Installing the text editor
To get started using the text editor, navigate to the CKEditor project page at http://drupal.org/project/ckeditor.
Uploading and enabling CKEditor
To use the CKEditor module, we need to follow these steps:
- As described in Chapter 3, Getting Started, download the module, extract the code, and then upload it into the
sites/all/modulesdirectory.Note
In this site, we are using CKEditor for the text editor. The support for CKEditor within the Drupal community is solid, which is one of the factors to consider when selecting a module. With that said, other options that can be used include the WYMeditor, TinyMCE, and BUI editors.
- Unlike most modules, installing the CKEditor has one additional step: you need to download the text editor from the CKEditor site http://ckeditor.com/download. You want to get the current release, which will be listed as shown in the following screenshot:
- Download the files from the CKEditor site and extract them. Then, as shown in the following screenshot, add the new folder to the site's
librariesfolder. You will probably need to create this directory.
- As in the previous screenshot, the code downloaded from http://ckeditor.com/download goes into
sites/all/libraries. - Once you have uploaded the code, click the Modules link, or navigate to
admin/modulesand enable the CKEditor module, as shown in the following screenshot:
- Click on the Save configuration button to finish enabling the module:
- By default, the CKEditor module creates two Profiles based on Text formats. The CKEditor will be added to all text fields that use that text format. You can change the CKEditor options based on the text format, but the default options are sufficient for our needs in this case. We will set the permissions for who will be allowed to use the CKEditor by setting permissions on the text formats.
Tip
The CKEditor has many settings that can be adjusted, and addressing the full range of settings goes beyond the scope of this book. For more information, including links both to a Developer's Guide and a User's Guide, see http://docs.cksource.com/Main_Page.
Setting the proper text formats
Text formats control the HTML tags and other text handling that people can use when creating content on your site. Setting your text formats is an essential part of running your site securely.
Note
Drupal allows you to grant some users permission to enter either PHP code or full HTML tags directly into a post. If these rights are granted at all, they should only be granted to a small number of very trusted users, as sloppy or malicious use of PHP code or certain HTML tags could compromise a site.
To set the text formats, click the Configuration | Text formats link, or navigate to admin/config/content/formats:
As shown in the preceding screenshot, click the configure link for Filtered HTML.
This brings you to the Filtered HTML input format page at admin/config/content/formats/filtered_html.
Assigning user rights via roles
Within a Drupal site, individual users can be granted different roles. Within each role, the site administrator can assign different privileges. Some of these privileges relate to access control, while other privileges relate to accessing functionality.
Note
In Chapter 3, Getting Started, you created the teacher role. In this chapter, we will assign privileges to that role to allow teachers to access CKEditor and create assignments and teacher blog posts for the teacher blog as needed. Once these rights have been tuned, any user granted the teacher role will have the rights to run an effective teacher blog.
Understanding roles and how they work
In a Drupal site, role assignments are cumulative. If a user is a member of two or more roles, they have the collected rights of all of these roles.
Additionally, all users belong to the authenticated user role; this role is frequently used to establish basic rights for all users, with more advanced privileges being granted via other roles. In this site, we will only assign basic privileges to the authenticated user role. The majority of users of the site will belong to either of the teacher or student roles that we created in Chapter 3, Getting Started.
As shown in the previous screenshot, assign the authenticated user role permissions to access the Filtered HTML text format.
For our purposes, the default options under Enabled filters are adequate.
In the Allowed HTML tags field under the Limit allowed HTML tags, as indicated by 2 in the screenshot that showed the Filtered HTML input format page, enter the following list of HTML tags:
<a> <b> <blockquote> <br> <caption> <center> <code> <col> <colgroup> <dd> <del> <div> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr> <i> <img> <li> <ol> <p> <span> <strong> <sub> <sup> <table> <tbody> <td> <tfoot> <th> <thead> <tr> <u> <ul>
Click on the Save configuration button to save your changes.
This list of tags is fairly permissive and will allow users a great degree of freedom over the page layout. It will also work well with the text editor and will not pose any security risks.
Note
Input filters mostly exist for security reasons, and security is generally balanced against ease of use. Some modules add input filters that make adding their features to content easier. The previous list does not contain any of the tags that can be used to run malicious code (also known as hacking your site); using these HTML tags, you can create tables, change font appearance, and do many more things.
Now that we have enabled the CKEditor and created a safe input format, we are ready to create the first two content types that will power the Teacher blog.
Note
For a full list and explanation of HTML tags, look at the tag list from W3Schools: http://www.w3schools.com/tags/default.asp. For an overview of HTML tags and security, visit: http://www.feedparser.org/docs/html-sanitization.html.