[D7] vCita

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

Hi @klausson,

I've taken a look at your project application and it looks good so far. I notice your are using web services, and I'm not a security expert, so I defer to others for additional review of that portion or your code. Using the review checklist I've gone thru and make the following comments...

1.1 The application issue does contains a project page and the “git clone” command there works just fine.

1.2 Looks like your project is the only one that connects into the vCita service.

1.3 There is not multiple applications open.

2.1 The repository does actually contain code. The code also meets the complexity requirements as described at https://groups.drupal.org/node/195848 .

2.2 Git Status returns “Your branch is up-to-date with ‘origin/7.x-1.x'.” This is a version specific branch which is what is required.

3.1 Pareview automated review returns no Security errors or warnings. However, since security is such an important issue, and since you are importing so much from a third party source I highly recommend reading through the documentation and double check your use of $form[] per examples at https://www.drupal.org/writing-secure-code

4.1 Your repository does not include a LICENSE.txt file. This is right.

4.2 The repository does not contain any 3rd party (non-GPL) code, which it shouldn't.

5.1 Project pages are helpful.

5.2 The repository does contains a detailed README.txt. This file does contain a basic overview of what the module does and how someone may use it. It looks like it follows the guidelines for in-project documentation and is based upon the README.txt Template.

5.3 The code contains a well-balanced amount of inline-comments.

6.1 Automated review does not show any major issues.

7.1 Looks like a nice job using Drupals API correctly.

Automated Review

Best practice issues identified by pareview.sh / drupalcs / coder.

No issues reported.

http://pareview.sh/pareview/httpgitdrupalorgsandboxklausson2335843git

Manual Review

Individual user account

Yes: https://www.drupal.org/u/klausson Follows the guidelines for individual user

accounts

.

No duplication

Yes. Havent found any similar module.: Does not cause module duplication and

fragmentation

.

Master Branch

Yes: Follows the guidelines for master branch.

Licensing

Yes: Follows the licensing requirements

3rd party code

Yes: Follows the guidelines for 3rd party code.

README.txt/README.md

Yes: Follows the guidelines for in-project documentation and the

href="https://www.drupal.org/node/2181737">README Template

.

Code long/complex enough for review

Yes: Follows the guidelines for project length and complexity.

Secure code

Yes. external Javascript files have been included which is a standard parctice. If "no", list security issues identified.

Coding style & Drupal API usage

1. Minor finding: Not getting images properly. (Issue is coming only when base_path is not set to '/'
   

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are

important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are

recommendations.

Automated Review

No issues found with PA Review

Manual Review

Individual user account

Yes: Follows the guidelines for individual user accounts.

No duplication

Yes: Does not cause module duplication and fragmentation.

Master Branch

Yes: Follows the guidelines for master branch.

Licensing

Yes: Follows the licensing requirements

3rd party code

Yes: Follows the guidelines for 3rd party code.

README.txt/README.md

Yes: Follows the guidelines for in-project documentation and the README Template.

Code long/complex enough for review

Yes: Follows the guidelines for project length and complexity.

Secure code

Yes.

Coding style & Drupal API usage

1. (*) Module's admin form: found a lot of custom URLs, that aren't wrapped with the Drupal url() function
2. (*) vCita callback url should be wrapped with the url($callback_url, array('url' => 'absolute')) method and afterwards urlencoded, because it is used inside outgoing url as a parameter
3. (*) User roles visibility function does not work properly
4. (*) Pages visibility function does not work properly
5. (*) Visibility never changes inside admin form after hitting save, because form element uses different name than DB variable
6. (*) Visibility value 2 is never used
7. (+) No need for watchdog 3 parameter $_GET. It should be NULL instead, because there are nothing to replace inside 2 parameter (message)

I'm also attaching patch which will fix all those issues mentioned above. It should help to fix the issues for you quickly. Simply apply it and see all the code that is providing issues and see how it should it be on my opinion.

Assigning to myself for next review.

Automated Review

Review of the 7.x-1.x branch (commit af48489):

• Coder Sniffer has found some issues with your code (please check the Drupal coding standards).
  

  
  FILE: /home/matt/PAR/pareview_temp/vcita.module
  --------------------------------------------------------------------------------
  FOUND 1 ERROR AFFECTING 1 LINE
  --------------------------------------------------------------------------------
   80 | ERROR | Inline comments must end in full-stops, exclamation marks, or
      |       | question marks
  --------------------------------------------------------------------------------
  
  Time: 273ms; Memory: 7.5Mb
  

• No automated test cases were found, did you consider writing Simpletests or PHPUnit tests? This is not a requirement but encouraged for professional software development.

This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.

Manual Review

Individual user account

Unknown: Follows the guidelines for individual user accounts. User pages on D.O. are throwing errors today, so I can't check this..

No duplication

Yes: Does not cause module duplication and fragmentation.

Master Branch

Yes: Follows the guidelines for master branch.

Licensing

Yes: Follows the licensing requirements

3rd party code

No: Follows the guidelines for 3rd party code.

(*) Unless you can point me to a place where it says usage is OK, the vcita_logo.png image has to be removed as it is third-party.

README.txt/README.md

Yes: Follows the guidelines for in-project documentation and the README Template.

Code long/complex enough for review

Yes: Follows the guidelines for project length and complexity.

Secure code

No. If "no", list security issues identified.

(*) vcita_page_alter() uses vcita_account directly in a URL. This is user input, so it is possible for a user with the 'administer vcita' to inject something
naughty on the page. You need to check_plain() this. However, you should really use #attached to add this to the page. This supports
external scripts, and you can also do your protocol logic. #attached will sanitize the src via drupal_attributes() inside of the theme_html_tag() that eventually gets called.

Coding style & Drupal API usage

(+) Remove the .gitignore from the repo

You don't need to variable_set in a hook_install(); just use default values in your variable_get() calls.

Avoid directly using $_GET['q']. See request_uri() and friends (see the first comment on the API page.

(+) _vcita_user_visible() should not do role detection. Make a separate permission for this.

(+) The error message in vcita_callback() has an untranslated string. So does vcita_admin_settings_form() Double check the module.

vcita_admin_settings_form() should use API calls for making links, and #prefix / #suffix markup for the divs. I would also suggest using CSS background images instead of img elements.

In vcita_admin_settings_form(), why the `unset($form['actions']['submit']);`. Comment needed?

(+) Avoid breaking translatable strings across lines. This warning in pareview can be safely ignored.

(*) Where did that invite code in vcita_admin_settings_form_submit() come from?

(+) You are building the callback URL improperly in vcita_admin_settings_form_submit() and _vcita_link_account(). The $options parameter to drupal_goto will let you set request variables, which will also escape/encode them. However, you shouldn't drupal_goto from inside a submit handler. You should use $form_state['redirect']; see the comments to https://api.drupal.org/api/drupal/developer!topics!forms_api_reference.h...

In vcita_admin_settings_form_submit() you see if the email has changed. I think this should really be a validation step.

(+) In forms, don't explictly check for empty(). Set #required as needed.

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.

This review uses the Project Application Review Template.

@klausson
Thanks for your contributions.

Automated Review

Best practice issues identified by pareview.sh / drupalcs / coder. http://pareview.sh/pareview/httpgitdrupalorgsandboxklausson2335843git-7x-1x Please fix the issues addressed here as @mpdonadio mentioned in #11. I am not confirmed answer about the question as you mentioned above someone else will let you know about it.

Manual Review

Individual user account

Yes: Follows the guidelines for individual user accounts.

No duplication

Yes: Does not cause module duplication and fragmentation.

Master Branch

Yes: Follows the guidelines for master branch.

Licensing

Yes/No: Follows the licensing requirements

3rd party code

Yes/No: Follows the guidelines for 3rd party code.

README.txt/README.md

Yes: Follows the guidelines for in-project documentation and the README Template.

Code long/complex enough for review

Yes: Follows the guidelines for project length and complexity.

Secure code

Yes/No. If "no", list security issues identified.

Coding style & Drupal API usage

1. (+) Remove the .gitignore from the repo.Also the same is mentioned in above #11.Use the git rm -f to remove it.Also the similar removal is here Remove the .gitignore file from the repository
2. (+) Regarding the inline use of javascript in function vcita_page_alter(&$page) Write the javascript in a seperate file and attached it using like
   

   $form['#attached']['js'] = array(
     drupal_get_path('module', 'ajax_example') . '/ajax_example.js' => array(
     'type' => 'file',
     ),
   );

   that seems better approach to manage the javascript later also.

3. Define the $widget_path, $settings_path variables value in constants in the vctia.admin.inc and used then in the function so that it will be easily chanageable later.Similarly for other variables like $invite_code,etc.Also use variable name $module_path instead of $mod_path in vcita_admin_settings_form
4. Use proper comments above functions.Please see Comment standards
5. (+)
   

     $node_types = array_keys(node_type_get_types());
     $ntypes = array();
     foreach ($node_types as $ntype) {
       $ntypes[$ntype] = $ntype;
     }

   Use the node_type_get_names function instead to get the names with machine names. $ntypes = node_type_get_names();

6. (+)
   

     $node_types = array_keys(node_type_get_types());
     $ntypes = array();
     foreach ($node_types as $ntype) {
       $ntypes[$ntype] = $ntype;
     }

   Use this in place of node_type_get_names function instead to get the names with machine names. $ntypes = node_type_get_names();

7. (+) Use this $role_options = array_map('check_plain', user_roles()); instead of this
   

   $roles = user_roles();
     $role_options = array();
     foreach ($roles as $rid => $rolename) {
       $role_options[$rid] = $rolename;
     }

8. unset($form['actions']['submit']);

   I have uncommmented this code and the form was submitting fine. if you are still getting the problem then please elaborate a bit.

As I am not a git administrator, so I would recommend you, please help to review other project applications to get a review bonus. This will put you on the high priority list, then git administrators will take a look at your project right away :-)

This review uses the Project Application Review Template.

Thanks @klausson for the updates.
Regarding the reviewing other project applications so that it will be helpful for the git admins to come on your application ASAP.

The project already has a review bonus, so it is on the high priority list to be reviewed.

Assigning to myself for next review, which will hopefully be tonight.

Automated Review

http://pareview.sh/pareview/httpgitdrupalorgsandboxklausson2335843git reported following minor issues that need to be fix.

FILE: /var/www/drupal-7-pareview/pareview_temp/vcita.admin.inc
--------------------------------------------------------------------------------
FOUND 1 ERROR AND 2 WARNINGS AFFECTING 3 LINES
--------------------------------------------------------------------------------
42 | ERROR | Concat operator must be surrounded by spaces
154 | WARNING | Line exceeds 80 characters; contains 99 characters
192 | WARNING | Line exceeds 80 characters; contains 99 characters
--------------------------------------------------------------------------------

Manual Review

(+) vcita_admin_settings_form(): I have tested this module functionality and all functionality works as intended except one thing. All form elements values are not inserting in database that need to be fix to test this module further. I am not marking this issue as blocker because it needs a minimal changes in your code to make it works, but you fix this issue on priority to proceed further.

I fixed the URL parameters for drupal_goto in both places. After reading up on $form_state['redirect'], I do not think it is the proper way to redirect in this case - here's why: The documentation states that by using this method, the form continues to pass through the chain of other registered form_submit, which gives other modules the chance to register a different redirect. In this case, we can't allow that since the redirect is needed to pass the user through the login form and back to continue the work on the form (sort of OAuth style). Therefore, we will need to stick with drupal_goto() in this case.

I tested module functionality and callback URL function properly after a valid authentication that seems good.

(+) vcita_admin_settings_form(): Wrong doc hook_admin_settings_form() is not a valid hook, fix it.

(+) vcita_admin_settings_form(): At line 37 and 42, you are rendering image directly through <img> tag, rather use theme_image().

(+) vcita_uninstall(): Some unused variables (vcita__active_tab, vcita_visibility) exist that need to be remove.

hook_help() is missing in your module.

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

I am marking this RTBC as inline comments and code looks good to me. Also all the points mentioned by other admin are answered or fixed that shows author has decent idea of what he is doing.

Thanks!

Here is how I was able to reproduce this issue:

Enabled this module.

Accessed URL: admin/config/services/vcita

Checked both 'Article' and 'Basic Page' from 'Node Type Settings' and submitted the form.

I was redirected to Vcita page.

Again went to configuration page, but checkboxes for Node Types are not enabled.

Hi klausson,

Thanks for your contribution!!

This module worked fine for me!! However I can seem some minor problems with automated script

Automated Review

No

• Coder Sniffer has found some issues with your code (please check the Drupal coding standards).
  
  

  <p></p>
  <p>FILE: /var/www/drupal-7-pareview/pareview_temp/vcita.admin.inc<br>
  --------------------------------------------------------------------------------<br>
  FOUND 0 ERRORS AND 2 WARNINGS AFFECTING 2 LINES<br>
  --------------------------------------------------------------------------------<br>
   170 | WARNING | Line exceeds 80 characters; contains 99 characters<br>
   211 | WARNING | Line exceeds 80 characters; contains 99 characters<br>
  --------------------------------------------------------------------------------</p>
  

  Time: 131ms; Memory: 7.25Mb<br>
  

• DrupalPractice has found some issues with your code, but could be false positives.
  
  

  <p></p>
  <p>FILE: /var/www/drupal-7-pareview/pareview_temp/vcita.admin.inc<br>
  --------------------------------------------------------------------------------<br>
  FOUND 0 ERRORS AND 2 WARNINGS AFFECTING 2 LINES<br>
  --------------------------------------------------------------------------------<br>
   48 | WARNING | Do not call theme functions directly, use theme('image', ...)<br>
      |         | instead<br>
   58 | WARNING | Do not call theme functions directly, use theme('image', ...)<br>
      |         | instead<br>
  --------------------------------------------------------------------------------</p>
  

  Time: 63ms; Memory: 5.5Mb<br>
  

• No automated test cases were found, did you consider writing Simpletests or PHPUnit tests? This is not a requirement but encouraged for professional software development.

It'll be good if you can fix above before it's final release to give a nice and clean module!! :)

+1 RTBC !!

Thanks!!

Automated Review

Review of the 7.x-1.x branch (commit 1bb2514):

Coder Sniffer has found some issues with your code (please check the Drupal coding standards).
FILE: /var/www/drupal-7-pareview/pareview_temp/vcita.admin.inc
--------------------------------------------------------------------------------
FOUND 0 ERRORS AND 2 WARNINGS AFFECTING 2 LINES
--------------------------------------------------------------------------------
170 | WARNING | Line exceeds 80 characters; contains 99 characters
211 | WARNING | Line exceeds 80 characters; contains 99 characters
--------------------------------------------------------------------------------

Time: 128ms; Memory: 7.25Mb

DrupalPractice has found some issues with your code, but could be false positives.
FILE: /var/www/drupal-7-pareview/pareview_temp/vcita.admin.inc
--------------------------------------------------------------------------------
FOUND 0 ERRORS AND 2 WARNINGS AFFECTING 2 LINES
--------------------------------------------------------------------------------
48 | WARNING | Do not call theme functions directly, use theme('image', ...)
| | instead
58 | WARNING | Do not call theme functions directly, use theme('image', ...)
| | instead
--------------------------------------------------------------------------------

All comments must be under 80 characters, start with a capital letter, and end with a period (.). See https://www.drupal.org/node/1354. It would fix above two warnings but for theme_image() these warnings can be false or you can try theme() function instead.

Manual Review

OK, 14 days since me setting this RTBC and also all my #21 concerns has been addressed except following.

(+) vcita_uninstall(): Some unused variables (vcita__active_tab, vcita_visibility) exist that need to be remove.

Still exists, delete following lines of code as these variables are not in use.

variable_del('vcita__active_tab');
variable_del('vcita_visibility');

vcita_requirements(): Would be good to take care of translation, $t = get_t(); function to ensure translations don't break during installation. Also for concatenation, usage of t() with placeholder would be good.

'description' => 'vCita has not been configured yet. Go to <a href="' . $admin_url . '">vCita Settings</a>',

See: https://api.drupal.org/api/drupal/includes%21bootstrap.inc/function/t/7.

I also tested module functionality and it works as intended, after a manual scan didn't see anything blocking issue, so...

Thanks for your contribution, klausson!

I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.

Here are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.