Drupal Planet

Subscribe to canal de noticias Drupal Planet
Drupal.org - aggregated feeds in category Planet Drupal
Actualizado: hace 2 horas 27 mins

Freelock : Assessment of May 8 Drupal Security update SA-CORE-2019-007

Mié, 05/08/2019 - 17:12
Assessment of May 8 Drupal Security update SA-CORE-2019-007 John Locke Wed, 05/08/2019 - 14:12

New versions of Drupal core dropped today, to fix a file handling issue.

After assessing the patches, statements, and risks associated with this update, we have decided this is an important update to apply, but not urgent for most of the sites we manage.

Exploitation of the flaw takes two things:

Drupal Drupal Planet Security

myDropWizard.com: Drupal 6 core security update for SA-CORE-2019-007

Mié, 05/08/2019 - 14:31

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for Drupal core to fix a vulnerability in the protections added in SA-CORE-2019-003. You can learn more in the security advisory:

Drupal core - Moderately Critical - Third-party Libraries - SA-CORE-2019-007

Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Security advisories: Drupal core - Moderately critical - Third-party libraries - SA-CORE-2019-007

Mié, 05/08/2019 - 13:56
Project: Drupal coreDate: 2019-May-08Security risk: Moderately critical 14∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Third-party librariesDescription: 

This security release fixes third-party dependencies included in or required by Drupal core. As described in TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor:

In order to intercept file invocations like file_exists or stat on compromised Phar archives the base name has to be determined and checked before allowing to be handled by PHP Phar stream handling. [...]

The current implementation is vulnerable to path traversal leading to scenarios where the Phar archive to be assessed is not the actual (compromised) file.

Solution: 

Install the latest version:

Versions of Drupal 8 prior to 8.6.x are end-of-life and do not receive security coverage.

Also see the Drupal core project page.

Reported By: Fixed By: 

TEN7 Blog's Drupal Posts: Episode 059: 2019 Twin Cities Drupal Camp

Mié, 05/08/2019 - 10:35

Chris Weber and Dan Moriarty, volunteer organizers for the 2019 Twin Cities Drupal Camp are today's podcast guests. We'll be talking about the changes to this year's TCDrupal Camp and fond memories of previous camps. 

TCDrupal Camp is a three-day conference for open source enthusiasts, designers, hackers, geeks, developers, UI experts, IT managers and anyone else that wants to find out more about Drupal. It’s a great place to learn, code, network and have fun with your fellow Drupalistas.

Dries Buytaert: Acquia acquires Mautic to create the Open Digital Experience Platform

Mié, 05/08/2019 - 10:05

I'm happy to announce today that Acquia acquired Mautic, an open source marketing automation and campaign management platform.

A couple of decades ago, I was convinced that every organization required a website — a thought that sounds rather obvious now. Today, I am convinced that every organization will need a Digital Experience Platform (DXP).

Having a website is no longer enough: customers expect to interact with brands through their websites, email, chat and more. They also expect these interactions to be relevant and personalized.

If you don't know Mautic, think of it as an alternative to Adobe's Marketo or Salesforce's Marketing Cloud. Just like these solutions, Mautic provides marketing automation and campaign management capabilities. It's differentiated in that it is easier to use, supports one-to-one customer experiences across many channels, integrates more easily with other tools, and is less expensive.

The flowchart style visual campaign builder you saw in the beginning of the Mautic demo video above is one of my favorite features. I love how it allows marketers to combine content, user profiles, events and a decision engine to deliver the best-next action to customers.

Mautic is a relatively young company, but has quickly grown into the largest open source player in the marketing automation space, with more than 200,000 installations. Its ease of use, flexibility and feature completeness has won over many marketers in a very short time: the company's top-line grew almost 400 percent year-over-year, its number of customers tripled, and Mautic won multiple awards for product innovation and customer service.

The acquisition of Mautic accelerates Acquia's product strategy to deliver the only Open Digital Experience Platform:

The pieces that make up a Digital Experience Platform, and how Mautic fits into Acquia's Open Digital Experience Platform. Acquia is strong in content management, personalization, user profile management and commerce (yellow blocks). Mautic adds or improves Acquia's multi-channel delivery, campaign management and journey orchestration capabilities (purple blocks).

There are many reasons why we like Mautic, but here are my top 3:

Reason 1: Disrupting the market with "open"

Open Source will disrupt every component of the modern technology stack. It's not a matter of if, it's when.

Just as Drupal disrupted web content management with Open Source, we believe Mautic disrupts marketing automation.

With Mautic, Acquia is now the only open and open source alternative to the expensive, closed, and stagnant marketing clouds.

I'm both proud and excited that Acquia is doubling down on Open Source. Given our extensive open source experience, we believe we can help grow Mautic even faster.

Reason 2: Innovating through integrations

To build an optimal customer experience, marketers need to integrate with different data sources, customer technologies, and bespoke in-house platforms. Instead of buying a suite from a single vendor, most marketers want an open platform that allows for open innovation and unlimited integrations.

Only an open architecture can connect any technology in the marketing stack, and only an open source innovation model can evolve fast enough to offer integrations with thousands of marketing technologies (to date, there are 7,000 vendors in the martech landscape).

Because developers are largely responsible for creating and customizing marketing platforms, marketing technology should meet the needs of both business users and technology architects. Unlike other companies in the space, Mautic is loved by both marketers and developers. With Mautic, Acquia continues to focus on both personas.

Reason 3: The same technology stack and business model

Like Drupal, Mautic is built in PHP and Symfony, and like Drupal, Mautic uses the GNU GPL license. Having the same technology stack has many benefits.

Digital agencies or in-house teams need to deliver integrated marketing solutions. Because both Drupal and Mautic use the same technology stack, a single team of developers can work on both.

The similarities also make it possible for both open source communities to collaborate — while it is not something you can force to happen, it will be interesting to see how that dynamic naturally plays out over time.

Last but not least, our business models are also very aligned. Both Acquia and Mautic were "born in the cloud" and make money by offering subscription- and cloud-based delivery options. This means you pay for only what you need and that you can focus on using the products rather than running and maintaining them.

Mautic offers several commercial solutions:

  • Mautic Cloud, a fully managed SaaS version of Mautic with premium features not available in Open Source.
  • For larger organizations, Mautic has a proprietary product called Maestro. Large organizations operate in many regions or territories, and have teams dedicated to each territory. With Maestro, each territory can get its own Mautic instance, but they can still share campaign best-practices, and repeat successful campaigns across territories. It's a unique capability, which is very aligned with the Acquia Cloud Site Factory.
Try Mautic

If you want to try Mautic, you can either install the community version yourself or check out the demo or sandbox environment of Mautic Open Marketing Cloud.

Conclusion

We're very excited to join forces with Mautic. It is such a strategic step for Acquia. Together we'll provide our customers with more freedom, faster innovation, and more flexibility. Open digital experiences are the way of the future.

I've got a lot more to share about the Mautic acquisition, how we plan to integrate Mautic in Acquia's solutions, how we could build bridges between the Drupal and Mautic community, how it impacts the marketplace, and more.

In time, I'll write more about these topics on this blog. In the meantime, please feel free to join DB Hurley, Mautic's founder and CTO, and me in a live Q&A session on Thursday, May 9 at 10am ET. We'll try to answer your questions about Acquia and Mautic.

Hook 42: Stanford Web Camp 2019

Mié, 05/08/2019 - 09:45
Stanford Web Camp 2019 Lindsey Gemmill Wed, 05/08/2019 - 12:45

Agiledrop.com Blog: Our blog posts from April 2019

Mié, 05/08/2019 - 06:13

In case you missed some of them, here’s an overview of our blog posts from April to get you up to speed. Enjoy!

READ MORE

Digitalist: New module: HTTP Status Code

Mié, 05/08/2019 - 04:25
HTTP Status Code is a new module to manipulate HTTP status header. HTTP Status Code is a new module to manipulate HTTP status header. Main reason for doing this module is that in some cases you need to do manual fixes on the server side to create 410 Gone headers for paths that you want to remove from Google search index, with this module active you could setup the paths directly in Drupal. You can find the the module at drupal.org. Normaly install should be done with composer - composer require drupal/http_status_code. The module supports all Headers used by Symfony\Component\HttpFoundation\Response - with that said - HTTP headers should be used with caution. So make sure what you understand the impact then you manipulate the HTTP Header - like adding a 301 Redirect Header will be real bad when you not have a redirect in place. If you remove a page, the request for the path of the page normally then gives a 404 not… Read More

Cheeky Monkey Media: 3.5 Ways To Approach (And Budget) For a Drupal 8/9 Migration

Mar, 05/07/2019 - 20:09
3.5 Ways To Approach (And Budget) For a Drupal 8/9 Migration dennis Tue, 05/07/2019 - 23:09

Back in September 2018, Dries Buytaert, founder and project lead of Drupal, announced, 

Drupal 7 will be end-of-life in November 2021, Drupal 9 will be released in 2020, and Drupal 8 will be end-of-life in November 2021. 

You can read the announcement and get further information on this here - https://dri.es/drupal-7-8-and-9

Since that announcement, Cheeky Monkey Media has been in a lot of conversations with businesses of all shapes and sizes, not-for-profit and for-profit, that are currently on the Drupal 7 CMS platform and are considering migrating to Drupal 8.

The first thing everyone needs to realize is the move to drupal 8 will be painful, and almost as expensive as building a Drupal website from scratch.

The second thing everyone should realize is that once they’re on Drupal 8, the move to Drupal 9 will be relatively painless.

As Dries announced in a later article,

Security public service announcements: Drupal 7 and 8 release on May 8th, 2019 - PSA-2019-05-07

Mar, 05/07/2019 - 14:24
Date: 2019-May-07Vulnerability: Drupal 7 and 8 release on May 8th, 2019Description: 

The Drupal Security Team will be coordinating a security release for Drupal 7 and 8 this week on Wednesday, May 8th, 2019.

We are issuing this PSA in advance because according to the regular security release window schedule, May 8th would not typically be a core security window.

This release is rated as moderately critical.

The Drupal 7 and 8 core release will be made between 16:00 – 21:00 UTC (noon – 5:00pm Eastern).

May 8th also remains a normal security release window for contributed projects.

OSTraining: Define Role Based Field Permissions in Drupal 8

Mar, 05/07/2019 - 14:12

The Field Permissions module in Drupal 8 allows you to set permissions (enter, edit or view) on a Drupal field, based on the role the user belongs to.

In order to demonstrate how this module works, we are going to create a content type called "Essay" for the website of a school.

There will be 2 roles:

  • Freshman
  • Sophomore.

The Freshmen permission will not be allowed to choose the subject of the essay, whereas the Sophomores will have the possibility to choose between literature and history. However, there will be no possibility to change the subject once a student has made a choice.

Let’s start!

Drupal Association blog: New on Drupal.org: better visibility into the humans behind the comments

Mar, 05/07/2019 - 12:21

We're excited about a feature built by a member of our community and recently deployed on Drupal.org: to give more human context to discussions in the Drupal issue queue, you can now choose to display your primary language, pronoun, and location.

Update your profile now

This is an opportunity to bolster human context within an online medium where tone and posture can be difficult to read. Providing this level of detail allows for visibility into the global composition of our community — such as when a person's primary language is not English or when a person resides in a distant time zone.

It is important to recognize what being global means and drawing attention to the details that remind us about the people behind the project helps us all to have a greater understanding of one another.

You can enable this new feature by editing your user account and adding pronouns to the personal information tab, and location language on the Language/location tab. Finally, you can opt into what you would like shown inline in comments under the "comments" tab.

Agaric Collective: Agaric is Coming to Drupaldelphia this Friday

Mar, 05/07/2019 - 11:23
City Hall in Philadelphia. Photo by Jason Murphy, licensed as Creative Commons By 2.0

 

Drupaldelphia is an annual camp held in Philadelphia happening this Friday May 10th for the open source content management platform, Drupal. The event attracts developers, site-builders, content administrators, designers, and anyone interested in using Drupal in their organization or upcoming project.

We're excited to have Ben present two sessions at the camp. Tickets are only $30 (if you buy today, May 7th!) and the day is packed with helpful presentations and hands-on clinics. See the full schedule.

Iterative UX: Find It Cambridge Case Study

2:15-3:45pm
Hussian Room 125

Developing a trusted, ongoing feedback loop with your users ensures that your project is effective and relevant. We call this approach Iterative UX and Ben will share how this looks in practice with the city of Cambridge. You will get a holistic, honest look at both the highlights and challenges of this type of relationship to help you apply Iterative UX in your projects.

Read the full description.

Scaling Community Decision-making

3:45-4:55pm
Hussian Room 125

Any libre software, volunteer, or even startup project will have elements of do-ocracy (rule of those who do the work) but not all decisions should devolve to implementors. Rather, a basic principle is that decisions should be made by the people who are most affected.

  • Learn why meritocracy ("rule of those with merit") is a completely bogus and harmful concept.
  • Gain a passing familiarity with various ways decisions are or have been made in Drupal.
  • Add sociocracy and sortition to your vocabulary and understand how these esoteric concepts can help our community scale.
  • See how Visions Unite is putting more democratic decision-making approaches into practice.

Read the full description.

Read more and discuss at agaric.coop.

Websolutions Agency: What's New in Drupal 8.7

Mar, 05/07/2019 - 11:05
What's New in Drupal 8.7

Drupal 8.7 was released couple of days ago on May 1, 2019. As you might know, new features are added with each minor release of Drupal 8 (e.g. between 8.6 and 8.7) which occur in 6-month intervals. Originally 8.7 was supposed to be released in March 2019. But the timing of Drupal's releases has historically occurred 1-2 months before Symfony's releases, which forces Drupal community to wait six months to adopt the latest Symfony release. In order to be able to adopt the latest Symfony releases faster, Drupal community shifted Drupal's minor releases to May and December in a plan to allow adoption of latest Symfony releases within a month.

This is penultimate version of Drupal 8, which will be concluded with Drupal 8.8 in December 2019, after which we expect release of Drupal 9 sometime in June next year!

Beside bug fixes and dependency updates lets see what new features Drupal 8.7 brings!

 

Revisions

Taxonomy terms and custom menu links are now revisionable, which allows them to take part in editorial workflows which was until now only possible for Content types and Custom blocks.

 

JSON:API in Core

Drupal 8.7 will provide an out-of-the-box JSON:API implementation, marking another major milestone towards making Drupal API-first.

Now you will be able to generate an API server that implements the JSON:API specification with zero configuration. Once you enable the module, you are done.

Developers and content-creators can use it to build both coupled and decoupled applications and pull content from Drupal into iOS and Android applications, chatbots, decoupled frontends such as ReactJS, voice assistants and many more!

 

Layout Builder module is now stable

Layout Builder module was originally added as an experimental core module in Drupal 8.5 and is now stable and ready for production use!

If you haven’t heard about it Layout Builder is offering a single, powerful visual design tool for site builders to create templated layouts and custom landing pages.

 

PHP 7.3 Is Now Supported

PHP 7.3 was released in December 2018 and comes with numerous improvements and new features. Also with this release new Drupal sites can only be installed on PHP 7.0.8 or later. Installing Drupal on older versions results in a requirement error.

 

However, existing sites will still work on at least PHP 5.5.9 for now, but will display a warning

PHP stopped supporting version 5.5 on July 21, 2016 and Drupal security updates will begin requiring PHP 7 as early as Drupal 8.8.0 (December 2019), so all users are advised to update to at least PHP 7.0.8 now or preferrably to PHP 7.3.
 

GDPR

As part of continuing GDPR compliance improvements in Drupal core, Comment module no longer logs IP addresses for comments by default. Existing sites will still continue to log IP addresses but this can be changed by changing comment.settings.log_ip_addresses to FALSE in the site configuration using settings.php.

 

This was just a short brief into the new features. For a full list take a look at official release notes: https://www.drupal.org/project/drupal/releases/8.7.0

 

ws_admin Tue, 05/07/2019 - 14:05

Jacob Rockowitz: Webform module now supports printing PDF documents

Mar, 05/07/2019 - 10:12

Problem

To be competitive with enterprise form builders, the Webform module for Drupal 8 needs to support the downloading and exporting of submissions as PDF documents, as well as sending PDF documents as email attachments.

The Entity Print module does a great job of generating PDF documents from entities and fields, but webform submissions don't use Field API. This limitation has required site builders and developers to create custom Entity Print integrations for the Webform module.

Solution

The Webform module now includes a Webform Entity Print integration module, which handles downloading, exporting, and attaching generated PDF documents. Additionally, the Webform module allows the generated PDF document's header, footer, and CSS to be customized.

Demo

When enabled, Webform Entity Print module automatically displays a "Download PDF" link below all submissions and adds a download "PDF documents" option to the available export formats. Attaching PDF documents to emails requires that you add an "Attachment PDF" element to a webform and then configure email handlers to "Include files as attachments."

The below screencast and presentation walks through customizing the PDF link and template, exporting PDF documents, and attaching PDFs to emails.

Scratching my own itch

Adding PDF support was not a sponsored feature. I wanted the Webform module to support this advanced feature; so I created it. I was scratching my own itch.

The bigger itch/the challenge that I am always scratching at is:

Competing with other form builders

Competitive enterprise, and also Open Source form builders, tend to put this PDF functionality behind a paywall. For example, WordPress's Gravity Form (Read More

OPTASY: Looking for a Drupal 8 Rating Module? Here Is a Top 5 Flexible and User-Friendly Rating and Review Modules

Mar, 05/07/2019 - 08:08
Looking for a Drupal 8 Rating Module? Here Is a Top 5 Flexible and User-Friendly Rating and Review Modules adriana.cacoveanu Tue, 05/07/2019 - 11:08

Looking for a Drupal 8 rating module that should be:
 

  • easy to install
  • easy to configure
  • easy to use
  • conveniently flexible
  • and user-friendly?
     

And maybe you “crave” for some nice-to-have features, as well:
 

  • enabling users to add a short review
  • multiple ratings: enabling users to vote on several aspects of your product/service, such as price, quality, ease of use?
     

What are your options? What working (and stable) modules for rating and reviewing are there in Drupal 8? 

We've done the research for you, evaluated all the modules for rating in Drupal 8 and come up with a list of 6 best... rated ones:
 

Flocon de toile | Freelance Drupal: Set up a notification system on Drupal 8

Mar, 05/07/2019 - 07:44
For many Drupal 8 projects that have minimal interaction with their users, the need to set up a notification system quickly comes to the forefront. Being notified of a new comment, a response to a comment, a new publication on a particular subject, or a user, are recurring needs. To satisfy this type of need, we are going to talk here about a new module Entity Activity whose sole purpose is to log all types of actions performed, by users, according to their subscriptions, on a project. The Entity Activity module will allow us to generate any type of message, on any type of content entity on the tree main operations of the content life cycle: its creation, its update and its deletion.

Sooper Drupal Themes: Freelancer hiring: 9 Challenges to expect

Mar, 05/07/2019 - 06:41
Freelancing: a growing trend

It seems the trend nowadays is for workers to take the freelancing route. With 36% of the U.S. population currently being freelancers, it seems that this trend is slowly gaining traction. But what does this mean for businesses. It seems that hiring freelancers definitely has its benefits, however it also has its challenges. In this article I’m going to talk about the potential drawbacks that come with hiring a freelancer.

1. Hiring the wrong freelancer

Hiring the right person for the job is a complicated process even for a regular full-time employee. However, when it comes to hiring a freelancer, the interview should not be the same process as when hiring a full-time employee. Working from home requires a high degree of self-motivation, resourcefulness and self-discipline. On top of that, the freelancer should also be resilient to loneliness, since freelancing usually lacks the same social engagement that a conventional workplace can provide. If the freelancer doesn’t have these qualities, then he is going to be unhappy during the 30-40 hours he is working, which is bad for business and bad for humanity.

2. Too many options

After posting a job advertisement a client might be suddenly bombarded with a lot of replies from freelancers who are out to get the gig. But how does the client choose from so many options? Well, some freelancers will set up automatic bots that are automatically replying to the job post based on a few parameters. Most of the time, these type of freelancers will not have read the job requirements. They are not taking their time to make sure that they are a great fit for the job. Then there is another type of freelancers. The ones that report a great  amount of experience, yet they are charging suspiciously low rates. This type of freelancers either don't value their own work or the quality of the work provided is questionable and they use low rates as a cover-up. A client might feel overwhelmed by the options they have at their disposal. The best way to avoid this is to have an effective way on how to screen the freelancers.

3. Communication problems

Another big challenge that comes when hiring a freelancer is one of communication. As the name implies the freelancers are free to work whenever they want or feel inspired. What this means is that as a client you might not receive updates on the status of the work that the freelancer is doing. These can raise a lot of uncertainty for the client as he is kept in the dark with regards to the progress of his project.

4. Payment issues

Freelancers are not like regular employees. Naturally, this means that the payment process is going to be different than that of regular employees. First of all, the freelancer will not appear on the companies payroll, meaning that other alternatives for making the payment have to be found. On top of that, if the freelancer is outsourced from another country, the cost of transferring the money has to be taken into account. It's important to find a way to transfer the money that is advantageous for both the client and the freelancer, this way, confusion regarding the time until the payment is done and high fees when doing the payment through international banks are avoided. Some services that are good to use when paying outsourced employees are Paypal, Skrill and Payoneer. 

5. Being clear in requirements and feedback

In order to avoid frustration on both sides, the client has to be clear in their requirements and in the feedback provided by the freelancer. Otherwise, the client might risk to see the completion of his project in a totally different light than he was expecting. In order to be able to receive the project in the way that he envisioned it, the client has to be as thorough as possible when describing the job requirements. On top of that, regular feedback has to be provided. This way, the client will surely be able to increase the chances that the result he is going to receive is satisfactory.

6. Different language and culture

When it comes to effective communications, speaking a common language is of essence. In most cases, this language is going to be english. Finding a freelancer that is able to communicate at an advanced enough level of english to be able to discuss work related subjects might be difficult. On top of that, the culture of a country also has to be taken into account. Keeping in mind that different cultures have different communication approaches. For example, the difference between low context societies and high context societies, where one relies on explicit communication while the other on implicit communication. On top of that low context and high context are valuing non-verbal communication and cues to different degrees. Being aware of these differences can make communication easier and more pleasant for both parties.

7. Lack of commitment

Freelancers have the possibility to undertake multiple projects from different clients. What this means is that a freelancer will not be able to fully commit to your project, especially if another project is more challenging, exciting or more financially rewarding. On top of that, a freelancer will always prioritize the projects that make more sense from the point of view of the before mentioned aspects, pushing other projects to the side. This can cause a lot of frustration for the client, however, in order to avoid the frustration, the client has to make his project as appealing as possible from every aspect. For example, make sure that the project is challenging and exciting enough to keep the freelancer engaged. On top of that, clients should avoid paying below market-rates for freelancers because that can work as an open invitation for the freelancer to find new clients.

8. Missed deadlines

Another challenge that clients have to face when hiring a freelancers are missed deadlines. Freelancers are having more freedom when it comes to planning their working routine, as long as the contract does not stipulate specific working hours. This means that there is an increased risk of life events happening. Events like weddings, a relative getting sick, funerals seem to be happening at a larger frequency than for regular employees. These events can interfere with the ability of the freelancer to be able to deliver the project in time, thus resulting in a missed deadline.

9. Misunderstandings

Since freelancers don’t work in the office as every other regular employee, they are harder to supervise. What this means is that they are not there for the client to be able to get regular updates, or to provide feedback or to train them. If clear enough instructions were not provided, the freelancer can finish the project in a different manner than the one envisioned by the client. This misunderstanding will lead to frustration on both sides, since the client will demand adjustments and the freelancer will deliver these adjustments while not getting paid for them.

Conclusion

Hiring a remote employee is always a challenge. Especially in these days when the working culture has not fully adapted to the flexibility of the freelancers. However, being aware of the challenges of hiring a freelancer will make it easier to adapt and foster a productive relationship between you and your outsourced employee. So, embrace change and think about the possibility of hiring freelancers.

CiviCRM Blog: CiviCRM + Drupal 8: The Official Make It Happen

Mar, 05/07/2019 - 05:47
If your organisation uses CiviCRM with Drupal, and would like to do in the future, we need your help!   Over the past few years lots of amazing work has been done on the unofficial Drupal 8 CiviCRM release.
The CiviCRM core team have looked at this and are now in a position to complete the work to make this an official CiviCRM release. This means they will make changes so
  • CiviCRM can easily be installed with Drupal 8
  • They will ensure CiviCRM works with Views in Drupal 8
  • Going forward future CiviCRM releases will be tested with Drupal 8
This Make It Happen is raising $25,000 which will be used to complete this work.
Any money raised by the Make It Happen which is not spent on the initial work will be used to support future work on the CiviCRM Drupal 8 integration as needed.    What about Drupal 9? Isn't that being released soon? Both Drupal 7 and 8 are officially supported until November 2021. But the move from Drupal 8 to Drupal 9 will not be the same as previous Drupal major updates. It will be much easier to migrate existing sites between Drupal 8 to 9. For more information see https://dri.es/drupal-7-8-and-9. The CiviCRM core team has looked at this and the code changes required to ensure CiviCRM works with Drupal 9 should be minimal. So very importantly this Make It Happen work is also preparation for Drupal 9.   If your organisation uses CiviCRM with Drupal then please contribute to this Make It Happen. https://civicrm.org/make-it-happen/civicrm-d8-the-official-release CiviCRMDrupalDrupal 8Make it happen

Amazee Labs: Using Twig with Storybook and Drupal

Lun, 05/06/2019 - 15:54
Using Twig with Storybook and Drupal

Using UI pattern libraries in Storybook allow us to build a collection of front end UI components that can be used to build bigger components, even full web pages. However, frontend/backend integrations can be fraught with difficulties. In this piece, I’ll explain our process to make these challenges easy, even when using GraphQL fragments inside Twig templates.

Jamie Hollern Mon, 05/06/2019 - 20:54 What Drupal and GraphQL do well

At Amazee Labs, we build decoupled web applications using GraphQL and Drupal. We’ll touch on the reasons that we use this approach in this article, but if you’d like to know more, check out these blogs:

Drupal is known for its complex and unwieldy theming and rendering system. Data to be rendered comes from across the system in the form of templates, overrides, preprocess functions and contributed modules such as Panels and Display Suite. Sometimes trying to track down where data is being generated or altered is like a murder mystery. 

Thankfully, GraphQL Twig simplifies the situation massively. Each template has an associated GraphQL query fragment that requests the necessary data. This “pull” model (as opposed to Drupal’s normal “push” model) means that finding where the data comes from and how it is structured is really easy. We don’t need to worry about preprocessing or alteration of data, and this method lets us keep the concerns separated.

Advantages of UI component libraries

The main advantage of using a UI component library (also known as a pattern library) is that it facilitates the reusability of components. This means that when a component is created it can be used by any developer on the project to build their parts of the front end and in turn can be used to make larger and more complex components.

There are multiple extra advantages to this, the most obvious being the speed of development. Since all components are simply made up of smaller components, building new ones is usually much quicker, since we don’t need to reinvent the wheel.

This also makes maintenance a breeze, since we’re only maintaining one version of any component. If we decide that all buttons on the frontend need to have an icon next to the text, we simply change the button component and this change will apply everywhere that the component is used.

Finally, the reusability of components in a pattern library means that the UI is consistent. Often, web projects face difficulties where there are multiple versions of various components, each with their own implementation. This is especially true of larger projects built by multiple people, or even multiple teams, where no single person knows the entirety of the project’s implementation details. Thanks to the reusability of our components, we only have one implementation per component.

Challenges of using Drupal, GraphQL, and Storybook together

If done poorly, using pattern libraries like Storybook can be difficult and cause problems during the integration phase(s) of development. The main issue is usually that the frontend and backend developers have different approaches and different goals when developing. 

The frontend developer wants to create the best UI they can in the most efficient way possible, using the paradigms and approaches that are standard or preferred. Unfortunately, at times the implementation doesn’t sync well with the data structure that the backend developers receive from Drupal, so the frontend needs to be refactored or the data structure needs to somehow be altered.

How to make it work

I won’t go into detail on our implementation of the Storybook library, but we keep Storybook in the same repo as our Drupal application, outside the root. We then define a base storybook theme and using the Components module (built by my talented colleague John Albin), we define our path to the Storybook Twig templates as a component library in our .info.yml file. This way, the Drupal theme has access to all of our templates.
 

component-libraries: storybook: paths: - ../../../../storybook/twig

We then create our project-specific theme, which extends the base Storybook theme, and start to work on our integration. A generic page.html.twig file might look like this:
 

{#graphql query { ...Header ...Footer } #} {% extends '@storybook/page/page.html.twig' %} {% block header %} {% include '@storybook/navigation/header.html.twig' with graphql only %} {% endblock %} {% block content %} {{ page.content }} {% endblock %} {% block footer %} {% include '@storybook/footer/footer.html.twig' with graphql only %} {% endblock %}

So, how does GraphQL tie in here? Well, this is the really clever part. Our developers can create the GraphQL snippets to get the data needed for a specific component, and Storybook allows us to use JavaScript to use this data as mock fixtures. This means that the frontend can be built with realistically structured data, so no refactoring of templates or data alteration on the backend is needed. And since we already have the GraphQL snippet, this automatically works when run in Drupal. 

Conclusion

At Amazee, we use a UI component library because it makes sense to build a maintainable, reusable and consistent set of components for our frontend that also encourages faster development. We also try our best to streamline our integration processes so that all of our developers are more closely aligned and developing solutions that make it easier for their colleagues to use, learn and extend easily. 

Storybook gives us the power to build a component library using mock data that is structured in the exact manner that our GraphQL queries deliver it. This means no refactoring, building both queries and templates only once and an overall smooth integration process. 

Want to know more about using GraphQL and Twig? Check out our webinar
 

Páginas