Closed (fixed)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Normal
Category:
Task
Assigned:
Unassigned
Reporter:
Created:
6 Mar 2023 at 16:02 UTC
Updated:
6 May 2023 at 11:09 UTC
Jump to comment: Most recent
Comments
Comment #2
akozoriz commentedComment #3
vishal.kadamThank you for applying! Reviewers will review the project files, describing what needs to be changed.
Please read Review process for security advisory coverage: What to expect for more details and Security advisory coverage application checklist to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smoother review.
To reviewers: Please read How to review security advisory coverage applications, What to cover in an application review, and Drupal.org security advisory coverage application workflow.
While this application is open, only the user who opened the application can make commits to the project used for the application.
Reviewers only describe what needs to be changed; they don't provide patches to fix what reported in a review.
Comment #4
vishal.kadamFix PHPCS issues. You can use the PHPCS tool for checking and resolving issues.
Comment #5
akozoriz commentedThanks @vishal.kadam !
PHPCS Issues are fixed now.
Comment #6
vishal.kadam1. poster_integration.info.yml
package: CustomModules should avoid to use that value for package.
2. Some files are not correctly following the Drupal coding standards, especially when an empty line is added at the beginning or the end of a method code.
poster_integration/src/PosterConnection.php
poster_integration/src/Form/LoadProductsForm.php
poster_integration/src/Service/PhoneValidator.php
Comment #7
avpaderno@vishal.kadam Could you say which files are not following the coding standards?
Comment #8
vishal.kadam@apaderno I have updated my comment #6 to include files.
Comment #9
akozoriz commented@vishal.kadam Issues are fixed.
Comment #10
vishal.kadamHello @akozoriz,
I have reviewed the changes, and they look fine to me.
Let’s wait for other reviewers to take a look and if everything goes fine, you will get the role.
Thanks
Comment #11
avpadernosrc/Controller/PosterController.php
It is not necessary to say the class name, since that is already given from the code. Controller is sufficient.
src/EventSubscriber/OrderCompleteSubscriber.php
The documentation comments for constructors say which class instance is created, namespace included.
For exceptions, the function used to log them should be
watchdog_exception(), or code similar to that should be used.src/Form/LoadCategoriesForm.php
That description is not for that property.
src/Service/LoadHelper.php
E_NOTICEis not a constant defined by Drupal. The log level values are defined in theRfcLogLevelclass.Comment #12
akozoriz commentedThanks @apaderno!
I implemented your notices, and also refactored forms to decrease duplicate code.
Wait for your review.
Comment #13
reszliAutomated Review
These were already covered above.
Code looks clean.
Manual Review
The readme could use some more structure, as suggested in the template. Also the hook_help() implementation could contain more infromation.
This review uses the Project Application Review Template.
Comment #14
hitchshockManual Review
Module requires "giggsey/libphonenumber-for-php" but this package uses Apache 2.0 licenses. This license doesn't compatible with GPLv2 what is a critical issue here.
In general it's OK, But... It will be good to add the description about the module (according to the template). You can just Copy/Paste it from the module page.
This review uses the Project Application Review Template.
Extra things
Service classes don't implement an interface which is not good practice.
Comment #15
akozoriz commented@HitchShock thanks for your review.
All 2 points that you mentioned are fixed now.
1. giggsey/libphonenumber-for-php isn't used anymore.
2. Readme.md file is fixed.
Comment #16
hitchshockNow everything looks good to me.
P.S. It's a pity that validation was removed and not replaced with something else. But I think this will be done in the future, don't focus on it, as we are checking other things here.
Suggestion:
- Keep the code for "giggsey/libphonenumber-for-php"
- Add to the description of the module that it can use the functionality of the "giggsey/libphonenumber-for-php" package, but the user must install it on their own.
- Make it possible to use the module without "giggsey/libphonenumber-for-php" (extra check conditions to determine whether the package was installed or not)
Comment #17
avpaderno@HitchShock May you point out where that validation code was removed?
If the module contained a validation handler that has been removed, that should be added back, even if the code needs to be changed.
Comment #18
hitchshock@apaderno you can check this - https://git.drupalcode.org/project/poster_integration/-/commit/99b58d6af...
Comment #19
cmlaraNote that the review in #14 is incorrect. Including a file in the composer.json is NOT committing the library to the Drupal Git Repository service and as such is NOT a violation of the "Policy on 3rd party assets on Drupal.org"
It is this review in #14 that caused the library removal that is requested to be added back in #16/#17.
@akozoriz As an applicant some times you may need to push-back when a review is not accurate, don't just accept all comments given in these reviews as being accurate.
Comment #20
akozoriz commented@cmlara thanks for the explanation. I was a bit confused, because I saw the list of possible licenses for Libs, but didn't notice that only about committing to the Drupal repo.
I returned the lib and validation.
Comment #21
avpadernoThank you for your contribution! I am going to update your account.
These are some recommended readings to help with excellent maintainership:
You can find more contributors chatting on the Slack #contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
I thank all the reviewers.
Comment #22
avpaderno