Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This module acts as a DDP (Distributed Data Protocol) client, allowing Drupal to send new and updated node data to a Meteor applications. Setup allows configuration of which content types push to Meteor apps.
Sandbox Link: https://www.drupal.org/sandbox/bfodeke/2354859
Comments
Comment #1
PA robot CreditAttribution: PA robot commentedThere are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxbfodeke2354859git
We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #2
shrop CreditAttribution: shrop commented@bfodeke,
Please start by fixing up the issues mentioned here:
http://pareview.sh/pareview/httpgitdrupalorgsandboxbfodeke2354859git
Comment #3
bfodeke CreditAttribution: bfodeke commentedIssues identified here: http://pareview.sh/pareview/httpgitdrupalorgsandboxbfodeke2354859git have been fixed
Comment #4
shrop CreditAttribution: shrop commentedLooks good bfodeke.
For whom it may concern, I have been reviewing and working with bfodeke on this project. I think he is good to have access to promote this project to a full project. Most of the comments I would have here, were taken care of during my mentorship of bfodeke, prior to his application here. He has done quite a bit of work and made changes identified.
Thanks!
shrop
Comment #5
shrop CreditAttribution: shrop commentedComment #6
kscheirerFixing title and category.
Comment #7
Ayesh CreditAttribution: Ayesh commentedHi Bayo,
I'm reviewing the code (upto bcc45879daf0a15c3d), and unfortunately it has a security issue that needs to be addresses before we proceed with this application.
The
admin/config/development/drupal-ddp
path is not protected by any access control mechanism. I can see you have defined theaccess drupal ddp
permission in ahook_permission
, but it is not used in thehook_menu
. This results anyone can access the administration page and make any change they want.I'm adding the
PAReview: Security
tag for statistical and educational purposes. Once this is fixed, and any other bugs you might come across are fixed, please set the status back to "Needs review".Comment #8
bfodeke CreditAttribution: bfodeke at Classic Graphics commentedFixed codesniffer issues and other permission bugs.
Comment #9
EvanSchisler CreditAttribution: EvanSchisler at Acro Commerce commentedAutomated Review
http://pareview.sh/pareview/httpgitdrupalorgsandboxbfodeke2354859git
These definitely need to be fixed up.
Manual Review
Doesn't follow the template exactly. Not a blocker.
The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.
This review uses the Project Application Review Template.
Comment #10
bfodeke CreditAttribution: bfodeke at Classic Graphics commented@evanschisler, thank you very much for the detailed review!
I've fixed all the issues that I can on the pareview page. The only issues left on there are issues that it found with the node js file (not sure if I can get it to skip those).
http://pareview.sh/pareview/httpgitdrupalorgsandboxbfodeke2354859git
I also fixed up the README to more closely follow the README template.
As far as why there are two .js files; One is a Drupal specific one that alters text in a vertical tab, the other is the node server js file. I cannot combine the two though.
Comment #11
nico.knaepen CreditAttribution: nico.knaepen at Logic in Motion for Colruyt Group Services commentedHi,
Did some manual review and resulted in the following:
1/ Remove console.log in Javascript files.
2/ drupal_ddp_sync_queue.inc
Add an extra isset to $form_state['storage'], it is possible that this is not set.
And some remarks recommended by some community members:
1/ Avoid writing complex code. Try to focus on having a cyclomatic complexity as low as possible.
2/ Try not to rewrite code that already can be made possible by making use of contrib modules.
For example in _drupal_ddp_unsynced_content_form, a table with sorting and a pager is created.
If you would make use of the entity and views module, your code can be accomplished a lot easier and the support for your module would decrease enormously. You would then need to create the sync_successfull entity type and query it through views.
Comment #12
gislePlease don't assign the review task to yourself. Please see this page about assigning ownership to issues.
Comment #13
mlncn CreditAttribution: mlncn at Agaric for Drutopia commentedHi bfodeke! Glad to see you made https://www.drupal.org/project/drupal_ddp a full project. If you'd like to opt in to security coverage, please address nico.knaepen first two issues.
Apologies for the long, long gaps between reviews. Thanks for this impressive module!
Comment #14
apadernoI am closing the issue for the lack of response. Please re-open it when the reported issues are fixed.