[D7] Content Type Dependency

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

Hi eerajskydiver,

There is still a master branch, make sure to set the correct default branch: http://drupal.org/node/1659588 . Then remove the master branch, see also step 6 and 7 in http://drupal.org/node/1127732

Hi Neeraj,

Great idea and a great module! Just a few things before you release:

1. You can help other developers find the module configuration by adding a 'configure' line in your .info file, check out this page for more information: https://drupal.org/node/542202
2. You can add your page callbacks for the admin interface to a seperate file, so they can be loaded when needed. Your .module file should be a small as reasonably possible to reduce memory load. You can read more on how to include files for page callbacks in hook_menu
3. There is no need to call drupal_uninstall_schema in content_type_dependency_uninstall() in code, as it is called automatically on uninstall
4. You should add 'node' as dependency in your .info file, just to be sure :)
5. Instead of calling onClick="return confirm(\'Are you sure to delete ?\')">Delete' on a link, you can use confirm_form to make sure the editor does not delete an entry by accident.

I have installed and Configured it and check it different users. Also review your module code and it is working fine.

README.txt

Please take a moment to make your README.txt follow the guidelines for in-project documentation.

You can make content_type_dependency_form_node_form_alter() a lot simpler.

• First off, don't use backticks (`) in the sql query - not all servers are configured that way. Use {} instead, that's the Drupal standard.
• Second, instead of loading every rule, just load the rule that applies to the content type currently being created.
• Third, only load enabled rules. All together your db_query would look like this:

  db_query('SELECT * FROM {content_type_dependency} WHERE to_create = "%s" AND status = 1', $form['#node']->type);

• In content_type_dependency.admin.inc your docblocks are wrong, those is not an implementation of hook_form, and hook_form_validate and hook_form_submit don't exist. Just document those functions normally.
• All user facing text must be passed through t().
• In content_type_dependency_list(), don't use inline-css, create a .css file and include it instead.

Setting to "needs work" for the number of issues. You might want to consider actually integrating this module with the Rules API, I think it would get you a lot more flexibility and a simpler module.

----
Top Shelf Modules - Crafted, Curated, Contributed.

I do not think dependencies[]= node makes any sense, although I saw the comment recommending it.
I have uploaded a patch, where I have corrected lots of typos.
I see you have created a whole new edit form. I would use only one form, where I set the default values from the URL. If you change any strings (or fix typos), now you have to do it twice on two forms.
Regarding the confirm_form, I could not find it.

Cloned the project from git (http://git.drupal.org/sandbox/neerajskydiver/2134689.git), but was not able to find the changes suggested in comment #12 and #16.

Additionally, I'd like to suggest you to use EntityFieldQuery in 'content_type_dependency_node_count()' instead of 'db_query()'.

manual review:

1. content_type_dependency_schema(): please provide meaningful descriptions to each DB column.
2. "$msg = 'Enabled';": all user facing text must run through t() for translation. Same for "'#prefix' => 'Would you like to continue with deleting .." and others, please check all your strings.
3. admin/config/content/content_type_dependency/list: this is vulnerable to XSS exploits. If I enter a message <script>alert('XSS');</script> for a dependency I get a nasty javascript popup. You need to sanitize all user provided text before printing. Make sure to read https://drupal.org/node/28984 again. Same for content_type_dependency_form_node_form_alter(), you need to sanitize $record->message first. And please don't remove the security tag, we keep that for statistics and to show examples of security problems.
4. content_type_dependency_modify(): this is vulnerable to CSRF attacks. You must never perform write operations on GET requests, either use confirmation forms or a security token in the URL. See also http://epiqo.com/en/all-your-pants-are-danger-csrf-explained

manual review:

1. "$content_types[''] = '- SELECT -';": all user facing text must run through t() for translation.
2. content_type_dependency_modify(): the check_plain of the $content_types array is not necessary here since the select boxes #options arrays will do the sanitization for you. See https://drupal.org/node/28984
3. '<a href="' . $url . '">Disable</a>', '<a href="' . $url_edit . '">Edit</a> / <a href="' . $url_delete . '" ">Delete</a>');: Disable and Delete should also run through t() for translation, please check all your strings.
4. "$header_table1 = array('To create', 'Must have', 'No of', 'Message', '', '');": same here.
5. content_type_dependency_list(): do not call theme() here, just return a render array. Drupal will render the table array later for you.

That are not critical application blockers, so I think this is RTBC otherwise.

Assigning to cweagans as he might have time to take a final look at this.

• Use abstraction layer instead of queries, it makes it friendlier for different kind of databases.
• Use l function instead of writing a tag.
• Use single quotes everywhere for consistency.
• Predefine $items in hook_menu to avoid notices in some cases.

no other objections for more than a week, so ...

Thanks for your contribution, neerajskydiver!

I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.

Here are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.