[D7] Search exclude nid

Hey Stefan Lehmann,

In search_exclude_nid.install.
Just a suggestion but consider removing your persistent variables via variable_del as you only have a small number regardless.

In search_exclude_nid.admin.inc, line 27.

• Your including Javascript in an odd manner, if possible please implement drupal_add_js. However moving & attaching the Javascript as a file to the form might be more applicable for this situation.
• The variable 'search_exclude_nid_search_exclusion_nids' is used rather often, could this be a named constant?
• Your doing a lot in your 'search_exclude_nid_search_exclusion_form_validate', would some of this better be moved to a submit function?

Nice module, thanks =).

Hi Stefan,

This module works great! Thanks for this cool contribution.
Here are a few things I found while doing a manual code review:

1. search_exclude_nid.install: To be more standards compliant it's best to use db_delete() instead of db_query here http://api.drupal.org/api/drupal/includes!database!database.inc/function...
2. search_exclude_nid.admin.inc
- I see some strings that are still missing the t() function.
- Why is the link in $nid_add_link capitalized and not wrapped in t()?
- The UI is a tad bit confusing for the form. Initially I kept filling out the autocomplete field and hit "Save configuration". The NIDs weren't getting added because it wasn't clear to me that I needed to click the "+ ADD NID TO EXCLUSION LIST". My guess is this is why you capitalized the letters, but I don't think that's a good idea. This of course is more a UI/UX issue and not a functional issue, so not a blocker. But it would be nice to see a more elegant approach.
3. search_exclude_nid.info: the "configure" path is incorrect.

manual review:

1. search_exclude_nid_search_exclusion_form() and search_exclude_nid_nodes_autocomplete(): this function does not respect node access grants and the permission necessary to access the page is not 'restrict access' => TRUE. So someone could be able to see nodes that are not supposed to be shown to that person. Solution: either restrict the permission or add the node access tag. This is a security blocker. And please don't remove the security tag, we keep that for statistics and to show examples of security problems. See http://api.drupal.org/api/drupal/modules!node!node.module/group/node_acc...
2. "theme_item_list(array( ...": do not call that specific implementation, use theme('item_list', ...) instead.
3. search_exclude_nid_search_exclusion_form_submit(): doc block is wrong, see http://drupal.org/node/1354#forms Same for search_exclude_nid_search_exclusion_form()

Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.

manual review:

Nice module Stefan!

line 58: What is this checking for - if (!empty($excluded_nids)) where previous line is enough.
line 80: No point to use intval($nid) where you already have $node->nid

in admin/config/search/search_exclusion

I think is better to give a more specific name for id in li tag in to the section "List of excluded nodes".
Now is "node-NID", you can change it in something like "excluded-node-NID".

Worked great for me. I used node_access in drupal 6 to achieve what your module is doing, but this or the module for drupal 6 you mentioned would have been so much easier.

Not just yet. Changing status to needs review.

Hey Stefan,

In search_exclude_nid.admin.inc, line 35 - 40.
I see your selecting all the nodes which are to be excluded. Maybe this would be more appropriately placed in it's own function, simply returning nid & title of said excluded node(s). This means other devs could reuse this function if need be & it keeps your form function nice & clean.

In search_exclude_nid.admin.inc, line 71.
The description hints at a check,

This codes makes sure, that only actual node IDs are saved.

Possibly implement a validation function for your form as well as the submit callback doing exactly this. E.G. return a form error if something other than an nid is submitted.

The use of the JS is still a little unfamiliar to me as I could see similar functionality achieved with $form_state['rebuild'].

Cheers,

manual review:

• "'title' => 'List of excluded nodes',": all user facing text must run through t() for translation.

The objections in comment #12 also don't seem to be application blockers, and since this was RTBC already ...

Thanks for your contribution, Stefan Lehmann!

I updated your account to let you promote this to a full project and also create new projects as either a sandbox or a "full" project.

Here are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and get involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.

Ahh sorry for bumping this xD.

Of course Stefan mine were just suggestions & your right validation can often get in the way & become a hindrance.