Rules is an especially useful Drupal module for all kinds of tasks. One use you might want to put it to is providing admin notifications of certain events on your site, e.g. user registrations (covered in the previous post) and the creation of new comments and content by “untrusted” users (assuming your use case allows them to create any content at all). For some use cases, you may wish to put strict limits on the creation of user accounts and content, but for the purposes of this article we are assuming you are administering a Drupal site where you want to encourage growth and community involvement, so you might allow anonymous users to comment on posts (albeit likely with the rel="nofollow"* attribute added to their links). And you might also allow users to create and confirm their own accounts and then create some types of content (e.g. forum posts, bug reports, etc). The downside is that you’ll need to be vigilant about squashing all the spam this policy invites (or the flow of new spam will quickly increase and be damaging to your SEO efforts), but on a site with only moderate traffic you should be able to manage this without a lot of trouble. This post covers using Rules to provide notifications of new comments and content. If you keep a close eye on user registrations and immediately block the user accounts which follow a pattern like other spam accounts you’ve removed (i.e. accounts likely created with the help of a “spambot”), you can eliminate almost all of the spam that requires use of an authenticated user account.

*Adding rel="nofollow" to links posted in “Filtered HTML”, presumably the only text format you allow for “untrusted” users, is simple, but well worth doing if you allow “anonymous” or newly-registered “authenticated” users to make any kinds of posts on your site. In Drupal 6, go to admin/settings/filters/1/configure and select the “Spam link deterrent” checkbox. In Drupal 7, go to admin/config/content/formats/filtered_html and find the vertical tab near the bottom labeled “Limit allowed HTML tags”, where the same feature is enabled with a checkbox labeled “Add rel="nofollow" to all links”.

Getting back on topic, the three events we want to create Rules for are:

1. New user registered (done, see previous article)
2. New comment posted by “untrusted” user (described below)
3. New content posted by “untrusted” user (also described below)

In every case, creating a new rule starts by going to the “add rule” page:
D6: admin/rules/trigger/add
D7: admin/config/workflow/rules/reaction/add

Notify Admin (and/or content authors) when new comments are posted

This rule sends an (HTML or plain text) email which includes the comment title and body, along with a link to quickly edit it. Here at Cocomore, rather than delete comment spam, we’ve been unpublishing the comments so we can still observe patterns. So we don’t get an email for each of our own responses to comments, we configure the rule to only notify us when “untrusted” users (i.e. any users who don’t have a “staff” or admin role) post comments.

It’s been a busy past several days in Barcelona (for the Drupal Developer Days) and most of us who’d been sprinting during the week before seemed to be in the same condition by Sunday—rapidly running out of energy from progressive sleep deprivation from an increasingly later return to our hotels. But it’s been an exciting week for Drupal core (and contrib) development and significant work has been completed on the Drupal core (mostly building up Drupal 8, but also some for added features in Drupal 7) while a lot of important decisions have been made which will likely shape development in a number of initiatives for the coming months until the sprints at DrupalCon Munich.

In addition to the Sprint I was primarily involved in (I was just trying to get my feet wet with assisting the Drupal 8 core development process by joining the multilingual sprint, but I did write my first committed core patch—admittedly this was a very basic patch), there were also sprints running for “Views in core”, Entity API, Media initiative, Mapping in Drupal 7, configuration management, abstracting social networking, search-related sprints, the Drupal.org upgrade… and possibly more still. I’ll cover some of the highlights of the week that I’m most knowledgeable about.

Multilingual Initiative

The multilingual initiative sprinted all week before the Developer Days sessions, and even continued through the weekend. And a lot of key decisions were made and important code changes committed and pushed to the central Drupal 8.x repository.

New user interface translation improvements in Drupal 8

This is something I got to do a bit with, but Swiss developer, Michael Schmid (Schnitzel on d.o), of Amazee Labs, was the primary developer working on this task during the Sprint. He and his colleague, Vasi Chindris, were among the stars of the week. It was a real privilege to get to look over their shoulders and to get Michael’s support when it came to using Git to manage code in the sandbox we were using for the issue. (Thank you, once again, Michael!) Once everyone was happy with the work, it got committed to core. This new sandbox workflow, used for larger issues, helps avoid a lot of bugs creeping into the main branch, as has happened during previous periods of intense core development. Of course the tests and test bots catch a lot of issues which could otherwise be major headaches for all concerned (automated testing was also a part of Drupal 7 development). If you recall, the long wait for Drupal 7’s release was due to hundreds of critical bugs. Now this should be a thing of the past since we have an established threshold for critical issues; and the core team only commit new patches to the central repository when we are below that threshold (15 “critical” bugs, 100 “major” bugs… among other thresholds specified).

The new user interface translation system allows you to keep imported (community contributed) translations separate from customized translations and search for a particular translation within either or both categories as well as filter by translated strings, untranslated strings, or both. If you have any unsaved translations, they are highlighted to help remind you not to leave the page without saving them and there discussion about providing a dialogue to prevent a site admin from accidentally leaving the page with unsaved changes, too. There is also an issue to allow the string search to be non-case-sensitive (checkbox) to find more strings that contain a particular word or phrase, regardless of text case. Since this feature came up in discussion after the rest of the user-interface changes had already been made, we elected to put the discussion about adding this feature in a separate issue. If you have ideas for what might further improve the Drupal 8 user-interface translation workflow, your input is valued.

April 2012 delivered a fresh batch of promising and useful-looking new contributed modules to the Drupal world. Perhaps because the immediately-preceding DrupalCon gave developers some time to collaborate and work on their contributions more than they normally might, this month seems to have a notable number of interesting new projects, especially considering the relatively “mature” state of Drupal 7 at this point. To help keep abreast of some of the most interesting new developments we have planned a monthly article to showcase these new modules; this is the first edition of our “Modules of the Month”. At this point in the release cycle, newly released modules are mostly only being released for Drupal 7, but a few have also been released for Drupal 6 as well; where Drupal versions are not mentioned, you should assume the module is only for Drupal 7.

Caveat: I have tested some, but not all of these modules. Be especially careful if you choose to use any of the “pre-stable” releases on production sites. I should also note that some other awesome modules released in April may not be included—I did my best to select the modules I’d be most likely to use, but there are some “special use case” modules which were not covered, but which might be very useful for some sites. The 30-something modules included here have been sorted into very loose categories.

3rd Party Integration / Social Media

Twitter Follow Block

The Twitter Follow Block module, by Pradeep Saran, provides a nicely styled box to show your Twitter link and followers in a jQuery-loaded block that can be placed in any region of your theme. You can configure the dimensions of the block (and thus, the number of “follower thumbnails” displayed) and you can choose from different color schemes to better match your current theme. It currently only displays the Twitter feed for one Twitter user, but what might be an interesting development would be a way to dynamically load the Twitter username (e.g. from a Profile field) so that the Twitter follow block would link to different users (based on the author of content currently viewed or the profile page being viewed, if applicable). The module is currently available as a “stable” 7.x-1.0 release and I look forward to seeing this get further developed.

Social Buttons

The Social Buttons module by Linnovate’s Raz Konforti, provides a field that can be added and configured for any content type (or any fieldable entity) and includes default button code for Facebook, LinkedIn, Twitter and Google+, but you can also easily add new buttons. Since it’s a field, you can also determine where and whether it is shown for each display (node view, teaser, RSS, etc). It has a 7.x-1.0-beta2 release as well as more recent commits to the developer branch.

Content Access Control

Hidden Nodes

The Hidden Nodes module, created by Bryan Ollendyke of Penn State University, helps allow staff to hide nodes from regular visitors while still allowing users with “staff” permissions (admin or author/editor -type roles) to see the content in the menu as it will appear when the content is finished. This helps get around the issues caused by the “black-and-white” absoluteness of published/unpublished status (and only being able to access content through the “administer content” system). It was created to integrate well with the Outline Designer module, another project sponsored by Penn State. Hidden Nodes has recently had its fourth beta release and is certainly an interesting project for streamlining team-based content workflows.

Restrict node page view

The Restrict node page view module, authored by Christian Johansson of Sweden’s Kodamera AB, helps prevent users from viewing content outside of its intended context. The example use case for this module involves a requirement to prevent users from directly viewing Views slideshow nodes (via their node/xxx paths), but of course there could be other content you want to restrict access to but still have its information available in a Views display, so direct access to the node by most roles can easily be blocked with this module. The initial release is shown as “stable”, and it’s simple enough, so may never require any fixes or updates. That said, I do hope that they modify the module so that full-node access is only restricted to selected node types (i.e. blacklist). It currently adds a set of permissions for all node types, which defaults to no view access for all roles and content types, which would be a pain on sites with lots of roles and content types, especially if the goal is only to restrict non-staff access to one limited node type out of many.