CVS edit link for udig

Hi,

We are a web development company (Dofinity) basing most of it's work on the Drupal framework. Recently we have been asked by a client of ours to develop a slideshow functionality which will cover the following requirements:
1. Show a series of slides using the fade effect.
2. Allow the content manager (non admin role) to control the contents of each slide.
3. Allow the content manager to publish / unpublish slides.
4. Allow the content manager to set the order by which slides appear.
5. Allow the content manager to set the slides intervals.
6. Best performance - do not load all slides during the initial page load but rather load each slide before presented.
7. Have a frontpage content that will appear before the slideshow starts.

Since we were not able to find a module which will completely suffice the above requirements we decided to write one. It should be emphasized here that while there is a breadth of ways to present slideshow of nodes on Drupal we could not locate an easy way to present arbitrary list of nodes in a slideshow format using *ajax*. This was important due to the 6th requirement which was imperative from the client point of view.

We would like to share the module we wrote with others and maintain it here on. Hence we apply for an account.

(no place here to upload the code -probably after we get the confirmation email, right?)

Thanks,
Udi.

Comments

udig’s picture

Title: ...and changing the status to 'need review'. » udig [udig] - attached module
Status: Needs review » Postponed (maintainer needs more info)
StatusFileSize
new9.48 KB

Attached the module.

And here's a link to a working demonstration: http://212.235.32.32/en

udig’s picture

Title: udig [udig] » ...and changing the status to 'need review'.
Status: Postponed (maintainer needs more info) » Needs review
avpaderno’s picture

Title: udig [udig] - attached module » udig [udig]
Status: Postponed (maintainer needs more info) » Needs review
Issue tags: +Module review

Please change only the status, when you upload new code; other metadata should not be changed.

avpaderno’s picture

Status: Needs review » Needs work
  1. /** 
    * Node retrieving function called via ajax
    */ 
    function ajax_slideshow_get_node_ajax($nid) {
      $node = node_load(array('nid'=>$nid)); 
      $output = node_view($node);
      print drupal_to_js(array('node'=>$output));
    }
    

    The function doesn't control if the user has access to the node, and returns the data for it.

  2. The file LICENSE.txt needs to be removed; Drupal.org CVS doesn't allow to commit that file.
udig’s picture

StatusFileSize
new3.97 KB

Hi KiamLaLuno,

Thanks for the review.
Attached a revised version.

1. I might have misunderstood you but the function is already protected from unauthorized calls by the following:

<?php 
/**
* Implementation of hook_menu().
*/
function ajax_slideshow_menu() {
  $items['photos/get/photos'] = array(
    'page callback' => 'ajax_slideshow_get_node_ajax',
    'type' => MENU_CALLBACK,
    'access arguments' => array('access content'),
  );
?>

When removing the 'access content' privilege the user can not access the slideshow-front page.
Am I missing your point?

2. File removed

In addition I added better handling for controlling the slideshow dimensions.

Thanks again for your help.
Udi.

udig’s picture

Status: Needs work » Needs review
avpaderno’s picture

Status: Needs review » Needs work

The permission access content is too generic; there could be a module that implements a more restrictive permission, and the code would be showing a node the user doesn't have permission to access. If you need to be sure the user has access to a node, you should use node_access(), using 'view' as first parameter (an alternative would be db_rewrite_sql()).

This is a security vulnerability, which would make the security team open a SA, if the code would be in Drupal.org CVS.

udig’s picture

Status: Needs work » Needs review
StatusFileSize
new4.24 KB

KiamLaLuno,

Thanks for the explanation. Based on that here's a better version.

Thanks,
Udi.

udig’s picture

StatusFileSize
new5.2 KB

Invested some more time and here's an improved version that provides a built-in view. This makes the module a truly plug&play module that requires only plain module installation. Finer control can be achieved by using the module settings page as well as the built in view filter and sort handlers.

avpaderno’s picture

Status: Needs review » Fixed

A little note: the content of ajax_slideshow.views_default.inc is not correctly indented.

Thank you for your contribution! I am going to update your account.

These are some recommended readings to help with excellent maintainership:

You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

I thank all the dedicated reviewers as well.

Status: Fixed » Closed (fixed)
Issue tags: -Module review

Automatically closed -- issue fixed for 2 weeks with no activity.

avpaderno’s picture

Component: Miscellaneous » new project application
Assigned: Unassigned » avpaderno
Issue summary: View changes
Status: Closed (fixed) » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.