Closed (fixed)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Normal
Category:
Task
Assigned:
Reporter:
Created:
28 Nov 2023 at 11:59 UTC
Updated:
3 Mar 2024 at 15:44 UTC
Jump to comment: Most recent

Comments
Comment #2
avpadernoThank you for applying!
Please read Review process for security advisory coverage: What to expect for more details and Security advisory coverage application checklist to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smoother review.
The important notes are the following.
phpcs --standard=Drupal,>DrupalPracticeon the project, which alone fixes most of what reviewers would report.To the reviewers
Please read How to review security advisory coverage applications, Application workflow, What to cover in an application review, and Tools to use for reviews.
The important notes are the following.
For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues.
Comment #3
mattixonix commentedHi @amourow, catch few tips from me ;):
Please fix also phpcs errors:
It is really nice module in my opinion and i'm sorry i couldn't use it proper, hope You will fix this ;)
Comment #4
vishal.kadamComment #5
amourow@Mattixonix Thank you for your review.
It seems the review was based on rc1. There were many /src codes fixed in 1.0.x-dev version yesterday, although it was not set as the release version in the project page.
I fixed the Readme, yaml and module files in the root folder, should be ready for review. Could you review with 1.0.x dev or I have to make another release?
Regarding the error you have, it looks weird to me, too.
Could you elaborate a little more about where you got the error, please.
Comment #6
vishal.kadam@amourow There is no need to create a release after every review. Reviewers will review the code from the 1.0.x branch.
Comment #7
hemant-gupta commentedYes, the branch needs to be updated first for every change review before a release.
Comment #8
mattixonix commentedHi again @amourow!
About fixes, that's my fault i look for released version, not the newest dev one.
About error, how to reproduce:
In first attempt i had to increase max_filesize because 2M was not enough.
Then sometimes i had error from console that You are trying to add message on null response.
Also sometimes i had error with "The 'edit any page content' permission is required." if You will see network tab and try display response, worth mention that im on admin account.
Do i need any API key or API organization? If yes they should be required.
Comment #9
amourow@Mattixonix Thanks for the information.
There is a global settings that includes the OpenAI API key and endpoint url.
What you encountered might be related to that.
However I don't see issue related to the 'edit any page content' permission, and cannot reproduce with the step.
The latest updates will catch the AJAX error, and the field settings page won't allow user to enable the feature when no API information has set.
Please kindly review with the latest update, and let me know if you find any issue.
Comment #10
avpadernosrc/Controller/GenerativeSummaryController.php
$this->messenger()->addMessage('Missing or incorrect OpenAI API Key for Generative Summary module.', 'error');The first argument passed to messenger methods must be a translatable string.
In the case of exceptions, it would be better they would logged, especially when the message would be read from users who are not administrators.
See
watchdog_exception()to understand which code should be used to log an exception. I would not suggest to call that function, as it has been deprecated and it will be removed in future Drupal releases, but its code would still run.The first argument passed to the logger methods that log a message must be a literal string, not translatable strings nor string concatenations.
src/Form/GenerativeSummaryConfigForm.php
Methods inherited from a parent class or defined in an interface use {@inheritdoc} as documentation comment.
The correct URL placeholders are the ones that start with a colon, which is the same URL placeholder Drupal core uses for links to drupal.org.
src/Plugin/Field/FieldWidget/TextareaWithGenerativeSummaryWidget.php
The hyphen before the annotation seems a typo.
class TextareaWithGenerativeSummaryWidget extends TextareaWithSummaryWidget {As per Drupal core backend backwards compatibility and internal API policy (Drupal 8 and above), classes that implement plugins are not part of the public API and must not be used as parent class by contributed projects.
Controllers are not created with
new. That controller should rather be a service, since:Comment #11
amourow@apaderno
Thank you for the detailed explanation.
I'd like to get some advice about the class implement of the
TextareaWithGenerativeSUmmaryWidgetclass. If I understand correctly, I will be able to make the implementation starting from theWidgetBaseaccording to the hierarchy of class TextareaWithSummaryWidgetComment #12
avpadernoWidgetBasecan be used as parent class, since it is a base class and it is not marked as internal. 👍Comment #13
amourowThank you @apaderno, I've updated the code based on the review comments.
Comment #14
rushikesh raval commentedI am changing the issue priority as per issue priorities.
Comment #15
avpadernoThank you for your contribution!
I updated your account so you can now opt into security advisory coverage for any project you created and every project you will create.
These are some recommended readings to help you with maintainership:
You can find more contributors chatting on Slack or IRC in #drupal-contribute. So, come hang out and stay involved!
Thank you for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
I thank also the dedicated reviewers as well.
Comment #16
avpaderno