@@ -144,20 +144,20 @@ jQuery(function($) {
   $('#media-upload-form form').ajaxForm({
     resetForm: true,
     beforeSubmit:
-      function() {
-        $('#media-upload-form').slideUp();
-        $('#media-upload-box .header').toggleClass('icon-loading');
-      },
+    function() {
+      $('#media-upload-form').slideUp();
+      $('#media-upload-box .header').toggleClass('icon-loading');
+    },
     success:
-      function(text) {
-        text = text.replace('<pre>', '').replace('</pre>', ''); // old firefox
-        var data = $.parseJSON(text);
-        list_items(data, '#media-upload-results .items', true);
-        if (data.length && data.length > 0) {
-          $('#media-upload-results').slideDown();
-        }
-        $('#media-upload-box .header').toggleClass('icon-loading');
+    function(text) {
+      text = text.replace('<pre>', '').replace('</pre>', ''); // old firefox
+      var data = $.parseJSON(text);
+      list_items(data, '#media-upload-results .items', true);
+      if (data.length && data.length > 0) {
+        $('#media-upload-results').slideDown();
       }
+      $('#media-upload-box .header').toggleClass('icon-loading');
+    }
   });
  
   $('#media-upload-more-files').click(function() {
@@ -166,19 +166,45 @@ jQuery(function($) {
     return false;
   });
  
+  function is_public_article() {
+    return $("#article_published_true").attr('checked');
+  }
+
+  function show_hide_privacy_options() {
+    var show_privacy_options = $("#article_published_false").attr('checked');
+    var custom_privacy_option = $(".custom_privacy_option").parent("div");
+
+    if( show_privacy_options ) {
+      custom_privacy_option.show();
+    } else {
+      custom_privacy_option.hide();
+    }
+    show_hide_token_input();
+  }
+
   function show_hide_token_input() {
-    if($("#article_published_false").attr('checked'))
-      $("#text-input-search-exception-users").parent("div").css('display', 'block');
-    else
-      $("#text-input-search-exception-users").parent("div").css('display', 'none');
+    var display_token =  $(".custom_privacy_option:checked").length == 0;
+    var token_field = $("#text-input-search-exception-users").parent("div");
+
+    if( display_token && !is_public_article() ) {
+      token_field.css('display', 'block');
+    } else {
+      token_field.css('display', 'none');
+    }
   }
  
   if( $("#token-input-search-article-privacy-exceptions").length == 1 ) {
+    show_hide_privacy_options();
     show_hide_token_input();
-
-    //Hide / Show the text area
-    $("#article_published_false").click(show_hide_token_input);
-    $("#article_published_true").click(show_hide_token_input);
   }
  
+  $(document).ready(function(){
+    show_hide_privacy_options();
+  });
+
+  //Hide / Show the text area
+  $("#article_published_false").click(show_hide_privacy_options);
+  $("#article_published_true").click(show_hide_privacy_options);
+  $(".custom_privacy_option").click(show_hide_token_input);
+
 });
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'account_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'admin_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'admin_panel_controller'
  
 # Re-raise errors caught by the controller.
 # encoding: UTF-8
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'test_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'catalog_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'categories_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
  
 class ChatControllerTest < ActionController::TestCase
  
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'cms_controller'
  
 # Re-raise errors caught by the controller.
@@ -101,12 +101,26 @@ class CmsControllerTest &lt; ActionController::TestCase
     assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
   end
  
+  should 'display the profile homepage if logged user is an environment admin' do
+    env = Environment.default; env.enable('cant_change_homepage'); env.save!
+    env.add_admin(profile)
+    get :index, :profile => profile.identifier
+    assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
+  end
+
   should 'not display the profile homepage if cannot change homepage' do
     env = Environment.default; env.enable('cant_change_homepage')
     get :index, :profile => profile.identifier
     assert_no_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
   end
  
+  should 'not allow profile homepage changes if cannot change homepage' do
+    env = Environment.default; env.enable('cant_change_homepage')
+    a = profile.articles.create!(:name => 'my new home page')
+    post :set_home_page, :profile => profile.identifier, :id => a.id
+    assert_response 403
+  end
+
   should 'be able to set home page' do
     a = profile.articles.build(:name => 'my new home page')
     a.save!
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'comment_controller'
  
 # Re-raise errors caught by the controller.
 # encoding: UTF-8
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'contact_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'content_viewer_controller'
  
 # Re-raise errors caught by the controller.
@@ -661,8 +661,8 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
     get :view_page, :profile => owner.identifier, :page => folder.path
     assert_response :success
     assert_select '.image-gallery-item', 0
-  end   
-  
+  end
+
  
   should 'display default image in the slideshow if thumbnails were not processed' do
     @controller.stubs(:per_page).returns(1)
@@ -1296,14 +1296,14 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
       def comment_form_extra_contents(args)
         proc {
           hidden_field_tag('comment[some_field_id]', 1)
-         }
+        }
       end
     end
     class Plugin2 < Noosfero::Plugin
       def comment_form_extra_contents(args)
         proc {
           hidden_field_tag('comment[another_field_id]', 1)
-         }
+        }
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.name, Plugin2.name])
@@ -1373,20 +1373,20 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
     get :view_page, :profile => profile.identifier, :page => [blog.path]
     assert_tag :tag => 'strong', :content => /bold/
   end
-  
+
   should 'add extra content on article header from plugins' do
     class Plugin1 < Noosfero::Plugin
       def article_header_extra_contents(args)
         proc {
           content_tag('div', '', :class => 'plugin1')
-         }
+        }
       end
     end
     class Plugin2 < Noosfero::Plugin
       def article_header_extra_contents(args)
         proc {
           content_tag('div', '', :class => 'plugin2')
-         }
+        }
       end
     end
     Noosfero::Plugin.stubs(:all).returns([Plugin1.name, Plugin2.name])
@@ -1447,4 +1447,35 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
     assert_tag :tag => 'meta', :attributes => { :property => 'og:image', :content => /\/images\/x.png/  }
   end
  
+  should 'manage  private article visualization' do
+    community = Community.create(:name => 'test-community')
+    community.add_member(@profile)
+    community.save!
+
+    blog = community.articles.find_by_name("Blog")
+
+    article = TinyMceArticle.create(:name => 'Article to be shared with images',
+                                    :body => 'This article should be shared with all social networks',
+                                    :profile => @profile,
+                                    :published => false,
+                                    :show_to_followers => true)
+    article.parent = blog
+    article.save!
+
+    otheruser = create_user('otheruser').person
+    community.add_member(otheruser)
+    login_as(otheruser.identifier)
+
+    get :view_page, :profile => community.identifier, "page" => 'blog'
+
+    assert_response :success
+    assert_tag :tag => 'h1', :attributes => { :class => /title/ }, :content => article.name
+
+    article.show_to_followers = false
+    article.save!
+
+    get :view_page, :profile => community.identifier, "page" => 'blog'
+
+    assert_no_tag :tag => 'h1', :attributes => { :class => /title/ }, :content => article.name
+  end
 end
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
  
 class DocControllerTest < ActionController::TestCase
  
 # FIXME: this tests must me moved into design plugin
  
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'edit_template_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
  
 class EmbedControllerTest < ActionController::TestCase
  
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'enterprise_registration_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'enterprise_validation_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'environment_design_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'environment_role_manager_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
  
 class EnvironmentThemesController; def rescue_action(e) raise e end; end
  
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
  
 class EventsControllerTest < ActionController::TestCase
  
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'favorite_enterprises_controller'
  
 class FavoriteEnterprisesController; def rescue_action(e) raise e end; end
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'features_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'friends_controller'
  
 class FriendsController; def rescue_action(e) raise e end; end
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'home_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
  
 class InviteControllerTest < ActionController::TestCase
  
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'licenses_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
  
 class MailconfControllerTest < ActionController::TestCase
  
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'manage_products_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'map_balloon_controller'
  
  
 # encoding: UTF-8
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'maps_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'memberships_controller'
  
  
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'my_profile_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
  
 class PluginAdminController
   def index
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'plugins_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'profile_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'profile_design_controller'
  
 class ProfileDesignController; def rescue_action(e) raise e end; end
@@ -737,4 +737,22 @@ class ProfileDesignControllerTest &lt; ActionController::TestCase
     end
   end
  
+  test 'should forbid POST to save for fixed blocks' do
+    block = profile.blocks.last
+    block.fixed = true
+    block.save!
+
+    post :save, id: block.id, profile: profile.identifier
+    assert_response :forbidden
+  end
+
+  test 'should forbid POST to move_block for fixed blocks' do
+    block = profile.blocks.last
+    block.fixed = true
+    block.save!
+
+    post :move_block, id: block.id, profile: profile.identifier, target: "end-of-box-#{@box3.id}"
+    assert_response :forbidden
+  end
+
 end
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'profile_editor_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'profile_members_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'profile_search_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 # require 'profile_themes_controller'
  
 class ProfileThemesController; def rescue_action(e) raise e end; end
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'public_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'region_validators_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'role_controller'
  
 # Re-raise errors caught by the controller.
 # encoding: UTF-8
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'search_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
  
 class SpamControllerTest < ActionController::TestCase
  
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'system_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'tasks_controller'
  
 class TasksController; def rescue_action(e) raise e end; end
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'templates_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'trusted_sites_controller'
  
 # Re-raise errors caught by the controller.
-require File.dirname(__FILE__) + '/../test_helper'
+require_relative "../test_helper"
 require 'users_controller'
  
 # Re-raise errors caught by the controller.
-require "#{File.dirname(__FILE__)}/../test_helper"
+require_relative "../test_helper"
  
 class ApproveRejectEnterpriseTest < ActionController::IntegrationTest
   all_fixtures
-require "#{File.dirname(__FILE__)}/../test_helper"
+require_relative "../test_helper"
  
 class AssetsMenuTest < ActionController::IntegrationTest
  
-require "#{File.dirname(__FILE__)}/../test_helper"
+require_relative "../test_helper"
  
 class AssigningValidatorOrganizationsToRegionsTest < ActionController::IntegrationTest
  
-require "#{File.dirname(__FILE__)}/../test_helper"
+require_relative "../test_helper"
  
 class BlocksTest < ActionController::IntegrationTest
   def blog_on_article_block_bootstrap
-require "#{File.dirname(__FILE__)}/../test_helper"
+require_relative "../test_helper"
  
 class CategoriesMenuTest < ActionController::IntegrationTest
  
-require "#{File.dirname(__FILE__)}/../test_helper"
+require_relative "../test_helper"
  
 class ControllerNamingTest < ActionController::IntegrationTest
  
-require "#{File.dirname(__FILE__)}/../test_helper"
+require_relative "../test_helper"
  
 class EditingPersonInfoTest < ActionController::IntegrationTest
...	...	@@ -174,6 +174,8 @@ class CmsController < MyProfileController
174	174
175	175	post_only :set_home_page
176	176	def set_home_page
	177	+ return render_access_denied unless user.can_change_homepage?
	178	+
177	179	article = params[:id].nil? ? nil : profile.articles.find(params[:id])
178	180	profile.update_attribute(:home_page, article)
179	181
...	...	@@ -212,6 +214,7 @@ class CmsController < MyProfileController
212	214	if @errors.any?
213	215	render :action => 'upload_files', :parent_id => @parent_id
214	216	else
	217	+ session[:notice] = _('File(s) successfully uploaded')
215	218	if @back_to
216	219	redirect_to @back_to
217	220	elsif @parent
...	...
...	...	@@ -3,7 +3,16 @@ class ProfileDesignController < BoxOrganizerController
3	3	needs_profile
4	4
5	5	protect 'edit_profile_design', :profile
6		-
	6	+
	7	+ before_filter :protect_fixed_block, :only => [:save, :move_block]
	8	+
	9	+ def protect_fixed_block
	10	+ block = boxes_holder.blocks.find(params[:id].gsub(/^block-/, ''))
	11	+ if block.fixed && !current_person.is_admin?
	12	+ render_access_denied
	13	+ end
	14	+ end
	15	+
7	16	def available_blocks
8	17	blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock, LinkListBlock, MyNetworkBlock, FeedReaderBlock, ProfileImageBlock, LocationBlock, SlideshowBlock, ProfileSearchBlock, HighlightsBlock ]
9	18
...	...
...	...	@@ -945,9 +945,9 @@ module ApplicationHelper
945	945	# from Article model for an ArticleBlock.
946	946	def reference_to_article(text, article, anchor=nil)
947	947	if article.profile.domains.empty?
948		- href = "/#{article.url[:profile]}/"
	948	+ href = "#{Noosfero.root}/#{article.url[:profile]}/"
949	949	else
950		- href = "http://#{article.profile.domains.first.name}/"
	950	+ href = "http://#{article.profile.domains.first.name}#{Noosfero.root}/"
951	951	end
952	952	href += article.url[:page].join('/')
953	953	href += '#' + anchor if anchor
...	...
...	...	@@ -77,12 +77,59 @@ module ArticleHelper
77	77	content_tag('div',
78	78	radio_button(:article, :published, false) +
79	79	content_tag('label', _('Private'), :for => 'article_published_false', :id => "label_private")
80		- ) +
81		- (article.profile.community? ? content_tag('div',
82		- content_tag('label', _('Fill in the search field to add the exception users to see this content'), :id => "text-input-search-exception-users") +
83		- token_input_field_tag(:q, 'search-article-privacy-exceptions', {:action => 'search_article_privacy_exceptions'},
84		- {:focus => false, :hint_text => _('Type in a search term for a user'), :pre_populate => tokenized_children})) :
85		- ''))
	80	+ ) +
	81	+ privacity_exceptions(article, tokenized_children)
	82	+ )
	83	+ end
	84	+
	85	+ def privacity_exceptions(article, tokenized_children)
	86	+ content_tag('div',
	87	+ content_tag('div',
	88	+ (
	89	+ if article.profile
	90	+ add_option_to_followers(article, tokenized_children)
	91	+ else
	92	+ ''
	93	+ end
	94	+ )
	95	+ ),
	96	+ :style => "margin-left:10px"
	97	+ )
	98	+ end
	99	+
	100	+ def add_option_to_followers(article, tokenized_children)
	101	+ label_message = article.profile.organization? ? _('For all community members') : _('For all your friends')
	102	+
	103	+ check_box(
	104	+ :article,
	105	+ :show_to_followers,
	106	+ {:class => "custom_privacy_option"}
	107	+ ) +
	108	+ content_tag(
	109	+ 'label',
	110	+ label_message,
	111	+ :for => 'article_show_to_followers',
	112	+ :id => 'label_show_to_followers'
	113	+ ) +
	114	+ (article.profile.community? ?
	115	+ content_tag(
	116	+ 'div',
	117	+ content_tag(
	118	+ 'label',
	119	+ _('Fill in the search field to add the exception users to see this content'),
	120	+ :id => "text-input-search-exception-users"
	121	+ ) +
	122	+ token_input_field_tag(
	123	+ :q,
	124	+ 'search-article-privacy-exceptions',
	125	+ {:action => 'search_article_privacy_exceptions'},
	126	+ {
	127	+ :focus => false,
	128	+ :hint_text => _('Type in a search term for a user'),
	129	+ :pre_populate => tokenized_children
	130	+ }
	131	+ )
	132	+ ) : '')
86	133	end
87	134
88	135	def prepare_to_token_input(array)
...	...
...	...	@@ -170,49 +170,54 @@ module BoxesHelper
170	170	else
171	171	"before-block-#{block.id}"
172	172	end
173		-
174		- content_tag('div', ' ', :id => id, :class => 'block-target' ) + drop_receiving_element(id, :url => { :action => 'move_block', :target => id }, :accept => box.acceptable_blocks, :hoverclass => 'block-target-hover')
	173	+ if block.nil? or modifiable?(block)
	174	+ content_tag('div', ' ', :id => id, :class => 'block-target' ) + drop_receiving_element(id, :url => { :action => 'move_block', :target => id }, :accept => box.acceptable_blocks, :hoverclass => 'block-target-hover')
	175	+ else
	176	+ ""
	177	+ end
175	178	end
176	179
177	180	# makes the given block draggable so it can be moved away.
178	181	def block_handle(block)
179		- draggable_element("block-#{block.id}", :revert => true)
	182	+ modifiable?(block) ? draggable_element("block-#{block.id}", :revert => true) : ""
180	183	end
181	184
182	185	def block_edit_buttons(block)
183	186	buttons = []
184	187	nowhere = 'javascript: return false;'
185	188
186		- if block.first?
187		- buttons << icon_button('up-disabled', _("Can't move up anymore."), nowhere)
188		- else
189		- buttons << icon_button('up', _('Move block up'), { :action => 'move_block_up', :id => block.id }, { :method => 'post' })
190		- end
	189	+ if modifiable?(block)
	190	+ if block.first?
	191	+ buttons << icon_button('up-disabled', _("Can't move up anymore."), nowhere)
	192	+ else
	193	+ buttons << icon_button('up', _('Move block up'), { :action => 'move_block_up', :id => block.id }, { :method => 'post' })
	194	+ end
191	195
192		- if block.last?
193		- buttons << icon_button('down-disabled', _("Can't move down anymore."), nowhere)
194		- else
195		- buttons << icon_button(:down, _('Move block down'), { :action => 'move_block_down' ,:id => block.id }, { :method => 'post'})
196		- end
	196	+ if block.last?
	197	+ buttons << icon_button('down-disabled', _("Can't move down anymore."), nowhere)
	198	+ else
	199	+ buttons << icon_button(:down, _('Move block down'), { :action => 'move_block_down' ,:id => block.id }, { :method => 'post'})
	200	+ end
197	201
198		- holder = block.owner
199		- # move to opposite side
200		- # FIXME too much hardcoded stuff
201		- if holder.layout_template == 'default'
202		- if block.box.position == 2 # area 2, left side => move to right side
203		- buttons << icon_button('right', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[2].id.to_s, :id => block.id }, :method => 'post' )
204		- elsif block.box.position == 3 # area 3, right side => move to left side
205		- buttons << icon_button('left', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[1].id.to_s, :id => block.id }, :method => 'post' )
	202	+ holder = block.owner
	203	+ # move to opposite side
	204	+ # FIXME too much hardcoded stuff
	205	+ if holder.layout_template == 'default'
	206	+ if block.box.position == 2 # area 2, left side => move to right side
	207	+ buttons << icon_button('right', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[2].id.to_s, :id => block.id }, :method => 'post' )
	208	+ elsif block.box.position == 3 # area 3, right side => move to left side
	209	+ buttons << icon_button('left', _('Move to the opposite side'), { :action => 'move_block', :target => 'end-of-box-' + holder.boxes[1].id.to_s, :id => block.id }, :method => 'post' )
	210	+ end
206	211	end
207		- end
208	212
209		- if block.editable?
210		- buttons << colorbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
211		- end
	213	+ if block.editable?
	214	+ buttons << colorbox_icon_button(:edit, _('Edit'), { :action => 'edit', :id => block.id })
	215	+ end
212	216
213		- if !block.main?
214		- buttons << icon_button(:delete, _('Remove block'), { :action => 'remove', :id => block.id }, { :method => 'post', :confirm => _('Are you sure you want to remove this block?')})
215		- buttons << icon_button(:clone, _('Clone'), { :action => 'clone_block', :id => block.id }, { :method => 'post' })
	217	+ if !block.main?
	218	+ buttons << icon_button(:delete, _('Remove block'), { :action => 'remove', :id => block.id }, { :method => 'post', :confirm => _('Are you sure you want to remove this block?')})
	219	+ buttons << icon_button(:clone, _('Clone'), { :action => 'clone_block', :id => block.id }, { :method => 'post' })
	220	+ end
216	221	end
217	222
218	223	if block.respond_to?(:help)
...	...	@@ -248,5 +253,7 @@ module BoxesHelper
248	253	classes
249	254	end
250	255
251		-
	256	+ def modifiable?(block)
	257	+ return !block.fixed \|\| environment.admins.include?(user)
	258	+ end
252	259	end
...	...
...	...	@@ -45,7 +45,7 @@ module ContentViewerHelper
45	45	{ article.environment.locales[translation.language] => { :href => url_for(translation.url) } }
46	46	end
47	47	content_tag(:div, link_to(_('Translations'), '#',
48		- :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{links.to_json}); return false",
	48	+ :onmouseover => "toggleSubmenu(this, '#{_('Translations')}', #{CGI::escape_html(links.to_json)}); return false",
49	49	:class => 'article-translations-menu simplemenu-trigger up'),
50	50	:class => 'article-translations')
51	51	end
...	...
...	...	@@ -2,6 +2,7 @@ module LayoutHelper
2	2
3	3	def body_classes
4	4	# Identify the current controller and action for the CSS:
	5	+ (logged_in? ? " logged-in" : "") +
5	6	" controller-#{controller.controller_name}" +
6	7	" action-#{controller.controller_name}-#{controller.action_name}" +
7	8	" template-#{@layout_template \|\| if profile.blank? then 'default' else profile.layout_template end}" +
...	...
...	...	@@ -21,6 +21,12 @@ module SearchHelper
21	21	'more_comments' => _('More comments')
22	22	}
23	23
	24	+ COMMON_PROFILE_LIST_BLOCK = [
	25	+ :enterprises,
	26	+ :people,
	27	+ :communities
	28	+ ]
	29	+
24	30	# FIXME remove it after search_controler refactored
25	31	include EventsHelper
26	32
...	...	@@ -94,7 +100,7 @@ module SearchHelper
94	100	compact_link = display?(asset, :compact) ? (display == 'compact' ? _('Compact') : link_to(_('Compact'), params.merge(:display => 'compact'))) : nil
95	101	map_link = display?(asset, :map) ? (display == 'map' ? _('Map') : link_to(_('Map'), params.merge(:display => 'map'))) : nil
96	102	full_link = display?(asset, :full) ? (display == 'full' ? _('Full') : link_to(_('Full'), params.merge(:display => 'full'))) : nil
97		- content_tag('div',
	103	+ content_tag('div',
98	104	content_tag('strong', _('Display')) + ': ' + [compact_link, map_link, full_link].compact.join(' \| ').html_safe,
99	105	:class => 'search-customize-options'
100	106	)
...	...
...	...	@@ -2,7 +2,14 @@ require 'hpricot'
2	2
3	3	class Article < ActiveRecord::Base
4	4
5		- attr_accessible :name, :body, :abstract, :profile, :tag_list, :parent, :allow_members_to_edit, :translation_of_id, :language, :license_id, :parent_id, :display_posts_in_current_language, :category_ids, :posts_per_page, :moderate_comments, :accept_comments, :feed, :published, :source, :highlighted, :notify_comments, :display_hits, :slug, :external_feed_builder, :display_versions, :external_link, :image_builder
	5	+ attr_accessible :name, :body, :abstract, :profile, :tag_list, :parent,
	6	+ :allow_members_to_edit, :translation_of_id, :language,
	7	+ :license_id, :parent_id, :display_posts_in_current_language,
	8	+ :category_ids, :posts_per_page, :moderate_comments,
	9	+ :accept_comments, :feed, :published, :source,
	10	+ :highlighted, :notify_comments, :display_hits, :slug,
	11	+ :external_feed_builder, :display_versions, :external_link,
	12	+ :image_builder, :show_to_followers
6	13
7	14	acts_as_having_image
8	15
...	...	@@ -333,7 +340,7 @@ class Article < ActiveRecord::Base
333	340	def belongs_to_blog?
334	341	self.parent and self.parent.blog?
335	342	end
336		-
	343	+
337	344	def belongs_to_forum?
338	345	self.parent and self.parent.forum?
339	346	end
...	...	@@ -445,6 +452,7 @@ class Article < ActiveRecord::Base
445	452	if self.parent && !self.parent.published?
446	453	return false
447	454	end
	455	+
448	456	true
449	457	else
450	458	false
...	...	@@ -476,14 +484,17 @@ class Article < ActiveRecord::Base
476	484	{:conditions => [" articles.published = ? OR
477	485	articles.last_changed_by_id = ? OR
478	486	articles.profile_id = ? OR
479		- ?",
480		- true, user.id, user.id, user.has_permission?(:view_private_content, profile)] }
	487	+ ? OR articles.show_to_followers = ? AND ?",
	488	+ true, user.id, user.id, user.has_permission?(:view_private_content, profile),
	489	+ true, user.follows?(profile)]}
481	490	end
482	491
	492	+
483	493	def display_unpublished_article_to?(user)
484	494	user == author \|\| allow_view_private_content?(user) \|\| user == profile \|\|
485	495	user.is_admin?(profile.environment) \|\| user.is_admin?(profile) \|\|
486		- article_privacy_exceptions.include?(user)
	496	+ article_privacy_exceptions.include?(user) \|\|
	497	+ (self.show_to_followers && user.follows?(profile))
487	498	end
488	499
489	500	def display_to?(user = nil)
...	...
1	1	class Block < ActiveRecord::Base
2	2
3		- attr_accessible :title, :display, :limit, :box_id, :posts_per_page, :visualization_format, :language, :display_user, :box
	3	+ attr_accessible :title, :display, :limit, :box_id, :posts_per_page, :visualization_format, :language, :display_user, :box, :fixed
4	4
5	5	# to be able to generate HTML
6	6	include ActionView::Helpers::UrlHelper
...	...	@@ -64,7 +64,7 @@ class Block < ActiveRecord::Base
64	64	end
65	65
66	66	def display_to_user?(user)
67		- display_user == 'all' \|\| (user.nil? && display_user == 'not_logged') \|\| (user && display_user == 'logged')
	67	+ display_user == 'all' \|\| (user.nil? && display_user == 'not_logged') \|\| (user && display_user == 'logged') \|\| (user && display_user == 'followers' && user.follows?(owner))
68	68	end
69	69
70	70	def display_always(context)
...	...	@@ -110,6 +110,9 @@ class Block < ActiveRecord::Base
110	110	# * <tt>'all'</tt>: the block is always displayed
111	111	settings_items :language, :type => :string, :default => 'all'
112	112
	113	+ # The block can be configured to be fixed. Only can be edited by environment admins
	114	+ settings_items :fixed, :type => :boolean, :default => false
	115	+
113	116	# returns the description of the block, used when the user sees a list of
114	117	# blocks to choose one to include in the design.
115	118	#
...	...	@@ -221,6 +224,7 @@ class Block < ActiveRecord::Base
221	224	'all' => _('All users'),
222	225	'logged' => _('Logged'),
223	226	'not_logged' => _('Not logged'),
	227	+ 'followers' => owner.organization? ? _('Members') : _('Friends')
224	228	}
225	229	end
226	230
...	...