browse the blogs

[ 29 Apr 2016 ]

Just a quick bit of advice for folks getting into Magento 2 development, which probably applies to Magento 2 development as well. If you’re building backend admin components, it’s a good idea to not rely on the default, Super User admin account when you’re developing and testing.

There’s a few parts of the admin system that are completely bypassed for super users. For example, Magento admin controllers require an _isAllowed method where, as a module developer, you need to perform an ACL check. If you don’t perform this check, users will be rejected for having in sufficient permission. However, if you’re logged in as a super user, this check is de-facto skipped, and you’ll probably ship a module …

[ 28 Apr 2016 ]

One last bit on the area setting object in Magento 2. There were times in Magento 1 where it was necessary to temporarily pretend you were running code in one area, even though you were in another. One famous example of this was using Magento’s catalog/product objects to directly save product information while on the frontend. In later versions of Magento this (unexpected by the core developers) action threw some PHP errors.

While Magento 2 has tried to clean these instances up, you’re probably going to run into similar problems when converting Magento 1 extensions to Magento 2, and you’re probably going to find some instances where it’s impossible to work around. However, last time we learned

[ 26 Apr 2016 ]

Reader Vinai Kopp (of Mage2Katas fame) wrote in with a interesting bit of functionality in the Magento\Framework\App\State class we talked about in the Fixing Area code Not Set Exceptions quickie.

Specifically, Vinai had a bit of code that was shared between a command line context, and a web context, and if he tried setting the area code during the web context, Magento would throw a different exception

Area code is already set

That’s because of the following guard clause

#File: vendor/magento/framework/App/State.php
public function setAreaCode($code)
if (isset($this->_areaCode)) {
throw new \Magento\Framework\Exception\LocalizedException(
new \Magento\Framework\Phrase('Area code is already set')

[ 24 Apr 2016 ]


Meanwhile, back in the real world, away from the bleeding edge of Magento 2, Nexcess has just released a simple-but-useful open-source extension that will log and notify users when there have been been admin user changes made to their Magento system. I’m not responsible for maintaining any active Magento 1 systems at the moment, but if I was I’d install this, or something like it Sophisticated attackers may be able to work around something like this, but the majority of Magento attacks come from unsophisticated attackers.

[ 24 Apr 2016 ]

Carved out some time this weekend to add Repository generating code to pestle’s generate_crud_model command. Now, in addition to creating your standard Magento 2 Model/ResourceModel/Collection objects, you’ll also get a repository for your object with the de-facto standard save, getById, getList, delete, and deleteById methods. Also, per previous posts, we’re correctly applying filtering criteria in the generated repository.

[ 24 Apr 2016 ]

Repository Filter Groups Applied Inconsistently · Issue #4287 · magento/magento2:

My bug report to Magento on the previously mention filter group vs. filter inconsistency. Hopefully it’s not ignored.

[ 24 Apr 2016 ]

I touched on this in my longer Magento 2: Understanding Object Repositories tutorial, but it’s worth repeating. The relationship between individual filters and filter groups in Magento 2 repositories is inconsistent. There’s some tribal wisdom floating around that filters should be applied as OR conditions, and filter groups combined as AND conditions.

This tribal wisdom holds true in the product repository

#File: vendor/magento/module-catalog/Model/ProductRepository.php
protected function addFilterGroupToCollection(
\Magento\Framework\Api\Search\FilterGroup $filterGroup,
Collection $collection
) {
$fields = [];
$categoryFilter = [];
foreach ($filterGroup->getFilters() as $filter) {
$conditionType = $filter->getConditionType() ? $filter->getConditionType() : 'eq';

if ($filter->getField() ...

[ 18 Apr 2016 ]

MageScotch — A Magento 1 and Magento 2 Vagrant box:

Another “ready to go” Magento 2 (also Magento 1!) vagrant VM – although this one is offered and maintained by Joshua Warren, so it’s worth more than a casual look. It seems to be based on the Scotch Box vagrant project, which purports to offer a ready to go PHP Lamp stack.

I like all these ready to go, “you don’t need to provision them” vagrant boxes – although my inner nerd is slightly annoyed they don’t share their provisioning scripts, or advertise their server and permissions model (Apache, nginx/fast-cgi, nginx/PHP-fpm, etc.).

[ 18 Apr 2016 ]

I recently started a new series over on my main website that sets out to explain everything a Magento 2 developer would need to know about composer. The first article covers setting up a satis mirror of, Magento 2’s official composer repository.

An ideal deployment system wouldn’t just mirror Magento 2’s official repository, but it would also mirror the standard PHP packages from packagist that Magento uses. This way no external services (Magento, GitHub, Packagist, etc) would be able to block day-to-day deployments and builds of your system.

I ended up punting on that ideal scenario after running into small little edge case after small little edge case. It’s not impossible, but it makes me start to understand …

[ 15 Apr 2016 ]

If you’re giving Magento’s new Marketplace feature a spin for the first time, you may be surprised to find that it requires you have your three Magento 2 cron jobs running.

There’s a few reasons for this. The first is a clever solution to the perineal PHP permissions problems when running commands and creating files as a web-user. It turns out the new Magento Marketplace web application never directly runs a unix command line command, or directly installs an extension. It simply schedules actions to take place, and there are various jobs in Magento’s crons that check for these scheduled actions.

The second, semi-related reason is Magento’s cron jobs write a number of hidden files to the var