DESCRIPTION

This module attempts to provide content editors with the ability to include links to documents stored in a Documentum repository. For example editors can add a file using the file/add menu and then embed a link to this file in content. Or, if using media and wysiwyg then a media browser of the repository is provided.

At the same time, a use case for the primary client (so far) is to use drupal as a proxy between the browser and the Documentum repository for serving up the documents. Unlike remote stream wrapper that embeds a remote link to some content or a document, the embedded link should be a link back to the drupal site so that drupal can stream the content from the Documentum repository back to the browser.

As a design choice this wrapper uses the REST apis from Documentum (tested, but not exhaustively, with 6.7 SP2 and 7.1 versions of content server).

PROJECT PAGE
https://www.drupal.org/sandbox/joel.gilchrist/2557493

GIT CLONE INFORMATION
git clone --branch 7.x-1.x http://git.drupal.org/sandbox/joel.gilchrist/2557493.git documentum_stream_wrapper

MANUAL REVIEWS
https://www.drupal.org/node/2402147#comment-10290091
https://www.drupal.org/node/2511448#comment-10290321
https://www.drupal.org/node/2453715#comment-10294045

Comments

joel.gilchrist created an issue. See original summary.

PA robot’s picture

PA robot CreditAttribution: PA robot commented
Issue summary: View changes
Status: Needs review » Needs work

There are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxjoelgilchrist2557493git

Fixed the git clone URL in the issue summary for non-maintainer users.

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented
Status: Needs work » Needs review

Items from the automated review have been addressed (as much as possible). There are a few outstanding issues but addressing them makes the code non-functional. These are due to the fact that the new code is inheriting from a class/interface that does not adhere to the coding standards.

FILE: ...var/www/drupal-7-pareview/pareview_temp/documentum_stream_wrapper.inc
---------------------------------------------------------------------------
FOUND 6 ERRORS AFFECTING 5 LINES
---------------------------------------------------------------------------
126 | ERROR | Type hint "array" missing for $options
126 | ERROR | Public method name "DocumentumStreamWrapper::stream_open"
| | is not in lowerCamel format
321 | ERROR | Public method name "DocumentumStreamWrapper::stream_read"
| | is not in lowerCamel format
360 | ERROR | Public method name "DocumentumStreamWrapper::stream_eof" is
| | not in lowerCamel format
376 | ERROR | Public method name "DocumentumStreamWrapper::stream_close"
| | is not in lowerCamel format
393 | ERROR | Public method name "DocumentumStreamWrapper::stream_stat"
| | is not in lowerCamel format
---------------------------------------------------------------------------

joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented
Issue summary: View changes
joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented
Issue summary: View changes
joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented
Issue summary: View changes
joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented
Issue tags: +PAreview: review bonus
dhaval_panara’s picture

dhaval_panara CreditAttribution: dhaval_panara as a volunteer commented
Status: Needs review » Needs work

I have reviewed code and found following issues:

1) $form_state argument should have ampersand symbol(&) in parameter.
File : documentum_stream_wrapper.admin.inc
function documentum_stream_wrapper_configuration_form($form, $form_state) {
function documentum_stream_wrapper_configuration_form_submit($form, $form_state) {

2) Maintain files in specific folders like js file should be in 'js' folder, inc files should be in "includes" folders.

3) I would suggest it will be good if you will use a form tpl for design form instead of use #prefix and #suffix.

joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented

Thanks for the review and for providing feedback. I will take a look at these items and make appropriate changes.

joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented

Okay, I've taken care of numbers 1 and 2 from comment #8.

For #3 can you clarify the reasons for the suggestion? I understand some value from separating html/markup from the code but in a few quick prototypes it seems like overkill to have a theme and a template file, plus a bunch of variable passing to replace a few simple lines of prefix/suffix code. (Maybe I'm overcomplicating it by not doing it correctly). Do you consider this comment a blocker?

Thanks.

joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented

@dhaval_panara: For #3 review item instead of using a template file, since really I am not messing with the overall template, I have chosen to pull out the html tags into a theming function within the module. I think this does a good job of separating form definition from the extra html tags and keeps the html tags all in one location. So I'm hoping this solves the 'spirit' of your review item, if not the actual wording of your comment.

Please take another review and let me know if you have any further comments or suggestions.

joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented
Status: Needs work » Needs review
dhaval_panara’s picture

dhaval_panara CreditAttribution: dhaval_panara as a volunteer commented

I have checked Point #1 and #2 and it's implemented.
But I am not still fully satisfied with solution of #3.
you can make it more better with this reference link THEMING FORMS WITH TEMPLATE FILES

dhaval_panara’s picture

dhaval_panara CreditAttribution: dhaval_panara as a volunteer commented
Status: Needs review » Needs work
joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented

@dhaval_panara: Thanks for your review time (and for your patience). The theming help link you sent was very useful. I've made some changes to use a template file. It is working well. Please take another look.

joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented
Status: Needs work » Needs review
joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented

A few more changes have been made to simplify and to remove the media browser plugin. This shortens the code quite a bit and it has been tested quite a bit more too.

klausi’s picture

klausi
he/him||they/them
Primary language German
Location 🇦🇹 Vienna
CreditAttribution: klausi as a volunteer commented
Status: Needs review » Needs work
Issue tags: -PAreview: review bonus +PAreview: security

Review of the 7.x-1.x branch (commit 5f4f7ec):

  • Coder Sniffer has found some issues with your code (please check the Drupal coding standards).
    FILE: /home/klausi/pareview_temp/css/documentum_stream_wrapper.css
----------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
----------------------------------------------------------------------
 3 | ERROR | [x] Whitespace found at end of line
----------------------------------------------------------------------
PHPCBF CAN FIX THE 1 MARKED SNIFF VIOLATIONS AUTOMATICALLY
----------------------------------------------------------------------


FILE: /home/klausi/pareview_temp/documentum_stream_wrapper.info
----------------------------------------------------------------------
FOUND 2 ERRORS AFFECTING 2 LINES
----------------------------------------------------------------------
 13 | ERROR | Declared file was not found
 14 | ERROR | Declared file was not found
----------------------------------------------------------------------
  • No automated test cases were found, did you consider writing Simpletests or PHPUnit tests? This is not a requirement but encouraged for professional software development.

This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.

manual review:

  1. documentum_stream_wrapper_file_add_search(): do not use drupal_add_css() here, use #attached on the $form render array. See https://api.drupal.org/api/drupal/developer--topics--forms_api_reference...
  2. documentum_stream_wrapper_repository_search(): if you are worried about DQL injection here you should make sure that the integers are numbers and that $term escaped for quote characters.
  3. "'#value' => 'Save configuration',": all user facing text must run through t() for translation.
  4. documentum_stream_wrapper_configuration_form(): this is vulnerable to XSS exploits. If I enter <script>alert('XSS'); as repository name for example then I will get a nasty javascript popup in the overview table. You need sanitize user provided text before printing in a table, make sure to read https://www.drupal.org/node/28984 again. And please don't remove the security tag, we keep that for statistics and to show examples of security problems.

Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.

joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented

Thanks @klausi for the thorough and professional review. All comments have been addressed. I'll look to review 3 other projects to gain another review bonus tag.

joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented
Status: Needs work » Needs review
yogeshmpawar’s picture

yogeshmpawar
He/Him/His
Primary language English
Location 🇮🇳 Pune(MH)
CreditAttribution: yogeshmpawar as a volunteer and at QED42 commented
Title: D7 Documentum Stream Wrapper » [D7] Documentum Stream Wrapper
klausi’s picture

klausi
he/him||they/them
Primary language German
Location 🇦🇹 Vienna
CreditAttribution: klausi as a volunteer commented
Status: Needs review » Needs work

manual review:
documentum_stream_wrapper_file_add_search(): you are building a tableselect here, but you do not sanitize file_name which is coming from an external untrusted source, right? Same for oid.

PA robot’s picture

PA robot CreditAttribution: PA robot commented
Status: Needs work » Closed (won't fix)

Closing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).

I'm a robot and this is an automated message from Project Applications Scraper.

joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented

Comments from #22 have been addressed. Setting back to 'Needs Review'. I wasn't sure of the best way to sanitize filename. I found a reference here https://www.drupal.org/node/2472895 which looked good. Let me know if something else is readily available and I will used it.

joel.gilchrist’s picture

joel.gilchrist CreditAttribution: joel.gilchrist commented
Status: Closed (won't fix) » Needs review
Warped’s picture

Warped CreditAttribution: Warped as a volunteer commented
Status: Needs review » Postponed (maintainer needs more info)

Thank you for your contribution!

After 2017 March 7 everyone can promote a project to a full project.  A full project has a short project name and a drupal.org/project URL.  It can also have releases (like alpha1 or 1.0).  Edit your sandbox project, and then choose the 'Promote' tab.

https://www.drupal.org/docs/8/understanding-drupal-version-numbers/drupa...
https://www.drupal.org/docs/8/choosing-a-drupal-version/what-do-version-...
https://www.drupal.org/docs/8/understanding-drupal-version-numbers/what-...
https://www.drupal.org/docs/8/choosing-a-drupal-version/release-stable-v...

If you'd like to opt into security coverage, please ensure your module is ready for a full release, and then set this issue back to 'needs review'

Immense apologies for how long it took to get to this review completed.

apaderno’s picture

apaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
CreditAttribution: apaderno as a volunteer commented
Status: Postponed (maintainer needs more info) » Closed (won't fix)

I am closing this application for the lack for replies. I take the OP just needed to be able to promote the project.