Merge 4.0 branch

composer.json

@@ -10,26 +10,28 @@
       "type": "vcs",
       "url": "https://github.com/alchemy-fr/tcpdf-clone"
     },
-    {
       "type": "git",
       "url": "https://github.com/romainneutron/ProcessManager.git"
-    },
+        {
-    {
+            "type": "vcs",
-      "type": "vcs",
+            "url":  "https://github.com/alchemy-fr/imagine"
-      "url": "https://github.com/alchemy-fr/imagine"
+        },
-    },
+        {
-    {
+            "type": "vcs",
-      "type": "vcs",
+            "url":  "https://github.com/alchemy-fr/JMSTranslationBundle"
-      "url": "https://github.com/alchemy-fr/JMSTranslationBundle"
+        },
-    },
+        {
-    {
+            "type": "vcs",
-      "type": "git",
+            "url":  "https://github.com/alchemy-fr/embed-bundle.git"
-      "url": "https://github.com/bburnichon/fractal.git"
+        },
-    }
+        {
-  ],
+            "type": "git",
-  "require": {
+            "url":  "https://github.com/alchemy-fr/fractal.git"
-    "php": ">=5.5.9",
+        }
-    "ext-intl": "*",
+    ],
+    "require":      {
+        "php": ">=5.5.9",
+        "ext-intl": "*",
     "alchemy-fr/tcpdf-clone": "~6.0",
     "alchemy/embed-bundle": "^0.4.1",
     "alchemy/geonames-api-consumer": "~0.1.0",

lib/Alchemy/Phrasea/Application.php

@@ -544,6 +544,7 @@ class Application extends SilexApplication
         $this['root.path'] = realpath(__DIR__ . '/../../..');
         // temporary resources default path such as download zip, quarantined documents etc ..
         $this['tmp.path'] = getenv('PHRASEANET_TMP') ?: $this['root.path'].'/tmp';
+
         // plugin path
         $this['plugin.path'] = $this['root.path'].'/plugins';
         // thumbnails path

lib/Alchemy/Phrasea/Collection/CollectionService.php

@@ -267,27 +267,28 @@ class CollectionService
      */
     public function grantAdminRights(CollectionReference $reference, User $user)
     {
-        $rights = [
+        $this->app->getAclForUser($user)->update_rights_to_base(
-            "canputinalbum"   => "1",
+            $reference->getBaseId(),
-            "candwnldhd"      => "1",
+            [
-            "nowatermark"     => "1",
+                "basusr_infousr"          => "",    // todo : wtf
-            "candwnldpreview" => "1",
+                \ACL::CANPUTINALBUM       => true,
-            "cancmd"          => "1",
+                \ACL::CANDWNLDHD          => true,
-            "canadmin"        => "1",
+                \ACL::NOWATERMARK         => true,
-            "actif"           => "1",
+                \ACL::CANDWNLDPREVIEW     => true,
-            "canreport"       => "1",
+                \ACL::CANCMD              => true,
-            "canpush"         => "1",
+                \ACL::CANADMIN            => true,
-            "basusr_infousr"  => "",
+                \ACL::ACTIF               => true,
-            "canaddrecord"    => "1",
+                \ACL::CANREPORT           => true,
-            "canmodifrecord"  => "1",
+                \ACL::CANPUSH             => true,
-            "candeleterecord" => "1",
+                \ACL::CANADDRECORD        => true,
-            "chgstatus"       => "1",
+                \ACL::CANMODIFRECORD      => true,
-            "imgtools"        => "1",
+                \ACL::CANDELETERECORD     => true,
-            "manage"          => "1",
+                \ACL::CHGSTATUS           => true,
-            "modify_struct"   => "1"
+                \ACL::IMGTOOLS            => true,
-        ];
+                \ACL::COLL_MANAGE         => true,
-
+                \ACL::COLL_MODIFY_STRUCT  => true
-        $this->app->getAclForUser($user)->update_rights_to_base($reference->getBaseId(), $rights);
+            ]
+        );
     }
 
     public function setOrderMasters(CollectionReference $reference, array $userIds)
@@ -317,18 +318,28 @@ class CollectionService
             $userQuery = $factory();
 
             $result = $userQuery->on_base_ids([ $reference->getBaseId()] )
-                ->who_have_right(['order_master'])
+                ->who_have_right([\ACL::ORDER_MASTER])
                 ->execute()->get_results();
 
             /** @var ACLProvider $acl */
             $acl = $this->app['acl'];
 
             foreach ($result as $user) {
-                $acl->get($user)->update_rights_to_base($reference->getBaseId(), ['order_master' => false]);
+                $acl->get($user)->update_rights_to_base(
+                    $reference->getBaseId(),
+                    [
+                        \ACL::ORDER_MASTER => false
+                    ]
+                );
             }
 
             foreach ($admins as $admin) {
-                $acl->get($admin)->update_rights_to_base($reference->getBaseId(), ['order_master' => true]);
+                $acl->get($admin)->update_rights_to_base(
+                    $reference->getBaseId(),
+                    [
+                        \ACL::ORDER_MASTER => true
+                    ]
+                );
             }
 
             $conn->commit();

lib/Alchemy/Phrasea/Command/BuildSubdefs.php

@@ -345,7 +345,9 @@ class BuildSubdefs extends Command
 
         while( ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) ) {
             $type = $row['type'];
-            $msg = sprintf(' record %s (%s) : ', $row['record_id'], $type);
+            $msg = [];
+
+            $msg[] = sprintf(' record %s (%s) :', $row['record_id'], $type);
 
             try {
                 $record = $this->databox->get_record($row['record_id']);
@@ -366,7 +368,7 @@ class BuildSubdefs extends Command
                                 $subdef->delete();
                             }
                             $subdefsDeleted[] = $name;
-                            $msg .= sprintf(" \"%s\" deleted,", $name);
+                            $msg[] = sprintf(" \"%s\" pruned", $name);
                         }
                         continue;
                     }
@@ -386,10 +388,14 @@ class BuildSubdefs extends Command
                             continue;
                         }
                     }
+
                     // here an existing subdef must be (re)done
-                    if(!$this->dry) {
+                    if(isset($subdefNamesToDo[$name])) {
-                        $subdef->remove_file();
+                        if (!$this->dry) {
-                        $subdef->set_substituted(false);
+                            $subdef->remove_file();
+                            $subdef->set_substituted(false);
+                        }
+                        $msg[] = sprintf(" [\"%s\"] deleted", $name);
                     }
                 }
 
@@ -401,7 +407,7 @@ class BuildSubdefs extends Command
                         $subdefGenerator->generateSubdefs($record, $subdefNamesToDo);
                     }
 
-                    $msg .= sprintf(" [\"%s\"] built", implode('","', $subdefNamesToDo));
+                    $msg[] = sprintf(" [\"%s\"] built", implode('","', $subdefNamesToDo));
                 }
                 else {
                     // $msg .= " nothing to build";
@@ -416,10 +422,10 @@ class BuildSubdefs extends Command
                         . ' WHERE record_id=:record_id';
 
                     if($this->reset_subdef_flag) {
-                        $msg .= ", jeton[\"make_subdef\"]=0";
+                        $msg[] = "jeton[\"make_subdef\"]=0";
                     }
                     if($this->set_writemeta_flag) {
-                        $msg .= ", jeton[\"write_met_subdef\"]=1";
+                        $msg[] = "jeton[\"write_met_subdef\"]=1";
                     }
                     if(!$this->dry) {
                         $this->connection->executeUpdate($sql, [
@@ -436,10 +442,10 @@ class BuildSubdefs extends Command
 
             if($progress) {
                 $progress->advance();
-                $this->output->write($msg);
+                $this->output->write(implode(' ', $msg));
             }
             else {
-                $this->output->writeln($msg);
+                $this->output->writeln(implode("\n", $msg));
             }
         }
 

lib/Alchemy/Phrasea/Controller/Admin/CollectionController.php

@@ -46,10 +46,10 @@ class CollectionController extends Controller
 
         $admins = [];
 
-        if ($this->getAclForUser()->has_right_on_base($bas_id, 'manage')) {
+        if ($this->getAclForUser()->has_right_on_base($bas_id, \ACL::COLL_MANAGE)) {
             $query = $this->createUserQuery();
             $admins = $query->on_base_ids([$bas_id])
-                ->who_have_right(['order_master'])
+                ->who_have_right([\ACL::ORDER_MASTER])
                 ->execute()
                 ->get_results();
         }

lib/Alchemy/Phrasea/Controller/Admin/DataboxesController.php

@@ -31,8 +31,8 @@ class DataboxesController extends Controller
     {
         $acl = $this->getAclForUser();
         $sbasIds = array_merge(
-            array_keys($acl->get_granted_sbas(['bas_manage'])),
+            array_keys($acl->get_granted_sbas([\ACL::BAS_MANAGE])),
-            array_keys($acl->get_granted_sbas(['bas_modify_struct']))
+            array_keys($acl->get_granted_sbas([\ACL::BAS_MODIFY_STRUCT]))
         );
 
         $sbas = [];

lib/Alchemy/Phrasea/Controller/Admin/RootController.php

@@ -88,7 +88,7 @@ class RootController extends Controller
      */
     public function displayStatusBitAction($databox_id)
     {
-        if (!$this->getAclForUser()->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
+        if (!$this->getAclForUser()->has_right_on_sbas($databox_id, \ACL::BAS_MODIFY_STRUCT)) {
             $this->app->abort(403);
         }
 
@@ -105,7 +105,7 @@ class RootController extends Controller
      */
     public  function displayDataboxStructureAction(Request $request, $databox_id)
     {
-        if (!$this->getAclForUser()->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
+        if (!$this->getAclForUser()->has_right_on_sbas($databox_id, \ACL::BAS_MODIFY_STRUCT)) {
             $this->app->abort(403);
         }
 
@@ -132,7 +132,7 @@ class RootController extends Controller
 
     public function submitDatabaseStructureAction(Request $request, $databox_id)
     {
-        if (!$this->getAclForUser()->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
+        if (!$this->getAclForUser()->has_right_on_sbas($databox_id, \ACL::BAS_MODIFY_STRUCT)) {
             $this->app->abort(403);
         }
 
@@ -162,7 +162,7 @@ class RootController extends Controller
 
     public function displayDatabaseStatusBitFormAction(Request $request, $databox_id, $bit)
     {
-        if (!$this->getAclForUser()->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
+        if (!$this->getAclForUser()->has_right_on_sbas($databox_id, \ACL::BAS_MODIFY_STRUCT)) {
             $this->app->abort(403);
         }
 
@@ -220,7 +220,7 @@ class RootController extends Controller
             $this->app->abort(400, $this->app->trans('Bad request format, only JSON is allowed'));
         }
 
-        if (!$this->getAclForUser()->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
+        if (!$this->getAclForUser()->has_right_on_sbas($databox_id, \ACL::BAS_MODIFY_STRUCT)) {
             $this->app->abort(403);
         }
 
@@ -238,7 +238,7 @@ class RootController extends Controller
     }
     
     public function submitStatusBitAction(Request $request, $databox_id, $bit) {
-        if (!$this->getAclForUser()->has_right_on_sbas($databox_id, 'bas_modify_struct')) {
+        if (!$this->getAclForUser()->has_right_on_sbas($databox_id, \ACL::BAS_MODIFY_STRUCT)) {
             $this->app->abort(403);
         }
 

lib/Alchemy/Phrasea/Controller/Admin/SetupController.php

@@ -10,29 +10,43 @@
 
 namespace Alchemy\Phrasea\Controller\Admin;
 
+use Alchemy\Phrasea\Application;
 use Alchemy\Phrasea\Controller\Controller;
-use Alchemy\Phrasea\Core\Configuration\Configuration;
 use Alchemy\Phrasea\Core\Configuration\PropertyAccess;
-use Alchemy\Phrasea\Core\Configuration\RegistryManipulator;
+use Alchemy\Phrasea\Core\Configuration\RegistryFormManipulator;
 use Symfony\Component\HttpFoundation\Request;
 
 class SetupController extends Controller
 {
+    /**
+     * @var RegistryFormManipulator
+     */
+    private $registryFormManipulator;
+
+    /**
+     * @var PropertyAccess
+     */
+    private $configuration;
+
+    public function __construct(Application $app, RegistryFormManipulator $registryFormManipulator, PropertyAccess $configuration)
+    {
+        parent::__construct($app);
+
+        $this->registryFormManipulator = $registryFormManipulator;
+        $this->configuration = $configuration;
+    }
+
     public function submitGlobalsAction(Request $request)
     {
-        /** @var RegistryManipulator $manipulator */
+        $form = $this->registryFormManipulator->createForm();
-        $manipulator = $this->app['registry.manipulator'];
-        /** @var PropertyAccess $config */
-        $config = $this->app['conf'];
-
-        $form = $manipulator->createForm($this->app['conf']);
 
         if ('POST' === $request->getMethod()) {
             $form->submit($request->request->all());
-            if ($form->isValid()) {
-                $config->set('registry', $manipulator->getRegistryData($form));
 
-                return $this->app->redirectPath('setup_display_globals');
+            if ($form->isValid()) {
+                $registryData = $this->registryFormManipulator->getRegistryData($form, $this->configuration);
+
+                $this->configuration->set('registry', $registryData);
             }
 
             // Do not return a 400 status code as not very well handled in calling JS.

lib/Alchemy/Phrasea/Controller/Admin/TaskManagerController.php

@@ -46,8 +46,10 @@ class TaskManagerController extends Controller
 
         $this->getDispatcher()->addListener(KernelEvents::TERMINATE, function () use ($cmdLine) {
             $process = new Process($cmdLine);
+
             $process->setTimeout(0);
             $process->disableOutput();
+
             set_time_limit(0);
             ignore_user_abort(true);
 
@@ -65,6 +67,7 @@ class TaskManagerController extends Controller
 
         $info = $this->getLiveInformationRequest();
         $data = $info->getManager();
+
         if (null !== $pid = $data['process-id']) {
             if (substr(php_uname(), 0, 7) == "Windows"){
                 exec(sprintf('TaskKill /PID %d', $pid));

lib/Alchemy/Phrasea/Controller/Admin/UserController.php

@@ -285,7 +285,7 @@ class UserController extends Controller
         $on_base = $request->request->get('base_id') ? : null;
         $on_sbas = $request->request->get('sbas_id') ? : null;
 
-        $eligible_users = $user_query->on_bases_where_i_am($this->getAclForConnectedUser(), ['canadmin'])
+        $eligible_users = $user_query->on_bases_where_i_am($this->getAclForConnectedUser(), [\ACL::CANADMIN])
             ->like($like_field, $like_value)
             ->on_base_ids($on_base)
             ->on_sbas_ids($on_sbas);
@@ -357,7 +357,7 @@ class UserController extends Controller
         $userRegistrations = [];
         /** @var RegistrationRepository $registrationRepository */
         $registrationRepository = $this->app['repo.registrations'];
-        $collections = $this->getAclForConnectedUser()->get_granted_base(['canadmin']);
+        $collections = $this->getAclForConnectedUser()->get_granted_base([\ACL::CANADMIN]);
         $authenticatedUserId = $authenticatedUser->getId();
         foreach ($registrationRepository->getPendingRegistrations($collections) as $registration) {
             $user = $registration->getUser();
@@ -689,7 +689,7 @@ class UserController extends Controller
             ]);
         }
 
-        $basList = array_keys($this->getAclForConnectedUser()->get_granted_base(['manage']));
+        $basList = array_keys($this->getAclForConnectedUser()->get_granted_base([\ACL::COLL_MANAGE]));
         /** @var NativeQueryProvider $query */
         $query = $this->app['orm.em.native-query'];
         $models = $query->getModelForUser($this->getAuthenticatedUser(), $basList);
@@ -832,7 +832,7 @@ class UserController extends Controller
 
                     $this->getAclForUser($newUser)->apply_model(
                         $userRepository->find($model),
-                        array_keys($this->getAclForConnectedUser()->get_granted_base(['manage']))
+                        array_keys($this->getAclForConnectedUser()->get_granted_base([\ACL::COLL_MANAGE]))
                     );
 
                     $nbCreation++;

lib/Alchemy/Phrasea/Controller/Api/V1Controller.php

@@ -486,7 +486,7 @@ class V1Controller extends Controller
     {
         $userQuery = new \User_Query($this->app);
         $orderMasters = $userQuery->on_base_ids([ $collection->get_base_id() ] )
-            ->who_have_right(['order_master'])
+            ->who_have_right([\ACL::ORDER_MASTER])
             ->execute()
             ->get_results()
             ->map(function (User $user) {
@@ -632,7 +632,7 @@ class V1Controller extends Controller
         $offset_start = max($request->get('offset_start', 0), 0);
         $per_page = min(max($request->get('per_page', 10), 1), 1000);
 
-        $baseIds = array_keys($this->getAclForUser()->get_granted_base(['canaddrecord']));
+        $baseIds = array_keys($this->getAclForUser()->get_granted_base([\ACL::CANADDRECORD]));
 
         $lazaretFiles = [];
 
@@ -667,7 +667,7 @@ class V1Controller extends Controller
             return Result::createError($request, 404, sprintf('Lazaret file id %d not found', $lazaret_id))->createResponse();
         }
 
-        if (!$this->getAclForUser()->has_right_on_base($lazaretFile->getBaseId(), 'canaddrecord')) {
+        if (!$this->getAclForUser()->has_right_on_base($lazaretFile->getBaseId(), \ACL::CANADDRECORD)) {
             return Result::createError($request, 403, 'You do not have access to this quarantine item')->createResponse();
         }
 
@@ -906,7 +906,7 @@ class V1Controller extends Controller
 
         $collection = \collection::getByBaseId($this->app, $request->get('base_id'));
 
-        if (!$this->getAclForUser()->has_right_on_base($request->get('base_id'), 'canaddrecord')) {
+        if (!$this->getAclForUser()->has_right_on_base($request->get('base_id'), \ACL::CANADDRECORD)) {
             return Result::createError($request, 403, sprintf(
                 'You do not have access to collection %s', $collection->get_label($this->app['locale'])
             ))->createResponse();
@@ -1003,7 +1003,7 @@ class V1Controller extends Controller
         $record = $this->findDataboxById($request->get('databox_id'))->get_record($request->get('record_id'));
         $base_id = $record->getBaseId();
         $collection = \collection::getByBaseId($this->app, $base_id);
-        if (!$this->getAclForUser()->has_right_on_base($base_id, 'canaddrecord')) {
+        if (!$this->getAclForUser()->has_right_on_base($base_id, \ACL::CANADDRECORD)) {
             return Result::createError($request, 403, sprintf(
                 'You do not have access to collection %s', $collection->get_label($this->app['locale.I18n'])
             ));
@@ -1035,7 +1035,7 @@ class V1Controller extends Controller
                 return null;
             }
             if ($media->get_name() === 'document'
-                && !$acl->has_right_on_base($record->getBaseId(), 'candwnldhd')
+                && !$acl->has_right_on_base($record->getBaseId(), \ACL::CANDWNLDHD)
                 && !$acl->has_hd_grant($record)
             ) {
                 return null;
@@ -2448,7 +2448,7 @@ class V1Controller extends Controller
     {
         $collection = \collection::getByBaseId($this->app, $data->{'base_id'});
 
-        if (!$this->getAclForUser()->has_right_on_base($collection->get_base_id(), 'canaddrecord')) {
+        if (!$this->getAclForUser()->has_right_on_base($collection->get_base_id(), \ACL::CANADDRECORD)) {
             $this->app->abort(403, sprintf('You can not create a story on this collection %s', $collection->get_base_id()));
         }
 
@@ -2770,9 +2770,11 @@ class V1Controller extends Controller
         $user = $this->getApiAuthenticatedUser();
         $acl = $this->getAclForUser($user);
 
-        if (! $acl->has_access_to_module('admin') || ! $acl->has_right('manageusers')) {
+        if (! $acl->has_access_to_module('admin') || ! $acl->has_right(\ACL::CANADMIN)) {
             return Result::createError($request, 401, 'You are not authorized')->createResponse();
         }
+
+        return null;
     }
 
     public function ensureAccessToDatabox(Request $request)
@@ -2814,7 +2816,7 @@ class V1Controller extends Controller
     public function ensureCanModifyRecord(Request $request)
     {
         $user = $this->getApiAuthenticatedUser();
-        if (!$this->getAclForUser($user)->has_right('modifyrecord')) {
+        if (!$this->getAclForUser($user)->has_right(\ACL::CANMODIFRECORD)) {
             return Result::createError($request, 401, 'You are not authorized')->createResponse();
         }
 
@@ -2826,7 +2828,7 @@ class V1Controller extends Controller
         $user = $this->getApiAuthenticatedUser();
         $record = $this->findDataboxById($request->attributes->get('databox_id'))
             ->get_record($request->attributes->get('record_id'));
-        if (!$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), 'chgstatus')) {
+        if (!$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), \ACL::CHGSTATUS)) {
             return Result::createError($request, 401, 'You are not authorized')->createResponse();
         }
 
@@ -2837,7 +2839,7 @@ class V1Controller extends Controller
     {
         $user = $this->getApiAuthenticatedUser();
         $databox = $this->findDataboxById($request->attributes->get('databox_id'));
-        if (!$this->getAclForUser($user)->has_right_on_sbas($databox->get_sbas_id(), 'bas_modify_struct')) {
+        if (!$this->getAclForUser($user)->has_right_on_sbas($databox->get_sbas_id(), \ACL::BAS_MODIFY_STRUCT)) {
             return Result::createError($request, 401, 'You are not authorized')->createResponse();
         }
 
@@ -2850,9 +2852,9 @@ class V1Controller extends Controller
         $record = $this->findDataboxById($request->attributes->get('databox_id'))
             ->get_record($request->attributes->get('record_id'));
         // TODO: Check comparison. seems to be a mismatch
-        if ((!$this->getAclForUser($user)->has_right('addrecord')
+        if ((!$this->getAclForUser($user)->has_right(\ACL::CANADDRECORD)
-                && !$this->getAclForUser($user)->has_right('deleterecord'))
+                && !$this->getAclForUser($user)->has_right(\ACL::CANDELETERECORD))
-            || !$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), 'candeleterecord')
+            || !$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), \ACL::CANDELETERECORD)
         ) {
             return Result::createError($request, 401, 'You are not authorized')->createResponse();
         }
@@ -2866,7 +2868,7 @@ class V1Controller extends Controller
         $record = $this->findDataboxById($request->attributes->get('databox_id'))
             ->get_record($request->attributes->get('record_id'));
 
-        if (!$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), 'candeleterecord')) {
+        if (!$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), \ACL::CANDELETERECORD)) {
             return Result::createError($request, 401, 'You are not authorized')->createResponse();
         }
 

lib/Alchemy/Phrasea/Controller/DatafileController.php

@@ -66,7 +66,7 @@ class DatafileController extends AbstractDelivery
 
             $stamp = false;
             $watermark = !$this->acl->get($this->authentication->getUser())
-                ->has_right_on_base($record->getBaseId(), 'nowatermark');
+                ->has_right_on_base($record->getBaseId(), \ACL::NOWATERMARK);
 
             if ($watermark && !$all_access) {
                 $subdef_class = null;

lib/Alchemy/Phrasea/Controller/PermalinkController.php

@@ -126,9 +126,7 @@ class PermalinkController extends AbstractDelivery
 
         $isDownload = $request->query->getBoolean('download', false);
 
-        if ($isDownload) {
+        if ($isDownload && $user = $this->app->getAuthenticatedUser()) {
-            $user = $this->app->getAuthenticatedUser();
-
             $this->getEventDispatcher()->dispatch(
                 PhraseaEvents::EXPORT_CREATE,
                 new ExportEvent($user, 0, $sbas_id . '_' . $record_id, [ $subdef ], '')
@@ -136,7 +134,7 @@ class PermalinkController extends AbstractDelivery
         }
 
         if ($this->authentication->isAuthenticated()) {
-            $watermark = !$this->acl->get($this->authentication->getUser())->has_right_on_base($record->getBaseId(), 'nowatermark');
+            $watermark = !$this->acl->get($this->authentication->getUser())->has_right_on_base($record->getBaseId(), \ACL::NOWATERMARK);
 
             if ($watermark) {
                 /** @var BasketElementRepository $repository */

lib/Alchemy/Phrasea/Controller/Prod/EditController.php

@@ -39,7 +39,7 @@ class EditController extends Controller
             $this->app,
             $request,
             RecordsRequest::FLATTEN_YES_PRESERVE_STORIES,
-            ['canmodifrecord']
+            [\ACL::CANMODIFRECORD]
         );
 
         $thesaurus = false;
@@ -121,7 +121,7 @@ class EditController extends Controller
             }
 
             // generate javascript status
-            if ($this->getAclForUser()->has_right('changestatus')) {
+            if ($this->getAclForUser()->has_right(\ACL::CHGSTATUS)) {
                 $statusStructure = $databox->getStatusStructure();
                 foreach ($statusStructure as $statbit) {
                     $bit = $statbit['bit'];
@@ -158,7 +158,7 @@ class EditController extends Controller
 
                 $elements[$indice]['statbits'] = [];
                 $elements[$indice]['editableStatus'] = false;
-                if ($this->getAclForUser()->has_right_on_base($record->getBaseId(), 'chgstatus')) {
+                if ($this->getAclForUser()->has_right_on_base($record->getBaseId(), \ACL::CHGSTATUS)) {
                     $elements[$indice]['editableStatus'] = true;
                     foreach ($status as $n => $s) {
                         $tmp_val = substr(strrev($record->getStatus()), $n, 1);
@@ -279,7 +279,7 @@ class EditController extends Controller
 
     public function applyAction(Request $request) {
 
-        $records = RecordsRequest::fromRequest($this->app, $request, RecordsRequest::FLATTEN_YES_PRESERVE_STORIES, ['canmodifrecord']);
+        $records = RecordsRequest::fromRequest($this->app, $request, RecordsRequest::FLATTEN_YES_PRESERVE_STORIES, [\ACL::CANMODIFRECORD]);
 
         $databoxes = $records->databoxes();
         if (count($databoxes) !== 1) {

lib/Alchemy/Phrasea/Controller/Prod/FeedController.php

@@ -37,7 +37,7 @@ class FeedController extends Controller
     public function publishRecordsAction(Request $request)
     {
         $feeds = $this->getFeedRepository()->getAllForUser($this->getAclForUser());
-        $publishing = RecordsRequest::fromRequest($this->app, $request, true, [], ['bas_chupub']);
+        $publishing = RecordsRequest::fromRequest($this->app, $request, true, [], [\ACL::BAS_CHUPUB]);
 
         return $this->render(
             'prod/actions/publish/publish.html.twig',
@@ -76,7 +76,7 @@ class FeedController extends Controller
 
         $feed->addEntry($entry);
 
-        $publishing = RecordsRequest::fromRequest($this->app, $request, true, [], ['bas_chupub']);
+        $publishing = RecordsRequest::fromRequest($this->app, $request, true, [], [\ACL::BAS_CHUPUB]);
         $manager = $this->getEntityManager();
         foreach ($publishing as $record) {
             $item = new FeedItem();
@@ -270,7 +270,7 @@ class FeedController extends Controller
 
     public function ensureUserHasPublishRight()
     {
-        $this->requireRight('bas_chupub');
+        $this->requireRight(\ACL::BAS_CHUPUB);
     }
 
     /**

lib/Alchemy/Phrasea/Controller/Prod/LazaretController.php

@@ -42,7 +42,7 @@ class LazaretController extends Controller
      */
     public function listElement(Request $request)
     {
-        $baseIds = array_keys($this->getAclForUser()->get_granted_base(['canaddrecord']));
+        $baseIds = array_keys($this->getAclForUser()->get_granted_base([\ACL::CANADDRECORD]));
 
         $lazaretFiles = null;
         $perPage = 10;

lib/Alchemy/Phrasea/Controller/Prod/MoveCollectionController.php

@@ -17,7 +17,7 @@ class MoveCollectionController extends Controller
 {
     public function displayForm(Request $request)
     {
-        $records = RecordsRequest::fromRequest($this->app, $request, false, ['candeleterecord']);
+        $records = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CANDELETERECORD]);
 
         $sbas_ids = array_map(function (\databox $databox) {
             return $databox->get_sbas_id();
@@ -26,6 +26,7 @@ class MoveCollectionController extends Controller
         $message = '';
         $template = '';
         $collections = $this->getAclForUser()->get_granted_base(['canaddrecord'], $sbas_ids);
+        $collections = $this->getAclForUser()->get_granted_base([\ACL::CANADDRECORD], $sbas_ids);
 
         if (count($records->databoxes()) > 1) {
             $success = false;
@@ -56,7 +57,7 @@ class MoveCollectionController extends Controller
     public function apply(Request $request)
     {
         /** @var \record_adapter[] $records */
-        $records = RecordsRequest::fromRequest($this->app, $request, false, ['candeleterecord']);
+        $records = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CANDELETERECORD]);
 
         $datas = [
             'success' => false,
@@ -70,7 +71,7 @@ class MoveCollectionController extends Controller
                 return $this->app->json($datas);
             }
 
-            if (!$this->getAclForUser()->has_right_on_base($request->request->get('base_id'), 'canaddrecord')) {
+            if (!$this->getAclForUser()->has_right_on_base($request->request->get('base_id'), \ACL::CANADDRECORD)) {
                 $datas['message'] = $this->app->trans("You do not have the permission to move records to %collection%", ['%collection%', \phrasea::bas_labels($request->request->get('base_id'), $this->app)]);
 
                 return $this->app->json($datas);
@@ -90,7 +91,7 @@ class MoveCollectionController extends Controller
                 if ($request->request->get("chg_coll_son") == "1") {
                     /** @var \record_adapter $child */
                     foreach ($record->getChildren() as $child) {
-                        if ($this->getAclForUser()->has_right_on_base($child->getBaseId(), 'candeleterecord')) {
+                        if ($this->getAclForUser()->has_right_on_base($child->getBaseId(), \ACL::CANDELETERECORD)) {
                             $child->move_to_collection($collection, $this->getApplicationBox());
                         }
                     }

lib/Alchemy/Phrasea/Controller/Prod/PropertyController.php

@@ -28,7 +28,7 @@ class PropertyController extends Controller
             $this->app->abort(400);
         }
 
-        $records = RecordsRequest::fromRequest($this->app, $request, false, ['chgstatus']);
+        $records = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CHGSTATUS]);
 
         $databoxes = $records->databoxes();
         if (count($databoxes) > 1) {
@@ -81,7 +81,7 @@ class PropertyController extends Controller
             $this->app->abort(400);
         }
 
-        $records = RecordsRequest::fromRequest($this->app, $request, false, ['canmodifrecord']);
+        $records = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CANMODIFRECORD]);
 
         $recordsType = [];
 
@@ -115,7 +115,7 @@ class PropertyController extends Controller
     public function changeStatus(Request $request)
     {
         $applyStatusToChildren = $request->request->get('apply_to_children', []);
-        $records = RecordsRequest::fromRequest($this->app, $request, false, ['chgstatus']);
+        $records = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CHGSTATUS]);
         $updated = [];
         $postStatus = (array) $request->request->get('status');
 
@@ -149,7 +149,7 @@ class PropertyController extends Controller
     public function changeType(Request $request)
     {
         $typeLst = $request->request->get('types', []);
-        $records = RecordsRequest::fromRequest($this->app, $request, false, ['canmodifrecord']);
+        $records = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CANMODIFRECORD]);
         $mimeLst = $request->request->get('mimes', []);
         $forceType = $request->request->get('force_types', '');
         $updated = [];

lib/Alchemy/Phrasea/Controller/Prod/PushController.php

@@ -395,7 +395,7 @@ class PushController extends Controller
         $data = null;
 
         $query = $this->createUserQuery();
-        $query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), ['canpush']);
+        $query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), [\ACL::CANPUSH]);
 
         $query->in([$usr_id]);
 
@@ -431,7 +431,7 @@ class PushController extends Controller
         $result = ['success' => false, 'message' => '', 'user'    => null];
 
         try {
-            if (!$this->getAclForUser($this->getAuthenticatedUser())->has_right('manageusers'))
+            if (!$this->getAclForUser($this->getAuthenticatedUser())->has_right(\ACL::CANADMIN))
                 throw new ControllerException($this->app->trans('You are not allowed to add users'));
 
             if (!$request->request->get('firstname'))
@@ -502,7 +502,7 @@ class PushController extends Controller
     public function searchUserAction(Request $request)
     {
         $query = $this->createUserQuery();
-        $query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), ['canpush']);
+        $query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), [\ACL::CANPUSH]);
         $query
             ->like(\User_Query::LIKE_FIRSTNAME, $request->query->get('query'))
             ->like(\User_Query::LIKE_LASTNAME, $request->query->get('query'))
@@ -540,7 +540,7 @@ class PushController extends Controller
         $list = $repository->findUserListByUserAndId($this->getAuthenticatedUser(), $list_id);
 
         $query = $this->createUserQuery();
-        $query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), ['canpush']);
+        $query->on_bases_where_i_am($this->getAclForUser($this->getAuthenticatedUser()), [\ACL::CANPUSH]);
 
         if ($request->get('query')) {
             $query

lib/Alchemy/Phrasea/Controller/Prod/RecordController.php

@@ -130,9 +130,11 @@ class RecordController extends Controller
     public function doDeleteRecords(Request $request)
     {
         $flatten = (bool)($request->request->get('del_children')) ? RecordsRequest::FLATTEN_YES_PRESERVE_STORIES : RecordsRequest::FLATTEN_NO;
-        $records = RecordsRequest::fromRequest($this->app, $request, $flatten, [
+        $records = RecordsRequest::fromRequest(
-            'candeleterecord'
+            $this->app,
-        ]);
+            $request,$flatten,
+            [\ACL::CANDELETERECORD]
+        );
 
         $basketElementsRepository = $this->getBasketElementRepository();
         $StoryWZRepository = $this->getStoryWorkZoneRepository();
@@ -175,9 +177,12 @@ class RecordController extends Controller
      */
     public function whatCanIDelete(Request $request)
     {
-        $records = RecordsRequest::fromRequest($this->app, $request, !!$request->request->get('del_children'), [
+        $records = RecordsRequest::fromRequest(
-            'candeleterecord',
+            $this->app,
-        ]);
+            $request,
+            !!$request->request->get('del_children'),
+            [\ACL::CANDELETERECORD]
+        );
 
         return $this->render('prod/actions/delete_records_confirm.html.twig', [
             'records'   => $records,

lib/Alchemy/Phrasea/Controller/Prod/StoryController.php

@@ -35,7 +35,7 @@ class StoryController extends Controller
     {
         $collection = \collection::getByBaseId($this->app, $request->request->get('base_id'));
 
-        if (!$this->getAclForUser()->has_right_on_base($collection->get_base_id(), 'canaddrecord')) {
+        if (!$this->getAclForUser()->has_right_on_base($collection->get_base_id(), \ACL::CANADDRECORD)) {
             throw new AccessDeniedHttpException('You can not create a story on this collection');
         }
 
@@ -109,7 +109,7 @@ class StoryController extends Controller
     {
         $Story = new \record_adapter($this->app, $sbas_id, $record_id);
 
-        if (!$this->getAclForUser()->has_right_on_base($Story->getBaseId(), 'canmodifrecord')) {
+        if (!$this->getAclForUser()->has_right_on_base($Story->getBaseId(), \ACL::CANMODIFRECORD)) {
             throw new AccessDeniedHttpException('You can not add document to this Story');
         }
 
@@ -145,7 +145,7 @@ class StoryController extends Controller
         $story = new \record_adapter($this->app, $sbas_id, $record_id);
         $record = new \record_adapter($this->app, $child_sbas_id, $child_record_id);
 
-        if (!$this->getAclForUser()->has_right_on_base($story->getBaseId(), 'canmodifrecord')) {
+        if (!$this->getAclForUser()->has_right_on_base($story->getBaseId(), \ACL::CANMODIFRECORD)) {
             throw new AccessDeniedHttpException('You can not add document to this Story');
         }
 
@@ -188,7 +188,7 @@ class StoryController extends Controller
                 throw new \Exception('This is not a story');
             }
 
-            if (!$this->getAclForUser()->has_right_on_base($story->getBaseId(), 'canmodifrecord')) {
+            if (!$this->getAclForUser()->has_right_on_base($story->getBaseId(), \ACL::CANMODIFRECORD)) {
                 throw new ControllerException($this->app->trans('You can not edit this story'));
             }
 

lib/Alchemy/Phrasea/Controller/Prod/ToolsController.php

@@ -51,9 +51,9 @@ class ToolsController extends Controller
 
             $acl = $this->getAclForUser();
 
-            if ($acl->has_right('bas_chupub')
+            if ($acl->has_right(\ACL::BAS_CHUPUB)
-                && $acl->has_right_on_base($record->getBaseId(), 'canmodifrecord')
+                && $acl->has_right_on_base($record->getBaseId(), \ACL::CANMODIFRECORD)
-                && $acl->has_right_on_base($record->getBaseId(), 'imgtools')
+                && $acl->has_right_on_base($record->getBaseId(), \ACL::IMGTOOLS)
             ) {
                 $databoxSubdefs = $record->getDatabox()->get_subdef_structure()->getSubdefGroup($record->getType());
 
@@ -64,7 +64,7 @@ class ToolsController extends Controller
                     }
 
                     if ('document' == $subdefName) {
-                        if (!$acl->has_right_on_base($record->getBaseId(), 'candwnldhd')) {
+                        if (!$acl->has_right_on_base($record->getBaseId(), \ACL::CANDWNLDHD)) {
                             continue;
                         }
                         $label = $this->app->trans('prod::tools: document');
@@ -149,7 +149,7 @@ class ToolsController extends Controller
 
         $force = $request->request->get('force_substitution') == '1';
 
-        $selection = RecordsRequest::fromRequest($this->app, $request, false, array('canmodifrecord'));
+        $selection = RecordsRequest::fromRequest($this->app, $request, false, [\ACL::CANMODIFRECORD]);
 
         foreach ($selection as $record) {
             $substituted = false;
@@ -188,8 +188,10 @@ class ToolsController extends Controller
                 try {
 
                     $tempoDir = tempnam(sys_get_temp_dir(), 'substit');
+
                     unlink($tempoDir);
                     mkdir($tempoDir);
+
                     $tempoFile = $tempoDir . DIRECTORY_SEPARATOR . $fileName;
 
                     if (false === rename($file->getPathname(), $tempoFile)) {
@@ -342,10 +344,10 @@ class ToolsController extends Controller
         $state = $request->request->get('state') == 'true' ? true : false;
 
         $acl = $this->getAclForUser();
-        if (!$acl->has_right('bas_chupub')
+        if (!$acl->has_right(\ACL::BAS_CHUPUB)
-            || !$acl->has_right_on_base($record->getBaseId(), 'canmodifrecord')
+            || !$acl->has_right_on_base($record->getBaseId(), \ACL::CANMODIFRECORD)
-            || !$acl->has_right_on_base($record->getBaseId(), 'imgtools')
+            || !$acl->has_right_on_base($record->getBaseId(), \ACL::IMGTOOLS)
-            || ('document' == $subdefName && !$acl->has_right_on_base($record->getBaseId(), 'candwnldhd'))
+            || ('document' == $subdefName && !$acl->has_right_on_base($record->getBaseId(), \ACL::CANDWNLDHD))
             || ('document' != $subdefName && !$acl->has_access_to_subdef($record, $subdefName))
         ) {
             $this->app->abort(403);

lib/Alchemy/Phrasea/Controller/Prod/UploadController.php

@@ -115,7 +115,7 @@ class UploadController extends Controller
             throw new BadRequestHttpException('Missing base_id parameter');
         }
 
-        if (!$this->getAclForUser()->has_right_on_base($base_id, 'canaddrecord')) {
+        if (!$this->getAclForUser()->has_right_on_base($base_id, \ACL::CANADDRECORD)) {
             throw new AccessDeniedHttpException('User is not allowed to add record on this collection');
         }
 
@@ -243,7 +243,7 @@ class UploadController extends Controller
     {
         $collections = [];
 
-        foreach ($acl->get_granted_base(['canaddrecord']) as $collection) {
+        foreach ($acl->get_granted_base([\ACL::CANADDRECORD]) as $collection) {
             $databox = $collection->get_databox();
 
             if ( ! isset($collections[$databox->get_sbas_id()])) {

lib/Alchemy/Phrasea/Controller/RecordsRequest.php

@@ -219,8 +219,8 @@ class RecordsRequest extends ArrayCollection
             $repository = $app['repo.story-wz'];
 
             $storyWZ = $repository->findByUserAndId(
-                $app, $app->getAuthenticatedUser()
+                $app, $app->getAuthenticatedUser(),
-                , $request->get('story')
+                $request->get('story')
             );
 
             $received[$storyWZ->getRecord($app)->get_serialize_key()] = $storyWZ->getRecord($app);

lib/Alchemy/Phrasea/Controller/Report/RootController.php

@@ -53,7 +53,7 @@ class RootController extends Controller
 
         $granted = [];
 
-        foreach ($this->getAclForUser()->get_granted_base(['canreport']) as $collection) {
+        foreach ($this->getAclForUser()->get_granted_base([\ACL::CANREPORT]) as $collection) {
             if (!isset($granted[$collection->get_sbas_id()])) {
                 $granted[$collection->get_sbas_id()] = [
                     'id' => $collection->get_sbas_id(),

lib/Alchemy/Phrasea/Controller/Thesaurus/ThesaurusXmlHttpController.php

@@ -700,43 +700,14 @@ class ThesaurusXmlHttpController extends Controller
         foreach ($collections as $collection) {
             $lcoll .= ($lcoll?",":"") . $collection->get_coll_id();
         }
-        $site = $this->app['phraseanet.configuration']['main']['key'];
-        $usr_id = $this->getAuthenticatedUser()->getId();
 
         $tids = explode('.', $request->get('id'));
         $thid = implode('.', $tids);
 
         try {
             $databox = $this->findDataboxById($sbid);
-            $connbas = $databox->get_connection();
             $dbname = \phrasea::sbas_labels($sbid, $this->app);
 
-            $t_nrec = [];
-            $lthid = strlen($thid);
-
-            // count occurrences
-            if ($lthid > 1) {
-                $dthid = str_replace('.', 'd', $thid);
-                $sql = "SELECT"
-                    . " 0+SUBSTR(t.value, " . ($lthid + 2) . ") AS k, COUNT(DISTINCT(`record_id`)) AS n"
-                    . " FROM (thit AS t INNER JOIN record AS r USING(record_id))"
-                    . " INNER JOIN collusr AS c ON c.site=:site AND c.usr_id=:usr_id AND r.coll_id=c.coll_id"
-                    . " WHERE t.value LIKE :like AND r.coll_id IN(".$lcoll.") AND (r.status^c.mask_xor)&c.mask_and=0"
-                    . " GROUP BY k ORDER BY NULL";
-                $sqlparm = array(':like' => $dthid . 'd%', ':site'=>$site, ':usr_id'=>$usr_id);
-
-                $stmt = $connbas->prepare($sql);
-                $stmt->execute($sqlparm);
-
-                $rs = $stmt->fetchAll(\PDO::FETCH_ASSOC);
-                $stmt->closeCursor();
-
-                foreach ($rs as $rowbas) {
-                    $t_nrec[$thid . '.' . $rowbas['k']] = $rowbas;
-                }
-            }
-
-            $databox = $this->findDataboxById($sbid);
             if ($request->get('type') == 'T') {
                 $xqroot = 'thesaurus';
                 $dom = $databox->get_dom_thesaurus();
@@ -758,17 +729,7 @@ class ThesaurusXmlHttpController extends Controller
                     $node0 = $nodes->item(0);
 
                     $key0 = null; // key of the sy in the current language (or key of the first sy if we can't find good lng)
-                    $nts0 = 0;  // count of ts under this term
 
-                    $label = $this->buildBranchLabel($dbname, $lng, $node0, $key0, $nts0);
-
-                    $class = '';
-                    if ($nts0 > 0) {
-                        $class .= ( $class == '' ? '' : ' ') . 'expandable';
-                    }
-                    if ($request->get('last')) {
-                        $class .= ( $class == '' ? '' : ' ') . 'last';
-                    }
                     // on dresse la liste des termes specifiques avec comme cle le synonyme dans la langue pivot
                     $nts = 0;
                     $tts = [];
@@ -795,14 +756,14 @@ class ThesaurusXmlHttpController extends Controller
                         }
                     }
 
+                    $field0 = $node0->getAttribute('field');
+                    if ($field0) {
+                        $field0 = 'field="' . $field0 . '"';
+                    }
+
+                    $html .= '<UL ' . $field0 . '>' . "\n";
+
                     if ($nts > 0) {
-                        $field0 = $node0->getAttribute('field');
-                        if ($field0) {
-                            $field0 = 'field="' . $field0 . '"';
-                        }
-
-                        $html .= '<UL ' . $field0 . '>' . "\n";
-
                         if ($request->get('sortsy') && $lng != '') {
                             ksort($tts, SORT_STRING);
                         } elseif ($request->get('type') == 'C') {
@@ -830,10 +791,6 @@ class ThesaurusXmlHttpController extends Controller
 
                             $html .= '<span>' . $ts['label'] . '</span>';
 
-                            if (isset($t_nrec[$tid])) {
-                                $html .= ' <I>' . $t_nrec[$tid]['n'] . '</I>';
-                            }
-
                             $html .= "\n";
 
                             if ($ts['nts'] > 0) {
@@ -842,10 +799,9 @@ class ThesaurusXmlHttpController extends Controller
 
                             $html .= '</LI>' . "\n";
                         }
-                        $html .= '</UL>' . "\n";
                     }
 
-                    $html .= '</LI>' . "\n";
+                    $html .= '</UL>' . "\n";
                 }
             }
         } catch (\Exception $e) {

lib/Alchemy/Phrasea/ControllerProvider/Admin/Collection.php

@@ -45,7 +45,7 @@ class Collection implements ControllerProviderInterface, ServiceProviderInterfac
         $controllers->before(function (Request $request) use ($firewall) {
             $firewall
                 ->requireAccessToModule('admin')
-                ->requireRightOnBase($request->attributes->get('bas_id'), 'canadmin');
+                ->requireRightOnBase($request->attributes->get('bas_id'), \ACL::CANADMIN);
         });
 
         $controllers->get('/{bas_id}/', 'controller.admin.collection:getCollection')

lib/Alchemy/Phrasea/ControllerProvider/Admin/Databox.php

@@ -135,11 +135,11 @@ class Databox implements ControllerProviderInterface, ServiceProviderInterface
 
     public function requireManageRightOnSbas(Request $request, Application $app)
     {
-        $this->getFirewall($app)->requireRightOnSbas($request->attributes->get('databox_id'), 'bas_manage');
+        $this->getFirewall($app)->requireRightOnSbas($request->attributes->get('databox_id'), \ACL::BAS_MANAGE);
     }
 
     public function requireChangeSbasStructureRight(Request $request, Application $app)
     {
-        $this->getFirewall($app)->requireRightOnSbas($request->attributes->get('databox_id'), 'bas_modify_struct');
+        $this->getFirewall($app)->requireRightOnSbas($request->attributes->get('databox_id'), \ACL::BAS_MODIFY_STRUCT);
     }
 }

lib/Alchemy/Phrasea/ControllerProvider/Admin/Feeds.php

@@ -41,7 +41,7 @@ class Feeds implements ControllerProviderInterface, ServiceProviderInterface
         $controllers->before(function () use ($firewall) {
             $firewall
                 ->requireAccessToModule('admin')
-                ->requireRight('bas_chupub');
+                ->requireRight(\ACL::BAS_CHUPUB);
         });
 
         $controllers->get('/list/', 'controller.admin.feeds:listFeedsAction')

lib/Alchemy/Phrasea/ControllerProvider/Admin/Fields.php

@@ -51,7 +51,7 @@ class Fields implements ControllerProviderInterface, ServiceProviderInterface
         $controllers->before(function () use ($firewall) {
             $firewall
                 ->requireAccessToModule('admin')
-                ->requireRight('bas_modify_struct');
+                ->requireRight(\ACL::BAS_MODIFY_STRUCT);
         });
 
         $controllers->get('/language.json', 'controller.admin.fields:getLanguage')

lib/Alchemy/Phrasea/ControllerProvider/Admin/Setup.php

@@ -24,7 +24,7 @@ class Setup implements ControllerProviderInterface, ServiceProviderInterface
     public function register(Application $app)
     {
         $app['controller.admin.setup'] = $app->share(function (PhraseaApplication $app) {
-            return new SetupController($app);
+            return new SetupController($app, $app['registry.manipulator'], $app['conf']);
         });
     }
 

lib/Alchemy/Phrasea/ControllerProvider/Admin/Subdefs.php

@@ -41,7 +41,7 @@ class Subdefs implements ControllerProviderInterface, ServiceProviderInterface
 
         $controllers->before(function (Request $request) use ($firewall) {
             $firewall->requireAccessToModule('admin')
-                ->requireRightOnSbas($request->attributes->get('sbas_id'), 'bas_modify_struct');
+                ->requireRightOnSbas($request->attributes->get('sbas_id'), \ACL::BAS_MODIFY_STRUCT);
         });
 
         $controllers->get('/{sbas_id}/', 'controller.admin.subdefs:indexAction')

lib/Alchemy/Phrasea/ControllerProvider/Admin/TaskManager.php

@@ -46,7 +46,7 @@ class TaskManager implements ControllerProviderInterface, ServiceProviderInterfa
         };
 
         $controllers->before(function () use ($firewall) {
-            $firewall->requireRight('taskmanager');
+            $firewall->requireRight(\ACL::TASKMANAGER);
         });
 
         $controllers

lib/Alchemy/Phrasea/ControllerProvider/Admin/Users.php

@@ -43,7 +43,7 @@ class Users implements ControllerProviderInterface, ServiceProviderInterface
 
         $controllers->before(function () use ($firewall) {
             $firewall->requireAccessToModule('admin')
-                ->requireRight('manageusers');
+                ->requireRight(\ACL::CANADMIN);
         });
 
         $controllers->match('/rights/', 'controller.admin.users:editRightsAction')

lib/Alchemy/Phrasea/ControllerProvider/Api/V2.php

@@ -53,12 +53,21 @@ class V2 extends Api implements ControllerProviderInterface, ServiceProviderInte
 
         $app['controller.api.v2.orders'] = $app->share(
             function (PhraseaApplication $app) {
-                return (new ApiOrderController($app))
+                $controller = new ApiOrderController(
+                    $app,
+                    $app['repo.orders'],
+                    $app['repo.order-elements'],
+                    $app['provider.order_basket']
+                );
+
+                $controller
                     ->setDispatcher($app['dispatcher'])
                     ->setEntityManagerLocator(new LazyLocator($app, 'orm.em'))
                     ->setDelivererLocator(new LazyLocator($app, 'phraseanet.file-serve'))
                     ->setFileSystemLocator(new LazyLocator($app, 'filesystem'))
                     ->setJsonBodyHelper($app['json.body_helper']);
+
+                return $controller;
             }
         );
     }

lib/Alchemy/Phrasea/ControllerProvider/Prod/Bridge.php

@@ -40,7 +40,7 @@ class Bridge implements ControllerProviderInterface, ServiceProviderInterface
 
         $firewall = $this->getFirewall($app);
         $controllers->before(function () use ($firewall) {
-            $firewall->requireRight('bas_chupub');
+            $firewall->requireRight(\ACL::BAS_CHUPUB);
         });
 
         $controllers

lib/Alchemy/Phrasea/ControllerProvider/Prod/Edit.php

@@ -47,7 +47,7 @@ class Edit implements ControllerProviderInterface, ServiceProviderInterface
         $controllers->before(function () use ($firewall) {
             $firewall
                 ->requireNotGuest()
-                ->requireRight('modifyrecord');
+                ->requireRight(\ACL::CANMODIFRECORD);
         });
 
         $controllers->post('/', 'controller.prod.edit:submitAction');

lib/Alchemy/Phrasea/ControllerProvider/Prod/Lazaret.php

@@ -53,7 +53,7 @@ class Lazaret implements ControllerProviderInterface, ServiceProviderInterface
         $firewall = $this->getFirewall($app);
 
         $controllers->before(function () use ($firewall) {
-            $firewall->requireRight('addrecord');
+            $firewall->requireRight(\ACL::CANADDRECORD);
         });
 
         $controllers->get('/', 'controller.prod.lazaret:listElement')

lib/Alchemy/Phrasea/ControllerProvider/Prod/MoveCollection.php

@@ -41,8 +41,8 @@ class MoveCollection implements ControllerProviderInterface, ServiceProviderInte
 
         $controllers->before(function () use ($firewall) {
             $firewall
-                ->requireRight('addrecord')
+                ->requireRight(\ACL::CANADDRECORD)
-                ->requireRight('deleterecord');
+                ->requireRight(\ACL::CANDELETERECORD);
         });
 
         $controllers->post('/', 'controller.prod.move-collection:displayForm')

lib/Alchemy/Phrasea/ControllerProvider/Prod/Order.php

@@ -12,8 +12,8 @@
 namespace Alchemy\Phrasea\ControllerProvider\Prod;
 
 use Alchemy\Phrasea\Application as PhraseaApplication;
-use Alchemy\Phrasea\Controller\LazyLocator;
 use Alchemy\Phrasea\ControllerProvider\ControllerProviderTrait;
+use Alchemy\Phrasea\Core\LazyLocator;
 use Alchemy\Phrasea\Order\Controller\ProdOrderController;
 use Alchemy\Phrasea\Order\OrderBasketProvider;
 use Alchemy\Phrasea\Order\OrderValidator;
@@ -39,11 +39,19 @@ class Order implements ControllerProviderInterface, ServiceProviderInterface
         });
 
         $app['controller.prod.order'] = $app->share(function (PhraseaApplication $app) {
-            return (new ProdOrderController($app))
+            $controller = new ProdOrderController(
+                $app,
+                $app['repo.orders'],
+                $app['repo.order-elements'],
+                $app['provider.order_basket']
+            );
+
+            $controller
                 ->setDispatcher($app['dispatcher'])
                 ->setEntityManagerLocator(new LazyLocator($app, 'orm.em'))
-                ->setUserQueryFactory(new LazyLocator($app, 'phraseanet.user-query'))
+                ->setUserQueryFactory(new LazyLocator($app, 'phraseanet.user-query'));
-            ;
+
+            return $controller;
         });
     }
 
@@ -64,7 +72,7 @@ class Order implements ControllerProviderInterface, ServiceProviderInterface
         };
 
         $controllers->before(function () use ($firewall) {
-            $firewall->requireRight('order');
+            $firewall->requireRight(\ACL::CANCMD);
         });
 
         $controllers->get('/', 'controller.prod.order:displayOrders')

lib/Alchemy/Phrasea/ControllerProvider/Prod/Push.php

@@ -46,7 +46,7 @@ class Push implements ControllerProviderInterface, ServiceProviderInterface
         $firewall = $this->getFirewall($app);
 
         $controllers->before(function () use ($firewall) {
-            $firewall->requireRight('push');
+            $firewall->requireRight(\ACL::CANPUSH);
         });
 
         $controllers->post('/sendform/', 'controller.prod.push:postFormAction');

lib/Alchemy/Phrasea/ControllerProvider/Prod/Share.php

@@ -49,7 +49,7 @@ class Share implements ControllerProviderInterface, ServiceProviderInterface
             ->before(function (Request $request) use ($app, $firewall) {
                 $firewall->requireRightOnSbas(
                     \phrasea::sbasFromBas($app, $request->attributes->get('base_id')),
-                    'bas_chupub'
+                    \ACL::BAS_CHUPUB
                 );
             })
             ->bind('share_record');

lib/Alchemy/Phrasea/ControllerProvider/Prod/Tools.php

@@ -46,7 +46,7 @@ class Tools implements ControllerProviderInterface, ServiceProviderInterface
         $firewall = $this->getFirewall($app);
 
         $controllers->before(function () use ($firewall) {
-            $firewall->requireRight('doctools');
+            $firewall->requireRight(\ACL::IMGTOOLS);
         });
 
         $controllers->get('/', 'controller.prod.tools:indexAction');

lib/Alchemy/Phrasea/ControllerProvider/Prod/Upload.php

@@ -55,7 +55,7 @@ class Upload implements ControllerProviderInterface, ServiceProviderInterface
         $firewall = $this->getFirewall($app);
 
         $controllers->before(function () use ($firewall) {
-            $firewall->requireRight('addrecord');
+            $firewall->requireRight(\ACL::CANADDRECORD);
         });
 
         $controllers->get('/', 'controller.prod.upload:getUploadForm')

lib/Alchemy/Phrasea/Core/Configuration/RegistryFormManipulator.php

@@ -0,0 +1,178 @@
+<?php
+
+namespace Alchemy\Phrasea\Core\Configuration;
+
+use Alchemy\Phrasea\Exception\RuntimeException;
+use Alchemy\Phrasea\Form\Configuration\MainConfigurationFormType;
+use Symfony\Component\Form\FormFactoryInterface;
+use Symfony\Component\Form\FormInterface;
+use Symfony\Component\Translation\TranslatorInterface;
+
+class RegistryFormManipulator
+{
+    /**
+     * @var FormFactoryInterface
+     */
+    private $factory;
+
+    /**
+     * @var array
+     */
+    private $languages;
+
+    /**
+     * @var TranslatorInterface
+     */
+    private $translator;
+
+    /**
+     * @param FormFactoryInterface $factory
+     * @param TranslatorInterface $translator
+     * @param array $languages
+     */
+    public function __construct(FormFactoryInterface $factory, TranslatorInterface $translator, array $languages)
+    {
+        $this->factory = $factory;
+        $this->languages = $languages;
+        $this->translator = $translator;
+    }
+
+    /**
+     * Creates a setup form. Set data if a configuration is given.
+     *
+     * @param PropertyAccess $conf
+     *
+     * @return FormInterface
+     */
+    public function createForm(PropertyAccess $conf = null)
+    {
+        $form = $this->factory->create(new MainConfigurationFormType($this->translator, $this->languages));
+        $currentConf = $conf ? ($conf->get('registry') ?: []) : [];
+        $data = array_replace_recursive($this->getDefaultData($currentConf), $currentConf);
+        $form->setData($data);
+
+        return $form;
+    }
+
+    /**
+     * Gets the registry data given a submitted form.
+     * Default configuration is returned if no form provided.
+     *
+     * @param FormInterface $form
+     *
+     * @param PropertyAccess $conf
+     * @return array
+     */
+    public function getRegistryData(FormInterface $form = null, PropertyAccess $conf = null)
+    {
+        $data = [];
+
+        if (null !== $form) {
+            if (!$form->isSubmitted()) {
+                throw new RuntimeException('Form must have been submitted');
+            }
+            $newData = $form->getData();
+            $data = $this->filterNullValues($newData);
+        }
+
+        $currentConf = $conf ? ($conf->get('registry') ?: []) : [];
+
+        return array_replace_recursive($this->getDefaultData($currentConf), $data);
+    }
+
+    private function filterNullValues(array &$array)
+    {
+        return array_filter($array, function (&$value) {
+            if (is_array($value)) {
+                $value = $this->filterNullValues($value);
+            }
+
+            return null !== $value;
+        });
+    }
+
+    private function getDefaultData(array $config)
+    {
+        return [
+            'general' => [
+                'title' => 'Phraseanet',
+                'keywords' => null,
+                'description' => null,
+                'analytics' => null,
+                'allow-indexation' => true,
+                'home-presentation-mode' => 'GALLERIA',
+                'default-subdef-url-ttl' => 7200,
+            ],
+            'modules' => [
+                'thesaurus' => true,
+                'stories' => true,
+                'doc-substitution' => true,
+                'thumb-substitution' => true,
+                'anonymous-report' => false,
+            ],
+            'actions' => [
+                'download-max-size' => 120,
+                'validation-reminder-days' => 2,
+                'validation-expiration-days' => 10,
+                'auth-required-for-export' => true,
+                'tou-validation-required-for-export' => false,
+                'export-title-choice' => false,
+                'default-export-title' => 'title',
+                'social-tools' => 'none',
+                'enable-push-authentication' => false,
+                'force-push-authentication' => false,
+                'enable-feed-notification' => true,
+            ],
+            'ftp' => [
+                'ftp-enabled' => false,
+                'ftp-user-access' => false,
+            ],
+            'registration' => [
+                'auto-select-collections' => true,
+                'auto-register-enabled' => false,
+            ],
+            'maintenance' => [
+                'message' => 'The application is down for maintenance',
+                'enabled' => false,
+            ],
+            'api-clients' => [
+                'api-enabled' => true,
+                'navigator-enabled' => true,
+                'office-enabled' => true,
+            ],
+            'webservices' => [
+                'google-charts-enabled' => true,
+                'geonames-server' => 'http://geonames.alchemyasp.com/',
+                'captchas-enabled' => false,
+                'recaptcha-public-key' => '',
+                'recaptcha-private-key' => '',
+            ],
+            'executables' => [
+                'h264-streaming-enabled' => false,
+                'auth-token-directory' => null,
+                'auth-token-directory-path' => null,
+                'auth-token-passphrase' => null,
+                'php-conf-path' => null,
+                'imagine-driver' => '',
+                'ffmpeg-threads' => 2,
+                'pdf-max-pages' => 5,
+            ],
+            'searchengine' => [
+                'min-letters-truncation' => 1,
+                'default-query' => '',
+                'default-query-type' => 0,
+            ],
+            'email' => [
+                'emitter-email' => 'phraseanet@example.com',
+                'prefix' => null,
+                'smtp-enabled' => false,
+                'smtp-auth-enabled' => false,
+                'smtp-host' => null,
+                'smtp-port' => null,
+                'smtp-secure-mode' => 'tls',
+                'smtp-user' => null,
+                'smtp-password' => isset($config['email']['smtp-password']) ? $config['email']['smtp-password'] : null,
+            ],
+        ];
+    }
+}

lib/Alchemy/Phrasea/Core/Configuration/RegistryManipulator.php

@@ -17,170 +17,12 @@ use Symfony\Component\Form\FormFactoryInterface;
 use Symfony\Component\Form\FormInterface;
 use Symfony\Component\Translation\TranslatorInterface;
 
-class RegistryManipulator
+/**
+ * Class RegistryManipulator
+ * @package Alchemy\Phrasea\Core\Configuration
+ * @deprecated Use RegistryFormManipulator instead
+ */
+class RegistryManipulator extends RegistryFormManipulator
 {
-    /**
-     * @var FormFactoryInterface
-     */
-    private $factory;
 
-    /**
-     * @var array
-     */
-    private $languages;
-
-    /**
-     * @var TranslatorInterface
-     */
-    private $translator;
-
-    /**
-     * @param FormFactoryInterface $factory
-     * @param TranslatorInterface $translator
-     * @param array $languages
-     */
-    public function __construct(FormFactoryInterface $factory, TranslatorInterface $translator, array $languages)
-    {
-        $this->factory = $factory;
-        $this->languages = $languages;
-        $this->translator = $translator;
-    }
-
-    /**
-     * Creates a setup form. Set data if a configuration is given.
-     *
-     * @param PropertyAccess $conf
-     *
-     * @return FormInterface
-     */
-    public function createForm(PropertyAccess $conf = null)
-    {
-        $form = $this->factory->create(new MainConfigurationFormType($this->translator, $this->languages));
-        $currentConf = $conf ? ($conf->get('registry') ?: []) : [];
-        $data = array_replace_recursive($this->getDefaultData(), $currentConf);
-        $form->setData($data);
-
-        return $form;
-    }
-
-    /**
-     * Gets the registry data given a submitted form.
-     * Default configuration is returned if no form provided.
-     *
-     * @param FormInterface $form
-     *
-     * @return array
-     *
-     * @throws RuntimeException
-     */
-    public function getRegistryData(FormInterface $form = null)
-    {
-        $data = [];
-
-        if (null !== $form) {
-            if (!$form->isSubmitted()) {
-                throw new RuntimeException('Form must have been submitted');
-            }
-            $newData = $form->getData();
-            $data = $this->filterNullValues($newData);
-        }
-
-        return array_replace_recursive($this->getDefaultData(), $data);
-    }
-
-    private function filterNullValues(array &$array)
-    {
-        return array_filter($array, function (&$value) {
-            if (is_array($value)) {
-                $value = $this->filterNullValues($value);
-            }
-
-            return null !== $value;
-        });
-    }
-
-    private function getDefaultData()
-    {
-        return [
-            'general' => [
-                'title' => 'Phraseanet',
-                'keywords' => null,
-                'description' => null,
-                'analytics' => null,
-                'allow-indexation' => true,
-                'home-presentation-mode' => 'GALLERIA',
-                'default-subdef-url-ttl' => 7200,
-            ],
-            'modules' => [
-                'thesaurus' => true,
-                'stories' => true,
-                'doc-substitution' => true,
-                'thumb-substitution' => true,
-                'anonymous-report' => false,
-            ],
-            'actions' => [
-                'download-max-size' => 120,
-                'validation-reminder-days' => 2,
-                'validation-expiration-days' => 10,
-                'auth-required-for-export' => true,
-                'tou-validation-required-for-export' => false,
-                'export-title-choice' => false,
-                'default-export-title' => 'title',
-                'social-tools' => 'none',
-                'enable-push-authentication' => false,
-                'force-push-authentication' => false,
-                'enable-feed-notification' => true,
-            ],
-            'ftp' => [
-                'ftp-enabled' => false,
-                'ftp-user-access' => false,
-            ],
-            'registration' => [
-                'auto-select-collections' => true,
-                'auto-register-enabled' => false,
-            ],
-            'maintenance' => [
-                'message' => 'The application is down for maintenance',
-                'enabled' => false,
-            ],
-            'api-clients' => [
-                'api-enabled' => true,
-                'navigator-enabled' => true,
-                'office-enabled' => true,
-            ],
-            'webservices' => [
-                'google-charts-enabled' => true,
-                'geonames-server' => 'http://geonames.alchemyasp.com/',
-                'captchas-enabled' => false,
-                'recaptcha-public-key' => '',
-                'recaptcha-private-key' => '',
-            ],
-            'executables' => [
-                'h264-streaming-enabled' => false,
-                'auth-token-directory' => null,
-                'auth-token-directory-path' => null,
-                'auth-token-passphrase' => null,
-                'php-conf-path' => null,
-                'imagine-driver' => '',
-                'ffmpeg-threads' => 2,
-                'pdf-max-pages' => 5,
-            ],
-            'searchengine' => [
-                'min-letters-truncation' => 1,
-                'default-query' => '',
-                'default-query-type' => 0,
-            ],
-            'email' => [
-                'emitter-email' => 'phraseanet@example.com',
-                'prefix' => null,
-                'smtp-enabled' => false,
-                'smtp-auth-enabled' => false,
-                'smtp-host' => null,
-                'smtp-port' => null,
-                'smtp-secure-mode' => 'tls',
-                'smtp-user' => null,
-                'smtp-password' => null,
-            ],
-        ];
-    }
 }

lib/Alchemy/Phrasea/Core/Event/Subscriber/LazaretSubscriber.php

@@ -38,7 +38,7 @@ class LazaretSubscriber extends AbstractNotificationSubscriber
             $query = $this->app['phraseanet.user-query'];
             $users = $query
                 ->on_base_ids([$lazaretFile->getBaseId()])
-                ->who_have_right(['canaddrecord'])
+                ->who_have_right([\ACL::CANADDRECORD])
                 ->execute()
                 ->get_results();
 

lib/Alchemy/Phrasea/Core/Event/Subscriber/OrderSubscriber.php

@@ -48,7 +48,7 @@ class OrderSubscriber extends AbstractNotificationSubscriber
         $query = $this->app['phraseanet.user-query'];
         /** @var User[] $users */
         $users = $query->on_base_ids($base_ids)
-            ->who_have_right(['order_master'])
+            ->who_have_right([\ACL::ORDER_MASTER])
             ->execute()->get_results();
 
         if (count($users) == 0) {

lib/Alchemy/Phrasea/Filesystem/FilesystemService.php

@@ -115,6 +115,7 @@ class FilesystemService
      * @param \databox $databox
      * @param string $source
      * @param string $filename
+     * @return string
      */
     public function writeMediaSourceFile(\databox $databox, $source, $filename)
     {
@@ -122,6 +123,8 @@ class FilesystemService
 
         $this->filesystem->copy($source, $realPath, true);
         $this->filesystem->chmod($realPath, 0760);
+
+        return $realPath;
     }
 
     /**

lib/Alchemy/Phrasea/Helper/Prod.php

@@ -93,7 +93,7 @@ class Prod extends Helper
             if (!$bases[$sbasId]['thesaurus']) {
                 continue;
             }
-            if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($sbasId, 'bas_modif_th')) {
+            if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_sbas($sbasId, \ACL::BAS_MODIF_TH)) {
                 continue;
             }
 

lib/Alchemy/Phrasea/Helper/User/Edit.php

@@ -71,7 +71,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
 
     protected function delete_user(User $user)
     {
-        $list = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
+        $list = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([\ACL::CANADMIN]));
 
         $this->app->getAclForUser($user)->revoke_access_from_bases($list);
 
@@ -84,55 +84,54 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
 
     public function get_users_rights()
     {
-        $list = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
+        $list = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([\ACL::CANADMIN]));
 
-        $sql = "SELECT
+        $sql = "SELECT b.sbas_id, b.base_id,\n"
-            b.sbas_id,
-            b.base_id,
-            sum(actif) as actif,
-            sum(canputinalbum) as canputinalbum,
-            sum(candwnldpreview) as candwnldpreview,
-            sum(candwnldhd) as candwnldhd,
-            sum(cancmd) as cancmd,
-            sum(nowatermark) as nowatermark,
 
-            sum(canaddrecord) as canaddrecord,
+            . " SUM(actif) AS actif,\n"
-            sum(canmodifrecord) as canmodifrecord,
+            . " SUM(canputinalbum) AS canputinalbum,\n"
-            sum(chgstatus) as chgstatus,
+            . " SUM(candwnldpreview) AS candwnldpreview,\n"
-            sum(candeleterecord) as candeleterecord,
+            . " SUM(candwnldhd) AS candwnldhd,\n"
-            sum(imgtools) as imgtools,
+            . " SUM(cancmd) AS cancmd,\n"
+            . " SUM(nowatermark) AS nowatermark,\n"
 
-            sum(canadmin) as canadmin,
+            . " SUM(canaddrecord) AS canaddrecord,\n"
-            sum(canreport) as canreport,
+            . " SUM(canmodifrecord) AS canmodifrecord,\n"
-            sum(canpush) as canpush,
+            . " SUM(chgstatus) AS chgstatus,\n"
-            sum(manage) as manage,
+            . " SUM(candeleterecord) AS candeleterecord,\n"
-            sum(modify_struct) as modify_struct,
+            . " SUM(imgtools) AS imgtools,\n"
 
-            sum(sbu.bas_modif_th) as bas_modif_th,
+            . " SUM(canadmin) AS canadmin,\n"
-            sum(sbu.bas_manage) as bas_manage,
+            . " SUM(canreport) AS canreport,\n"
-            sum(sbu.bas_modify_struct) as bas_modify_struct,
+            . " SUM(canpush) AS canpush,\n"
-            sum(sbu.bas_chupub) as bas_chupub,
+            . " SUM(manage) AS manage,\n"
+            . " SUM(modify_struct) AS modify_struct,\n"
 
-            sum(time_limited) as time_limited,
+            . " SUM(sbu.bas_modif_th) AS bas_modif_th,\n"
-            DATE_FORMAT(limited_from,'%Y%m%d') as limited_from,
+            . " SUM(sbu.bas_manage) AS bas_manage,\n"
-            DATE_FORMAT(limited_to,'%Y%m%d') as limited_to,
+            . " SUM(sbu.bas_modify_struct) AS bas_modify_struct,\n"
+            . " SUM(sbu.bas_chupub) AS bas_chupub,\n"
 
-            sum(restrict_dwnld) as restrict_dwnld,
+            . " SUM(time_limited) AS time_limited,\n"
-            sum(remain_dwnld) as remain_dwnld,
+            . " SUM(restrict_dwnld) AS restrict_dwnld,\n"
-            sum(month_dwnld_max) as month_dwnld_max,
 
-            sum(mask_and + mask_xor) as masks
+            // --- todo : wtf doing sum on non booleans ?
+            . " SUM(remain_dwnld) AS remain_dwnld,\n"
+            . " SUM(month_dwnld_max) AS month_dwnld_max,\n"
+            . " SUM(mask_and + mask_xor) AS masks,\n"
+            // ---
 
-            FROM (Users u, bas b, sbas s)
+            // -- todo : wtf no aggregate fct ?
-              LEFT JOIN (basusr bu)
+            . " DATE_FORMAT(limited_from,'%Y%m%d') AS limited_from,\n"
-                ON (bu.base_id = b.base_id AND u.id = bu.usr_id)
+            . " DATE_FORMAT(limited_to,'%Y%m%d') AS limited_to\n"
-              LEFT join  sbasusr sbu
+            // ---
-                ON (sbu.sbas_id = b.sbas_id AND u.id = sbu.usr_id)
+
-            WHERE ( (u.id IN (:users) )
+            . " FROM (Users u, bas b, sbas s)\n"
-                    AND b.sbas_id = s.sbas_id
+            . " LEFT JOIN (basusr bu) ON (bu.base_id = b.base_id AND u.id = bu.usr_id)\n"
-                    AND (b.base_id IN (:bases)))
+            . " LEFT join  sbasusr sbu ON (sbu.sbas_id = b.sbas_id AND u.id = sbu.usr_id)\n"
-            GROUP BY b.base_id
+            . " WHERE ( (u.id IN (:users) ) AND b.sbas_id = s.sbas_id AND (b.base_id IN (:bases)))\n"
-            ORDER BY s.ord, s.sbas_id, b.ord, b.base_id ";
+            . " GROUP BY b.base_id\n"
+            . " ORDER BY s.ord, s.sbas_id, b.ord, b.base_id ";
 
         $rs = $this->app->getApplicationBox()->get_connection()->fetchAll(
             $sql,
@@ -146,10 +145,10 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
             ]
         );
 
-        $sql = 'SELECT base_id, sum(1) as access FROM basusr
+        $sql = "SELECT base_id, SUM(1) AS access FROM basusr\n"
-            WHERE (usr_id IN (:users))
+            . " WHERE (usr_id IN (:users)) AND (base_id IN (:bases))\n"
-              AND  (base_id IN (:bases))
+            . " GROUP BY base_id";
-            GROUP BY base_id';
+
         $access = $this->app->getApplicationBox()->get_connection()->fetchAll(
             $sql,
             [
@@ -164,12 +163,13 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
 
         $base_ids = [];
         foreach ($access as $acc) {
-            $base_ids[$acc['base_id']] = $acc;
+            $base_ids[$acc['base_id']] = $acc['access'];
         }
         unset($access);
 
+        // add a 'access' column
         foreach ($rs as $k => $row) {
-            $rs[$k]['access'] = array_key_exists($row['base_id'], $base_ids) ? $base_ids[$row['base_id']]['access'] : '0';
+            $rs[$k]['access'] = array_key_exists($row['base_id'], $base_ids) ? $base_ids[$row['base_id']] : '0';
             foreach ($row as $dk => $data) {
                 if (is_null($data))
                     $rs[$k][$dk] = '0';
@@ -477,41 +477,45 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
     public function apply_rights()
     {
         $ACL = $this->app->getAclForUser($this->app->getAuthenticatedUser());
-        $base_ids = array_keys($ACL->get_granted_base(['canadmin']));
+        $base_ids = array_keys($ACL->get_granted_base([\ACL::CANADMIN]));
 
         $update = $create = $delete = $create_sbas = $update_sbas = [];
 
         foreach ($base_ids as $base_id) {
             $rights = [
-                'access',
+                \ACL::ACCESS,
-                'actif',
+                \ACL::ACTIF,
-                'canputinalbum',
+                \ACL::CANPUTINALBUM,
-                'nowatermark',
+                \ACL::NOWATERMARK,
-                'candwnldpreview',
+                \ACL::CANDWNLDPREVIEW,
-                'candwnldhd',
+                \ACL::CANDWNLDHD,
-                'cancmd',
+                \ACL::CANCMD,
-                'canaddrecord',
+                \ACL::CANADDRECORD,
-                'canmodifrecord',
+                \ACL::CANMODIFRECORD,
-                'chgstatus',
+                \ACL::CHGSTATUS,
-                'candeleterecord',
+                \ACL::CANDELETERECORD,
-                'imgtools',
+                \ACL::IMGTOOLS,
-                'canadmin',
+                \ACL::CANADMIN,
-                'canreport',
+                \ACL::CANREPORT,
-                'canpush',
+                \ACL::CANPUSH,
-                'manage',
+                \ACL::COLL_MANAGE,
-                'modify_struct'
+                \ACL::COLL_MODIFY_STRUCT
             ];
             foreach ($rights as $k => $right) {
-                if (($right == 'access' && !$ACL->has_access_to_base($base_id))
+                if (($right == \ACL::ACCESS && !$ACL->has_access_to_base($base_id))
-                    || ($right != 'access' && !$ACL->has_right_on_base($base_id, $right))) {
+                    || ($right != \ACL::ACCESS && !$ACL->has_right_on_base($base_id, $right))) {
                     unset($rights[$k]);
                     continue;
                 }
                 $rights[$k] = $right . '_' . $base_id;
             }
+
+            // todo : wtf check if parm contains good types (a checkbox should be a bool, not a "0" or "1"
+            //        as required by ACL::update_rights_to_bas(...)
             $parm = $this->unserializedRequestData($this->app['request'], $rights, 'values');
 
             foreach ($parm as $p => $v) {
+                // p is like {bid}_{right} => right-value
                 if (trim($v) == '')
                     continue;
 
@@ -520,14 +524,18 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
 
                 $p = implode('_', $serial);
 
-                if ($p == 'access') {
+                if ($p == \ACL::ACCESS) {
                     if ($v === '1') {
                         $create_sbas[\phrasea::sbasFromBas($this->app, $base_id)] = \phrasea::sbasFromBas($this->app, $base_id);
                         $create[] = $base_id;
-                    } else
+                    }
+                    else {
                         $delete[] = $base_id;
-                } else {
+                    }
+                }
+                else {
                     $create_sbas[\phrasea::sbasFromBas($this->app, $base_id)] = \phrasea::sbasFromBas($this->app, $base_id);
+                    // todo : wtf $update is arg. for ACL::update_rights_to_base(...) but $v is always a string. how to convert to bool ?
                     $update[$base_id][$p] = $v;
                 }
             }
@@ -537,10 +545,10 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
 
         foreach ($sbas_ids as $databox) {
             $rights = [
-                'bas_modif_th',
+                \ACL::BAS_MODIF_TH,
-                'bas_manage',
+                \ACL::BAS_MANAGE,
-                'bas_modify_struct',
+                \ACL::BAS_MODIFY_STRUCT,
-                'bas_chupub'
+                \ACL::BAS_CHUPUB
             ];
             foreach ($rights as $k => $right) {
                 if (!$ACL->has_right_on_sbas($databox->get_sbas_id(), $right)) {
@@ -550,6 +558,8 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
                 $rights[$k] = $right . '_' . $databox->get_sbas_id();
             }
 
+            // todo : wtf check if parm contains good types (a checkbox should be a bool, not a "0" or "1"
+            //        as required by ACL::update_rights_to_sbas(...)
             $parm = $this->unserializedRequestData($this->app['request'], $rights, 'values');
 
             foreach ($parm as $p => $v) {
@@ -569,6 +579,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
             try {
                 $this->app->getApplicationBox()->get_connection()->beginTransaction();
 
+                /** @var User $user */
                 $user = $this->app['repo.users']->find($usr_id);
 
                 $this->app->getAclForUser($user)->revoke_access_from_bases($delete)
@@ -576,11 +587,18 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
                     ->give_access_to_sbas($create_sbas);
 
                 foreach ($update as $base_id => $rights) {
-                    $this->app->getAclForUser($user)->update_rights_to_base($base_id, $rights);
+                    $this->app->getAclForUser($user)
+                        ->update_rights_to_base(
+                            $base_id,
+                            $rights
+                        );
                 }
 
                 foreach ($update_sbas as $sbas_id => $rights) {
-                    $this->app->getAclForUser($user)->update_rights_to_sbas($sbas_id, $rights);
+                    $this->app->getAclForUser($user)->update_rights_to_sbas(
+                        $sbas_id,
+                        $rights
+                    );
                 }
 
                 $this->app->getApplicationBox()->get_connection()->commit();
@@ -611,18 +629,18 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
         }
 
         $infos = [
-            'gender'
+            'gender',
-            , 'first_name'
+            'first_name',
-            , 'last_name'
+            'last_name',
-            , 'email'
+            'email',
-            , 'address'
+            'address',
-            , 'zip'
+            'zip',
-            , 'geonameid'
+            'geonameid',
-            , 'function'
+            'function',
-            , 'company'
+            'company',
-            , 'activite'
+            'activite',
-            , 'telephone'
+            'telephone',
-            , 'fax'
+            'fax'
         ];
 
         $parm = $this->unserializedRequestData($this->request, $infos, 'user_infos');
@@ -688,7 +706,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
             throw new AccessDeniedHttpException('You are not the owner of the template');
         }
 
-        $base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
+        $base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([\ACL::CANADMIN]));
 
         foreach ($this->users as $usr_id) {
             $user = $this->app['repo.users']->find($usr_id);
@@ -744,7 +762,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
 
         $activate = !!$this->request->get('limit');
 
-        $base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
+        $base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([\ACL::CANADMIN]));
 
         foreach ($this->users as $usr_id) {
             $user = $this->app['repo.users']->find($usr_id);
@@ -763,7 +781,7 @@ class Edit extends \Alchemy\Phrasea\Helper\Helper
 
     public function resetRights()
     {
-        $base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['canadmin']));
+        $base_ids = array_keys($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([\ACL::CANADMIN]));
 
         foreach ($this->users as $usr_id) {
             $user = $this->app['repo.users']->find($usr_id);

lib/Alchemy/Phrasea/Helper/User/Manage.php

@@ -71,7 +71,7 @@ class Manage extends Helper
             ->last_model_is($this->query_parms['last_model'])
             ->get_inactives($this->query_parms['inactives'])
             ->include_templates(false)
-            ->on_bases_where_i_am($this->app->getAclForUser($this->app->getAuthenticatedUser()), ['canadmin'])
+            ->on_bases_where_i_am($this->app->getAclForUser($this->app->getAuthenticatedUser()), [\ACL::CANADMIN])
             ->execute();
 
         return $results->get_results();
@@ -109,7 +109,7 @@ class Manage extends Helper
             ->last_model_is($this->query_parms['last_model'])
             ->get_inactives($this->query_parms['inactives'])
             ->include_templates(true)
-            ->on_bases_where_i_am($this->app->getAclForUser($this->app->getAuthenticatedUser()), ['canadmin'])
+            ->on_bases_where_i_am($this->app->getAclForUser($this->app->getAuthenticatedUser()), [\ACL::CANADMIN])
             ->limit($offset_start, $results_quantity)
             ->execute();
 

lib/Alchemy/Phrasea/Media/MediaTypeFactory.php

@@ -30,6 +30,8 @@ class MediaTypeFactory
                 return new Type\Document();
             case Type\Type::TYPE_FLASH:
                 return new Type\Flash();
+            case Type\Type::TYPE_UNKNOWN:
+                return new Type\Unknown();
         }
 
         throw new \RuntimeException('Could not create requested media type');

lib/Alchemy/Phrasea/Media/Subdef/Subdef.php

@@ -20,6 +20,7 @@ interface Subdef
     const TYPE_VIDEO = 'video';
     const TYPE_AUDIO = 'audio';
     const TYPE_FLEXPAPER = 'flexpaper';
+    const TYPE_UNKNOWN = 'unknown';
 
     /**
      * One of Subdef Type const

lib/Alchemy/Phrasea/Media/Subdef/Unknown.php

@@ -0,0 +1,69 @@
+<?php
+
+/*
+ * This file is part of Phraseanet
+ *
+ * (c) 2005-2016 Alchemy
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Alchemy\Phrasea\Media\Subdef;
+
+use MediaAlchemyst\Specification\Image as ImageSpecification;
+use Symfony\Component\Translation\TranslatorInterface;
+
+class Unknown extends Provider
+{
+    const OPTION_SIZE = 'size';
+    const OPTION_RESOLUTION = 'resolution';
+    const OPTION_STRIP = 'strip';
+    const OPTION_QUALITY = 'quality';
+    const OPTION_FLATTEN = 'flatten';
+    const OPTION_ICODEC = 'icodec';
+
+    protected $options = [];
+
+    public function __construct(TranslatorInterface $translator)
+    {
+        $this->translator = $translator;
+
+        $this->registerOption(new OptionType\Range($this->translator->trans('Dimension'), self::OPTION_SIZE, 20, 3000, 800));
+        $this->registerOption(new OptionType\Range($this->translator->trans('Resolution'), self::OPTION_RESOLUTION, 50, 300, 72));
+        $this->registerOption(new OptionType\Boolean($this->translator->trans('Remove ICC Profile'), self::OPTION_STRIP, false));
+        $this->registerOption(new OptionType\Boolean($this->translator->trans('Flatten layers'), self::OPTION_FLATTEN, false));
+        $this->registerOption(new OptionType\Range($this->translator->trans('Quality'), self::OPTION_QUALITY, 0, 100, 75));
+        $this->registerOption(new OptionType\Enum('Image Codec', self::OPTION_ICODEC, array('jpeg', 'png', 'tiff'), 'jpeg'));
+    }
+
+    public function getType()
+    {
+        return self::TYPE_IMAGE;
+    }
+
+    public function getDescription()
+    {
+        return $this->translator->trans('Generates an image');
+    }
+
+    public function getMediaAlchemystSpec()
+    {
+        if (! $this->spec) {
+            $this->spec = new ImageSpecification();
+        }
+
+        $size = $this->getOption(self::OPTION_SIZE)->getValue();
+        $resolution = $this->getOption(self::OPTION_RESOLUTION)->getValue();
+
+        $this->spec->setImageCodec($this->getOption(self::OPTION_ICODEC)->getValue());
+        $this->spec->setResizeMode(ImageSpecification::RESIZE_MODE_INBOUND_FIXEDRATIO);
+        $this->spec->setDimensions($size, $size);
+        $this->spec->setQuality($this->getOption(self::OPTION_QUALITY)->getValue());
+        $this->spec->setStrip($this->getOption(self::OPTION_STRIP)->getValue());
+        $this->spec->setFlatten($this->getOption(self::OPTION_FLATTEN)->getValue());
+        $this->spec->setResolution($resolution, $resolution);
+
+        return $this->spec;
+    }
+}

lib/Alchemy/Phrasea/Media/SubdefSubstituer.php

@@ -67,9 +67,9 @@ class SubdefSubstituer
         $source = $file->getRealPath();
         $target = $this->fs->generateDocumentFilename($record, $file);
 
-        $this->fs->writeMediaSourceFile($record->getDatabox(), $source, $target);
+        $target  = $this->fs->writeMediaSourceFile($record->getDatabox(), $source, $target);
 
-        $media = $this->mediavorus->guess($source);
+        $media = $this->mediavorus->guess($target);
 
         $this->createMediaSubdef($record, 'document', $media);
 

lib/Alchemy/Phrasea/Media/Type/Type.php

@@ -18,6 +18,7 @@ interface Type
     const TYPE_DOCUMENT = 'document';
     const TYPE_FLASH = 'flash';
     const TYPE_IMAGE = 'image';
+    const TYPE_UNKNOWN = 'unknown';
 
     public function getType();
 }

lib/Alchemy/Phrasea/Media/Type/Unknown.php

@@ -0,0 +1,21 @@
+<?php
+
+/*
+ * This file is part of Phraseanet
+ *
+ * (c) 2005-2016 Alchemy
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Alchemy\Phrasea\Media\Type;
+
+class Unknown implements Type
+{
+
+    public function getType()
+    {
+        return self::TYPE_UNKNOWN;
+    }
+}

lib/Alchemy/Phrasea/Model/Entities/ElasticsearchRecord.php

@@ -38,6 +38,9 @@ class ElasticsearchRecord implements RecordInterface, MutableRecordInterface
     private $updated;
     private $created;
     private $sha256;
+    private $width;
+    private $height;
+    private $size;
     private $uuid;
     private $position;
     private $type;
@@ -232,6 +235,42 @@ class ElasticsearchRecord implements RecordInterface, MutableRecordInterface
         $this->sha256 = $sha256;
     }
 
+    /** {@inheritdoc} */
+    public function getWidth()
+    {
+        return $this->width;
+    }
+
+    /** {@inheritdoc} */
+    public function setWidth($width)
+    {
+        $this->width = $width;
+    }
+
+    /** {@inheritdoc} */
+    public function getHeight()
+    {
+        return $this->height;
+    }
+
+    /** {@inheritdoc} */
+    public function setHeight($height)
+    {
+        $this->height = $height;
+    }
+
+    /** {@inheritdoc} */
+    public function getSize()
+    {
+        return $this->size;
+    }
+
+    /** {@inheritdoc} */
+    public function setSize($size)
+    {
+        $this->size = $size;
+    }
+
     /**
      * @param string|null $locale
      *

lib/Alchemy/Phrasea/Model/Manipulator/ACLManipulator.php

@@ -71,12 +71,15 @@ class ACLManipulator implements ManipulatorInterface
     {
         $collections = $databox->get_collections();
 
-        $acl->update_rights_to_sbas($databox->get_sbas_id(), [
+        $acl->update_rights_to_sbas(
-            'bas_manage'        => '1',
+            $databox->get_sbas_id(),
-            'bas_modify_struct' => '1',
+            [
-            'bas_modif_th'      => '1',
+                \ACL::BAS_MANAGE        => true,
-            'bas_chupub'        => '1'
+                \ACL::BAS_MODIFY_STRUCT => true,
-        ]);
+                \ACL::BAS_MODIF_TH      => true,
+                \ACL::BAS_CHUPUB        => true
+            ]
+        );
 
         $acl->give_access_to_base(array_map(function (\collection $collection) {
             return $collection->get_base_id();
@@ -100,26 +103,28 @@ class ACLManipulator implements ManipulatorInterface
         $acl->set_limits($baseId, false);
         $acl->remove_quotas_on_base($baseId);
         $acl->set_masks_on_base($baseId, '0', '0', '0', '0');
-        $acl->update_rights_to_base($baseId, [
+        $acl->update_rights_to_base(
-            'canputinalbum'     => '1',
+            $baseId,
-            'candwnldhd'        => '1',
+            [
-            'candwnldsubdef'    => '1',
+                'creationdate'      => '1',         // todo : wtf
-            'nowatermark'       => '1',
+                \ACL::CANPUTINALBUM      => true,
-            'candwnldpreview'   => '1',
+                \ACL::CANDWNLDHD         => true,
-            'cancmd'            => '1',
+                \ACL::NOWATERMARK        => true,
-            'canadmin'          => '1',
+                \ACL::CANDWNLDPREVIEW    => true,
-            'canreport'         => '1',
+                \ACL::CANCMD             => true,
-            'canpush'           => '1',
+                \ACL::CANADMIN           => true,
-            'creationdate'      => '1',
+                \ACL::CANREPORT          => true,
-            'canaddrecord'      => '1',
+                \ACL::CANPUSH            => true,
-            'canmodifrecord'    => '1',
+                \ACL::CANADDRECORD       => true,
-            'candeleterecord'   => '1',
+                \ACL::CANMODIFRECORD     => true,
-            'chgstatus'         => '1',
+                \ACL::CANDELETERECORD    => true,
-            'imgtools'          => '1',
+                \ACL::CHGSTATUS          => true,
-            'manage'            => '1',
+                \ACL::IMGTOOLS           => true,
-            'modify_struct'     => '1',
+                \ACL::COLL_MANAGE        => true,
-            'bas_modify_struct' => '1'
+                \ACL::COLL_MODIFY_STRUCT => true,
-        ]);
+                \ACL::BAS_MODIFY_STRUCT  => true
+            ]
+        );
     }
 
     /**

lib/Alchemy/Phrasea/Model/Manipulator/RegistrationManipulator.php

@@ -81,13 +81,16 @@ class RegistrationManipulator implements ManipulatorInterface
 
         $this->aclProvider->get($user)->give_access_to_sbas([$collection->get_sbas_id()]);
         $this->aclProvider->get($user)->give_access_to_base([$collection->get_base_id()]);
-        $this->aclProvider->get($user)->update_rights_to_base($collection->get_base_id(), [
+        $this->aclProvider->get($user)->update_rights_to_base(
-            'canputinalbum'   => '1',
+            $collection->get_base_id(),
-            'candwnldhd'      => (string) (int) $grantHd,
+            [
-            'nowatermark'     => (string) (int) $grantWatermark,
+                \ACL::CANPUTINALBUM   => true,
-            'candwnldpreview' => '1',
+                \ACL::CANDWNLDHD      => (bool)$grantHd,
-            'actif'           => '1',
+                \ACL::NOWATERMARK     => (bool)$grantWatermark,
-        ]);
+                \ACL::CANDWNLDPREVIEW => true,
+                \ACL::ACTIF           => true
+            ]
+        );
         $this->em->remove($registration);
         $this->em->flush();
     }

lib/Alchemy/Phrasea/Model/NativeQueryProvider.php

@@ -32,16 +32,13 @@ class NativeQueryProvider
 
         $selectClause = $rsm->generateSelectClause();
 
-        return $this->em->createNativeQuery("
+        return $this->em->createNativeQuery(
-            SELECT d.date_modif AS date_demand, d.base_id AS base_demand, " . $selectClause . "
+            "SELECT d.date_modif AS date_demand, d.base_id AS base_demand, " . $selectClause . "\n"
-            FROM (demand d INNER JOIN Users u ON d.usr_id=u.id
+            . " FROM (demand d INNER JOIN Users u ON d.usr_id=u.id AND d.en_cours=1 AND u.deleted=0)\n"
-            AND d.en_cours=1
+            . " WHERE (base_id='" . implode("' OR base_id='", $basList) . "')\n"
-            AND u.deleted=0
+            . " ORDER BY d.usr_id DESC, d.base_id ASC",
-            )
+            $rsm
-            WHERE (base_id='" . implode("' OR base_id='", $basList) . "')
+        )->getResult();
-            ORDER BY d.usr_id DESC, d.base_id ASC
-            ", $rsm)
-        ->getResult();
     }
 
     public function getModelForUser(User $user, array $basList)
@@ -51,14 +48,14 @@ class NativeQueryProvider
 
         $selectClause = $rsm->generateSelectClause();
 
-        $query = $this->em->createNativeQuery("
+        $query = $this->em->createNativeQuery(
-                SELECT " . $selectClause . "
+            "SELECT " . $selectClause . " FROM Users u INNER JOIN basusr b ON (b.usr_id=u.id)\n"
-                FROM Users u
+            . " WHERE u.model_of = :user_id\n"
-                    INNER JOIN basusr b ON (b.usr_id=u.id)
+            . "  AND b.base_id IN (" . implode(', ', $basList) . ")\n"
-                WHERE u.model_of = :user_id
+            . "  AND u.deleted='0'\n"
-                  AND b.base_id IN (" . implode(', ', $basList) . ")
+            . " GROUP BY u.id",
-                  AND u.deleted='0'
+            $rsm
-                GROUP BY u.id", $rsm);
+        );
 
         $query->setParameter(':user_id', $user->getId());
 
@@ -72,14 +69,15 @@ class NativeQueryProvider
         $rsm->addScalarResult('base_id', 'base_id');
         $selectClause = $rsm->generateSelectClause();
 
-        $query = $this->em->createNativeQuery('
+        $query = $this->em->createNativeQuery(
-            SELECT b.base_id, '.$selectClause.' FROM Users u, basusr b
+            "SELECT b.base_id, ".$selectClause." FROM Users u, basusr b\n"
-            WHERE u.id = b.usr_id
+            . " WHERE u.id = b.usr_id\n"
-                AND b.base_id IN (' . implode(', ', $basList) . ')
+            . "  AND b.base_id IN (" . implode(', ', $basList) . ")\n"
-                AND u.model_of IS NULL
+            . "  AND u.model_of IS NULL\n"
-                AND b.actif="1"
+            . "  AND b.actif=1\n"
-                AND b.canadmin="1"
+            . "  AND b.canadmin=1\n"
-                AND u.deleted="0"', $rsm
+            . "  AND u.deleted=0",
+            $rsm
         );
 
         return $query->getResult();

lib/Alchemy/Phrasea/Model/RecordInterface.php

@@ -48,6 +48,27 @@ interface RecordInterface extends RecordReferenceInterface
     /** @return array */
     public function getExif();
 
+    /**
+     * The width of the 'document' subdef
+     *
+     * @return integer|null
+     */
+    public function getWidth();
+
+    /**
+     * The height of the 'document' subdef
+     *
+     * @return integer|null
+     */
+    public function getHeight();
+
+    /**
+     * The size (filesize) of the 'document' subdef
+     *
+     * @return integer|null
+     */
+    public function getSize();
+
     /**
      * Get Caption with requested fields if exists.
      * @param array $fields Returns only public fields when null

lib/Alchemy/Phrasea/Order/Controller/ApiOrderController.php

@@ -22,6 +22,7 @@ use Alchemy\Phrasea\Http\DeliverDataInterface;
 use Alchemy\Phrasea\Model\Entities\Basket;
 use Alchemy\Phrasea\Model\Entities\BasketElement;
 use Alchemy\Phrasea\Model\Entities\Order;
+use Alchemy\Phrasea\Model\Entities\Token;
 use Alchemy\Phrasea\Order\OrderElementTransformer;
 use Alchemy\Phrasea\Order\OrderFiller;
 use Alchemy\Phrasea\Order\OrderTransformer;
@@ -88,7 +89,7 @@ class ApiOrderController extends BaseOrderController
             ]);
         };
 
-        $builder = $this->app['repo.orders']->createQueryBuilder('o');
+        $builder = $this->getOrderRepository()->createQueryBuilder('o');
         $builder
             ->where($builder->expr()->eq('o.user', $this->getAuthenticatedUser()->getId()))
         ;
@@ -138,11 +139,10 @@ class ApiOrderController extends BaseOrderController
     }
 
     /**
-     * @param Request $request
      * @param int $orderId
      * @return Response
      */
-    public function getArchiveAction(Request $request, $orderId)
+    public function getArchiveAction($orderId)
     {
         $order = $this->findOr404($orderId);
 
@@ -160,12 +160,11 @@ class ApiOrderController extends BaseOrderController
         $exportName = sprintf('%s/%s.zip', $this->app['tmp.download.path'], $export->getExportName());
 
         $user = $this->getAuthenticatedUser();
-
         $subdefs = $this->findDataboxSubdefNames();
 
         $exportData = $export->prepare_export($user, $this->getFilesystem(), $subdefs, true, true);
-        $exportData['export_name'] = $exportName;
 
+        /** @var Token $token */
         $token = $this->app['manipulator.token']->createDownloadToken($user, serialize($exportData));
         $lst = [];
 
@@ -180,7 +179,7 @@ class ApiOrderController extends BaseOrderController
 
         set_time_limit(0);
         ignore_user_abort(true);
-        $file = \set_export::build_zip($this->app, $token, $exportData, $exportName);
+        $file = \set_export::build_zip($this->app, $token, $exportData, $token->getValue() . '.zip');
 
         return $this->deliverFile($file, $exportName, DeliverDataInterface::DISPOSITION_INLINE, 'application/zip');
     }
@@ -188,7 +187,6 @@ class ApiOrderController extends BaseOrderController
     public function acceptElementsAction(Request $request, $orderId)
     {
         $elementIds = $this->fetchElementIdsFromRequest($request);
-
         $elements = $this->doAcceptElements($orderId, $elementIds, $this->getAuthenticatedUser());
 
         $resource = new Collection($elements, function (BasketElement $element) {
@@ -242,7 +240,7 @@ class ApiOrderController extends BaseOrderController
         $filtered = [];
 
         foreach ($records as $index => $record) {
-            if (!$record->isStory() && $acl->has_right_on_base($record->getBaseId(), 'cancmd')) {
+            if (!$record->isStory() && $acl->has_right_on_base($record->getBaseId(), \ACL::CANCMD)) {
                 $filtered[$index] = $record;
             }
         }

lib/Alchemy/Phrasea/Order/Controller/BaseOrderController.php

@@ -10,6 +10,7 @@
 
 namespace Alchemy\Phrasea\Order\Controller;
 
+use Alchemy\Phrasea\Application;
 use Alchemy\Phrasea\Application\Helper\DispatcherAware;
 use Alchemy\Phrasea\Application\Helper\EntityManagerAware;
 use Alchemy\Phrasea\Controller\Controller;
@@ -22,10 +23,10 @@ use Alchemy\Phrasea\Model\Entities\OrderElement;
 use Alchemy\Phrasea\Model\Entities\User;
 use Alchemy\Phrasea\Model\Repositories\OrderElementRepository;
 use Alchemy\Phrasea\Model\Repositories\OrderRepository;
+use Alchemy\Phrasea\Order\OrderBasketProvider;
 use Alchemy\Phrasea\Order\OrderDelivery;
 use Alchemy\Phrasea\Order\OrderValidator;
 use Alchemy\Phrasea\Order\PartialOrder;
-use Alchemy\Phrasea\Record\RecordReference;
 use Alchemy\Phrasea\Record\RecordReferenceCollection;
 use Assert\Assertion;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
@@ -38,12 +39,46 @@ class BaseOrderController extends Controller
     use DispatcherAware;
     use EntityManagerAware;
 
+    /**
+     * @var OrderRepository
+     */
+    private $orderRepository;
+
+    /**
+     * @var OrderElementRepository
+     */
+    private $orderElementRepository;
+
+    /**
+     * @var OrderBasketProvider
+     */
+    private $orderBasketProvider;
+
+    /**
+     * @param Application $app
+     * @param OrderRepository $orderRepository
+     * @param OrderElementRepository $orderElementRepository
+     * @param OrderBasketProvider $orderBasketProvider
+     */
+    public function __construct(
+        Application $app,
+        OrderRepository $orderRepository,
+        OrderElementRepository $orderElementRepository,
+        OrderBasketProvider $orderBasketProvider
+    ) {
+        parent::__construct($app);
+
+        $this->orderRepository = $orderRepository;
+        $this->orderElementRepository = $orderElementRepository;
+        $this->orderBasketProvider = $orderBasketProvider;
+    }
+
     /**
      * @return OrderRepository
      */
     protected function getOrderRepository()
     {
-        return $this->app['repo.orders'];
+        return $this->orderRepository;
     }
 
     /**
@@ -51,7 +86,7 @@ class BaseOrderController extends Controller
      */
     protected function getOrderElementRepository()
     {
-        return $this->app['repo.order-elements'];
+        return $this->orderElementRepository;
     }
 
     /**
@@ -116,7 +151,7 @@ class BaseOrderController extends Controller
         $elements = $this->findRequestedElements($order_id, $elementIds, $acceptor);
         $order = $this->findOr404($order_id);
 
-        $basket = $this->app['provider.order_basket']->provideBasketForOrderAndUser($order, $acceptor);
+        $basket = $this->orderBasketProvider->provideBasketForOrderAndUser($order, $acceptor);
 
         $partialOrder = new PartialOrder($order, $elements);
 

lib/Alchemy/Phrasea/Order/Controller/ProdOrderController.php

@@ -37,7 +37,7 @@ class ProdOrderController extends BaseOrderController
      */
     public function createOrder(Request $request)
     {
-        $records = RecordsRequest::fromRequest($this->app, $request, true, ['cancmd']);
+        $records = RecordsRequest::fromRequest($this->app, $request, true, [\ACL::CANCMD]);
 
         try {
             if ($records->isEmpty()) {
@@ -109,7 +109,7 @@ class ProdOrderController extends BaseOrderController
 
         $sort = $request->query->get('sort');
 
-        $baseIds = array_keys($this->getAclForUser()->get_granted_base(['order_master']));
+        $baseIds = array_keys($this->getAclForUser()->get_granted_base([\ACL::ORDER_MASTER]));
 
         $ordersList = $this->getOrderRepository()->listOrders($baseIds, $offsetStart, $perPage, $sort);
         $total = $this->getOrderRepository()->countTotalOrders($baseIds);

lib/Alchemy/Phrasea/Order/OrderValidator.php

@@ -114,7 +114,7 @@ class OrderValidator
                 $element->getRecordId()
             );
 
-            $acl->grant_hd_on($recordReference, $user, 'order');
+            $acl->grant_hd_on($recordReference, $user, \ACL::GRANT_ACTION_ORDER);
         }
     }
 

lib/Alchemy/Phrasea/Out/Module/PDF.php

@@ -166,7 +166,7 @@ class PDF
 
             $fimg = $subdef->getRealPath();
 
-            if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($rec->getBaseId(), "nowatermark")
+            if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($rec->getBaseId(), \ACL::NOWATERMARK)
                 && $subdef->get_type() == \media_subdef::TYPE_IMAGE) {
                 $fimg = \recordutils_image::watermark($this->app, $subdef);
             }
@@ -438,7 +438,7 @@ class PDF
 
             $f = $subdef->getRealPath();
 
-            if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($rec->getBaseId(), "nowatermark")
+            if (!$this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($rec->getBaseId(), \ACL::NOWATERMARK)
                 && $subdef->get_type() == \media_subdef::TYPE_IMAGE)
                 $f = \recordutils_image::watermark($this->app, $subdef);
 

lib/Alchemy/Phrasea/Search/SubdefTransformer.php

@@ -53,7 +53,7 @@ class SubdefTransformer extends TransformerAbstract
             return null;
         }
         if ($media->get_name() === 'document'
-            && !$acl->has_right_on_base($record->getBaseId(), 'candwnldhd')
+            && !$acl->has_right_on_base($record->getBaseId(), \ACL::CANDWNLDHD)
             && !$acl->has_hd_grant($record)
         ) {
             return null;

lib/Alchemy/Phrasea/SearchEngine/Elastic/ElasticSearchEngine.php

@@ -460,7 +460,7 @@ class ElasticSearchEngine implements SearchEngineInterface
 
         $acl = $this->app->getAclForUser($this->app->getAuthenticatedUser());
 
-        $grantedCollections = array_keys($acl->get_granted_base(['actif']));
+        $grantedCollections = array_keys($acl->get_granted_base([\ACL::ACTIF]));
 
         if (count($grantedCollections) === 0) {
             return ['bool' => ['must_not' => ['match_all' => new \stdClass()]]];
@@ -540,10 +540,16 @@ class ElasticSearchEngine implements SearchEngineInterface
             $sort['_score'] = $options->getSortOrder();
         } elseif ($options->getSortBy() === SearchEngineOptions::SORT_CREATED_ON) {
             $sort['created_on'] = $options->getSortOrder();
+        } elseif ($options->getSortBy() === 'recordid') {
+            $sort['record_id'] = $options->getSortOrder();
         } else {
             $sort[sprintf('caption.%s', $options->getSortBy())] = $options->getSortOrder();
         }
 
+        if (! array_key_exists('record_id', $sort)) {
+            $sort['record_id'] = $options->getSortOrder();
+        }
+
         return $sort;
     }
 

lib/Alchemy/Phrasea/SearchEngine/Elastic/ElasticsearchRecordHydrator.php

@@ -51,6 +51,9 @@ class ElasticsearchRecordHydrator
         $record->setOriginalName(igorw\get_in($data, ['original_name'], ''));
         $record->setRecordId(igorw\get_in($data, ['record_id'], 0));
         $record->setSha256(igorw\get_in($data, ['sha256'], ''));
+        $record->setWidth(igorw\get_in($data, ['width'], 0));
+        $record->setHeight(igorw\get_in($data, ['height'], 0));
+        $record->setSize(igorw\get_in($data, ['size'], 0));
         $record->setType(igorw\get_in($data, ['type'], 'unknown'));
         $updatedOn = igorw\get_in($data, ['updated_on']);
         $record->setUpdated($updatedOn ? new \DateTime($updatedOn) : $updatedOn);

lib/Alchemy/Phrasea/SearchEngine/Elastic/Indexer.php

@@ -144,6 +144,7 @@ class Indexer
             }
 
             if ($what & self::RECORDS) {
+                $databox->clearCandidates();
                 $this->recordIndexer->populateIndex($bulk, $databox);
 
                 // Final flush

lib/Alchemy/Phrasea/SearchEngine/Elastic/Indexer/Record/Fetcher.php

@@ -132,7 +132,9 @@ class Fetcher
                  . ", r.sha256" // -- TODO rename in "hash"
                  . ", r.originalname AS original_name"
                  . ", r.mime, r.type, r.parent_record_id, r.credate AS created_on, r.moddate AS updated_on"
-                 . " FROM record r INNER JOIN coll c ON (c.coll_id = r.coll_id)"
+                 . ", subdef.width, subdef.height, subdef.size"
+                 . " FROM (record r INNER JOIN coll c ON (c.coll_id = r.coll_id))"
+                 . " LEFT JOIN subdef ON subdef.record_id=r.record_id AND subdef.name='document'"
                  . " -- WHERE"
                  . " ORDER BY r.record_id DESC"
                  . " LIMIT :offset, :limit";

lib/Alchemy/Phrasea/SearchEngine/Elastic/Indexer/Record/Hydrator/CoreHydrator.php

@@ -45,6 +45,9 @@ class CoreHydrator implements HydratorInterface
         $record['base_id'] = $this->helper->getUniqueCollectionId($this->databox_id, $record['collection_id']);
         $record['databox_id'] = $this->databox_id;
         $record['databox_name'] = $this->databox_name;
+        $record['width'] = (int) $record['width'];
+        $record['height'] = (int) $record['height'];
+        $record['size'] = (int) $record['size'];
 
         $record['record_type'] = ((int) $record['parent_record_id'] === 1)
             ? SearchEngineInterface::GEM_TYPE_STORY

lib/Alchemy/Phrasea/SearchEngine/Elastic/Indexer/RecordIndex.php

@@ -47,8 +47,8 @@ class RecordIndex implements MappingProvider
         $mapping = new MappingBuilder();
 
         // Compound primary key
-        $mapping->addField('record_id', FieldMapping::TYPE_INTEGER);
+        $mapping->addIntegerField('record_id');
-        $mapping->addField('databox_id', FieldMapping::TYPE_INTEGER);
+        $mapping->addIntegerField('databox_id');
 
         // Database name (still indexed for facets)
         $mapping->addStringField('databox_name')->disableAnalysis();
@@ -66,6 +66,10 @@ class RecordIndex implements MappingProvider
         $mapping->addStringField('type')->disableAnalysis();
         $mapping->addStringField('record_type')->disableAnalysis();
 
+        $mapping->addIntegerField('width')->disableIndexing();
+        $mapping->addIntegerField('height')->disableIndexing();
+        $mapping->addIntegerField('size')->disableIndexing();
+
         $mapping->addDateField('created_on', FieldMapping::DATE_FORMAT_MYSQL_OR_CAPTION);
         $mapping->addDateField('updated_on', FieldMapping::DATE_FORMAT_MYSQL_OR_CAPTION);
 
@@ -87,9 +91,7 @@ class RecordIndex implements MappingProvider
     private function buildCaptionMapping(MappingBuilder $parent, $name, array $fields)
     {
         $fieldConverter = new Mapping\FieldToFieldMappingConverter();
-        $captionMapping = new Mapping\ComplexFieldMapping($name, FieldMapping::TYPE_OBJECT);
+        $captionMapping = new Mapping\ComplexPropertiesMapping($name);
-
-        $captionMapping->useAsPropertyContainer();
 
         foreach ($fields as $field) {
             $captionMapping->addChild($fieldConverter->convertField($field, $this->locales));
@@ -109,7 +111,7 @@ class RecordIndex implements MappingProvider
 
     private function buildThesaurusPathMapping($name)
     {
-        $thesaurusMapping = new Mapping\ComplexFieldMapping($name, FieldMapping::TYPE_OBJECT);
+        $thesaurusMapping = new Mapping\ComplexPropertiesMapping($name);
 
         foreach (array_keys($this->structure->getThesaurusEnabledFields()) as $name) {
             $child = new Mapping\StringFieldMapping($name);
@@ -118,7 +120,7 @@ class RecordIndex implements MappingProvider
             $child->setAnalyzer('keyword', 'searching');
             $child->addChild((new Mapping\StringFieldMapping('raw'))->enableRawIndexing());
 
-            $thesaurusMapping->addChild($thesaurusMapping);
+            $thesaurusMapping->addChild($child);
         }
 
         return $thesaurusMapping;
@@ -127,9 +129,7 @@ class RecordIndex implements MappingProvider
     private function buildMetadataTagMapping($name)
     {
         $tagConverter = new Mapping\MetadataTagToFieldMappingConverter();
-        $metadataMapping = new Mapping\ComplexFieldMapping($name, FieldMapping::TYPE_OBJECT);
+        $metadataMapping = new Mapping\ComplexPropertiesMapping($name);
-
-        $metadataMapping->useAsPropertyContainer();
 
         foreach ($this->structure->getMetadataTags() as $tag) {
             $metadataMapping->addChild($tagConverter->convertTag($tag));
@@ -141,9 +141,7 @@ class RecordIndex implements MappingProvider
     private function buildFlagMapping($name)
     {
         $index = 0;
-        $flagMapping = new Mapping\ComplexFieldMapping($name, FieldMapping::TYPE_OBJECT);
+        $flagMapping = new Mapping\ComplexPropertiesMapping($name);
-
-        $flagMapping->useAsPropertyContainer();
 
         foreach ($this->structure->getAllFlags() as $childName => $_) {
             if (trim($childName) == '') {

lib/Alchemy/Phrasea/SearchEngine/Elastic/Mapping/ComplexFieldMapping.php

@@ -13,64 +13,12 @@ namespace Alchemy\Phrasea\SearchEngine\Elastic\Mapping;
 
 use Alchemy\Phrasea\SearchEngine\Elastic\FieldMapping;
 
-class ComplexFieldMapping extends FieldMapping
+class ComplexFieldMapping extends ComplexMapping
 {
-    /**
-     * @var FieldMapping[]
-     */
-    private $children = [];
 
-    private $childKey = 'fields';
+    public function __construct($name, $type = null)
-
-    public function useAsPropertyContainer()
     {
-        $this->childKey = 'properties';
+        parent::__construct($name, $type ?: FieldMapping::TYPE_OBJECT);
-    }
-
-    public function useAsFieldContainer()
-    {
-        $this->childKey = 'fields';
-    }
-
-    /**
-     * @param FieldMapping $child
-     * @return FieldMapping
-     */
-    public function addChild(FieldMapping $child)
-    {
-        if (isset($this->children[$child->getName()])) {
-            throw new \LogicException(sprintf('There is already a "%s" multi field.', $child->getName()));
-        }
-
-        if ($child->getType() !== $this->getType() && $this->getType() !== self::TYPE_OBJECT) {
-            throw new \LogicException('Child field type must match parent type.');
-        }
-
-        return $this->children[$child->getName()] = $child;
-    }
-
-    /**
-     * @return RawFieldMapping
-     */
-    public function addRawChild()
-    {
-        return $this->addChild(new RawFieldMapping($this->getType()));
-    }
-
-    /**
-     * @return bool
-     */
-    public function hasChildren()
-    {
-        return ! empty($this->children);
-    }
-
-    /**
-     * @return FieldMapping[]
-     */
-    public function getChildren()
-    {
-        return $this->children;
     }
 
     /**
@@ -78,16 +26,12 @@ class ComplexFieldMapping extends FieldMapping
      */
     protected function getProperties()
     {
-        if (! $this->hasChildren()) {
+        $properties = parent::getProperties();
-            return [];
+
+        if (! empty($properties)) {
+            return ['fields' => parent::getProperties()];
         }
 
-        $properties = [ ];
+        return $properties;
-
-        foreach ($this->children as $name => $child) {
-            $properties[$name] = $child->toArray();
-        }
-
-        return [ $this->childKey => $properties ];
     }
 }

lib/Alchemy/Phrasea/SearchEngine/Elastic/Mapping/ComplexMapping.php

@@ -0,0 +1,81 @@
+<?php
+
+/*
+ * This file is part of phrasea-4.0.
+ *
+ * (c) Alchemy <info@alchemy.fr>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Alchemy\Phrasea\SearchEngine\Elastic\Mapping;
+
+use Alchemy\Phrasea\SearchEngine\Elastic\FieldMapping;
+
+class ComplexMapping extends FieldMapping
+{
+    /**
+     * @var FieldMapping[]
+     */
+    private $children = [];
+
+    /**
+     * @param FieldMapping $child
+     * @return FieldMapping
+     */
+    public function addChild(FieldMapping $child)
+    {
+        if (isset($this->children[$child->getName()])) {
+            throw new \LogicException(sprintf('There is already a "%s" multi field.', $child->getName()));
+        }
+
+        if ($child->getType() !== $this->getType() && $this->getType() !== self::TYPE_OBJECT) {
+            throw new \LogicException('Child field type must match parent type.');
+        }
+
+        return $this->children[$child->getName()] = $child;
+    }
+
+    /**
+     * @return RawFieldMapping
+     */
+    public function addRawChild()
+    {
+        return $this->addChild(new RawFieldMapping($this->getType()));
+    }
+
+    /**
+     * @return bool
+     */
+    public function hasChildren()
+    {
+        return ! empty($this->children);
+    }
+
+    /**
+     * @return FieldMapping[]
+     */
+    public function getChildren()
+    {
+        return $this->children;
+    }
+
+    /**
+     * @return array
+     */
+    protected function getProperties()
+    {
+        if (! $this->hasChildren()) {
+            return [];
+        }
+
+        $properties = [ ];
+
+        foreach ($this->children as $name => $child) {
+            $properties[$name] = $child->toArray();
+        }
+
+        return $properties;
+    }
+}

lib/Alchemy/Phrasea/SearchEngine/Elastic/Mapping/ComplexPropertiesMapping.php

@@ -0,0 +1,31 @@
+<?php
+
+/*
+ * This file is part of phrasea-4.0.
+ *
+ * (c) Alchemy <info@alchemy.fr>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Alchemy\Phrasea\SearchEngine\Elastic\Mapping;
+
+use Alchemy\Phrasea\SearchEngine\Elastic\FieldMapping;
+
+class ComplexPropertiesMapping extends ComplexMapping
+{
+
+    public function __construct($name)
+    {
+        parent::__construct($name, FieldMapping::TYPE_OBJECT);
+    }
+
+    /**
+     * @return array
+     */
+    public function getProperties()
+    {
+        return [ 'properties' => parent::getProperties() ];
+    }
+}

lib/Alchemy/Phrasea/SearchEngine/SearchEngineOptions.php

@@ -639,9 +639,9 @@ class SearchEngineOptions
 
         $options->onCollections($bas);
 
-        if ($isAuthenticated && $acl->has_right('modifyrecord')) {
+        if ($isAuthenticated && $acl->has_right(\ACL::CANMODIFRECORD)) {
             $bf = array_filter($bas, function (\collection $collection) use ($acl) {
-                return $acl->has_right_on_base($collection->get_base_id(), 'canmodifrecord');
+                return $acl->has_right_on_base($collection->get_base_id(), \ACL::CANMODIFRECORD);
             });
 
             $options->allowBusinessFieldsOn($bf);

lib/Alchemy/Phrasea/Security/Firewall.php

@@ -146,7 +146,7 @@ class Firewall
 
     public function requireOrdersAdmin()
     {
-        if (empty($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base(['order_master']))) {
+        if (empty($this->app->getAclForUser($this->app->getAuthenticatedUser())->get_granted_base([\ACL::ORDER_MASTER]))) {
             $this->app->abort(403, 'You are not an order admin');
         }
 

lib/Alchemy/Phrasea/Setup/DoctrineMigrations/OrderMigration.php

@@ -11,6 +11,7 @@
 
 namespace Alchemy\Phrasea\Setup\DoctrineMigrations;
 
+use Alchemy\Phrasea\Model\Entities\Order;
 use Doctrine\DBAL\Schema\Schema;
 
 class OrderMigration extends AbstractMigration
@@ -23,6 +24,8 @@ class OrderMigration extends AbstractMigration
     public function doUpSql(Schema $schema)
     {
         $this->addSql("CREATE TABLE Orders (id INT AUTO_INCREMENT NOT NULL, user_id INT NOT NULL, basket_id INT DEFAULT NULL, order_usage VARCHAR(2048) NOT NULL, todo INT DEFAULT NULL, deadline DATETIME NOT NULL, created_on DATETIME NOT NULL, INDEX IDX_E283F8D8A76ED395 (user_id), UNIQUE INDEX UNIQ_E283F8D81BE1FB52 (basket_id), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB");
+        $this->addSql(sprintf("ALTER TABLE Orders ADD COLUMN notification_method VARCHAR(32) NOT NULL DEFAULT '%s'", Order::NOTIFY_MAIL));
+        $this->addSql("ALTER TABLE Orders ALTER COLUMN notification_method DROP DEFAULT");
         $this->addSql("CREATE TABLE OrderElements (id INT AUTO_INCREMENT NOT NULL, order_master INT DEFAULT NULL, order_id INT DEFAULT NULL, base_id INT NOT NULL, record_id INT NOT NULL, deny TINYINT(1) DEFAULT NULL, INDEX IDX_8C7066C8EE86B303 (order_master), INDEX IDX_8C7066C88D9F6D38 (order_id), UNIQUE INDEX unique_ordercle (base_id, record_id, order_id), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB");
         $this->addSql("ALTER TABLE Orders ADD CONSTRAINT FK_E283F8D8A76ED395 FOREIGN KEY (user_id) REFERENCES Users (id)");
         $this->addSql("ALTER TABLE Orders ADD CONSTRAINT FK_E283F8D81BE1FB52 FOREIGN KEY (basket_id) REFERENCES Baskets (id)");

lib/Alchemy/Phrasea/Setup/DoctrineMigrations/Version20160511160640.php

@@ -18,9 +18,7 @@ class Version20160511160640 extends BaseMigration
     {
         // this up() migration is auto-generated, please modify it to your needs
         $this->abortIf($this->connection->getDatabasePlatform()->getName() != 'mysql', 'Migration can only be executed safely on \'mysql\'.');
-
+        // no-op
-        $this->addSql(sprintf("ALTER TABLE Orders ADD COLUMN notification_method VARCHAR(32) NOT NULL DEFAULT '%s'", Order::NOTIFY_MAIL));
-        $this->addSql("ALTER TABLE Orders ALTER COLUMN notification_method DROP DEFAULT");
     }
 
     /**
@@ -30,7 +28,6 @@ class Version20160511160640 extends BaseMigration
     {
         // this down() migration is auto-generated, please modify it to your needs
         $this->abortIf($this->connection->getDatabasePlatform()->getName() != 'mysql', 'Migration can only be executed safely on \'mysql\'.');
-
+        // no-op
-        $this->addSql("ALTER TABLE Orders DROP COLUMN notification_method");
     }
 }

lib/Alchemy/Phrasea/Setup/Installer.php

@@ -59,23 +59,42 @@ class Installer
         $this->app->getAclForUser($admin)
             ->give_access_to_sbas([$databox->get_sbas_id()])
             ->update_rights_to_sbas(
-                $databox->get_sbas_id(), [
+                $databox->get_sbas_id(),
-                    'bas_manage'        => 1, 'bas_modify_struct' => 1,
+                [
-                    'bas_modif_th'      => 1, 'bas_chupub'        => 1
+                    \ACL::BAS_MANAGE        => true,
+                    \ACL::BAS_MODIFY_STRUCT => true,
+                    \ACL::BAS_MODIF_TH      => true,
+                    \ACL::BAS_CHUPUB        => true
                 ]
         );
 
         $collection = \collection::create($this->app, $databox, $this->app['phraseanet.appbox'], 'test', $admin);
 
-        $this->app->getAclForUser($admin)->give_access_to_base([$collection->get_base_id()]);
+        $this->app->getAclForUser($admin)
-        $this->app->getAclForUser($admin)->update_rights_to_base($collection->get_base_id(), [
+            ->give_access_to_base([$collection->get_base_id()]);
-            'canpush'           => 1, 'cancmd'          => 1
+
-            , 'canputinalbum'   => 1, 'candwnldhd'      => 1, 'candwnldpreview' => 1, 'canadmin'        => 1
+        $this->app->getAclForUser($admin)
-            , 'actif'           => 1, 'canreport'       => 1, 'canaddrecord'    => 1, 'canmodifrecord'  => 1
+            ->update_rights_to_base(
-            , 'candeleterecord' => 1, 'chgstatus'       => 1, 'imgtools'        => 1, 'manage'          => 1
+                $collection->get_base_id(),
-            , 'modify_struct'   => 1, 'nowatermark'     => 1
+                [
-            ]
+                    \ACL::CANPUSH            => true,
-        );
+                    \ACL::CANCMD             => true,
+                    \ACL::CANPUTINALBUM      => true,
+                    \ACL::CANDWNLDHD         => true,
+                    \ACL::CANDWNLDPREVIEW    => true,
+                    \ACL::CANADMIN           => true,
+                    \ACL::ACTIF              => true,
+                    \ACL::CANREPORT          => true,
+                    \ACL::CANADDRECORD       => true,
+                    \ACL::CANMODIFRECORD     => true,
+                    \ACL::CANDELETERECORD    => true,
+                    \ACL::CHGSTATUS          => true,
+                    \ACL::IMGTOOLS           => true,
+                    \ACL::COLL_MANAGE        => true,
+                    \ACL::COLL_MODIFY_STRUCT => true,
+                    \ACL::NOWATERMARK        => true
+                ]
+            );
 
         foreach (['Subdefs', 'WriteMetadata'] as $jobName) {
             /** @var JobInterface $job */

lib/Alchemy/Phrasea/TaskManager/Editor/SubdefsEditor.php

@@ -53,6 +53,7 @@ class SubdefsEditor extends AbstractEditor
   <flush>5</flush>
   <maxrecs>20</maxrecs>
   <maxmegs>256</maxmegs>
+  <maxduration>3600</maxduration>
 </tasksettings>
 EOF;
     }

lib/Alchemy/Phrasea/TaskManager/TaskList.php

@@ -49,6 +49,17 @@ class TaskList implements TaskListInterface
             $arguments[] = $this->phpConf;
         }
 
+        $maxmegs     = 128;     // default (Mo) if not set in xml
+        $maxduration = 1800;    // default (seconds) if not set in xml
+        if( ($sxSettings = @simplexml_load_string($task->getSettings())) ) {
+            if( ($v = (int)($sxSettings->maxmegs)) && $v > 0) {
+                $maxmegs = $v;
+            }
+            if( ($v = (int)($sxSettings->maxduration)) && $v > 0) {
+                $maxduration = $v;
+            }
+        }
+
         $arguments[] = '-f';
         $arguments[] = $this->root . '/bin/console';
         $arguments[] = '--';
@@ -57,9 +68,9 @@ class TaskList implements TaskListInterface
         $arguments[] = $task->getId();
         $arguments[] = '--listen-signal';
         $arguments[] = '--max-duration';
-        $arguments[] = '1800';
+        $arguments[] = $maxduration;
         $arguments[] = '--max-memory';
-        $arguments[] = 128 << 20;
+        $arguments[] = $maxmegs << 20;
 
         $builder = ProcessBuilder::create($arguments);
         $builder->setTimeout(0);

lib/Alchemy/Phrasea/Twig/PhraseanetExtension.php

@@ -133,7 +133,7 @@ class PhraseanetExtension extends \Twig_Extension
 
         $structure = $databox->getStatusStructure()->toArray();
 
-        if (!$this->isGrantedOnCollection($record->getBaseId(), 'chgstatus')) {
+        if (!$this->isGrantedOnCollection($record->getBaseId(), [\ACL::CHGSTATUS])) {
             $structure = array_filter($structure, function($status) {
                 return  (bool) $status['printable'];
             });
@@ -175,16 +175,25 @@ class PhraseanetExtension extends \Twig_Extension
         return true;
     }
 
-    public function isGrantedOnCollection($baseId, $rights)
+    /**
+     * returns true if user is authenticated and has all the passed rights on the base
+     * todo : wtf $rights is an array since it's never called with more than 1 right in it ?
+     *
+     * @param $baseId
+     * @param array $rights
+     * @return bool
+     * @throws \Exception
+     */
+    public function isGrantedOnCollection($baseId, Array $rights)
     {
         if (false === ($this->app->getAuthenticatedUser() instanceof User)) {
 
             return false;
         }
 
-        $rights = (array) $rights;
+        $acl = $this->app->getAclForUser($this->app->getAuthenticatedUser());
         foreach ($rights as $right) {
-            if (false === $this->app->getAclForUser($this->app->getAuthenticatedUser())->has_right_on_base($baseId, $right)) {
+            if (! $acl->has_right_on_base($baseId, $right)) {
 
                 return false;
             }
@@ -196,6 +205,7 @@ class PhraseanetExtension extends \Twig_Extension
     public function getCollectionLogo($baseId)
     {
         if (false === $this->app['filesystem']->exists(sprintf('%s/config/minilogos/%s', $this->app['root.path'], $baseId))) {
+
             return '';
         }
 

lib/Alchemy/Phrasea/Vocabulary/ControlProvider/UserProvider.php

@@ -56,7 +56,7 @@ class UserProvider implements ControlProviderInterface
                 ->like(\User_Query::LIKE_LOGIN, $query)
                 ->like_match(\User_Query::LIKE_MATCH_OR)
                 ->include_phantoms(true)
-                ->on_bases_where_i_am($this->app->getAclForUser($for_user), ['canadmin'])
+                ->on_bases_where_i_am($this->app->getAclForUser($for_user), [\ACL::CANADMIN])
                 ->limit(0, 50)
                 ->execute()->get_results();
 

lib/classes/User/Query.php

@@ -14,7 +14,7 @@ use Alchemy\Phrasea\Model\Entities\User;
 use Doctrine\Common\Collections\ArrayCollection;
 use Alchemy\Phrasea\Utilities\Countries;
 
-class User_Query implements User_QueryInterface
+class User_Query
 {
     const ORD_ASC = 'ASC';
     const ORD_DESC = 'DESC';

lib/classes/User/QueryInterface.php

@@ -1,47 +0,0 @@
-<?php
-
-/*
- * This file is part of Phraseanet
- *
- * (c) 2005-2016 Alchemy
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-use Alchemy\Phrasea\Application;
-
-interface User_QueryInterface
-{
-    public function __construct(Application $app);
-
-    public function get_results();
-
-    public function who_have_right(Array $rights);
-
-    public function who_have_not_right(Array $rights);
-
-    public function execute();
-
-    public function get_total();
-
-    public function get_page();
-
-    public function on_bases_where_i_am(ACL $ACL, Array $rights);
-
-    public function on_sbas_where_i_am(ACL $ACL, Array $rights);
-
-    public function limit($offset_start, $results_quantity);
-
-    public function like($like_field, $like_value);
-
-    public function like_match($like_match);
-
-    public function on_sbas_ids(Array $sbas_ids);
-
-    public function on_base_ids(Array $base_ids);
-
-    public function sort_by($sort, $ord = 'asc');
-
-    public function get_inactives($boolean = true);
-}

lib/classes/databox.php

@@ -1121,9 +1121,12 @@ class databox extends base implements ThumbnailedElement
         $this->app->getAclForUser($user)
             ->give_access_to_sbas([$this->id])
             ->update_rights_to_sbas(
-                $this->id, [
+                $this->id,
-                'bas_manage'        => 1, 'bas_modify_struct' => 1,
+                [
-                'bas_modif_th'      => 1, 'bas_chupub'        => 1
+                    \ACL::BAS_MANAGE        => true,
+                    \ACL::BAS_MODIFY_STRUCT => true,
+                    \ACL::BAS_MODIF_TH      => true,
+                    \ACL::BAS_CHUPUB        => true
                 ]
         );
 
@@ -1133,9 +1136,7 @@ class databox extends base implements ThumbnailedElement
         $rs = $stmt->fetchAll(PDO::FETCH_ASSOC);
         $stmt->closeCursor();
 
-        $sql = "INSERT INTO bas
+        $sql = "INSERT INTO bas (active, server_coll_id, sbas_id) VALUES ('1', :coll_id, :sbas_id)";
-                            (base_id, active, server_coll_id, sbas_id) VALUES
-                            (null,'1', :coll_id, :sbas_id)";
         $stmt = $conn->prepare($sql);
 
         $base_ids = [];
@@ -1156,24 +1157,28 @@ class databox extends base implements ThumbnailedElement
         $this->app->getAclForUser($user)->give_access_to_base($base_ids);
 
         foreach ($base_ids as $base_id) {
-            $this->app->getAclForUser($user)->update_rights_to_base($base_id, [
+            $this->app->getAclForUser($user)
-                'canpush' => 1,
+                ->update_rights_to_base(
-                'cancmd' => 1,
+                    $base_id,
-                'canputinalbum' => 1,
+                    [
-                'candwnldhd' => 1,
+                        \ACL::CANPUSH            => true,
-                'candwnldpreview' => 1,
+                        \ACL::CANCMD             => true,
-                'canadmin' => 1,
+                        \ACL::CANPUTINALBUM      => true,
-                'actif' => 1,
+                        \ACL::CANDWNLDHD         => true,
-                'canreport' => 1,
+                        \ACL::CANDWNLDPREVIEW    => true,
-                'canaddrecord' => 1,
+                        \ACL::CANADMIN           => true,
-                'canmodifrecord' => 1,
+                        \ACL::ACTIF              => true,
-                'candeleterecord' => 1,
+                        \ACL::CANREPORT          => true,
-                'chgstatus' => 1,
+                        \ACL::CANADDRECORD       => true,
-                'imgtools' => 1,
+                        \ACL::CANMODIFRECORD     => true,
-                'manage' => 1,
+                        \ACL::CANDELETERECORD    => true,
-                'modify_struct' => 1,
+                        \ACL::CHGSTATUS          => true,
-                'nowatermark' => 1
+                        \ACL::IMGTOOLS           => true,
-            ]);
+                        \ACL::COLL_MANAGE        => true,
+                        \ACL::COLL_MODIFY_STRUCT => true,
+                        \ACL::NOWATERMARK        => true
+                    ]
+                );
         }
 
         $this->app->getAclForUser($user)->delete_data_from_cache();
@@ -1190,14 +1195,40 @@ class databox extends base implements ThumbnailedElement
         return $this;
     }
 
+    public function clearCandidates()
+    {
+        try {
+            $domct = $this->get_dom_cterms();
+
+            if ($domct !== false) {
+                $nodesToDel = [];
+                for($n = $domct->documentElement->firstChild; $n; $n = $n->nextSibling) {
+                    if(!($n->getAttribute('delbranch'))){
+                        $nodesToDel[] = $n;
+                    }
+                }
+                foreach($nodesToDel as $n) {
+                    $n->parentNode->removeChild($n);
+                }
+                if(!empty($nodesToDel)) {
+                    $this->saveCterms($domct);
+                }
+            }
+        } catch (\Exception $e) {
+
+        }
+    }
+
     public function reindex()
     {
+        $this->clearCandidates();
         $this->get_connection()->update('pref', ['updated_on' => '0000-00-00 00:00:00'], ['prop' => 'indexes']);
 
         // Set TO_INDEX flag on all records
-        $sql = "UPDATE record SET jeton = (jeton | :token)";
+        $sql = "UPDATE record SET jeton = ((jeton & ~ :token_and) | :token_or)";
         $stmt = $this->connection->prepare($sql);
-        $stmt->bindValue(':token', PhraseaTokens::TO_INDEX, PDO::PARAM_INT);
+        $stmt->bindValue(':token_and', PhraseaTokens::INDEXING, PDO::PARAM_INT);
+        $stmt->bindValue(':token_or',  PhraseaTokens::TO_INDEX, PDO::PARAM_INT);
         $stmt->execute();
 
         $this->app['dispatcher']->dispatch(

lib/classes/databox/status.php

@@ -24,7 +24,7 @@ class databox_status
         foreach ($app->getAclForUser($app->getAuthenticatedUser())->get_granted_sbas() as $databox) {
             $see_all = false;
             foreach ($databox->get_collections() as $collection) {
-                if ($app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($collection->get_base_id(), 'chgstatus')) {
+                if ($app->getAclForUser($app->getAuthenticatedUser())->has_right_on_base($collection->get_base_id(), \ACL::CHGSTATUS)) {
                     $see_all = true;
                     break;
                 }

lib/classes/databox/subdef.php

@@ -12,6 +12,7 @@ use Alchemy\Phrasea\Media\Subdef\Audio;
 use Alchemy\Phrasea\Media\Subdef\FlexPaper;
 use Alchemy\Phrasea\Media\Subdef\Gif;
 use Alchemy\Phrasea\Media\Subdef\Image;
+use Alchemy\Phrasea\Media\Subdef\Unknown;
 use Alchemy\Phrasea\Media\Subdef\Subdef as SubdefSpecs;
 use Alchemy\Phrasea\Media\Subdef\Video;
 use Alchemy\Phrasea\Media\Type\Type as SubdefType;
@@ -37,6 +38,7 @@ class databox_subdef
         SubdefType::TYPE_FLASH => [SubdefSpecs::TYPE_IMAGE],
         SubdefType::TYPE_IMAGE => [SubdefSpecs::TYPE_IMAGE],
         SubdefType::TYPE_VIDEO => [SubdefSpecs::TYPE_IMAGE, SubdefSpecs::TYPE_VIDEO, SubdefSpecs::TYPE_ANIMATION],
+        SubdefType::TYPE_UNKNOWN => [SubdefSpecs::TYPE_IMAGE]
     ];
 
     /**
@@ -111,6 +113,9 @@ class databox_subdef
             case SubdefSpecs::TYPE_FLEXPAPER:
                 $this->subdef_type = $this->buildFlexPaperSubdef($sd);
                 break;
+            case SubdefSpecs::TYPE_UNKNOWN:
+                $this->subdef_type = $this->buildImageSubdef($sd);
+                break;
         }
     }
 
@@ -372,6 +377,9 @@ class databox_subdef
                         case SubdefSpecs::TYPE_VIDEO:
                             $mediatype_obj = new Video($this->translator);
                             break;
+                        case SubdefSpecs::TYPE_UNKNOWN:
+                            $mediatype_obj = new Unknown($this->translator);
+                            break;
                         default:
                             continue;
                             break;

lib/classes/eventsmanager/broker.php

@@ -129,13 +129,13 @@ class eventsmanager_broker
 
         foreach ($rs as $row) {
             $type = 'eventsmanager_' . $row['type'];
-            $data = @json_decode($row['datas'], true);
+            $json = @json_decode($row['datas'], true);
 
             if (json_last_error() !== JSON_ERROR_NONE) {
                 continue;
             }
 
-            $content = $this->pool_classes[$type]->datas($data, $row['unread']);
+            $content = $this->pool_classes[$type]->datas($json, $row['unread']);
 
             if ( ! isset($this->pool_classes[$type]) || count($content) === 0) {
                 $sql = 'DELETE FROM notifications WHERE id = :id';

lib/classes/eventsmanager/notify/autoregister.php

@@ -73,6 +73,6 @@ class eventsmanager_notify_autoregister extends eventsmanager_notifyAbstract
             return false;
         }
 
-        return $this->app->getAclForUser($user)->has_right('manageusers');
+        return $this->app->getAclForUser($user)->has_right(\ACL::CANADMIN);
     }
 }

lib/classes/eventsmanager/notify/order.php

@@ -75,6 +75,6 @@ class eventsmanager_notify_order extends eventsmanager_notifyAbstract
      */
     public function is_available(User $user)
     {
-        return $this->app->getAclForUser($user)->has_right('order_master');
+        return $this->app->getAclForUser($user)->has_right(\ACL::ORDER_MASTER);
     }
 }

lib/classes/eventsmanager/notify/register.php

@@ -75,6 +75,6 @@ class eventsmanager_notify_register extends eventsmanager_notifyAbstract
             return false;
         }
 
-        return $this->app->getAclForUser($user)->has_right('manageusers');
+        return $this->app->getAclForUser($user)->has_right(\ACL::CANADMIN);
     }
 }

lib/classes/eventsmanager/notify/uploadquarantine.php

@@ -75,6 +75,6 @@ class eventsmanager_notify_uploadquarantine extends eventsmanager_notifyAbstract
      */
     public function is_available(User $user)
     {
-        return $this->app->getAclForUser($user)->has_right('addrecord');
+        return $this->app->getAclForUser($user)->has_right(\ACL::CANADDRECORD);
     }
 }

lib/classes/eventsmanager/notify/validationdone.php

@@ -90,6 +90,6 @@ class eventsmanager_notify_validationdone extends eventsmanager_notifyAbstract
      */
     public function is_available(User $user)
     {
-        return $this->app->getAclForUser($user)->has_right('push');
+        return $this->app->getAclForUser($user)->has_right(\ACL::CANPUSH);
     }
 }

lib/classes/media/subdef.php

@@ -656,10 +656,12 @@ class media_subdef extends media_abstract implements cache_cacheableInterface
             $params['height'] = $media->getHeight();
         }
 
+        /** @var callable $factoryProvider */
         $factoryProvider = $app['provider.factory.media_subdef'];
         $factory = $factoryProvider($record->getDataboxId());
 
         $subdef = $factory($params);
+
         Assertion::isInstanceOf($subdef, \media_subdef::class);
 
         $repository = self::getMediaSubdefRepository($app, $record->getDataboxId());