[1.0.x] Views area library

Thank you for applying!

Please read Review process for security advisory coverage: What to expect for more details and Security advisory coverage application checklist to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smoother review.

The important notes are the following.

• If you have not done it yet, you should run phpcs --standard=Drupal,>DrupalPractice on the project, which alone fixes most of what reviewers would report.
• For the time this application is open, only your commits are allowed.
• The purpose of this application is giving you a new drupal.org role that allows you to opt projects into security advisory coverage, either projects you already created, or projects you will create. The project status will not be changed by this application; no other user will be able to opt projects into security advisory policy.
• We only accept an application per user. If you change your mind about the project to use for this application, or it is necessary to use a different project for the application, please update the issue summary with the link to the correct project and the issue title with the branch to review and the project name.

To the reviewers

Please read How to review security advisory coverage applications, Application workflow, What to cover in an application review, and Tools to use for reviews.

The important notes are the following.

• It is preferable to wait for a Code Review Administrator before commenting on newly created applications, even to leave a comment similar to the following one. Code Review Administrators will do some preliminary checks that are necessary before any change on the project files is suggested.
• It is also preferable to wait before using a CLI tool to report what needs to be changed, especially because the comment left from Code Review Administrators suggests to use PHP_CodeSniffer. Before that, manual reviews should be done.
• Reviewers should not copy-paste the output of a CLI tool. They should use a CLI tool only once per application. When they do that, they should later verify the code has been correctly changed; this means, for example, that adding a documentation comment that is not correct just to avoid to get a warning/error is not a correct change that should be reported in a further comment.
• It may be best to have the applicant fix things before further review.

For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues.

• What follows is a quick review of the project; it doesn't mean to be complete
• For each point, the review usually shows some lines that should be fixed (except in the case the point is about the full content of a file); it doesn't show all the lines that need to be changed for the same reason
• A review is about code that doesn't follow the coding standards, contains possible security issue, or doesn't correctly use the Drupal API; the single points aren't ordered, not even by importance

core_version_requirement: ^9 || ^10

Since the module declares to need any Drupal 9 version, it cannot use features implemented by PHP 7.4, as Drupal 9.0 does not require PHP 7.4. Either the minimum Drupal version is increased to Drupal 9.4 or the module explicitly requires PHP 7.4.

src/Plugin/views/area/Library.php

  public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
    $instance = parent::create($container, $configuration, $plugin_id, $plugin_definition);
    $instance->libraryDiscovery = $container->get('library.discovery');
    $instance->themeHandler = $container->get('theme_handler');
    return $instance;
  }

The purpose of create() is to pass the dependencies to the class constructor. It does not initialize the class properties directly.

  public function buildOptionsForm(&$form, FormStateInterface $form_state) {
    $form['library'] = [
      '#type' => 'textfield',
      '#title' => $this->t('Library'),
      '#default_value' => $this->options['library'],
      '#required' => TRUE,
      '#description' => $this->t('Library must be in the format "extension/library".'),
    ];
  }

That method must call the parent method, which is what AreaPluginBase does too.

    if ($this->getModuleHandler()->moduleExists($dependency)) {
      $dependencies['module'][] = $dependency;
    }
    elseif ($this->themeHandler->themeExists($dependency)) {
      $dependencies['theme'][] = $dependency;
    }
    else {
      throw new \RuntimeException('Library dependency not found.');
    }
    return $dependencies;

The purpose of that method is adding dependencies; if those dependencies are not found, an exception is already thrown by Drupal core. Eventually, the code should only add the found dependencies, as Role::calculateDependencies() does.

  $dependencies = parent::calculateDependencies();
  foreach (array_keys($this->options['role']) as $rid) {
    if ($role = $this->roleStorage
      ->load($rid)) {
      $dependencies[$role
        ->getConfigDependencyKey()][] = $role
        ->getConfigDependencyName();
    }
  }
  return $dependencies;

If the added dependencies are not found, Drupal core already throws an exception or an error message.

See also QueryPluginBase::calculateDependencies().

  $dependencies = [];
  foreach ($this
    ->getEntityTableInfo() as $info) {
    if (!empty($info['provider'])) {
      $dependencies['module'][] = $info['provider'];
    }
  }
  return $dependencies;

I do PHPCS and found following issues.

/var/www/html/drupal10/web/modules/contrib/views_area_library/src/Plugin/views/area/Library.php:22:4: error - Missing @var tag in member variable comment
/var/www/html/drupal10/web/modules/contrib/views_area_library/src/Plugin/views/area/Library.php:27:4: error - Missing @var tag in member variable comment

Is there anything that needs to be changed? Two properties that are not documented are not sufficient to hold the application.

Hi @kksandr

Thx a lot for your contribution to the Drupal community. A great respect from me. I did a smoke testing and a review of your module and here are a few comments:

• The composer.json file looks a bit uncompleted. Here is how to configure it https://www.drupal.org/docs/develop/using-composer/add-a-composerjson-file
• Same for the README.md file. Here is an example on how to write it properly: https://www.drupal.org/docs/develop/managing-a-drupalorg-theme-module-or...
• Recheck one last thing: Enable the module. Add the library header. Save the view. Uninstall the module via drush in the terminal. Refresh the view. Make sure there aren't any db logs or weird behavior. I've watched it somehow from time to time.

Again, great job!

Hi @kksandr

Thx a lot for your feedback. Looks great. No comments from my side.

Kind regards
Andrei

Let's keep reviewing the same branch.

Thank you for your contribution! I am going to update your account.

These are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find more contributors chatting on the Slack #contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

I thank all the reviewers.