Book Image

Drupal 7 First Look

Book Image

Drupal 7 First Look

Overview of this book

Drupal 7 contains features for which site administrators have been clamoring for years, including support for fields, an improved administration interface, better database support, improved theming, and more. You could of course make a laborious search on sites, blogs, and many online tutorials that would promise to update you about every new feature, but there's an even better way to know all about Drupal 7's new features: Drupal 7 First Look is the first and only book that covers all of the fantastic new features in Drupal 7 in depth and covers the process of upgrading your Drupal 6 site to Drupal 7. If you've used Drupal 6 and want to use Drupal 7, you need this book.Drupal 7 First Look takes an in-depth look into all of the major new features in Drupal 7 so you can quickly take full advantage of Drupal 7. It also assists you in upgrading your site to Drupal 7. Some of the new features in Drupal 7 include: Fields API, based on Drupal 6 CCK, which allows you to easily build your own content types Improved user interface for administering your website Built-in support for working with images and files Improved security for the site and users of the site Completely rewritten database layer DBTNG to make working with the database easier and more secure. Improved API for custom module development and user interface theming
Table of Contents (13 chapters)
Drupal 7 First Look
Credits
About the Author
About the Reviewer
Preface
Index

Key new features in Drupal 7


As with any project, not all of the initial goals were completed and several additional features were incorporated that weren't part of the initial plan. Let's look at the key functionality that did make it into Drupal 7.

Improved installation

The first thing you will notice if you are installing Drupal 7 for the first time is the new installation routine. The new routine is designed to make it easier for new Drupal users to set up Drupal. The new installation offers two types of install—the regular installation and a minimal installation.

The Minimal installation is similar to previous versions. The new Standard installation automatically enables commonly-used functionality during the installation to save time after setup. The installation also automatically performs common startup tasks, like building an administrator role. Finally, the new installation system also allows for command-line installation of Drupal.

We will explore installation and updating in more detail in Chapter 5.

New administration toolbar and overlay administration

After installing or upgrading to Drupal 7 you will immediately notice the new administration toolbar (shown in the following screenshot) that appears on all pages if you have the permission to administer the site:

The toolbar groups commonly used tasks together making it easier for new administrators to learn how to configure Drupal and making it quicker for experienced administrators to get to commonly-used functionality.

Selecting an option from the toolbar will open a new overlay window, so you can change configuration options without losing your place on the site.

An example of the overlay panel is shown as follows:

Tip

Power users can disable use of the overlay window either by removing permission to use the overlay panel or disabling the overlay panel.

We will review the dashboard and new administration interface in detail in Chapter 3.

Improved interface for creating content

A big, but welcome, change for editors is the redesigned and updated interface to create and edit content. A sample of the interface is shown in the following screenshot:

The redesigned screen makes it easier to quickly navigate to specific sections within the content. It is also a more intuitive interface. We will dive into creating content in depth in Chapter 2.

Improved interface for creating new content types

In Chapter 2, we will also explore the new, more intuitive, interface for building content types, which is shown in the following screenshot:

The interface for creating content types has been redesigned to keep all of the options in a smaller space so navigation is easier and all information can be quickly accessed.

New Field API

A welcome sight to many Drupal administrators and editors is the inclusion of the Field API in Drupal core.

The Field API was built from the Drupal 6 CCK (Content Construction Kit) contributed module. It allows site administrators to add additional attributes to a node type. A field can have a variety of different types and be displayed in many different widgets (user interface elements). The Field API also supports translatable fields to allow for multi-lingual sites. We will explore the Field API in detail in Chapter 2.

Additional support for files and images

Building on the new Field API, Drupal 7 offers two new types of fields that will be useful on many sites—the file field and the image field. The file field allows editors and users with proper permission to upload files and attach them to nodes. The file field also gives administrators a wide range of configuration options to control the type and size of files that can be added, where the files are stored, and how the files are displayed within the node.

The image field builds on the file field to add functionality specifically needed for images. Image fields can be added to content types and configured much like any other field.

After adding an image field to a content type, you can control how the resulting image is displayed on the site through a series of simple configuration options on the field. Users with proper permissions can upload images directly to the site and Drupal will take care of resizing the images to generate thumbnails for proper display on your site. Drupal 7 also has new functionality to allow rotating and applying various other effects to images.

We will explore all of the new file and image features in Chapter 2.

Improved filter system

Filters allow administrators to control what can be inserted into text fields. For example, an administrator can only allow basic formatting like bolding and italicizing text to be inserted into content. Or, they can allow more advanced functionality like linking to images and inserting tables. An administrator can even allow PHP to be inserted within a text field. Drupal 7 renames Input Filters to Text Formats and adds some additional capabilities including the ability to assign text formats to different roles using the permission system. We will explore text formats more in Chapter 2.

Added context information to messages during translation

Translators and administrators of multi-language sites will love the new contextual information for messages. In prior versions of Drupal, one of the issues translators faced was messages that were used in different situations and therefore had different meanings. The problem was worse with short messages consisting of only a few words because the meaning could be more easily confused. Drupal 7 adds an optional context for the translation to allow developers and themers to make translatable strings less ambiguous. Because the context information is optional, performance is not negatively impacted. We will touch on translations throughout the book as appropriate, but most of the information on translations will be found in Chapters 2 and 3.

Built-in automated cron functionality

Many site administrators will be pleased to see the inclusion of a new cron system for Drupal that does not rely on running cron from the Unix cron system. In previous versions, this could be one of the most confusing and difficult configuration steps for a new site administrator. Now, it is a simple matter of selecting how often you want cron to run. The mechanism used is similar to the one used by poormanscron except that it runs from an AJAX request rather than delaying the response time of the page triggering cron. We will explore the new cron functionality more in Chapter 3.

Improved security

Security is always important to site administrators and Drupal 7 will please security-conscious administrators with several important new security enhancements including:

  • Cron is now secure and requires a key to be run from remote sites. This can help prevent denial of service attacks and overloading the server processor

  • Improved password protection including a new pluggable password system and stronger password hashing

  • Limiting invalid login attempts to prevent brute force attacks

  • Improved IP address blocking

Chapter 3 will cover these and many more security changes in detail.

Added a new plugin manager

While we talk about security and improvements to administration in Chapter 3, we will also cover the brand new plugin manager. The plugin manager allows automatic updates of your Drupal installation. The plugin manager will automatically download the appropriate updates from the Drupal website via FTP and place the downloaded packages on your site in the correct locations. The module has appropriate permissions to ensure that the update process is carefully controlled so the administrator knows exactly what is occurring.

Added the Seven theme for administration

A common complaint of Drupal administrators in previous versions was the look of the administration interface and that it could be difficult to tell when you were in the administration interface, since it used the same theme as regular content by default. To fix this, Drupal 7 has added a new administration theme called the Seven theme that is enabled by default.

The Seven theme uses a single column layout with muted colors and is an obvious contrast to the default blue colors of the default user themes. The following are a couple of samples showing how it appears on different pages (with the overlay disabled):

The previous view displays information in a single main column with each section of settings displayed in a smaller block in two columns. The next view shows a basic list of links:

The Garland theme is still used by default when viewing content. Drupal 7 preserves the ability to modify the administration theme to be any theme you want or to set the administration theme to always be the default site theme.

Added the jQuery UI to core

Site administrators and themers will both love the addition of jQuery UI to core. jQuery UI (http://jqueryui.com) is a powerful JavaScript library that includes common controls like calendars, progress bars, tabs, sliders, and more. It also includes functionality to allow drag and drop, resizing, sorting, selection, and more. As we go through theming changes in Chapter 6, we will point out areas where Drupal uses jQuery UI and talk about how to add jQuery UI to your site.

Allows additional preprocessing of themed information

Drupal 6 added the ability to add and modify variables to be rendered in a preprocess hook before the variables were rendered in a template. This functionality has been enhanced with the addition of a process hook that is invoked after all preprocessing is done. Drupal 7 also allows hook functions to define preprocess and process hooks, so they can manipulate variables as well. We will review these API changes in more detail in Chapter 6.

Added the New Stark theme

Several core Drupal 6 themes, which were not widely used and served mainly as examples, were removed in favor of the new Stark theme that is designed to make it easier to learn how to build a custom theme. The Stark theme should not be used on its own since it is not very attractive. However, it serves as a reference point for understanding the default HTML that Drupal emits as well as the default styling that Drupal provides. This information can be used to help identify problems with custom themes or to identify conflicts with modules that have been enabled. We will use the Stark theme in Chapter 6 as we review changes to Drupal's default themes and styles.

Rewritten database layer (DBTNG)

Arguably the biggest change in Drupal 7, at least for developers, is the new database layer, also called DBTNG (short for Database Layer: The Next Generation). DBTNG is a big change for developers since it changes how modules interact with the database. We will explore DBTNG in great detail in Chapter 7, but here are some of the highlights:

  • Includes a new database layer built on PDO (PHP Data Objects). PDO provides a consistent lightweight interface for accessing a wide variety of databases including MySQL, PostgreSQL, SQL Server, and Oracle. More information about PDO can be found at: http://www.php.net/pdo.

  • Adds a query builder to handle creating SELECT, INSERT, UPDATE, and DELETE statements. The query builder is designed to make accessing the database easier, more extensible, and more secure.

  • Provides support for replicating databases in master/slave and master/master configurations.

  • Improved support for connecting to multiple databases at a time.

  • Support for transactions when using transactional databases, with proper fallback when not connected to a transactional database.

There are many other exciting changes in the DBTNG layer that we will review in more detail later.

Improved node access system

Several changes have been made to the underlying node access system to improve the granularity of permissions, improve security, and make it easier for developers to properly maintain restrictions to nodes.

The first major change is the splitting of the administer nodes permission into two permissions, administer nodes and bypass node access. This allows administrators to give users the ability to administer only nodes to which they normally have access. We will discuss this further in Chapter 4.

The next major change is the ability for custom modules to influence the access to nodes even if they did not define the original access rules for the node. This gives developers more control over the logic needed to control access to information and functionality of the site. We will review these new APIs in Chapter 7.

Another change is a one step function call when using the DBTNG layer that instructs DBTNG to add node access restrictions to the query. This will make setting up proper security restrictions much easier to include and it will be easier to detect potential node access bypasses during code reviews. We will cover this API in more detail in Chapter 7.

Lastly, Drupal 7 adds additional restrictions for who can access unpublished content. We will review this change primarily in Chapter 3, but we will also touch on it in Chapter 7.

Added the Queue API for long-running tasks

Eventually, most websites find a task that takes a long time to perform and can't be optimized enough to be completed before the web browser times out. To take this situation into account, Drupal 7 adds a Queue API to manage long-running tasks. In general, any task that takes more than 30 seconds to a minute would be an excellent candidate for the Queue API. We will walk through the Queue API in Chapter 7.

Added a new test framework

Drupal 7 adds a comprehensive test framework called testing that allows developers and site administrators to run tests against an existing Drupal installation to ensure that it is behaving properly. Developers of custom modules can create their own tests to ensure that their module works properly and that the functionality does not regress when new versions of Drupal are released.

Portions of the test framework were back ported to Drupal 6 as the SimpleTest test framework, so you may already have some familiarity with it. We will look into the Test framework in more detail in Chapter 7.

RDF capabilities

A key concept of Web 3.0 sites is the use of Semantic Web technologies that allow sites to provide additional information about the meaning of the content provided within the site. One of these technologies is RDF (Resource Description Framework), which adds metadata to a page to give additional contextual information about the information on the page. Providing RDF information can help search engines and other applications to better understand your content, which may lead to improved search engine positions and more site visitors. Drupal 7 allows RDF information to be attached to entire nodes as well as fields within a node using the RDFa specification.