drupaleurope org drupal technology
play

www.drupaleurope.org Drupal + Technology TRACK SUPPORTED BY - PowerPoint PPT Presentation

Dec 16, 2023 •231 likes •1k views

www.drupaleurope.org Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Entity access for lists A crucially missing piece of the puzzle Kristiaan Van den Eynde Kristiaan Van den Eynde Senior Drupal developer @Magentix Kristiaan Van den Eynde

  1. www.drupaleurope.org

  2. Drupal + Technology TRACK SUPPORTED BY 17/3/2018

  3. Entity access for lists A crucially missing piece of the puzzle Kristiaan Van den Eynde

  4. Kristiaan Van den Eynde Senior Drupal developer @Magentix

  5. Kristiaan Van den Eynde Work at Factorial GmbH in Hamburg Live near Antwerp, Belgium Group module maintainer Happily married, recently a dad Highly sensitive person

  6. Definition of list access

  7. Definition of list access Checks access before entities are loaded

  8. Definition of list access Checks access before entities are loaded Takes caching into account

  9. Definition of list access Checks access before entities are loaded Takes caching into account Supported by Views

  10. “ But we already have that, “ so what's the big deal? Someone in the audience

  11. Current implementation The node grants system

  12. What is the node grants system?

  13. What is the node grants system? Saves business logic to the database upon node manipulation

  14. What is the node grants system? Saves business logic to the database upon node manipulation Alters queries tagged with node_access to check for access against this saved business logic

  15. What is the node grants system? Saves business logic to the database upon node manipulation Alters queries tagged with node_access to check for access against this saved business logic Also used as fallback if regular access checks are indecisive

  16. What is the node grants system? Saves business logic to the database upon node manipulation Alters queries tagged with node_access to check for access against this saved business logic Also used as fallback if regular access checks are indecisive Bad metaphor: Locks and keys

  17. What is the node grants system? Saves business logic to the database upon node manipulation Alters queries tagged with node_access to check for access against this saved business logic Also used as fallback if regular access checks are indecisive Bad metaphor: Locks and keys Better metaphor: Bouncers at a night club

  18. What's wrong with node grants?

  19. What's wrong with node grants? Only work for "content" (aka nodes)

  20. What's wrong with node grants? Only work for "content" (aka nodes) Only work for view, update and delete actions

  21. What's wrong with node grants? Only work for "content" (aka nodes) Only work for view, update and delete actions As a result does not scale well for other entities

  22. What's wrong with node grants? Only work for "content" (aka nodes) Only work for view, update and delete actions As a result does not scale well for other entities Might try and store extremely complex access logic in the DB

  23. Can it be fixed?

  24. Can it be fixed? Not really, the concept is past its due date Would either require a new column on existing table or one table per entity type, both are far from ideal Would require a new column per supported operation, which again would lead to unwieldy (and buggy) code

  25. Intermezzo Possible approaches

  26. Keep altering queries Pros and cons

  27. Keep altering queries Pros and cons Pro: We already have ENTITY_TYPE_access query tags

  28. Keep altering queries Pros and cons Pro: We already have ENTITY_TYPE_access query tags Pro: People are already used to this approach

  29. Keep altering queries Pros and cons Pro: We already have ENTITY_TYPE_access query tags Pro: People are already used to this approach Con: Complicated use cases may find themselves limited by SQL

  30. Scalable pagination Access checks in code

  31. Scalable pagination Access checks in code Proposed by catch early 2017 Based on a Four Kitchens blog post from 2009 https://www.fourkitchens.com/blog/article/anticipage-scalable- pagination-especially-acls/

  32. Scalable pagination explained

  33. Scalable pagination explained You ask for more results than you need and pull them through your access logic

  34. Scalable pagination explained You ask for more results than you need and pull them through your access logic If you do not have enough results, go back to the database for more

  35. Scalable pagination explained You ask for more results than you need and pull them through your access logic If you do not have enough results, go back to the database for more Keep track of the first and last item and use them for paging

  36. Scalable pagination explained You ask for more results than you need and pull them through your access logic If you do not have enough results, go back to the database for more Keep track of the first and last item and use them for paging Works best on sites where most content is accessible to everyone

  37. Scalable pagination Pros and cons

  38. Scalable pagination Pros and cons Pro: Same access logic for both individual entities and entity lists

  39. Scalable pagination Pros and cons Pro: Same access logic for both individual entities and entity lists Pro: No "content drift" due to Reddit-style pagers (next/previous)

  40. Scalable pagination Pros and cons Pro: Same access logic for both individual entities and entity lists Pro: No "content drift" due to Reddit-style pagers (next/previous) Con: Poor performance on sites with more complex access set-ups

  41. Scalable pagination Pros and cons Pro: Same access logic for both individual entities and entity lists Pro: No "content drift" due to Reddit-style pagers (next/previous) Con: Poor performance on sites with more complex access set-ups Con: No indication of amount of possible results

  42. Scalable pagination Pros and cons Pro: Same access logic for both individual entities and entity lists Pro: No "content drift" due to Reddit-style pagers (next/previous) Con: Poor performance on sites with more complex access set-ups Con: No indication of amount of possible results Con: People are not familiar with this approach

  43. “ You don't seem to be a fan of “ scalable pagination Someone else in the audience

  44. Query altering: Part Deux

  45. A summary of previous work

  46. A summary of previous work Extend the entity access system with a new grants API (and deprecate the query-alter-based node grants API) 
 https://www.drupal.org/project/drupal/issues/777578

  47. A summary of previous work Extend the entity access system with a new grants API (and deprecate the query-alter-based node grants API) 
 https://www.drupal.org/project/drupal/issues/777578 Entity access policies 
 https://www.drupal.org/project/entity_access_policies

  48. A summary of previous work Extend the entity access system with a new grants API (and deprecate the query-alter-based node grants API) 
 https://www.drupal.org/project/drupal/issues/777578 Entity access policies 
 https://www.drupal.org/project/entity_access_policies Implement a query-level entity access API 
 https://www.drupal.org/project/entity/issues/2909970

  49. Entity access policies

  50. Entity access policies A collection of access plugin, e.g.: is_published

  51. Entity access policies A collection of access plugin, e.g.: is_published Used in policy config entities that list which entity types and operations they apply to

  52. Entity access policies A collection of access plugin, e.g.: is_published Used in policy config entities that list which entity types and operations they apply to When an entity query is launched, this system kicks in, finds all applicable policies and compiles them into one query alter

  53. Entity access policies A collection of access plugin, e.g.: is_published Used in policy config entities that list which entity types and operations they apply to When an entity query is launched, this system kicks in, finds all applicable policies and compiles them into one query alter You can build a UI showing all of the active access policies for your website and even allowing you to edit them

  54. Entity access policies Pros and cons

  55. Entity access policies Pros and cons Pro: Supports any operation and entity type

  56. Entity access policies Pros and cons Pro: Supports any operation and entity type Pro: Option to have an access overview UI

  57. Entity access policies Pros and cons Pro: Supports any operation and entity type Pro: Option to have an access overview UI Pro: Works alongside node grants (until hopefully removed in D9)

  58. Entity access policies Pros and cons Pro: Supports any operation and entity type Pro: Option to have an access overview UI Pro: Works alongside node grants (until hopefully removed in D9) Pro: Easy to work around a problematic module

  59. Entity access policies Pros and cons Pro: Supports any operation and entity type Pro: Option to have an access overview UI Pro: Works alongside node grants (until hopefully removed in D9) Pro: Easy to work around a problematic module Con: Too big of a change at once to go into core

  60. Entity access policies Pros and cons Pro: Supports any operation and entity type Pro: Option to have an access overview UI Pro: Works alongside node grants (until hopefully removed in D9) Pro: Easy to work around a problematic module Con: Too big of a change at once to go into core Con: Loads a list of config entities to decide access to another list of entities

Recommend

www.drupaleurope.org Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Drupal 8, Services and

www.drupaleurope.org Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Drupal 8, Services and

www.drupaleurope.org Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Drupal 8, Services and Decoupling Patterns Dinesh Waghmare About My Self Dinesh Waghmare, Drupal Mumbai, India Im working with Tata Consultnacy Services , Powai-Mumbai,

869 views • 53 slides
www.drupaleurope.org No photos please image Responsible disclosure, cross-project

www.drupaleurope.org No photos please image Responsible disclosure, cross-project

www.drupaleurope.org No photos please image Responsible disclosure, cross-project collaboration, and Drupal 8 security xjm Drupal & Technology | http://bit.ly/drupal-europe-d8-security Drupal + Technology TRACK SUPPORTED BY 17/3/2018

893 views • 44 slides
www.drupaleurope.org Drupal PKM A Personal Knowledge Management Drupal distro

www.drupaleurope.org Drupal PKM A Personal Knowledge Management Drupal distro

www.drupaleurope.org Drupal PKM A Personal Knowledge Management Drupal distro https://www.yongt9412.com/assets/drupal_pkm.pdf (Spanish) John Gustavo Choque Condori Drupal 8 Developer at MD Systems @yongt9412 Overview What we gonna talk

835 views • 49 slides
www.drupaleurope.org axelerant.com 1 Lesser known perks of using composer Drupal Europe 2018

www.drupaleurope.org axelerant.com 1 Lesser known perks of using composer Drupal Europe 2018

www.drupaleurope.org axelerant.com 1 Lesser known perks of using composer Drupal Europe 2018 axelerant.com 2 Drupal + Technology TRACK SUPPORTED BY axelerant.com 3 Special Thanks to.. axelerant.com 4 Mohit Aghera Drupal developer

723 views • 26 slides
www.drupaleurope.org The Future of Drupal Watchdog Magazine Brian Osborn, Drupal Watchdog

www.drupaleurope.org The Future of Drupal Watchdog Magazine Brian Osborn, Drupal Watchdog

www.drupaleurope.org The Future of Drupal Watchdog Magazine Brian Osborn, Drupal Watchdog Publisher Drupal Community Track Drupal Watchdog @drupalwatchdog www.drupalwatchdog.com Drupal Watchdog - History First launched in 2011

358 views • 11 slides
www.drupaleurope.org The Challenge of Emotional Labor in Open Source Communities Ken Rickard

www.drupaleurope.org The Challenge of Emotional Labor in Open Source Communities Ken Rickard

www.drupaleurope.org The Challenge of Emotional Labor in Open Source Communities Ken Rickard https://www.drupaleurope.org/session-by-industry/drupal-community Ken Rickard Director of Innovation | Palantir.net @agentrickard Drupal since 2005

1.19k views • 72 slides
www.drupaleurope.org How to grow up skills by contribution to community Andriy Iun Drupal

www.drupaleurope.org How to grow up skills by contribution to community Andriy Iun Drupal

www.drupaleurope.org How to grow up skills by contribution to community Andriy Iun Drupal Community track Andriy Iun dgo.to/@andriyun Fullstack drupal developer Active community member What is a community? Drupal community Come for

517 views • 35 slides
www.drupaleurope.org Browser Testing with Nightwatch.js Salva Molina Session URL:

www.drupaleurope.org Browser Testing with Nightwatch.js Salva Molina Session URL:

www.drupaleurope.org Browser Testing with Nightwatch.js Salva Molina Session URL: https://www.drupaleurope.org/session/browser-testing-nightwatchjs 13/9/201 8 Salva Molina PHP Engineer @salva_bg Drupal.org: slv_ Freelance Drupal &

507 views • 48 slides
www.drupaleurope.org Fields, Bricks, Paragraphs, Publishing + Media etc... What's the next?

www.drupaleurope.org Fields, Bricks, Paragraphs, Publishing + Media etc... What's the next?

www.drupaleurope.org Fields, Bricks, Paragraphs, Publishing + Media etc... What's the next? Media-Driven Content Architecture Vasily Yaremchuk Vasyl Yaremchuk Drupal Practice Lead at @vasilyyaremchuk drupal.org/u/yaremchuk Retrospective

658 views • 19 slides
www.drupaleurope.org CONNECTING MEDIA SOLUTIONS BEYOND DRUPAL MIRO DIETIKER miro_dietiker MD

www.drupaleurope.org CONNECTING MEDIA SOLUTIONS BEYOND DRUPAL MIRO DIETIKER miro_dietiker MD

www.drupaleurope.org CONNECTING MEDIA SOLUTIONS BEYOND DRUPAL MIRO DIETIKER miro_dietiker MD Systems - Founder Initiative Leader Switzerland CONNECTING MEDIA What is Content management? Landscape by example Media types Available

859 views • 85 slides
www.drupaleurope.org Community Events in WordPress @FrancescaMarano September 12, 2018 - Drupal

www.drupaleurope.org Community Events in WordPress @FrancescaMarano September 12, 2018 - Drupal

www.drupaleurope.org Community Events in WordPress @FrancescaMarano September 12, 2018 - Drupal Community Track CIAO! SONO FRANCESCA WordPress Community Team Representative WordCamp and Meetup Organiser WordPress Community

531 views • 31 slides
www.drupaleurope.org Digital Transformation + Enterprise TRACK SUPPORTED BY Successfully Proving

www.drupaleurope.org Digital Transformation + Enterprise TRACK SUPPORTED BY Successfully Proving

www.drupaleurope.org Digital Transformation + Enterprise TRACK SUPPORTED BY Successfully Proving Enterprise Drupal 8 George Steven George Steven Chief Architect (Drupal) @ Bayer curiouslygeorge Successfully Proving Enterprise Drupal 8 The

408 views • 14 slides
Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Code with style! Prettier + ESlint David

Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Code with style! Prettier + ESlint David

Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Code with style! Prettier + ESlint David Corbacho Romn https://www.drupaleurope.org/session/code-style-prettier-eslint We want to deliver software without flaws. How to deliver software

743 views • 55 slides
www.drupaleurope.org Essential marketing At the regional level Imre Gmelig Meijling (Chair Dutch

www.drupaleurope.org Essential marketing At the regional level Imre Gmelig Meijling (Chair Dutch

www.drupaleurope.org Essential marketing At the regional level Imre Gmelig Meijling (Chair Dutch Drupal Association) Making Strategy Strategic a dent Engagement Marketing & Branding Identity Non profit Executing Activities

772 views • 52 slides
Talk to me Drupal Talk to me Drupal Using Drupal to power a Voice App Hello My Name Is Frank

Talk to me Drupal Talk to me Drupal Using Drupal to power a Voice App Hello My Name Is Frank

Talk to me Drupal Talk to me Drupal Using Drupal to power a Voice App Hello My Name Is Frank Hello My Name Is Frank I am a Christian, Father, and Technology Enthusiast. Online my name is frob (IRC, d.o, github) On Twitter I am @frobdfas My Blog

616 views • 44 slides
Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices

Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices

Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices flowing, and help give a broad overview of Drupal jargon, Drupal Architecture & the Drupal Community... May 21st, 2010 - SNHU, Manchester, NH

1.12k views • 52 slides
Introduction to Drupal Andrew Rudy Outline What is Drupal Why use Drupal (Pros and

Introduction to Drupal Andrew Rudy Outline What is Drupal Why use Drupal (Pros and

Introduction to Drupal Andrew Rudy Outline What is Drupal Why use Drupal (Pros and Cons) Examples of what Drupal can do How to download and install Drupal How to use Drupals user interface What is Drupal? Drupal

319 views • 18 slides
www.drupaleurope.org Donna Benjamin @kattekrab @catalyst_it_au Agency + Business Agile

www.drupaleurope.org Donna Benjamin @kattekrab @catalyst_it_au Agency + Business Agile

www.drupaleurope.org Donna Benjamin @kattekrab @catalyst_it_au Agency + Business Agile business analysis For Drupal agencies Agile business analysis For Drupal agencies Donna Benjamin @kattekrab @catalyst_it_au Whats this session

773 views • 28 slides
Mostly Core Constructing real world sites [mostly] using Drupal 8 core Karen Stevenson

Mostly Core Constructing real world sites [mostly] using Drupal 8 core Karen Stevenson

Mostly Core Constructing real world sites [mostly] using Drupal 8 core Karen Stevenson DrupalCamp Florida March 2016 Drupal Drupal Drupal Drupal Drupal Drupal Drupal User Stories Demo Site Drupal 8 core Bootstrap subtheme

537 views • 24 slides
Why Im looking forward to Drupal 8 Who Am I? Jim Taylor drupal.org/u/bigjim @jalama

Why Im looking forward to Drupal 8 Who Am I? Jim Taylor drupal.org/u/bigjim @jalama

Why Im looking forward to Drupal 8 Who Am I? Jim Taylor drupal.org/u/bigjim @jalama Currently: Manager, Web Development @ Highlights for Children Yes Were Hiring! Started with Drupal in 2007 (Drupal 5.2) Past Roles: Owned a small

546 views • 31 slides
DRUPAL [ REMOTELY ] Is Remote Drupal Employment For You? Gray Sadler, Drupal Developer Drupal

DRUPAL [ REMOTELY ] Is Remote Drupal Employment For You? Gray Sadler, Drupal Developer Drupal

DRUPAL [ REMOTELY ] Is Remote Drupal Employment For You? Gray Sadler, Drupal Developer Drupal Camp 2014 | Orlando, Florida DRUPAL [ REMOTELY ] WHATS ON THE MENU TODAY? Working Remotely Challenges Finding Remote Employment [

578 views • 19 slides
2016-09-28 Routing in Drupal 9, and lessons learned in Drupal 8 Peter Wolanin

2016-09-28 Routing in Drupal 9, and lessons learned in Drupal 8 Peter Wolanin

2016-09-28 Routing in Drupal 9, and lessons learned in Drupal 8 Peter Wolanin drupal.org/u/pwolanin Track: Core Conversations events.drupal.org/dublin2016/sessions/routing-drupal-9-and-lessons-learned-drupal-8 This is a Conversation If I get

631 views • 23 slides
Drupal for Designers Not decorating on top of what Drupal gives you, but rather, letting

Drupal for Designers Not decorating on top of what Drupal gives you, but rather, letting

Drupal for Designers Not decorating on top of what Drupal gives you, but rather, letting Drupals default behavior simply provide a guide for your design. Drupal for Designers by Dani Nordin http://my.safaribooksonline.com

736 views • 26 slides
15+ Ways to Debug Drupal 8 Zakiya Khabir Drupal Developer, Chapter Three Why this talk?

15+ Ways to Debug Drupal 8 Zakiya Khabir Drupal Developer, Chapter Three Why this talk?

Stanford Drupal Camp 15+ Ways to Debug Drupal 8 Zakiya Khabir Drupal Developer, Chapter Three Why this talk? End of dpm() Kint complaints Rumors of a better way Audience D7 front-enders New to Drupal Current D8 devs

1.41k views • 48 slides

More recommend