Magento Extensions Quality Assurance Certification
Ah, what a mouthful. First off all, sorry to disappoint you, as this article is purely result of my imagination. There is no such thing as “Magento Extensions Quality Assurance Certification” (aka MEQAC) at least not at the moment (as to 1/12/2010).
But let’s for a moment imagine there is such thing. Let’s discuss one possible direction of thinking. Let’s discuss the current issues with Magento extensions development.
Seems like Magento’s extremely flexible architecture where you can do almost anything if you are up to the task imposes some serious issues when it comes to general free/commercial extensions you can grab from either Magento Connect or from the developer/company site.
To make it clear, I do not blame Magento that much for this situation as I blame the extension developers. Magento just gave you powerful eCommerce tool/platform, its your problem if you are narrowed in thinking or better yet short on time to code something robust and unobtrusive. Before I go any further, and someone feels threaten by the “if you are narrowed in thinking” expression I just gave above, allow me to say that I too code my extensions as wast majority of others, so this goes on me as well.
So, what are those issues I am talking about? Let’s say we have extension A that was developed by the freelance developer (lets call him) DevA and given for free. Then we have extension B developed by company ComB. Both extensions are similar in nature, in terms of doing similar functionality.
Extension A has the following description: “Easily list detailed product info on the order PDF print for Invoice.”. Extension B on the other hand has the description of: “Show the Google Map for the customer address on the PDF printed page for Invoice.”.
When an average client (site owner) sees these two extensions, the only thing he wants to know is: “Does this work for my version of Magento”. You know, that version number you can see listed as “Compatibility” label on the Magento Connect. After that, he will most likely go and install both of the extensions.
Chances are that these two extensions at some point in the code use the same files. When I say “use the same files” I am referring to either “overriding the same method on the some Magento class”, or “use same view file” from admin theme folder to output their content. In Magento if you would like to change the PDF document that gets printed as an Invoice summary, you most likely need to modify the working of “app/code/core/Mage/Sales/Model/Order/Pdf/Invoice.php” file. You can check it out, it has two methods in Magento 220.127.116.11 version, getPdf and newPage.
Now, if your extension overrides the getPdf method and changes it’s functionality to conform to Extension A from DevA, then that conflicts the Extension B from CompB if it turns out that that one to overrides the getPdf method from the same file/class.
Proper resolution? Each extension should be coded such not to rely on the built in “PDF” invoice print, that is not to override the built in PDF invoice print in this case. Present a new button, injected unobtrusively into the Invoice view page next to the existing “Print” button, like shown on the images below.
In such case, each button triggers specific extension controller (which in turns trigger extension specific model) that could be 90% of just copy pasted code from default Magento, plus specific extension functionality. The main idea is not to break or overwrite anything default, or anything that other extensions might overwrite thus making our code irrelevant. Plus, we want the system to stay intact even if we later remove/uninstall our extension
Depending on how unobtrusively buttons have been injected into the layout we could say that for such extensions we now have some basic grounds for discussing quality. Because when I think of Magento extension quality I do not just think on the code quality, but the logic quality and the “what happens if I remove my extension”, and “what happens if there are several more similar extensions installed” quality.
It’s hard to give some valid guidelines on proper coding around this for two mains reasons:
- Any truly unobtrusive extension development requires knowing the system, that is Magento, very well.
- That might not be the official Magento (Varien) standpoint around such coding.
Once more, please keep in mind that I do not refer to custom development projects and “extensions” developed specific for needs of one project. These I consider to be special cases, in which most of the time extension development comes as a form of refactoring/stacking code nicely. I am referring to the Magento Connect type extensions that should run on any store.
With that in mind, I would like to see the Magento Connect one day evolve into something like iTunes from Apple. Personally I like the idea of someone authorized and skilled reviewing my widely redistributable extension prior to allowing it to be installed on any Magento store trough Magento Connect.
Maybe even develop entire concept of “Magento Extensions Quality Assurance Certification” around it. I mean, if you are in the business of commercial extension development I doubt you will have anything against paying lets say $100-$500 dollars per year for having your extensions get the “Magento Extensions Quality Assurance Certification” signature?! When benefits can be increased customer (site owner) satisfaction and equally important improved and cleaner standards for extension development.
Concept could go like: You pay $100-$500 per year, during which you can put up as many extensions as you wish for sale in Magento Connect (given that it evolves into iTunes clone or similar). Once you upload your extension it gets reviewed, certified and published on Magento connect, possibly gets some public hash key for specific certified zip/tar/xxxx archive that you can then sell out of the Magento Connect, etc. If the one year fee is out, your extension for specific hash key still remains its certification for certain declared requirements (like Magento version no, etc). Just thinking out loud here.
Such “Magento Extensions Quality Assurance Certification” program would then be in charge of checking several important parts of your extension inner working such as:
- what happens when the extension is installed
- what happens when the extension is removed (does it do cleanup of database, if it uses database)
- what happens if there are similar extension
- what happens if I remove dependent modules
- does your extension trigger any events in order to allow others to hook into
- what happens when errors occur in your extension, are they allowed to break the normal execution of the program (Magento)
- does your extension use the system.log for logging its own logs or does it need to log it into extension named log file, what log levels should be logged even if log is turned off in Magento admin
Surely the existence of such “certification” is debatable when it comes to Community editions of Magento as people expect free solutions mostly. So I do not see any particular reason why someone coding free extension for Community version of Magento would pay any fee for certification, etc. However, when it comes ti Professional of Enterprise versions then this topic might make some sense.
Would like to hear your thoughts on this.
I am beginner in developing magento extensions so this article is the best learning for me.i was searching the tips for making best and stable extensions in magento so that module can not be affected by upgrade of magento so this articles helps….
This would of course only work if Magento had a set of ‘coding guidelines’ in place, and they reviewed the code directly dependent on those guidelines. Drupal handles this perfect, and it’s FREE.
Count us in!
I absolutely and totally in favour of this kind of program. The problem at the moment is that developers seem too quick to override the core classes, without considering the event listeners that are on offer. Of course, some responsibility falls on Magento here to make sure that those event listeners are there in the first place.
I wrote about this a couple of weeks ago: http://www.nicksays.co.uk/2010/10/proper-magento-class-overrides/
Something you didn’t mention was the stability and security of modules on Magento connect.
Now, I’m not sure what Magento’s procedure is like for accepting modules at the moment.. but it doesn’t look that stringent. I’ve downloaded plenty of modules that are either unusably stable or have had blatant security issues simply from a scan through the code.
We have to bare in mind that these modules aren’t just being installed on a blog, or a simple content management system. These modules, which most of us are treating as black boxes of functionality, are plugging into a system which controls our customer and payment data. We need some level of assurance, or the code needs to extensively checked before being applied to the site.
I’d certainly sleep a lot easier with certified extensions installed.
wishful thinking 🙂 for that you would need a “Magento manual” and currently only Chuck Norris has this, also you will need a extension resource report to give you hints what exactly will happen to your site if you install something
the other part is data integrity in e-commerce site that none of the extensions respect or at least worry what will happen if the extension needs to be uninstalled or removed
today the chance is if you install a free or commercial magneto extension you add 3 -30 extra query’s to your application on each reload and that’s the show stopper 🙂 I never use free extensions because of that “lack of quality and performance”