It seemed to be just another ordinary day at work but it wasn’t. Yesterday, our team faced two challenging problems, which had blocked programmers’ work in two projects for a few hours. Now we are aware of the fact that the troubles could be simply avoided. That’s why I would like to share our experience and present those tricky, time consuming issues.
Problem no. 1 – Drupal and roles array
One of above mentioned projects is based on Drupal 7 and the bug occurs when we check if each user has an permission to access every kind of content. The system compares required role with user roles’ array and determines if it’s able to use selected features. In most cases, this issue is really simple to fix, but not in Drupal.
After two hours we found the bottleneck in code where the application fails – Drupal adds a “true” value at the end of roles array and it breaks an algorithm:
As you can conclude from the example, PHP is comparing arrays softly (‘==’) value by value. Every string compared to “true” will return true, so as a result we have the user with all permissions but the user should have access only to assigned types of content.
Problem no. 2 – CakePHP and routes
Many programming principles emphasize the importance of proper naming. The established rules inform, that the programmer should focus on variables, functions, methods or classes names. Yesterday I realized that it’s a truly important standard.
As a newbie in CakePHP framework I don’t understand all of its secrets, but of course I assumed that parameters’ purposes should fit their names. Unfortunately, that principle doesn’t apply to the routes in Cake. I thought I can define default parameters for my route path, so I was confused that nothing happened when I reloaded the page. I investigated the code and found where it failed:
Default argument in connect method doesn’t mean that it will replace missing parameter in URL by given value. From the code you can read it means nothing more but that the values will be required.
Conclusion – after a whole day we admitted that if we cannot change the core, the only solution to the problems is to reduce our trust in the third party systems.