Merge branch 'master' into sf3

* master:
  Video thumbnail fix (#1179)
  [AdminBundle] fix regex to check if admin preview (#1182)
  Fix adminlist SimpleItemAction template
  [AdminListBundle] Updated list template to use an icon for the View link
  Fix translation (#1177)
  [AdminBundle] OAuthUserCreator Should query on username and email (#1154)
  [All bundle] Translation fixes (#1172)
  Added `update ACL command` to update specific role with given permission(s) for all nodes
  [ArticleBundle] Added ability to select which overview page to add an article page to (#1160)

src/Kunstmaan/AdminBundle/Command/UpdateAclCommand.php

@@ -0,0 +1,86 @@
+<?php
+
+namespace Kunstmaan\AdminBundle\Command;
+
+use Doctrine\ORM\EntityManager;
+use Symfony\Component\Console\Question\ChoiceQuestion;
+use Symfony\Component\Security\Acl\Domain\Acl;
+use Symfony\Component\Security\Acl\Domain\Entry;
+use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface;
+use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface;
+use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
+
+/**
+ * Permissions update of ACL entries for all nodes for given role.
+ */
+class UpdateAclCommand extends ContainerAwareCommand
+{
+    /**
+     * {@inheritdoc}
+     */
+    protected function configure()
+    {
+        parent::configure();
+
+        $this->setName('kuma:acl:update')
+            ->setDescription('Permissions update of ACL entries for all nodes for given role')
+            ->setHelp("The <info>kuma:update:acl</info> will update ACL entries for the nodes of the current project" .
+                "with given role and permissions");
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $helper = $this->getHelper('question');
+
+        // Select Role
+        $roles = $this->getContainer()->getParameter('security.role_hierarchy.roles');
+        $question = new ChoiceQuestion('Select role', array_keys($roles));
+        $question->setErrorMessage('Role %s is invalid.');
+        $role = $helper->ask($input, $output, $question);
+
+        // Select Permission(s)
+        $permissionMap = $this->getContainer()->get('security.acl.permission.map');
+        $question = new ChoiceQuestion('Select permissions(s) (seperate by ",")',
+            $permissionMap->getPossiblePermissions());
+        $question->setMultiselect(true);
+        $mask = array_reduce($helper->ask($input, $output, $question), function ($a, $b) use ($permissionMap) {
+            return $a | $permissionMap->getMasks($b, null)[0];
+        }, 0);
+
+        /* @var EntityManager $em */
+        $em = $this->getContainer()->get('doctrine.orm.entity_manager');
+        /* @var MutableAclProviderInterface $aclProvider */
+        $aclProvider = $this->getContainer()->get('security.acl.provider');
+        /* @var ObjectIdentityRetrievalStrategyInterface $oidStrategy */
+        $oidStrategy = $this->getContainer()->get('security.acl.object_identity_retrieval_strategy');
+
+        // Fetch all nodes & grant access
+        $nodes = $em->getRepository('KunstmaanNodeBundle:Node')->findAll();
+
+        foreach ($nodes as $node) {
+            $objectIdentity = $oidStrategy->getObjectIdentity($node);
+
+            /** @var Acl $acl */
+            $acl = $aclProvider->findAcl($objectIdentity);
+            $securityIdentity = new RoleSecurityIdentity($role);
+
+            /** @var Entry $ace */
+            foreach ($acl->getObjectAces() as $index => $ace) {
+                if (!$ace->getSecurityIdentity()->equals($securityIdentity)) {
+                    continue;
+                }
+                $acl->updateObjectAce($index, $mask);
+                break;
+            }
+            $aclProvider->updateAcl($acl);
+        }
+        $output->writeln(count($nodes) . ' nodes processed.');
+    }
+
+}

src/Kunstmaan/AdminBundle/EventListener/AdminLocaleListener.php

@@ -89,14 +89,17 @@ private function isAdminToken($providerKey, TokenInterface $token = null)
      */
     private function isAdminRoute($url)
     {
-        preg_match('/^\/(app_(.*)\.php\/)?([a-zA-Z_-]{2,5}\/)?admin\/(.*)/', $url, $matches);
+        //If the url contains an admin part and a preview part then it is not an admin route
+        preg_match('/^(\/app_[a-zA-Z]+\.php)?\/([a-zA-Z_-]{2,5}\/)?admin(\/.*)?\/preview/', $url, $matches);
 
-        // Check if path is part of admin area
-        if (count($matches) === 0) {
+        if (count($matches) > 0) {
             return false;
         }
 
-        if (strpos($url, '/admin/preview') !== false) {
+        preg_match('/^\/(app_[a-zA-Z]+\.php\/)?([a-zA-Z_-]{2,5}\/)?admin\/(.*)/', $url, $matches);
+
+        // Check if path is part of admin area
+        if (count($matches) === 0) {
             return false;
         }
 

src/Kunstmaan/AdminBundle/Helper/Security/OAuth/OAuthUserCreator.php

@@ -2,9 +2,9 @@
 
 namespace Kunstmaan\AdminBundle\Helper\Security\OAuth;
 
-use Doctrine\ORM\EntityManager;
+use Doctrine\ORM\EntityManagerInterface;
 
-class OAuthUserCreator
+class OAuthUserCreator implements OAuthUserCreatorInterface
 {
     /** @var EntityManager */
     private $em;
@@ -15,41 +15,35 @@ class OAuthUserCreator
     /** @var string */
     private $userClass;
 
+    /** @var OAuthUserFinderInterface */
+    private $userFinder;
+
     /**
      * OAuthUserCreator constructor.
-     * @param EntityManager $em
+     * @param EntityManagerInterface $em
      * @param $hostedDomains
      * @param $userClass
+     * @param OAuthUserFinderInterface $userFinder
      */
-    public function __construct(EntityManager $em, $hostedDomains, $userClass)
+    public function __construct(EntityManagerInterface $em, $hostedDomains, $userClass, OAuthUserFinderInterface $userFinder)
     {
         $this->em = $em;
         $this->hostedDomains = $hostedDomains;
         $this->userClass = $userClass;
+        $this->userFinder = $userFinder;
     }
 
     /**
-     * Returns an implementation of AbstractUser defined by the $userClass parameter.
-     * Checks if there already exists an account for the given googleId or email. If yes updates
-     * the access levels accordingly and returns that user. If no creates a new user with the
-     * configured access levels.
-     *
-     * @param string email
-     * @param string googleId
-     *
-     * @return AbstractUser Implementation
+     * {@inheritDoc}
      */
     public function getOrCreateUser($email, $googleId)
     {
-        $user = $this->em->getRepository($this->userClass)
-            ->findOneBy(array('googleId' => $googleId));
-
-        if (!$user instanceof $this->userClass && $this->isConfiguredDomain($email)) {
+        if ($this->isConfiguredDomain($email)) {
 
-            $user = $this->em->getRepository($this->userClass)
-                ->findOneBy(array('username' => $email));
+            $user = $this->userFinder->findUserByGoogleSignInData($email, $googleId);
 
             if(!$user instanceof $this->userClass) {
+                //User not present in database, create new one
                 $user = new $this->userClass;
                 $user->setUsername($email);
                 $user->setEmail($email);
@@ -70,7 +64,7 @@ public function getOrCreateUser($email, $googleId)
             $this->em->flush();
         }
 
-        return $user;
+        return isset($user) ? $user : null;
     }
 
     /**

src/Kunstmaan/AdminBundle/Helper/Security/OAuth/OAuthUserCreatorInterface.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace Kunstmaan\AdminBundle\Helper\Security\OAuth;
+
+/**
+ * Interface OAuthUserCreatorInterface
+ */
+interface OAuthUserCreatorInterface
+{
+    /**
+     * Returns an implementation of AbstractUser defined by the $userClass parameter.
+     * Checks if there already exists an account for the given googleId or email. If yes updates
+     * the access levels accordingly and returns that user. If no creates a new user with the
+     * configured access levels.
+     *
+     * Returns Null if email is not in configured domains
+     *
+     * @param string email
+     * @param string googleId
+     *
+     * @return mixed AbstractUser Implementation
+    */
+    public function getOrCreateUser($email, $googleId);
+}

src/Kunstmaan/AdminBundle/Helper/Security/OAuth/OAuthUserFinder.php

@@ -0,0 +1,51 @@
+<?php
+
+namespace Kunstmaan\AdminBundle\Helper\Security\OAuth;
+
+use Doctrine\ORM\EntityManagerInterface;
+
+class OAuthUserFinder implements OAuthUserFinderInterface
+{
+
+    /** @var EntityManager */
+    private $em;
+
+    /** @var string */
+    private $userClass;
+
+    /**
+     * OAuthUserCreator constructor.
+     * @param EntityManagerInterface $em
+     * @param $userClass
+     */
+    public function __construct(EntityManagerInterface $em, $userClass)
+    {
+        $this->em = $em;
+        $this->userClass = $userClass;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public function findUserByGoogleSignInData($email, $googleId)
+    {
+        //Check if already logged in before via Google auth
+        $user = $this->em->getRepository($this->userClass)
+            ->findOneBy(array('googleId' => $googleId));
+
+        if (!$user instanceof $this->userClass) {
+            //Check if Email was already present in database but not logged in via Google auth
+            $user = $this->em->getRepository($this->userClass)
+                ->findOneBy(array('email' => $email));
+
+            if(!$user instanceof $this->userClass) {
+                //Last chance try looking for email address in username field
+                $user = $this->em->getRepository($this->userClass)
+                    ->findOneBy(array('username' => $email));
+            }
+        }
+
+        return $user;
+    }
+}

src/Kunstmaan/AdminBundle/Helper/Security/OAuth/OAuthUserFinderInterface.php

@@ -0,0 +1,22 @@
+<?php
+
+namespace Kunstmaan\AdminBundle\Helper\Security\OAuth;
+
+/**
+ * Interface OAuthUserFinderInterface
+ */
+interface OAuthUserFinderInterface
+{
+
+    /**
+     * Tries to find a user in database based on email and googleId fields.
+     * Returns null when nothing has been found.
+     *
+     * @param string email
+     * @param string googleId
+     *
+     * @return mixed AbstractUser Implementation
+    */
+    public function findUserByGoogleSignInData($email, $googleId);
+}
+

src/Kunstmaan/AdminBundle/Resources/config/services.yml

@@ -209,6 +209,13 @@ services:
             - '@doctrine.orm.entity_manager'
             - '%kunstmaan_admin.google_signin.hosted_domains%'
             - '%fos_user.model.user.class%'
+            - '@kunstmaan_admin.oauth_user_finder'
+
+    kunstmaan_admin.oauth_user_finder:
+        class: Kunstmaan\AdminBundle\Helper\Security\OAuth\OAuthUserFinder
+        arguments:
+            - '@doctrine.orm.entity_manager'
+            - '%fos_user.model.user.class%'
 
     kunstmaan_admin.google_signin.twig.extension:
         class: Kunstmaan\AdminBundle\Twig\GoogleSignInTwigExtension

src/Kunstmaan/AdminBundle/Resources/translations/messages.de.yml

@@ -41,6 +41,7 @@ form:
   deletesure: Sind Sie sicher, Sie wollen diese löschen?
   edit: Bearbeiten
   add: Neu
+  'add.%subject%': Neu %subject%
   save: Speichern
   publish: Publizieren
   unpublish: Depublizieren

src/Kunstmaan/AdminBundle/Resources/translations/messages.en.yml

@@ -42,6 +42,7 @@ form:
     deletesure: Are you sure you want to delete this?
     edit: Edit
     add: Add New
+    'add.%subject%': 'Add New %subject%'
     save: Save
     publish: Publish
     unpublish: Unpublish

src/Kunstmaan/AdminBundle/Resources/translations/messages.es.yml

@@ -41,6 +41,7 @@ form:
   deletesure: ¿Seguro que quieres borrar esto?
   edit: Editar
   add: Agregar
+  'add.%subject%': 'Agregar %subject%'
   save: Guardar
   publish: Publicar
   unpublish: Despublicar

src/Kunstmaan/AdminBundle/Resources/translations/messages.fr.yml

@@ -41,6 +41,7 @@ form:
   deletesure: Êtes-vous sûr de vouloir supprimer ce ?
   edit: Modifier
   add: Ajouter nouveau
+  'add.%subject%': 'Ajouter nouveau %subject%'
   save: Sauver
   publish: Publier
   unpublish: Dé-publier

src/Kunstmaan/AdminBundle/Resources/translations/messages.hu.yml

@@ -42,6 +42,7 @@ form:
     deletesure: Biztos benne?
     edit: Szerkesztés
     add: Hozzáad
+    'add.%subject%': '%subject% hozzadása'
     save: Mentés
     publish: Publikál
     unpublish: Publikálás visszavonása

src/Kunstmaan/AdminBundle/Resources/translations/messages.it.yml

@@ -41,6 +41,7 @@ form:
   deletesure: Sei sicuro di voler eliminare questo ?
   edit: Modifica
   add: Aggiungi nuovo
+  'add.%subject%': 'Aggiungi nuovo %subject%'
   save: Salva
   publish: Pubblica
   unpublish: Sospendi

src/Kunstmaan/AdminBundle/Resources/translations/messages.nl.yml

@@ -42,6 +42,7 @@ form:
   deletesure: Weet u zeker dat u dit wilt verwijderen?
   edit: Bewerk
   add: Toevoegen
+  'add.%subject%': 'Toevoegen %subject%'
   save: Opslaan
   publish: Publiceer
   unpublish: Publiceren ongedaan maken

src/Kunstmaan/AdminBundle/Security/OAuthAuthenticator.php

@@ -4,6 +4,7 @@
 
 use Kunstmaan\AdminBundle\FlashMessages\FlashTypes;
 use Kunstmaan\AdminBundle\Helper\Security\OAuth\OAuthUserCreator;
+use Kunstmaan\AdminBundle\Helper\Security\OAuth\OAuthUserCreatorInterface;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
@@ -41,11 +42,11 @@ class OAuthAuthenticator extends AbstractGuardAuthenticator
      * @param RouterInterface $router
      * @param Session $session
      * @param TranslatorInterface $translator
-     * @param OAuthUserCreator $oAuthUserCreator
+     * @param OAuthUserCreatorInterface $oAuthUserCreator
      * @param $clientId
      * @param $clientSecret
      */
-    public function __construct(RouterInterface $router, Session $session, TranslatorInterface $translator, OAuthUserCreator $oAuthUserCreator, $clientId, $clientSecret)
+    public function __construct(RouterInterface $router, Session $session, TranslatorInterface $translator, OAuthUserCreatorInterface $oAuthUserCreator, $clientId, $clientSecret)
     {
         $this->router = $router;
         $this->session = $session;

src/Kunstmaan/AdminListBundle/Resources/views/AdminListTwigExtension/widget.html.twig

@@ -82,7 +82,9 @@
                 <!-- Actions -->
                 <td class="table__actions">
                     {% if adminlist.canView(item) %}
-                        <a href="{{ path(adminlist.getViewUrlFor(item)["path"], adminlist.getViewUrlFor(item)[("params")] ) }}"><i class="icon-eye"></i>{{ 'View' | trans }}</a>
+                        <a href="{{ path(adminlist.getViewUrlFor(item)["path"], adminlist.getViewUrlFor(item)[("params")] ) }}" class="link--text table__actions__item" title="{{ 'View' | trans }}">
+                            <i class="fa fa-eye"></i>
+                        </a>
                     {% endif %}
                     {% if adminlist.canEdit(item) %}
                         <a href="{{ path(adminlist.getEditUrlFor(item)["path"], adminlist.getEditUrlFor(item)[("params")] ) }}" class="link--text table__actions__item" title="{{ 'Edit' | trans }}">