Last active
February 6, 2021 00:50
-
-
Save simesy/321a03d1a2955c91e754ae09dd049ed6 to your computer and use it in GitHub Desktop.
Help user see webform subbissions with per-webform access. See https://www.drupal.org/project/webform/issues/3196440
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| services: | |
| foo.route_subscriber: | |
| class: Drupal\foo\Routing\RouteSubscriber | |
| tags: | |
| - { name: event_subscriber } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // src/Access/FooAccess.php | |
| namespace Drupal\foo\Access; | |
| use Drupal\Core\Access\AccessResult; | |
| use Drupal\Core\Entity\EntityInterface; | |
| use Drupal\webform\Access\WebformEntityAccess; | |
| use Drupal\webform\WebformInterface; | |
| /** | |
| * Defines the custom access checking for webform operations. | |
| */ | |
| class FooAccess extends WebformEntityAccess { | |
| /** | |
| * Allow users to see the route if they are only allowed to view submissions for this specific webform. | |
| * | |
| * Note that "View any submission" is also required to see relevant webforms in the webform overview. | |
| * | |
| * @see https://www.drupal.org/project/webform/issues/3196440 | |
| */ | |
| public static function checkResultsAccess(WebformInterface $webform, EntityInterface $source_entity = NULL) { | |
| if ($webform->access('submission_update_any') || $webform->access('submission_view_any')) { | |
| return AccessResult::allowed(); | |
| } | |
| return AccessResult::forbidden(); | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // src/Routing/RouteSubscriber.php | |
| namespace Drupal\foo\Routing; | |
| use Drupal\Core\Routing\RouteSubscriberBase; | |
| use Drupal\Core\Routing\RoutingEvents; | |
| use Symfony\Component\Routing\RouteCollection; | |
| /** | |
| * Subscriber for webform routes. | |
| */ | |
| class RouteSubscriber extends RouteSubscriberBase { | |
| /** | |
| * {@inheritdoc} | |
| */ | |
| protected function alterRoutes(RouteCollection $collection) { | |
| if ($route = $collection->get('entity.webform.results_submissions')) { | |
| $route->setRequirements(['_custom_access' => '\Drupal\foo\Access\FooAccess:checkResultsAccess']); | |
| } | |
| } | |
| /** | |
| * {@inheritdoc} | |
| */ | |
| public static function getSubscribedEvents() { | |
| $events = parent::getSubscribedEvents(); | |
| // Need to override the generic "view any submissions" permissions that is not explicitly defined by the webform.routing.yml | |
| $events[RoutingEvents::ALTER] = ['onAlterRoutes', -999]; | |
| return $events; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment