How to get involved in Drupal projects

Drupal is an open source project and really depends on its community to move forward. It is all about getting to know the CMS, spreading the knowledge and contribute to projects.
I will give you some ways to get involved, even if you are not a developer there is a task for you!

A group of Drupal mentors at DrupalCon 2016 in Dublin

Drupal Mentors – DrupalCon Dublin 2016 by Michael Cannon is licenced under CC BY-SA 2.0

Participating in user support

Sharing your knowledge with others is very important to the community: it is a nice thing to do and you might also learn some things by doing so. Whatever your skill level, you can give back to the community with online support. There are many places where you can give support starting with the Support Forums. You can also go to Drupal Answers which is more active than the forums or subscribe to the Support Mailing list. If you prefer real-time chat, you can also join #drupal-support channel on IRC or the Slack channels.

Helping out on documentation

Community members can write, review and improve different sorts of documentation for the project: community documentation on drupal.org, programming API reference, help pages inside the core software, documentation embedded in contributed modules and themes etc.
Contributing is a good way to learn more about Drupal and share your knowledge with others. Beginners are particularly encouraged to participate as they are more likely to know where documentation is lacking.
If you are interested, check out the new contributor tasks for anyone and writers.

Continue reading about How to get involved in Drupal projects

Tags: , ,

Living style guide meets Drupal 8

Times are constantly changing, and so is Liip. There is a particular term that caught our attention – living style guides. It might not be the latest or the coolest fad in web development, but tools that make Drupal 8 compatible with living style guides are fairly recent. That’s why we decided to take a look at what’s out there in order to introduce style guide driven development to our repertoire.

Continue reading about Living style guide meets Drupal 8

Tags: , , , , ,

Drupal Cross-Squad Knowledge Sharing

We do lots of Drupal projects @ Liip, mainly in the Zürich and Fribourg offices. Since Liip is organized in individual and independent squads, we do not have lots of touchpoints or projects which we do cross-office wise. But all the squads doing Drupal have one thing in common: A big interest in Drupal and the strong will to do projects successfully.

If I talk about a “squads doing Drupal”, then don’t think of Developers only, but also of Project Owners, UXers, Business Developers, Designers, Analytics Specialists and so on. With such squads in Zürich and Fribourg, things are done differently. Different sitebuilding, different workflows, different opinions and finally also different projects. This is on the one hand very interesting but on the other hand… weird. Being in the same company, doing the same kind of work but not the same way while not using the same toolbox and processes.

Continue reading about Drupal Cross-Squad Knowledge Sharing

Tags: , ,

Drupal 8 accessibility features

The Drupal accessibility initiative started with some advancements in Drupal 7 to ensure that Drupal core followed the World Wide Web Consortium (W3C) guidelines: WCAG 2.0 (Web Content Accessibility Guidelines) and ATAG 2.0 (Authoring Tool Accessibility Guidelines).
Many elements introduced in Drupal 7 were improved and bugs discovered through intensive testing were addressed and integrated to Drupal 8 core as well. Let’s take a tour of the accessibility in Drupal 8 !

Contrasts improved

Drupal’s accessibility maintainers improved contrasts in core themes so people that suffer from colorblindness are able to visit websites clearly. It is also good when visiting the website under bright sunlight, on mobile for instance.

A screenshot that compares Bartik headers in Drupal 7.43 and Drupal 8

Color contrasts in Bartik theme in Drupal 7.43 and Drupal 8.

See the related WCAG 2.0 section about contrasts.

Alternative texts for images

The alternative text for images is really useful for blind people who use screen readers. They can understand the meaning of an image through short descriptive phrases. This alternative text is now by default a required field in Drupal 8.

A screenshot showing that the alternative text is required when uploading an image in Drupal 8.

The alternative text for an image is required by default in Drupal 8 content edition.

See the related WCAG 2.0 section about alternative texts.

Continue reading about Drupal 8 accessibility features

Tags: , , ,

A quick look on the current state of Drupal 8 (ecosystem)

Eight months ago Drupal 8.0.0 was released. Exciting news for drupalists. Since then comparing D8’s features to its predecessor is a topic in daily business. «Can drupal 8 do what we can do now with 7 today?”. After playing around with D8 i get the feeling some crucial features are missing. Dries invited people to tell ”why we not use or migrate to drupal 8” – and got a clear answer: A majority of drupalist (60%) are waiting for certain modules. So the follow up question would be what are these modules.

Continue reading about A quick look on the current state of Drupal 8 (ecosystem)

Tags: , , ,

Let’s debug in Drupal 8 !

It has been nearly 7 months since Drupal 8 first release and as a developer, I am still in the learning process. It can be hard sometimes to know what is going wrong with your code and how to solve it. I will tell you about few things to know on how to develop and debug Drupal 8 projects and continue learning, learning and learning !

Disabling cache

First of all, to avoid having a crazy terminal with thousands of drupal cr hits, you can disable Drupal caching during development. You need to copy and rename sites/example.settings.local.php file to sites/default/settings.local.php. Then uncomment/update some values:

  • uncomment this line to enable the “null cache service”:
  • uncomment these lines to disable CSS/JS aggregation:
  • uncomment these lines to disable the render cache and the dynamic page cache:
  • you can allow test modules and themes to be installed if needed with:

To include this file as part of Drupal’s settings file, open sites/default/settings.php file and uncomment these lines:

Then, to disable Twig caching, open sites/development.services.yml file and add the following settings:

Finally, rebuild the Drupal cache and it is done !

Continue reading about Let’s debug in Drupal 8 !

Tags: , ,

Order fulfillment with Swiss Post and YellowCube

Setting the stage

We live in a time where more and more goods are purchased online. May it be your airline ticket or the diapers for your newborn, many things are often cheaper and more conveniently purchased online. As comfortable it is for the customer buying things this way, as challenging it can be for the seller. They need to have an online presence that is easy to use and need to have all goods in stock to sell and send them quickly.

This means that selling physical products requires sufficient storage space on-site, people that handle picking, packing and shipping and someone that handles returned goods. All this factors can sum up to a costly venture, especially when you don’t have any infrastructure from other sales channels already.

Architekture PostLogistics YellowCube Connector

The PHP-YellowCube interface is part of all YellowCube extensions for PHP based web stores

What is order fulfillment?

This is where YellowCube comes in handy. YellowCube is a fulfillment service offered and run by Swiss Post. But what is a fulfillment service anyway? In the case of YellowCube it means everything to do with the storing and shipping of the products you sell on your store. This means receiving and storing of the products, handling of the inventory, picking, packing, shipping and handling of returns.

How to implement it into your web shop?

So far so good, but how does this translate into real life? Liip has, in close collaboration with Swiss Post, developed a PHP-YellowCube-SDK and also the integration for Magento and Drupal web shops. The PHP-YellowCube interface provides an object-oriented wrapper to the SOAP based interface provided by Swiss Post. The code is readily available on Github. Please feel free to contribute to the PHP-YellowCube-SDK, as well as the Magento extension or the Drupal extension.

Please explain…

Now that we know about the SDK, we need to know how the basic process works. I want to show you what needs to happen in order to implement YellowCube successfully into a web shop. The process is agnostic to a certain integration, so I won’t go into details how it is integrated in a specific shop extension. I will explain the basic process, which applies to all web shop integrations in the same manner (more or less).

Continue reading about Order fulfillment with Swiss Post and YellowCube

Tags: , , , ,

Drupal: Dynamic IMCE Profiles

Today I will describe a way to handle multiple teams with their own private file folders using the IMCE module.

Let’s pretend that we have to develop a website called awesome-website.com which consists of three (or more) different teams. The team structure could look as followed:

Website Groups

Every team should only be allowed to edit their own pages but no page from any other team. Therefore it would also make sense to separate the team’s file folders so that the files can be stored separately to secure its privacy.
Of course, we could simply add three IMCE profiles and define their folder access rights individually there. But what about when working with 10 teams? Or 50? Or even more? Then we definitely would prefer a more flexible solution.
Thankfully, IMCE ships with the ability to define user folders by PHP execution, how awesome! But in order to achieve this, we’ll have to set up teams as taxonomy terms first and reference them from our user entities.

Setting up the “Teams” taxonomy vocabulary

First things first: Let’s create a new taxonomy vocabulary called “Teams”. For every team that we will have on our website, we have to create a new taxonomy term in this vocabulary.
Before adding any teams as taxonomy terms though, we’ll have to add a new field called “FTP Folder” to the taxonomy vocabulary.
This field will specify the name of every team’s root folder. So, naturally it shouldn’t contain any spaces or other wicked special characters and it should be URL readable.
In order not to face any unusual results later, it is recommended to configure this field as required.

Afterwards, we can add our three terms, “Team Alpha”, “Team Beta” and “Team Gamma”.
As value for their FTP Folders, we use “team-alpha”, “team-beta” and so on.

That’s it for the taxonomy part! Now let’s link this information to the team’s users.

Adding a taxonomy term reference field to the user entity

In my case, I didn’t have multiple roles for the teams. I only had one, called “Team member”. Because every team has exactly the same rights as the others, maintaining only one role suited me best.
For really special cases, I could always just create a new role with the special permissions.

So, how do we link users to their teams the easiest? Exactly, by just adding a taxonomy term reference field to the user entity!
Let’s call this field “Team” and reference our previously created taxonomy vocabulary “Teams” with it.

Now, when adding a new user, we can select it’s team belonging and IMCE will be able to grab the needed information from there.
Yes, IMCE will be able to do that but it’s not doing it yet.
Getting the teams ftp folder for the current user is still something we have to code, so let’s proceed to the next step.

Writing a custom function to provide the accessible directories for an user

Now we need to provide IMCE the information that we’ve set up before.
We’ve created users belonging to teams, which hold the FTP root folder name for the teams.
What’s left to do, is to write a function (ideally in a custom module, in my example the module is called “awesome_teams”), that combines all information and returns it to IMCE.
Following function would do that for us:

The function expects an user object as argument and will return an array of strings containing all the folder names an user is allowed to access.
Our folder structure would look like this:

  • sites/default/files/cms
  • sites/default/files/cms/teams
  • sites/default/files/cms/teams/all
  • sites/default/files/cms/teams/team-alpha
  • sites/default/files/cms/teams/team-beta
  • sites/default/files/cms/teams/team-gamma

Note: The folder “cms/teams/all” is a special folder and every user is allowed to access it.
It will be used to save files which are used globally over multiple or even all teams.

What our code does, is actually looping over all assigned teams for the given user (yes, an user can be in multiple teams!), and adding the teams ftp folder names to the array of accessible folders.

There is no “hook_imce” hook, the “_imce” in the function name does nothing till now. You can also name your function differently. The link from IMCE to our function is something we have to set up in an IMCE profile.
Let’s proceed to the last step then, shall we?

Creating the IMCE profile “Team member”

Now, as the last step, let’s create an IMCE profile called “Team member”. You’re free to define any settings as you like, there’s only one thing that will be special about this profile: The accessible directories path.

Instead of writing something constant as “cms/teams/team-alpha”, we’ll write “php: return awesome_teams_imce($user);” here.
So, the setting should look like this:

imce-profile-settings

Now save the profile and you are done!

As soon as one team member now accesses the IMCE page (either via /imce or by the configured file/image fields), he will only see his team’s directories and the special directory “all” which is meant for exchange.

This wasn’t that difficult, was it?

I hope I was able to give you an insight on how to solve more complicated file permission issues with IMCE.
Don’t forget to give feedback, ask questions and follow our blog if you want to read more about our Drupal experiences at Liip!

Tags: , ,

Things you should know and do about security if you have a Drupal site

tl;dr Keep your site modules up-to-date.

Drupal is famous for its security and it also does not miss a chance to boast about it. However, security does not come automatically, steps need to be taken to ensure it. One of the most important of these steps is keeping site modules and core updated. Failing to do so can lead to incidents like the recent Panama papers incident where an outdated WordPress and Drupal site might have played a role in the data leak.

So what does Drupal do for you to make security easier?

The Drupal Security Team was set up in 2005. It has around 40 security experts from all around the globe who communicate through private channels.

When a security issue is discovered in Drupal (let it be a contributed module, a theme or core itself) an issue is created in the security issue tracker. The issue is visible only for a small group of people (usually the security team, the maintainer of the affected module and the reporter of the issue) to prevent the vulnerability to be exploited before a fix is created. When a fix is ready, the security team issues a public Security Advisory that has informations on the affected module, the security risk level and the solution for the issue (which is usually updating the module).

Security issues are reported almost daily to the security team but some of these are non valid. For example, only modules with a stable release (i.e. non-dev/alpha/beta/rc) are considered by the Security Team. Still, 2015 saw 160 security advisories. The most frequent issues are related to XSS.

Security updates are released on Wednesdays. For core that’s usually the third Wednesday of the month, for contrib it can be any Wednesday. This does not mean that a security release appears on every Wednesday, only that site administrators should look out for them.

In Drupal 8 there are several security improvements. One of them is Twig autoreplacing which drastically decreases the chances for a piece of code to have a XSS vulnerability. Another source of insecurities, the PHP filter module has been removed from core. Also, the routing system now has support for protection against CSRF attacks by providing tokens to urls.

After learning what Drupal does for security, it’s time to see what site administrators should make sure of. Keeping the following 3 things in mind you as site admin should be fine for 95% of the cases.   (These are only the Drupal-specific aspects, we won’t go into general security principles.)

  1. To make sure you have an up-to-date site follow at least one of the security news channels. There are some RSS feeds, a twitter account and also a newsletter. Update your site as soon as a security update is released.
  2. There are several modules improving security or helping in finding security issues. A few of these are Security review, Paranoia and Two factor authentication.
  3. A Drupal-specific hosting provider can also have its benefits. For example, in the case of the infamous 2014 Drupalgeddon security advisory Pantheon and Acquia Cloud sites were protected against attacks without any action taken by the site administrator.

If you have not done it yet go and check your module update status page right now.

 

This blog post is heavily based on the Lullabot podcast on Drupal Security.

For further links we recommend the Barcelona presentation of scor and klausi.

Tags: , ,

DrupalCon Barcelona 2015

Over 2000 people attended DrupalCon Europe 2015 last September at the Barcelona International Convention Center. Five days sharing about Drupal and its new version coming soon with developers, contributors, site builders, themers, project managers, well all the Drupal community ! Let’s talk about this big event !

Continue reading about DrupalCon Barcelona 2015

Tags: , ,