Third & Grove: Granite Construction Drupal Case Study

Planet Drupal - Wed, 2017/01/11 - 9:00am
Granite Construction Drupal Case Study antonella Wed, 01/11/2017 - 03:00
Categories:

Drupal Modules: The One Percent: Drupal Modules: The One Percent — Trash (video tutorial)

Planet Drupal - Wed, 2017/01/11 - 4:04am
Drupal Modules: The One Percent — Trash (video tutorial) NonProfit Tue, 01/10/2017 - 21:04 Episode 13

Here is where we bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll investigate Trash, a module where deleted content entities are sent to a bin where they can later be reenabled or permanently removed.

Categories:

Red Route: Close enough for a side project - how to know when things are good enough

Planet Drupal - Tue, 2017/01/10 - 11:05pm

Once upon a time, before I became a web developer, I worked doing sound and light for events. Like web development, the hours tend to be long, and the work tends to attract anti-social oddballs. Unlike web development, you deal with rock stars. Like most professions, it’s full of jargon and in-jokes. One of the phrases in common usage in that industry was “close enough for rock and roll”. Depending on who you were talking to, it might have been jazz rather than rock and roll, but you get the idea. It isn’t too far away from the notion previously popularised by Voltaire: “Perfect is the enemy of good”.

Another formulation of the same idea was expressed slightly more succinctly (and less politely) on the T-shirt shown in the photo attached to this blog post. It was designed by and for my old student union stage crew. While the T-shirt encapsulates a lot of the attitude of the team, it would be a mistake to imagine that we were sloppy. As I’ve written before, we were unpaid, but we certainly weren’t amateurs. That volunteer crew probably had as high a level of professionalism as any team I’ve been a part of. The point was that we cared about the right things, and there comes a point where you have to accept that things are as good as they are realistically going to get.

There’s a point where it just isn’t worth putting in more effort before launch. You’ve done as much as you can, and you’re proving the law of diminishing returns, or the Pareto principle. Besides, if you carry on fixing things, you’ll end up delaying your launch. If you’re getting ready to put on a show, there's a point where you have to open the doors, whether or not things are 100% ready. There are people outside who have bought tickets. They don’t want to wait while you mess about with your final preparations. They’re here to see the show, and their idea of perfection is very likely to be different from yours.

In events, these people are (somewhat dismissively) called ‘punters’, and they don’t notice the same things that you do. Unless they’re in the business themselves, their perception of the event is likely to be very different to yours. Working on stage crew, I’ve cobbled things together with gaffa tape and crossed my fingers, and the show has turned out fantastically well. As a musician, I’ve done shows that I thought were riddled with mistakes, and people in the audience told me it was the best gig they’d seen us play. Punters don’t go to gigs for technically competent sound or lighting, or flawless performances - they go because they want to have a good time. Things are never as shiny backstage as they are front of house.

Similarly, as a developer, I’ve built sites that have won awards, although the code made me cringe. From a technical point of view, you may not be proud of the code or the architecture underlying a website, but that’s not what people are here for. They are visiting your website for the content, or some of the interactivity that it provides. Most sites are not perfect, but they don’t need to be.

There are certain areas where you should never cut corners. In events, that’s things like rigging lights from the ceiling - you have to make sure that they won’t fall on anyone’s head. In development, it’s in security - you have to make sure that people’s data is safe. If there’s a chance people might get hurt, there’s no excuse for sloppiness. But in most areas of most projects, you’re never going to get things perfect - you need to know what’s good enough.

I’ve been working on my own current side project (the redesign and Drupal 8 upgrade of an art gallery listings site) for a while now, in between the day job and family life. Just before Christmas, I still had quite a few tasks left on my board, but having read an article by Ben Roux, I knew that I needed to get the thing live, sooner rather than later. This is the great thing about side projects - there's something marvellously liberating being able to just make that decision for myself, without consultation with clients or stakeholders.

The great thing about putting your work out there on the web is that publishing improvements is trivial. I’ve defined my minimum viable redesign, so I can iterate and improve after launch, even though some of the functionality from the old Drupal 6 version isn’t ready. I could keep polishing and polishing, but it’s better to put it out there, and fix things later. Besides, I’m pretty confident that the new design is better than the old one, in spite of a few rough edges. Chances are, I’m the only person who will pick up on most of the problems with the site.

On the other hand, this means that nothing is ever finished. One of the things I loved about working in events was that there was a clear beginning, middle and end. We would start with an empty room and a full truck. We would unpack the truck, and fill the room with gear. Then we would put on a show. After the show, we’d pack up the gear and put it back into the truck. Then the truck would drive to the next venue, and we could (usually) go home with the satisfaction of a job well done.

With web development, it’s more like endlessly pushing a boulder up a hill. After putting a site live, there’s no great moment of triumph. If we take the analogy of a concert, it’s more like opening the doors and letting the punters in. Unless it’s a short-lived marketing site, the only time you ever take a website down and pack everything away is if the business has failed. There are always things to improve. I could keep adding features, or tweaking the design, or improving performance forever. But what value would it add? Besides, it’s a side project, and I’ve got other things to do.

Tags:  The Gallery Guide Drupal Drupal 8 work All tags
Categories:

John Svensson: Uninstall Drupal 8 modules that includes default configuration

Planet Drupal - Tue, 2017/01/10 - 11:02pm

In our modules we can include default configuration to ship content types, views, vocabularies on install. If we try to reinstall the module, we'll get an error. Let's take a look at why and how we can solve it.

Unable to install … already exist in active configuration

During uninstall the configuration is not removed because it has no connection to the module itself and thus we get the error because Drupal modules may not replace active configuration. The reason for that is to prevent configuration losses.

We can move all the configuration to config/optional rather than config/install which basically means that configuration that does not exists will be installed and the existing one will be ignored. If we do this we can reinstall the module.

So, if we want the configuration to remain active we've already solved the problem, but if we don't want that, we want the module to remove all configuration and contents its provided we'll need to look at another solution.

Let's take a look at the Article content type that is created when using the Standard distribution on installing Drupal.

node.type.article.yml

langcode: en status: true dependencies: { } name: Article type: article description: 'Use <em>articles</em> for time-sensitive content like news, press releases or blog posts.' help: '' new_revision: true preview_mode: 1 display_submitted: true

field.field.node.article.body.yml

langcode: en status: true dependencies: config: - field.storage.node.body - node.type.article module: - text id: node.article.body field_name: body entity_type: node bundle: article label: Body description: '' required: false translatable: true default_value: { } default_value_callback: '' settings: display_summary: true field_type: text_with_summary

If we delete the content type, we can find out that the field instance body on the content type has been removed. First we actually see that the configuration will be removed when confirming the deletion of the content type, but also by looking in the database in the config table where active configuration is stored. It's gone.

The reason it's deleted is because it has an dependency on the node.type.article.yml configuration as we can see:

dependencies: config: - field.storage.node.body - node.type.article module: - text

So what we need to do to make sure the content type we create when installing or module, that it's configuration uses our module as an dependency. So let's take a look at how we can do that:

Let's imagine we have a custom_event module that creates a event content type.

node.type.event.yml

langcode: en status: true dependencies: enforced: module: - custom_event third_party_settings: {} name: Event type: event description: 'Event' help: '' new_revision: true preview_mode: 1 display_submitted: false

The dependencies-part is the interesting one:

dependencies: enforced: module: - custom_event

We have defined a custom_event module, in that module we have some exported configuration files in the config/install folder. We update the node.type.event.yml configuration file to have our module as an dependency. Now when we uninstall the module, the content type will be removed.

We also have to do this for our views, taxonomy, and field storages, or pretty much any configuration entity we provide configuration for. We don't have to worry about field instances, as we saw above those are dependent on the content type itself, but field storages on the other hand does not depend on a content type because you can reuse fields on multiple of those.

So, just add the module as an dependency and you're good to go, here's an example on a field storage field_image

field.storage.node.field_image.yml

langcode: en status: true dependencies: enforced: module: - custom_event module: - file - image - node id: node.field_image field_name: field_image entity_type: node type: image settings: uri_scheme: public default_image: uuid: null alt: '' title: '' width: null height: null target_type: file display_field: false display_default: false module: image locked: false cardinality: 1 translatable: true indexes: target_id: - target_id persist_with_no_fields: false custom_storage: false
Categories:

Palantir: Prominent Midwest Business School

Planet Drupal - Tue, 2017/01/10 - 8:35pm
Prominent Midwest Business School brandt Tue, 01/10/2017 - 13:35 Visibility of Research and Ideas Through a Beautiful Design

A highly customizable layout to showcase our client's content.

Highlights
  • Highly customizable layout
  • A strong visual hierarchy punctuated with thoughtful typographic details  
  • Robust tagging and taxonomy for showcasing content

We want to make your project a success.

Let's Chat.

One of the oldest business schools in the country with a worldwide network of over 50,000 alumni, our client is one of the top-ranked business schools in the world. With a reputation for new ideas and research, it needs its online presence to reflect its bold, innovative approach to business education.

Our client’s approach to learning is to, “constantly question, test ideas, and seek proof,” which leads to new ideas and innovative solutions within business. Beyond the classroom, this approach empowers thought leaders and analytical minds to shape the future through deeper analysis and discovery.

In order to create greater visibility of the school’s research and ideas, the school publishes digital and print publications that give insight to business leaders and policymakers who can act upon those ideas. The publications help convey the concepts and research findings generated by the school, as well as by academics outside the school, via articles, infographics, charts, videos, and other devices.

Since both publications were due for an upgrade, our client decided to update its web presence and quarterly print magazine at the same time. With our client having already partnered with another firm to complete the magazine design, Palantir was brought in to design and develop the website in a way that provided cohesion between the two mediums.

Goals and Direction

Because the publication’s previous site was outdated and not optimized for mobile devices, the overall performance was less than ideal, with long loading times causing problems on tablets and smartphones. Additionally, the hierarchy on the old site needed some rethinking: the site was difficult to navigate, with limitations on how articles and videos could be connected, since visitors couldn’t easily or effectively filter or search the contents of the site.

The primary high-level goals for the redesign were to:

  • Move the site to Drupal, which allowed for increased community support and more flexibility in tools that could be incorporated
  • Provide an experience that demonstrated the depth of content from the publication
  • Optimize content search and social visibility
  • Provide a flexible platform that would evolve as the content evolved
  • Highlight visuals and alternative story formats
  • Leverage content featuring the business school’s high-profile faculty

To accomplish the majority of these goals, a well-planned content strategy was required. The new site needed the ability to display content in a variety of ways in order to make it digestible and actionable for readers. All content had to be easily sharable and optimized for the greatest possibility of distribution. Lastly once readers found content they wanted, related content should surface as well.

To support the content strategy, site editors needed the power to elevate content connections and relations through a strong visual design that offered flexibility, and with hierarchy that made sure news matched what visitors were looking for. They also required options on how to best showcase content, as well as the ability to include multiple storytelling mechanisms.

Examples of how related content is displayed in both desktop and mobile views while preserving typographic details.Site Focus

Once goals were outlined, Palantir worked to create a solid content strategy for the site. Taxonomy and tagging were addressed, and a new information architecture was put in place in order to make sure content was being seen and surfaced at the right time. After the initial strategy work was completed, it was decided to focus the work in two key areas:

  • Increase the number of pages during each visit. Prior to the redesign, a large percentage of visitors were coming in from search and social for a single article and then leaving before accessing any more articles, videos, or graphics. The former content management system made tying in related content difficult, so attention was given to each step of the process to make sure that related content could be easily surfaced by editors or by the system based on tagging. A goal was to give visitors more of the type of content they were looking for.
  • Improve number of visits per month. As important as it is to make navigating the site better, ensuring that visitors could find the content more easily was a key improvement that was needed for the site. As part of that, the site required better metadata for search and social optimization.
Style tile: Playful/Colorful/ProgressiveStyle tile: Dynamic/Modern/Bright

The design of the site was critical to achieving the goals, and we were given latitude to push the boundaries of the existing brand standards in order to give the magazine a distinctive look through color and typography. Our design team expanded the existing brand signals from our client in order to create style tiles to represent the general mood, typography, and colors recommended for the new site. With the variations in image treatment, typography, color palette, and button/quote designs, each style tile worked to capture a specific voice and personality for the magazine. This allowed us to quickly gauge how our client wanted to present itself to the world prior to starting formal layouts.

Once the final direction was chosen, we concentrated next on wireframing the pages so we could marry the functionality with the intended hierarchy and ensure that the revised content strategy was working as efficiently and powerfully as possible. Given that users spent the majority of time on those pages, individual article pages were given particular emphasis in wireframing, to ensure users would be enticed to explore further into the site.

In the layout phase, typography was given special attention, with drop-caps and call-out quotes being implemented to keep a print feel and break up a sea of gray text for long articles. This approach was particularly necessary on the mobile view, allowing the content to take center stage without losing any of the design details. Sharing on social media was also accounted for, with shorter quotes having their own dedicated sharing buttons. Additionally, the wealth of artwork provided by the school’s internal team created exciting opportunities for our design team on all applicable articles.

While not always the entry point for users, the homepage design needed to be as flexible as possible. Not only did we have to account for the hierarchy of stories and surface related content in the right way, but to allow for multiple types of content to be displayed while balancing related articles and email newsletter sign-up forms.

Examples of how the homepage can be customized to promote specific sections of content.  The Results

In the end, our client received a beautiful design that showcases the content well, and provides easy access to related content. Back-end editors are happy with the improved formatting and editing ability, with one editor saying, “it’s not even comparable to our previous site.” Our designs introduced new ways of visually displaying a wealth of content and helped push innovation for the magazine redesign. The print designers were able to apply our design signals to the associated print piece, creating a strong cohesion across all collateral to enhance the school’s brand.

The variety offered by the new homepage design supported the goal of increasing the page views, providing more opportunities to entice people to continue their experience, with connections between different articles and videos. With much of the greater University on Drupal, the move to Drupal also allowed the staff increased support within the school community. The flexibility of the modular design and build allowed staff to control the process and to be able to leverage important research to audiences and policymakers for years to come.

Content collapsed into mobile views.

 

We want to make your project a success.

Let's Chat. Drupal Services strategy design development
Categories:

Fuse Interactive: UX for Content Editors & Administrators

Planet Drupal - Tue, 2017/01/10 - 7:44pm

User Experience as it relates to Content Management Systems tends to overlook its most important users: Content Editors & Administrators.

Categories:

DrupalEasy: DrupalEasy Podcast 189 - BACnet to the Future (David Thompson - Energy and Drupal)

Planet Drupal - Tue, 2017/01/10 - 3:20pm

Direct .mp3 file download.

David Thompson (dbt102), consultant with Function 1, and maintainer of the BACnet and AppCtrl modules (used for building energy management) joins Mike on this first podcast of 2017.

Interview DrupalEasy News Three Stories Sponsors Picks of the Week Upcoming Events Follow us on Twitter Five Questions (answers only)
  1. Bikram Yoga
  2. BACnet advanced workstation with Web Control
  3. Presenting at DrupalCon
  4. Emu
  5. Understanding the value of CCK
Intro Music Subscribe

Subscribe to our podcast on iTunes, Google Play or Miro. Listen to our podcast on Stitcher.

If you'd like to leave us a voicemail, call 321-396-2340. Please keep in mind that we might play your voicemail during one of our future podcasts. Feel free to call in with suggestions, rants, questions, or corrections. If you'd rather just send us an email, please use our contact page.

Categories:

Code Enigma: SAML ADFS authentication in Drupal

Planet Drupal - Tue, 2017/01/10 - 2:24pm
SAML ADFS authentication in Drupal Language English Return to Blog SAML ADFS authentication in Drupal

Drupal as consumer/SP, ADFS as IdP

Tue, 2017-01-10 13:24By pascal

We'll try to cover the needed step to authenticate (and create if need) Drupal 7 users against an external Active Directory Federation server, using SimpleSAMLphp and the simplesamlphp_auth module.

Examples are given for a Debian server, using Nginx and php-fpm, but most of the configuration would be similar for other setups, and except for the application integration part, the SimpleSAML setup part should apply to any php integration.

Assumptions

We'll assume that:

Dependencies

We'll use memcache to store user sessions (although you can use a MySQL-like database instead), which is done through the php-memcache extension (NOT php-memcached):

sudo apt-get install memcached

sudo apt-get install php5-memcache

Once again, in case you read too fast, php-memcache, NOT php-memcached !

1. Nginx configuration: accessing SimpleSAML library through the web

Given that SAML is based on redirects, the first thing you'd need to do is being able to access the library over HTTPS.

1.1. Install the library

Download the library from https://simplesamlphp.org/download and extract it in Drupal's library folder, so it ends up under sites/all/libraries/simplesamlphp-1.14.8 in the repo (that will match /var/www/drupal-sp.master/www//sites/all/libraries/simplesamlphp-1.14.8 once deployed on the server).

1.2. Amend Nginx' fastcgi configuration

We need to add a line to the /etc/nginx/fastcgi_params file so it supports path_info (in short, paths in the form of file.php/parameter1/parameter2). Instead of amending the default one, we took the view of duplicating it and amending the copy instead:

sudo cp /etc/nginx/fastcgi_params /etc/nginx/fastcgi_params_path_info

and add the following at the end: "fastcgi_param PATH_INFO $fastcgi_path_info;"

The resulting file should now look like:

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length;   fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol;   fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;   fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name;   fastcgi_param HTTPS $https if_not_empty;   fastcgi_param HTTP_PROXY "";   fastcgi_param PATH_INFO $fastcgi_path_info;     # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; 1.3 Setup the vhost

While it is possible to use a different subdomain for your application and the SimpleSAML library (look at 'session.cookie.domain' on SimpleSAML side and '$cookie_domain' on Drupal side), the simplest and most common approach is to have both under the same domain. Typically, our Drupal installation being at https://drupal-sp.example.com/, we would make the library accessible at https://drupal-sp.example.com/simplesaml/. Note the 'simplesaml' location has been chosen for simplicity of the example, but it could be set to anything, https://drupal-sp.example.com/auth/, https://drupal-sp.example.com/whatever/, ...

What we need to do is setting up an alias for our /simplesaml location to the library webroot on the filesystem at /var/www/drupal-sp.master/www/sites/all/libraries/simplesamlphp-1.14.8/www. The resulting vhost file (trimmed non-relevant parts) would be similar to:

server { server_name drupal-sp.example.com/; listen 443 ssl; # DRUPAL_ROOT root /var/www/drupal-sp.master/www; fastcgi_param HTTPS on; #### BEGIN SAML specific config #### # We could use any alias, as long it matches the config.php of SimpleSAML. location /simplesaml { # Point to our library folder webroot. alias /var/www/drupal-sp.master/www/sites/all/libraries/simplesamlphp-1.14.8/www; location ~ ^(?<prefix>/simplesaml)(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ { fastcgi_split_path_info ^(.+?\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; # Note we include the fastcgi config copied and modified above. include fastcgi_params_path_info; fastcgi_param SCRIPT_FILENAME $document_root$phpfile; fastcgi_param PATH_INFO $pathinfo if_not_empty; } # This looks extremly weird, and it is. Workaround a NGINX bug. @see https://trac.nginx.org/nginx/ticket/97 # Without this the assets (js/css/img) won't be served. location ~ ^(?<prefix>/simplesaml/resources/)(?<assetfile>.+?\.(js|css|png|jpg|jpeg|gif|ico))$ { return 301 $scheme://$server_name/sites/all/libraries/simplesamlphp-1.14.8/www/resources/$assetfile; } } #### END SAML specific config #### ## Rest of your app specific directives. } 2. SimpleSAML configuration 2.1 config.php

This is where the main "global" configuration directives reside, and it is located under the "config" folder of the library. Most of the default are fine as is, we are mainly going to set:

  • the main path
  • the memcache settings
  • the debug mode

The resulting file would end up with the following options:

 

<?php   /* * The configuration of SimpleSAMLphp * */   $config = array( /** * Full url to the library. Trailing slash is needed. */ 'baseurlpath' => 'https://drupal-sp.example.com/simplesaml/', /** * Debug data. Turn all that to FALSE on prod. */ 'debug' => TRUE, 'showerrors' => TRUE, 'errorreporting' => TRUE, /** * Admin access, do not enable on prod. */ 'auth.adminpassword' => 'MYPASSWORD', 'admin.protectindexpage' => FALSE, 'admin.protectmetadata' => FALSE, /** * This is a secret salt used by SimpleSAMLphp when it needs to generate a secure hash * of a value. It must be changed from its default value to a secret value. The value of * 'secretsalt' can be any valid string of any length. * * A possible way to generate a random salt is by running the following command from a unix shell: * tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' /dev/null;echo */ 'secretsalt' => 'omqczwt6klfdn244787098jqlfjdsql', /* * Some information about the technical persons running this installation. * The email address will be used as the recipient address for error reports, and * also as the technical contact in generated metadata. */ 'technicalcontact_name' => 'Administrator', 'technicalcontact_email' => 'na@example.org', /** * We want debugging on while setting our install up. */ 'logging.level' => SimpleSAML_Logger::DEBUG, 'logging.handler' => 'syslog', /** * Sessions will be held in memcache. */ 'store.type' => 'memcache', 'memcache_store.servers' => array( array( array('hostname' => 'localhost'), ), ), );

At this point, you should be able to reach https://drupal-sp.example.com/simplesaml/ and login as 'Admin' using the local SimpleSAML authentication mechanism. Check the "configuration" tab to access basic sanity checks on your config.

2.3 authsources.php

We're now ready to define our new authentication source in the config/authsources.php file, that holds an array of all available authentication sources. You'll notice there's already an "admin" one, which is the default local one defined by the SimpleSAML php library.

We assume that nothing has yet been created on the ADFS side (we'll do that at a later step), if that's not your case, you should match the entityID with the one provided to you.

<?php   $config = array( 'admin' => array( // Default local auth source. 'core:AdminPassword', ), 'example-drupal-sp' => array( // Type of auth source. 'saml:SP', // Unique identifier of your SP. // This can be set to anything, as long as no other SP use it on the IDP already. 'entityID' => 'urn:drupal:example', // IDP url identifier. A mean of getting the precise url is given later (@todo link) 'idp' => 'http://adfs-idp.example.com/adfs/services/trust', // This must be explicitely set to NULL, we rely on metadata. 'NameIDPolicy' => NULL, // These are the SP-side certificate, that we will need to generate. // The location is relative to the 'cert' directive specified in the // config.php file. 'privatekey' => 'saml.pem', 'certificate' => 'saml.crt', // Enforce signing of redirections, using our certificate. 'sign.logout' => TRUE, 'redirect.sign' => TRUE, 'assertion.encryption' => TRUE, // Enforce use of sha256. 'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', ), );

If you navigate to the "Authentication" tab > "Test configured authentication sources" within the /simplesaml admin interface, you should now see your new source appear as "example-drupal-sp". Don't try yet to use it, it will just throw exceptions for now !

Certificate generation

We now need to generate the certificates we did specify in the auth source, they will be used to sign our requests. We'll stick with the default location and create them under the "cert" directory of the library.

cd sites/all/libraries/simplesamlphp-1.14.8/cert

openssl req -x509 -sha256 -nodes -days 3652 -newkey rsa:2048 -keyout saml.pem -out saml.crt

2.4 saml20-idp-remote.php

The last piece of information that is needed for the two systems to be able to communicate is the metadata specification, which defines the various endpoints and protocols to use. The ADFS server conveniently exposes those, so we just need to get hold of them, and convert it to php. The federation XML file is usually located under /FederationMetadata/2007-06/FederationMetadata.xml but you can find it out from the ADFS management tool, by expanding "Services" > "Endpoints" and looking at the Metadata section.

In our case we would download "https://adfs-idp.example.com/FederationMetadata/2007-06/FederationMetada...". The next step is to convert it to a php array, with an utility provided by the SimpleSAML library, located at /simplesaml/admin/metadata-converter.php. This will generate 2 php arrays ready to copy paste:

  • saml20-sp-remote: we can ignore this one in our setup, as we are only acting as a Service Provider
  • saml20-idp-remote: this is the data we will need, and we are going to copy/paste it into metadata/saml20-idp-remote.php.

The array key should match the value of what we had specified in our authsources:

authsources.php:

'idp' => 'http://adfs-idp.example.com/adfs/services/trust',

saml20-idp-remote.php

$metadata['http://adfs-idp.example.com/adfs/services/trust'] = array(

If that's not the case, amend your authsource. Pay especially attention to the fact that the idp may identify itself as http://, not https://, even though all requests go through https endpoints.

3. ADFS setup

Now the SP side component is ready, we need to configure the IDP side.

3.1 SP metadata

In the same way our SP needs metadata to know how to talk to the IDP, the ADFS server needs to how to communicate with the SimpleSAML library, and must be provided some metadata. Here again, the SimpleSAML php library helps us a lot by exposing its metadata, ready for the server to consume.

You can obtain this url within the /simplesaml admin section, under the "Federation" tab, by clicking on the "View metadata" link underneath your "example-drupal-sp" source. This will display the actual metadata, along with the dedicated url to obtain it, https://drupal-sp.example.com/simplesaml/module.php/saml/sp/metadata.php... in our case.

3.2 Trust configuration

In the ADFS admin tool on the Windows server, create a new "Relying Party Trust". This should launch a Wizard similar to:

Enter the SP metadata URL (https://drupal-sp.example.com/simplesaml/module.php/saml/sp/metadata.php...) into the "Federation metadata address" field and press next. This should be enough to setup all the needed configuration, even though you will get a notice about some metadata fields being ignored, which you can ignore.

3.3 Claims

These claims serve as mappings between ADFS and SAML "fields", and are accessible trough the "Edit Claim Rules..." entry.

3.3.1 LDAP attributes

Create an "Issuance Transform Rule", of type "Send LDAP Attributes as Claims" with the fields you need to pass back to the SP. Some are preset and defined in the metadata, but you can add custom ones: In this example UPN and Email are using the set schema, while DisplayName is custom:

 

3.3.2 Incoming Claim

This is needed to map the SAML "Name ID" with the LDAP "UPN". Create another "Issuance Transform Rule", of type "Transform an Incoming Claim":

 

3.4 Testing the authentication

At this point, you should be able to authenticate against the Federated login. Before going any further, make sure this is working, by navigating to https://drupal-sp.example.com/simplesaml/ and following the "Test authentication sources" under the "Authentication tab".

After login in and being redirected, the simplesaml library will conveniently expose the attributes we added in the Claim rules, with their value:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upnhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressDisplayName

These fields are the ones the Drupal component is going to use for mapping with the user entity.

4. Drupal 4.1 The simplesamlphp_auth module

Now is the time to "drush en simplesamlphp_auth" ! Once the module is enabled, you will need to specify the ID of the authentication source, the user properties mapping from the LDAP attibutes, and you have a couple of options regarding how users will use Federated login over local Drupal login. You can do this through the UI, or capture in settings.php as follow:

<?php /** * @group SimpleSAML */ // The id of our authentication definition, // found in the config.php file at point 2.3 // above. $conf['simplesamlphp_auth_authsource'] = 'example-drupal-sp'; // Absolute path to the simplesamlphp library. $conf['simplesamlphp_auth_installdir'] = '/var/www/drupal-sp.master/www/sites/all/libraries/simplesamlphp-1.14.8'; // Field mappings. $conf['simplesamlphp_auth_mailattr'] = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'; $conf['simplesamlphp_auth_unique_id'] = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'; $conf['simplesamlphp_auth_user_name'] = 'DisplayName'; // Main activate/desactivate federated login switch. $conf['simplesamlphp_auth_activate'] = 1; // Allow/Disallow users to login with local Drupal account. $conf['simplesamlphp_auth_allowdefaultlogin'] = 1; // An array of roles than can login with a local Drupal account. // Leave empty doe 'all' $conf['simplesamlphp_auth_allowdefaultloginroles'] = array(); // An array of user uids than can login with a local Drupal account. $conf['simplesamlphp_auth_allowdefaultloginusers'] = array(); // Allow local password changes. $conf['simplesamlphp_auth_allowsetdrupalpwd'] = 0; // Overrides local roles (implies role mapping, // that is not covered in this article). $conf['simplesamlphp_auth_rolepopulation'] = '';

At this point, congrats, you are done ! Navigating as anonymous to https://drupal-sp.example.com/saml_login should redirect you to your Federated login portal, then back to Drupal where you will be logged in.

You can either add a link pointing to this on the login form if you are planning to mix local/federated login, or take over the login process enterly by redirecting it to this path.

4.2 Multi-environment setup

Chances are you are using several environments (dev/stage/uat/prod or however you name then) and want to use different endpoints foreach one. By default, the authsources and metadata settings are all keyed by ids, but some of the settings would all be shared in the $config array from your config.php file. You have several options to split those and use a different setup per environment, our choice is based on Drupal's settings.php. The reason is that it is fairly common to have this file environment-specific already, through symlinks, includes, etc. as part of whatever CI tool you are using.

4.2.1 config.php

Copy your simplesaml config.php to config.$ENV.php, eg config.dev.php for your dev environement. Then, replace the content of the main config.php with the following snippet, that will source Drupal settings.php file for an "environment" variable.

<?php   /* * Environment switcher for SimpleSAMLphp * */   // Session management. if (!ini_get('session.save_handler')) { ini_set('session.save_handler', 'file'); } // Grab per environment settings. if (!defined('EXAMPLE_DRUPAL_ROOT')) { define('EXAMPLE_DRUPAL_ROOT', substr(__DIR__, 0, strpos(__DIR__, '/sites/all/libraries/simplesamlphp-1.14.8/config'))); define('EXAMPLE_DRUPAL_SETTINGS_LOCAL_FILE', EXAMPLE_DRUPAL_ROOT . '/sites/default/settings.php'); } // This is defined in Drupal's settings.php file. global $example_simplesamlphp_environment; // Need to include the bootstrap file as it contains // some constants settings.php relies on. if (!defined('DRUPAL_CORE_COMPATIBILITY')) { require_once EXAMPLE_DRUPAL_ROOT . '/includes/bootstrap.inc'; } require_once EXAMPLE_DRUPAL_SETTINGS_LOCAL_FILE; require_once __DIR__ . '/config.'.$example_simplesamlphp_environment.'.php'; 4.3 settings.php

On the Drupal side of things, you can specify the environment to use, which will result in simplesaml loading the $config array from the matching config.$ENV.php file.

<?php // Be sure to pick a name that cannot conflict with // another variable. global $example_simplesamlphp_environment; $example_simplesamlphp_environment = 'dev'; // Pick the matching authentication endpoint for // this environment in authsources.php. $conf['simplesamlphp_auth_authsource'] = 'example-dev-sp'; BlogEnsuring data security BlogService Resilience and public vs private cloud BlogUnderstanding HSTS BlogPaaS versus managed servers - quality of resource
Categories:

ComputerMinds.co.uk: Loading config programmatically

Planet Drupal - Tue, 2017/01/10 - 2:00pm

In Drupal 8, there are many ways to interact with configuration from PHP. Most will allow you to write the config values, but some are read-only. Some will include 'overrides' from settings.php, or translations. There are many layers of abstraction, that each have different purposes, so it can be easy to run into subtle unintended problems (or more obvious errors!) if you pick a method that doesn't quite suit what you actually need to do. Here I'm going to outline some of them and when you might pick each one.

Categories:

Liip: How to get involved in Drupal projects

Planet Drupal - Tue, 2017/01/10 - 8:26am

Drupal is an open source project and really depends on its community to move forward. It is all about getting to know the CMS, spreading the knowledge and contribute to projects.
I will give you some ways to get involved, even if you are not a developer there is a task for you!

Drupal Mentors – DrupalCon Dublin 2016 by Michael Cannon is licenced under CC BY-SA 2.0

Participating in user support

Sharing your knowledge with others is very important to the community: it is a nice thing to do and you might also learn some things by doing so. Whatever your skill level, you can give back to the community with online support. There are many places where you can give support starting with the Support Forums. You can also go to Drupal Answers which is more active than the forums or subscribe to the Support Mailing list. If you prefer real-time chat, you can also join #drupal-support channel on IRC or the Slack channels.

Helping out on documentation

Community members can write, review and improve different sorts of documentation for the project: community documentation on drupal.org, programming API reference, help pages inside the core software, documentation embedded in contributed modules and themes etc.
Contributing is a good way to learn more about Drupal and share your knowledge with others. Beginners are particularly encouraged to participate as they are more likely to know where documentation is lacking.
If you are interested, check out the new contributor tasks for anyone and writers.

Translating Drupal interface in your own language

The default language for the administration interface is English but there are about 100 available languages for translations. There is always a need for translations as many of these translation sets are incomplete or can be improved for core and contributed modules.
All translations are now managed by the translation server. If you are willing to help, all you have to do is logging into drupal.org and join a language team. There is even a video to learn how the translation system works and a documentation.

You can also help to translate documentation into your language. Most language-specific communities have their own documentation so you should get in touch with them directly. To learn more, see the dedicated page.

Improving design and usability

The idea is to improve the usability especially in Drupal 8 regarding the administration interface. The focus is mainly on content creation and site building. The community has done many research to understand the problems that users run into and how the new improvements performs. The purpose is also to educate developers and engage designers in order to grow the UX-team. You can visit the Drupal 8 UX page for more details and join the usability group.

Writing a blog post about Drupal

Writing a blog post about Drupal is a good way to share your knowledge and expertise. There are many subjects to explore, technical or not: talking about a former project you developed or writing a tutorial, telling about the state of a version or sharing about an event you attended… And if you are lucky enough your post can be published on the Weekly Drop, the official Drupal newsletter!

Don’t forget to reference your blog post on Planet Drupal, this platform is an aggregated list of feeds from around the web which shares relevant Drupal-related knowledge and information.

You can also find our Drupal related blog posts on the Liip blog.

Testing core and modules

Testing Drupal projects is necessary to make the platform stable and there are many things to test! If you have a technical background, you can help to review patches or to write unit tests.
For non-technical people, you can provide some feedback about usability of the administration interface that will help to improve the user experience. Follow the process to give a proper feedback.

Contributing to development

There are many ways to contribute code in core and “contrib” projects such as modules or themes.
You can first help to improve existing projects by submitted patches. This would be the natural thing to do when you work with a module and you notice a bug or a missing feature: search in the corresponding issue queue if the problem have been noticed before. If not, post a message explaining the issue and add a snippet of code if you found a potential fix. Then you can create a patch and submit it into the issue queue.
You can also contribute to new projects by creating your very own module or theme or create a sandbox for more experimental projects.

Attending events

The Drupal association organizes many events all around the world to promote the CMS and gather the community.

One of the biggest events are the Drupalcons. A Drupalcon gathers thousands of people and lasts about one week including 3 full days of conferences. These conferences cover many topics: site building, user experience, security, content authoring etc. You can also join sprints to contribute to Drupal projects and social events to meet the members of the community. Check out our report about DrupalCon Barcelona 2015!

“Drupal Dev Days” conferences occur once a year and gather developers to discuss and present topics technically relevant to the community. You can join sprints, intensive coding sessions and technical conferences.

You can also join DrupalCamps to meet your local community. These events last one or two days and focus on sharing knowledge amongst the community. You can attend conferences and sprints.

There are also many Drupal meetups which are free events happening in many cities in the world. Presentations and discussions finish around nice drinks and appetizers.

Sponsoring events

The community holds conventions and meetups in many countries and being a sponsor will not only help Drupal development but it will also enable you to be noticeable within the community. There are different levels of sponsorings that will offer from mentions on social media to advertising online and at the exhibition space of the event. All you have to do is getting in touch with the event organizers. By the way, Liip will sponsor the Drupal Mountain Camp in Davos this year!

Offering a donation

You can give donations to the Drupal association through the website in order to support drupal.org infrastructure and maintenance, worldwide events such as Drupalcons. The donations are either in Euros or Dollars.

You can also become a member of the Drupal Association for the same purpose, as an individual member or an organization member. The minimal fees are 15 Euros. Find more information about membership on drupal.org.

Conclusion

Drupal projects are constantly improving thanks to passionate volunteers who work on many subjects: development, documentation, marketing, events organization, supports… There is for sure a task that will suit you and it only takes small time commitment to make changes.
So join the great Drupal community and start getting involved!

Categories:

Agiledrop.com Blog: AGILEDROP: Other Top Drupal Blogs from December

Planet Drupal - Tue, 2017/01/10 - 7:06am
In December 2016 we started implementing a new idea. An idea that looks back at the best Drupal blogs that were written by other authors in the previous month. We started with a November's overview. Here is next one in the row, bringing you December's action. Building Views Query Plugins for Drupal 8 We begin our list with the second part of Building Views Query Plugins for Drupal 8 by Matt Oliveira. He wrote about coding the plugin and ended up with a basic functioning example. Yet, the author left some space open for the final third part. You can read the full blog post here. The… READ MORE
Categories:

Jeff Geerling's Blog: Add a set of Taxonomy terms via a custom Drupal module's update hook

Planet Drupal - Tue, 2017/01/10 - 4:06am

From time to time, I've needed to have a default set of Taxonomy terms created at the same time as a content type, as in the case of a field with a required Taxonomy term reference, using a Taxonomy that is not 'free tag' style.

Instead of requiring someone to go in and manually add all the terms after code is deployed, you can add terms in a custom module's update hook, like so:

Categories:

Platform.sh: Your instances safe from MongoDB Apocalypse on the Platform.sh PaaS

Planet Drupal - Tue, 2017/01/10 - 1:00am

You might have heard about the MongoDB scare with titles like: MongoDB Apocalypse Is Here as Ransom Attacks Hit 10,000 Servers!

Rest assured, your MongoDB instances are safe and sound if they are running on Platform.sh. And this is a very strong argument to why our architecture is superior to other PaaS providers.

Unlike other providers, with Platform.sh all the services you use are inside the managed cluster and included in the plan’s price. These are not outside services that expose application ports on the internet. This is what allows us to clone entire clusters, this is what allows us to offer a 99.99% SLA on the entire stack for our enterprise offering, but this is also a security feature.

Each cluster has only two ways in: HTTP or SSH. Our entrypoints simply will not answer anything else.

Your application containers in the cluster have direct connectivity to the service containers, but this happens on a non-routable IP class. There is simply no possible way for the exterior world to access a service directly. And if you are running (in micro-service style) multiple services in the cluster you can even control which has access to which services through the relationships key in your .platform.app.yaml file. Because secure by default makes sense to us.

If you want to connect to a MongoDB instance from the exterior (to run for example an admin interface) you can still do it! But the only way to connect is through an SSH tunnel that relies on your private SSH key (platform tunnel:open on the command line will do the trick). You get all the benefits, all the ease of use of running a modern stack, but none of the hassle and risks of running a patchwork of services.

With Platform.sh you can be WebScale and secure!

Categories:

CiviCRM Blog: JMA Consulting Welcomes Jon Goldberg

Planet Drupal - Mon, 2017/01/09 - 9:20pm

JMA Consulting is pleased to welcome Jon Goldberg as our new Director of Operations effective today.

After a brief stint as a political organizer, Jon spent 13 years working in various capacities at a non-profit legal organization, primarily in IT.  In 2010 he co-founded Palante Technology Cooperative and started their CiviCRM department, where he worked for 7 years.  Outside of work, Jon can be found engaging in queer community organizing, (dis-)assembling electronics, and training parrots.

"I'm really excited to have Jon join us given his keen appreciation of how to help progressive organizations achieve their missions using CiviCRM. He's got a deep and wide knowledge of CiviCRM. I appreciate how he gives back to the community like through StackExchange, where he is the top ranked CiviCRM contributor," said Joe Murray, President of JMA Consulting and co-author of Using CiviCRM.

Jon's new role will include leading client engagements, developing standardized service offerings, overseeing internal business administration, and continuing to contribute to the CiviCRM ecosystem.

JMA Consulting is a leading provider of CiviCRM services including:

  • CiviCRM for advocacy and donor management,
  • software development for extensions and core CiviCRM,
  • data migration from NationBuilder and other CRMs, and
  • custom integrations with Drupal and Wordpress sites.

 

PartnersCiviGrantCommunityDrupalExtensionsFinance and AccountingInternationalization and LocalizationTrainingWordPress
Categories:

Palantir: On The Air With Palantir, Ep. 7: Getting Started in Drupal

Planet Drupal - Mon, 2017/01/09 - 8:31pm
On The Air With Palantir, Ep. 7: Getting Started in Drupal On the Air With Palantir brandt Mon, 01/09/2017 - 13:31 Ken Rickard and Cathy Theys with Allison Manley Jan 9, 2017

We want to make your project a success.

Let's Chat.

How to get started in Drupal.

Welcome to the latest episode of On the Air with Palantir, a long-form podcast by Palantir.net where we go in-depth on topics related to the business of web design and development. It’s January 2017, and this is episode #7. In this episode, Director of Professional Services Ken Rickard is joined by Cathy Theys of BlackMesh. 

iTunes | RSS Feed | Download | Transcript

Subscribe to all of our episodes over on iTunes.

We want to make your project a success.

Let's Chat. Transcript

Allison Manley [AM]: Hello and welcome to the latest episode of On the Air with Palantir. A podcast by Palantir.net, where we go in depth on topics related to the business of web design and development. It's January 2017, and this is episode number seven. This time my colleague Ken Rickard does the interviewing work for me. Ken was at GovCon in 2016, and was speaking with Cathy Theys, who is the Drupal community liaison at BlackMesh. She's got some fantastic information about how to get started in Drupal.

Ken Rickard [KR]: Today we're talking to Cathy Theys. We're at Drupal GovCon, which is a great event here in Washington D.C., Cathy is the Drupal community liaison for BlackMesh. Cathy, is there anything else we should know about you as we get started?

Cathy Theys [CT]: Let's see. Right, so Drupal community liaison. I go to a bunch of events for my job. I fix issues in Drupal. I had a long history of dealing with the mentor program. I tend to serve as a contact point when people have questions about how you get things done in the community or there's a tricky situation coming up, they might ask me my opinion on it, how to deal with that.

KR: I know you from the Chicago Drupal community. I know I run into you at a lot of events where you're helping onboard new Drupal developers.

CT: Mm-hmm.

KR: That's one of the things that you're passionate about.

CT: Yes.

KR: I think that's a really interesting question here at GovCon, we're dealing with a lot of agencies here who are new to Drupal. The keynote we just sat through was about moving the NIH onto Drupal for the first time. They talked about what that was like. I mean what brought you here, to GovCon specifically?

CT: BlackMesh, we're based in Ashburn, Virginia, so we're super close by, local. There's a bunch of us here, there's like eight or nine of us here, so it's really great because I travel a lot. I don't get to see my coworkers all the time, so I go to an event like this, we all get to hang out together and that's really nice. The sessions here are pretty top-notch. There's a lot of interesting topics, both for developers and for agencies. There's a really good range of beginner to advanced ones. It's really great.

KR: And I learned yesterday that I think this is officially the biggest non Drupal Con event in the United States. CT: Wow.

KR: Yeah. We surpassed bad camps, so that's good. I want to go back to again your role in the communities to help onboard new developers.

CT: Mm-hmm (affirmative).

KR: In particular, you're a liaison to make it easier for folks to work with Drupal. Like I said, in the keynote, we were dealing with an agency coming on to Drupal for the first time. I think my first question really is, for a government agency or other organizations using Drupal for the first time, what advice do you have for them getting started?

CT: The very, very first thing, I think is important is that the agency makes sure that they have an organizational node on Drupal.org. That's just a piece of content where you can put your logo and your company description. It just allows a way of referring to yourself within the Drupal community. Drupal.org is really important for the Drupal community. It's the hub of everything and it's our central conical repository for asking questions and getting answers. So just establishing your agency is the very first thing. Then I think the next thing that's important to do, is to take anybody associated with that agency that might every touch Drupal and make sure they have user accounts. The profiles on these user accounts can be quite complex, but there aren't a lot of required fields. It's like pick a username, give an email address, you don't even have to say your real name, but what the agency wants to make sure that their developers do, or not their developers, their tech team, right, does is makes a user account and associates it then with the organizational node that's there. That will immediately open up a lot of doors for getting information out of the community. Without that it can be really difficult to really get the most benefit out of it. Those are I think the first steps.

KR: That's interesting to me because we're making, I think we started with the assumption that you're going to have to interact with the community in order to get your project done and be successful.

CT: Yes, absolutely.

KR: What is it I guess about Drupal that makes that sort of a requirement?

CT: Some parts of Drupal are core, the central package, and other things are contributed projects, themes, modules, distributions. Then there's also custom code, the internal tech team might put together. Much of that is extremely high quality. Some of it isn't. Some of it has information about how to use it, but might be targeted towards a particular kind of role in a company. If the documentation for something is targeted toward a site builder, and you have a back-end developer trying to figure out what's going on, the quality of the project can still be good. The documentation is kind of sort of in place, but it still might be confusing if that documentation isn't written for exactly who you are. So you might want to clarify something with somebody, because when you have a chance to clarify something, ask a question, and get an answer it means that the total time that you spend trying to figure something out will be shorter. Typically, that means it costs less. I think that's really important for agencies. They want to make that their people are very efficient so that the project can get done in a reasonable time. There are not scary reasons for needing to interact with the Drupal community. I think a lot of projects will just have questions and clarifications and very little custom code that they need to do.

But they may not realize that that's possible if they're not talking to Drupalers and getting those clarifications. They might go off on a wrong assumption like, "Oh wait, this doesn't do what I want. I'm going to do a whole bunch of custom stuff." When you have the chance to interact with people, you can kind of make sure you're on the right path. You don't go down that way of getting on a custom code. You may have some and that can be really good, but custom code is very difficult to maintain. Especially if you have turnover in your tech team.

KR: Mm-hmm.

CT: And if you don't have automated tests for it, then that can additionally be complicated. When you're just getting started on a project, right, you have this clean slate. You haven't changed Drupal, you don't have any of this custom stuff. If you know that you want to limit your custom stuff, and then talking with the community can help you do that. I think one of the reasons, in addition to maintenance of custom code, one of the reasons why keeping that to a minimum is important is for security reasons. Interacting with the Drupal community can provide a really nice opportunity to make sure that your stuff is secure. When you do have to make custom code or patch a module or whatever, and you ask the question on Drupal.org, typically perhaps an issue associated with the theme or the module that the question is about, that gets you started in the right direction. Then you may be like, "Oh. Well I think it should be like this." Or "This is the custom solution we're going to use with this." Because you have the issue, because you asked the question, then you can present the changes that you think are needed on the issue. When you do that, what you get is you get the entire Drupal community, which is quite large, I mean it's got to be, life if you add up people who contribute to contribute stuff, then it's got to be like 10,000 people, I think.

KR: Right. It's a gigantic international community. One of the advantages we always talk about with open source is essentially that none of the problems you're talking about are unique, right? Your project is special to you and it's important, but it's-

CT: And the combination of aspects of your projects could be quite unique. Individually, those have probably come up already.

KR: Right. CT: Yeah. Then when you post these changes on this issue where you started asking just some questions, and you have the whole entire Drupal community what you get is a chance that somebody in there might have experience with evaluating changes and their security implications. They might see your change, they could run across it, spot something, and then ... Nobody's going to do that and not reach out. The way people reach out then is a lot of different ways. It could be in a comment on the issue, it could be contacting somebody through their user profile, it could be going to look to see what company they look at and who else works there. So that ties back to this first step, right, of the organizational profile and the user profiles. I think for government agencies, security is quite often a very big concern. The nice thing about doing this, or the opposite of doing this let's say, right? Is you start your project, your internal team you're like, "Go learn Drupal. Go do it." And they don't ask anybody questions, so they want to change something, and they keep their change internal only. Then they don't even have a chance to get this free, possible security audit. I mean it's not a formal thing, but if you don't put it out there, on Drupal.org, then you don't even have that opportunity and you're completely missing it.

KR: Right. It's worth noting for people who aren't aware. So we talked about sign up for an organizational cap, the next thing you have to do really is sign up for security alerts. Security notifications I mean, security notifications come out every Wednesday.

CT: Yeah.

KR: Sometimes there's none sometimes there's several. It's worth noting that any module that you download from Drupal.org that has an official release, it's not an Alpha software, it's not a Beta, is covered by Drupal security team.

CT: Right. What that means though is not that it gets a security review before release, but that if somebody notices a security problem that they can bring it to the security teams attention, typically privately. Then somebody will look at it. It's reactive in that sense. The security team also does several proactive things, but it doesn't just be like, "Oh you can't make an official release until we look at your code." We don't go quite that far.

KR: Right. But it is nice to have that layer of accountability, so when we say, "Oh we think there might be a security issue with his implementation." You can report a security issue and the security team will have a, essentially someone who's trained in security review take a look at things. Yeah, I've participated in those issues. It's quite an impressive process.

CT: Yeah and super high quality people that have a lot of experience looking at it. I'm also on the security team, but I'm a new member. Mostly I just help other people with things. Like you asked, you're getting started, what are some of the first steps? We talked about some of the things. Making those profiles, starting to use Drupal.org to talk to people, to ask questions, and to post possible changes. I think the thing is the agency, it would help the agency take advantage of all these benefits only if they have their tech team doing this. So putting in place some internal processes that encourage this will help make sure it happens. If you want somebody to do something, you should give them an environment where it's easy for them to do it and they see the benefits from it. If you can, you make doing it part of a bigger process. Yesterday, here at GovCon, I went to see Damien Mckenna's talk. It was called Free, Libre and Open Source Software and You. It was absolutely about this. You have an internal group, you know you should be doing something with the community or contributing, like what the heck do you do? So I highly recommend that people check out his information that's on the GovCon site, it's on the schedule for Wednesday. But there were kind of two or three important things I think that I can say pretty quickly and that is that one step to encouraging people to do this interaction with the community is just to start tracking the interactions that happen. Without necessarily asking, like setting expectations for what people should do. Every project that you answer a question on or things, like just start tracking the interaction that happens. So you can see how that changes over time. I think that's good to have in the process.

One of the ways to encourage communicating on Drupal.org about things, and have it be part of the process, is internally when you have to make a change to something is to track as part of the identifier for that change, the issue number and the comment number. You can't then internally track it as part of your process, if it doesn't have an issue and it doesn't have a comment number. So you could make some kind of standard like in your git-commit message, make sure you use this pattern in this string. Or when you name your patch file, or when you set up your composer json and you're pulling a change, that part of documenting that is the issue it came from and the comment number. Then you can't really get around it, because it's like, "Oh I can't commit it without a number." And then people do and so that can be really nice. I think the other kind of getting started recommendation that Damien had that is pretty decent is to plan for your tech team to have 10% where they don't have to track what they're doing. So it's not like directly billable or on a particular thing that's in the current sprint, but it's just 10%. Damien says people can do things like four hours on Friday afternoon, tends to work pretty well because you don't really want to be deploying any changes on Friday afternoon, but you have these people and you're paying them to do something. So they might as well be doing something productive.

KR: Right. He's basically talking about, baking aside sort of 10% is internal training time or just community time.

CT: Yeah.

KR: To get things up to speed.

CT: And for that it can help to have some sort of orientation for people. Some agencies might identify one person on their tech team, like you said, that will spend a significant part of their time figuring out what the heck this community is and being the point for communication there. If people don't have that, they might want to get ramped up by bringing in somebody for maybe a day, or two days, and be like, "This is how you communicate with the community." Because telling people, "Oh you have 10% time to do whatever you want." They're going to do things that they're interested in and probably that they kind of sort of know already. If they're like, "Yeah 10%, I could contribute to some Drupal project." And they've never done it before, and they're all on their own and they don't know what to do? The odds of them using that time for that are kind of low. Including some kind of orientation for how to do that will help make sure people can be successful when you expect them to do it.

KR: It's good also to review the types of contributions that people can make, because this is something we talk about with contributors all the time.

CT: Yeah. I switched my description of talking about who these people are, the tech team, right? Halfway through the conversation.

KR: Right, right.

CT: Because I think people have this expectation that the only people who might be doing this interaction with the community are back-end developers, or possibly editors, but that's really not true at all. It's site builders, and junior people on the team. It could be anybody because there's so many different levels of questions. It could be like, how do I use this API? Or it could be like, I'm evaluating these three modules, or it could be we have this ambitious goal for this project, can we even get it done? Those are not all the same role, but they're all on the tech team.

KR: Right, correct. Editors have questions too. We were working on a project and I had to say, "Hey I'm using the Wizzy Wig to upload images, but I can't upload files through it. So what do I do?" And the answer was, "Well we go to Drupal.org and we look around and know if there's a module that handles that." Yeah. It's a project question.

CT: Right.

KR: And it's a technical question, but it's not a developer question.

CT: Right. I think it's nice when we're ... One of the super awesome things about the Drupal community that is a little difficult to explain to people who might be getting involved, is how thoughtful the Drupal community is. How we're always looking at the processes that we have, and can we improve them, and what happened, and what should happen? One of the ways that that can be apparent that that's part of our community ethos is that we frequently go through changes in language that we use to describe things. So that we can be usually more accurate, and also more compassionate, more inclusive.

KR: Mm-hmm.

CT: I like that when we use language that's more inclusive, we're quite often being more accurate. Like an example here at this event, and a lot of Drupal events that people might end up going to, is that we use a lot of rooms. We take over conference centers, and typically one of the areas in the past used to be called The Coder Lounge.

KR: Right, right.

CT: Over the last couple years, people in the community who may not be even involved with the camp, sort of take ownership of things. It's open source, right, you see a problem and you fix it. Sometimes people will take sharpies to signs that say Coder Lounge and they'll make them more accurate and also more inclusive, by crossing it out and changing it to Contribution Lounge, because that's what happens in those rooms. When people get together and they're like, "I had this question about Drupal. Perhaps it's an issue we might eventually need to fix something." Or, "I have a question about an issue." So the activity in those rooms is not people coding always. The people in those rooms are not just coders. You can get usability specialists, designers, all kinds of people, marketing people. I was in Montreal recently for Dev Days, which was a Drupal event. I was in the contribution area and somebody was walking through and they're like, "I need help." And people were like, "Well what do you need?" And they're like, "I need a native English speaker." I'm like, "I'm a native English speaker." And so I started talking to them more and it turns out they were working on writing a showcase that featured their new distribution that they were putting out for Drupal 8 that is going to be kind of the replacement for commons. This person, which was like the project lead, and they had their whole team there and they were doing last minute changes to make this distribution available so a bunch of people could get a nice benefit, not just their agency. Stated explaining to me, and I was reading the showcase that they wrote, and we didn't just end up talking about grammar and native English things.

Because I'm outside to the project, and I'm not familiar with it, and I don't have any expertise in commons, I had a lot of questions. There were some wordings that they thought were clear and that I didn't think was clear. They would switch audiences sometimes, like sometimes be talking to developers or evaluators. They were talking about the community as us sometimes and sometimes the agency is us. Just because I didn't know anything about their project, we were able to work through this together. We actually had a super fun time. We were able to work through this together and come out with a much better showcase that then ended up being a featured showcase on Drupal.org. Was that coding, in a Coder Lounge? No. Was it contributing to the success of a project? Absolutely. Was it somebody working on the computer by themselves? No. It was just me asking questions. I would read it and I'd be like, "Well what does that mean?" I didn't even have to know anything and I still helped with the contribution. So when we say tech team, it really is more inclusive. When we say contributing, we really mean contributing in the widest possible way.

KR: Yeah. It's probably good to wrap up by talking about that concept of contribution and collaboration. I mean it is one of the driving forces I think for why people, especially government agencies, would want to use Drupal rather than a propriety system. Because this idea is, if we solve this problem the first time then it can be reused. Reused by other people.

CT: Mm-hmm.

KR: For example in Australia, the Australian government has a common Drupal distribution that all agencies can use to kick start their projects. Sort of a fascinating piece. A lot of the stuff that we've been talking about here is around baking that knowledge into your project. Making sure that your project is planned with these interactions in place.

CT: Yeah.

KR: What I'm getting at a little bit is are there parts of your project that you don't want revealed immediately? Is that you need to be planning for? Because sometimes there is proprietary business logic or-

CT: Yeah absolutely.

KR: Or secret things. So do you need to be planning out like, this is release worthy. I'm thinking of an example from the White House. The White House, for example, very specifically released certain code when they did their big WhiteHouse.gov project.

CT: Yeah.

KR: So is that something that sort of project managers ought to be thinking about upfront?

CT: Well you definitely can't just release everything. Perhaps including a little bit of research into the project as to what the common best practices are, and how people make that decision, and being able to spend some time educating your team is good to build into the project. Doing that, when you do decide to keep some things private, doing it with the understanding of the costs of that and the repercussions. It can still be the right decision to make, but you would want to do it with the knowledge of what's going to happen because of that. Like you are solely responsibly for maintaining it. You are going to need to invest more money in doing maintenance and security, and all these other things. It can still be the right decision, but it's going to affect the project differently.

KR: Mm-hmm.

CT: Even if you make that, it's still good to understand what the benefits would be if you did release it, so that you can understand what the cost you are incurring are when you don't.

KR: Sort of as a wrap up, is there any sort of last pieces of advice you have for people getting started? Like the best thing you've ever done or that sort of one special thing? Maybe, I mean what's the best way to approach the community? It might be a question, like you've never contributed before, you have a question, I don't know.

CT: So the best way to do it, is to start digesting the stream of information that's coming out of the community. Pick your favorite medium, I really like podcasts, there's Drupal Planet RSS feed, that aggregates blog posts and announcements together. Many camps record and publish, for free, their sessions. If you like to watch something, listen to something, or read something, like pick whichever one those are, and just time box four hours or whatever, over a couple days and be like, "I'm going to learn something about whatever." Because whatever information you're looking for it's out there. People communicate really, really well in the Drupal community. The one thing I want to add, when we talked earlier about first steps, and we talked about making user accounts and you mentioned signing up for security email lists. The way people do that is in their profile.

KR: Right.

CT: You can subscribe to the security announcements via their profile. Profiling is super important.

KR: It is super important, because it's the way that we do communicate. I want to thank you for spending the time with us today. You've been really fun and informative.

CT: You're quite welcome. It was nice.

AM: Thank you Ken and Cathy. If you want to hear past episodes of On the Air with Palantir, make sure to visit our website at Palantir.net. There you can also read our blog and see our work. Each of these episodes is also available on iTunes and of course you can follow us on Twitter, @Palantir. Thanks for listening.

Categories:

DrupalCon News: The Raven Calls for UX and Content Strategy Submissions

Planet Drupal - Mon, 2017/01/09 - 7:34pm

Once upon a midnight dreary, while I coded weak and weary, poring over content theory, I asked myself “can users find what they are looking for?”

“Yes,” it told me, “yes.”  Startled, I was surprised to see a raven perched on my cubicle.

“UX.” The raven cawed, cackled and clenched its claws.  “Content.” He muttered only this and nothing more. And so began my journey to investigate user experience and develop content strategy that led me to call all UX practitioners and content strategists to DrupalCon Baltimore.  

Categories:

Web Wash: How to Build Custom Pages Using Page Manager and Panels in Drupal 8

Planet Drupal - Mon, 2017/01/09 - 7:00pm
Panels has always been my go-to module when it comes to building custom pages in Drupal 7. Now in Drupal 8 things have changed. A lot of what Panels did in Drupal 7 has been moved over to Page Manager. Panels itself doesn't offer a user interface and it is just a variant type in Drupal 8. Also, Page Manager is now its own project, whereas, in Drupal 7 it was part of the Ctools module. Panels in Drupal 8 integrates with Page Manager and offers a custom variant type which allows you to select different layouts and manage blocks in the layouts. On its own, Panels doesn't really do anything, you need something like Page Manager to utilize it. So with that being said, what can Page Manager do?
Categories:

Annertech: Mapping in Drupal 8 with GeoLocation Field

Planet Drupal - Mon, 2017/01/09 - 6:06pm
Mapping in Drupal 8 with GeoLocation Field

Adding a map to a website in Drupal 7 is fairly easy - the only difficulty being which of the many mapping modules to use. In Drupal 8 many of the modules are not available yet, or only have dev or beta versions available. One of the ones that seems fairly stable and has a good set of features without being overly complex is the Geolocation Field module. We've used it on a site recently with great success, and in this blog post we will cover the fundamentals of how to use this module.

Categories:

Acquia Developer Center Blog: "Media Essentials" Begins Its Journey to Drupal Core

Planet Drupal - Mon, 2017/01/09 - 4:26pm

Last month, eight companies collaborated in Berlin to bring media to Drupal core during a week-long code sprint. The work done was part of the Media Initiative, which is an effort to support advanced media use cases in Drupal core. This encompasses many features including external embeds from YouTube and Twitter, native video support, and an interface to re-use and manage media assets.

Tags: acquia drupal planet
Categories:

CiviCRM Blog: The quest for performance improvements - 4th sprint

Planet Drupal - Mon, 2017/01/09 - 3:13pm

Last week we had a fourth sprint to improve CiviCRM performance at the socialist party. 

During this sprint we started with looking at why the screen for adding and editing memberships loaded slow. The issue reported was that it took some time before the end date field jumped from the right side of the screen to the middle of the screen. It turned out that as long as the field was displayed at the right side the screen was still loading.  Timing this gave a time of about 18 seconds before the screen was fully loaded.

We discovered a few causes:

  • The javascript files which the browser had to download are over 2MB in size
  • Every request in CiviCRM was also logged in Google Analytics and in Piwik.
  • The PHP function getGroupsHierarchy in CRM/Contact/BAO/Group.php took around 900ms to execute (see the issue: https://issues.civicrm.org/jira/browse/CRM-19831)
  • On that same screen the custom fields are retrieved with an AJAX request and in each request all contributions linked to the membership are also retrieved.

The getGroupsHierarchy function is performing slow because it needed to loop three times through all groups in the database in this case there are around 2.687 groups. In addition one of the loops uses the php function array_merge to merge the result of the loop. The array_merge function is known for performing slow when an array contains more than 40 elements.

After rewriting the function we reduced the execution time from 900ms to 20ms.  At https://github.com/civicrm/civicrm-core/pull/9633/files you can find the patch of the rewritten code.  In that patch we use for loops and not foreach as we discovered that a for loop is performing a lot faster than a foreach. If we replace the for to a foreach the total time of execution of that function will drop to 2.360 ms a factor of 100 slower.

We have also turned off Google Analytics and Piwik for CiviCRM pages as there is no need for this. Nobody really knew why it was turned on in the first place.

After fixing the getGroupsHierarchy function we reduced the total loading time in the browser from 18  seconds to 10 seconds. Which is still slow!

Read the previous blog posts:

Drupal
Categories: