Biblio Mendeley Connector

Hello, and thank you for applying for a CVS account.

I am adding the review tags, and some volunteers will review the module, pointing out what needs to be changed.

Hi. Please read all the following and the links provided as this is very important information about your CVS Application:

Drupal.org has moved from CVS to Git! This is a very significant change for the Drupal community and for your application. Please read the following documentation on how this affects and benefits you and the application process:
Migrating from CVS Applications to (Git) Full Project Applications

• The status of this application will be put to "postponed" and by following the instructions in the above link, you will be able to reopen it.
• Or if your application has been "needs work" for more than 5 weeks, your application will be marked as "closed (won't fix)". You can still reopen it, by reading the instructions above.

You need to create a sandbox project on d.o.

Some feedback about the code...

- Use two spaces instead of tabs
- "watchdog('error', $e->getMessage());". Instead of error, use a custom string, e.g. your module name
- Since are using exceptions and stuff, you should add "php = 5.0" to your .info file.

Also: You can remove the $Id$ lines, they have no effect with git.

Hi,
Please note! There still is no sandbox for this application. Shouldn't the status be moved to "postponed" ?

watchdog('biblio error', $e->getMessage());

I suggest using just 'biblio', otherwise it's ready to go IMHO.

Hi Dominik,

Before getting access, could you make sure you have hooked up your Git correctly to Drupal.org? Your commits are showing up as "unknown". I think you need to set your e-mail address in your git local to the same as one listed for your Drupal.org account: http://drupal.org/node/1022156

And can get help in IRC on freenode.net, #drupal-gitsupport

Hi,
Is there any news with this module? What about the mendeleyApi library which is required by this module? Does it work with the new mendeley API?
Regards,
Eric

Hi Dominik,
Thanks for replying and for the good news. I will stay tuned ...
Best,
Eric

Hi Dominik,
Any update on this? May I help in any thing?
Best,
Eric

Suggestions:

It appears you are working in the "master" branch in git. You should really be working in a version specific branch. Please see the documentation about release naming conventions and creating a branch in git.

Please take a moment to make your README.txt follow the guidelines for in-project documentation.

Please take a moment to make your project page follow tips for a great project page.

I noticed some small code style issues. Things like if($ instead of if ($. Please run the module through the latest dev of coder on "minor".

This could leverage the libraries API to load the file so it will work on more systems. I believe this will fail on certain php configurations:
require_once 'sites/all/libraries/mendeleyapi/Mendeley.php';

For all of your menu callbacks I think a more appropriate permission is "administer site configuration" - the current value is "access administration pages" which implies a more passive role whereas administer site configuration means the person is likely to change things.

biblio_mendeley_delete_local_nodes seems like it might fail to complete on an overloaded server or where there are lots of nodes. It would be good to move it to batch API.

Issues which need to be fixed:

The README.md should be renamed to README.txt
Your project should not have a LICENSE.txt
You should remove the gpl from each individual file. The code will be packaged with an appropriate LICENSE.txt so this information is duplicate.
You should remove $Id:$ from http://drupalcode.org/sandbox/dominikb1888/1099202.git/blob/refs/heads/m...

The code to switch users needs to be wrapped in session_save_session. See safely impersonating a user.

Questions:

Is the biblio_mendeley_consumer_secret value truly an important secret like a password? If so I suggest that the README and default configuration is storing it inside a php file on the server. You can put it in $conf['biblio_mendeley_consumer_secret'] = 'valuehere'; in settings.php and it will be available via variable_get. Putting it into an admin form means it will be stored in plain text in the database. If you put it in your settings.php file then you can be fairly confident people will be careful with that file (since it usually includes the mysql password, for example).

I'm not sure biblio_mendeley_is_synchronizing will work the way you want it to because the static php scope is only during a page request. I think you might want to use the lock system http://api.drupal.org/api/drupal/includes--lock.inc

The permission settings should actually be fine as this is mainly an admin targeted module.

I'm not sure that's the case. There are two permissions which sound very similar: "access administration pages" and "administer site configuration." The first is passive, meaning they can see things. The second is active meaning that they can change things. Since the menu callbacks in this module are for changing things it seems more appropriate to use the permission that is about changing settings.

This change also has some security implications - administer site configuration is on the list of permissions that can "own" your site and therefore a "vulnerability" from injecting xss into the form is not considered to be a real vulnerability if that page requires "administer site configuration."

If you feel strongly that the page should be "access administration pages" and want to keep it that way we should do a second review to confirm whether or not any of the features on that page can be considered an attack vector.

Hi, i'm using drupal 7 but the module says "This version is not compatible with Drupal 7.x and should be replaced."
Do you have a new version?
i use the following steps
1.Activate Biblio in Drupal, finished and this is OK.
2.Activate Biblio Mendeley (this module) in Drupal, when i check the modules, it shows the message.

the Biblio Mendeley module is downloaded from https://github.com/jakob-stoeck/drupal-biblio-mendeley/tree/

any help?

thanks Dominik

@dominikb1888 has been contacted to ask if the application is abandoned.

After ten weeks with a status of needs work: the applicant may be contacted by a reviewer to determine whether the application was indeed abandoned. The action taken by the reviewer should be documented in the project application issue.

http://drupal.org/node/894256

Hi, I'm trying this module on D6 again, however I still don't succeed. Is there any tips to have it running ? Or is there something wrong with it ? Thanks. Regards.

No action done, so closing this one, please reopen if this is wrong.