About the module
Not taxable users module offers the possibility to exclude sales taxes from users orders throughout the managing users list on module's amdinistration page. In some cases there are no taxes needed in online stores for example, if a customer has a sales permit, the order for him is not taxable. It can be done using Not Taxable Users module.
Project page
https://www.drupal.org/sandbox/anatolii88/2575281
Git clone command
git clone --branch 7.x-1.x http://git.drupal.org/sandbox/Anatolii88/2575281.git not_taxable_users
cd not_taxable_users
Links to my reviews
https://www.drupal.org/node/2591935#comment-10456357
https://www.drupal.org/node/2575109#comment-10461409
https://www.drupal.org/node/2594679#comment-10463861
Comments
Comment #2
Anatolii88 CreditAttribution: Anatolii88 commentedComment #3
PA robot CreditAttribution: PA robot commentedWe are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #4
Anatolii88 CreditAttribution: Anatolii88 commentedComment #5
Anatolii88 CreditAttribution: Anatolii88 commentedComment #6
Anatolii88 CreditAttribution: Anatolii88 commentedComment #7
kporras07 CreditAttribution: kporras07 commented1. Basic application checks
1.1 Ensure your application contains a repository and project page link: OK
1.2 Ensure your project is not a duplication: OK
2. Basic repository checks
2.1 Ensure the repository actually contains code: OK
3. Security Review.
3.1 Ensure the project does not contain any security issues: It looks OK for me.
4. Licensing checks
4.1 Ensure the repository does not contain a ‘LICENSE.txt’ file: OK
4.2 Ensure the repository does not contain any 3rd party (non-GPL) code: OK
5. Documentation checks
5.1 Ensure the project page contains detailed information: I think it could be improved. Please take a look to https://www.drupal.org/node/997024. I'll add more details from README file.
5.2 Ensure the repository contains a detailed README.txt: OK
5.3 Ensure the code contains a well-balanced amount of inline-comments: Maybe you need to add some inline comments.
6. Coding standards and style
6.1 Run an automated review and ensure there are no major issues: OK
7. API and best practices Review
7.1 Ensure you are using Drupals API correctly: OK
Some other notes:
- There is an extra space in some "Implements hook_*()" comments.
- .module in line 15 is trying to use README.md file; but this doesn't exist and it's not going to exist if you don't add it. I'm not sure if it would be good to remove that reference if you're not planning to add it in order to make the code clearer.
- JS file has a very generic name (my_module.js); please rename it to something module-specific.
- It's preferred to use #attached to drupal_add_js/drupal_add_js. It would be great if you could change it on not_taxable_users_admin(). However; I don't think of this as a blocker.
- Hook_form is something different than you did in some functions in admin.inc file (https://api.drupal.org/api/drupal/modules!node!node.api.php/function/hoo...). I'll change the comment, function is OK.
- There is a comment for hook_menu in admin.inc that doesn't correspond to what is there.
- In rules.inc file, maybe it would be easier to read to just create a hook_rules_condition_info function and put the condition inside that instead of having a big condition and write twice the same function.
Besides this notes; great work! Thanks for your contribution.
Comment #8
Anatolii88 CreditAttribution: Anatolii88 as a volunteer commentedHi @kporras07,
Thank you for review. I fixed all off the issues you mentioned:
- Project page has been updated. Added more information;
- I have added more inline comments;
- An extra space in some "Implements hook_*()" - fixed.
- I deleted code that tries to use README.md file. If I add README.md, I will add those lines to the code that tries to use it.
- JS file name has been changed.
- I added .js file using #attached instead of drupal_add_js/drupal_add_js.
- I have changed the comments to the functions that uses hook_form().
- A comment for hook_menu in admin.inc has been fixed.
- Fixed issue regarding the conditions in rules.inc file.
Please check the changes.
Comment #9
_KurT_ CreditAttribution: _KurT_ at FFW commentedFirst i found function
not_taxable_users_search_form_validate()
, line 200 and thought that it would be possible to select users to check in one query, but then i found that you are maybe use not optimal table configuration.Why do you need to store users.name in your custom tabel?
If it is not necessary, you should get rid of it. In case you don't need user names it would be better to use users.uid in your not_taxable_users.taxid, instead of having own ids. Thus you could make one query instead of two and don't store unnecessary data in db.
Don't you think it would be better to use db_select instead of db_query everywhere?
Comment #10
klausi@_KurT_: using db_query() is perfectly fine for simple static queries, see https://www.drupal.org/dynamic-queries
manual review:
Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.
Comment #11
Anatolii88 CreditAttribution: Anatolii88 as a volunteer commentedThank you for your reviews @klausi and @_KurT_. I'll fix all of the problems as son as I have free time.
Comment #12
klausinow revealing the security vulnerability:
not_taxable_users_page(): this is vulnerable to XSS exploits. User names are user provided text before printing to HTML. Usually they are validated for special characters by Drupal, but they could also be migrated from third party system, so they need to be sanitized before printing to raw HTML table markup. Make sure to read https://www.drupal.org/node/28984 again. You could use #theme = 'username' in a render array which will also sanitize and link the user account.
Comment #13
PA robot CreditAttribution: PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #14
Anatolii88 CreditAttribution: Anatolii88 as a volunteer commented@klausi thanks for the review. All known problems were fixed. Please check the changes.
Comment #15
LiamPower CreditAttribution: LiamPower as a volunteer commentedAutomated Review
No issues
Note that perfect adherence to Drupal Coding Standard is NOT a reason to block an application, except for total disregard of them. However, modules should follow them as closely as possible.
Manual Review
The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.
This review uses the Project Application Review Template.
Comment #16
Anatolii88 CreditAttribution: Anatolii88 as a volunteer commented@LiamPower thank you for the review! Your recommendations were added to the module code.
Comment #17
spacetaxi CreditAttribution: spacetaxi commentedManual Review
The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.
This review uses the Project Application Review Template.
Comment #18
Anatolii88 CreditAttribution: Anatolii88 as a volunteer commented@spacetaxi thank you for the review. I will include your recommendations before promoting to a full project.
Comment #19
Anatolii88 CreditAttribution: Anatolii88 as a volunteer commentedComment #20
Anatolii88 CreditAttribution: Anatolii88 as a volunteer commentedHi @spacetaxi,
I've fixed bugs and added proposed recommendations. Thanks.
P.S.Kudos will be added later.
Comment #21
spacetaxi CreditAttribution: spacetaxi commentedHi @Anatolii88, looks great! I'm going to see if I can raise the status to Major, maybe the project application folks will take a look and give this their blessing.
Comment #22
Anatolii88 CreditAttribution: Anatolii88 as a volunteer commentedHi @spacetaxi,
Thanks a lot.
Comment #23
mlncn CreditAttribution: mlncn at Agaric commentedThanks for your contribution! Congratulations, you are now a vetted Git user. You can promote this to a full project.
When you create new projects (typically as a sandbox to start) you can then promote them to a full project.
Here are some recommended readings to help with excellent maintainership:
You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!
Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.