Test Webform permission broken

This is definitely still broken in Webform 6.1.3

Here's a more complete way to replicate the issue:

• Create a webform. Under Settings > Access, remove all roles from "Test webform".
• Create a content type. Add a webform field. Allow referencing the webform you created.
• Create a node of that content type. Reference the webform via the webform field.
• After saving, you will see the "Test" tab.
• Login as another user and view or edit the node. You will not see the "Test" tab because you are not the author of the node.

The expected behavior is that nobody should see the "Test" tab, not even the author of the node. The permissions set under the webform Settings > Access should be respected.

Let me know if you'd like me to open a new issue.

The expected behavior is that nobody should see the "Test" tab, not even the author of the node.

Anyone that can administer webforms or owns a webform can access the 'Test' tab. The reason being these users can easily enable access to the 'Test' tab.

I don't think we can change this behavior because it will cause problems for existing installations.

You can use custom code to hide the 'Test' tab.
@see https://api.drupal.org/api/drupal/core%21lib%21Drupal%21Core%21Entity%21...

Coming back to this with another finding in case it's helpful for someone. Another global permission that will unexpectedly cause the Test tab to be visible is "View webform submissions for any node".

I do think there is an action to take here. If the "Test webform" details section of webform access settings doesn't do anything and that is expected behavior, shouldn't it be removed?

Opened a MR but feel free to close since you've said this works as designed. I wanted to create a patch for myself and anyone else who would like the test webform route access settings/rules respected.

Attaching patch from the MR.

New patch. Cleaned up code a bit.