Planet Drupal

Subscribe to Planet Drupal feed - aggregated feeds in category Planet Drupal
Updated: 32 min 36 sec ago

ActiveLAMP: Drupal 8 Development in Docker - Redux

Thu, 14/07/2016 - 04:00

Back in December, Tom Friedhof shared how we set up our Drupal 8 development and build process utilizing Docker. It has been working well in the several months we have used it and worked within its framework. Within the time-span however, we experienced a few issues here and there which led me to come up with an alternative process which keeps the good things we like and getting rid of/resolving the issues we encountered.

Categories: Elsewhere

Bevan Rudge: Not so highly critical?

Wed, 13/07/2016 - 23:43

The Drupal security team published a PSA to warn about upcoming security advisories. I shared my advice and predicted attacks within the hour after the security advisories are published. The security advisories are now published. Here is my followup.

I applaud the Drupal Security Team for warning about the highly critical updates. However the public service announcement (PSA) left the impression that this event was going to be much more serious than it was. Such a PSA would have been perfectly appropriate for SA-CORE-2014-005 "Drupalgeddon". But the only PSA there was in hindsight.

I guess it is resonable for the Drupal Security Team to be over cautious, especially given the lessons learned from Drupalgeddon fallout. And of course, such decisions and criticism is much easier with hindsight.

But now I am concerned how the Drupal Security Team can realistically raise the level further there is another vulnerability that is as serious as Drupalgeddon. Even if they raise the alert level using language in the PSA, will people still believe them? It reminds me of the boy who cried wolf.

Of course serious vulnerabilities like these are rare events in Drupal, so there is not yet a standard to compare alert levels to.

read more

Categories: Elsewhere

Drop Guard: There's never a good time for an update

Wed, 13/07/2016 - 22:33

As always, Drupal Security Team did an excellent job and the news on the security vulnerabilities reported on Wednesday wasn't a bombshell for most of us. Everyone had a chance to prepare and pre-allocate resources to take all measures necessary to patch the supported websites. 

A quick recap for those who missed the buzz or just slowly waking up right now.

Drop Guard Drupal Planet Security announcements
Categories: Elsewhere

Freelock : Why you need maintenance on your Drupal Site

Wed, 13/07/2016 - 20:42

Yesterday the Drupal security team gave a dire warning about extremely dangerous security vulnerabilities in multiple contributed modules. The fixes, and the details, would be released at 9am Pacific Time today.

I dropped what I was doing and started going through our customer sites, making sure they were all clean and ready for these updates when they were released.

DrupalDrupal PlanetSecurityUpdatesmaintenanceQuality Assurance
Categories: Elsewhere

Lullabot: Prioritizing with Dual-Axis Card Sorts

Wed, 13/07/2016 - 20:33

At a recent client design workshop, the Lullabot team ran into a classic prioritization challenge: tension between the needs of a business and the desires of its customers. Our client was a well-known brand with strong print, broadcast, and digital presences—and passionate fans who'd been following them for decades. Our redesign efforts were focused on clearing away the accumulated cruft of legacy features and out-of-control promotional content, but some elements (even unpopular ones) were critical for the company's bottom line. Asking stakeholders to prioritize each site feature gave deeply inconsistent results. Visitors loved feature X, but feature Y generated more revenue. Which was more important?

Multi-Axis Delphi Sort to the Rescue, Yo

Inspired by Alberta Soranzo and Dave Cooksey's recent presentation on advanced taxonomy techniques, we tried something new. We set up dual-axis card sort that captured value to the business and value to the user in a single exercise. Every feature, content type, and primary site section received a card and was placed on a whiteboard. The vertical position represented business value, horizontal represented value to site visitors, and participants placed each card at the intersection.

In addition, we used the "Delphi Card Sorting" technique described in the same presentation. Instead of giving each participant a blank slate and a pile of cards, we started them out with the results of the previous participant's card sort. Each person was encouraged to make (and explain) any changes they felt were necessary, and we recorded the differences after each 15-minute session.

With axis balancing user interest and business value, the upper-right corner becomes an easy way to spot high-priority features.

The results were dramatic. The hands-on, spatial aspect of card sorting made it fast and easy for participants to pick up the basics, and mapping the two kinds of "value" to different axis made each stakeholder's perspectives much clearer. Using the Delphi sorting method, we quickly spotted what features everyone agreed on, and which required additional investigation. Within an hour, we'd gathered enough information to make some initial decisions.

The Takeaway

Both of the tools we used—Delphi sorting and multi-axis card sorting—are quick, easy, and surprisingly versatile additions to design workshops and brainstorming sessions. Multi-axis sorts can be used whenever two values are related but not in direct conflict; the time to produce a piece of content versus the traffic it generates is another great example. Delphi sorting, too, can be used to streamline the research process whenever a group is being asked to help categorize or prioritize a collection of items.

Based on the results we've seen in our past several client engagements, we'll definitely be using these techniques in the future.

Categories: Elsewhere

Acquia Developer Center Blog: Mastering Drupal 8 Views - Meet Gregg Marshall

Wed, 13/07/2016 - 20:05

Gregg Marshall contacted me while he was finalizing his book, Mastering Drupal 8 Views, for Packt Publishing. Flatteringly, he asked me whether I'd be willing to write a foreword for it, after having a look at a late draft. I had a look, I liked it, I wrote the foreword and was pleased to run into Gregg at DrupalCon New Orleans. Listen to the audio or watch the video of our conversation. Below is also a full transcript of our chat.

jam: We are still in glamorous, beautiful New Orleans, Louisiana at North American DrupalCon 2016. This is Gregg Marshall. How was your Con, Gregg?

Gregg Marshall: Great, much different from other ones. As I get more involved with the community, it becomes less about going to sessions and more about seeing the people and I help the people.

jam: You help people a lot, right?

Gregg Marshall: I’ve volunteered to be a mentor and I actually got into that by – I’ve showed up in my first couple of sprints and in those days setting up Drupal on a Windows machine was a unique skill that I had and so I found myself doing that more and more. I said, well, if I’m going to spend my whole day setting up other people’s machines, I might as well volunteer!

jam: Right.

Gregg Marshall: I started volunteering to do that. Now, it’s gotten - thanks to Dev Desktop 2, to the point we’re almost through with this.

jam: We’ve made you redundant. I’m sorry. Thank you for your contribution.

Gregg Marshall: ... My retirement party is next week ;-)

jam: How many DrupalCons have you been to?

Gregg Marshall: First one, I went to in the US was 2010, San Francisco. That’s when I made the decision to stop using Drupal and start actually developing using Drupal. had been announced and that was a significant announcement. It became clear that the federal government was going to go that way because Drupal was going to become the IBM of CMS’s. No one will get fired for picking what the White House picked. Standing in line for coffee at the first coffee break, the people in front of me, lamenting the fact that they couldn’t hire developers, no matter how much they paid them. I went, “Okay. I’m a channel marketing consultant. I have to work really hard to convince people that they need me even though they really do, most of them.” With that, I said, maybe I should rethink my priorities and ...

jam: Wait. Fast forward six years, what do you do now, Gregg and for whom?

Gregg Marshall: I’m the senior architect for the State of New York. While I live in Denver, I work in Albany so it is a bit of a commute and I’m responsible for helping build a system that will house all 257 New York State websites. They’re standardized on Drupal. They did that about a year ago and they’re now in the process of building a common platform that will house everything and move everything off many different CMS’s and not CMS’s flat-HTML files into a Drupal environment that is big and Drupal-based.

jam: Your job is Drupal now.

Gregg Marshall: Yes.

jam: The prediction in the first break coffee-line in 2010 in San Francisco, DrupalCon was essentially true?

Gregg Marshall: Essentially true. I’ve thought it would be federal government. I did a project for the SBA but it accidentally ended up being the state in New York and it’s been interesting.

jam: Why not. So, Gregg, please introduce yourself. Tell us who you are and what you do.

Gregg Marshall: I’m Gregg Marshall and I’m a contractor that is working for the, - as we just said, the state of New York in Albany as a senior Drupal architect. I started a two-month contract 41 months ago. I was originally brought in to help with an upgrade from Drupal 6 to Drupal 7, that particular site was interestingly built. It had 800 nodes of PHP in it. So about two weeks into the project, I said, “Yes, we’re not upgrading. The best we could do is migrate.” It took them about a year and a half to get around to doing that and then they went outside and had a company build it for them. Along the way they asked me if I could do a little small site for a project they had and I did that in about a week and then they had another emergency pop-up and we did that in about a week and then they renewed my contract and it just keeps getting renewed.

jam: It sounds almost ideal, frankly.

Gregg Marshall: Other than being away from home, three weeks a month is a bit of a challenge but fortunately I have grown children so they’ve reached the point where actually they backfill the things I should be doing. My younger son actually mows the lawn and fixes the plumbing and does all the stuff and actually that’s good because I don’t really like doing that to begin with.

jam: You’ve got it all worked out, man.

Gregg Marshall: Life’s good.

jam: Six years ago, Gregg Marshall channel marketing consultant, how did you discover Drupal?

Gregg Marshall: Actually, many years ago, we were manufacturer’s reps in the plumbing and heating industry. Our manufacturer’s reps are a contract sales force which is where the channel marketing comes from. These people who sell through other people and don’t actually own their sales force, have a unique management challenge because it’s not like they work for you, you can’t command them to do something. You have to make it more fun to sell your product than anyone else’s because they have a large catalogue of products that they can sell.

jam: Okay.

Gregg Marshall: I had taught a class on how to build the websites using HTML. We were using Microsoft Word 6 with an add-in that allowed you to save as HTML. It was a very interesting process.

jam: It was beautiful HTML.

Gregg Marshall: It was HTML with – I think I figured out how to get a background image on it but that was about the limit.

jam: Right. Lots of non-breaking spaces.

Gregg Marshall: Lots of non-breaking spaces, one pixel gifs, tables.

jam: Oh! Spacer gifs!

Gregg Marshall: Tables of tables of tables to get lay-out on a page.

jam: Kids, this is how we used to build the web.

Gregg Marshall: As a rep, it was interesting because it was right as USA TODAY was running - every issue had – the internet was the big thing and the web was the big thing but that industry is 200 years of tradition, unmarred by innovation. When we announced our website, there were three major type trade publications. All three of them run half a page which is a big deal for a simple, little website. I think we had four pages, five pages. It was just this little thing. From there, I built these little sites and we were doing what are called microsites and I started thinking to myself, this isn’t really the best way to be doing this. I need to probably think about a CMS because I had learned that there were these things called CMS’s and that they were open source. I was actually down to Joomla and Drupal. I had a book on each and I was reading them and I couldn’t really tell and I’d gotten to know the president of the hosting company we’re using at the time. I sent him an email and I said I’m looking at maybe switching to CMS-based publishing. I’ve been down to Joomla and Drupal. What do you know about them? An hour or two later, I get an email back. He said we just run about across our servers and we have more Drupal installations than we do Joomla. It was like, “Okay. I’m doing Drupal!”

jam: Democracy, democracy ...

Gregg Marshall: Based on that recommendation alone, I started learning Drupal.

jam: What version of Drupal was that?

Gregg Marshall: Actually, I downloaded five and put on a server with, at that time, every module that existed for Drupal 5 which is about 400.

jam: What?

Greg Marshall: I remembered going to my first user group meeting and telling everyone that I was just starting with Drupal and that I put Drupal 5 and all the modules on D on my dev site. Someone looked at me and says, “It runs?” What I didn’t know then because I was still so new was there’s a whole big difference between putting the module on your site and enabling the module.

jam: In Drupal 5 Land, giving yourself the permission to actually use it as well.

Gregg Marshall: That was and then so I was learning and experimenting and reading the book and trying to understand Drupal and the announcement of Drupal 6 came that it was going to be out very shortly and I thought, well, it doesn’t make any sense to learn the old version. I might as well just go ahead and switch to the new version - switched to the new version and that was actually the first sites I ever put into production were based on Drupal 6, very early days the Drupal 6 onwards so 2008-ish. I think I’m just passing maybe 10 years on

jam: How many sites would you say you've put together in Drupal by now?

Gregg Marshall: 40? 50? ... as a principal contributor to it. More and more I work on teams, so while I don’t consider myself a themer, I’ve done them but I wouldn’t consider myself a themer. I asked usually to be teamed with somebody who’s a themer, the one I’m working with that I’ve been working with for the last two or three years has really taught me a lot of CSS. I’m finally getting to the point what I consider to be this black magic. It’s not really what you would think it should be pretty well. I should be able to look at something and say, “This is how it happens,” and you go, “But why is it not doing it this way? You find inheritance and all those things and she’s gotten me to the point where I really have started to understand that. Mostly as the architect content-type creator ... Views, I do modules when I need to. I have firm belief that if there’s a contributed module, that the last thing I want to do is write anything custom.

jam: Would you describe yourself primarily as a site-builder/developer or developer/site-builder or how would you ...?

Gregg Marshall: Probably site builder developer. I would put the emphasis on building using existing building blocks that are available to us before I will jump in. I have friends in the community that view all projects as a custom module held together by core.

jam: If you like to write code, you’re looking for excuses to write code. If you want to have more time in your life to do other things, like maybe writing code is not the first thing you want to do, then you have systems like Drupal which let you click together a whole bunch of great stuff and then finish it off with those tiny bits of glue code, custom-code, a new module that you might need along the way but it’s also a matter of taste in a way.

Gregg Marshall: Yes. I think that’s part of it. I think the other part of it is, there’s this belief that, well, if you put too many modules on your site, it will run slow and while there is certainly a component because every module is loaded every page load, the reality is with the modern versions of PHP you have APC built into PHP, you have Varnish and all the proxy server caching. That becomes less, I think, of an issue and more of the, “how efficient can I be putting a site together.” When I look back, for instance, the work I’ve done with New York, a lot of the successes we had were literally ... my favorite are the Governor-initiatives were Thursday afternoon they say, “Tuesday morning, we’re having a press conference. We need a complete site built to support this initiative under this domain.”

jam: They tell you that Thursday.

Gregg Marshall: Thursday afternoon and by Tuesday morning at 10:00 we have to – which means really Monday afternoon by close of business so they can review it and tell you what you didn’t do right.

jam: Yes. So, having a tool like Drupal at your disposal probably helps you get that done.

Gregg Marshall: Yes.

jam: Look. Show me that thing. Look everyone. Look at this micro pretend book cover that we have here for “Mastering Drupal 8 Views” by Gregg Marshall! Gregg, you’ve just written a book?

Gregg Marshall: I have.

jam: In real time we are talking at DrupalCon, New Orleans which is May – what is today?

Gregg Marshall: Fifteenth, 13th, it’s Friday, the 13th. It’s a lucky day.

jam: Oh, that’s right. Middle of May. Is the book out?

Gregg Marshall: The book should be out by the end of the month. They sent me what are called “Pre-flights” which I think are the version right before it hits, goes, gets uploaded to ... whatever process and generates the book itself. The eBook should definitely be out by then. Printed books, I don’t know how long it takes them to print whether they do print on demand or whether they’re actually printing 10,000,000 copies of it because this is going to be a bestseller.

jam: Okay. How many editions are you going for?

Gregg Marshall: I want to have some land in Florida :-)

jam: You’ve built a lot of websites and you’ve been part of a lot of projects and you really ... my impression is that you do spend most of your time in this world of clicking and configuring websites in the administrative backend.

Gregg Marshall: Or helping other people now and much more click and configure. The way the book was written, it sort of follows a person through the process of learning how they build Views because they started as a content editor. That person is actually patterned after someone at the state of New York.

jam: We shall name no names.

Gregg Marshall: We won’t use their name except the person’s name Lynne, happens to be the middle name of the person that did it so if you can find the middle name of that person, you’ll know who I’m talking about but ...

jam: One of Drupal’s killer apps since ... well, realistically Drupal 5 even though it was available in late four ... one of Drupal’s killer apps has definitely been Views, this tool that allows us to make a sophisticated, complicated database queries from a user interface.

Gregg Marshall: Yes. I mean ...

jam: And then display them in any number of ways and the one that I’m most excited about now in Drupal 8 is that it can be a REST endpoint so you have an interface to build APIs and web services. You have a digital business building interface in Drupal 8.

Gregg Marshall: A semi-technical person could put together an API that used to require a Ruby on Rails developer to do and now you can literally from the same time you’re producing the front page of your site, produce an API that would allow a decoupled or app version of that same site be generated using the exact same presentation or data content model but with a completely different presentation layer put on top of it.

jam: We’ve had this amazing tool that I think has given us the edge and maybe really helped adoption and build some of the incredible applications in Drupal 5, 6, 7 and now 8.

Gregg Marshall: And 4.7 and actually it was the first commits were in 4.6 but they never actually got passed a dev version.

jam: Right but I think in Drupal 5 is when it really, really took off.

Gregg Marshall: I think that’s when CCK actually made it to become common ...

jam: The triumvirate of every Drupal 5 site of any significance was Views, Panels, CCK and CCK became Fields in core with Drupal 7, now Views is in core. What does this do for us as a technology platform and as a community? We have this key killer app inside our main release now.

Gregg Marshall: The first thing it did for us is it made Drupal 8 usable almost the day it was released.

jam: Define usable.

Gregg Marshall: When Drupal 7 came out, Views was eight, six months, a year later and you had Fields in core. You could create this rich content and then you couldn’t ever do anything with it because all you had was basically you can take a note and display a back out and whatever you could do within the view mode of that mode and you couldn’t even create new View modes which, of course, Drupal 8 added. Until Views came out, most people didn’t bother moving from Drupal 6 to Drupal – in fact I didn’t. I was still building Drupal 6 sites a year into Drupal 7 and then the right set of modules came, were available and so much of the functionality that you had to wait for the modules to be there for Drupal 7 and especially for Drupal 6 are now part of core that pretty significant sites are being built. We feel comfortable enough about it that the state in New York is building the distribution that we’re going to base all 257 websites on in a Drupal 8 environment.

jam: Oh, I’d love to hear more about that as it comes along. Essentially, you’re saying we’ve got right on the download the Drupal 8 core, we’ve got a usable, deployable product in place.

Gregg Marshall: You have a product that is capable of doing probably 80% of the websites in the world right there. All you have to do is turn on the modules on. You’ve got a bunch of features that go beyond what you might need in a basic website.

jam: You like Views so much that you bought the company. No. That you wrote the ...

Gregg Marshall: No. I bought the company that doesn’t exist that it owns Drupal.

jam: Right, but you have written a book about Views. What prompted you to want to write this? What’s your goal?

Gregg Marshall: An email from Packt. They actually and I’ve always meant to go back and ask the acquisition editor, “How did you find my name?” because I never made it clear I wanted to write a book. I’d flirted with it ...

jam: Packt got in touch with you and said, “Hey, Gregg.”

Gregg Marshall: Got in touch with me. We went back and forth several times. We actually were struggling to come up with a usable outline that they thought was acceptable until I thought of the idea of actually wording it as a story. Once I did that, it made it easier for me to put together. It’s Lynne, the site builder, Jim, the ...

jam: The Drupal service provider.

Gregg Marshall: ... Drupal service provider who also acts as a mentor to Lynne as she’s learning and growing in her role and then Jackson, the cat, who’s somebody to rubber-duck talk to.

jam: I’ve read great stretches of this book. I got to see a preview copy and a couple of things were clear to me. And in a micro-plug for this book, it seems, it was immediately clear to me that Gregg has really lived inside of this toolset and really, really knows what’s going on with Views and with the implications and the use of it in a broader Drupal site building ecosystem. Then, I think that now that I know that they approached you and said, “Hey, can you write us a book about this.” I can picture myself being really, really overwhelmed with, “Now, let me explain Views.” How could you possibly do it without making it just long, dry, boring sort of checklist style ... ?

Gregg Marshall: Like the traditional tech book ...

jam: Right. The difference with this book, the difference that I found really interesting is that I think potentially the best way to use this book is take a weekend or evenings over a couple of weeks and just read it like a book and follow along with the exercises. Gregg, you’ve created a thin premise but it has got a story that is interesting enough if I want to learn to use this tool to keep me engaged and take me through the different options and possibilities along the way. I really liked that approach. It’s something that I haven’t seen before in tech books.

Gregg Marshall: It is fun to do and it is relatively unique. I can’t take credit for coming up with the brilliant idea. I stole the idea from a book called “The Goal” which is the theory of constraints in manufacturing that reads like a novel because it’s sort of written like a novel. Some of the key things, it’s like hiking with the boy scouts and you come to the realization that the troop can only go as fast as the slowest boy. So, he gets thinking about that as they’re hiking and it’s like my production line can only go as fast as the slowest step.

jam: Okay, all right.

Gregg Marshall: That’s the theory of constraints.

jam: Okay.

Gregg Marshall: It was that kind of thinking that helped me with that part of the book.

jam: Why do you say that people should read this book?

Gregg Marshall: They should definitely read it book because of the foreword. That’s the only reason to buy the book is to read the foreword.

jam: Gregg was kind enough to contact me a few weeks ago and ask me to write the foreword and I really – it was unexpected that we had, we were on a really, really tight deadline.

Gregg Marshall: It was an exceedingly tight deadline and I’m amazed you had actually agreed.

jam: But I sat down and I read a bunch of it and I really like it. I was really, really happy to do that. But ignoring the foreword for a second, why should, who should and why should people read your book?

Gregg Marshall: I would say this is a great book. If you are learning how to work through Views, if you’re looking for something that actually sort of actually pulls together all of the various options in Views - I wouldn’t call it the reference book for Views but it certainly walks you through all the things you can do with Views. I think a lot of people don’t know about, certainly a lot of the site builders that we’ve interviewed and hired, will build 10 different displays because they don’t know what a contextual filter is.

jam: Right. Yes. One of the great uses that the narrative was a great excuse for you to really walk through every single menu option, every single configuration, I really like that. Like you say, it might not be the perfect reference book to go and grab something from but a couple of weeks of learning, I felt that it would be a great help.

Gregg Marshall: The interesting thing is given how – things have changed going from Drupal 7 Views to Drupal 8 Views but in many respects 90%, 95% of what’s in the book is just as useful to a Drupal 7 site builder.

jam: Yes.

Gregg Marshall: It is not a programming book. When they first approached me and they gave me a list of the topics they wanted to cover, I said I’d be willing to do it but you can’t have this last topic on the list. I won’t write the book and it’s because they wanted a chapter on “How to write SQL queries.” I said, “First of all that’s SQL, it’s not Drupal.”

jam: It’s the antithesis of what Views is for. Right?

Gregg Marshall: Second of all, it is programming level documentation so you need a book that’s written for a developer, a programmer who’s extending Views. That’s a book that I can’t write. I’m not convinced I have the technical skills to do it. I think it’s desperately needed because I’ve gotten stuck writing plug-ins. I still don’t think I understand what all they do. But if you’re a person that’s using a UI to build a View, this is the book to get.

jam: Fantastic. That is “Mastering Drupal 8 Views” Packt Publishing by Gregg Marshall and I had the great privilege of writing the foreword for that.

Gregg Marshall: You did.

jam: Thank you for asking me.

Gregg Marshall: Thank you and by the way, what an amazing Prenote you did this year in LA, in Barcelona and all of those.

jam: They’re all online, of course.

Gregg Marshall: I have two co-workers from state in New York that are down for the very first DrupalCon and I said there’s only one session you have to go to. Even if you skip the Driesnote, you have to go to the Prenote because that is the place to go.

jam: Thank you and thank you for taking the time to talk with me.

Gregg Marshall: Oh, no. My pleasure.

jam: Great.

Gregg Marshall: I’ll go back and mentor people.

jam: Thanks, Gregg.

Gregg Marshall: Okay.

jam: Bye.

Podcast series: Drupal 8
Categories: Elsewhere

Modules Unraveled: 162 Drupal 8 Enterprise Development with Allan Chappell and David Diers - Modules Unraveled Podcast

Wed, 13/07/2016 - 19:54
Published: Wed, 07/13/16Download this episodeMigration
  • In D7, we used the Migrate Drupal to Drupal module, what’s the case for D8?
    • Speak on pattern of using Migrate Drupal as a basis for a migration.
    • Migration plugins and yml configuration declarations are an improvement on an already excellent module - if you are going to handle migrations like you did in 7 - which might be appropriate depending on your use case
    • Appropriate where you are significantly revising the content model, configuration or site composition.
  • What are some of the pros and cons of the way Migrate Drupal works in D8?
    • Pros
    • Migration of most Drupal settings: registration emails, site name, debug settings, etc.
    • Migration of most fields (work is ongoing to include contrib into upgrade migrations)
    • Migration of all content types with nodes and revisions
    • Cons
    • By default, fixed ids (not ideal for staged work)
    • Miss an opportunity to take out the trash
Configuration management
  • Let’s talk about configuration management. I know from working with you guys that you started out using Features...
    • Tried out a features based approach at first - because it was similar to well established patterns in 7 - but abandoned it for the project
    • Feature branch activity then confex seems to be working out well
    • Configuration import and export has inspired a lot of confidence in getting to known states.
    • The challenge is probably in managing environmental config settings - that’s where Master still might have a place.
    • Using configuration export and import committed to git repo.
    • Challenges of local configuration vs production configuration.
    • Managing code review
    • Automated removal of local configuration
    • Would like to know some other people’s workflows
Episode Links: Allan on Drupal.orgAllan on TwitterAllan’s WebsiteDavid on TwitterDavid on Drupal.orgDavid’s WebsiteDavid on GitHubDavid on SoundCloudMigrate documentation (plugins) issue on how to export migration configurationTags: Drupal 8MigrationConfiguration Managementplanet-drupal
Categories: Elsewhere

Jeff Geerling's Blog: Poor Man's XHProf profiling of Drupal 8 Migrations and Drush commands

Wed, 13/07/2016 - 19:35

On a recent project, there was a Migration run that took a very long time, and I couldn't pinpoint why; there were multiple migrations, and none of the others took very long at all (usually processing at least hundreds if not thousands of nodes per minute). In Drupal 7, if you enabled the XHProf module, then you'd get a checkbox on the configuration page that would turn on profiling for all page requests and Drush commands.

In Drupal 8, the XHProf module was completely rewritten, and as a side effect, the Drush/CLI profiling functionality is not yet present (see: Profile drush/CLI with XHProf in Drupal 8).

Since I don't have the time right now to help figure out how to get things working through the official XHProf module, I decided to use a 'poor man's profiling' method to profile a Migration run:

Categories: Elsewhere How we fixed the perpetual hook_update_N merge conflict problem

Wed, 13/07/2016 - 19:30
If you work on a Drupal site with a development team, you've probably run into merge conflicts created by database updates using the same update number. (E.g. developer 1 creates custom_module_update_7013 in one branch, and developer 2 creates the same update function in another branch) Wouldn't it be nicer if updates used machine names instead, or indeed almost anything besides incremented integers?
Categories: Elsewhere

Drupalize.Me: Drupal 7 Critical Security Update Today

Wed, 13/07/2016 - 18:16

On Tuesday, July 12th, the Drupal security team issued a Public Service Announcement (PSA) about
a *highly* critical security release that happened today, Wednesday, July 13th at 4pm UTC. This security release gets the extra push of *highly* and a PSA because this very dangerous vulnerability will allow an attacker to execute their own PHP code on your site. Here are a few important things to know.

Categories: Elsewhere Highly Critical Security Updates released (per PSA-2016-001)

Wed, 13/07/2016 - 18:03

You may have noticed a PSA from the security team about some highly critical security updates coming out today.

The security advisories have just been released (for Drupal 7):

They are considered Highly Critical because they are Remote Code Execution (RCE) vulnerabilities, which means that attackers could potentially run aribitrary PHP code on your server, which they could use to add a backdoor to your system, compromise other sites or services, or use your server to attack other servers. These vulnerabilities also are exploitable by anonymous users, or via permissions commonly granted to anonymous users (ie. the ability to fill out a Webform), so there are few mitigating factors.

Luckily, these only affect sites using these modules (Coder, RESTful Web Services or Webform Multiple File Upload), which the security team estimates as being between 1,000 and 10,000 sites.

However, the Coder vulnerability requires special note because it's possible to exploit sites that have the module even if it's disabled or uninstalled - simply having the Coder module present on your server and accessible to the web could make it vulnerable! Since this module is meant for development, we recommend just removing it from production servers.

If you use any of the above mentioned modules on your Drupal 7 site, we recommend updating as soon as possible (or in the case of Coder, removing it).

If you're a myDropWizard customer, we've already made the updates (deployed directly to your site in most cases, or sent to you for testing if you've requested that as part of your workflow).

If you're interested having myDropWizard perform support and maintenance on your site or your clients' sites so that you don't have to worry about this sort of thing, please contact us!

Categories: Elsewhere

Code Enigma: Viewport module ready for Drupal 8

Wed, 13/07/2016 - 17:45
Viewport module ready for Drupal 8 Language English Viewport module ready for Drupal 8

A tiny yet useful tool for administrators to define the viewport of pages on their site

Wed, 2016-07-13 16:45By salva

Last week I had the chance to finish off the port of the Viewport module to Drupal 8. At its core, it's a very basic utility that allows site administrators to use configure the viewport values that they want to use on the site (or just on certain pages). Originally, we had to develop this module for a client that wanted to embed certain games for tablets, which required very specific viewport values in order to work. 

Even though there was already a D8 version of the module, it dated from 2013, when Drupal 8 was way different to what it is nowadays, which means that version was not even working anymore. As I've been spending some time to catch up with Drupal 8 recently, I decided to start with this one, as it's the simplest project in the list of modules that I've created or maintain, yet it had enough components to get familiar with plenty of elements of the new Drupal codebase.

Interested about using it on your site? Then head over to the project page and download the Drupal 8 version. After installing it, this is the settings page that should welcome you in the Appearance section of the site.

Pretty simple, indeed, as there is nothing else you can add to a viewport tag. Right now the stable release will stay as a dev release, since I want to do a bit of refactoring to get rid of the last bits of procedural code and move them into a simple service that I can put in a class, and add unit tests for them. At that point, the 8.x-1.0 tag for the stable release will be added.

Next one?

While working on the port, I kept a diary with plenty of notes about the new things that I came across, and several links to the related documentation on I found it a really good way to absorb all the information, instead of simply fixing and forgetting.

The sad thing is that after finishing this, I wasn't entirely satisfied. There are still tons of things to catch up with, and only so much time in the day. The good news is that my list of contrib projects still has some good candidates for a port, that would allow me to explore other parts of the framework. The User Homepage module is one of them, and it may be the next one. Watch this space!

Case studyDesign-led Drupal for a local authority Blog#AberdeenCloud - what happened? BlogDoing more with Drush sql-sanitize PageHosting Service Comparison
Categories: Elsewhere

Acquia Developer Center Blog: Drupal 8 Module of the Week: Fast 404

Wed, 13/07/2016 - 15:50

Each day, between migrations and new projects, more and more features are becoming available for Drupal 8, the Drupal community’s latest major release. In this series, the Acquia Developer Center is profiling some prominent, useful, and interesting projects--modules, themes, distros, and more--available for Drupal 8. This week: Fast 404.

Tags: acquia drupal planetperformance404 response
Categories: Elsewhere

Deeson: 24 things about Drupal 8 every CTO should know - Part 3

Wed, 13/07/2016 - 09:52

Are you one of the growing number of CTOs who is preparing to migrate to Drupal 8? Our technical lead John Ennew has gathered together all of the questions we’ve received to bring you some useful answers (to see all we’ve covered so far, you can read part 1 and part 2 of this post). In the final part of our mini-series, we’re going to tackle three topics: Drupal 8 in the enterprise, architecture changes, and the crucial issues of performance and security.

Drupal 8 in the enterprise 15. Does Drupal 8 make enterprise development practices such as automated testing easier?

Several improvements in Drupal 8 make it a more effective platform for practising continuous development.

The configuration management system means configuration now lives in code in a standard way meaning code can be safely transferred between environments and its behaviour is now predictable.

Drupal 8 code makes more use of objects and PHPUnit is supported by the testing infrastructure within the core codebase, meaning all code can now be written with unit tests.

Drush, the Drupal CLI tool, has been updated to work with Drupal 8 already, and can be used to automate most deployment activities from testing the quality of the custom code using the coder module, to testing the functionality using PHPUnit.

Automated testing, outside of the core codebase, has also been improved with Drupal 8. The core product now includes PHPUnit which is a test runner which allows both Unit and Functional tests.  These are more robust tests that run much quicker than previous versions.

Since PHPUnit is a well recognised tool in the wider PHP developer community, hopefully finding people to write tests and finding resources to help developers get to grips with testing will be easier with Drupal 8.

Drupal 8 is also supported by the popular Behat testing framework for Symfony allowing well formed behaviour driven development practices (BDD).

16. Is it easier to manage a large portfolio of sites with Drupal 8?

Drupal 8 is a good choice for organisations maintaing large portfolios of sites. Drupal is the most flexible and extensible CMS and so can be used to develop both small, simple websites but also larger, more complex ones. By choosing to consolidate on Drupal you can reduce the development effort required in maintaining a large estate.

Drupal 8’s RESTful APIs allows you to develop the sorts of enterprise tools needed to manage an estate of sites. Features like Drupal’s multi-site and the Group module mean that you can also take a single Drupal codebase and use it to deliver multiple websites.

In addition, the new Configuration Management system means that changes can be deployed to a large number of sites far more reliably than with Drupal 7. While there will always be complexities with such approaches Drupal 8 is flexible enough to adapt to your specific requirements.

17. Has configuration management improved in Drupal 8?

Configuration management is the ability to define the configuration of a software application like a Drupal website in a testable, versionable way. In Drupal 7 it was often the case that configuration had to be done manually in each environment after a release rather than defining the behaviour of the website in each environment within the code of the website.

Drupal 7 had some addons that made exporting configuration to code possible such as the Features module, but these were never done in an entirely satisfactory manner and each module had to define its exportable behaviour to Features.  

In addition, the variable table in Drupal 7 became a dumping ground of both configuration and state for each environment which meant that determining what needed to be exported into configuration in code and what could be safely ignored on a per-environment basis was complicated, time consuming and could lead to errors during deployment.

The Configuration Management Initiative in Drupal 8 has brought a standardised way for modules to define their editable configuration. Site builders can then export the configuration for an environment into configuration files which can be put into the website’s version control system and changed on a per-environment basis. This allows configuration to be audited, rolled back and be testable.

Architecture changes 18. What does Drupal 8 mean for ‘headless Drupal’?

Headless Drupal or Decoupled Drupal are terms used to describe the system’s architectural practice of separating the back-end and theming components of Drupal. In such an architecture, Drupal is used as a Content Management System for data entry and retrieval, but the rendering of web pages of content to end users (the theming layer) is passed over to another tool.

This allows development teams to build rich internet applications, mobile applications or apps for devices such as smart TVs, watches or the next Google Glass. Each of these devices have their own theming mechanisms and all of them just want pure data from the Content Management System.

Drupal 8 is capable of outputting data not just as HTML but in many forms such as JSON or XML. How it delivers data depends on the device or application which is requesting the data.

Choosing Drupal 8 as the Content Management system is a good investment for the future. Initially it may just be a website delivering to traditional web browsers, but later other apps or dynamic internet applications may be built which use the same Drupal back-end for retrieving their data.

The Drupal community as a whole is actively developing a variety to tools to make Headless or Decoupled Drupal increasingly easier. There are now modules that allow Drupal to provide GraphQL responses, the core REST APIs are improving and best practices around how to integrate with front-end frameworks such as Angular or React are being developed.

19. Does Drupal 8 change how Drupal integrates with other systems?

There are two levels at which Drupal 8 provides significant steps forwards.

At the PHP application level Drupal 8’s inclusion of standard PHP libraries means that for any particular application it is likely that a good external library already exists. There is less of a reliance on a single developer working inside of the Drupal ecosystem to meet your integration needs.  In addition, the new plugin system within Drupal means that extensions to Drupal can easily be developed. This technology maintains Drupal’s position as the most extensible and flexible CMS framework available.

At the API level Drupal 8 provides mechanisms for interacting with its data via a RESTful API allowing it to easily integrate with other systems.

20. Is the database abstraction layer any different?

In Drupal 7 a process began to standardise how information is described and stored in Drupal through the Drupal Entities. This model was only partially implemented in 7 but Drupal 8 takes this much further to make it become the only model developers need to use.

As such,  developers working on developing websites with Drupal 8 will work at the Entity level rather than the database level. This allows Drupal 8 websites to work agnostically with a larger number of database technologies, not just the traditional relational ones such as MySQL. For example, it is possible to use NoSQL solutions such as MongoDB as the database storage layer with a Drupal 8 website.

In Drupal 8, the database API is pretty much the same as Drupal 7, but developers should almost never be making database calls directly unless they are developing core APIs.

21. I’ve heard Symfony is used heavily in Drupal 8 core, what are the implications?

In previous versions of Drupal all the code within Drupal was built by members of the Drupal community. In Drupal 8, the developers have embraced other projects like Symfony directly incorporating Symfony components in Drupal, and, likewise, are building libraries which can be reused in other projects. Rather than re-inventing the wheel, Drupal 8 includes components developed by a larger community to solve common problems.

This means that Drupal benefits from a more stable codebase used in more projects. In return, projects like Symfony also get the benefit of more people making use of their code and so becomes more robust in the process.

A key addition benefit is that developers familiar with Symfony and not Drupal will now be able to move into Drupal development with much less effort. This opens up the pool of talent development teams can draw on.

Symfony is written using industry standards and best practices, such as PSR-4 name spacing of classes, these have been incorporated in Drupal 8.

Performance and security 22. Are there performance improvements in Drupal 8?

Drupal 8 is not necessarily faster out of the box when compared to Drupal 7 but pure page load speed is less relevant these days. Drupal 8 can scale much better and that is in large part due to a complete redesign of the caching system and the page build pipeline.

In Drupal 7, often when a cache needed to be cleared the only option was to clear all caches meaning that a small change could cause a greater strain on the website as all the caches had to refill.  Caching usually occurred at the page level as well in Drupal 7, which meant that either the whole page was returned from cache or the whole page needed to be regenerated. For logged in users, generally no caching happened and the whole page was generated for every page request.

In Drupal 8 the caches are much more complex and caching can be defined and cleared in a fine-grained manner. The new Cache Tags system allows, for example, pieces of a page to be cached so that logged in users might receive most of a page from cache and just the link to their account is generated. Cache Tags also allows the developers to define specific cache-clear scenarios for their sites based on the known behaviour of the site - for example, it is possible to clear all caches which contain information about user with id 300 following an update to their account without clearing every other user’s cached data.

In addition, the cache system, like much of Drupal 8, is pluggable which means that better caching tools can be plugged in at all levels. For large, complex sites, much more precise selections of tools can be used to improve performance.

The way the page build pipeline works has been overhauled in Drupal 8 meaning that a web page is built in a much more efficient manner to previous versions of Drupal. There is also a general ‘fast by default’ principle used by the Drupal 8 core development which makes sure that nothing needs to be enabled to provide performance boosts for Drupal 8.

There two architectural improvements meant that advanced page rendering techniques such as Big Pipe could be made a part of a Drupal and in Drupal 8.1 the Big Pipe module was introduced. This technique, pioneered by Facebook, allows for different components of the page to be delivered asynchronously and while overall page build time does not improve the user’s experience of the page build is greatly improved. It feels as if the page loaded much faster because the key components can be delivered first allowing the user to focus on them while secondary components are delivered subsequently.

23. Has High Availability (HA) improved in Drupal 8?

Drupal has been used in HA environments for many years now and is a well understood problem. Drupal 8 is similar to Drupal 7 in this respect. The improvements to the caching layer means that more complex strategies are now possible with Drupal 8 and additional thought may optionally be put into the configuration of caching tools.

24. Does Drupal 8 have any major differences in its approach to security?

The key headline with respect to security in Drupal 8 is that it is now much harder for oversights or simply bad development practices to introduce problems. At the theming layer the use of the introduction of Twig templating system as a substitute to PHPTemplate means that there is no need for PHP code within templating. Twig is full of features for ensuring a secure theming layer, which has historically been a common source of security vulnerabilities.

Another common vulnerability was introduced through site builders manually configuring text filters for a variety of third party WYSIWYG editors. While such editors are a must for a content management system installing them wasn’t supported natively by Drupal core and was one of the more complex tasks of a site builder. In Drupal 8, the CKEditor editor is included as standard with sensibly configured defaults which will work for most cases and be secure.

The PHP module has been removed from core which allowed site builders to write PHP code in the browser. This led to bad practices and also allowed a way for a malicious user who gained higher privileges in the website due to poor configuration to execute code on the server.

All input variables from the URL are properly declared by the new routing system. This means bad or unexpected data types get filtered by default. The previous CSRF protection provided by Drupal 7’s core APIs are also still available in Drupal 8.

A team of volunteers called the Drupal security team have managed looking for security issues in Drupal core and managing the security issue queue and advisory notices.

With so much third party code now required for Drupal 8 to work, managing security advisories to external libraries is more important. Modules making use of external libraries can alert to security problems with their dependencies via the hook_requirements event.

In Drupal core, external code actually forms part of the Drupal 8 codebase. When security problems are found in that code, the security team must then work with the third party developers to fix the problems and ensure security advisories affecting both code bases are released together.

Drupal 8 doesn’t provide an automated way of applying updates out of the box. However it’s possible for companies using Drupal websites to do this via a continuous integration process using the drush command line tool, version control and automated tests.

So there you have it; some straightforward answers to Drupal 8’s most commonly asked questions. Have you found it helpful? If so, don’t forget to share it with your network on social media.

Categories: Elsewhere

GVSO Blog: [GSoC 2016: Social API] Week 7: Miscellaneous

Wed, 13/07/2016 - 02:50
[GSoC 2016: Social API] Week 7: Miscellaneous Week 7 is over, and we are working hard to have the Social API project ready before GSoC final evaluation. This week was particularly different from others. In week 7, I focus on many different tasks: from code to documentation and from closing issues to testing patches. gvso Tue, 07/12/2016 - 20:50 Tags Drupal Drupal Planet GSoC 2016
Categories: Elsewhere

Talha Paracha: GSoC'16 – Pubkey Encrypt – Week 7 Report

Wed, 13/07/2016 - 02:00

This week’s work started by the integration of Travis CI into the Github repo of Pubkey Encrypt. Initially, we thought that we’d move the project from Github to D.O after releasing a working prototype of the module. But now we have decided to keep both the repos as is the case for many D8 modules. Now Travis CI is free for all open-source projects hosted on Github. For those who don’t know, Travis is a Continuous Integration software which, in simple words, makes a build of a software project upon each commit or PR in the repo and then runs the user-defined tests on it. A passing build means that the new changes pass all the tests, and a broken build denotes the other case. This is used to ensure that any new functionality added to the project doesn’t end up accidentally breaking something else in it. And such a setup is very important in any agile software development methodology, where the product is developed incrementally.

Categories: Elsewhere

Hook 42: Writing My First Drupal 8 Module

Wed, 13/07/2016 - 01:48
Tuesday, July 12, 2016

While it’s amazing how easy it is for an experienced Drupal 7 site builder to get around using the Drupal 8 UI, the same is not true for writing code for D8. As has been made clear for years now, Drupal 8 is very different inside. Many of the hooks we know and love have gone away, most procedural code has been replaced with interfaces, classes, and methods, and there are scads of YAML (Yet Another Markup Language, .yml file extension) files that wire everything together. How does a developer get her/his footing in this slippery new landscape?

I set out to write a new contrib module, Admin Status (please visit the project page for more details and to download the source code). Its goal is to provide a way to add reminder status messages that are displayed to selected users under particular circumstances. An example message might be to display a warning, “Cron hasn’t run in over 3 hours”, to users with the administrator role. Admin Status currently doesn’t actually do that specific thing, it provides a framework for adding message plugins that can be enabled and disabled, and the plugins determine what and to whom to display a message.

For Drupal 7, we can easily imagine how this module would be constructed: 1) provide hook_admin_status_info to allow message plugins to register; 2) provide an administration page that lists the registered plugins and allows them to be enabled and disabled, saving the status to an Admin Status entry in the variable table; and 3) writing admin_status_init, which runs at the beginning of each page request and loops through all the enabled plugins, calling their hook_admin_status_view function to retrieve a message and status level, which are then supplied to drupal_set_message. Two files for the module, plus an example plugin file, and we’re done.

Where to start?

For Drupal 8, it can be difficult to find firm ground from which to start. It seems like a D8 module is composed of dozens of little files in a complex directory structure. Of course, we know that this will be a big advantage eventually, because everything is autoloaded and so Drupal can minimize its footprint and only run code needed to generate the page. But, it is hard to grasp what exactly is needed to build a particular module.

One great place to start is with the Examples module. It has completely functional modules that show how to work with the different systems inside Drupal… and Symfony, for that matter. Because it seemed to be at the heart of what I wanted to accomplish, I used the plugin_type_example module as the basis for my own.

The example shows how to find plugins that are registered in the system via annotations (special comments that include data that is compiled into Drupal’s configuration - see more about this below), as well as incidental information about how to register a route (a URL to a page) and build a page for display.

I began by copying the plugin_type_example module’s code to my module’s directory. I went through the subdirectories and files, renaming everything to match my new module’s name. From this exercise, I began to understand how things were structured and what the various .yml files specified.  

Directory Structure and Namespaces

Before even diving into the code, it was clear that a module’s directory is highly structured and fine-grained. The root usually has some .yml files and a .module file. The latter is often not needed because Drupal will find what it needs from the .yml files; but you can implement things like hook_help() in here. Sometimes a .install file is needed. If the module provides a hook-based API, then there will likely be a .api.php file too.

├── plugin_type_example.api.php



├── plugin_type_example.module

├── plugin_type_example.routing.yml


└── src

    ├── Controller

    │   └── PluginTypeExampleController.php

    ├── Plugin

    │   └── Sandwich

    │       ├── ExampleHamSandwich.php

    │       └── ExampleMeatballSandwich.php

    ├── SandwichInterface.php

    ├── SandwichPluginManager.php

    └── Tests

        └── PluginTypeExampleTest.php

Also in the module root directory are the src and, perhaps, config directories. The config folder typically will have .yml files that describe configuration that you might normally build in the UI, like node types, fields, and so on. It also may have subdirectories for database table schemas and config that is added to the system at module install time. Although not in the plugin example, some of the other examples do have this directory.

In the src directory, there are files for services and interfaces defined by the module, along with subdirectories for the other class types in the module. The directory structure is mirrored in the namespaces used inside each of the source files. If you want to find the ExampleHamSandwich plugin class in the plugin_type_example module, then you know it’s going to be in plug_in_type_example/src/Plugin/Sandwich/ExampleHamSandwich.php. Similarly, if you need to use the SandwichInterface, then you need to use \Drupal\plugin_type_example\ in your code and you know that modules/plugin_type_example/src/SandwichInterface.php will be referenced.

Dependency Injection

Right off the bat, I noticed a very important concept being used: dependency injection. If you haven’t encountered this idea before, it sounds like a mysterious buzzword. (At a session at DrupalCon a couple years ago, I heard it described as a $5 buzzword for a 25¢ idea.) The idea is that a module’s code shouldn’t have specific references to outside dependencies or services; these should all be passed in. Doing so decouples the module from the rest of the system and makes it possible to test it in isolation. It also allows for outside systems to change or be entirely swapped out without modifying code inside the module.

In Drupal’s case, a lot of this dependency injection happens by specifying the services needed by a class in the services.yml file (, in my case). When the system instantiates an object of a class, for example, a plugin manager or a form, an arguments list in the services.yml file can specify what services should be passed into the constructor.

Plugins and Annotations

Plugins are a generic way of adding customized functionality, that are used throughout Drupal 8. Plugin subclasses replace a number of different procedural interfaces that existed in Drupal 7; think of all the hook_xxx_info hooks that we used to have to work with. Drupal has a plugin framework ([docroot]/core/lib/Drupal/Component/Plugin) that provides for creation, discovery, enumeration and individual plugin access.

To use this framework, a developer creates a plugin manager subclass, a plugin subclass, and an interface that provides the specific methods needed to use the plugin type they are creating. By subclassing from Drupal’s plugin classes, the new plugin type gets the standard features described above, and usually only needs the specific code to support the features of the particular plugin type. When a new instance of a given plugin type is needed, the developer needs only to subclass the plugin type class and implement the methods in the interface.

The next important thing I saw were the annotations that were included in each of the example module’s plugins. Annotations are a particular kind of comment included with a class declaration. These are recognized and parsed during module discovery, and any configuration information is captured and stored in the database.

Drupal’s plugin classes automatically support annotations. Plugins use annotations to provide at least a machine name, but can have much more information. In fact, for particularly simple plugins, it may be the case that no actual code is required at all, just the configuration information in the annotation.

To build the Admin Status plugin types, I copied the plugin_type_example files and renamed them. I went through the code and changed machine names, directory names and class names to match. I changed the annotation information to include a machine name and a label (human readable name). I created an AdminStatusInterface interface to describe the specific methods my plugins had to provide and  changed the constructor for the plugin manager to know about the Admin Status plugin interface.

Finally, I created the src/Plugin/AdminStatus subdirectory and added two files there. The first, AdminStatusPluginBase.php, contained an implementation of the AdminStatusInterface with default methods. Then I created DefaultMsg.php, my test case plugin, which subclassed AdminStatusPluginBase and overrode just those methods that needed changing.

Forms and Configuration

The next thing needed was to create an administration form page. I needed to place this in the administration menu under Configuration > System. I started out by looking at the config_entity_example code. Config entities are like other entities in Drupal, they have bundles and can have attached fields. They are stored in their own tables in the database, but their default form is stored as YAML, so they can be recreated, the way one might revert Features in Drupal 7. This was overkill for what Admin Status needed.

Fortunately, I came across this very nice blog post by Hillary Lewandowski about building forms, and administration configuration forms in particular. Drupal 8 has a config system that provides the kind of settings storage that is more on the level of the old Variable system in Drupal 7. These settings are saved out into YAML files, of course, so they can be committed to a code repository.

Design Patterns at Work

One thing I do want to mention, which is emphasized in Hillary’s blog, is the idea of Design Patterns. These are generalized ways of handling certain kinds of programming problems that have proved to work well in the past, and are (or will become) familiar to other programmers, making it easier to pick up the code.

In this case, I saw the Factory pattern being used as a way to support instantiating classes when the constructor may have wildly different parameters from its superclass and/or sibling classes. Rather than getting a new object by directly asking for new AdminStatusForm, this pattern has you call AdminStatus::create, which is a static function of the class, and has a uniform call signature for all ConfigFormBase subclasses. The create method takes the Services Container as its only parameter and then invokes new AdminStatusForm with its particular requirements. This allows the class constructor function to have whatever parameters it needs, so it isn’t constrained by its superclass, and it doesn’t constrain any subclass that might extend it.

The idea of Design Patterns was originally laid out in the eponymous classic book published in 1995 (you can find it at Amazon or any other technical bookseller). The four authors discuss 23 such patterns in three broad categories: Creational, Structural, and Behavioral. (The Factory pattern is in the Creational category.)

Catching Events

Over the last couple years you may have been unable to avoid the phrase Proudly Invented Elsewhere, or the discussion about Getting Off the Island, or indeed, the news that Drupal was integrating another open source project, Symfony, into its basic infrastructure. Symfony is a web application framework that handles all the details of receiving web requests and returning responses. It provides an event model to do this. You can see how this happens in great and gory detail by viewing Wim Leers’ Drupal 8 Render Pipeline talk.

The final piece of this puzzle is getting hooked into each page creation so we can display the enabled messages on each page by calling drupal_set_message. To do this, we need to register an event subscriber to catch Symfony’s kernel.request event, which is triggered when a request begins processing. This is similar to Drupal 7’s hook_init.  

Because, by this point, I actually had a clue about what I needed to produce at this step, I turned to Drupal Console, the brainchild of Jesus Manuel Olivas. This is a command line tool akin to Drush. Once you install it and then visit the top directory of your module, you can use it to generate all of the boilerplate for a particular kind of class (among other things). By running drupal generate:event:subscriber and answering a series of questions, it produced the necessary class and YAML settings. You can see all that it can do by running drupal list.

When I did this, Console created the file src/EventSubscriber/AdminStatusEventSubscriber.php, which contains the event subscriber class AdminStatusEventSubscriber, which extends EventSubscriberInterface. Console included code for static function getSubscribedEvents (which returns a list of all the events that the class would like to catch, and which method to call for each) and a boilerplate implementation of the kernel_event method to handle the kernel.event event. Console also added admin_status.eventsubscriber to the file, including the plugin.manager.admin_status service dependency injection argument and these two lines:


     - { name: event_subscriber }

They tell the system to add our class to the list of event subscribers that Symfony should query (by calling getSubscribedEvents).

In our case, all that was needed was to change the boilerplate code in the kernel_event method so that it:

  • Gets the configuration information saved from the administration form
  • Loops through each potential plugin
    • Checks to see if the plugin is enabled
      • If so, instantiates the plugin
      • Gets the configuration data for the plugin
      • Retrieves the status and message from the plugin
      • Calls drupal_set_message with the status and message as parameters

For experienced Drupal developers, it may be difficult to harken back to those difficult and confusing days when first learning about Drupal hooks, the detailed knowledge needed to interact with each separate subsystem and the endless, deeply nested arrays, whose content could only be discerned with dpm() calls or a debugger. The struggle involved to master Drupal 6 and 7 subsystems left a lot of developers pretty frustrated:


In Drupal 8, while there are more “moving parts” (individual class files, subdirectories to collect like type classes and a selection of YAML files) needed to build a module, the ideas are more uniform, which I believe will make building a Drupal site easier, with some experience, than in the past. Perhaps this can smooth out some of the steeper parts of the Drupal Learning Curve!

Darryl Richman Topics: Services:
Categories: Elsewhere

Torchbox: Highly Critical Drupal Security Update

Wed, 13/07/2016 - 01:00

Drupal’s Security Team have announced that at 17:00 BST today, they will be releasing security updates to several contributed modules for Drupal. 

Categories: Elsewhere

Bevan Rudge: Drupalgeddon; Are you ready?

Tue, 12/07/2016 - 23:57

The Drupal security team announced multiple highly critical updates to Drupal contrib modules in PSA-2016-001. Expect attacks within less than one hour from the announcement; 18 hours from the time this article is published. This is probably going to be Drupalgeddon all over again.

My advice

read more

Categories: Elsewhere

ImageX Media: Insights from a Web Redesign that Transformed our Online Presence

Tue, 12/07/2016 - 22:36

One of the greatest benefits of working in our field is the opportunity to connect with industry leaders who we might not have crossed paths with otherwise. Our clients span the gamut -- from higher education, to technology and beyond -- and Noe Marti from Verimatrix is one of those leaders. Noe was kind enough to contribute to our blog, sharing some of the insights that Verimatrix learned from a recent website redesign that they partnered with ImageX on -- and that ultimately transformed their online presence entirely.

Categories: Elsewhere