[1.0.x] Views area library

Thank you for applying!

Please read Review process for security advisory coverage: What to expect → for more details and Security advisory coverage application checklist → to understand what reviewers look for. Tips for ensuring a smooth review → gives some hints for a smoother review.

The important notes are the following.

• If you have not done it yet, you should run phpcs --standard=Drupal,DrupalPractice on the project, which alone fixes most of what reviewers would report.
• For the time this application is open, only your commits are allowed.
• The purpose of this application is giving you a new drupal.org role that allows you to opt projects into security advisory coverage, either projects you already created, or projects you will create. The project status won't be changed by this application and no other user will be able to opt projects into security advisory policy.
• We only accept an application per user. If you change your mind about the project to use for this application, or it is necessary to use a different project for the application, please update the issue summary with the link to the correct project and the issue title with the project name and the branch to review.

To the reviewers

Please read How to review security advisory coverage applications → , Application workflow → , What to cover in an application review → , and Tools to use for reviews → .

The important notes are the following.

• It is preferable to wait for a Code Review Administrator before commenting on newly created applications. Code Review Administrators will do some preliminary checks that are necessary before any change on the project files is suggested.
• Reviewers should show the output of a CLI tool → only once per application.
• It may be best to have the applicant fix things before further review.

For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues → .

• What follows is a quick review of the project; it doesn't mean to be complete
• For each point, the review usually shows some lines that should be fixed (except in the case the point is about the full content of a file); it doesn't show all the lines that need to be changed for the same reason
• A review is about code that doesn't follow the coding standards, contains possible security issue, or doesn't correctly use the Drupal API; the single points aren't ordered, not even by importance

core_version_requirement: ^9 || ^10

Since the module declares to need any Drupal 9 version, it cannot use features implemented by PHP 7.4, as Drupal 9.0 does not require PHP 7.4. Either the minimum Drupal version is increased to Drupal 9.4 or the module explicitly requires PHP 7.4.

I have specified a clear requirement for PHP 7.4 in the module.

src/Plugin/views/area/Library.php

  public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
    $instance = parent::create($container, $configuration, $plugin_id, $plugin_definition);
    $instance->libraryDiscovery = $container->get('library.discovery');
    $instance->themeHandler = $container->get('theme_handler');
    return $instance;
  }

The purpose of create() is to pass the dependencies to the class constructor. It does not initialize the class properties directly.

  public function buildOptionsForm(&$form, FormStateInterface $form_state) {
    $form['library'] = [
      '#type' => 'textfield',
      '#title' => $this->t('Library'),
      '#default_value' => $this->options['library'],
      '#required' => TRUE,
      '#description' => $this->t('Library must be in the format "extension/library".'),
    ];
  }

That method must call the parent method, which is what AreaPluginBase does too.

    if ($this->getModuleHandler()->moduleExists($dependency)) {
      $dependencies['module'][] = $dependency;
    }
    elseif ($this->themeHandler->themeExists($dependency)) {
      $dependencies['theme'][] = $dependency;
    }
    else {
      throw new \RuntimeException('Library dependency not found.');
    }
    return $dependencies;

The purpose of that method is adding dependencies; if those dependencies are not found, an exception is already thrown by Drupal core. Eventually, the code should only add the found dependencies, as Role::calculateDependencies() does.

  $dependencies = parent::calculateDependencies();
  foreach (array_keys($this->options['role']) as $rid) {
    if ($role = $this->roleStorage
      ->load($rid)) {
      $dependencies[$role
        ->getConfigDependencyKey()][] = $role
        ->getConfigDependencyName();
    }
  }
  return $dependencies;

If the added dependencies are not found, Drupal core already throws an exception or an error message.

See also QueryPluginBase::calculateDependencies().

  $dependencies = [];
  foreach ($this
    ->getEntityTableInfo() as $info) {
    if (!empty($info['provider'])) {
      $dependencies['module'][] = $info['provider'];
    }
  }
  return $dependencies;

The purpose of create() is to pass the dependencies to the class constructor. It does not initialize the class properties directly.

Can you explain the advantage of this approach? I've always believed that the purpose of the "create()" factory method is to reduce boilerplate code for dependency injection without overriding the constructor.
There is at least 1 case of this approach in the core. Also, for many popular modules such as Group, Webform, the same approach is used.

That method must call the parent method, which is what AreaPluginBase does too.

Core has view plugins that completely override the behavior of the options form without calling the parent method. Why is this prohibited here? I did this on purpose to simplify the form as much as possible.

The architectural solution to "force" calling a parent method is impossible, if there is a part that is required for the plugin options form, the "views" module itself must add it after calling buildOptionsForm from the plugin.

Eventually, the code should only add the found dependencies

It's fixed.

I do PHPCS and found following issues.

/var/www/html/drupal10/web/modules/contrib/views_area_library/src/Plugin/views/area/Library.php:22:4: error - Missing @var tag in member variable comment
/var/www/html/drupal10/web/modules/contrib/views_area_library/src/Plugin/views/area/Library.php:27:4: error - Missing @var tag in member variable comment

Is there anything that needs to be changed? Two properties that are not documented are not sufficient to hold the application.

Hi @kksandr

Thx a lot for your contribution to the Drupal community. A great respect from me. I did a smoke testing and a review of your module and here are a few comments:

• The composer.json file looks a bit uncompleted. Here is how to configure it https://www.drupal.org/docs/develop/using-composer/add-a-composerjson-file →
• Same for the README.md file. Here is an example on how to write it properly: https://www.drupal.org/docs/develop/managing-a-drupalorg-theme-module-or... →
• Recheck one last thing: Enable the module. Add the library header. Save the view. Uninstall the module via drush in the terminal. Refresh the view. Make sure there aren't any db logs or weird behavior. I've watched it somehow from time to time.

Again, great job!

I do PHPCS and found following issues.

@YogitaR Which version of drupal/coder are you checking the module? Now it has gitlab-ci configured which includes phpcs checking and it does not find these errors.

@andrei.vesterli

The composer.json file looks a bit uncompleted.

1. composer.json is updated as much as possible.

Same for the README.md file.

2. README.md updated to fit the template

Enable the module. Add the library header. Save the view. Uninstall the module via drush in the terminal.

3. The view is deleted along with the module, since it is listed in its dependencies, there are no errors or warnings.

Hi @kksandr

Thx a lot for your feedback. Looks great. No comments from my side.

Kind regards
Andrei

Let's keep reviewing the same branch.

Thank you for your contribution! I am going to update your account.

These are some recommended readings to help with excellent maintainership:

• Dries → ' post on Responsible maintainers
• Best practices for creating and maintaining projects →
• Maintaining a drupal.org project with Git →
• Commit messages - providing history and credit →
• Release naming conventions → .
• Helping maintainers in the issue queues →

You can find more contributors chatting on the Slack → #contribute channel. So, come hang out and stay involved → .
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review → . I encourage you to learn more about that process and join the group of reviewers.

I thank all the reviewers.

Automatically closed - issue fixed for 2 weeks with no activity.