- πΊπΈUnited States maskedjellybean Portland, OR
This is definitely still broken in Webform 6.1.3
Here's a more complete way to replicate the issue:
- Create a webform. Under Settings > Access, remove all roles from "Test webform".
- Create a content type. Add a webform field. Allow referencing the webform you created.
- Create a node of that content type. Reference the webform via the webform field.
- After saving, you will see the "Test" tab.
- Login as another user and view or edit the node. You will not see the "Test" tab because you are not the author of the node.
The expected behavior is that nobody should see the "Test" tab, not even the author of the node. The permissions set under the webform Settings > Access should be respected.
Let me know if you'd like me to open a new issue.
- πΊπΈUnited States jrockowitz Brooklyn, NY
The expected behavior is that nobody should see the "Test" tab, not even the author of the node.
Anyone that can administer webforms or owns a webform can access the 'Test' tab. The reason being these users can easily enable access to the 'Test' tab.
I don't think we can change this behavior because it will cause problems for existing installations.
You can use custom code to hide the 'Test' tab.
@see https://api.drupal.org/api/drupal/core%21lib%21Drupal%21Core%21Entity%21... - πΊπΈUnited States maskedjellybean Portland, OR
Coming back to this with another finding in case it's helpful for someone. Another global permission that will unexpectedly cause the Test tab to be visible is "View webform submissions for any node".
- πΊπΈUnited States maskedjellybean Portland, OR
I do think there is an action to take here. If the "Test webform" details section of webform access settings doesn't do anything and that is expected behavior, shouldn't it be removed?