Drupal Planet

Brian Perry: Gearing Up For Midcamp 2021

3 weeks 6 days ago

Midcamp, my local Drupal Camp, is back March 24 - 27. Midcamp went virtual at the beginning of lockdown last year and while it was a rousing success, we were definitely making it up as we went along. This time around we're trying a new format with an increased focus on community building which we're also hoping will help combat the Zoom fatigue we're all feeling. The schedule breaks down as follows:

OpenSense Labs: Exploring Content driven Commerce with Drupal

3 weeks 6 days ago
Exploring Content driven Commerce with Drupal Gurpreet Kaur Mon, 03/15/2021 - 23:00

‘Retail therapy,’ an extremely common phrase in today’s era, can work wonders on lightening a person’s mood. The new 1000-thread count Egyption sheets, when wrapped around you, can make the gloominess seem distant. The new Clavin Klein perfume can actually make your day seem more fragrant. And the new smart watch you just saw on Amazon has the potential of making you as fit as you want.

So, retail therapy is quite up there on the pedestal of making people feel great about themselves. And retail therapy, if done from the comfort of your couch while watching a Friends’ episode is all the more beneficial. And that is what we are going to be talking about today, the online retail market or ecommerce, if you prefer. 

Buying things with a few clicks on your computer screen used to seem like a novel idea close to a decade ago, but now it is an everyday occurrence. The ecommerce industry has boomed exponentially and these numbers are proof of that. 

Source: Statista


Source: eMarketer

3.53 trillion USD is an exorbitant amount and that is the value of online retail sales globally. If a pandemic couldn’t stop ecommerce from flourishing, I am certain nothing can. 

Now let’s come to matter at hand. The point of this blog isn’t to tell you the value of ecommerce per say, rather I am going to be focusing on one emerging aspect of ecommerce that has made it quite different from the past, and maybe even a little intriguing and that is content. How content has played a role in ecommerce, why it’s important, how it is being used, does it actually have an effect on sales, and finally how does Drupal come into the equation? We’ll find answers to all of these questions. All you have to do is continue reading.

Content and Commerce: Understanding the Dynamic 

Words are a powerful thing. It’s words that can make a person the wisest and the most stupid. The right words can have such a profound effect on its reader that it might even change their way of thinking. With such a profound effect, it was only a matter of time that the power of words was being utilised in commerce in the truest sense. This is essentially the meaning of Content-driven Commerce. 

If you look at the traditional sense of advertising, you would find it flawed to a great deal. Those TV commercials, the cleaning ads and those ludicrous weight-loss adverts, all of them have hardly any truth to them and the viewers know it. Perhaps that is why they no longer resonate with their target audience. People have become far more difficult to please now than the past.

Cut to the emergence of Content-driven Commerce, with its realistic outlook and clutter-less approach. If I talk about myself personally, I find the incorporation of content in marketing strategies, the best kind of, well, marketing strategy. 

Look at this screenshot for instance. 

Source: Amazon

Upon searching for nuts on Amazon, you will probably end up on this piece of article in the screenshot above. Now, not only is this article advertising Amazon products, but it is also informative and enlightening. And the latter fact is what makes it a masterstroke of marketing. Someone reading it would have learnt something new and that knowledge is going to spark a craving that would require satiation upon every purchase journey. 

Content commerce isn’t just related to writing blogs and articles. You might have thought so, since that is the only thing we go to when we hear the word ‘content.’ This concept is broader than that. It includes everything from infographics to videos, from podcasts to webinars, anything that can instill interest in the buyer and be informative can be considered as content.

The Science of Content Commerce 

Content commerce has a lot of thought put inside it. You can just bombard the buyer with one piece of content after the other and expect that he’ll admire them all and be ready to click on that buy now button with a massive cart waiting to be delivered. Nope, that’s not even close. 

Consumer data; 
Consumer shopping behaviour and patterns; 
And industry trends; 

These are the three aspects that sum up the science of content commerce. When you know what your customers want, what patterns of behaviour they follow and how your competitors are taking action on that, you will have the most sound content commerce strategy; that would be  personalised to the T.

For instance, 

At present, being a minimalist is in vogue, with a subtle emphasis on the key features of the products that would be enough to inform, educate and inspire the visitor. With a touch of personalisation, a splash of fun through quizzes and a hint of what’s more to encounter through catalogues, the visitor is more or less hooked. This coupled with customer testimonials and case studies pushes the visitor one step closer to the purchase. 

This is how content commerce is being done today and it’s working. The result is better and more interactive and informative consumer experiences.

Source: Pimcore

So, you tell me is Content-driven Commerce a trend that would make people fall in love with advertising and make their buying experience something to remember. If you ask me, I’d most definitely say yes. There are many like me who believe that content driven marketing is going to pick scale and boom in the future. 

Source: eMarketerWhy champion Content driven Commerce?

At the end of day, the consumer would only come to your business only when he’ll find you different from the others, when he thinks that you have more to offer than the rest. And content commerce is the best way to make that happen. You can build your brand’s identity based on the kind of content you deliver on your site and outside it. When people would actually associate you with providing meaningful and rich contextual experience, would your goodwill not enhance? I think it will and that is why Content Commerce has become such a big deal. It allows brands and businesses to leave a strong impression on the audience. 

A travelling documentary that was posted on a tour and travel site as a testimonial on its home page could actually make many wish to experience the happiness and exhilaration that the video boasts on and on about, much more than any TV commercial or newspaper ad would ever be able to. That’s the power of content combined with commerce.

In Comes Drupal: The Perfect Blend of Content and Commerce 

So now you know the power content has, but how do you leverage it? Having resonating content and having the ability to showcase it are two different things. The former is all you, while the latter mandates the decision of making a choice amongst the varying options. Having worked with Drupal, I know the answer to the leveraging dilemma is Drupal itself. 

You must wonder why?

Drupal is a powerful CMS, which is renowned for its ability to handle any kind of content without any glitches. Drupal has a solution for every kind of content type you can imagine, making your experience of content authoring easy and flexible.

  • Easy Content Authoring: Intuitive tools for content creation, workflow and publishing make it easy for content creators. User permissions, authentication help manage the editorial workflows efficiently. Previews help the editors access how the content will look on any device before the users approve and publish.
  • Mobile Editing: Team members can review, edit and approve content from mobile devices, to keep content and campaigns flowing, regardless of where they are and what device they’re on.
  • In-place Authoring: The WYSIWYG editor in Drupal to create and edit content in-place. 
  • Content Revisioning and Workflows: For a distributed team Drupal enables a quick and easy way to track changes, revisions, and stage. It tells you who did what, when, out of the box. Also, it lets you manage custom, editorial workflows for all your content processes. Content staging allows you to track the status of the content - from creation to review to publication - while managing user roles and actions, automatically. 
  • Content Tagging and Taxonomy: Beyond creating content, Drupal’s strength lies in creating structured content. This comes when you define content elements, tag content based on their attributes, create relevant taxonomy so it can be searched, found, used, and reused in ways that satisfy the visitors.
  • Modules for Multimedia Content: Entity browser, paragraphs, pathauto, admin toolbar, linkit, blog, meta tag, and other content editing modules give the extra lease of life by extending and customizing content features and capabilities. They allow you to choose what features you want for your site.  
  • Yes, Drupal is great for content, but it is equally great with commerce. It’s because Drupal has the innate ability to to integrate content and commerce. It can manage every single aspect of a commerce site, be it its products, carts or financial transactions and then integrate all of it with content and media. What’s even more fascinating is the fact that Drupal helps you build an application that is a perfect fit for your needs today and tomorrow because when times change, Drupal changes too and its third-party integrations are the reason for that.

Let’s now look at Drupal’s commerce centric features to understand its compatibility even more.

Drupal Commerce 

When we talk about Drupal and ecommerce, the conversation cannot begin or end without the mention of Drupal Commerce. It is one feature that makes Drupal outshine all other CMSs in the market because it promotes innovation and growth through standards that make you take advantage of everything Drupal has to offer. 

With Drupal Commerce, the possibilities are limitless because that is how it is designed; to help you build what you want not be confined to what it can do.

  • From product types and descriptions to diversified product pages; 
  • From payment gateways to tax calculations; 
  • From organising promotions to managing orders; 

Drupal Commerce can do it all for your ecommerce business digital channel. 

Decoupled Drupal Commerce

Decoupling works by separating your commerce site’s front end from its backend. You can take up JavaScript for the presentation layer to make it more interactive, while all the backend aspects would be handled by Drupal. All of the benefits of decoupling would be enjoyed without parting with Drupal Commerce.

You will end up with a site;

  • that is faster and more engaging;
  • that is richer and more interactive;
  • that is easier to update and modify, without one end affecting the other; 

All of this because you won’t be confined to Drupal to build your frontend, you can take up any of the available frontend technologies. More on decoupled Drupal Commerce here.

Drupal APIs

Where there is Decoupled Drupal, there are APIs, which streamline the separation of frontend and backend as well as provide the connective thread. With the robust Drupal APIs, it becomes all the more easy to integrate Drupal with other services.

Again Drupal Commerce plays an imperative role here, by providing additional modules that extend REST APIs in Drupal. These are; 

These result in better functionality for your retail site as well as make it work with far more tools than otherwise would have been possible. More on different Drupal web services implementations here.

SEO Benefits 

When we think about content-driven commerce, we have to consider content as much as commerce. Writing blogs and articles is all good and fine, but how do you make them shine on the search engines, that is where SEO friendliness pops in and Drupal is best friends with SEO. There are numerous SEO modules in Drupal that will help in everything you might need, from keywords to tagging, Drupal will have you sorted and ensure that the educational pieces you wrote do just what they were intended for.

Out-of-the-box Benefits

And there is more. Drupal has several other out-of-the-box features that make it totally compatible with ecommerce sites, especially handy, if you are going to be running your site in multiple states or even nations. 

  • Be it multilingual support and translations; 
  • Be it handling multiple currencies;
  • Or be it the management of multiple stores from one place; 

Drupal will have you sorted by providing the right module for the right need. Plus, the superabundance of themes available in Drupal will ensure you get the desired modern look and feel for your ecommerce website.
On top of these, the fact that Drupal helps you deploy your ecommerce site built with Drupal Commerce within hours is the only silver lining left to make you cave in to Drupal.

For a comprehensive guide on Drupal’s offerings for an enterprise-scale ecommerce site, read here.

Drupal at Work in the Ecommerce Industry

Now that you know all that Drupal can accomplish, let’s look at some of the e-commerce businesses that have successfully been able to leverage the prowess of Drupal in this domain.


Timex is an American watchmaker, you most likely have heard of it. It wanted two things out of its retail site and these were; 

  • A unique site for personifying what the brand identifies itself as, its own style had to be incorporated into the site’s design. This also meant that product, social and editorial content had to be combined to deliver an impressive visitor experience.
  • Secondly, the Timex team wanted independence, meaning they wanted to be able to create, manage and update content as and when required without a developer. 

Drupal effectively checked both these requirements and helped create the perfect Timex site.

Cannabis Yukon 

The legality of cannabis is still a contentious issue all over the globe. Therefore, when the Government of Yukon had to build their cannabis retail, their paramount concern was to protect the privacy of its users. That is why Drupal was chosen, to have total and complete control over the consumer data. This along with Drupal Commerce and the fact the Government of Yukon website was already on Drupal, the decision was final.


Being a popular cosmetics company in Britain, LUSH had a massive following of users. That meant when it delved into the digital space, there were a lot of clicks per minute, especially during its Boxing Day sale. When its site ended up crashing with such a load of users, it decided to switch to Drupal, which can handle any amount of traffic thrown at it. With Drupal, the code and architecture was rethought and the site made impressively scalable. 

King Arthur Baking Company 

King Arthur Baking Company is known for its mouthwatering recipes. It switched to Drupal for its transition to the digital space and was able to provide personalised experiences to its audiences, be they pro bakers, first-time novices or climbing the ladder of baking. With the additional support of experts available through expert bakers the site was indeed a success.


Every site that is built has a purpose behind it, for e-commerce sites that purpose is deriving sales. Today, achieving that is no longer a walk in the park. You have to leave a mark on the user’s mind and personalised and informative content is the way to do that. 

With Drupal Commerce and Drupal’s impeccable content management system, that aim of higher conversions and better brand loyalty is no longer distant. That’s the Drupal factor in content-driven commerce.

blog banner blog image Commerce E-Commerce Content and Commerce User Experience Drupal 8 Drupal Blog Type Articles Is it a good read ? On

ADCI Solutions: How to create an eCommerce website with Drupal

3 weeks 6 days ago

The web studio ADCI Solutions starts a series of articles about Drupal web development for online commerce. The first article is about how the industry is experiencing a pandemic (spoiler: great), what eCommerce development tools exist on Drupal, how non-programmers can create a simple store (another spoiler: it is easy only at the beginning).

Are you interested? Here is the link to watch our article.


Pixelite: How many JOINs is too many? Tuning optimizer_search_depth for MySQL with Drupal

4 weeks ago


I was recently part of a migration from AWS (Amazon Aurora - MySQL-Compatible) to Azure (Azure database for MariaDB 10.3) for a large suite of applications. This platform contains a number of Drupal 8 sites, which surface content through JSONAPI (now part of core in Drupal 8).

The issue

Drupal is extremely flexible, and creates a highly normalised table structure, 2 tables per field on a piece of content (1 for revisions, and another for active data). A given piece of content can contain dozens of fields. When loading a piece of content, it is not uncommon in Drupal to have 20+ joins on a single SQL query.

These SQL queries the end developers do not write by hand, Drupal abstracts this detail away through the entity API.

We were seeing SQL queries appear to never complete when they had lots of JOINs in them. One query I found that was 'stuck' had 53 joins. In saying that, the database overall data size was tiny, with only 228 pieces of content in Drupal (this is very low, some Drupal sites can have millions of items of content).

Running a SHOW FULL PROCESSLIST showed these queries were all stuck in a Statistics phase.

The issue seemed to disproportionately impact SQL queries with > 40 joins in a single query.

These queries did not appear to ever complete, and the CPU was pegged at 100%.

CPU (in blue) being pegged at 100%

Upsizing the vCPU count in the database cluster had no impact, as the 'stuck' queries just consume all the CPU available. We even had trouble trying to connect to the database cluster via the MySQL client, due to timeouts.


After seeing the seeing queries stuck in Statistics phase, we did some digging to see what other content had to say on this topic:

Actions we did

After reading the above literature, we ended up settling on the 'automatic' tuning for optimizer_search_depth.

optimizer_search_depth = 0

This will mean that queries that do > 7 JOINS may not run the best query path, but at least they will actually complete. This is a win in my books.

I also killed every running query manually that was stuck in the Statistics phase. This brought down the CPU. The CPU never went up to the same levels due to the change in optimizer_search_depth.

Result and final thoughts

The 53 JOIN query that used to fail to complete, now completes in 268ms. Not fast, but a damn sight faster than several days.

I still don't have a good explanation as to why the 53 join query had no issues executing on AWS Aurora MySQL, optimizer_search_depth is set to the default of 62 on there. I assume (like most of Aurora) that there is some special AWS sauce helping here. If anyone can shed more information on this, please let me know in the comments.

Golems GABB: Explore the world of carousel sliders with the Flex Slider Drupal module

4 weeks 1 day ago
Explore the world of carousel sliders with the Flex Slider Drupal module Editor Fri, 03/12/2021 - 23:23

The word “carousel” had long been associated with an amusement ride, but web design trends are bringing new word meanings. If you have a website, you can offer your guests to “take a ride” on a carousel, but it will be an exciting carousel of images, videos, banners, and so on. If beautifully built, this kind of carousel is sure to capture everyone’s interest and increase conversions.

Read more about image carousels and discover how to create a carousel in Drupal using the Flex Slider module.

MidCamp - Midwest Drupal Camp: MidCamp 2021: Get Started with Drupal

4 weeks 2 days ago
MidCamp 2021: Get Started with Drupal

MidCamp 2021 is less than two weeks away, and tickets are on sale now. We’re accepting topic submissions for Thursday’s “Meet the Drupal Community” day and Friday’s “Share Your Knowledge” Unconference. Our job board is filling up, and next week is NERD Summit—a three-day inclusive, community building tech event based in New England. 

This email is focused on our activities for folks new to Drupal or our community. If you’re already a friend of MidCamp, stop now and forward this email to a friend or colleague, please!

Where to begin

If you’re not even sure about Drupal, let alone MidCamp, join us (for free!) for a few hours on Wednesday morning. We’ll introduce you to Drupal, the community, and MidCamp. After these three sessions, you’ll have all you need to make the most out of the rest of camp as an attendee.

Find your voice

Attending MidCamp is a great start, but the best way to learn something is to teach it. On Wednesday afternoon, we’ll hold a series of (also free) workshops for folks who are interested in public speaking. During these hands-on sessions, we’ll look at what has stopped you from speaking in the past—and explore how to move past your fears. We will discuss some common myths about public speaking, different talk formats, and we will focus on finding your areas of expertise.

No technical knowledge is needed, everyone has something to share!

Dive into local development

During camp, we’re planning a workshop to provide opportunities to learn more about local development best practices. We’ll walk you through getting Drupal set up on your own machine and prepare you for Saturday contribution activities. Look out for more details, coming soon.

And now… a word from our sponsor:

Bounteous is proud to be a sponsor of MidCamp 2021! We co‑innovate with the world’s most ambitious brands to create transformative digital experiences. Be sure to connect with our team of Drupal experts during the event, we look forward to seeing you! Learn more about us.


Tag1 Consulting: On 20 Years of Drupal - an interview with Narayan Newton

4 weeks 2 days ago

When you think about Drupal.org’s infrastructure - what it takes to keep the website running, one of the first names that comes to mind is Tag1 CTO Narayan Newton. Narayan has long been the head of the team that keeps Drupal.org secure and available to everyone. In this Tag1 Team Talk, in our 20 years of Drupal series, Managing Director Michael Meyers talks with Narayan about how he got started, some of the work that goes into maintaining Drupal’s websites and repositories, and the things he’s learned over the years. ### Related content In the coming weeks, Tag1 will be featuring Team Talks with some of its long time Drupal contributors. Check back here, or follow the blog to see these interviews as they become available: - Jeremy Andrews - Doug Green - Fabian Franz - Narayan Newton - Francesco Placella - Greg Lund-Chaix - Marco Molinari - Michael Meyers - Moshe Weitzman - Nat Catchpole _For a transcript of this video, see [Transcript: 20 years of Drupal - Narayan Newton](/transcript-20-years-drupal-narayan-newton "Transcript: 20 years of Drupal - Narayan...

Read more [email protected]… Fri, 03/12/2021 - 06:21

OpenSense Labs: A Peak Into the Marvellous World of Drupal Security: Essential Modules

4 weeks 2 days ago
A Peak Into the Marvellous World of Drupal Security: Essential Modules Gurpreet Kaur Fri, 03/12/2021 - 20:38

Whenever we build something, we always ensure or at least hope that it doesn’t get damaged. Take our homes, for instance, we have more than a few locks at our places to protect and keep it secure. The same goes for our gadgets, our vehicles and most importantly our livelihoods. 

This brings me to the world of website development, wherein security is a major issue. An ill protected site is all but setting its demise, bugs and hacks will become its doom eventually. So, what should be done about it?

I have an answer and that is Drupal. 

Drupal, being a content management software, comes with an array of tools and features that protect its sites from every security breach. You will have to optimise Drupal properly to make that happen.

Drupal is one of the safest open source CMSs out there

Percentage of security issues in a sample group. Source: Acunetix

These numbers are proof of the competence of Drupal's security measures. The entire responsibility of ensuring optimal security lies on Drupal security modules. And that is what we are going to be talking about today.

With the launch of Drupal 9, security has become all the more important. So, we’ll be discussing all the essential modules required for this task. I have taken the liberty to segregate the modules into eight categories, which will cover all the aspects of security that need to be looked into and protected to make a full-proof site. 

Let’s delve right in.

Tackling Brute Force 

A user logs onto your site, he has a strong enough password to protect his credentials, yet there are people who will keep trying to break that to gain access to your site. When these bad actors do that, you have to protect yourself from their Brute Force. If they gain access to your site, your entire project would be compromised and that would be an upsetting scenario. 

Tackling brute force starts with user registration, Drupal’s User Registration Password module allows users to register with a password while filling out the registration form, with a verification email. This module together with Password Policy ensures that the passwords set uphold the ideal standards with uppercase, lowercase, numbers and symbols at work.

What if your user wants to remain logged in?

That is an option with Persistent Login’s ‘Remember Me’ feature. However, you as an administrator can control how long those ‘Remember Mes’ live; meaning you could make a user sign in again after some time. You can also control which pages these users can and cannot access. 

There is also the option of Automated Logout, wherein an administrator can log a user out who has been inactive for quite some time.

Moving on, Secure Login is a module which ensures that the user logins and other forms are securely submitted without any transparency. With Login Security, you can protect and secure your site further with access controls. For another layer of security of individual pages, you can use Protected Pages, this module can secure any and all pages on your site with a password. 

Finally, you can also restrict the number of sessions by a user at one point, using Session Limit.

All of these together can make your website or application a force itself, which no brute can think of targeting.

Handling Authentication 

From brute force let's move onto authentication. Did you know that authentication is very different from authorisation? Authentication is the former step, wherein a user is identified and validated in regards to his claim over the site and its access points. The above talked about passwords are one way to authenticate a user. 

Once the authentication is done, authorisation swoops in. You know the person is an administrator, but what’s his grade? Can he be entrusted with sensitive information? Giving him the rights and liberties to access pages, data and any and all information is what authorisation is all about. 

How does Drupal handle it? 

Through its umpteen modules of course. Like I said before, a password is one of the best ways to authenticate, however, adding another layer of authentication with it becomes the best option of them all. Two-factor authentication and Google Authenticator Login provide you just that. While the former sends a code to the user’s mobile number, the latter works on a Time-based One-time password. Google Authenticator/ 2 Factor Authentication also provides similar functions. There is also the option of choosing Require Login, a module that aids in making user authentication on pages a mandate. 

If a user is authenticated with an external site or service and its authentication details are stored there, he can be logged in or registered with External Authentication. With Social Auth Google, users are authenticated using their Google accounts to your Drupal site. JSON Web Token can also be used as a factor to authenticate users through JSON Web Token Authentication. Drupal OAuth & OpenID Connect Login - OAuth2 Client SSO Login is a module that would allow any OAuth or OpenID Provider resident user to log in to your Drupal site. 

The authentication powers of SAML, OpenID Connect and Lightweight Directory Access Protocol can also be implemented with Drupal. SAML Authentication, SimpleSAMLphp Authentication, OpenID Connect and LDAP help in that respectively.

Social API is another module that can integrate with external services through a Social API. Using it would mean you can integrate modules for every authentication task.

What about IP addresses, is there any module pertaining to them?

Well, yes. You can very easily block access or simply ban certain IP addresses, if you want. Automatic IP ban and Advanced ban accomplish this feat conveniently, the former even has a watchdog table.

Finally, what about malicious attempts at authentication? 

Drupal has you covered there as well. There can be instances wherein certain bad actors try to identify valid usernames. This is called Username Enumeration and often leads to credential stuffing. However, Username Enumeration Prevention helps in avoiding that by stopping these anonymous users in their tracks.

Controlling Administration 

User access and authentication reminded me of the administrators and the role they play in accessing a site, which brings me to the next classification of security modules. Just like users can’t be granted access to everything on your site, the people building it also cannot be given total and complete reins over it. As there are permissions and restrictions for users, there are also for administrators. 

Let’s see what Drupal has to offer the administrators in terms of permissions and roles. 

Firstly, there is Permissions Filtered by Modules, this provides a filtered list of modules and roles at the top of the permissions page making management a breeze regardless of the number of roles. Then there is Administer Users by Role, which fine grains permissions even more to the level of sub-admins.

Next come the specific permissions and roles; Block Region Permissions and Block Permissions not only allow you to control access to administer blocks, but also pave way for finer grained validation in managing blocks, respectively. For adding, modifying and deleting items, an administrator can be given the permission from Menu Admin per Menu, specific to certain menus, or he won't be able to do that. You can also set permissions to fields related to authoring information and publishing options through Override Node Options

If you wish to disable User 1 to remove the administer user’s permissions, which allows them to edit their username and password, you can do it with Disable User 1 Edit.

Drupal also has another quite charming module, which I personally love. This is the Masquerade module, as the name suggests an administrator gets the power to switch users and surf the site as the switched user and without the need to enter a password. This helps a great deal in knowing the site’s outlook from the eyes of a client.

I would like to talk about Role Delegation here as well, it is a module that allows site administrators to assign roles to further authorise roles to users. 

Should we talk about user permissions and administrators control them? 

Yes, we should. There are two specific modules I want to mention here, one is View Unpublished. This allows an administrator to give access to user roles to view certain unpublished nodes. 

Second would be the Menu Item Role Access, which makes it possible to restrict certain items on a menu without the need for creating separate menus altogether. Isn’t that just great?

Intercepting Content 

Now it’s time for the content, who can access it, how it should be accessed and what should be accessed and what needs to remain restricted. 

Your content can be as secure as you want on Drupal. With its modules, you can easily manage your content without any worry of it reaching the wrong hands or eyes. Content Access will help you to manage access permissions. It's both flexible and transparent and would let you classify the permissions as ‘view all’ or ‘view own.’ Node View Permissions also works similarly with the same exact permissions.

Field Permissions helps site admins to set field level permissions for editing, viewing and creating fields for any kind of entity.

What about blocking content from certain users or admins?

There is a lot to talk about here as well. Let’s start with hierarchy, Workbench Access is a module that would allow you to create editorial access controls and guess what these controls would be based on? Yes, it's the work hierarchy. 

Then there is Block Content Permissions, with this you can control access to administer block content types and create, update and delete them whenever you want. There is also the option of blocking a node from being edited by two users at the same time, this can be done through Content Locking

You can also add a filter that would exclude pages from certain blocks, after or even in between a wildcard with Block Exclude Pages. If you are thinking about granting access to certain users so that they can view unpublished nodes and media, Access Unpublished can help you with that.

Another clever module is the 403 to 404, which displays the 404 error when a user tries to access a page that he doesn’t have the permission to access.

Implementing Encryption 

The majority of the files and messages on a website or its server are usually encrypted. This is done so that the unwanted eyes do not reach them. Can Drupal modules be serving this purpose? Of course. 

Your database is going to have several field values stored inside it, with Field Encryption module, you can store these values in an encrypted manner of your liking. You create your own encryption method with this. 

What about the key?

There is a module with the same name. Key helps in managing all sensitive keys including APIs and encryption keys, of course. You, as an administrator, can take command over how and where these keys would be stored, making the security of the same pretty efficient. 

Is there a module that does both? Encryption and decryption?

There certainly is. You can perform symmetric and asymmetric encryption with Drupal. You can integrate modules to perform encryption and decryption in a standardised way. You can also have any number of encryption profiles used by any number of modules. And you can do this with the Encrypt module. 

You can also use the power of AES encryption with the Encrypt module. For that, you would have to combine Real AES with the former and gain access to Defuse PHP-Encryption Library.

Fighting Spam 

Unwanted and unsolicited is what spam is. It may seem like nothing beyond a nuisance, but it can become more if the web builders become complacent. Spam is capable of infecting your site with malicious software and you must know that that can never have a positive outcome. Lucky for you, Drupal is capable enough to never let that outcome take place. 

When we think about spam, a few things instantly pop up in our minds, these would be emails, comments, registrations, messages, feedback and contacts. Usually getting all of these is a good sign for your growth, but when it's spam written all over them, the good doesn’t take long to go bad. 

Honeypot and Antibot are two of the more popular modules for eliminating robotic form submissions with close to 150,000 and 33,000 Drupal sites using them for this purpose. 

Drupal modules like Spam Master, Protected Submissions, Anti Spam by CleanTalk, Check DNS, Drupal Perimeter Defence, Spambot and Spamicide, also aid in deterring the intrusion of spam on your site. Talking about Spamicide, which is pretty clever in itself, it’s a module that adds a field to forms and then hides them. So, when a bot is filling that registration form, it’d probably fill in that field and when that happens you simply discard that form and rid yourself of its nuisance. 

For email obfuscation, SpamSpan Filter and Obfuscate come in handy and prevent spammers from collecting them. E-mail No-Reply is also a great module that allows you to create a field with no reply addresses, yet still, receive important notifications from Drupal. 

What about the troubling IP addresses?

Flood Control is a Drupal module that allows you the functionality of an interface that makes it very convenient to remove IP addresses as well as user IDs from the flood table.

Can we really talk about Spam and not mention CAPTCHA?

Today, almost every web form has a CAPTCHA challenge at the end right before the submission is final, only to trick the spammers and bots. A CAPTCHA would be very easy for a human, but very confusing for a bot. This is an age-old trick to manoeuvre spambots entry to your site. Drupal has both CAPTCHA and ReCAPTCHA modules available for the taking.

CAPTCHA and ReCAPTCHA are the front runners here, equipped with the right challenges to handle spambots.

Simple Google ReCAPTCHA with its checking the ‘I’m not a robot’ box is pretty good as well. Google ReCAPTCHA v3 provides you with a score for those requests without any friction. Recaptcha Element provides further integration with Google reCAPTCHA v3.

There is also hCaptcha, a module that helps in labelling large proportions of data within a stipulated time as well as being affordable and reliable.

Attacking Hacks

Your website is somehow going to end up being a target for hackers and you can’t avoid that from happening. All you can do is make sure that it is protected to the nth degree when that happens. 

Using Drupal’s Security Kit is the first step in hardening your security. It protects from various security threats and keeps your vulnerabilities at bay from exploitation. Cross-site scripting, cross-site request forgery, clickjacking and SSL/TLS are some of the attacks prevented by this module. Content Security Policy works on a similar principle; it informs browsers of trusted sources to mitigate hacks and add an additional security layer on top.

If you want a reverse proxy and firewall for protection against hacks, then CloudFlare would be the right choice. 

System Status is another module that does everything from eliminating security vulnerabilities to performing necessary upgrades to keep your site hack-proof.

Dealing with the Rest 

Up until now, we have covered all the major aspects of security, from permissions and authentication to spam and hacks, yet there are still some modules left to discuss that have a role to play in Drupal security. We’ll discuss that now. 

Let’s start with the laws. General Data Protection Regulation sets the guidelines that govern how data is protected as well as the privacy of the users in the EU. Drupal’s GDPR module provides helper tools that in turn aid your sites in becoming more compliant with this law. Cookiebot further aids in tracking your use of cookies and GDPR and ePR compliance. Then there is TacJS, which helps your sites in adhering to the European Cookie Law with the user of tarteaucitron.js.

Moving on, to ensure that all uploaded files are sound and secure, you can use File Upload Secure Validator, which does exactly what its name suggests; validating the security of the uploaded files on the server-side. ClamAV further ensures that those files are not infected by any virus by integrating Drupal with the virus scanner of the same name.

For headers and referrers, there are the Remove HTTP Headers and No Referrer modules. While the former removes the HTTP headers from the configuration, the latter ensures that no referrer information is leaked.

Security.txt helps in implementing the security.txt standard, which ensures the proper documentation of your site’s security contacts and policy. There is a module to avoid stale IP addresses clogging up your database and protecting user’s privacy, this can be done through IP Anonymize

Finally, to ensure that your site is at the prime of its health, you can opt for Health Check, which would enable you with an endpoint for the load balancers. 


So, there you have it, the majority of the Drupal security modules that would make your Drupal site watertight. I wouldn’t say that there aren’t any other modules for security, there certainly are and you would be wise to use them as well. 

In the end, I’ll just say that security is always going to be a primary concern when websites are built and made operational. Drupal isn’t a software that would be described as lacklustre in terms of security and with the launch of Drupal 9, security has become all the more efficient at Drupal.

blog banner blog image Drupal 9 drupal security Drupal Security Modules Blog Type Articles Is it a good read ? On

Aten Design Group: Drupal 7 to Drupal 8, 9 and beyond: Your last major upgrade?

1 month ago
Drupal 7 to Drupal 8, 9 and beyond: Your last major upgrade? Eric Toupin Thu, 03/11/2021 - 11:41 Drupal

Upgrading from Drupal 7 to Drupal 8 is a major project (a full rebuild in most cases) that can rival or even top the original cost of application development. Upgrading from Drupal 8 to 9 and beyond, in comparison, requires just a tiny fraction of that effort. Here’s a look at why — and why you should take the leap from Drupal 7 to Drupal 8 and 9.

The upgrade from Drupal 7 to Drupal 8 was a major theme for plenty of our clients over the last few years. Drupal 8 — and versions beyond — boast a wide range of benefits that stem from a more modern architecture, but one of the biggest wins in my mind is the advent of semantic versioning (for Drupal) and a renewed commitment to making Drupal upgrades easy forever. Moving to Drupal 8 could be your last major upgrade.

The ghost of Drupal past

The move from Drupal 7 to Drupal 8 isn’t easy. While it’s often still touted as an “upgrade process” the reality is that it boils down to a complete rewrite of the codebase and a content migration. We’ve worked on more than a handful of Drupal 7 to Drupal 8 upgrades in the last years, and the majority constitute a “six months or more” sized project.

One reason for that is Drupal’s new Symfony reliant architecture that leans far closer to the tenets of object oriented programming (OOP) versus the more procedural approach used in previous Drupal versions — a significant technical change which in most cases means Drupal 7 code simply won’t work in Drupal 8. Add to that a completely revamped templating system and you get a similar obstacle on the front-end: Drupal 7 templates & templating systems won’t work in Drupal 8. Those major changes along with a potentially long list of complications with Drupal 8 data migrations is likely to land your Drupal 7 to Drupal 8 upgrade squarely in “rebuild the application” territory.

The good news is that it’s the last time.

Drupal 8 and beyond: Your last major upgrade

Drupal 8, 9 and beyond promise a continued investment in modern architecture, incremental major feature releases, greater stability and sustainability, and a much larger network of invested developers — among lots of other perks. Perhaps the best news to come along with the new Drupal architecture is that large-scale, overhaul-style major version upgrades will be a thing of the past. And we’re beginning to see that now as we begin moving Drupal 8 sites to Drupal 9.

Clearing the road ahead: A commitment to easy upgrade paths

With Drupal 8 comes the commitment to semantic versioning. Semantic versioning isn’t just a naming convention for software versions, it’s a descriptive norm that guides how new versions of code should be written and establishes strict backwards compatibility requirements. The upshot for end users is significant but manageable incremental changes between major versions (say 8.x and 9.x) which aim towards seamless major version upgrades. Major versions can no longer make dramatic jumps (like Drupal 8’s move to OOP or the Twig templating system) which necessitate major code rewrites, but instead make small, reasonable changes between minor versions.

With the new approach to versioning developers get a variety of automated tools that ease the shift between minor and major versions. Deprecation checking means developers get notices in their code editors when parts of the existing codebase have been marked as deprecated, i.e., queued for change or removal in an upcoming major version. Automated tools like Upgrade Status or Drupal Rector and its Drupal front-end Upgrade Rector can provide detailed upgrade status information and even automatically update code between major versions. All in all, upgrade paths are looking easier than ever.

A wider foundation: Sustainability through community (and Symfony)

Building Drupal on top of Symfony means even further specialization on the Drupal end. The new Drupal versions use Symfony for a host of standard web application tasks — things like form validation, data serialization, data storage and retrieval, content translation, templating, easy and human-readable configuration management with YAML — the list goes on. Building on top of Symfony lets Drupal developers build closer to the consumer level, i.e., build the media libraries, authoring experiences, layout managers, etc that really matter to users.

Drupal’s reliance on Symfony — a robust and mature web application framework with more than 600,000 registered developers — also translates to greater sustainability through a larger active community. Besides adding Symfony’s 600K developers to Drupal’s roughly 1 million, the move to a modern architecture and more collaborative versioning system makes Drupal more attractive to developers on the leading edge of their disciplines. That fact alone stands to benefit the Drupal community through new, top-tier talent driving further innovation.

Regular new stuff: Incremental feature releases

With Drupal’s new versioning cycle comes another benefit: major new features in minor version core releases. As Drupal 8 churns through minor releases (the second place in the three place version number, e.g. “y” in x.y.z) it continues to add brand new features to core. Unlike previous major Drupal versions, these aren’t just bug fixes and security upgrades. Game changing modules like JSON API, Media, and Layout Builder were all added to Drupal 8 in minor version releases — and more are in the works.

What does this mean for end users? A greater commitment to standardized features that meet primary needs (like media and layout management, for example) and a bigger pool of developers making sure those features are updated, stable, and compatible.

I just finished one of my first Drupal 8/9 upgrades yesterday for a small searchable database of computer science tips & tricks run by a college out of Claremont, California. Admittedly it was a pretty simple site, but the upgrade took me just two hours. Wow.

Aten will be working on a variety of Drupal 8 to Drupal 9 upgrades in the coming months, but the landscape is almost unrecognizable compared to our Drupal 7 to Drupal 8 efforts. For us, for the rest of the Drupal world, and for our clients, that is real good news.

Joel Steidl

Jacob Rockowitz: To Drupal or not Drupal… Drupal versus all those other Digital Experience Platforms

1 month ago

The organization where I work is building a Digital Experience Platform (DXP), and one of the platform's products they chose is Sitecore. We are migrating away from Drupal to Sitecore and this move away from Drupal inspired me to write a series of blog posts about whether I should continue "to Drupal or not to Drupal."

Considering how much I have contributed to Drupal combined with my overall experience with Content Management Systems, I hope to provide a unique perspective as to whether or not to use Drupal as part of a Digital Experience Platform.

What is a DXP?

A Digital Experience Platform (DXP) is simply a platform for providing rich cross-channel personalized digital experiences. It consists of multiple pieces of software, which generally include a CMS, CRM, and a personalization engine, working together to create and manage digital user experiences. In the meantime, how we define a digital experience and how we provide it, is continually changing.

I began my career building static HTML pages and then moved on to building Content Management Systems. Over the years, I have iterated through many versions of the same website with my current organization. With each iteration, we strive to improve the user's digital experience. In order to understand the value and approach to building and leveraging a DXP, I had to stop seeing everything as web pages and instead, view everything as user engagements and experiences.

How a user engages and experiences an organization's brand and information is changing rapidly. For example, supporting voice applications and machine learning is now a priority. We need to prepare our content, webforms, and applications for the future. Being ready to meet current and future digital experience requirements is essential to consider when choosing a DXP.

Choosing a best-in-class or...Read More

Drupal Core News: Demo of CKEditor 5 core integration for Drupal 9 under development, feedback needed

1 month ago

Peter Weber leads CKEditor 5 integration development for Drupal 9.

While Drupal 9 already comes with CKEditor 4, that will go end of life in 2023, so we need to upgrade to CKEditor 5 to provide this replacement for Drupal 10. The target release date for Drupal 10 in June 2022 (in 15 months!). We plan to add CKEditor 5 integration to Drupal 9 even sooner though, to help the Drupal contributed ecosystem catch up and prepare in time.

There are various moving parts and several items left on the roadmap for beta level core inclusion. Peter presented a demo today to showcase where the current state stands primarily to get more feedback about the developer interface. A simple infobox CKEditor 5 plugin was also showcased to asses the integration developer experience. Check out the video recording here:

Discuss in the #ckeditor5 channel on Drupal Slack. CKEditor 5 integration meetings are every other Thursday at 15:30 UTC in the same channel.

OpenSense Labs: Understanding Technical Leadership

1 month ago
Understanding Technical Leadership Akanksha Mehta Thu, 03/11/2021 - 18:09

Technical leadership means overseeing a team of technical professionals at a software company. The led teams usually deal with software development and engineering. It is a designation of high responsibility, balancing thinly between being a strong leader figure and being approachable and personable while dealing with the team members. There is also a huge amount of accountability involved in the role with respect to both the organisation and team members, as a technical leader forms the essential link between both and coordinates the overall working of the tech departments to the board, and conveys essential inputs back to the teams. 

Thus, a technical leader ensures that ideas from the top are appropriately represented in the final product and that communication among various groups within the organisation is never derailed. 

The principles of technical leadership

Like any other position of fundamental importance, there are certain principles on which technical leadership basis itself on.

The right technical knowledge

There are multiple roles and responsibilities associated with technical leadership. One of the first things that the leader must be proficient in is a broad knowledge base about his craft. Every member of the team turns to the leader whenever any issue arises, hence the tech lead should always be prepared to review the code, scrutinize the related documents and lastly, code - for one always learns better by example. Knowledge about technologies like PHP, JavaScript, C++ is also quite important. 

The technical leader is also involved in the hiring process of the organisations, hence he should take into account bringing diversity and inclusion into the team while at the same time hiring the brightest minds.

Pritish, Senior Drupal Developer leading multiple projects at OpenSense Labs, asserts that while languages do form a part of the entire learning process, it is more important to be good with object oriented concepts and logical thinking. He also believes that to realise the optimum working potential of the team, it is important to arrive at the solutions together which means that there shouldn’t be rigid demarcation between the responsibilities of the members. The focus should always be on the bigger picture i.e. the perfect outcome.

Exemplary techniques  

As a person everyone in the team looks up to, the tech head should lead by example. Part of the job description is also to provide motivation in the form of utility techniques and acting as a guide to every resource whenever they need assistance.


As the leader of the team, a lot of work is dependent on you for clearance and progression. Hence, the leadership needs to be ultra responsive and swift with decision making. 

Ideally, the present state of the project should be at your fingertips at all times, ie, you must always be aware of each little step that your team takes. An even remotely possible hurdle should be brought to your notice in advance. 

Responsibilities of a technical leader

With great power comes great responsibility, and the leader stands accountable at every hour for what the team does. Some areas he must keep track of are - 

The right alignment 

Your thoughts and ideas must always be aligned with the company’s values and ethics, and this underlying bedrock cannot budge. Every action should be analysed keeping in reference the company's norms, which will act as the guiding compass - enabling the leader to navigate their way through. In addition, there might be plenty of problems that wouldn't be laid out by the organisation and be left to the tech lead for identification and resolution, hence keeping the company principles in mind, each possible scenario must be well thought out.

Communication is key

Without a doubt, improper communication can lead to huge fixes in the future. The person in the leadership role is a senior member with the steering wheel in his hands, which means that his repository of knowledge is far greater than the rest of the team. Proper articulation of that knowledge is essential if optimum performance is expected from the team. The mission and the vision should be communicated well, as everybody needs to have the same idea of the end product in mind. 

As a part of his leadership role, the tech lead should understand that communicating also translates to bringing in regular motivation and keeping the team spirit going. For example, take a look at how the right kind of communication between developers and designers can be beneficial.

Being a leader at all levels

Contrary to popular notions, technical leadership includes way too many backend functions to keep the team from derailing. the leader is one who resolves conflict, is constantly involved in constructing and reviewing ideas, and is the first person on the ground to scrutinize a problem when it arises - consequently taking the lead to solve it. 

Even in the tech side, when improvements in UI or an API are made, it is the leadership's job to push those improvements into the lower layers of the stack and adding to the component library. Thus, the tech lead not only paves the way for the rest, but also fosters collaboration within the team to come up with solutions. For instance, check out how collaboration between designers and developers during code review yields great results.

Source : ResearchGate
Craftsmanship Pursuit 

The leader should always keep in mind to deploy as many tools as possible to make the job of the team easier. New techniques should always be welcome, for example, if there is a need to to work on data visualisation features, tech like Angular should be brought to use to prototype the features. This significantly reduces the overall time taken to wrap up the project.

Project Management 

Not just the first to arrive, the tech lead is also the last person to leave the ground. Top notch management and leadership skills are needed for not only the end-to-end management of the ongoing project but also for managing potential crises. Identifying core responsibilities, their proper delegation, and punctuality in delivering the project are primary responsibilities of the leadership. Read how human psychology plays a vital role in project management.

This narrative is substantiated by Abhijeet, Project Manager at OpenSense Labs. As homes turn into offices and beds turn into workspaces, he says that there are multiple issues that crop up simultaneously when it comes to managing a team remotely. For instance, direct supervision and short feedback loops go out of the window. With each team member working according to their own convenient timings, blockers need to be identified far ahead in advance, as there isn’t much scope for emergency meet ups to solve problems. Motivation keeps faltering often, and requires regular standup calls to stay afloat. Work overlapping across several departments only needed a walk around the office to conclude, but in remote environments, might even take a day or two.

Overcoming the Challenges 

While a position of such responsibility might look challenging from every aspect, it is best to stay aware of the very imminent ones from the beginning. 

Team building

A challenge that every technical leader is bound to encounter is finding talent suited to one's requirements and also retaining it. Technology keeps changing at the drop of a hat, but relevant skills and workforce cannot appear out of thin air. Hence, the team should comprise members that are at the least are skilled in areas that could see rapid change in the near future, like AI, data science, analytics or software engineering. Team members must be kept motivated and engaged, so that they have more than just monetary reasons to stay. More on team health and productivity here.

Vinit, Senior Drupal Frontend Developer at OpenSense Labs, adds that learning from and recalling one's own experiences is imperative while one works with their team. It is important to realise that every person is different in ability and skillset, and the tech lead must acknowledge that. The person should make it his own responsibility to bring equity on the table by assisting each resource appropriately, as understanding the technicalities of the role might not be easy for everybody to grasp in one go.

From team player to team leader

The transition might look organic, but one is bound to be overwhelmed being in the profile of a technical leader if their previous experience was that of a team member. From walking solo to leading the path, from being accountable for yourself to taking a bulk load of responsibility, the transition is anything but natural. 
Being a constant visionary 

Unlike the rest of the team, the tech lead cannot live in the present. A good leader is not one who delivers just once, but constantly. Every possible outcome of the decisions to be taken must be anticipated by the head before execution to bring out the best in both the short term and the long term goals of the organization.

Managing remote teams

Now more relevant than ever, managing remote teams has emerged to be quite a head scratcher. Wanting the team to move together when each member is set up in a different location can be challenging even for the most experienced of players. Hence, a technical leader is more of an evolutionary role, and requires the person to be able to constantly adapt to changes and implement them too. Read why collaboration in remote working is important.

Stress Management 

The tech sector is widely known for short project cycles and stressed timelines. The tech lead must be prepared to face scenarios of severe burnouts within the team, and that too, regularly. Outlets for letting the stress roll out must also be appropriately discussed as well as practised in case of heavy workloads. Therefore, an essential quality of a technical leader is also to display a certain level of emotional intelligence to get the team spirits up and about during these rough patches.

Anmol acknowledges the problems that remote working has brought, as being a senior software developer at OpenSense Labs he is obligated to take up a managerial role every now and then to act as a mentor for the rest of the team. He states that with challenges like limited visibility of each other’s work timings and schedules, it becomes quite a task to sync the thoughts and channelize the workflow of the team. The key to handling dwindling accountabilities is to always maintain a positive atmosphere in the team, hold healthy conversations, and try to stay as connected as possible despite the distance.


It is near impossible to list down all that might be needed to completely understand the role of a technical leader because of how dynamic the profile is. Having said that, a curious hard worker with a thirst for knowledge is sure to make a great head in such a working environment.

blog banner blog image Leadership Technical Leadership Blog Type Articles Is it a good read ? On

Drupal Core News: New starterkit will change how you create themes in Drupal 10

1 month ago

Drupal has been providing subtheming capabilities for over a decade. When you create a theme for Drupal 8 or 9, a best practice is to subtheme the core Classy theme, so you get common CSS classes and usual markup for a Drupal site. This means the Classy theme is used in the runtime as part of your theme. As a consequence, Classy has not been receiving updates since Drupal 8.0.0, because most changes are not possible while retaining backwards compatibility. We need to retain backwards compatibility because design requirements of themes depending on Classy could depend on markup and/or CSS provided by Classy.

To solve this problem, we are working on a new custom theme creation process and base theme with the goal of replacing Classy in Drupal 10. 

The new starterkit theme we are working on is not going to serve as a base theme to be subthemed, but rather a theme to be copied on a new theme's creation. It will allow front-end developers to get a copy as a starting point for their theme. Tooling is provided as part of the included Drupal command line interface for automating this:

php core/scripts/drupal generate-theme mytheme

We believe that this new process will serve front-end developers better because it will allow us to provide more frequent updates to the default markup and CSS shipped as part of Drupal core.

Subtheming as a concept will continue to exist even after this change. This is valuable in particular in cases where themes are inheriting design and ideas from the base theme. For example, a university could have a base theme that provides design concepts and basic layout to all of their departments. That base theme could be generated using the starterkit theme:

We believe starterkit theme will serve majority of our use case better, because most custom themes are based on bespoke designs that aren’t a good fit for subtheming an opinionated theme. Since fully custom themes customize many aspects of the theme, it is difficult for the base theme to ship improvements to the subtheme without risking regressions in the subthemes.

We would like to hear your thoughts on the new starterkit theme on this Drupal core issue to add a new starterkit theme. If you have questions about the new starterkit theme, feel free to get in touch with us in Drupal Slack (https://www.drupal.org/slack) #d10readiness and #frontend channels.

We are doing a live demo of the starterkit on the next Drupal 10 readiness meeting which is taking place on #d10readiness channel in Slack on 16th March, 19:00 UTC. 

Thank you to @Gábor Hojtsy for help writing and reviewing this blog post.

Spinning Code: SCDUG March 2021 – AWS: How an online retailer came to conquer the Internet

1 month ago

Chris Zietlow from Mindgrub gave his new talk on AWS: How an online retailer came to conquer the Internet. He explores the Genesis of Amazon Web Services, how it became widely adopted, and a birds eye view of some of the more common problems their services can solve.

If you would like to join us please check out our up coming events on MeetUp for meeting times, locations, and remote connection information.

We frequently use these presentations to practice new presentations, try out heavily revised versions, and test out new ideas with a friendly audience. So if some of the content of these videos seems a bit rough please understand we are all learning all the time and we are open to constructive feedback. If you want to see a polished version checkout our group members’ talks at camps and cons.

If you are interested in giving a practice talk, leave me a comment here, contact me through Drupal.org, or find me on Drupal Slack. We’re excited to hear new voices and ideas. We want to support the community, and that means you.

The post SCDUG March 2021 – AWS: How an online retailer came to conquer the Internet appeared first on Spinning Code.

Agaric Collective: Create and use a custom permission in your module

1 month ago

You can define your own permissions for the Drupal permissions page (/admin/people/permissions in modern Drupal, Drupal 8, 9, 10, and beyond) and then add conditional options to your code to do different things based on the role of the user and the permissions configured by a site administrator.

Here's how.

Create a modulename.permissions.yml file

This simple file has the permission machine name (lower case with spaces) and a title (Sentence case) with an optional description.

For our module, which has a particularly long name, that file is drutopia_findit_site_management.permissions.yml and its contents are like so:

access meta tab: title: 'Access meta tab' description: 'Access meta information (author, creation date, boost information) in Meta vertical tab.'

You can repeat lines like these in the same file for as many permissions as you wish to define.

Check for that permission in your code

The process for checking permissions is simply to use a user object if that's handed into your code, or to load the current user if it's not, and use the hasPermission() method which returns TRUE if that user has permission and FALSE if not.

For example, in a form alter in our drutopia_findit_site_management.module file:

/** * Implements hook_form_BASE_FORM_ID_alter() for node_form. * * Completely hide the Meta vertical tab (field group) from people without permission. * */ function drutopia_findit_site_management_form_node_form_alter(&$form, FormStateInterface $form_state, $form_id) { // If the current user has the permission, do not hide the Meta vertical tab. if (\Drupal::currentUser()->hasPermission('access meta tab')) { return; } // Code to hide the meta tab goes here, and is only reached if the user lacks the permission. // ... }

See all this code in context in the Find It Site Management module.

To learn more about defining permissions in modern Drupal, including dynamic permissions, you can see the change record for when the new approach replaced hook_permission().

Read more and discuss at agaric.coop.

Lullabot: How to Get Excited About Drupal Again

1 month ago

Drupal has been around for a long time. Officially, it’s been around for at least 20 years.

Even if you jumped on the wagon around Drupal 5 or 6, that is still over 12 years of Drupal. You might have started to look longingly at the greener grasses of other ecosystems, new technology stacks, and polished products that feel fresh and new. 

2 hours 54 minutes ago
Drupal.org - aggregated feeds in category Planet Drupal
Subscribe to Drupal Planet feed