drupaleurope org drupal technology
play

www.drupaleurope.org Drupal + Technology TRACK SUPPORTED BY - PowerPoint PPT Presentation

Dec 16, 2023 •231 likes •1k views

www.drupaleurope.org Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Entity access for lists A crucially missing piece of the puzzle Kristiaan Van den Eynde Kristiaan Van den Eynde Senior Drupal developer @Magentix Kristiaan Van den Eynde

  1. www.drupaleurope.org

  2. Drupal + Technology TRACK SUPPORTED BY 17/3/2018

  3. Entity access for lists A crucially missing piece of the puzzle Kristiaan Van den Eynde

  4. Kristiaan Van den Eynde Senior Drupal developer @Magentix

  5. Kristiaan Van den Eynde Work at Factorial GmbH in Hamburg Live near Antwerp, Belgium Group module maintainer Happily married, recently a dad Highly sensitive person

  6. Definition of list access

  7. Definition of list access Checks access before entities are loaded

  8. Definition of list access Checks access before entities are loaded Takes caching into account

  9. Definition of list access Checks access before entities are loaded Takes caching into account Supported by Views

  10. “ But we already have that, “ so what's the big deal? Someone in the audience

  11. Current implementation The node grants system

  12. What is the node grants system?

  13. What is the node grants system? Saves business logic to the database upon node manipulation

  14. What is the node grants system? Saves business logic to the database upon node manipulation Alters queries tagged with node_access to check for access against this saved business logic

  15. What is the node grants system? Saves business logic to the database upon node manipulation Alters queries tagged with node_access to check for access against this saved business logic Also used as fallback if regular access checks are indecisive

  16. What is the node grants system? Saves business logic to the database upon node manipulation Alters queries tagged with node_access to check for access against this saved business logic Also used as fallback if regular access checks are indecisive Bad metaphor: Locks and keys

  17. What is the node grants system? Saves business logic to the database upon node manipulation Alters queries tagged with node_access to check for access against this saved business logic Also used as fallback if regular access checks are indecisive Bad metaphor: Locks and keys Better metaphor: Bouncers at a night club

  18. What's wrong with node grants?

  19. What's wrong with node grants? Only work for "content" (aka nodes)

  20. What's wrong with node grants? Only work for "content" (aka nodes) Only work for view, update and delete actions

  21. What's wrong with node grants? Only work for "content" (aka nodes) Only work for view, update and delete actions As a result does not scale well for other entities

  22. What's wrong with node grants? Only work for "content" (aka nodes) Only work for view, update and delete actions As a result does not scale well for other entities Might try and store extremely complex access logic in the DB

  23. Can it be fixed?

  24. Can it be fixed? Not really, the concept is past its due date Would either require a new column on existing table or one table per entity type, both are far from ideal Would require a new column per supported operation, which again would lead to unwieldy (and buggy) code

  25. Intermezzo Possible approaches

  26. Keep altering queries Pros and cons

  27. Keep altering queries Pros and cons Pro: We already have ENTITY_TYPE_access query tags

  28. Keep altering queries Pros and cons Pro: We already have ENTITY_TYPE_access query tags Pro: People are already used to this approach

  29. Keep altering queries Pros and cons Pro: We already have ENTITY_TYPE_access query tags Pro: People are already used to this approach Con: Complicated use cases may find themselves limited by SQL

  30. Scalable pagination Access checks in code

  31. Scalable pagination Access checks in code Proposed by catch early 2017 Based on a Four Kitchens blog post from 2009 https://www.fourkitchens.com/blog/article/anticipage-scalable- pagination-especially-acls/

  32. Scalable pagination explained

  33. Scalable pagination explained You ask for more results than you need and pull them through your access logic

  34. Scalable pagination explained You ask for more results than you need and pull them through your access logic If you do not have enough results, go back to the database for more

  35. Scalable pagination explained You ask for more results than you need and pull them through your access logic If you do not have enough results, go back to the database for more Keep track of the first and last item and use them for paging

  36. Scalable pagination explained You ask for more results than you need and pull them through your access logic If you do not have enough results, go back to the database for more Keep track of the first and last item and use them for paging Works best on sites where most content is accessible to everyone

  37. Scalable pagination Pros and cons

  38. Scalable pagination Pros and cons Pro: Same access logic for both individual entities and entity lists

  39. Scalable pagination Pros and cons Pro: Same access logic for both individual entities and entity lists Pro: No "content drift" due to Reddit-style pagers (next/previous)

  40. Scalable pagination Pros and cons Pro: Same access logic for both individual entities and entity lists Pro: No "content drift" due to Reddit-style pagers (next/previous) Con: Poor performance on sites with more complex access set-ups

  41. Scalable pagination Pros and cons Pro: Same access logic for both individual entities and entity lists Pro: No "content drift" due to Reddit-style pagers (next/previous) Con: Poor performance on sites with more complex access set-ups Con: No indication of amount of possible results

  42. Scalable pagination Pros and cons Pro: Same access logic for both individual entities and entity lists Pro: No "content drift" due to Reddit-style pagers (next/previous) Con: Poor performance on sites with more complex access set-ups Con: No indication of amount of possible results Con: People are not familiar with this approach

  43. “ You don't seem to be a fan of “ scalable pagination Someone else in the audience

  44. Query altering: Part Deux

  45. A summary of previous work

  46. A summary of previous work Extend the entity access system with a new grants API (and deprecate the query-alter-based node grants API) 
 https://www.drupal.org/project/drupal/issues/777578

  47. A summary of previous work Extend the entity access system with a new grants API (and deprecate the query-alter-based node grants API) 
 https://www.drupal.org/project/drupal/issues/777578 Entity access policies 
 https://www.drupal.org/project/entity_access_policies

  48. A summary of previous work Extend the entity access system with a new grants API (and deprecate the query-alter-based node grants API) 
 https://www.drupal.org/project/drupal/issues/777578 Entity access policies 
 https://www.drupal.org/project/entity_access_policies Implement a query-level entity access API 
 https://www.drupal.org/project/entity/issues/2909970

  49. Entity access policies

  50. Entity access policies A collection of access plugin, e.g.: is_published

  51. Entity access policies A collection of access plugin, e.g.: is_published Used in policy config entities that list which entity types and operations they apply to

  52. Entity access policies A collection of access plugin, e.g.: is_published Used in policy config entities that list which entity types and operations they apply to When an entity query is launched, this system kicks in, finds all applicable policies and compiles them into one query alter

  53. Entity access policies A collection of access plugin, e.g.: is_published Used in policy config entities that list which entity types and operations they apply to When an entity query is launched, this system kicks in, finds all applicable policies and compiles them into one query alter You can build a UI showing all of the active access policies for your website and even allowing you to edit them

  54. Entity access policies Pros and cons

  55. Entity access policies Pros and cons Pro: Supports any operation and entity type

  56. Entity access policies Pros and cons Pro: Supports any operation and entity type Pro: Option to have an access overview UI

  57. Entity access policies Pros and cons Pro: Supports any operation and entity type Pro: Option to have an access overview UI Pro: Works alongside node grants (until hopefully removed in D9)

  58. Entity access policies Pros and cons Pro: Supports any operation and entity type Pro: Option to have an access overview UI Pro: Works alongside node grants (until hopefully removed in D9) Pro: Easy to work around a problematic module

  59. Entity access policies Pros and cons Pro: Supports any operation and entity type Pro: Option to have an access overview UI Pro: Works alongside node grants (until hopefully removed in D9) Pro: Easy to work around a problematic module Con: Too big of a change at once to go into core

  60. Entity access policies Pros and cons Pro: Supports any operation and entity type Pro: Option to have an access overview UI Pro: Works alongside node grants (until hopefully removed in D9) Pro: Easy to work around a problematic module Con: Too big of a change at once to go into core Con: Loads a list of config entities to decide access to another list of entities

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

www.drupaleurope.org Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Drupal 8, Services and

www.drupaleurope.org Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Drupal 8, Services and

www.drupaleurope.org Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Drupal 8, Services and Decoupling Patterns Dinesh Waghmare About My Self Dinesh Waghmare, Drupal Mumbai, India Im working with Tata Consultnacy Services , Powai-Mumbai,

869 views • 53 slides
www.drupaleurope.org No photos please image Responsible disclosure, cross-project

www.drupaleurope.org No photos please image Responsible disclosure, cross-project

www.drupaleurope.org No photos please image Responsible disclosure, cross-project collaboration, and Drupal 8 security xjm Drupal & Technology | http://bit.ly/drupal-europe-d8-security Drupal + Technology TRACK SUPPORTED BY 17/3/2018

893 views • 44 slides
www.drupaleurope.org Drupal PKM A Personal Knowledge Management Drupal distro

www.drupaleurope.org Drupal PKM A Personal Knowledge Management Drupal distro

www.drupaleurope.org Drupal PKM A Personal Knowledge Management Drupal distro https://www.yongt9412.com/assets/drupal_pkm.pdf (Spanish) John Gustavo Choque Condori Drupal 8 Developer at MD Systems @yongt9412 Overview What we gonna talk

835 views • 49 slides
www.drupaleurope.org axelerant.com 1 Lesser known perks of using composer Drupal Europe 2018

www.drupaleurope.org axelerant.com 1 Lesser known perks of using composer Drupal Europe 2018

www.drupaleurope.org axelerant.com 1 Lesser known perks of using composer Drupal Europe 2018 axelerant.com 2 Drupal + Technology TRACK SUPPORTED BY axelerant.com 3 Special Thanks to.. axelerant.com 4 Mohit Aghera Drupal developer

723 views • 26 slides
www.drupaleurope.org The Future of Drupal Watchdog Magazine Brian Osborn, Drupal Watchdog

www.drupaleurope.org The Future of Drupal Watchdog Magazine Brian Osborn, Drupal Watchdog

www.drupaleurope.org The Future of Drupal Watchdog Magazine Brian Osborn, Drupal Watchdog Publisher Drupal Community Track Drupal Watchdog @drupalwatchdog www.drupalwatchdog.com Drupal Watchdog - History First launched in 2011

358 views • 11 slides
www.drupaleurope.org The Challenge of Emotional Labor in Open Source Communities Ken Rickard

www.drupaleurope.org The Challenge of Emotional Labor in Open Source Communities Ken Rickard

www.drupaleurope.org The Challenge of Emotional Labor in Open Source Communities Ken Rickard https://www.drupaleurope.org/session-by-industry/drupal-community Ken Rickard Director of Innovation | Palantir.net @agentrickard Drupal since 2005

1.19k views • 72 slides
www.drupaleurope.org How to grow up skills by contribution to community Andriy Iun Drupal

www.drupaleurope.org How to grow up skills by contribution to community Andriy Iun Drupal

www.drupaleurope.org How to grow up skills by contribution to community Andriy Iun Drupal Community track Andriy Iun dgo.to/@andriyun Fullstack drupal developer Active community member What is a community? Drupal community Come for

517 views • 35 slides
www.drupaleurope.org Browser Testing with Nightwatch.js Salva Molina Session URL:

www.drupaleurope.org Browser Testing with Nightwatch.js Salva Molina Session URL:

www.drupaleurope.org Browser Testing with Nightwatch.js Salva Molina Session URL: https://www.drupaleurope.org/session/browser-testing-nightwatchjs 13/9/201 8 Salva Molina PHP Engineer @salva_bg Drupal.org: slv_ Freelance Drupal &

507 views • 48 slides
www.drupaleurope.org Fields, Bricks, Paragraphs, Publishing + Media etc... What's the next?

www.drupaleurope.org Fields, Bricks, Paragraphs, Publishing + Media etc... What's the next?

www.drupaleurope.org Fields, Bricks, Paragraphs, Publishing + Media etc... What's the next? Media-Driven Content Architecture Vasily Yaremchuk Vasyl Yaremchuk Drupal Practice Lead at @vasilyyaremchuk drupal.org/u/yaremchuk Retrospective

658 views • 19 slides
www.drupaleurope.org CONNECTING MEDIA SOLUTIONS BEYOND DRUPAL MIRO DIETIKER miro_dietiker MD

www.drupaleurope.org CONNECTING MEDIA SOLUTIONS BEYOND DRUPAL MIRO DIETIKER miro_dietiker MD

www.drupaleurope.org CONNECTING MEDIA SOLUTIONS BEYOND DRUPAL MIRO DIETIKER miro_dietiker MD Systems - Founder Initiative Leader Switzerland CONNECTING MEDIA What is Content management? Landscape by example Media types Available

859 views • 85 slides
www.drupaleurope.org Community Events in WordPress @FrancescaMarano September 12, 2018 - Drupal

www.drupaleurope.org Community Events in WordPress @FrancescaMarano September 12, 2018 - Drupal

www.drupaleurope.org Community Events in WordPress @FrancescaMarano September 12, 2018 - Drupal Community Track CIAO! SONO FRANCESCA WordPress Community Team Representative WordCamp and Meetup Organiser WordPress Community

531 views • 31 slides
www.drupaleurope.org Digital Transformation + Enterprise TRACK SUPPORTED BY Successfully Proving

www.drupaleurope.org Digital Transformation + Enterprise TRACK SUPPORTED BY Successfully Proving

www.drupaleurope.org Digital Transformation + Enterprise TRACK SUPPORTED BY Successfully Proving Enterprise Drupal 8 George Steven George Steven Chief Architect (Drupal) @ Bayer curiouslygeorge Successfully Proving Enterprise Drupal 8 The

408 views • 14 slides
Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Code with style! Prettier + ESlint David

Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Code with style! Prettier + ESlint David

Drupal + Technology TRACK SUPPORTED BY 17/3/2018 Code with style! Prettier + ESlint David Corbacho Romn https://www.drupaleurope.org/session/code-style-prettier-eslint We want to deliver software without flaws. How to deliver software

743 views • 55 slides
www.drupaleurope.org Essential marketing At the regional level Imre Gmelig Meijling (Chair Dutch

www.drupaleurope.org Essential marketing At the regional level Imre Gmelig Meijling (Chair Dutch

www.drupaleurope.org Essential marketing At the regional level Imre Gmelig Meijling (Chair Dutch Drupal Association) Making Strategy Strategic a dent Engagement Marketing & Branding Identity Non profit Executing Activities

772 views • 52 slides
Talk to me Drupal Talk to me Drupal Using Drupal to power a Voice App Hello My Name Is Frank

Talk to me Drupal Talk to me Drupal Using Drupal to power a Voice App Hello My Name Is Frank

Talk to me Drupal Talk to me Drupal Using Drupal to power a Voice App Hello My Name Is Frank Hello My Name Is Frank I am a Christian, Father, and Technology Enthusiast. Online my name is frob (IRC, d.o, github) On Twitter I am @frobdfas My Blog

616 views • 44 slides
Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices

Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices

Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices flowing, and help give a broad overview of Drupal jargon, Drupal Architecture & the Drupal Community... May 21st, 2010 - SNHU, Manchester, NH

1.12k views • 52 slides
Metamodeling and Metaprogramming 1. Introduction to metalevels 2. Different Ways of

Metamodeling and Metaprogramming 1. Introduction to metalevels 2. Different Ways of

TDDD05 Component-Based Software Metamodeling and Metaprogramming 1. Introduction to metalevels 2. Different Ways of Metaprogramming 3. UML Metamodel and MOF 4. Component markup U. Assmann: Invasive Software Composition , Sect. 2.2.5

653 views • 41 slides
Women in Big Data x Pinterest Welcome! Regina Karson, WiBD Chapter Director Tian-Ying Chang,

Women in Big Data x Pinterest Welcome! Regina Karson, WiBD Chapter Director Tian-Ying Chang,

Women in Big Data x Pinterest Welcome! Regina Karson, WiBD Chapter Director Tian-Ying Chang, Engineering Manager Goku: Pinterests in house Time-Series Database Tian-Ying Chang Sr. Staff Engineer Manager Pinterest Pinterest Discover new

1.1k views • 81 slides
Environment Model 1. To evaluate a combination: evaluate subexpressions then apply value of

Environment Model 1. To evaluate a combination: evaluate subexpressions then apply value of

Environment Model 1. To evaluate a combination: evaluate subexpressions then apply value of operator subexpression to values of operand subexpressions. 2. Value of a variable w.r.t. an environment is the value given by the binding of the

329 views • 6 slides
GNU Radio in 2019: Facts and Plans An overview of where GNU Radio is going this fine year Marcus

GNU Radio in 2019: Facts and Plans An overview of where GNU Radio is going this fine year Marcus

GNU Radio in 2019: Facts and Plans An overview of where GNU Radio is going this fine year Marcus M uller 2018-09-18 Whatll happen in the next 40 minutes Looking back at 5 years of 3.7 What has happened to 3.7? Releasing GNU Radio 3.8

491 views • 24 slides
Intro to PHP Lecture 12 CGS 3066 Fall 2016 November 29, 2016 PHP PHP is a server scripting

Intro to PHP Lecture 12 CGS 3066 Fall 2016 November 29, 2016 PHP PHP is a server scripting

Intro to PHP Lecture 12 CGS 3066 Fall 2016 November 29, 2016 PHP PHP is a server scripting language, and is a powerful tool for making dynamic and interactive Web pages quickly. PHP is a widely-used, free, and efficient alternative to

1.67k views • 22 slides
Search: Uninformed Search Russel & Norvig Chap. 3 Material in part from

Search: Uninformed Search Russel & Norvig Chap. 3 Material in part from

Search: Uninformed Search Russel & Norvig Chap. 3 Material in part from http://www.cs.cmu.edu/~awm/tutorials A Search Problem GOAL a c b e f d START h r p q Find a path from START to GOAL Find the minimum number of

332 views • 31 slides
Regional Contracting Opportunities - USAF Col Sal Nodjomian, USAF Programs Division Chief

Regional Contracting Opportunities - USAF Col Sal Nodjomian, USAF Programs Division Chief

Headquarters U.S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Regional Contracting Opportunities - USAF Col Sal Nodjomian, USAF Programs Division Chief DCS/Logistics, Installations & Mission Support 1 Overview

673 views • 41 slides
Transport processes Part 3a Ron Zevenhoven bo Akademi University Thermal and Flow

Transport processes Part 3a Ron Zevenhoven bo Akademi University Thermal and Flow

Transport processes (TRP) Transport processes Part 3a Ron Zevenhoven bo Akademi University Thermal and Flow Engineering / Vrme- och strmningsteknik tel. 3223 ; ron.zevenhoven@abo.fi VST rz18 2/38 3a Transport processes (TRP) VST

305 views • 19 slides

More recommend