This talk will look at the features and changes in the Node Access system for Drupal 7.
Out of the box, Drupal is a great system for creating and managing content. However, there are cases where your needs require additional requirements for which users can create, view, edit and delete content. To solve this problem, Drupal provides its Node Access system.
Node Access provides an API for determining the grants, or permissions, that a user has for each node. By understanding how these grants work, a module developer can create and enforce complex access rules.
We will cover some (or all) of the following topics.
- Node Access compared to user_access() and other permission checks.
- How Drupal grants node permissions.
- The node_access() function.
- hook_node_access() compared to {node_access}.
- Controlling permission to create content.
- Using hook_node_access().
- When to write a Node Access module.
- The {node_access} table and its role.
- Defining your moduleâs access rules.
- Using hook_node_access_records().
- Using hook_node_grants().
- Rebuilding the {node_access} table.
- Modifying the behavior of other modules.
- Using hook_node_access_records_alter().
- Using hook_node_grants_alter().
- Testing and debugging you module.
- Using Devel Node Access
- Roadmap for Drupal 8
Ken Rickard is the maintainer of the Domain Access module and wrote several of the patches for Node Access in Drupal 7.
Drupal has some interesting ways to control access for content. I was forced to learn about all of them to be able to implement a custom security widget. Once you know how everything fits into each other it is fun to work with, but it took me more effort than I expected. I bumped into many walls. This is why I like to guide you through this proccess.
I will talk about all the wrong paths I took to get where I had to be. This way I will cover multiple use cases. If you are a developer and want to know more about security, this could be an interesting session for you.
The main topics I will talk about are node_access and node_grants. I also added a custom layer for my project. If you know more about this it could be fun to open a discussion about different implementations.
Ralph Schindler (of Zend Framework) and Jon Wage (of Doctrine) presented these slides for a webinar hosted by zend.com (webinar available online).
Links are contained within the slides to the demo application that was also used during the webinar.
Talk I gave at Maceió DEV Meetup #6. Not only about Command Bus/Command Interface or whatever you name it, but a compilation of cool articles I found only that may help with understanding this architecture.
Drupal has some interesting ways to control access for content. I was forced to learn about all of them to be able to implement a custom security widget. Once you know how everything fits into each other it is fun to work with, but it took me more effort than I expected. I bumped into many walls. This is why I like to guide you through this proccess.
I will talk about all the wrong paths I took to get where I had to be. This way I will cover multiple use cases. If you are a developer and want to know more about security, this could be an interesting session for you.
The main topics I will talk about are node_access and node_grants. I also added a custom layer for my project. If you know more about this it could be fun to open a discussion about different implementations.
Ralph Schindler (of Zend Framework) and Jon Wage (of Doctrine) presented these slides for a webinar hosted by zend.com (webinar available online).
Links are contained within the slides to the demo application that was also used during the webinar.
Talk I gave at Maceió DEV Meetup #6. Not only about Command Bus/Command Interface or whatever you name it, but a compilation of cool articles I found only that may help with understanding this architecture.
atrium_username is a Drupal feature for managing user name display:
* a lightweight alternative to realname module;
* "works" before theme layer
* uses the node title of the user profile
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICESDrupalCamp Kyiv
In agile world when requirements changes faster than tasks got "done" status, we forced to make fast solutions that will work here and now. Being under pressure and in strict dead lines it easy to ignore code standards, "drupal way", and best practices that could be found in top Drupal sites. Tools and tips to keep your code clean.
https://drupalcampkyiv.org/node/37
Top Ten Reasons to Use EntityFieldQuery in DrupalFredric Mitchell
Drupal 7 introduced a great class, EntityFieldQuery (EFQ), to easily grab information from entities that was not available in Drupal 6.
This session will explore why you should be already using EFQ in your development practices. We'll also review how to use it and explore it's relationship with Drupal view modes and block entities (Beans).
This session will also explore comparisons with Views, and how EFQ should replace some of the common development practices using Views as a query tool.
EFQ Top Ten
Core
Well Documented
Simple
Consumable
Object-Oriented
Extensible
Alterable
Exception Handling
View Modes
Beans
Con la versione 7 di Drupal è stato introdotto il concetto di Entity, poi evoluto con la versione 8, utilizzato come base di buona parte degli elementi core (nodi, tassonomie, utenti, ...), ma - soprattutto - è stata data la possibilità di costruire entity custom. L'utilizzo di queste apre le possibilità di personalizzazione dello strumento ad un livello superiore velocizzando notevolmente lo sviluppo.
Verranno mostrate le potenzialità nell'uso delle Entity custom e le integrazioni possibili.
Drupal Entities - Emerging Patterns of UsageRonald Ashri
Entities are a powerful architectural approach and tool introduced in Drupal 7 - in this presentation I explain what they are and how they can be used with references to examples of how entities are used already.
OSGi Community Event 2014
Abstract:
The main topic of the session is the content of the blog post Modularized Persistence: Development of reusable modules that handle relational persistent data.
Additional subjects of the session
Reasons why we chose this technology stack instead of JEE
Transaction handling with the transaction-helper component (without EJB or Spring)
Caching the persistent data based on everit-cache-api
More details about the already implemented use-cases (localization, authorization, authentication, etc.)
During the session, there will be live examples of:
Code generation of Querydsl Metadata classes (same as static metamodel in JPA)
Converting a standard query to one that contains authorization logic
Speaker's goal
Introducing our modules to others so they can:
use them as they are
start discussions about improvements so others can use them in the future
Speaker Bio:
Balazs Zsoldos is the co-founder of Everit. He is the leader of the development of Everit OpenSource Components. Developing Java based solutions is not only his job but also his passion.
He believes in simplicity. That is why he decided to design and build as many simple, but useful goal-oriented modules as he can. As the base of the stack, he chose OSGi.
Balazs does not believe in monoholitic frameworks, therefore all of the solutions that was designed by him can be used separately.
In the beginning of his career, Balazs was a big fan of JEE and Spring. After a while, he changed his mind and started to try replacing everything with non-magical solutions that do not contain interceptors, weaving, etc.
"Android Data Binding в массы" Михаил АнохинFwdays
Рассмотрим что это такое, как работает, какие возможности предоставляет библиотека, как обрабатываются события внутри бибилиотеки и фрагменты кода сгенерированные для биндингов.
Также узнаем как добавить библиотеку в проект и на практических примерах оценим ее достоинства и недостатки при использовании в проекте.
Доклад включает в себя рассмотрение ключевых особенностей библиотеки. Также описывает обработку событий внутри библиотеки и в сформированных биндингах.
Дополнительно рассматривается создание собственных компонентов, расширяющих возможности элементов интерфейса, и в конце будет уделено отдельное внимание реализации двустороннего биндинга.
Your code sucks, let's fix it - DPC UnConRafael Dohms
How do you measure the quality of your code? Performance and testing are just one aspect of code, in order to meet deadlines and make maintenance quicker you also need your code to be readable, decoupled and generally easier to comprehend and work with. This talk will go over tips and exercises to help you identify trouble areas, refactor them and train you to write better code in future projects. Come make your code look and function better.
Drupal node access system & AUL 7.x.-2.x.
Topic was presented at Drupal-Austria Vienna Meetup May 2014.
http://www.meetup.com/Drupal-Austria/events/181216712/
atrium_username is a Drupal feature for managing user name display:
* a lightweight alternative to realname module;
* "works" before theme layer
* uses the node title of the user profile
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICESDrupalCamp Kyiv
In agile world when requirements changes faster than tasks got "done" status, we forced to make fast solutions that will work here and now. Being under pressure and in strict dead lines it easy to ignore code standards, "drupal way", and best practices that could be found in top Drupal sites. Tools and tips to keep your code clean.
https://drupalcampkyiv.org/node/37
Top Ten Reasons to Use EntityFieldQuery in DrupalFredric Mitchell
Drupal 7 introduced a great class, EntityFieldQuery (EFQ), to easily grab information from entities that was not available in Drupal 6.
This session will explore why you should be already using EFQ in your development practices. We'll also review how to use it and explore it's relationship with Drupal view modes and block entities (Beans).
This session will also explore comparisons with Views, and how EFQ should replace some of the common development practices using Views as a query tool.
EFQ Top Ten
Core
Well Documented
Simple
Consumable
Object-Oriented
Extensible
Alterable
Exception Handling
View Modes
Beans
Con la versione 7 di Drupal è stato introdotto il concetto di Entity, poi evoluto con la versione 8, utilizzato come base di buona parte degli elementi core (nodi, tassonomie, utenti, ...), ma - soprattutto - è stata data la possibilità di costruire entity custom. L'utilizzo di queste apre le possibilità di personalizzazione dello strumento ad un livello superiore velocizzando notevolmente lo sviluppo.
Verranno mostrate le potenzialità nell'uso delle Entity custom e le integrazioni possibili.
Drupal Entities - Emerging Patterns of UsageRonald Ashri
Entities are a powerful architectural approach and tool introduced in Drupal 7 - in this presentation I explain what they are and how they can be used with references to examples of how entities are used already.
OSGi Community Event 2014
Abstract:
The main topic of the session is the content of the blog post Modularized Persistence: Development of reusable modules that handle relational persistent data.
Additional subjects of the session
Reasons why we chose this technology stack instead of JEE
Transaction handling with the transaction-helper component (without EJB or Spring)
Caching the persistent data based on everit-cache-api
More details about the already implemented use-cases (localization, authorization, authentication, etc.)
During the session, there will be live examples of:
Code generation of Querydsl Metadata classes (same as static metamodel in JPA)
Converting a standard query to one that contains authorization logic
Speaker's goal
Introducing our modules to others so they can:
use them as they are
start discussions about improvements so others can use them in the future
Speaker Bio:
Balazs Zsoldos is the co-founder of Everit. He is the leader of the development of Everit OpenSource Components. Developing Java based solutions is not only his job but also his passion.
He believes in simplicity. That is why he decided to design and build as many simple, but useful goal-oriented modules as he can. As the base of the stack, he chose OSGi.
Balazs does not believe in monoholitic frameworks, therefore all of the solutions that was designed by him can be used separately.
In the beginning of his career, Balazs was a big fan of JEE and Spring. After a while, he changed his mind and started to try replacing everything with non-magical solutions that do not contain interceptors, weaving, etc.
"Android Data Binding в массы" Михаил АнохинFwdays
Рассмотрим что это такое, как работает, какие возможности предоставляет библиотека, как обрабатываются события внутри бибилиотеки и фрагменты кода сгенерированные для биндингов.
Также узнаем как добавить библиотеку в проект и на практических примерах оценим ее достоинства и недостатки при использовании в проекте.
Доклад включает в себя рассмотрение ключевых особенностей библиотеки. Также описывает обработку событий внутри библиотеки и в сформированных биндингах.
Дополнительно рассматривается создание собственных компонентов, расширяющих возможности элементов интерфейса, и в конце будет уделено отдельное внимание реализации двустороннего биндинга.
Your code sucks, let's fix it - DPC UnConRafael Dohms
How do you measure the quality of your code? Performance and testing are just one aspect of code, in order to meet deadlines and make maintenance quicker you also need your code to be readable, decoupled and generally easier to comprehend and work with. This talk will go over tips and exercises to help you identify trouble areas, refactor them and train you to write better code in future projects. Come make your code look and function better.
Drupal node access system & AUL 7.x.-2.x.
Topic was presented at Drupal-Austria Vienna Meetup May 2014.
http://www.meetup.com/Drupal-Austria/events/181216712/
jQuery UI Widgets, Drag and Drop, Drupal 7 JavascriptDarren Mothersele
These are the slides from my presentation at the London Drupal Drop In December 2011. I have posted more information to go along with these slides on my <a>Drupal blog</a>.
See how to use MongoDB in Symfony2 projects to speed up the development of web applications. We will give an introduction of MongoDB as a NoSQL database server and look at the options on how to work with it from Symfony2 and PHP applications.
Drupal is an enigma to its initiates and a sonic screwdriver to its experts. In module-land, users solve their own problems, the result being a myriad of puzzle pieces. Every ambitious drupal-focused company is building shortcuts to combine these pieces, be that through their own vertical Distributions, reusable Features or demo frameworks with Drolutions. What markets will Drupal conquer as these concepts mature? How can start-ups and enterprises leverage Drupal's rapid development velocity? How can you play your part in Drupal's vertical revolution?
Use A/B testing to monitor the impact of changes of web page elements that lead to more downloads, user contributed content, increased revenues, or whatever result you want to achieve. A/B testing involves testing two versions of a website - an A version (the control) and a B version (the variation) - with live traffic and measuring the effect each version has on your conversion rate.
Results of A/B tests are used to make informed decisions about how to structure and present content on a site. There is no longer a need to guess what the site's user response is to changes, simply test and look at the trends in the data.
The power and ease of use of the Optimizely framework is further enhanced using the Optimizely Drupal module. We will discuss the current and future integration of A/B testing with Drupal and Optimizely using the Optimizely Drupal module in detail. The presentation will end with a discussion of what future integration of Optimizely with Drupal is desired to further leverage the partnership.
Behat is a tool that makes behavior driven development (BDD) possible. With BDD, you write human-readable stories that describe the behavior of your Drupal site. These stories can then be auto-tested against your website, whether in the midst of development, or on a live site. And yes, it’s as cool as it sounds!
Behat, if embraced by enough Drupal folks, has the potential to vastly improve the way we build and test Drupal websites. Testing language can be developed by module maintainers, and allow nearly codefree testing to be developed by everyone, as needed, per site.
Behat IS NOT unit testing nor a specification testing tool. Behat is a Scenario-oriented BDD framework with functional testing capabilities as part of a communication process between stake-holders and developers. Think Agile User Stories meets Selenium.
Behat is currently used to test Drupal.org, allowing a variety of coders to work on a single site, and ensure that no existing functionality will break as they add new features. Or as it's migrated from one version to another. Imagine that on your site.
We will review Behat (and Mink, and related code), how to use it with Drupal, Drush, and the existing modules/code to support that. We will demo live testing, and so how easy it is to write tests, with and without code.
In all the years of designing for Drupal, the one thing I have learned is to always borrow from the best and build it into a base theme. Now, I know you’re saying to yourself — not another base theme. But why not? If I told you your theme could be responsive from the start, have flexible regions that you didn't have to design for, and that you could avoid the JQuery conflicts that plague Drupal 7, would you be interested?
Drupal Commerce - The Product vs Display Conundrum and How to Explain it to a...nyccamp
A key concept in Drupal Commerce is the Product Display vs Product model used to separate physical products from their display on the website.
Depending on your point of view, this makes perfect sense or is a conceptual or practical nightmare. However you feel about it, understanding the reasoning behind the concept is essential when it comes to planning and implementing a Drupal Commerce project.
http://nyccamp.org/sessions/drupal-commerce-product-vs-display-conundrum-and-how-explain-it-customer
Promotions Vouchers and Offers in Drupal Commercenyccamp
Drupal Commerce is an incredibly powerful suite of modules for creating e-Commerce sites in Drupal. With Rules based pricing it is possible to create highly complex special offers, vouchers and variable pricing. However, this can be a minefield of business logic contradiction and complex rule configuration way beyond what your site administrator can manage easily.
Our clients often come to Drupal with expectations about the features of a content management system (CMS). In many cases, Drupal handles the features they expect. However, not all editorial tools are a part of Drupal Core, and Drupal has addressed these tools with various contributed modules. As a result, Drupal’s editorial space generally lacks a consistent workflow and interface.
Ideally suited to the needs of universities. Workbench incorporates contributed modules and has some new features of its own:
Hierarchical permission inheritance by “Sections” not just content types
Extensible workflow states
Single repository for media management
Modify live content without publishing changes immediately
Workbench provides a unified interface for managing content. In effect, Workbench hides Drupal from you and makes content management about your institution and your website, not about Drupal.
Speaker(s): Ken Rickard
Experience Level: Beginner
Deployment Strategies: Managing Code, Content, and Configurationsnyccamp
Most development shops make use of a "development/staging/production" server model. Maintaining code, content, and configurations across multiple environments can be a bit tricky, particularly since drupal doesn't currently provide any native means to separate configuration from content. This session would discuss the various methods to make sure that your development server looks like your production server. We will touch on version control, the backup and migrate module, and the features module, as well as integrating a deployment management software such as hudson or aegir, and how to scale these solutions from a small application to a large enterprise server architecture.
Speaker(s): Nick Hepner
Experience Level: Intermediate
Drupal Aware Design: Good Techniques for Better Themesnyccamp
Between design and Drupal theme we change gears dramatically in process and thinking. As designers, we craft our work with wowing users in mind, and as themers, we strive to architect the design and make it pop. We can better unify these approaches to save time and work better. Drupal is adept at making virtually any design look great. What can we achieve in design, both individually and as a community? How can we build diverse designs seamlessly without a hitch along the way? We'll talk about how to improve every step of a process, from prototypes to wireframes. We'll discuss resolving complications like handovers in markup and themes that, due to a design's particularities or a time crunch, end up hacky and impossible to extend. We'll also dwell briefly on important ideas like accessibility and semantics, all while creating Drupal-ready designs and themes that perform perfectly across the board!
Here's a brief summary of what we'll tackle:
Some design principles, including Drupal's
Drupal-aware: Design with Drupal, not for Drupal
One design, many layout possibilities
Thinking about Drupal's structure and markup
How to write an awesome theme
Drupal code standards and conventions
Contributing good themes
To Drupal and beyond: Code that lasts
This session is geared toward designers with some HTML/CSS background and theming beginners. We will also work with a little painless PHP.
Speaker(s): Preston So
Experience Level: Beginner
In this session we’ll take a look at 7 unique higher education case studies showcasing the diversity of Drupal solutions in the .edu space. The case studies show Drupal as a solution for everything from departmental web presences to university wide web publishing solutions and learning management systems. Culled from interviews with university IT teams across the country from private to public both large and small, we’ll examine implementation choices, lessons learned and the business reasons that made Drupal the right choice.
Keypoints:
We'll identify the top issues facing Higher Education and how Drupal can help address them.
We'll take a look at seven case studies of Drupal in use in higher ed:
- Drupal as Unit CMS - College of Fine Arts, UT Austin
- Drupal as Flagship - Duke University
- Drupal as Intranet - California State University, Monterey Bay
- Drupal as LMS - ELMS, Penn State University
- Drupal as Lingua Franca - Stanford University
- Drupal as University Wide Solution - Yale University
- Drupal as OOTB software - Open Academy, University of California, Berkeley
We’ll look at lessons learned and resources available to higher education Drupal implementers.
This Session has been presented at Drupal Camp UT Austin.
Drupal 7's theme layer suffered from "Arrays of Doom" and the impenetrable render(). After having to learn and use these tools, the community has rebelled and decided we need to make some major changes in Drupal 8.
Come learn about Twig, a new Symfonic templating language we can use to decrease Drupal's learning curve and increase security on every Drupal site.
Is your site ready for the mobile web? Are you sure? Go ahead, check it on your phone, and your kid's phone, and a tablet, and some Android dealies, and a Bleakberry. And a TV or two. I'll wait.
That was an eye-opener, right?
Web design and front end development has never been more complex than it is now, and it's likely to get worse before it gets better. Should you design your site "Mobile First"? How about "Adaptive" or "Responsive"? What's the difference between those again? I want to talk about why you might want to choose these approaches to your project.
CSS is also not really up to the task of managing all this complexity. Sure, it *can* do it, but pure CSS strains almost to the breaking point under the pressure. So let's welcome Sass to the party. Sass is a CSS preprocessor that gives CSS authors the tools we've been aching for in creating and managing large and complex CSS projects. We'll cover a few of the Sass basics, but the real value here is in the more sophisticated tools that let you manage all the moving parts necessary in creating all this new-fangled wizardry.
We'll cover:
- Mobile First
- Adaptive Design
- Responsive Design
- Stand-alone mobile options
- Sass
- Mobile-focused tools
- Compass
- Survival Kit
- Susy
Drupal and Apache Solr Search Go Together Like Pizza and Beer for Your Sitenyccamp
The Apache Solr Search Integration module provides integration with the (free, open-source) Apache Solr server. This great combination of Drupal with a powerful and flexible search server will make your site irresistible to visitors by providing advanced search features like faceting filtering and by delivering the most relevant search results from your site. The module has been re-written for Drupal 7 to integrate with Facet API and those changes have been backported to a new Drupal 6 branch. Thus, you can use this module for all your projects, as well as setting up a shared search index that allows you to search across different Drupal 6 and Drupal 7 sites. This talk will focus on explaining configurations options in the admin UI to help you quickly and confidently configure the facets, pages, related content blocks, and other features for your site. Highlights may include:
- What are the key Solr concepts you need to understand to get the most out of Solr integration?
- How is the module admin UI organized?
- How do I configure facets, sorts, and content recommendation blocks?
- How can I use additional modules to index file attachments?
This session will address how complex social networks of various types can be built with Drupal. The nuances of Feeds, Walls, Sharing (both private and public), Friends, Following, and (most importantly) Privacy will be explored, and options for building these features with Drupal will be discussed, with examples from the real world.
This is an advanced session but anyone with social-networking dreams would benefit from learning the challenges in building one.
How do you make a network "Social"?
A Drupal site is a network of users and content, but it is not inherently social. It's greatest original feature was the ability for multiple users to collaborate in managing the system. We'll talk about what makes networks social and what makes them fun: Feeds, Activity, & Sharing.
"News Feeds" can show not only your friend's content, but your friends-of-your-friends content when the target is your friend. Sound complicated? It is!
"Activity" is when you become friends with someone, join the site, "like" something, commented on something... the list goes on. Without activity display, a social network feels more like a MySpace than Facebook. But be careful... if you list each new activity all of your friends make, it can get clogged with redundant announcements. Learn how we devised a system that lets us smartly group recent activity taken by user, taxonomy term, or node.
Great social networks may be easy to use, but the logic behind true social networks is very complex.
The Details
- Building news feeds for friends and "followed" terms with Search API with Apache Solr
- How to let users "share" content and write on other users "walls".
- Creating an "activity" system that shows users activity around the site and can group similar activity together.
- Privacy & Permissions: How to give control where control is due.
About the Speaker
Jonathan is the Founder & CTO of ThinkDrop Consulting, a Drupal consulting company in Brooklyn, New York and has been developing with Drupal for more than 7 years, coding with PHP for more than 11 years, and hypertexting with HTML since 1997.
This session was originally given at DrupalCampNYC 10 in December of 2012
Slides available at https://docs.google.com/present/view?id=dg3sc8t9_2cbxfbnqg
NOTE: I apologize for the layout problems, Google Docs Presentations look different on different operating systems
Experience Level: Advanced
Drupal 8 development is underway, and there are some very exciting things coming down the pipe. I'll bring you up to speed with what's going on in the major Drupal 8 Core initiatives and by the time we're finished, you will have tangible ways to get involved in the next iteration of Drupal.
This presentation is based on webchick's Drupal 8 slides. Since Drupal 8 is under very active development, the slides/presentation will change between now and the time I give it. I will upload the new version too.
This session will address how complex social networks of various types can be built with Drupal. The nuances of Feeds, Walls, Sharing (both private and public), Friends, Following, and (most importantly) Privacy will be explored, and options for building these features with Drupal will be discussed, with examples from the real world.
This is an advanced session but anyone with social-networking dreams would benefit from learning the challenges in building one.
How do you make a network "Social"?
A Drupal site is a network of users and content, but it is not inherently social. It's greatest original feature was the ability for multiple users to collaborate in managing the system. We'll talk about what makes networks social and what makes them fun: Feeds, Activity, & Sharing.
"News Feeds" can show not only your friend's content, but your friends-of-your-friends content when the target is your friend. Sound complicated? It is!
"Activity" is when you become friends with someone, join the site, "like" something, commented on something... the list goes on. Without activity display, a social network feels more like a MySpace than Facebook. But be careful... if you list each new activity all of your friends make, it can get clogged with redundant announcements. Learn how we devised a system that lets us smartly group recent activity taken by user, taxonomy term, or node.
Great social networks may be easy to use, but the logic behind true social networks is very complex.
The Details
- Building news feeds for friends and "followed" terms with Search API with Apache Solr
- How to let users "share" content and write on other users "walls".
- Creating an "activity" system that shows users activity around the site and can group similar activity together.
- Privacy & Permissions: How to give control where control is due.
About the Speaker
Jonathan is the Founder & CTO of ThinkDrop Consulting, a Drupal consulting company in Brooklyn, New York and has been developing with Drupal for more than 7 years, coding with PHP for more than 11 years, and hypertexting with HTML since 1997.
This session was originally given at DrupalCampNYC 10 in December of 2012
Slides available at https://docs.google.com/present/view?id=dg3sc8t9_2cbxfbnqg
NOTE: I apologize for the layout problems, Google Docs Presentations look different on different operating systems
The migrate module provides a flexible framework for migrating content into Drupal from other sources (e.g., when converting a web site from another CMS to Drupal). Out-of-the-box, support for creating core Drupal objects such as nodes, users, files, terms, and comments are included - it can easily be extended for migrating other kinds of content. The power comes from an object oriented API that's tricky to get started with - We'll walk through the various classes in the module and how they work together to manage migrations.
I am currently looking for co-presenters or to present in a panel format as I feel we can all have something to learn from each other.
UPDATE July 21, 2012: Thank you to everyone that was able to come out to the session. I know it was a complex topic. As another resource, you can take a look at the code from the example I displayed today at https://bitbucket.org/btmash/redcat_new_migration. Obviously, the migration won't work (the db needs to exist) but the code should hopefully be helpful. Cheers!
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)nyccamp
Over 70% of the security issues in Drupal sites are either XSS, CSRF, or SQL Injection. Let's talk about how sites get hacked and how you can write secure Drupal code and maintain security throughout your development process and live maintenance.
About the Presenter:
Ben Jeavons is a member of the Drupal Security team and co-author of the Drupal Security Report. As an engineer at Acquia he works on the Acquia Network including the security and performance analysis tool, Acquia Insight.
Experience Level: Intermediate
Want to automate testing on your site? don't know coding? No Problem! Selenium to your rescue!!
Drupal + Selenium = Drulenium
In this session I will demonstrate how Selenium can be used to
- Build the site
- Generate test content
- Deploy Dev -> Stage -> Prod
- Automate Testing
Selenium IDE is an integrated development environment for Selenium scripts. It is implemented as a Firefox extension, and allows you to record, edit, and debug tests. Selenium IDE includes the entire Selenium Core, allowing you to easily and quickly record and play back tests in the actual environment that they will run."
Experience Level: Beginner
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
10. What is Node Access?
Drupal’s system for controlling the
access to nodes (content) for:
• View
• Edit
• Delete
• and now...Create
Sunday, July 22, 2012
11. Drupal 7 Goodness
• Create permissions!
• Alter hooks!
• ‘Bypass node access’
• Access control modules
• Node Access API modules
Sunday, July 22, 2012
18. Filter queries in Drupal 6
$result = db_query(db_rewrite_sql(
“SELECT nid FROM {node} WHERE
status = 1 AND
promote = 1
ORDER BY
sticky DESC,
created DESC”
));
Sunday, July 22, 2012
30. • Node Access is not user_access().
• Node Access is an API for content
CRUD permissions.
• It extends Drupal’s core permissions
system.
• It is contextual.
Sunday, July 22, 2012
31. Boolean assertions
if (user_access(‘administer nodes’)) {
return t(“I’ll be back.”);
}
Sunday, July 22, 2012
34. • Those two functions look similar.
• But they aren’t.
Sunday, July 22, 2012
35. node_access() Walk-through
function node_access($op, $node, $account = NULL) {
$rights = &drupal_static(__FUNCTION__, array());
if (!$node || !in_array($op, array('view', 'update', 'delete', 'create'),
TRUE)) {
// If there was no node to check against, or the $op was not one of the
// supported ones, we return access denied.
return FALSE;
}
// If no user object is supplied, the access check is for the current user.
if (empty($account)) {
$account = $GLOBALS['user'];
}
Sunday, July 22, 2012
36. // $node may be either an object or a node type. Since node types cannot be
// an integer, use either nid or type as the static cache id.
$cid = is_object($node) ? $node->nid : $node;
// If we've already checked access for this node, user and op, return from
// cache.
if (isset($rights[$account->uid][$cid][$op])) {
return $rights[$account->uid][$cid][$op];
}
if (user_access('bypass node access', $account)) {
$rights[$account->uid][$cid][$op] = TRUE;
return TRUE;
}
if (!user_access('access content', $account)) {
$rights[$account->uid][$cid][$op] = FALSE;
return FALSE;
}
Sunday, July 22, 2012
37. // We grant access to the node if both of the following conditions are met:
// - No modules say to deny access.
// - At least one module says to grant access.
// If no module specified either allow or deny, we fall back to the
// node_access table.
$access = module_invoke_all('node_access', $node, $op, $account);
if (in_array(NODE_ACCESS_DENY, $access, TRUE)) {
$rights[$account->uid][$cid][$op] = FALSE;
return FALSE;
}
elseif (in_array(NODE_ACCESS_ALLOW, $access, TRUE)) {
$rights[$account->uid][$cid][$op] = TRUE;
return TRUE;
}
// Check if authors can view their own unpublished nodes.
if ($op == 'view' && !$node->status && user_access('view own unpublished
content', $account) && $account->uid == $node->uid && $account->uid != 0) {
$rights[$account->uid][$cid][$op] = TRUE;
return TRUE;
}
Sunday, July 22, 2012
39. elseif (is_object($node) && $op == 'view' && $node->status) {
// If no modules implement hook_node_grants(), the default behavior is to
// allow all users to view published nodes, so reflect that here.
$rights[$account->uid][$cid][$op] = TRUE;
return TRUE;
}
}
return FALSE;
}
Sunday, July 22, 2012
41. hook_node_access($node, $op, $account)
• Replaces hook_access().
• Can be run by any module!
• Can return TRUE, FALSE or NULL.
• Used for access to individual nodes.
Sunday, July 22, 2012
42. Access control modules
• Act on Create, View, Update & Delete.
• No tables*.
• No queries*.
• Just business logic.
• DENY, ALLOW, IGNORE
Sunday, July 22, 2012
45. /**
* Implement hook_node_access().
*
* Only allow posts by users more than two days old.
*/
function delay_node_access($node, $op, $account) {
if ($op != 'create') {
return NODE_ACCESS_IGNORE;
}
if (empty($account->created) ||
$account->created > (REQUEST_TIME - (48*3600)))
{
return NODE_ACCESS_DENY;
}
return NODE_ACCESS_IGNORE;
}
Sunday, July 22, 2012
47. • No more hook_menu_alter().
• Explicit DENY grants.
• Explicit ALLOW grants.
• Apply to all node types!
• Apply to node creation!
Sunday, July 22, 2012
49. • Individual nodes / actions only.
• Running lookup queries per node
can be expensive.
• Can override other modules.
• Cannot generate accurate lists.
Sunday, July 22, 2012
51. NODE ACCESS API
• Uses {node_access} for list queries.
• Creates JOINs to return lists of nodes.
• Does not act on ‘create’ operation.
• Requires numeric keys.
Sunday, July 22, 2012
56. function example_node_grants($account, $op) {
if (user_access('access private content', $account)) {
$grants['example'] = array(1);
}
$grants['example_owner'] = array($account->uid);
return $grants;
}
Sunday, July 22, 2012
57. • Map the user’s grants to the stored
grants.
• JOIN {node_access} to the query.
• Return the node or not.
• OR based access logic.
Sunday, July 22, 2012
58. • Two-part system!
• One query does not cover all cases!
‘create’
‘delete’
‘update’
‘view’
Sunday, July 22, 2012
61. • Make sure you hook_node_load()
your data.
• node_load() must match node_save()
• Other modules may depend on you!
Sunday, July 22, 2012
62. Devel Node Access
• Debugging tools for developers.
• And site administrators!
Sunday, July 22, 2012
63. hook_node_access_explain()
/**
* Implements hook_node_access_explain for devel.module
*/
function domain_node_access_explain($row) {
$_domain = domain_get_domain();
$active = $_domain['subdomain'];
$domain = domain_lookup($row->gid);
$return = t('Domain Access') . ' -- ';
switch ($row->realm) {
case 'domain_all':
if (domain_grant_all() == TRUE) {
$return .= t('True: Allows content from all domains to be
shown.');
}
else {
$return .= t('False: Only allows content from the active
domain (%domain) or from all affiliates.', array('%domain' =>
$active));
}
Sunday, July 22, 2012
67. hook_node_access_records_alter()
• Change storage rules before they are
written to the database!
• Remember to alter node storage as
needed, too!*
• * Runs after node_save() :-(
Sunday, July 22, 2012
68. function hook_node_access_records_alter(&$grants, $node) {
// Our module allows editors to mark specific articles
// with the 'is_preview' field.
if ($node->is_preview) {
// Our module grants are set in $grants['example'].
$temp = $grants['example'];
// Now remove all module grants but our own.
$grants = array('example' => $temp);
}
}
Sunday, July 22, 2012
69. hook_node_grants_alter()
• Alter the user’s grants at request
time.
• Quick and easy!
Sunday, July 22, 2012
70. function hook_node_grants_alter(&$grants, $account, $op) {
// Get our list of banned roles.
$restricted = variable_get('example_restricted_roles', array());
if ($op != 'view' && !empty($restricted)) {
foreach ($restricted as $role_id) {
if (isset($user->roles[$role_id])) {
$grants = array();
}
}
}
}
Sunday, July 22, 2012
71. hook_query_alter()
/**
* Implements hook_query_TAG_alter().
*
* If enabled, force admins to use Domain Access rules.
*/
function domain_query_node_access_alter($query) {
$admin_force = variable_get('domain_force_admin', FALSE);
// In any of the following cases, do not enforce any rules.
if (empty($admin_force) || !user_access('bypass node access')
|| domain_grant_all()) {
return;
}
domain_alter_node_query($query);
}
Sunday, July 22, 2012
74. Drupal 8 Changes
• Language-sensitive
• Abstract to all entities
• Remove hook_node_access()?
• Better list queries in core?
• Support AND and OR logic?
Sunday, July 22, 2012
75. function node_access($op, $node, $account = NULL, $langcode = NULL) {
$rights = &drupal_static(__FUNCTION__, array());
...
// If we've already checked access for this node, user and op, return from
// cache.
if (isset($rights[$account->uid][$cid][$langcode][$op])) {
return $rights[$account->uid][$cid][$langcode][$op];
}
if (user_access('bypass node access', $account)) {
$rights[$account->uid][$cid][$langcode][$op] = TRUE;
return TRUE;
}
if (!user_access('access content', $account)) {
$rights[$account->uid][$cid][$langcode][$op] = FALSE;
return FALSE;
}
Sunday, July 22, 2012
76. Key issues
• Make a general access API
• http://drupal.org/node/777578
• Make node_access() language aware
• http://drupal.org/node/1658814
• Query madness
• http://drupal.org/node/1349080
Sunday, July 22, 2012