Data Management Applications with Drupal as Your
Framework
John Romine
UC Irvine, School of Engineering
UCCSC, IR37, August 2013 [email protected]
What is Drupal?
● Open-source content management system
● PHP, MySQL, jQuery
● 2%+ of all websites run Drupal
● Drupal 6: 2/2008
● Drupal 7: 1/2011
● Drupal 8: 1Q14?
● Rapid growth
○ whitehouse.gov
○ examiner.com
Why use Drupal?
● built-in features
○ user accounts
○ profiles
○ preferences
● access control
○ permissions
○ roles
○ single-sign-on integration
● display of content
○ templates
○ lists of stuff (views)
○ themeing
● actions
○ forms processing
○ validation
● database
○ schema definition
Content Management Framework
What’s a node?
● nid (String, 1 characters ) 5
● vid (String, 2 characters ) 73
● type (String, 4 characters ) page
● uid (String, 1 characters ) 1
● title (String, 58 characters ) Data
Management Applications with Drupal as Your Framework
● body (String, 31459 characters )
● teaser (String, 0 characters )
● ...
Data apps with Drupal: without code
● Fields: Content Constuction Kit (CCK)
○ Text field
○ Select list
○ Checkbox
○ Radio buttons
● Views:
○ List
○ Table
○ Pager
○ Filters
Example: Cal State Monterey Bay Student CRM
Development approach: code
● A collection of related Drupal modules
○ framework with different features for different areas
● rapidly deploy and update with Drupal tools
○ built-in schema update
○ drush make
Data source/uplink:
● links to outside data sources
○ financial
○ academic data
● upload/import with cron & batch
● read-only data mirrors
Access Control
● control what actions a user can take
● modules define permissions
○ edit blurfl content
○ view blurfl content
○ administer blurfl settings
● users assigned to roles
○ collections of permissions
● each activity can check permissions
○ exception: lists of stuff (performance)
● user_access(“edit blurfl content”)
Content access
Drupal built-in: realms & grants
● per-node array of:
○ realm
○ grant id
○ permissions (bool)
■ view
■ edit
■ delete
● per-user array of:
○ realm
○ array of grant ids
● can be overridden by modules (allow/deny)
Content & Forms
● nodes represented as structured object
● form represented as structured array
○ textfield
○ checkbox
○ radio button
○ select / checkboxes
○ textarea
○ fieldset
○ file upload
● per-field access check
● validation
● submit handler
● avoids
○ CSRF
○ XSS
○ SQL-injections
Strategy: Aspect-Oriented (vs. MVC)
● modules fully implement their data
○ no top-level integration
● control flow through "hooks" (actions)
● modules notified of activity through event callbacks:
○ load data
○ save data
○ display content
○ edit content
○ update (save) content
Code: Permissions definition
function student_activity_perm() { return array(
'edit student activity content', 'view student activity content', );
}
Code: schema definition
$schema['student_activity'] = array(
'fields' => array(
'nid' => array(
'type' => 'int',
'unsigned' => TRUE, 'not null' => TRUE, 'default' => 0,
),
'vid' => array(
'type' => 'int',
'unsigned' => TRUE, 'not null' => TRUE, 'default' => 0,
),
Code: schema (continued)
'activity_type' => array(
'type' => 'char', 'length' => 32,
'not null' => FALSE, 'default' => '',
)
● core schema update hook provided
○ easily update existing site’s schema to current
'activity_date' => array(
'type' => 'datetime', 'mysql_type' => 'date', 'not null' => FALSE, ),
Code: Data load, insert
function student_activity_load($node) {
return student_fetch_record('student_activity', $node);
}
function student_activity_insert($node) {
student_write_record('student_activity', $node);
}
● student_write_record()
○ a NULL-friendly version of drupal_write_record()
Code: Data update
function student_activity_update($node) {
if ($node->revision) { // treat it as a new record.
student_activity_insert($node);
}
else {
student_write_record('student_activity', $node, array('nid', 'vid'));
} }
● similar functions for delete, delete revision
Code: form definition: text field
$form['activity_date'] = array(
'#type' => 'textfield', '#size' => 12,
'#maxlength' => 10,
'#title' => t('Activity Date'),
'#default_value' => isset($node->activity_date)
? $node->activity_date : '',
'#description' => t('MM/DD/YYYY'), );
Code: form definition: select list
$form['activity_type'] = array(
'#type' => 'select',
'#title' => t('Activity type'),
‘#options’ => $activity_type_options, // assoc array '#default_value' => isset($node->activity_type)
? $node->activity_type : '', );
Code: form validation (example)
function mymodule_validate($node, &$form) {
if (isset($node->end_time) && isset($node->start_time)) { if ($node->start_time > $node->end_time) {
form_set_error('end_time',
t('An event may not end before it starts.'));
} } }
Code: routing & access control
function student_menu() {
$items['admin/settings/student'] = array(
'title' => 'Student',
'description' => 'Configure student module settings.', 'access callback' => 'user_access',
'access arguments' => array('administer student configuration'), 'page callback' => 'drupal_get_form',
'page arguments' => array('student_admin_settings'), 'type' => MENU_NORMAL_ITEM,
);
● Specify: URL/path, access control, page/form callback
Code: views integration
$data['student_plan']['plan_notes'] = array(
'title' => t('Plan notes'),
'help' => t("Progress plan notes"), 'field' => array(
'handler' => 'student_handler_field', 'click sortable' => TRUE,
'access callback' => 'student_check_field_access',
'access arguments' => array('view', 'student plan', 'plan_notes'), ),
● Specify how this field is displayed
● per-field access control possible
Code: views integration (2)
'filter' => array(
'handler' => 'views_handler_filter_string',
'access callback' => 'student_check_field_access',
'access arguments' => array('view', 'student plan', 'plan_notes'), ),
'argument' => array(
'handler' => 'views_handler_argument_string', ),
'sort' => array(
'handler' => 'views_handler_sort', ),
Typical data handling module:
lines chars
11 290 student_petition/student_petition.css 8 170 student_petition/student_petition.info 126 3159 student_petition/student_petition.install 15 489 student_petition/student_petition.js
465 14551 student_petition/student_petition.module 625 18659 total
● 300 lines of actual code in student_petition.module
○ implements 6 petition fields
■ database load/save/update
■ form handling
■ data display
