Comment module

The comment module was set on purpose as follow

• Comments are not visible by anonymous users (access comment should not be enabled for this categorY0. This allows to provide meeting notes in comment form without anyone not in STAR seeing it (action items, plans etc...) but sometimes, still see the meeting agenda.
• Comments were initially subject to approval / moderation. Upon request, this was changed to without moderation for authenticated users.
• The authenticated generic has been set to be allowed to post comments (and access them) but those will be subject to moderation (admins, see and maintain Note on authorization).

Directory structure

A directory structure of STAR Drupal

Organic groups

• Physics Working Groups - under /pwg/groupname, e.g. You do not have access to view this node
• Subsystems - /subsys/subsystemname-group e.g. SSD group
• Software & Computing - in main directory Software and Computing

Note that subsystems have also their pages that have nothing to do with organic group pages, like SSD.
The same is with "Software & Computing" that has both an OG Software and Computing and another page Software & Computing

Drupal problems and miss-features

Beware that Drupal has several miss-features and bugs as any product. Some may be fixed in later versions and we will enumerate by version to be sure to remove any confusion.

• Version 4.6
  • Create Content - import images
    From the admin account, this will upload images with several miss-feature and defaults improper for public display. Manua repair is needed thereater to fix this so, use at your own risk (or automate changes in a cron).
    
    • When importing, the images are first not published and not promoted. To fix this, you need to access the database and use the following command:
      mysq> UPDATE node SET promote=1 WHERE promote=0 AND type='image';
      mysql> UPDATE node SET status=1 WHERE status=0 AND type='image';
    • nodes do not have the proper access protection information which will prevent image sharing. There were no options to fix this in image import. So, two manual steps are needed ; the first command needs to be piped to an external file (let's call it bla.txt)
      mysql> SELECT node.id FROM node LEFT OUTER JOIN node_access ON node.nid=node_access.nid WHERE node_access.nid IS NULL;
      % cat bla.txt | grep '|' | awk '{print "INSERT IGNORE INTO node_access VALUES("$2",0,\"og_group\",1,0,0);"}' >insert.mysql
      mysql> source insert.mysql;
  • administer - settings - filemanager
    The filemanager HTML field Public file system url is terribly miss-leading. What you see in there is NOT what you have set. The best recommendation is to
    • fill all the other field and leave this one empty
    • Click the [Save Configuration] button.
    • Clear the box again and enter something like http://drupal.star.bnl.gov/STAR/files (for a path ending with files)
    • Click the [Save Configuration] button.
    • Verify a previously attached document that it is really recoverable ...

Existing generic accounts

The current generic accounts are in use. Please, extend the list as new accounts are added (hopefully not many).

• guest: an account used for temporary guest (like members of a review committee). The ACL for this account are lower than any other accounts and uses authenticated generic (which should have a lower access control)
  [this account's Email is registered to J. Lauret]
• staruser: a generic account for STAR users wanting access to Drupal but without a personal account. This is also used for the conference PC. The ACL for this account are lower than any other accounts and uses authenticated user.
• protected: a privileged user (usr lead) having the same password than the protected area on STAR Web.

• stargrid: a privileged account (usr lead) used for managing Grid area Drupal pages. This allows collaborative documentation.
• starembed: this account is a normal authenticated user created for managing embedding documentation pages. This facilitates collaborative work.

• stareemc: a generic authenticated user created for the EEMC group to manage their documentation.
• stardaq: a generic authenticated user created for the DAQ group to manage DAQ documentation.
• hbtuser: a generic authenticated user created for the HBT PWG OG.
• heavyuser:a generic authenticated user created for the HF PWG. This account is blocked.

How to do it in Drupal?

Migrating drupal to a new node

Ideally, Drupal would be installed under a generic alias name. But if this is not done, there are a hand full of places you need to alter for a full migration.

• Go as Administrator, administer -> settings -> filemanager and change the Public file system url box reference. You should do this before copying to a new server (as db access will not be possible afterward)
• Log on to your Drupal server as root, cd to the Drupal's root installation directory. Edit sites/default/settings.php and change $base_url
• Check a file named scripts/cron-curl.csh and change the reference

You should be ready to export Drupal as-is to another server.

Needed theme - a warning

WARNING on theme

The theme named garland should NOT be removed as it is used for basic administration tasks (via garland/minnelli). All the rest can be removed physically without much problems.

Note on authorization

Currentely, we have

• anonymous user
• authenticated generic
• authenticated user
• authenticated usr lead
• site admin

The naming was chosen strictly to have it sorted in alpha-order with increasing privilege. It was NOT the intent to have "site admin" administer basic layout of the site (should be reserved to the main admin).
BEWARE that some privileges should NOT be granted to ANY categories but site admins which should by themselves be restricted. Especially:

• administer nodes allows to bypass all privileges since the node itself is accessible. This includes bypass of OG document access

The following users have site admin privs

• testadmin
• chajecki

See also Existing generic accounts.

Organic Group versus regular page

General

Organic group were chosen so far as being PWG groups and key groups in STAR. Later, this may include detector sub-systems. In general. OG will be used to "hide" or group documentation not necessarily accessible by others non-subscribers but its use is more extended as described below.

 

Organic group possibilities

• Allow grouping post together and keeping tracks of things per groups (each group have separate XML feeds)
• Allow to customize area via themes. An image could be loaded per Group. Other usage could be developed/thought about. For example, the menu box could be moved up/down by modifying a "weight" for a different template, images included, background picture, watermark used and so on. The limit is your imagination. Drupal provides base theme templates here. But before getting carried way, please consult the Themes page for more information.
• A group could be globally moved (its entire structure could become the root of anew tree). Porbably not something we want to do ...
• Subscriptions to a "group" could be handled per group. Options are:
  1. open - subscription requests are accepted immediately
  2. moderated - subscription requests must be approved.
  3. invite only - subscriptions must be created by an administrator.
  Currently, all are opened.
• A group could be globally managed by a given user
• A group may contain its own agenda, meeting, polls, blogs etc ... [actually, I think this is an overkill and will probably suppress some when I find how to do that]

 

Site customization

The following modules were site customized or modified.

• theme modification - bluelake
• OG and node access compatibility patch (avoid side effects when removing grant and page is no longer accessible
• Advanced Poll module has broken CSS for Ranking polls
  
• captcha - to enable AFS user name lookup
• ...

Theme - bluelake

A template.php was added to display the name of the drupal user who had last updated the page along with the original page author.
This was requested to ease the maintenance of pages maintained by multiple users (when ACLs are set to allow many to all to edit and modify).

The code is as below

function phptemplate_node_submitted($node) {
  // JL - Simplified logic originally taken from https://drupal.org/node/511642
  if ($node->changed ){
    // The node was changed from its original format - good ..
    $revuid = $node->revision_uid;
    if ( $revuid != 0 && $revuid != $node->uid ){
      // Only display this if the revision owner UID differs from the original owner UID
      $revname = db_result(db_query("SELECT name FROM {users} WHERE uid = %d",$revuid));
      # JL - be careful of possible orphans
      if ( empty($revname) ){  $revname = 'unknown';    }
      else {                   $revname = '<a href="'.url("user/$revname").'">'.$revname.'</a>'; }

      return t('Updated on @changed by !newuser. Originally created by !username on @created.',
             array(
                   '@changed'  => format_date($node->changed, 'medium'),
                   '!newuser'  => $revname,
                   '!username' => theme('username', $node),
                   '@created'  => format_date($node->created, 'small'),
                   ));
    } else {
      // No need to show the revised uid as they are the same
      return t('Updated on @changed. Originally created by !username on @created.',
             array(
                   '@changed'  => format_date($node->changed, 'medium'),
                   '!username' => theme('username', $node),
                   '@created'  => format_date($node->created, 'small'),
                   ));
    }

  } else {
    // Return the default formatting
    return t('Submitted by !username on @datetime',
             array(
                   '!username' => theme('username', $node),
                   '@datetime' => format_date($node->created),
                   ));
  }
}

NODE ACCESS patch to maintain OG compatibility

see attached file..

Advanced Poll module has broken CSS for Ranking polls

By default, advpoll-display-ranking-form.tpl.php does not include:

<div style="clear:both"></div>

...so container height is not calculated properly.

Captcha - enable AFS user name lookup

changed file: /var/www/html/STAR/sites/all/modules/captcha/captcha.module

1. added function:

function captcha_validate_star_account_by_afs() {
  if ( $_POST['form_id'] === 'user_register' && !empty( $_POST['captcha_token'] ) ) {
    $dirname = '/afs/rhic.bnl.gov/star/users/'.$_POST['name'];
    return file_exists( $dirname );
  }
  return true;
}

2. modified functions: captcha_validate_strict_equality, captcha_validate_case_insensitive_equality, captcha_validate_ignore_spaces, captcha_validate_case_insensitive_ignore_spaces

 added line:
  if ( captcha_validate_star_account_by_afs() === false ) { return false; }

Useful administrators links

• Maintenance and content management
  • Site Status report (config &modules)
  • Check ROOT pages and orphan pages
  • Recently added
  • Defining vocabularies and lexicon using Taxonomy
  • If access permission problem occurs, rebuild them here

• Configurations
  • Enable/disable modules (be careful)
  • Enabled module specific configs
  • Configure by tasks
  • Define themes for sections (note: avoid being too orginal i.e. using too many themes, it creates support issues)
  • Modify pathauto behavior (note: BEWARE and know what you are doing)

• Basic site reshapes and tuning
  • Access control
  • Reshape Menus
  • Search content and select by type and other criterion
     
• Other
  • Organic groups listing.
  • Test tree for checking permision (re-enable Publish or select the sub-pages below)
    • Test 1 - A standard page, no ACL, no OG
    • Test 2 - A non public page, "protected" OG, no ACLs
    • Test 3 - Public page, OG set to something our test user (non lead) does not belong to
    • Test 4 - Normal page, ACL for our non priv test user
    • Test 5 - OG page, test user does not belong to the OG but ACL set

 

Granting access to nodes

.