Drupal Module And Theme Orientation

Drupal applications extend behaviour through modules and presentation through themes. Safe work follows Drupal APIs, services, routing, permissions, render arrays, configuration, cache behaviour, and update workflow.

Work Through Supported Extensions

Use modules and supported APIs instead of editing Drupal core. A custom module may define routes, permissions, services, event subscribers, configuration, and rendering behaviour. Themes handle presentation concerns.

When reviewing a route, identify the controller and the access rule together:

inventory.report:
  path: '/admin/reports/inventory'
  defaults:
    _controller: '\Drupal\inventory\Controller\InventoryController::report'
    _title: 'Inventory report'
  requirements:
    _permission: 'view inventory report'

The permission must also be declared by the module and assigned deliberately to suitable roles. Inside application code, follow the repository's service and dependency-injection patterns instead of pulling dependencies from global state without need.

Rendering And Caching

Drupal render arrays carry structure and cache metadata. When output varies by route, user permission, language, or content dependency, preserve the relevant cache contexts, tags, and maximum age. Incorrect metadata can show stale content or the wrong variant to a user.

Configuration management, database updates, cache rebuilding, and deployment workflow all affect a change. Keep Drupal core, contributed modules, themes, and PHP current, and test updates against custom modules.