When writing code for the web it is very important that you pay attention to security. Drupal provides many tools to help you out and in this presentation we'll look at what those are and how to make sure you use them properly.
Additional resources
In this chapter we learn how to get data out of the database and display it. The example walks through writing a module that creates a page that displays how many nodes are published and unpublished for each content type in our site. We use the db_select() function to accomplish this.
In this chapter we learn about changing the definition of a database table after it has already been installed. This example expands on the previous chapters by adding a new field to the table to collect the date a user last visited a node. We learn more about hook_update_N() as well as db_add_field().
In this chapter we learn other ways to interact with our database beyond the simple db_select() query from the earlier video. This example walks through writing a module that that saves and displays data about how many times a user has visited a specific page. We learn about db_select(), db_insert(), db_update(), db_merge(), db_delete() and introduce the concept of "get and set" helper functions.
In this chapter we learn how to create a new database table. This example walks through creating a module that defines the the properties of our new table and also programatically creating that table. We learn about hook_schema() and hook_update_N() in our module's install file.
Trainers note: This video starts out with a module that implements hook_node_view() and stores data about views in the $_SESSION variable. It also states that we built this earlier in the series. However, that's not true. We did talk about hook_node_view() in https://drupalize.me/videos/event-driven-hook-system, but we never actually wrote the $_SESSION handling part. So, if you're following along and want the same sample code we start with make sure you download the code attached to this node.
In this excerpt from the Overview of Drupal 7, Angie Byron, talks about the Database API in Drupal 7. This was a round table discussion with other Lullabots on the line who ask and answer questions, in addition to Angie's presentation. This lays a good foundation for how the database system works in Drupal and sets you up for the hands-on tutorials that follow.
Additional resources
This video goes through the process of changing some of the properties of a form with the hook_form_alter() function. This hook is a very powerful tool to be able to modify existing Drupal forms, created by core or contributed modules, and tailor them to your needs.
This video shows how a module can integrate with Drupal's theme system by exposing a new themeable item to the theme registry with hook_theme(), and then creates a function in order the customize the output of that themeable item. The then video demonstrates how the theme layer can override the markup defined with theme functions at the module layer.
This presentation provides an overview of the different phases of the form submission and validation process that Drupal uses with the Forms API. This will give you a good foundation for implementing forms yourself in the following videos.
This video shows how to target a specific form with the hook_form_FORM_ID_alter and creating a customized validation function for a form.
Note: There is a typo in this video. (The code is correct in the downloadable example file attached to the previous video.)
In the demo_validate_password()
function, the following line shown in the video if (in_array($form['values']['pass'], $badpasswords)) {
should be if (in_array($form_state['values']['pass'], $badpasswords)) {
.
In this lesson, we pull our work together by creating a new view on the site that uses the work we've done so far with exposing our data, and creating our handlers. Once we create the view, we'll export it and add it to our module as a default view.
In this lesson Joe demonstrates how to extend the default views sort handler and create a new one for use on our table that will allow us to sort the data returned from a query with the rows that belong to the currently logged in user at the top of the list. This lesson builds on information from the previous couple of lessons regarding implementing views handlers and general coding for views best practices.
In this lesson Joe takes a look at writing a custom filter handler by building on the knowledge gained about writing handlers from the previous lessons. Filter handlers control how data in a table is treated when being used in the context of a views filter including things like how the data is represented, what the form for filtering looks like and more.
In our original Databasics module, we had some access control around who could see the tab we are providing on the user page. Now that we have switched that tab to being a view, we need to still add that access control back. In this lesson, we will work with a new feature of Views: plugins. We will create an access plugin that gives us the freedom to add our own custom access control, along with settings to give our users a choice about what access they'd like to use.
Domain Access can do its magic because of the Drupal node access system. In this tutorial we'll walk through the basics of how this system works, highlighting the two main methods, and then explain why this may be important information for you. We won't be diving into the code side of things, but instead outline the basic concepts for anyone who needs to interact with this system. When using a module like Domain Access, you should be aware of the Drupal context in which you are working, even if you hopefully never have to dive into the details.
Additional resources
Controlling Access to Content Overview (drupal.org handbook)
Node access developer documentation (api.drupal.org)
Testing, and quality assurance, are an important part of maintaining high-quality software. Together they ensure that the code we write functions as it is intended to, and that changes made later on do not introduce any regressions into our application. Its tedious work and generally involves coming up with a list of tasks that prove a specific feature is working, and then repeating the list of tasks every time a change is made.
Automated testing is the process of writing code to reduce the number of things we need to do manually when testing our software. That list you created to ensure your software is working correctly is likely something that can be easily automated with a testing framework like SimpleTest. Doing so can dramatically reduce the amount of time it takes to perform QA, and improve the overall stability of our applications.
The SimpleTest testing framework was introduced into Drupal core early on in the Drupal 7 development cycle. Since then it has had a profound impact on the way our community develops Drupal. Core now contains a whole suite of tests that cover somewhere in the neighborhood of 75% of the softwares functionality. Every time a new features is introduced, or a bug is fixed, this battery of tests confirms that the fix to the date formatting function didn't inadvertently break something else.
In this series we'll learn to write our own automated tests for Drupal 7 using SimpleTests. We'll walk through enabling SimpleTest, and running one or more test cases with both the SimpleTest UI, and with drush. Then we'll cover some of the related terminology like the difference between functional tests and unit tests. As well as discuss why testing is an important part of development and worth the investment.
Then we'll walk through writing a test case and a set of assertions in orders to verify that various features of our site are working. We'll use functional tests based on the DrupalWebTestCase
class, which simulates a browser navigating our site and clicking on links, and filling out forms. And the DrupalUnitTestCase
class, which allows us to write super fast unit tests for the business logic contained within our code.
After watching this series you should be able to:
- Install the SimpleTest module and run the tests included with core.
- Define and know the difference between functional tests, unit tests, test cases, and assertions.
- Create a new test case so that SimpleTest can discover and run your tests.
- Write assertions that test the validity of your application in a given state.
- Use the test browser to click on links and navigate to pages on a site.
- Fill out and submit forms and AJAX form elements using the test case browser.
- Handle file and image uploads in test cases.
- Write unit tests, and understand how the workflow for running unit tests differs from that of functional tests.
- Use the SimpleTest 7.x-2.x module from contrib to test existing websites.
This series assumes that you have basic understanding of Object Oriented PHP, and are familiar with Drupal module development. If you need to brush up on your module development watch our series on Drupal 7 Module Development. And, while not required to run tests, we do make use of drush in this series so knowing how to run drush commands is helpful.
Writing tests can be a challenging. But it doesn't have to be. And the benefits of doing so are huge. Especially as our web applications become more complex, as our teams grow, and as the multitude of ways in which people interact with our web applications changes constantly. Spending some time learning how to write tests will not only make your applications more reliable, it'll also make you a better developer.
Additional resources
Developers write tests for a variety of different reasons and understanding why, and how, writing tests can improve the quality of our code and our sanity helps motivate ourselves to write tests. The tests we write usually take one of two forms. Functional tests are used to test an applications behavior. When I click this link does it take me to the about page? Unit tests are used to verify the logic within a small segment, or unit, of code. When I call this function that is supposed to return a link with these specific parameters does it return the correct data? There are a ton of reasons that investing time and resources into writing automated tests is a big win in the long run and in this lesson we'll cover a bunch of them, including:
- Eliminate repetitive tasks.
- Improve overall stability of an application.
- Ensure critical paths & edge cases function.
- Reduce (not eliminate) the number of tests that need to be performed manually.
Types of Tests
There are are two main types of tests and we're going to be writing. Functional tests, and Unit tests.
Functional tests, also known as integration tests, test the functionality of a particular aspect of an application by simulating normal interaction with that system. In the case of web software this usually refers to simulating a user navigating and interacting with the website as if they where using their browser, keyboard, and mouse.
Unit testing is the art and practice of taking a small portion of code, a unit, and subjecting it to programmatic tests to prove its correctness. For example, testing a function that performs unit conversion by comparing a known input with an anticipated result.
UPDATE: This video references qa.drupal.org which is no longer in use. On Friday, October 23rd 2015 - qa.drupal.org received and processed it's last
test. The qa.drupal.org testbots have now been superseded by DrupalCI - and test results are now displayed directly on Drupal.org. While the mechanics are different now, the end result is still all patches to Drupal core are automatically tested.