Problem/Motivation

Currently, the Layout Paragraphs form widget embeds the dragula library from a CDN. This violates data protection rules in some jurisdictions, e.g. it is not GDPR compliant. The module should at least offer the option, to host the library locally.

Proposed resolution

I propose to use a similar approach that the Webform module uses w/r/t dependencies on external libraries. The libraries.yml will use a local path by default, but is extended with a cdn key. If a library was not available locally, an implementation of hook_library_info_alter() would be used to alter the library information so that the library would be loaded from a CDN. Additionally, a composer.libraries.json is distributed with the module that may be included in a project using the Wikimedia Composer Merge Plugin.

Maintaining the composer.libraries.json will add a little maintenance burden, but since you need to provide the version to the CDN as well and changes to the composer.json are probably relatively rare, it would not be high. Optionally, the maintainers might choose not to include a composer.libraries.yml. Users could still maintain GDPR compliance, but it wouldn't be as easy.

If you're not familiar with Webform, see documentation of the Webform module on how to use composer.libraries.json for how users would set this up in their project.

CommentFileSizeAuthor
#5 3214406-05.patch7.55 KBfeyp
#5 3214406-05-tests-only.patch3.44 KBfeyp
#2 3214406-02.patch4.05 KBfeyp

Issue fork layout_paragraphs-3214406

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

FeyP created an issue. See original summary.

feyp’s picture

feyp commented
Assigned: feyp » Unassigned
StatusFileSize
new 3214406-02.patch4.05 KB

Attached is a patch against dev-1.0.x.

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Version: 1.0.x-dev » 2.0.x-dev
Status: Needs review » Needs work

Completely agree! This should definitely be fixed in 2.x! @FeyP could you perhaps reroll the patch against 2.x so that it can be tested, committed and documented? Can we have a test for that?

feyp’s picture

feyp commented

The patch applies against 2.0.x-dev just fine, no need for a reroll. I see if I'll have the time to add tests.

feyp’s picture

feyp commented
Status: Needs work » Needs review
StatusFileSize
new 3214406-05-tests-only.patch3.44 KB
new 3214406-05.patch7.55 KB

Attached is a new patch that adds tests. No interdiff, since it's trivial.

The last submitted patch, 5: 3214406-05-tests-only.patch, failed testing. View results

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented

Very very cool @FeyP! :) RTBC+1 looks good to me, thank you for adding tests!

realityloop’s picture

realityloop commented
Status: Needs review » Reviewed & tested by the community
realityloop’s picture

realityloop commented
Status: Reviewed & tested by the community » Needs review

realityloop opened merge request !70

realityloop’s picture

realityloop commented

Patch no longer applied, have rerolled as a merge request

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented

Just ran into this, super nice work @FeyP! The test is also brilliant.

The only thing I didn't really get yet is, why this has to be recursive? Could you explain that?
After that, RTBC+1 if it really needs to be recursive! The tests work fine and the implementation looks good, so this is ready for maintainer review afterwards.

This also works with
composer require bower-asset/dragula alternatively, so we could discuss, if layout_paragraphs SHOULD require the library or just add it as suggestions.

I like the "require", but that's my personal opinion.

feyp’s picture

feyp commented

The only thing I didn't really get yet is, why this has to be recursive? Could you explain that?

For this specific library I think you don't need this to be recursive. The general structure of the libraries file however would allow for libraries to be added in a way that it would be needed. You can see examples of that in Webform.

I don't have done any real measurements to back this up, but I think due to the sanity checks at the top of the recursive function, the overhead should be negligible, the more expensive checks that would make a real difference performance wise (i.e. calling the service) are only done later. So I decided to keep it close to the reference implementation in Webform so that the existing code would "just work" in case the library file is later changed in such a way, that the recursiveness would actually be needed. I don't have a strong opinion on this however, so if you think it would be better to change the code to remove this, go ahead, I'm fine with it either way.

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented

@FeyP thanks for your perfect reply. Then I'd indeed vote to remove the recursion to mitigate the risk of anything unexpected happening, as we know the library path in detail?
Or should a maintainer decide first?
Unsure how to proceed... @justin2pin seems quite inactive here currently.

BTW really great implementation, I didn't know this from Webform yet. @jrockowitz is a machine ;)
Thanks!

grevil’s picture

grevil commented

@Anybody, we definitly need the recursive function here. As on the first method call we only compare the first set of library keys, which would be "license", "css" and "js" (after filtering). Only in further recursive method calls we dive deeper in the library structure until we find the desired "/libraries/dragula/dist/" key string, if (strpos($key, $source) === 0) becomes true, and we finally replace the library entry.

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented

Thanks for the detailed explanation @Grevil! Ok then let's keep it!

grevil’s picture

grevil commented

Rebased the branch and applied some tiny fixes please check out https://git.drupalcode.org/issue/layout_paragraphs-3214406/-/compare/488... for an interdiff.

Also note, that the tests currently also fail on 2.0.x dev. Automated tests are only enabled for issues for unknown reasons.

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Status: Needs review » Needs work

Thanks! Code RTBC!

The only missing piece is an addition to the README.md how to install the library locally
a) using composer
a1) with bevacqua/dragula library
a2) with bower-asset or npm-asset
b) manual installation, dropping the lib into libraries folder

Then I think this is ready to go and a great improvement :)

grevil’s picture

grevil commented

@Anybody on it!

Meanwhile, I created an issue for the failing tests in 2.0.x: #3319919: Align test settings - enable automated testing on commits.

grevil’s picture

grevil commented

Hm, interesting, that the tests pass here now...

grevil’s picture

grevil commented
Status: Needs work » Needs review

Apologies for the identical commit message! Please review. :)

Also tested the changes manually locally, works as expected!

justin2pin made their first commit to this issue’s fork.

justin2pin’s picture

justin2pin commented
Status: Needs review » Fixed

Merged, marked as fixed. Thanks all!

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented

Nice to have you back @justin2pin :) Thank you!!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.