Table of Contents for
Mastering Drupal 8

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Mastering Drupal 8 by William Hurley Published by Packt Publishing, 2017
  1. Mastering Drupal 8
  2. Title Page
  3. Copyright
  4. Mastering Drupal 8
  5. Credits
  6. About the Author
  7. Acknowledgments
  8. About the Author
  9. About the Reviewer
  10. Customer Feedback
  11. www.PacktPub.com
  12. Why subscribe?
  13. Table of Contents
  14. Preface
  15. What this book covers
  16. What you need for this book
  17. Who this book is for
  18. Conventions
  19. Reader feedback
  20. Customer support
  21. Downloading the example code
  22. Downloading the color images of this book
  23. Errata
  24. Piracy
  25. Questions
  26. Developer Workflow
  27. Deciding on a local AMP stack
  28. The role of Composer
  29. Installing Composer locally
  30. Installing Composer globally
  31. Using Composer to create a Drupal project
  32. Speeding up tasks using Drush
  33. Using Drush wrapper
  34. Installing Drush globally
  35. Using Drush to create a Drupal project
  36. A quick look at Drupal Console
  37. Accessing Drupal Console locally
  38. Installing Drupal using Drupal Console
  39. Installing Drupal Console globally
  40. Running a built-in PHP web server
  41. Using Git to manage source code
  42. Installing Git
  43. Configuring Git
  44. Creating a remote repository
  45. Setting up a local repository
  46. Tracking and committing files with Git
  47. Adding a remote origin
  48. Pushing files to the remote repository
  49. Virtualizing an environment
  50. Using Drupal VM as a web starter
  51. Summary
  52. Site Configuration
  53. Assumptions
  54. Exploring Drupal's interface
  55. Managing Drupal
  56. Basic site settings
  57. SITE DETAILS
  58. FRONT PAGE
  59. ERROR PAGES
  60. Performance
  61. Clearing cache
  62. Using Drush to clear cache
  63. Using Drupal Console to clear the cache
  64. Configuration overrides
  65. Using Drush to manage configuration
  66. Listing configuration variables
  67. Retrieving specific variables
  68. Setting configuration variables
  69. Using Drupal Console to manage configuration
  70. Listing configuration variables
  71. Retrieving specific variables
  72. Setting configuration variables
  73. Working with the File system
  74. Managing file paths
  75. Regional settings
  76. Date and time formats
  77. Adding new date formats
  78. Summary
  79. Managing Users, Roles, and Permissions
  80. Assumptions
  81. Exploring People
  82. Managing roles and permissions
  83. What is a role?
  84. Creating a role
  85. Reordering roles
  86. Editing a role
  87. Setting permissions
  88. Working with users
  89. Adding a user
  90. Bulk updating users
  91. Configuring Account settings
  92. CONTACT SETTINGS
  93. ADMINISTRATOR ROLE
  94. REGISTRATION AND CANCELLATION
  95. Managing user fields
  96. Adding fields
  97. Managing form display
  98. Using Drush to manage roles
  99. Listing roles
  100. Creating roles
  101. Deleting roles
  102. Listing permissions
  103. Adding permissions
  104. Removing permissions
  105. Using Drush to manage users
  106. Displaying user information
  107. Assigning roles
  108. Removing roles
  109. Blocking a user
  110. Unblocking a user
  111. Creating user accounts
  112. Cancelling user account
  113. Resetting passwords
  114. Creating a one-time login
  115. Summary
  116. Content Types, Taxonomy, and Comment Types
  117. Assumptions
  118. Exploring Content types
  119. Submission form settings
  120. Preview before submitting
  121. Publishing options
  122. Managing revisions
  123. Reverting content
  124. Display settings
  125. Menu settings
  126. Managing fields
  127. Field settings
  128. Creating custom content types
  129. Managing fields using the Field UI
  130. Deleting fields
  131. Adding new fields
  132. Author field
  133. Teaser field
  134. Content field
  135. Featured Image field
  136. Taxonomy, Vocabularies, and Terms
  137. Adding a vocabulary
  138. Adding terms
  139. Adding a Taxonomy field
  140. Working with Comment types
  141. Adding a Comment type
  142. Adding Comment type field
  143. Working with form and content display
  144. Reordering fields
  145. Modifying Field Widgets
  146. Disabling fields
  147. Using Drupal console to generate dummy content
  148. Creating vocabularies
  149. Creating comments
  150. Creating nodes
  151. Summary
  152. Working with Blocks
  153. Assumptions
  154. Block layout and Regions
  155. Demonstrating block regions
  156. Placing blocks into regions
  157. Block configuration, settings, and visibility
  158. Managing the block title
  159. Using the Contextual menu
  160. Managing visibility settings
  161. Content types restriction
  162. Page restriction
  163. Role restriction
  164. Creating a custom block
  165. Defining the Region
  166. Exploring the Custom block library
  167. Editing custom blocks
  168. Managing block types
  169. Adding fields to blocks
  170. Manage form display
  171. Reordering fields
  172. Modifying field formats
  173. Managing display
  174. Using the Place block interface
  175. Deleting Blocks from Block layout
  176. Summary
  177. Content Authoring, HTML5, and Media
  178. Assumptions
  179. Responsive admin
  180. CKEditor and text formats
  181. Text formats
  182. Toolbar configuration
  183. CKEditor plugin settings and filters
  184. Enabled filters
  185. Filter processing order
  186. Filter settings
  187. Working with images
  188. Image alignment
  189. Image captions
  190. Managing displays
  191. Reordering fields
  192. Controlling labels
  193. Using Field Formatters
  194. Formatting a date field
  195. Managing the Teaser display
  196. Using Better preview
  197. Custom Display settings
  198. Adding a view mode
  199. Image styles
  200. Configuring image styles
  201. Adding image styles
  202. Quick edit
  203. Summary
  204. Understanding Views
  205. Customized lists of contents
  206. View displays
  207. Creating view pages and blocks
  208. Block display
  209. Working with filter criteria and sorting
  210. Rearrange filter criteria
  211. Expose filters
  212. Formatting rows
  213. Row styling
  214. Fields
  215. Content
  216. Field formatting
  217. View formats
  218. Unformatted list
  219. Grid
  220. HTML List
  221. Table
  222. Using advanced features
  223. Relationships
  224. Contextual filters
  225. Display all results for the specified field
  226. Provide a default value
  227. Hide view
  228. Display a summary
  229. Display contents of "No results found"
  230. Display "Access Denied"
  231. Query aggregation
  232. AJAX
  233. Summary
  234. Theming Essentials
  235. Assumptions
  236. What is a theme?
  237. Exploring the Appearance interface
  238. Drupal's core themes
  239. Bartik
  240. Seven
  241. Stark
  242. Classy
  243. Theme states
  244. Installed themes
  245. Uninstalled themes
  246. Default theme
  247. Installing and uninstalling themes
  248. Step one - installing a theme
  249. Step two - uninstalling a theme
  250. Theme settings
  251. Toggling the display of page elements
  252. Logo image settings
  253. Favicon settings
  254. Theme-specific settings
  255. Using prebuilt themes
  256. Folder structure and naming conventions
  257. Managing configuration in Drupal 8
  258. Reviewing the new info.yml file
  259. Metadata
  260. Libraries
  261. Defining a library
  262. Overriding libraries
  263. Extending libraries
  264. Attaching a library
  265. Using Twig to attach a library
  266. Using the preprocess functions to attach a library
  267. Regions
  268. Adding assets to CKEditor
  269. The role of templates in Drupal
  270. How templates work
  271. Where to find templates
  272. Creating a simple theme
  273. Step one - creating a new folder
  274. Step two - create an info file
  275. Step three - create a libraries file
  276. Step four - copy core templates
  277. Step five - include a screenshot
  278. Step six - installing our theme
  279. Summary
  280. Working with Twig
  281. Assumptions
  282. Configuring settings.local.php
  283. Enabling local development services
  284. Disabling render and page cache
  285. Disabling test modules and themes
  286. Enabling Twig debug
  287. Twig fundamentals
  288. Commenting variables
  289. Setting variables
  290. Printing variables
  291. Dumping variables
  292. Filters
  293. Control structures
  294. Functions
  295. Template variables
  296. The role of the theme file in Drupal
  297. Preprocessors and hooks
  298. Working with libraries
  299. Adding assets
  300. Creating a library reference
  301. Including our library
  302. Introducing web fonts
  303. Creating our Jumbotron Block
  304. Step one - Creating a custom block
  305. Step two - Adding a new Jumbotron block
  306. Step three - Placing the Jumbotron block
  307. Page template
  308. Node template
  309. Block template
  310. Field templates
  311. Summary
  312. Extending Drupal
  313. Using Drush
  314. Using Composer
  315. Creating a new module
  316. Understanding configuration and plugins
  317. YAML
  318. Plugins
  319. Annotations
  320. Anatomy of a plugin manager
  321. Working with dependency injection
  322. Services
  323. Creating your own service
  324. Services definition file
  325. abstract
  326. alias
  327. calls
  328. configurator
  329. factory
  330. parent
  331. properties
  332. public
  333. scope
  334. tags
  335. Service implementation
  336. Using your service
  337. Permissions
  338. Routing and menus
  339. Basic routing
  340. Display methods
  341. _form
  342. _entity_view
  343. _entity_list
  344. _entity_form
  345. Handling arguments
  346. Requirements checking
  347. Route matching
  348. _module_dependencies
  349. _method
  350. Parameter matching
  351. Access tests
  352. _permission
  353. _role
  354. _access
  355. _entity_access
  356. _csrf_token
  357. Dynamic routes
  358. Menu links
  359. Local tasks
  360. Local actions
  361. Contextual links
  362. Events and hooks
  363. Using the EventDispatcher
  364. Summary
  365. Working with Forms and the Form API
  366. Creating and managing forms
  367. Creating a new form
  368. Using FormState
  369. Other form types
  370. Exploring the Form API
  371. New Form API types
  372. Color
  373. Details
  374. Dropbutton
  375. HTML tag
  376. Language select
  377. Link
  378. More link
  379. Pager
  380. Path element
  381. Table select
  382. URL
  383. Using AJAX
  384. Summary
  385. RESTful Services
  386. Overview of REST
  387. REST in Drupal 8
  388. HTTP verbs
  389. HAL JSON
  390. Enabling core modules and customizing permissions
  391. Exposing content using Views
  392. Using RESTful endpoints
  393. Displaying content
  394. Unsafe methods and CSRF protection
  395. Creating content
  396. Updating content
  397. Deleting content
  398. Authenticating an application as a Drupal user
  399. Core methods
  400. Contrib methods
  401. Creating REST resources
  402. Using parameters
  403. Using the current user
  404. Summary
  405. Multilingual Capabilities
  406. Enabling core multilingual modules
  407. Language
  408. Interface Translation
  409. Content Translation
  410. Configuration Translation
  411. Installing and configuring languages
  412. Adding language detection
  413. Account administration pages
  414. URL
  415. Session
  416. User
  417. Browser
  418. Selected language
  419. Content language detection
  420. Working with language switching blocks
  421. Translating content
  422. Translating the Drupal admin UI
  423. Using the multilingual API
  424. PHP code
  425. JavaScript
  426. YML files
  427. Annotations
  428. Twig templates
  429. Summary
  430. Configuration Management
  431. Configuration Management files
  432. File format
  433. Schema
  434. Scalar values
  435. Mapping
  436. Sequence
  437. Reusable types
  438. Dynamic type references
  439. Override system
  440. Differences between configuration and state
  441. Using the Config object
  442. Configuration interface
  443. Synchronize configuration
  444. Exporting single configuration
  445. Importing single configuration
  446. Exporting whole site configuration
  447. Importing whole site configuration
  448. Configuration workflow with Drush
  449. Configuration and multilingual sites
  450. Configuration forms
  451. Configuration translation
  452. User interface translation
  453. Summary
  454. Site Migration
  455. Enabling core modules to migrate content
  456. Using Drupal 8's Migrate to handle migrations
  457. Extending migrations with contributed modules
  458. Building a migration process
  459. Creating a migration source
  460. Creating a migration processor
  461. Using Drush to manage migrations
  462. Summary
  463. Debugging and Profiling
  464. Enabling core debugging
  465. Disabling caching
  466. Enabling Twig debugging
  467. Debugging cache performance
  468. Working with Devel and Kint
  469. Installing the Devel module
  470. Printing variables
  471. Printing backtrace
  472. Using the Web Profiler
  473. Installing the Web Profiler module
  474. Request information
  475. Processing timeline
  476. Performance timing
  477. Debugging queries
  478. Debugging Views
  479. Summary

Using the current user

The REST resource that we just created works, but it is pretty naive. At the moment, it doesn't make any attempt to ensure that the requesting user has permissions to view any of the content. The first part of that is making sure that we don't show any content that is unpublished and that the requesting user might not have access to. When our REST resource is called, we have access to the currentUser attribute. This AccountProxy is the user that is provided from the appropriate authentication methods enabled on the endpoint. We need this since, as we discussed earlier, we can't rely on there being an actual user session. So let's create a function to check to see if the requesting user is able to see unpublished content:

/**
  * Returns whether the provided user should be able to see un-published content
  * 
  * @param \Drupal\user\Entity\User $user
  * 
  * @return Boolean
  */
 protected function canSeeUnpublished($user) {
   $filter_unpublished = TRUE; 
  // If user can bypass node access don't filter by published
   if ($this->currentUser->hasPermission('bypass node access')) {
     $filter_unpublished = FALSE;
   }
    // If there are node access 
   else if (count(\Drupal::moduleHandler() 
  ->getImplementations('node_grants'))
       && node_access_view_all_nodes($this->currentUser)) {
     $filter_unpublished = FALSE;
   }
   // If current user and can view own unpublished content
   else if ($user->id() == $this->currentUser->id()
       && $this->currentUser->hasPermission('view own unpublished content')) {
     $filter_unpublished = FALSE;
   } 
  return !$filter_unpublished;
 }

There are a number of conditions that could allow a user to view unpublished content. The first is that they have permissions to "bypass all access restrictions", the next is if there is a module that implements node_grants and this user is granted the ability to view all nodes, and lastly, if the requesting user is the same as the requested user and they have permissions to "view own unpublished content." If any of these is correct, we need to return that we should not filter unpublished content. We then need to rewrite the queries to make use of that information. While we're at it, we will add the query tags and metadata to ensure that any queries we run also check against node access rules and are executed as the requesting user:

$filter_unpublished = !$this->canSeeUnpublished($request_user); 
// Get count of all nodes authored by the user
 $count_query = \Drupal::entityQuery('node')
   ->condition('uid', $user); 
if ($filter_unpublished) {
   $count_query->condition('status', 1);
 } 
$count_query->count()
   ->addTag('node_access')
   ->addMetaData('op', 'view')
   ->addMetaData('account', $this->currentUser->getAccount()); 
$count = $count_query->execute(); 
// Load all nodes authored by the user
 $node_query = \Drupal::entityQuery('node')
   ->condition('uid', $user); 
if ($filter_unpublished) {
   $node_query->condition('status', 1);
 } 
$node_query->sort('created', 'ASC')
   ->pager()
   ->addTag('node_access')
   ->addMetaData('op', 'view')
   ->addMetaData('account', $this->currentUser->getAccount()); 
$nids = $node_query->execute();

Now you can test un-publishing a node and then testing localhost/user/1/posts?_format=hal_json logged in, as the administrator as well as not logged in and see how the count of nodes changes. If you haven't done so already, ensure that anonymous users are able to access "Access GET on User posts resource resource" in the permissions list. Your get() function should look like this.

Only one thing remains to properly secure our new REST endpoint. We should ensure that the requesting user has permissions to view the user they are trying to get information about. This is a simple matter of adding the following test after we load the user:

// Ensure the requesting user is able to view the requested user 
$entity_access = $request_user->access('view',  
  $this->currentUser, TRUE); 
if (!$entity_access->isAllowed()) { 
  throw new AccessDeniedHttpException(); 
}

This will ensure that only users with permission to view the requested users will see their posts. We also need to add the result of the access test to the cache context to ensure that, if that permission changes, our page is invalidated correctly. That's a simple matter of adding the following code at the bottom of the function before we return the response:

$response->addCacheableDependency($entity_access);

Now we have a robust way of retrieving all nodes authored by a given user. It has pagination and allows traversal through the API. It also has security in place to ensure that the user who requests the list is able to view the user in question, as well as all nodes that might be returned. It also respects all the authentication methods available in both core and contrib. In the end, your get() function should look like this: