Planet Drupal

Subscribe to Planet Drupal feed
Drupal.org - aggregated feeds in category Planet Drupal
Updated: 9 hours 23 min ago

Acquia Developer Center Blog: Experience Express in Philadelphia: Promoting Drupal at Drupaldelphia

1 May 2018 - 7:54am

When Phillies hats begin to dot the landscape and one of the most beautiful train stations in the country materializes around you, you know you're in Philadelphia, a city I can never seem to stop loving. After a brief hiatus, Drupaldelphia was in full swing this year, attracting developers, creatives, and businesspeople from all over Pennsylvania and surrounding states to a conference that is always full of pleasant surprises.

Tags: acquia drupal planet
Categories: Drupal

Zoocha Blog: Drupal and Bootstrap

1 May 2018 - 6:07am
Drupal Drupal and Bootstrap

Bootstrap 3 With all previous large scale Drupal projects, we have used Bootstrap 3. It has worked well as an all round solid framework with a good structure for handling mobile and desktop styling. The grid system is the most useful and helpful thing about it, saving us time and…

01 May 2018 Drupal and Bootstrap
Categories: Drupal

Zivtech: How to Prevent Your Server from Getting Hacked

1 May 2018 - 2:00am

When coming up with a security plan for your Drupal website, or any website for that matter, you need to take several key factors into account. These key factors include your server host, server configuration, and authorized users. Typically, the weakest link in that chain is how your authorized users access the server, so first we want to secure access to allow your admins and developers in, but keep hackers out.

Hosting Provider

Choosing your hosting provider is one of the most important decisions to make when it comes to site security. Your server is your first line of defense. Not all hosts have the options that you need to implement best practices for securing the server itself, let alone websites or other services that will be running on it too. 

At Zivtech, we use VPS servers for some hosting solutions for our clients, but we also use specialized hosting solutions such as Pantheon and Acquia when it makes sense. Taking the time to figure out which services your site(s) needs prior to moving to a host will save time later; you won’t need to move to another when you realize they don’t provide the services you really need. It’s the concept of “measure twice and cut once.”

Authorized Users

Many shared hosting solutions are set up with cPanel, which typically gives users FTP access to their web server environment by default. FTP is not encrypted like communications over SSH, so configuring sFTP is recommended if that’s all your host allows. 

Read more
Categories: Drupal

Matt Glaman: Using Drupal Console to manage your RESTful endpoints

1 May 2018 - 2:00am
Using Drupal Console to manage your RESTful endpoints mglaman Tue, 05/01/2018 - 04:00

This is a follow up to my early blog post about enabling RESTful web services in Drupal 8Jesus Olivas, one of the creators of Drupal Console, brought up that you can actually manage your RESTful endpoint plugin configurations direct from the command line!

Categories: Drupal

Appnovation Technologies: Expert Corner: Getting started with React and Drupal

1 May 2018 - 12:00am
Expert Corner: Getting started with React and Drupal Over the weekend I decided it was long overdue that I learnt React, or at least understood what all the fuss was about, so with npm in hand I installed yarn and started my quest. We're going to use Create React App to setup our base React install. First install then run the command to create a react app called "drupal-react": ...
Categories: Drupal

Lullabot: JSON-RPC to decouple everything else

30 April 2018 - 9:43pm

At this point, you may have read several DrupalCon retrospectives. You probably know that the best part of DrupalCon is the community aspect. During his keynote, Steve Francia, made sure to highlight how extraordinary the Drupal community is in this regard.

One of the things I, personally, was looking forward to was getting together with the API-First initiative people. I even printed some pink decoupled t-shirts for our joint presentation on the state of the initiative. Wim brought Belgian chocolates!

undefined

I love that at DrupalCon, if you have a topic of interest around an aspect of Drupal, you will find ample opportunity to talk about it with brilliant people. Even if you are coming in to DrupalCon without company, you will get a chance to meet others in the sprints, the BoFs, the social events, etc.

During this week, the API-First initiative team discussed an important topic that has been missing from the decoupled Drupal ecosystem: RPC requests. After initial conversations in a BoF, we decided to start a Drupal module to implement the JSON-RPC specification.

undefined

Wikipedia defines RPC as follows:

In distributed computing, a remote procedure call (RPC) is when a computer program causes a procedure (subroutine) to execute in a different address space (commonly on another computer on a shared network), which is coded as if it were a normal (local) procedure call, without the programmer explicitly coding the details for the remote interaction.

The JSON API module in Drupal is designed to only work with entities because it relies heavily on the Entity Query API and the Entity subsystem. For instance, it would be nearly impossible to keep nested filters that traverse non-entity resources. On the other hand, core’s REST collections based on Views, do not provide pagination, documentation or discoverability. Additionally, in many instances, Views will not have support for what you need to do.

We need RPC in Drupal for decoupled interactions that are not solely predicated on entities. We’re missing a way to execute actions on the Drupal server and expose data that is not based on entities, for read and write. For example, we may want to allow an authenticated remote agent to clear caches on a site. I will admit that some interactions would be better represented in a RESTful paradigm, with CRUD actions in an stateless manner on resources that represent Drupal’s internals. However because of Drupal’s idiosyncrasies sometimes we need to use JSON-RPC. At the end of the day, we need to be pragmatic and allow other developers to resolve their needs in a decoupled project. For instance the JS initiative needs a list of permissions to render the admin UI, and those are stored in code with a special implementation.

Why the current ecosystem was not enough

After the initial debate we came to the realization that you can do everything you need with the current ecosystem, but it is error prone. Furthermore, the developer experience leaves much to be desired.

Custom controllers

One of the recommended solutions has been to just create a route and execute a controller that does whatever you need. This solution has the tendency to lead to a collection of unrelated controllers that are completely undocumented and impossible to discover from the front-end consumer perspective. Additionally, there is no validation of the inputs and outputs for this controller, unless you implement said validation from scratch in every controller.

Custom REST resources

Custom REST resources have also been used to expose this missing non-entity data and execute arbitrary actions in Drupal. Custom REST resources don’t get automatic documentation. They are also not discoverable by consumers. On top of that, collection support is rather limited given that you need to build a custom Views integration if it’s not based on an entity. Moreover, the REST module assumes that you are exposing REST resources. Our RPC endpoints may not fit well into REST resources.

Custom GraphQL queries and mutators

GraphQL solves the problem of documentation and discovery, given it covers schemas as a cornerstone of the implementation. Nevertheless, the complexity to do this both in Drupal and on the client side is non-trivial. Most important, bringing in all the might of GraphQL for this simple task seems excessive. This is a good option if you are already using GraphQL to expose your entities.

The JSON-RPC module

Key contributor Gabe Sullice (Acquia OCTO) and I discussed this problem at length and in the open in the #contenta Slack channel. We decided that the best way to approach this problem was to introduce a dedicated and lightweight tool.

The JSON-RPC module will allow you to create type-safe RPC endpoints that are discoverable and automatically documented. All you need to do is to create a JsonRpcMethod.

Each plugin will need to declare:

  • A method name. This will be the plugin ID. For instance: plugins.list to list all the plugins of a given type.
  • The input parameters that the endpoint takes. This is done via annotations in the plugin definition. You need to declare the schema of your parameters, both for validation and documentation.
  • The schema of the response of the endpoint.
  • The PHP code to execute.
  • The required access necessary to execute this call.

This may seem a little verbose, but the benefits clearly surpass the annoyances. What you will get for free by providing this information is:

  • Your API will follow a widely-used standard. That means that your front-end consumers will be able to use JSON-RPC libraries.
  • Your methods are discoverable by consumers.
  • Your input and outputs are clearly documented, and the documentation is kept up to date.
  • The validation ensures that all the input parameters are valid according to your schema. It also ensures that your code responds with the output your documentation promised.
  • The module takes care of several contrived implementation details. Among those are: error handling, bubbling the cacheability metatada, specification compliance, etc.

As you can see, we designed this module to help Drupal sites implement secure, maintainable, understandable and reliable remote procedure calls. This is essential because custom endpoints are often the most insecure and fragile bits of code in a Drupal installation. This module aims to help mitigate that problem.

Usage

The JSON-RPC module ships with a sub-module called JSON-RPC Core. This sub-module exposes some necessary data for the JS modernization initiative. It also executes other common tasks that Drupal core handles. It is the best place to start learning more about how to implement your plugin.

Let's take a look at the plugins.list endpoint.

/** * Lists the plugin definitions of a given type. * * @JsonRpcMethod( * id = "plugins.list", * usage = @Translation("List defined plugins for a given plugin type."), * access = {"administer site configuration"}, * params = { * "page" = @JsonRpcParameterDefinition(factory = "\Drupal\jsonrpc\ParameterFactory\PaginationParameterFactory"), * "service" = @JsonRpcParameterDefinition(schema={"type"="string"}), * } * ) */ class Plugins extends JsonRpcMethodBase {

In the code you will notice the @JsonRpcMethod annotation. That contains important metadata such as the method's name, a list of permissions and the description. The annotation also contains other annotations for the input parameters. Just like you use @Translation you can use other custom annotations. In this case each parameter is a @JsonRpcParameterDefinition annotation that takes either a schema or a factory key.

If a parameter uses the schema key it means that the input is passed as-is to the method. The JSON schema will ensure validation. If a parameter uses the factory key that class will take control of it. One reason to use a factory over a schema is when you need to prepare a parameter. Passing an entity UUID and upcasting it to the fully-loaded entity would be an example. The other reason to choose a factory is to provide a parameter definition that can be reused in several RPC plugins. An example of this is the pagination parameter for lists of results. The class contains a method that exposes the JSON schema, again, for input validation. Additionally it should have a ::doTransform() method that can process the input into a prepared parameter output.

The rest of the code for the plugin is very simple. There is a method that defines the JSON schema of the output. Note that the other schemas define the shape of the input data, this one refers to the output of the RPC method.

/** * {@inheritdoc} */ public static function outputSchema() { // Learn more about JSON-Schema return [ 'type' => 'object', 'patternProperties' => [ '.{1,}' => [ 'class' => [ 'type' => 'string' ], 'uri' => [ 'type' => 'string' ], 'description' => [ 'type' => 'string' ], 'provider' => [ 'type' => 'string' ], 'id' => [ 'type' => 'string' ], ], ], ]; }

Finally, the ::execute() method does the actual work. In this example it loads the plugins of the type specified in the service parameter.

/** * {@inheritdoc} * * @throws \Drupal\jsonrpc\Exception\JsonRpcException */ public function execute(ParameterBag $params) { // [Code simplified for the sake of the example] $paginator = $params->get('page'); $service = $params->get('service'); $definitions = $this->container->get($service)->getDefinitions(); return array_slice($definitions, $paginator['offset'], $paginator['limit']); } Try it!

The following is a hypothetical RPC method for the sake of the example. It triggers a backup process that uploads the backup to a pre-configured FTP server.

Visit JSON-RPC to learn more about the specification and other available options.

To trigger the backup send a POST request to /jsonrpc in your Drupal installation with the following body:

{ "jsonrpc": "2.0", "method": "backup_migrate.backup", "params": { "subjects": ["database", "files"], "destination": "sftp_server_1" }, "id": "trigger-backup" }

This would return with the following response:

{ "jsonrpc": "2.0", "id": "trigger-backup", "result": { "status": "success", "backedUp": ["database", "files"] "uploadedTo": "/…/backups/my-site-20180524.tar.gz" } }

This module is very experimental at the moment. It’s in alpha stage, and some features are still being ironed out. However, it is ready to try. Please report findings in the issue queue; that's a wonderful way to contribute back to the API-First initiative.

Many thanks to Gabe Sullice, co-author of the module, and passionate debater, for tag teaming on this module. I hope that this module will be instrumental to coming improvements to the user experience both in core's admin UI and actual Drupal sites. This module will soon be part of Contenta CMS.

Header photo by Johnson Wang.

Categories: Drupal

Drupal.org blog: What’s new on Drupal.org? - April 2018

30 April 2018 - 2:18pm

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

Drupal.org Updates Drupal.org's new front page and persona pages launched

As you've probably seen by now, just before DrupalCon Nashville we launched a makeover of the Drupal.org front page. This was a research-based redesign focused on addressing the three key personas that come to Drupal.org: Developers, Marketers/Content Editors, and Agencies.

The new redesign simplifies the number of calls to action on the front page, and directs each of these personas into a more focused funnel, to ensure they are more likely to find the information they really need. To learn more about this redesign and the Promote Drupal initiative, read our recent blog post. We want to thank SixEleven for their help with this new design initiative.

Promote Drupal Initiative

Redesigning the front page was just the start, we kicked off DrupalCon by announcing a new 'Promote Drupal' initiative, asking the community to come together to help bring Drupal to new audiences, and to convince people who've used older versions in the past to give Drupal 8 another look.

We need your support to make the Promote Drupal initiative happen!

Updated top navigation and IA

Along with the front page changes, we've updated Drupal.org's top level IA, providing a more logical structure for navigating to the major areas of the site depending on a user's persona.

Promoting Nonprofit solutions built with Drupal

And last, but not least, in our efforts to #PromoteDrupal we've launched a new Nonprofit solution page, promoting the power of Drupal for Nonprofits and NGO's around the globe. Drupal has long been the choice for well-recognized, global nonprofit organizations to extend their reach and maximize their impact.

Simplify Drupal Initiatives

In project founder Dries Buytaert's keynote at DrupalCon Nashville he proposed a series of initiatives to simplify Drupal - lowering the barriers to adoption and improving the user experience of site administrators and content editors. Some of these initiatives are to improve features of Drupal core itself, whereas others are focused on the evaluator experience and will be managed in collaboration with the Drupal Association.

In particular, the Drupal Association will collaborate with the core initiatives teams on:

These initiatives are not going to be quick or easy. They rely on collaboration between the Drupal Association, Drupal's core committer team, and a variety of volunteers throughout the community. We'll need your help.

Drupal.org and GDPR

GDPR, the General Data Protection Regulation passed by the EU last year, begins enforcement on May 25th, 2018. We've been preparing for this new regulation for some time, and will be implementing a few changes in the coming weeks:

Security Release SA-CORE-2018-003

Drupal Core coordinated a security release with the CKEditor team to ensure that the security fix for CKEditor was immediately available in Drupal 8. As Drupal becomes further integrated into a world of third party dependencies, this kind of coordination between open source projects becomes increasingly important. We want to thank the CKEditor team and the volunteer Drupal Security team for their hard work and careful collaboration.

SA-CORE-2018-004

After the release of SA-CORE-2018-002 in March, a related vulnerability was discovered and an additional security advisory for Drupal 7 and 8 released in April. If you have not yet updated your Drupal sites to address these vulnerabilities they may already be compromised. If that is the case, we encourage you to read this PSA, which provides some steps you can take.

Security releases tend to spark quite a bit of conversation in the community about the nature of software security, proprietary vs open source, and related issues. Community member @rickmanelius provided some much-needed context to keep these security focused efforts in perspective:

The recent SA-CORE-2018-004 and SA-CORE-2018-002 security advisories have sparked a lot of conversations in the Drupal community regarding all things security. IMHO, it's important to highlight several talking points to keep things in perspective.

— Rick Manelius, PhD (@rickmanelius) April 26, 2018

DrupalCI: Support for DrupalCI.yml

DrupalCI now supports the use of Drupalci.yml files in projects to customize and override elements of testing. This makes the testing capability of DrupalCI much more powerful and flexible for project maintainers. We're still working on documenting these new features, but you can read about the new features here.

———

As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who make it possible for us to work on these projects. In particular we want to thank:

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

Categories: Drupal

Chromatic: Lessons Learned from Localization, Part 2

30 April 2018 - 2:03pm

We recently helped implement a Japanese translation for a client’s site - which was a pretty sizable challenge! The site was already broken down by country, but all the countries were in English. We ran into some unexpected challenges and wanted to break down how we overcame them.

Categories: Drupal

Jacob Rockowitz: Welcoming people to Drupal's diverse and inclusive community

30 April 2018 - 1:48pm

The importance of welcoming people to the Drupal community

Our meetups and in-person interactions are where we welcome and include new people in our community. Of course, people come and go from every community; new faces bring new ideas and innovations.

At the beginning of DrupalCon Nashville at the Community Summit, someone told a story of how they attended a meetup and literally no one talked to them or even really acknowledged their presence. As a result, the individual never returned to that meetup. Organizers of meetups absolutely need to make a concerted effort to make sure that everyone who attends is - minimally - welcomed and acknowledged - that is community-building 101. This story really sat with me because it made me question whether I’m doing enough at the local NYC Drupal Meetup to make people feel welcomed and included.

Remembering who welcomed me to the Drupal community

I ran into Robbie Holmes (robbiethegeek) at DrupalCon and standing in exhibition hall, we reminisced about how he was the first person who welcomed me to the Drupal community. An interesting fact about our relationship is that we grew up around the corner from each other in Brooklyn and knew the same people, but met for the first time in the Drupal community. For many years, Robbie, with the help of others in the community, would always offer to split off from the general, sometimes very technical discussion, to offer a newbie discussion where people new to Drupal can ask them anything and get help. To date, Alexander Ross (bleen) was initiating these discussions at the NYC Drupal Meetup, but it is not reasonable to expect one person to be responsible for welcoming people to the Drupal community.

So, I am going to...Read More

Categories: Drupal

Drupal blog: How Drupal influences other Open Source projects

30 April 2018 - 9:48am

This blog has been re-posted and edited with permission from Dries Buytaert's blog. Please leave your comments on the original post.

If you are interested in Open Source and have some time this weekend, watch Steve Francia's DrupalCon keynote called "Drupal and the secret of my success". Steve has been involved in Open Source for over 20 years, and has had the unique opportunity to lead three of the most successful Open Source companies in history. He was Chief Developer Advocate of MongoDB, Chief Operator of Docker, and now he is the Product Lead for the Go programming language at Google. Watch the video to hear Steve's personal story about how Drupal influenced his career, in addition to influencing MongoDB, Docker and Go. I don't often get emotional, but I had to wipe a few tears away during his presentation. Thanks for telling your story and being an inspiration, Steve!

Categories: Drupal

Third & Grove: Seven Must-Do Checks to Ensure Your Drupal Site Is Ready for GDPR

30 April 2018 - 6:00am
Seven Must-Do Checks to Ensure Your Drupal Site Is Ready for GDPR justin Mon, 04/30/2018 - 09:00
Categories: Drupal

Dries Buytaert: Mollom: The story of my first SaaS startup

30 April 2018 - 4:57am

Last month, Acquia discontinued service and support for Mollom, the spam service I started more than ten years ago. As a goodbye, I want to share the untold story of how I founded Mollom.

In 2007, I read Tim Ferriss' book The 4-Hour Work Week, and was hooked. The book provides a blueprint for how entrepreneurs can structure and build a business to fund the lifestyle of their dreams. It's based on Ferriss' own experience; he streamlined his business, automated systems and outsourced tasks until it was not only more profitable, but also took less of his time to operate. The process of automation and outsourcing was so efficient, Ferriss only spent four hours a week to run his business; this gave him time and freedom to take "mini-retirements", travel the world, and write a book. When I first read Ferriss' book, I was inspired by the idea of simultaneously having that much free time and being financially stable.

While I was reading Ferriss' book, I was also working on a website spam filter for my blog, called Mollom. I had started to build Mollom as a personal project for exclusive use on my own blog. Inspired by the 4-Hour Work Week, I was convinced I could turn Mollom into a small SaaS service with global customers, complete self-service, and full automation. This would allow me to operate Mollom from anywhere in the world, and would require just a few hours of my time each week. Because I was starting to use machine learning, I enlisted the help of one of my best friends, Benjamin Schrauwen, a professor in machine learning at the University of Ghent.

In the same year, Jay Batson and I met at DrupalCon Sunnyvale, and we had already started to explore the idea of founding Acquia. My oldest son Axl was also born in the summer of 2007, and I was working hard to finish my PhD. Throughout all of this, we were also working to get Drupal 6 released. Needless to say, it was a busy summer.

With my PhD nearly complete, I needed to decide what to do next. I knew that starting Acquia was going to have a big impact, not just on Drupal but also on my life. However, I was also convinced that Mollom, while much smaller in scope and ambition, could provide a path to the freedom and independence Ferriss describes.

Mollom's foundational years

Exciting 2007, I determined that both Acquia and Mollom were important opportunities to pursue. Jay and I raised $7 million in venture capital, and we publicly launched Acquia in November 2007. Meanwhile, Ben and I pooled together €18,000 of our own money, bootstrapped Mollom, and publicly launched Mollom in March 2008.

I always made a point to run both businesses separately. Even after I moved from Belgium to the US in the summer of 2010, I continued to run Mollom and Acquia independently. The Mollom team was based in Europe, and once or twice a week, I would get up at 4 AM to have a two-hour conference call with the team. After my conference call, I'd help my family get ready for the day, and then I was off to work at Acquia.

By 2011, Mollom had achieved the goals our team set out to accomplish; our revenues had grown to about €250,000 annually, our gross margins were over 85 percent, and we could pretty much run the business on autopilot. Our platform was completely self-serviced for our users, the anti-spam algorithms self-learning, the service was built to be highly-available, and the backend operations were almost entirely automated. I often joked about how I could run Mollom from the beach in Greece, with less than an hour of work a day.

However, our team at Mollom wasn't satisfied yet, so instead of sitting on the beach, we decided to invest Mollom's profits in feature development. We had a team of three engineers working on adding new capabilities, in addition to re-architecting and scaling Mollom to keep up with its growth. On average, Mollom handled more than 100 web service requests per second, and we regularly saw peaks of up to 3,000 web service request per second. In a way, Mollom's architecture was ahead of its time — it used a micro-services architecture with a REST API, a decoupled administration backend and relied heavily on machine learning. From day one, our terms of service respected people's privacy, and we never had a data breach.

A photo of the Mollom team at an offsite in 2011: it includes Daniel Kudwien, Benjamin Schrauwen, Cedric De Vleeschauwer, Thomas Meire, Johan Vos and Vicky Van Roeyen. Missing in the picture is Dries.

In the meantime, Acquia had really taken off; Acquia's revenue had grown to over $22 million annually, and I was often working 60 hour work weeks to grow the company. Acquia's Board of Directors wanted my full attention, and had even offered to acquire Mollom a few times. I recognized that running Mollom, Acquia and Drupal simultaneously was not sustainable — you can only endure regular 4 AM meetings for so long. Plus, we had ambitious goals for Mollom; we wanted to add many-site content moderation, sentiment analysis and detection for certain code of conduct violations. Doing these things would require more capital, and unless you are Elon Musk, it's really hard to raise capital for multiple companies at the same time. Most importantly, I wanted to focus more on growing Drupal and driving Acquia's expansion.

Acquia acquires Mollom

By the end of 2012, Ben and I agreed to sell Mollom to Acquia. Acquia's business model was to provide SaaS services around Drupal, and Mollom was exactly that — a SaaS service used by tens of thousands of Drupal sites.

Selling Mollom was a life-changing moment for me. It proved that I was able to bootstrap and grow a company, steer it to profitability and exit successfully.

Selling Mollom to Acquia involved signing a lot of documents. A photo of me signing the acquisition paperwork with Mary Jefts, Acquia's CFO at the time. It took three hours to sign all the paperwork.
Acquia retires Mollom

By 2017, five years after the acquisition, it became clear that Mollom was no longer a strategic priority for Acquia. As a result, Acquia decided it was best to shut down Mollom by April 2018. As the leader of the product organization at Acquia, I'm supportive of this decision. It allows us to sharpen our focus and to better deliver on our mission.

While it was a rational decision, it's bittersweet. I still believe that Mollom could have continued to have a big impact on the Open Web. Not only did that make the web better, it saved people millions of hours moderating their content. I also considered keeping Mollom running as part of Acquia's "Give back more" principle. However, Acquia gives back a lot, and I believe that giving back to Drupal should be our priority.

Mollom's end-of-life announcement that replaced the old https://mollom.com.

Overall, Mollom was a success. While I never got my 4-hour work week, I enjoyed successfully creating a company from scratch, and seeing it evolve through every stage of its life. I learned how to build and run a SaaS service, I made some money in the process, and best of all, Mollom blocked over 15 billion spam comments across tens of thousands of websites. This translates to saving people around the world millions of hours, which would otherwise be devoted to content moderation. Mollom also helped to protect the websites of some of the world's most famous brands; from Harvard, to The Economist, Tesla, Twitter, Sony Music and more. Finally, we were able to offer Mollom for free to the vast majority of our users, which is something we took a lot of pride in.

If you were a user of Mollom the past 10+ years, I hope you enjoyed our service. I also want to extend a special thank you to everyone who contributed to Mollom over the past 11 years!

Rest in peace, Mollom! Thank you for blocking so much spam. I'll think about you next time I visit Greece.

Categories: Drupal

ADCI Solutions: First-timer at DrupalCon: the non-tech girl experience

29 April 2018 - 9:23am

The little feedback on what I’ve seen during DrupalCon Nashville: as a volunteer and a grant receiver, as an attendee and a Drupal team member. I've met many amazing people that have so much to tell you: several of them agreed to share their stories with you, along with my own story.

Read and listen to DrupalCon Nashville stories

Categories: Drupal

Wim Leers: API-First Initiative Update (DrupalCon Nashville)

28 April 2018 - 8:46am

As part of working in Acquia’s Office of the CTO, I’ve been working on the API-First Initiative for the past year and a half! Where are we at? Find out :)

Preview:

Slides: Slides with transcriptConference: DrupalCon NashvilleLocation: Nashville, Tennessee, U.S.A.Date: Apr 11 2018 - 14:15Duration: 25 minutesExtra information: 

See https://events.drupal.org/nashville2018/sessions/api-first-initiative.

Attendees: ~70 (?)

Evalutations: 4.66/5

The Deco……upled shirts were a nice touch! Is there a YouTube video of this? Can’t seem to find it on YouTube or DrupalCon sites.


Great to see an insight into the inner workings. Thanks for sharing and allowing community feedback.

API-first Drupal with multiple consumers @DrupalConNA :D pic.twitter.com/GhgY8O5SSa

— Gábor Hojtsy (@gaborhojtsy) April 11, 2018
Categories: Drupal

Wim Leers: API-First Initiative Update (DrupalCon Nashville)

28 April 2018 - 8:46am

As part of working in Acquia’s Office of the CTO, I’ve been working on the API-First Initiative for the past year and a half! Where are we at? Find out :)

Preview:

Slides: Slides with transcriptConference: DrupalCon NashvilleLocation: Nashville, Tennessee, U.S.A.Date: Apr 11 2018 - 14:15Duration: 25 minutesExtra information: 

See https://events.drupal.org/nashville2018/sessions/api-first-initiative.

Attendees: ~70 (?)

Evalutations: 4.66/5

The Deco……upled shirts were a nice touch! Is there a YouTube video of this? Can’t seem to find it on YouTube or DrupalCon sites.


Great to see an insight into the inner workings. Thanks for sharing and allowing community feedback.

API-first Drupal with multiple consumers @DrupalConNA :D pic.twitter.com/GhgY8O5SSa

— Gábor Hojtsy (@gaborhojtsy) April 11, 2018
Categories: Drupal

Hook 42: March Accessibility (A11Y) Talks

27 April 2018 - 4:36pm

In March, A11y Talks welcomed Melanie Sumner, an application architect from JP Morgan Chase. She is an accessibility advocate and is an EmberJS core team member and meetup organizer in Chicago. The tagline for Ember is "the framework for building ambitious applications". Melanie spoke of ways to inject accessibility into not only the Ember project, but into other single-page applications so some users are not left behind.

Categories: Drupal

Matt Glaman: PhpStorm: PHP Fatal error: Class 'PHPUnit_TextUI_ResultPrinter'

27 April 2018 - 2:00pm
PhpStorm: PHP Fatal error: Class 'PHPUnit_TextUI_ResultPrinter' mglaman Fri, 04/27/2018 - 16:00 Recently I ran a good ole composer update on a client project. This updated Drupal and PHPUnit. I ran our PHPUnit tests via PhpStorm and ran into an odd error. Here's how I quickly fixed it!
Categories: Drupal

Commerce Guys: Improving Shopping Cart UX with Commerce Cart Flyout

27 April 2018 - 12:09pm

Last week we announced the Commerce Cart API module with a goal of facilitating new patterns for Commerce 2.x shopping cart management. As far back as the launch of Lush's UK store, we began seeing more sites adopt one such pattern where the cart block just shows an icon or the number of items in the cart but clicking on it expands a sidebar that lets customers update the cart contents via JavaScript interactions:

We saw this more recently with a similar feature on the Orlo watches website launched by our friends at 1xINTERNET:

We expect each successive Drupal Commerce release to cut down the number of things every site developer has to do to launch a new store. Providing a general solution to this cart paradigm would do just that! We received positive feedback on the cart flyout at DrupalCon, so building on the Cart API, we have now released Commerce Cart Flyout to provide a progressively decoupled cart block and form, which gives customers a more modern cart update experience.

What does the Cart Flyout module do?

  • Provides a new cart block which triggers the cart form flyout.
  • Allows quickly changing quantities of an order item.
  • Allows removing order items without a page refresh.
  • Gives flexibility for design and interaction that is not limited by Drupal's Form API and rendering layer.

What is next

  • Provide better user feedback when an operation occurs, such as dimming the form when the auto-update happens.
  • I would love to see the add to cart message's "your cart" link trigger the flyout.

Check out the demo video!

How is it built?

In discussion with Bojan, we decided to use Backbone.js and Underscore.js for the implementation since they ship with Drupal core. Yes, it was a journey back in time, but it also provided a way to ship a contributed project without introducing an additional dependency for end users.

The module stores Underscore.js templates in Twig files that register to the theme registry. The decision to use Twig and the theme registry allows themes to customize the template and markup. We do this for our demo theme Belgrade, which you can see in its code repository: http://cgit.drupalcode.org/belgrade/tree/templates/commerce/cart.

In fact, I used a ReactJS implementation to test the underlying API and prototype this module. If you’re interested, see the test sub-module in the Cart API repository.

Categories: Drupal

Aten Design Group: Managing Pantheon Sites with Terminus

27 April 2018 - 12:03pm

In the previous post we looked into Pantheon hosting and how we can use it to easily create a suite of similar websites without having to build them individually each time. Often the requirement isn’t only easily creating new sites, but having to maintain them easily as well. When you have dozens or hundreds of websites that need changes applied to them, managing each one individually through Pantheon’s dashboard becomes a bottleneck. Fortunately Pantheon offers a command line interface that allows developers to automate much of that maintenance. In this post we’ll take a look at using Terminus to manage our sites.

Understanding Pantheon’s Framework

Before we can start rolling out features to multiple sites, it is helpful to understand how Pantheon groups the websites it hosts. Websites can be first grouped into an Organization. Within that, they can be tagged in any manner that makes sense for your needs. Both the organization and the tags can be used to filter sites into more targeted groups.

Each site then gets three environments; dev, test, and live are their machine names. Those machine names are important, as we’ll need to know which environment we’re targeting when we do our deployments. A single site also gets a machine name, like my-awesome-site. The combination of site name and environment name create a single instance identifier, which we use in our Terminus commands. For example, to clear Drupal’s cache on a live environment we’d run:

terminus remote:drush my-awesome-site.live -- cache-rebuild

A deployment on Pantheon has to follow a specific process, whether done via the dashboard or through Terminus. First, code must be deployed to the dev environment. Normally this is done with Git by pushing new code into the master branch on Pantheon’s repo. For features we’re deploying to multiple sites, the code must be pushed to the Upstream and then pulled from there. In the dashboard, this takes the form of a button that appears to alert you to new changes. In Terminus, you’d run the following command. Note, the --updatedb flag ensures any Drupal database updates get run as well.

terminus upstream:updates:apply my-awesome-site.dev --updatedb

Second, we have to move those updates to testing and then to production. Again, the dashboard provides a button on those environments when there are updates that can be made to them. In Terminus, this is done with:

terminus env:deploy my-awesome-site.test --updatedb --cc --note=”Deployed new feature.”

As before --updatedb runs the database updates, --cc rebuilds Drupal’s cache, and --note is the description of the updates that gets added to the Pantheon dashboard.

There are many other actions you can handle with Terminus. Their documentation covers the full list. However, out of the box Terminus has the same limitation that the dashboard has. You can only run a command on one site at a time. Thankfully, Terminus has additional plugins that solve this problem for us.

New Commands with Terminus Plugins

Terminus is built on PHP and managed with Composer. This allows for new commands to be built and distributed on Pantheon’s Terminus Plugin Library. We’ll need to install two plugins to run Terminus commands on multiple sites at once: Terminus Mass Update and Terminus Mass Run. Mass Update is created by Pantheon and runs the upstream:updates:apply command on a list of sites that get piped into it. Mass Run builds on that idea, by using the same piping logic and implements it onto more commands. With it you can run Drush commands, create site backups, and deploy code among other things.

To get the list of sites, we’ll use the org:site:list command. We could also use site:list, however since Custom Upstreams are an Organization level feature we’ll more than likely want to filter by Organization; org:site:list takes the name of the organization we want to filter by. To get a list of the Organizations you have access to, run terminus org:list. This returns both the machine name and the ID number of the Organizations, either will work for org:site:list.

Running terminus org:site:list aten will return a table of all sites in Aten’s Organization account. However, we still might only want a subset of those sites. This is where tagging comes in. Adding the --tag flag to our command lets us get only sites we’ve tagged with whatever is passed in. To see all sites tagged with “US” our command becomes terminus org:site:list aten --tag=US. This gets us closer, however it still returns a table of all site information. We only need the site ID numbers as a list for our Mass Run and Mass Update commands. To get this list we’ll add --format=list to our command, making the entire thing:

terminus org:site:list aten --tag=US --format=list

Now that we have a list of the site IDs we want to update, all we need to do is pipe that list into our plugin commands. To deploy a new feature from our upstream, we’d run:

terminus org:site:list aten --tag=US --format=list | terminus site:mass-update:apply --updatedb

Moving that feature through Pantheon’s environments is:

terminus org:site:list aten --tag=US --format=list | terminus env:mass:deploy --sync-content --cc --updatedb --env=test --note="Updated Drupal Core."

Removing a user from all sites they exist on becomes:

terminus org:site:list aten --tag=US --format=list | terminus remote:mass:drush --env=live -- ucan bad-user

Long Commands, Amazing Results

At this point you’ve probably noticed the commands we’re using have become very verbose. This is one downside of this approach: the commands themselves are not intuitive at first glance. For common tasks creating aliases can help simplify this. Leveraging the terminal’s history to bring up past commands and then modifying them speeds up more one-off tasks. But the ability to manage our websites en masse becomes a huge time saver over clicking our way through the dashboard for dozens of sites.

Categories: Drupal

Drupal.org blog: What's new on Drupal.org? - March 2018

27 April 2018 - 10:43am

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

This month's update comes a bit later than usual, as we return from DrupalCon Nashville. Expect our April update to follow after shortly.

Representing Drupal at Google's CMS Leadership Summit

In mid-March, we attended the Google CMS Leadership Summit, as representatives of the Drupal project. The Summit was a one-day event hosted by Google to unite the 20 or so projects in the CMS space responsible for more than 50% of the content on the web.

The goal was to understand how to preserve an open web, by empowering better authoring experiences, content consumption, and performance in our CMS platforms.

This level of dialogue and engagement with an organization like Google is new and exciting for us, and we're looking forward to ongoing conversations, both with Google and with the other CMS project leaders they assembled at the event.

Drupal.org Updates Researching the anonymous traffic to Drupal.org

One of the focuses of the Drupal Association in 2018 has been to better understand our audience. When it comes to users who register on Drupal.org, and our DrupalCon attendees, we have quite a bit of information about who our users are.

However, when it comes to the wider ecosystem of Drupal users (evaluators and end-users who do not have Drupal.org accounts) we've been largely in the dark for most of the project's history. One way we want to improve this is by working with Drupal Core to add telemetry to Drupal, but that is an effort that will take some time.

In the meantime, we've implemented several Audience Insight tools to help us learn more about our anonymous users. Privacy is always a paramount concern, so we chose only insight tools which provide aggregate, anonymized data, and we wrapped those tools in our own implementation of Do-Not-Track so that we could ensure that user privacy preferences are respected.

The table below demonstrates the job functions held by the anonymous visitors to Drupal.org. (Please note: these job functions might be held within any kind of industry, this data is about the user's role, not their target market).

Job Function

D.O Front Page Visitors

All D.O Visitors

Diff

Engineering

26.20%

44.90%

-18.70%

Information Technology

14%

16.40%

-2%

Business Development

11.60%

9.60%

2.00%

Entrepreneurship

10.30%

10.70%

-0.40%

Arts and Design

7.70%

5.30%

2.40%

Media and Communication

6.60%

6%

0.60%

Marketing

6.30%

3.70%

2.60%

Education

6.10%

4.60%

1.50%

Operations

5.20%

3.50%

1.70%

Program and Project Management

4.30%

4.20%

0.10%

Sales

4.20%

2.60%

1.60%

Consulting

2.90%

3.30%

-0.40%

Research

2.40%

1.70%

0.70%

Community and Social Services

2.40%

1.80%

0.60%

Administrative

2.30%

1.30%

1.00%

We've used this data to inform the redesign of Drupal.org, as well as our new persona pages. Learn more about that process in our April update. The redesign work was carried out in collaboration with SixEleven, who also produced the DrupalCon brand and design for DrupalCon Nashville.

Preparing for DrupalCon Nashville

In the lead up to DrupalCon Nashville in April, the team was in high-gear preparing for the event. We participated in a panel about the future of pull requests on Drupal.org, the public board meeting, and handled the keynote livestream process.

DrupalCon is always an incredible opportunity for the team to connect with the community about upcoming initiatives, drupal.org support requests, and to plan for the future.

We were happy to see so many of you there, and we'll talk more about this in our April update.

Documentation enhancements

Our efforts to improve the quality of Drupal's documentation continued in March and April, as we added features:

  • New D7/D8 guides are now automatically approved, so new project contributors aren't blocked on documenting their projects.
  • Added Drupal version to page title for better searchability.
  • Follow/Unfollow links are available directly on the discuss page of any documentation.
In-context links to newer and older releases

To ensure that users are aware when there are newer releases than the one they may be looking at, we now provide newer and older release history on release nodes. In the sidebar of any release page you will see links and dates to related releases. Among other things, we hope this will prevent users from accidentally installing an older release when another new one has just come out!  

Email notifications for new maintainers

Encouraging succession planning in module maintership is an incredible challenge for any open source project. We want to encourage maintainers to invite contributors to their projects to help maintain those projects, but we recognize that we also have to make sure the appropriate tools are in place to make this a smooth process.

To make sure that new maintainers of projects are welcomed into the fold, we've added email notifications to let a user know when they've been added as a project co-maintainer. If you are invited by an existing maintainer of a project to help maintain it, you should now receive a warm welcome.

Security Release SA-CORE-2018-002

The Drupal Association Engineering Team collaborated with the Security Working Group and Security Team to coordinate 3 significant security releases in March and April.

The primary release was SA-CORE-2018-002, a highly critical security release for Drupal 7 and 8. For more information about all Drupal security releases and PSAs, please visit our security portal.

The volunteer Security Team has always been a tremendous asset to our community, and the Drupal Association is proud to support their work.

Infrastructure Updates DrupalCI: Support for testing themes

DrupalCI has enabled support for testing Themes, so now Theme projects on Drupal.org can include tests. This has become more and more necessary as javascript becomes critical to modern web design, and we hope this will help accelerate the build out of themes for Drupal 8 and increase their quality.

———

As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who make it possible for us to work on these projects. In particular we want to thank:

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

Categories: Drupal

Pages