jimmynash's posterous

 

Enjoy.

 

Check-in was a little bit of a free-for-all. Badges were printed before the camp with information from registrant profiles. The information on the badge varied based on how much of your profile you had filled out. Some people had their username on the badge. Others had their full name. Several people had a stack of the badges and were trying to hand them out to people who didn't know if their username was on it or their real name. Surprisingly, it moved along fairly quickly and we were off to the first sessions.

My first session was Creating A New Adminstration Paradigm. After a short welcome statement we were quickly introduced to an add-on module for Panels. The Context Admin Module allows sites utilizing Panels to break Drupal's administrative functions out. Based on the context of the panel variants, a site builder can allow users to have tabs to do things like add nodes or users without giving that user the permissions you would normally be forced to hand out.

The session was pretty high level and the module presented was dependent on Panels which isn't used on every site. I can see this being very valuable to site that plan on using Panels and need to keep tight control over who can do what. It also makes sense when the end user is not super technical and could get lost in Drupal's admin pages. This technique makes the things the user needs to do quickly available from where they already need to be in the site.

Session Two was one that I was really looking forward to. I am way behind on git. What I mean is I don't use it and should be. I use SVN now and since Drupal as a community and project is switching to git the I feel I need to switch too. Unfortunately, this presentation was more about what git is and how it works than how to effectively utilize it. Maybe I misunderstood the title. Introduction. Hmmmm. Yeah, that was appropriate, I read into it too much.

Drupal Multi-sites: Simplifying Site Creation and Management is a subject that I am familiar with as we utilize multi-site with an Aegir server as well as some other single client multi-site set-ups. I was hoping to get some interesting tidbits or tips that I hadn't run across. This session was mostly an introduction as well. The presenter seemed to have only been using multi-site for a relatively short period. He did do a good job of explaining the basics of multi-site and I think anyone who was not experienced definitely knew how to get started when the session was over. This session made me realize that I shouldn't be afraid of submitting sessions next year.

Advanced Views and CCK was very well put together. Doug Vann talked about the next level of CCK and Views. Many people don't realize what they can really do with Drupal until they play with CCK and Views. Then the world opens to them. They use the filters, they use the sorts and maybe even arguments. And then they need to do more. Doug talked about a few techniques, namely the "Exclude From Content" check box on a View field. By bringing in a node field and excluding it from the content, you can then use the token for that field in fields later in the field list. This lets you do things like combining field values and wrapping them in markup using the "Rewrite" area of one of the later fields. He also talked about the View Field module. This module lets you embed a view into a node with a CCK field. I can think of a few times where that would have been handy. Send that view your node id as an argument and *presto!* you have related content. I asked Doug if there was a way he knew of to make Views exposed filters and arguments play nicely together. He didn't have a good answer for me. If you do, I'd love to hear it.

Site Configuration Management (and staging) using Features Module. Features. Seems to be where everything is headed for Drupal. Drupal is great in that it gives us so much freedom to meet a clients needs in so many different ways. Drupal sucks in that it gives us so much freedom to meet a clients needs in so many different ways. Most Drupalers have build a site with some great "Features" only to need that same thing on another site later. Create content type, create view, configure imagecache, etc, etc, etc. Features lets you bundle up all of that work and reuse it as a module. Use it along with Strongarm to gather up all your pieces including site variables. Then on the target site, just amke sure you have all the dependant modules that your feature needs (like CCK and Views etc) as well as Features itself. Drop your new Feature/Module in and turn it on. Content types get created, Views get created all that pointing and clicking you did once before is done for you. The added bonus is that you can version all of that now since it is in code. Yummy.

My favourite session of the day: Drupal Security - Configuration and Process. This was a great precursor to greggles' presentation the next morning on security. Ben from GVS showed us an example of a Cross Site Scripting attack where he dropped malicious jQuery into a comment field that had the Full HTML filter available to the anon user. At first nothing happened. Then he came back through as an admin and viewed that shiny new comment. Instantly the site name has been changed, site slogan is changed, user 1 password is changed, and site is offline and defaced. Pants-load. Drupal does not filter anything on input. It filters on output. Don't let people you don't trust implicitly have access to the Full HTML filter. And don't go adding allowed tags willy nilly to the Filtered HTML filter.

The other important snip I learned: Devel. Devel is awesome. But have you ever given the anonymous user the permission to see Devel information so you could see your dpm() output when logged out? Yeah, take that away when you are done. And turn devel off while you're at it. Users with the Access Devel information permission can access the Devel variable editor and do all sorts of hairy damage to your site.

Great sessions all day. Met some cool people. Shook hands with rszrama and chx and ultimateboy. For me that was pretty cool.
The after party was at Brooklyn's at the Pepsi Center. examiner.com and Volacci sponsored the party with free drinks, food and door prizes. I stayed long enough to have some good conversation and a few cold ones.

Free beer is a hard thing to walk away from.

-nash