This post is my comments on various Drupal usability matters I spotted during Bay Area Drupal Camp 2010 (BADCamp) presentations, as inspired by jenlampton's talk WordPress is better than Drupal, developers take note.
I am speaking as webmaster for the San Francisco Municipal Transportation Agency (SFMTA). We are considering going from static HTML to a content management system. We are specifically considering going to Drupal. I'll have to say quite honestly, Jen's talk made WordPress sound pretty good, to the extent that I need to check it out as seriously as I've been checking out Drupal, but there is that features gap she talks about.
So I am speaking here as a Drupal newbie with limited resources. As a newbie, I might assume in this post that Drupal can't do some things it actually can do, or vice versa, or which might be coming in Drupal 7. Please forgive any newbie factual errors.
So first, as for this features gap, are we comparing Drupal without modules to WordPress without module? Or are we comparing Drupal with modules to WordPress with modules. In fact, once you add modules, is there a feature gap? I imagine its fairly easy to provide a list of features Drupal has pre-modules that WordPress doesn't have pre-module. I imagine it's rather hard to do this list post-module.
Terminology
Jen went over this in her talk. WordPress terminology is much more direct than Drupal's. But I would go further. Drop the word "user." People accessing the website are either "visitors" (public) or "staff" (internal). User 0 is the webmaster. "User" is not confusing, but it is condescending.
Security
As a webmaster who wears many hats I am concerned with website security (and minimizing the time I need to spend on it). One of the things I am concerned about is module security. What can you do to assist me is to have redundant security. Of course all modules and Drupal must protect against SQL injection. But -
Does Drupal control content access not only though the Drupal authority tables but also redundantly through MySQL's mysql table? That is, ideally Drupal would be divided into multiple databases:
- content data
- configuration data
- theme data
- authorization data
- visitor contributions data
- sensitive visitor data (e.g. e-mails, phone numbers, other personal private info)
Only the webmaster (User 0?) and their backup IT staff would have update authority to authorization data as controlled by both Drupal and the mysql database. This group would have at least one mysql user name, but preferably one mysql user name per Drupal user.
Only IT and design staff would have update authority for configuration and theme data as controlled by both Drupal and the mysql database. This group would have at least one mysql user name different from the webmaster's mysql user name, but preferably one mysql user name per Drupal user.
Only other authorized staff would have update authority for content data as controlled by both Drupal and the mysql database. This group would have at least one mysql user name different from both the webmaster's and the IT/design staff's mysql user names, but preferably one mysql user name per Drupal user.
If the website also allows visitor contributions, this to would be controlled by both Drupal and the mysql database. This could be a single mysql user, but mysql must give it update authority only on the user contributions database.
So if a module failed in security, the rogue website visitor still wouldn't be able to do any damage, as Drupal would be using a different mysql user name to access the various databases, a user name that did not have read authority.
If a staff member other than the webmaster or their assistants tried to do something only the webmaster had authority to do, even if there was a bug in Drupal or a module it wouldn't matter because MySQL itself would disallow updating of the administration database for that user.
This would seem to be a security issue and not a usability issue, but whatever time I have to spend in security is time I cannot spend posting content or improving the customer experience. So, setting up security for redundant protection becomes a usability issue for me.
Okay, so here are various usability hits I spotted during the conference:
Webform Session
As of the latest version of Webform, you have to save a node before you get Webform on the menu. This is potentially confusing not just to first timers but to people who create forms only once a year. Why not just have a button at the bottom "Make this a webform." It would save the node and go to the Webform administration page for that node.
Drupal Recipes Session
In site administration, there seem to be multiple click-to-expand sections, just as while making this post, I have just now noticed an Input Format click-to-expand section.
Allow me to specify a preference to pre-expand all click-to-expand sections.
Provide an "expand all" link whenever there are two or more click-to-expand sections.
PathAuto
PathAuto, so far as I can tell, does not automatically create a plain-language URL for a node. You have to check it and type in the URL, ostensibly because a page name could conflict with a Drupal system URL.
The system is better able to keep track of these things than me. Automatically create the plain-language URL, and only involve me if this would conflict with an existing URL or Drupal system URL. WordPress creates plain-language URLs automatically and I don't even have to tell it to.
Views
If you enable Views you need to enable ViewsUI.
Why have me do it? If I enable Views, have Drupal enable ViewsUI automatically. If you're not comfortable doing that, have it put up a dialog offering to enable ViewsUI.
Deployment Session
mcpuddin went through an elaborate presentation of what his firm does. This includes having to sanitize data that is migrated from production to stage.
Why doesn't Drupal have a built-in function for migrating to or from production?
Why isn't sensitive data put into a separate database?
Quick and Dirty Mobile
elly at one point went into Panels to delete about a dozen page blocks from the mobile experience. it took 12 selection clicks, 12 menu choices (of the last item on the menu), and 12 confirmation clicks (total 36)
Why doesn't Panels let you check a bunch of boxes and delete all 12 panels at once? 12 clicks, 1 menu choice, 1 click to confirm (total 14)
These are the things I noticed going to just 4 panels (plus the security issue, which I brought in on my own).
I hope some of these things have already been solved and it is just my newbie status that keeps me from knowing about them. But if not, Drupal has some usability work to do to make it more attractive to me.
Hope this helps, because the Drupal community itself rocks!
Comments
Yea
Charles, this is exactly what we need: Reports from people who do not drink the coolaid nor wear the Drupal glasses.
Some of your concerns can be helped, since the problems are not really there.
E.G. Pathauto never creates conflicting URLs, as far as I know. It is that intelligent ;). What is more annoying to me is that Pathauto by default puts a /content/ in front of any node alias. But I would have to post this into the issue queue instead of grumbling here, far off.
But you getting to the notion that it would be that way is a Usability problem in itself, which also refers to a lot of the other issues.
The truth is: UX thinking has really taken a leap in D7, in that the standards and scrutiny we have a long time applied to coding and coding style is now starting to be applied to UX Matters as well.
A lot of what you are mentioning is Contributed Modules. If we pursue down the road of UX refactoring, the top 40 Contrib Modules probably will also get some traction, as Core is locked now for some years and where should all the UX folks go and optimize?
But thanks for your report and please if you meet someone that would also be willing to do one that is as friendly and keeping down to the facts do do them and post them here (or post them anywhere ;) ). We should award prices for that...
Life is a journey, not a destination
Thank you for your kind
Thank you for your kind words. If we do go to Drupal, it would definitely be D7 and not D6.
Charles Belov
Webmaster
San Francisco Municipal Transportation Agency (SFMTA)
Pathauto
Your Pathauto issues sound like a result of permissions. Your description matches the experience of a user that has permissions in the "path module" section @ admin/user/permissions, or is user 0. Otherwise, the URL is created behind the scenes.
Agreed
Were you editing an existing node rather than create a new node? Because in that case the 'Automatic URL alias' checkbox may be unchecked. By default you enable the module and it just works.
Senior Drupal Developer for Lullabot | www.davereid.net | @davereid
I was watching a
I was watching a presentation. The presenter was adding a new node. They specifically mentioned having to actively type in an URL.
Charles Belov
Webmaster
San Francisco Municipal Transportation Agency (SFMTA)
Drupal vs Wordpress URL aliases
Hi Charles,
I have been using both platforms and totally agree it's much easier in Wordpress than in Drupal to achieve nice looking user friendly URLs. Though as I know URL's have only very minor weight in search rankings, it is a very important factor for usability and SERP click through rate. I rather click on a lower search result that gives me a good hint in the URL structure!
In WordPress it works out of the box and turns titles into perma-links, that you can edit on the fly. Very user friendly and every NOOB who knows Word can publish web content.
But in Drupal? I don't really understand why this important functionality is not default in core. It's a standard that URL's should be automatically mirror the titles and people can customize them where needed. Who doesn't want it this way? Instead you have to install & enable Pathauto module and enable CleanURL module as well. Then it should work fine and does the same as in WordPress. Per default it will auto alias the URL with the node title. You can customize each individual node by unchecking the box and entering your prefered URL.
Still I have to say, Pathauto is much more powerful once you understand how to use it and what to do. You can set rules how to alias your URL depending on Taxonomies, Content Types and Tokens. It's a big advantage if you have very complex site with many different content types, multi-nested categories etc. and still want to have your URL's very well organized, that is something WordPress can't do out of the box!
Another usability issue I'd like to add while we are at it:
I don't use SSH and cool command line file transferring methods. So each time I want to use a Drupal module it has to be done in this order:
1. download module.zip file to desktop.
2. open ftp client and put it to modules folder of my site
3. unzip modules.zip file (correctly)
4. Go into modules section in back end
5. Enable and save
In Wordpress:
1. Click on install
2. Click on enable
Can you more pro guys help me to understand the advantage of this approach or is it just more secure or something?
<= Never stop asking :)
Drupal Specialist Teams
That helps some
I'd still like the clean URLs to be out-of-the-box and not be defeated for administrators. But the ability to include taxonomy in the URL is a big plus.
Charles Belov
Webmaster
San Francisco Municipal Transportation Agency (SFMTA)
Well then they obviously
Well then they obviously didn't have pathauto enabled. It's pretty clear what it does when it's installed properly.
Senior Drupal Developer for Lullabot | www.davereid.net | @davereid
Well, that would reinforce
Well, that would reinforce the idea of logging in as user 0 only when actually administering the website, not when doing content, a good security practice. But it's apparently not obvious, else the presenter would not have made such a statement (or else I misunderstood the presenter, which, as a newbie, is entirely possible).
Charles Belov
Webmaster
San Francisco Municipal Transportation Agency (SFMTA)
FWIW
FWIW, my post wasn't meant to be a deflection-as-explanation.. I've been through my share of frustration with modules and corresponding documentation, and give back to docs in what little ways I can. :)
Links within Admin pages
Hi peeps, I'm a complete newbie to Drupal and I'm very much a content designer and creator so the tecky bits have my brain spilling onto the floor, and I keep standing on it. however, I'm eager to learn and once I get the hang of which css bit does what I'll probably stop crying. One very simple thing tho' that would help me a lot is to have the links that are available for help and further info within the Admin area open in a blank tab or window. Not exactly a pressing issue and maybe there is a very good reason for them not opening in a new window but it is actually a pain in my pert little boobies having to flick back and forth or cut and paste urls into new tabs; and I don't want to switch on always open links in a new tab facility because, well I don't. But when it comes to help and further info pages more often then not, particularly for newbies, these pages need to be constantly referred to. Another minor irritation is related to Version 7; most of the modules I want don't work with it! Maybe I just arrived at the wrong time and these modules will be updated soon .... I don't know enough yet to give positive feedback I'm afraid, other than that Drupal seems much more flexible than Wordpress :-)