As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Critical security release for Drupal core to fix a Cross-Site Scripting (XSS) vulnerability. You can learn more in the security advisory:

Drupal core - Critical - Cross-Site Scripting - SA-CORE-2021-002

Here you can download the Drupal 6 patch to fix, or a full release ZIP or TAR.GZ.

If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)

FYI, there were other Drupal core security advisories made today, but those don't affect Drupal 6.

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.

Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).

Today’s business reality is nearly every company needs at least one website in order to be successful in their business. As organizations get larger, the number of websites companies need also increases. From Human Resources, to sales support, to customer service and support, different groups in your organization may have some similar needs, but different access levels. Making these websites turnkey can reduce the amount of time your IT or devops teams need to spend standing up resources. It can also significantly reduce development costs when you have a deployable website instance that can be used to fulfill the needs of several organizations in your company. In this first part a two part series, Tag1 Managing Director Michael Meyers talks with CIO Jeff Sheltren, and Senior Infrastructure Engineer Travis Whitehead about the challenges large enterprises face, and the software-based solutions Tag1 is using to help our customers be more successful with standardized website deployments. ### Additional resources - EKS - Pulumi For a transcript of this video, see Transcript: Deploying New Enterprise Web Applications in Minutes - Part 1. Photo by Amir Hanna on Unsplash

Read more lynette@tag1co… Wed, 04/21/2021 - 11:26

Project: Drupal coreDate: 2021-April-21Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross-site scriptingDescription: 

Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.

Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.

Solution: 

Install the latest version:

• If you are using Drupal 9.1, update to Drupal 9.1.7.
• If you are using Drupal 9.0, update to Drupal 9.0.12.
• If you are using Drupal 8.9, update to Drupal 8.9.14.
• If you are using Drupal 7, update to Drupal 7.80.

Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage.

Reported By: 

• Jasper Mattsson

Fixed By: 

• Alex Pott of the Drupal Security Team
• Jasper Mattsson
• Michael Hess of the Drupal Security Team
• Wim Leers
• Heine of the Drupal Security Team
• Peter Wolanin of the Drupal Security Team
• Jess (xjm) of the Drupal Security Team
• Samuel Mortenson of the Drupal Security Team
• nwellnhof
• Alex Bronstein of the Drupal Security Team
• Lee Rowlands of the Drupal Security Team
• Adam G-H
• Drew Webber of the Drupal Security Team

Introduction to the Introduction Over the last few years we’ve built lots of Drupal 8 sites, and some Drupal 9 ones too, both for our clients and for ourselves. As such, we’ve taken a keen interest in (read: faced many challenges with) the Configuration Management subsystem. This was a major new component in Drupal 8, and so, while it’s functional, it isn’t yet mature. Of course, the vibrant Drupal developer community jumped in to smooth the rough edges and fill the gaps, in what has since become known as CMI 2.

We are going to use Bootstrap 4 in Drupal 8/9 with Bootstrap Barrio. The Bootstrap Barrio theme for Drupal 8/9 integrates Bootstrap 4 (or Bootstrap 5 if you want) with your Drupal site. 

Bootstrap is a very popular framework for building websites. It provides designers and developers with a common language to communicate, making the development process a lot easier.

Creating a subtheme of Barrio is a straightforward process. This tutorial will explore the basic configuration options of the theme, which are managed through a complete graphical user interface.

Keep reading to learn how!

For the second year in a row, DrupalCon NA went virtual - and it was great. Here are some of our top takeaways from the event.

READ MORE

Dealing with constant upgrades and changes to the project requirements is not just the despair of all developers, but also dents the pockets of the clients. When discussing the project development - time and cost go hand in hand. The more the development time, the higher will be the cost. 

Drupal 8 was a major revolution for the Drupal community in many ways, not least of which was because of the complete rearchitecting of the codebase. We picked up the modernization of various frameworks and tools in the PHP community and applied it to Drupal. Of course, this makes complete sense because Drupal is written with PHP. One of the things we picked up was the PHP's shift to the object-oriented programming approach.

Choosing the Right CMS for Your Business : Part 2 Akanksha Mehta Wed, 04/21/2021 - 08:47

This is the second of the two-part series on ‘Formulating a business case for a new CMS’. The first part debates on open source CMS and proprietary CMS. The second part will discuss various other factors that are to be considered before opting for a new CMS for your business.

A Content Management System is one of those things that we didn't realise we needed until they became commonplace, and now it is near impossible to survive without using, or hearing of one every now and then. In an age where convenience and agility are prioritised, the concept of a CMS holds great merit. It highly simplifies the work of creating a website and expands the use case of technology, making it accessible to a wide range of people - whether technically proficient or not.

Factors to consider while choosing a new CMS

While one CMS may be good for a particular enterprise, it might add no value or even prove to be detrimental to the other. Hence, skimming through important factors is an essential aspect of building a business case for a new CMS. While in part 1 we have discussed multidimensional comparisons between open source and proprietary software, this part is focused mainly on discussing the factors that are responsible and must be addressed before bringing a new CMS to the table. 

Why go for a new cms? 

Before trying to answer questions like why to choose an open source CMS or when to go for a proprietary one, first the need for a new CMS should be justified. Is there aur technology problem that you're facing? Can that problem be solved by undergoing something less monumental than migrating all your content to a new CMS? If yes, should you update, rather than replacing your existing base? 

Once the need for a CMS is mapped out and you are sure that you'll be going through that route, the next step would be to shortlist, analyse and re analyse every aspect of the new technology. You should be thinking as holistically as possible during this phase to eliminate potential issues in the future.

• The CMS must resonate with your brand image, and facilitate the execution of your agendas. . 
• You also need to analyse the CMS in terms of the amount of content you’ll be operating on it and whether it will be able to handle that, and if it provides the architecture for you to manage your content methodically.

Listing down both the business related pros and the probable risks of every option would be a good idea before proceeding. 

Primary stakeholdership 

A question pretty important but often ignored while choosing a new CMS is who has the stakes to decide and consider on the different CMS features that are being debated. As your organisation expands digitally and physically, the number of stakeholders starts increasing as well. The various teams dealing with IT, Marketing and Content might see a different CMS each that fits well with their demands. It is, again, a matter of debate to decide which area your company relies more on and is looking forward to invest in. 

SaaS vs Hosted vs On Premise

A SaaS (Software as a Service) CMS is a cloud computing environment with no obligations to install, update or maintain it. In stark contrast to this is an on-premise CMS where a licence is required from the vendor to install the software on your own server, and the provider is also responsible for maintaining the software. In a cloud-hosted CMS solution, a licence is required to install the software, but after that, it works just like an on-premise CMS.

These technicalities also need to be addressed while the discussion for onboarding a new software, so that the team finally ends up choosing the right CMS.

Business impacts

Long-term impacts need to be examined beforehand if possible. CMS platforms categorise into Development Platforms and Solution Platforms - where the development platforms act like a blank canvas one can build anything on, and the solution platform comes largely pre-built with customisable features. If your business banks on a good User Experience and looks forward to personalizing user experiences, a development platform might be a better choice. Similarly, if the focus area is not UX or creativity but content, a solution platform would be a better bet.

Technology Integration

Exhaustive documentation is required to analyse what tools and technologies you are going to use for marketing forms, project management, CRM (Customer Relationship Management), email marketing and even customer support. Does the CMS provide enough flexibility and scalability features to operate each one of these tools efficiently? You don't really need an all-rounder CMS, you just need to figure out what technologies you are going to use and find an associated software product that syncs well with those.

Skillsets

Choosing a good team is way more tedious a task than choosing a good CMS. So now is the time to talk to the team members and discuss their strengths and weaknesses regarding the tools they are comfortable using, or are expecting to be a part of their workspace. Consider your existing IT infrastructure and expertise and analyse whether your team has sufficient time to allocate to installing, maintaining and securing a CMS. Do you have sufficient in-house resources to customise the CMS if needed? It is imperative to answer all such questions before going ahead.  To know more, read what skillsets facilitate traditional and decoupled Drupal development.

Feature bloat vs Feature-rich

Always bear in mind that a lot of features in a CMS require nerve and sinew to make them functional. You need to know the basics of every feature that you are planning to utilise. A software may have immense capabilities regarding personalization and customization, but these won't articulate by themselves. The question here is - do you possess the necessary resources to breathe life into all of this? More importantly, all that sparkles isn't gold. Do you, in fact, need all of this pomp and show, or is most of it going to lie stagnant or cause unnecessary delays due to a heavy system? Do realise that you want a feature-rich CMS, ie, one that has features that you actually need. 

The potential CMS of choice might be great for complex workflows, but the question is do you have or need a complex workflow with multiple approvals on the line to make decisions? It is imperative that you remain realistic about your company’s maturity and roadmap and see if it aligns well with these technologies, hence not overdoing features to the point where they become unnecessary ornaments on the site. Always keep the requirements matrix of your platform in the backdrop while deciding on which CMS to go for.

Product demos

Theory can never be as reliable as practical examples.  An investment as elaborate as choosing a new CMS cannot be planned without taking into consideration various product demos and user reviews. Once the feature requirements have been worked through, develop usage scenarios and conduct initial product research for the next phase of the selection process - which is to document your needs and test the product against these requirements. Try to look for reviews that talk about problem solving, certain encountered issues, software upgrades and other potential problem causing areas.

In this phase, also try to examine whether the product naturally fits the vision of your company, what compromises might need to be made if you choose the product, and more importantly, if the vendor understands your business' work patterns and complements your ideas. Also run a check with your present team on how compatible they are with the platform.

Understanding the product roadmap 

It is imperative that you realize the roadmap of the potential vendors as well. Does it align with the track that you have set for your business? Taking the effort to track the future plans you are thinking of opting for would not be 'going overboard'. Being a little foresighted is an essential quality in a business owner. With new technologies taking over every now and then, the general trajectory might undergo change several times over the years - hence, a good way to track the adaptability of a CMS would be to trace down history and examine how much it has changed in the past to to fit into the ongoing trends, like decoupled architectures, cloud, SaaS etc. 

Cost efficacy

The budget is one of the first things an organisation considers. All kinds of costs - initiation, operation and implementation - need to be considered while chalking out the investment, as we don’t want the plan to turn turbulent at a later date. Software upgrades, maintenance, premiums - everything should be studied carefully in order to comply with your monetary limits. Both proprietary and open source models incur certain kinds of costs but in very different dimensions. Hence, it is upto you to prioritise where you want your money to be spent.

Drupal: An ideal CMS for building a modern web property

Since the choice of a software turns out to be the bedrock of all business activity online, most users try going for reliable options that have stabilized their name in the market by proving to be a resilient business partner over the years. Drupal is one such CMS that has been here for over two decades, and has been powering websites across the globe ever since. Let’s see how Drupal stands against the various dimensions of choosing a new platform.

• Open source

Drupal is an open source platform with contributors bringing in global, cosmopolitan perspectives to their work each day. Apart from the many benefits of being open source, there's also a social satisfaction that comes with being a member of the community. Hence, Drupal development is free of cost to begin with. Depending on the level of customisation and the number of features you want to use, partnering with a digital agency can of course incur costs.  Learn more about merits of open source by going through the impact of open source during covid-19 pandemic, influence of large companies on open source, the power of being recession-free and the perks of contributing to it.

• Content authoring

Drupal offers all the high utility tools required for content creation, publishing and the maintenance of a seamless workflow. Authentications and permissions are placed at appropriate levels to help manage editorial management. This means that right content architecture can be created using the admin interface, or even programmed. One can work with granular tagging and mobile editing to create content that is suitable for both websites and mobile applications. Drupal allows content authors to use a WYSIWYG editor to create and edit content in-place, ie, one could browse to a page, click on the content and edit it right there, on the spot. Apart from this, Drupal provides for tracking content revisions, an essential feature is you have multiple editors on board.

Drupal with its powerful display mode tools categorizes and displays only the most appropriate content including an array of media. While the Layout Builder allows content authors to create customisable visual layouts to display content, the Paragraphs module paves the way for an organised, cleaner site by providing pre-defined Paragraph Types for organising text blocks or images in a slideshow. For more on content authoring using Layout Builder and Paragraphs, read here.

• Ease of use

Drupal's ease of use again depends on the manner in which you are using Drupal. If you are using the headless version to create custom layouts and mobile applications, very easy usability cannot be expected with the additional technicalities involved. However, developers point out that the availability of modules for every functionality on Drupal makes it extremely convenient even for newbies, making the learning curve quite short. Moreover, starting as a Drupal developer requires the least amount of Drupal centric learning and one can even start with the basic programming languages. Read here to know more about how easy learning and working with Drupal can be.

• Industries suitable 

Since everything in Drupal is extremely customisable, it can be moulded into under requirements of literally any industry, both government and private. Currently Drupal is in use across several industries dealing in digital media, FinTech, sports,  food, education, and many more as can be seen below.

Source : Drupal.org

• Security

In terms of security, Drupal emerges as a solid and secure CMS. Being designed keeping robust security in mind, it comes as no surprise that Drupal powers the websites for many leading corporations, brands and governments across the world. While one of the largest open source developer communities in the world ensures a rapid response to any issues, a bunch of problems are prevented solely by Drupal's strong coding standards and a stringent community code review process. No wonder, a report by Sucuri proves that Drupal is one of the most secure CMS among the major open source CMSes in the market.

Source : Sucuri

• Scalability and performance

In a case where it is used and optimised appropriately, Drupal can be scaled up to reach millions of people. For instance, the CDN (Content Delivery Network) module helps one integrate their Drupal website to a CDN, which is basically a globally distributed network of proxy servers that increases the reach of your content manifold. If the hardware of your server is giving up, Drupal allows you to scale it either vertically or horizontally - i.e., by either adding more resources at the same server or adding multiple servers to divide the load. Read about Drupal’s immense scalability and high performance offerings to know more.

• Decoupled Drupal 

Decoupled Drupal comes with a bunch of flexibility. Developers are free to choose any front end tools that they deem fit while backing on Drupal to provide a robust backend. Decoupled Drupal architecture provides the best possible framework for serving content in the form of chat platforms, conversational UIs (User Interface) etc. through a variety of channels like mobile apps, Internet of Things apps, smartwatches and CRM systems. To know more, read about Decoupled Drupal architecture, difference between monolithic and decoupled architectures, when to move from monolithic to decoupled architectures, how to decouple Drupal, and success stories on decoupled Drupal.

• Multisite

Drupal allows for maintaining separate independent sites that branch out from a single code base while having their own separate databases, configuration, files and URLs.

• Multilingual 

Drupal enables building multilingual websites with its built-in language handling abilities that make it easy to create localised digital experiences. Certain core modules in Drupal facilitate the translation of every element of a website. Explore more about Drupal’s magnificent multilingual capabilities here.

• SEO

Drupal can greatly aid you in the Search Engine Optimisation of your website, necessary for clients to find you. You can rely on Real time SEO For Drupal to constantly remind you of anything you might have missed in the optimisation process, and work with the Googalytics module to integrate Google Analytics in Drupal, hence keeping in touch with all the current trends. To know more about Drupal’s SEO features and to update yourself on the present and upcoming SEO trends, check this guide on Drupal SEO.

• Mobile apps

Drupal focuses on mobile first development. It has also come up with a mobile initiative for this, along with multiple device friendliness to bring about community participation in the same. Not only that, the potential for building mobile applications with Drupal is plenty. For example, you can extract the power of Flutter and Drupal together to build an intuitive mobile app. 

• E-commerce

Using Drupal Commerce, businesses can utilise an open-source eCommerce framework to build flexible eCommerce websites and applications based on Drupal. Drupal commerce aims to make teams more productive by simplifying complex checkout outflows and keeping every feature accessible at an arm’s length for a merchant of any size. One doesn't need to worry about conforming to industry security standards while implementing Drupal, and can easily rely on  Drupal's own best practices.

It also includes provisions for integrating payment and fulfillment tools to strategize the best marketing strategies tailored for your business. The Commerce Kickstart distribution can be used to start the project, as it comes loaded with features that make it easy to use and administer.

For creating a more engaging and interactive website while still staying in touch with Drupal Commerce, headless Drupal could be utilised. To complete this transaction, APIs (Application Programming Interface) act as the bridge to connect the frontend and the backend - with Commerce API extending JSON:API and Commerce Cart API which lays out an interactive interface of the buyer’s cart through REST API.  Read here to know more about content-driven commerce with Drupal.

• Web accessibility

Drupal has various modules in place to ensure web accessibility guidelines, realising how important it is to make the website accessible to users across the globe. Modules like CKEditor provide a number of features like CKEditor Accessibility Auditor and CKEditor Accessibility Checker to analyse if the overall experience is convenient for disabled people. Keeping accessibility uniform throughout the site, Drupal’s Automatic Alternative Text Module provides alternative texts in all the images where the content author may have missed it. To further your knowledge on how Drupal ensures web accessibility, read here.

• Documentation

Every little step taken by Drupal or the community  is exhaustively documented for greater knowledge sharing and transparency among the stakeholders and contributors. Dries Buytaert’s State of Drupal presentation in July 2020 and December 2020 includes all the changes and upgrades made in Drupal in the past year. For more proper documentation on everything Drupal, you can check out Drupal’s official documentation page. Whether you may want to try out a Drupal demo site or are ready to build a perfect Drupal-powered site for your business, the curated list of user guide, evaluator guide, local development guide and many more will help you easily start your Drupal website.

• Agency partner availability

Drupal Marketplace lists all the agencies that are avid contributors to Drupal's modules, distributions and case studies revolving around Drupal projects. Hence, if a business is thinking of starting a Drupal project but doesn't have the required expertise to go about it, they can contact one of these top ranking agencies for Drupal development services. OpenSense Labs ranks in the top 5 and would love to partner to help fulfill your digital transformation dreams. And, if you wish to leverage more resources for your projects, our staff augmentation services would take care of the rest.

• Support and maintenance

One of the biggest plus points of being an open source platform is that support is highly accessible and maintenance is pretty swift. Since it is such a widely cultivated and utilised platform, there cannot be bug fixes related to important issues lying around stagnant for a large amount of time. The Drupal community is always walking towards resolving issues that crop up from time to time. 

If you have a Drupal website that you require assistance with, we at OSL could help you out with our  Drupal Support and Maintenance  program.

Conclusion

This concludes our exhaustive list of factors responsible for choosing a new CMS, complete with a business case comparison between open source and proprietary models. Hopefully this article helps you in making the correct decision regarding your business' choice of the appropriate digital platform.

blog banner blog image open source cms vs proprietary cms Drupal CMS open source cms Blog Type Articles Is it a good read ? On

Test for News N°1

​

New Year, New Faces, Same Focus

We’re back! Season 2 of Mediacurrent’s Open Waters podcast is officially on its way. We recorded a special trailer episode to celebrate. 

Our own Susan Cooper is taking over the mic this season with co-hosts Mark Shropshire and Mario Hernandez. Just like last season, our purpose is to explore the intersection of open source technology and digital marketing. We’ll share the challenges and solutions we see with our own clients and in the market.

During season 2, we'll be covering topics including:

• How to optimize your digital strategy
• Accessibility as a business imperative
• UX design principles
• How it all works together using open source technologies like Drupal

Welcome to Season 2

Meet the Hosts  Susan Cooper 

Role at Mediacurrent: Senior Project Manager

Podcast creds: Co-host of Inclusion Catalyst, a podcast about diversity and social justice issues, and Producer of Marketing Upheaval.

What are you most excited about for season 2? I love podcasting and audio branding in general, so this is something I’ve been looking forward to since the day I started at Mediacurrent! These conversations are a great opportunity to learn from our guests and build community around our open source mission.

Mark "Shrop" Shropshire 

Role at Mediacurrent: Senior Director of Development 

Podcast creds: Shrop can be found talking about open source security, leadership, mentoring, and more on his two personal podcasts: goServeOthers and SHROPCAST

What are you most excited about for season 2? The opportunity to learn more about what other talented folks are doing in the marketing and tech industries. It is easy to be comfortable with what you know today, but I find that having conversations with others can really challenge you to think differently and learn new niches.

Mario Hernandez

Role at Mediacurrent: Head of Learning 

Podcast creds: Member of the original cast of Open Waters  - Mario co-hosted the first season of our podcast.

What are you most excited about for season 2? I am looking forward to interviewing industry leaders to discuss all things open source. I am also really excited about teaming up with Susan and Shrop. Both of them have vast experience in podcasting and I am ready to learn from them.

Podcast release schedule 

New episodes will be released monthly on the Mediacurrent blog and wherever you follow your favorite podcast. You can also follow us on Twitter for updates.

Subscribe to Open Waters

Visit mediacurrent.com/podcast to hear the latest episode and subscribe to the podcast on your favorite podcast app. Share the podcast or tell a friend about it - tag us @mediacurrent on Twitter. 

How can I support the show?

Subscribe, leave a review, and share about us on social media with the hashtag #openwaterspodcast. Have an idea for a topic? Get in touch with our hosts at podcast@mediacurrent.com

The Admin Toolbar Module The Admin Toolbar module gives you one-click access to Drupal admin screens. It works like a drop-down and slide-out menu system that is so popular on the web.

How to Control Access to Restricted Pages with the Rabbit Hole Module in Drupal 8 Shruthi Shetty 20 Apr, 2021 Top 10 best practices for designing a perfect UX for your mobile app

There might be instances when you want to restrict access to some pages of your website. It could because you want increased security for the high-risk data that’s lying on the page or you want only your subscribed users to be able to view the content. This functionality is provided in Drupal 8 by a module with an interesting name called the Rabbit hole module. The module is also compatible with Drupal 9! In this article we will be elaborating on the module and how you can implement it in your next Drupal project.

 

What does the Rabbit Hole module do?

The Rabbit Hole module provides the ability to control what should happen when an entity is being viewed at its own page. It also controls what happens when someone visits an entity page.

In simple it allows you to easily redirect or prevent users from viewing specific types of entities on your site. You can grant or deny user access to entity types or specific Drupal entities based on user roles. For example: To display paid content to users with a subscription or to allow special user roles.

Some of the entities that it supports are Nodes, Taxonomy Terms, Users, Files, Group and Media Entity

The Rabbit hole module for Drupal 8 provides multiple options to restrict access to specified pages. You can choose to deliver access denied or page not found pages. You can also choose to redirect a page to any path/URL. Or you could choose to display the entity as it is.

Configuring the Rabbit hole module

Here’s how you can configure the Rabbit hole module for an entity type:

• Download the module using composer require drupal/rabbit hole
• Click on Extend in the Admin toolbar.
• Scroll down and select the entities for which you want to add the functionality for
• Click on install.

Configuring the Rabbit hole module: Select the required entities

Create a VIP Role

When you create a VIP role, only paid users will be allowed to view the content. Without a paid membership user will be Authenticated user.

• On the Admin toolbar click on People -> Roles -> Add Role
• Give the role name as VIP
• Click on Save 

Creating VIP roles

Create Users

Here let’s create an Authenticated user and a VIP user.

• Click on People -> Add user
• Enter the data and select the role as VIP
• Click on Create a new account 

Create a new user account

In the same way create another user with the role of Authenticated. After that, the People page will look like this.

All Users

Create VIP Content Type

• Click on Structure -> Content type -> Add content type
• Give a proper name and description for the content type
• Click on Rabbit hole Settings
• Keep “Allow these settings to be overridden for individual entities” option as checked. It will allow administering permissions on a node basis
• Choose the redirect option and enter the URL of the site to which you want to redirect
• Click on Save and manage Fields.

Create VIP Content Type

• Add an image field and place it above the body field on the content type to manage display settings.
• Click on Save 

Set Access Permissions

Users with a VIP role will have to be able to bypass the Rabbit Hole control. 

• Click on People - > Roles
• Click on the dropdown arrow of VIP role and click on Edit permissions
• Search and Check for the Bypass Rabbit hole action for Content permission. Save the permissions. 

 

Create Content

• Click on Content -> Add content -> VIP content
• Create a node and hit Save 

Create content

Test the Rabbit hole Module

• Login as an Authenticated User
• Click on the Teaser title of the VIP content on the Home page)

Testing the Rabbit hole module

• It will (and should) redirect to the Access denied page.

Access denied for an Authenticated user

• Now let’s logout and login again but this time as a VIP user.

• Go to home page and click on the Teaser title.

• As a VIP user, you will now be able to see the node and content.

The Rabbit hole module for Drupal 8 offers a great deal of flexibility to enable granular access control to entities. And it is also compatible with Drupal 9! It is one of the most popular Drupal modules having more than 40k installs. Looking for assistance in leveraging and customizing Drupal modules like this one? Our Drupal development team would love to talk to you!

Drupal 8 Drupal 9 Drupal Module Drupal Development Drupal Planet Drupal Tutorial Shefali ShettyApr 05, 2017 Subscribe For Our Newsletter And Stay Updated Subscribe

Leave us a Comment

  Shefali ShettyApr 05, 2017 Recent Posts How to Control Access to Restricted Pages with the Rabbit Hole Module in Drupal 8 Image Celebrate with Us! Specbee Sponsors DrupalCon North America 2021 Image A Simple Guide to a Drupal 7 to Drupal 8 (or 9) Migration from a Database Source Want to extract the maximum out of Drupal? TALK TO US Featured Success Stories

A Drupal powered multi-site, multi-lingual platform to enable a unified user experience at SEMI.

link

Discover how our technology enabled UX Magazine to cater to their massive audience and launch outreach programs.

link

Discover how a Drupal powered internal portal encouraged the sellers at Flipkart to obtain the latest insights with respect to a particular domain.

link

VIEW ALL CASE STUDIES

E-commerce tracking with Google Tag Manager and Google Analytics Editor Tue, 04/20/2021 - 14:15

An e-commerce website needs user interaction tracking like no other. Knowing your transactions, traffic sources, cart abandonment, and much more will help you improve your sales and marketing efforts.

An awesome choice for an e-commerce tracking setup is to use Google Tag Manager with Google Analytics, and that’s exactly what we are going to discuss in today’s post. This will continue our series of articles about Google Tag Manager — after our general overview of Google Tag Manager and a summary of GTM best practices, we are now inviting you on a special e-commerce journey with GTM and GA.

Everything You Need To Ask Yourself Before Choosing the Ideal DXP Gurpreet Kaur Tue, 04/20/2021 - 16:03

If there is one thing that is in abundance today, that’d be competition. It starts as soon as a child is born and ends when he takes his last breath. It’s not just people who have to face the gruelling reality of perpetual competitiveness, it’s also the non-living objects who compete. 

Tell me, can you possibly buy the new Adidas Aerobounce 2 without checking what the competitors have to offer? And can you really buy that shoe without comparing the prices on the online and offline stores? I am sure not. 

This is why brands and businesses try to be the best in catching the eye of the consumer and presently the best way to do that and beat the competition is through Digital Experience Platforms.

Today’s consumer doesn’t connect to a business through medium, there are a number of touchpoints in play and integrating all of those together to engage your consumer base is what a DXP does. This helps businesses to not only build and deploy digital experiences, but also improve them continuously across your websites, portals and mobile applications. All of it accumulating to a wholesome user experience.

Source: Bloomreach

The diagram above is the sum total of a DXP’s powers, which are pretty versatile, as it combines all of the various aspects of online businesses, be it social media or personalisation and targeting, and lets you deliver a seamless digital experience. 

Digital Experience Platforms provide an edge to a business that CMSs and WEMs cannot and that is why they are becoming popular by the day. Their advantages back this claim. 

• The ability to manage the bazillion consumer touchpoints is the paramount merit, be it FAQs or chatbots, there is an answer to everything.
• Then is the ability to connect your business’ various aspects at one place, from sales and commerce transactions to instilling loyalty amongst the consumers through in-house programs. 
• The ability to be flexible is inherent in DXPs as well. You can build it on your rhyme and rhythm, there won’t be any objections. 

Let me also give you a few statistics to understand the rage DXPs are becoming in the present and what their future looks like.

Source: Markets and MarketsSource: Markets and Markets

Based on these figures, I have to ask, when are you switching to a DXP? If the answer is right about now, you have landed yourself in the right place because I am going to be talking about all the things you would have to consider before choosing the right and most suitable DXP. So, let’s begin our DXP checklist. 

What tools and integrations are you using and plan to use?

The foremost question to ask relates to technologies you are using and plan to use in the future. You can document these technologies based on your consumer’s journey. This would allow you to create the most optimal digital experience for your users because you would have worked on the gaps and weaknesses of the journey. 

From that first step, you have to move onwards and upwards and focus on all the tools and integrations you would need to work with your chosen DXP. Let’s take a look at them together. 

Data Analytics 

Every organisation has a data warehouse, however, it’s proportion does vary. This data might as well be responsible for shaping your strategy. Therefore, you have to consider your analytical requirements before taking on a DXP. 

Remember that you can always come to Google Analytics for any analytics, even after choosing a closed DXP. To know more on how data driven strategies can help understand consumer behaviour, read here.

Digital Marketing Tools 

The DXP you choose should be able to integrate with various marketing tools in the market. Look for integration support with a keen eye, it could be out-of-the-box or an extension, but it has to be there with a side of third-party marketing automation at play.

Conducting a thorough review of the MarTech stack is also recommended here, find out what is being used and where it is being used before going any further.

Digital Asset Managers 

If you have a digital asset manager, you should consider one thing and that is its integration with other downstream systems. This would ease the flow of images and assets through your organisation. Everything about digital asset management (DAM) here.

Backend Integrations 

Then is the question of backend integrations, you could have a CRM or an EPR working at your backend. If that is the case, you ought to start finding them out and assess their compatibility with your DXP provider.

What are your notions about decoupling?

Nobody likes being constrained, the joy you find when you are free to do as you want is unlike anything else. That is pretty the scenario with decoupling or going headless. You could have a strong monolithic architecture now, but in the future that could change, because what works today may not work tomorrow. Therefore, you should think about choosing an Open DXP, if you are indecisive about decoupling today.

Your projects could need microcontent; 
Your content could need to be published on multiple channels; 
Your developers could ask to go headless because there is so much to explore; 

All of these scenarios are real possibilities and you must consider them before making firm decisions on decoupling and DXPs. There are plenty of these platforms that support going headless and having that room to explore can’t be bad.

What are your plans for commerce?

Commerce is another important aspect you need to consider before choosing a DXP. Having all the right features to look for is crucial here. You have to ensure that the DXP’s commerce strategy actually aligns with your commerce needs and at the same time gives you room to be better. 

• Assess yourself first, know whether your needs are just browse and buy or are they more than that.
• Assess whether the DXP should be able to work with different commerce technologies to get you what you want.
• Assess your Stock Keeping units and let their count decide the kind of robustness you would need in your DXP. 
• Assess the kind of data model you need based upon the working of your team and its present and future needs. 
• Assess the importance of content in commerce, more like search it up and integrate it without any hesitation. This would create a much more effective experience for the user.
• And assess whether going headless is worth losing the commerce extensions that come along with the platform.

Once you have an answer to these, you’ll become a step closer to the perfect DXP for you.

What are your editorial needs?

After technology, comes the part your content writers and editors play in the DXP decision. You have to understand that the more writers and editors you have, the more complex the editing experience would become and you would need a DXP that can handle it.

In this regard you have to consider three things before making a decision. 

Cache Manipulation 

Cache manipulation features allow you to sync your developers’ caching strategies with the user's needs. This helps in making you content appear quickly to the users and a perpetual communication in your cache layers.

Review Needs 

Sometimes your content needs to be reviewed by people within the organisation before it goes live. These could be your legal department or even project managers. If that is the case, you need to look for a DXP that is equipped to handle this kind of editorial needs.

Multilingual Requirements 

Finally, many sites today are operating globally, this means they have to change to the local language. For that your DXP needs to have impeccable translation needs, with understanding of the various dialects of the said language. You can’t be using American English on a Scottish website, it won't be wrong or unethical, just inappropriate and your audience might not be able to relate.

What is the value of security for you?

Security is another major criteria that has to be given its due importance. Making a fully-functional site with all the right features, but lack of security would make all your efforts go in vain. That’s why you have to look for the right security features in a DXP to avoid the unfortunate fate.

• The foremost feature to want should be an integration to Varnish and a CDN along with free-flowing interactions between the DXP and cache layers. 
• Then you should think about securing your network nodes that are outside your network core. This is done through edge protection services provided by top DXPs, so make that a mandate.
• Distributed Networks Attacks can be quite harmful, so ensure that the DXP you choose can prevent and counter them.

Also remember that you need to let the experts do the decision making in this regard because you cannot afford to go wrong here. 

What about government regulations and stipulations?

There are a number of rules and regulations that your digital experiences have to adhere to with a super glue consistency. A DXP that makes that easy for you is always going to be a winner; you must know what happens when you go against the law.

Here are the paramount regulations that you have to stick to.

• Americans with Disabilities Act or ADA;
• General Data Protection Regulation or GDPR; 
• Health Insurance Portability and Accountability Act or HIPPA; 
• Family Education Rights and Privacy Act or FERPA; 
• Web Content Accessibility Guidelines or WCAG;

These are a must when building digital experiences, so grill your prospective vendors about them and if possible, ask for case studies.

Apart from this, Personally Identifiable Information should be a factor in your choice. The way it is collected and stored should be compliant with the GDPR regulations.

What are the financial implications?

When you would be looking for a DXP, you will certainly want one that will favour all the technologies that you want to incorporate into your organisation’s digital platforms. Am I right? So, you will be aiming for the best out there. However, what if the best is not within your price range. Do you settle then? No, of course not. You choose what is the most suitable for you and whatever ticks the most boxes. 

So, before or even during the selection process of a DXP, you need to allocate the budget you are comfortable with. It could be less than a hundred grand or close to a million dollars, that is on you. 

Remember that just because a DXP is expensive, doesn’t mean it is the best. Whatever your budget may be, you could still get what is best for you.

Finally, what do you want the future to hold for you?

Life is often regarded as transitory and it really is; what is important today may not be important in future and what may seem trivial today may become the next big thing. 

The same is true for DXPs and your digital experiences; they will evolve with time. Therefore, when you choose an agency remember to not let it make you inflexible. You would need to keep an open mind about the future and your digital experiences should have the same openness in their build. 

• Look for future scope in the DXP; 
• Look for extension of current technologies like marketing automation; 
• Look for an open DXP architecture with flexible APIs.

You certainly cannot be sure of the future, but what you can be sure of is the fact that the future is going to change and you would have to change with it. 

Bottom Line 

As Steve Jobs said,

“You’ve got to start with the customer experience and work back towards the technology- not the other way around.”

There is real meaning behind that statement, all of your digital experiences start with and end with the consumer, so why not prioritise them over everything else. 

So, how to choose a DXP? By assessing your past, present and future in accordance to your consumer experiences. You must want to create a fulfilling digital experience for your users, for that you have to have a fulfilling digital experience platform that guarantees to check every and all of your necessities. The questions I talked about above would help you kick start your DXP journey. OpenSense Labs continues to build amazing digital experiences with Drupal that endeavor to provide all of what we discussed, so you could, maybe, start looking here to build a Drupal-powered DXP. 

blog banner blog image Digital experience Digital Experience Platform DXP Blog Type Articles Is it a good read ? On

Gatsby and Next are both based on React and become more and more adopted, far beyond the Drupal sphere. Choosing a decoupled solution comes with a resource cost though (budget, team-wise), and might not be the right fit for every project. Working with these solutions is still time well invested.

According to the Composer documentation, you shouldn't commit to version control any of the files in packages that are managed by Composer. For a Drupal project, that means the following folders are not in your git repository:

• vendor
• web/core
• web/modules/contrib

Bluntly, I think this is the wrong thing to do. Doing the exact opposite saves you time, effort, heartache, and energy.

Let's start by comparing the two workflows.

Composer-recommended workflow: the wrong way

1. Alice, the developer, updates some packages in her local dev.
2. She commits only the composer.json and composer.lock files.
3. Bob pulls changes, and runs composer install to update his local dev.
4. When the project is deployed, the server needs to run composer install as part of the deployment process.

Git-managed workflow: the right way

1. Alice, the developer, updates some packages in her local dev.
2. She commits all the new and changed files.
3. Bob pulls changes.
4. When the project is deployed... it's deployed. All the files necessary to run the app are in git, and so updating the server's git clone gives it all the files.

The first reason this workflow is better should jump out: developers save time. Git is much faster and pulling files from a repository than Composer is at resolving, downloading, and installing packages.

The second reason is related: save time in deployment. That's not just developer time, that's time your production server is down.

The third reason is more philosophical: Composer is not a file management tool. It's a dependency management tool. Let Composer do what it does well, which is figuring out which versions of which packages should be installed. Let git handle what it does well, which is synchronizing different copies of a codebase. Purists may point out that git is a version control tool, not a file management tool: that's a valid point, but doesn't diminish my argument: commit all files, and then use rsync or whatever to get the files from a git clone to the server.

Related to this: don't make your webserver do package management work; that's not its job. And don't make Bob repeat the work Alice already did.

Finally, committing files to git puts them under version control. That's merely stating the obvious, but putting files under version control has many benefits.

• IDEs typically ignore git-ignored files for things like searching and code analysis. On my IDE at least (VSCode), disabling that means it then wants to include things like the uploaded files folder.

• Similarly, search tools such as ag and ack take .gitignore files into account, and having to override that robs you of useful behaviour.

• Finally, files under version control are easier to debug and tinker with. I for one often go digging in core or contrib modules, trying to figure out why something isn't working the way it's supposed to, or trying to fix a bug. To do that, I put in dump statements; sometimes tons of dump statements. (I can never get xdebug to work. Dump statements are quick and easy.) With code under version control, cleaning up all that mess is trivial: git can discard all changes. Without version control, I'm hunting through files for all the debug changes I made, or bouncing on CMD-Z like it's still the dark ages.

So, put all your files in version control. And remember the adage: if it's not under version control, it doesn't exist.

• Add new comment

I have written my first GitHub Action – bluehorndigital/setup-drupal. In my phpstan-drupal and drupal-check projects I have various GitHub Actions workflows that build a Drupal project via Composer.