In agile world when requirements changes faster than tasks got "done" status, we forced to make fast solutions that will work here and now. Being under pressure and in strict dead lines it easy to ignore code standards, "drupal way", and best practices that could be found in top Drupal sites. Tools and tips to keep your code clean.
https://drupalcampkyiv.org/node/37
Beyond the EU: DORA and NIS 2 Directive's Global Impact
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICES
1. One more time about code
standards and best practices
Iryna Vedkal
2. Why do we need to follow?
What does mean good code quality?
● Readability
● Maintainability
● Security
● Find errors more easily
● Common development way
● Less codebase
● Less bugs
● Better organized code
3. Common rules for Drupal development
● Follow code standards
● Everything should be in code
● Use configuration before code
● Use contrib before custom
● Never hack core or contrib
● Avoid too many modules (keep balance between module quantity and size)
● Keep business logic separate from template layer
4.
5. Steps to setup working environment
❏ Setup Code Sniffer - https://www.drupal.org/docs/8/modules/code-review-module/installing-coder-sniffer
❏ Install Coder - https://www.drupal.org/project/coder
❏ Setup pre-commit hooks - https://www.drupal.org/project/dcq
❏ Setup your IDE (PhpStorm, Visual Studio Code, etc)
❏ Run Code Check - https://www.drupal.org/node/1587138
❏ Setup Code Analyzer Tools (SonarQube)
6. Steps to follow after getting task & before coding
❏ Check is it covered with core functionality
❏ Check is it possible to reach with configuration
❏ Search for already exists decisions:
❏ Contrib modules
❏ Patches
❏ Already created code
❏ Search for alternatives that could be reused
❏ Contrib modules that have almost the same functionality
❏ Already exists solutions close to requirements
❏ Came with custom solution
❏ Approve solution with team
8. Benefits
● We do not need to develop big part of code;
● It is already covered with security policy;
● There chance that it covered with tests;
● There chance that fount bugs will be fixed with Drupal community;
● We will have all updates, bug fixes, security issues;
● We can propose to client to use additional functionality (left 60%);
● We can propose to add functionality we developed additionally to contrib module
maintainer;
● etc.
9. Custom VS Alternative
Custom:
● Time to develop, setup, test, bug fixes
● Found bugs should be fixed ourselves - no
other options
● All updates should be done ourselves
● Tests done only by our testers
● Need to take care about security
Alternative:
● Only time to configure & theming
● Found bugs could be fixed with Drupal
community
● Community works on updates
● Tested by community (depends on module
usage)
● Already covered with security policy
10. Approve solution with team
● While discussing better solution could be found;
● Teammates could know issues you will face while developing;
● Teammates could know code that you can reuse;
● No need to redevelop everything if your solution not approved;
● Better communication in team;
● etc.
12. 1. Avoid to make potential issues to exists core functionality,
even if you not use this functionality right now
if ($userAccess == true) {
echo "<p><a href="/admin/config/search/"
class="button">Click here</a></p>";
}
13. Issues:
1. Language prefix will be missed for multilanguage site
2. Changes for base_path will not work
3. Page query will be missed (pager, destination, etc.)
3. Translations will not work
17. 5. Always keep in mind security questions
$text = t("This is !name's website", array('!name' => $username));
$text = t("This is @name's website", array('@name' => $username));
$text = t("This is %name's website", array('%name' => $username));
It depends on what you use as a placeholder:
!variable: Inserted as is. Use this for text that has already been sanitized.
@variable: Escaped to HTML using check_plain(). Use this for anything displayed on a page on the site.
%variable: Escaped as a placeholder for user-submitted content using drupal_placeholder(), which shows up
as emphasized text.
19. 7. Avoid to create your own functions to replace exists one
function mymodule_load_nodes() {
$ournewtype = 'product';
$sql = 'SELECT nid FROM {node} n WHERE n.type = :type';
$result = db_query($sql, array(':type' => $ournewtype));
$nodeids = array();
foreach ($result as $row) {
$nodeids[] = $row->nid;
}
return $nodeids;
}
Also avoid to create your custom queries
20. 8. Avoid very specific cases
function <mytheme>_preprocess_block(&$variables) {
if ($variables['block_html_id'] === 'block-<some name>') {
if (!user_is_logged_in()) {
$string = '<li><a href="/node/1">Node 1</a></li>';
$variables['content'] = str_replace($string, '', $variables['content']);
}
}
}
1. Specific block
2. Specific content