[Paragraphs] Allowing anonymous users to edit their webform submission with token URL doesn't work when form is included as a paragraph

Created on 27 January 2022, almost 3 years ago
Updated 8 April 2024, 9 months ago

I checked the "Allowing users to edit their webform submission with token URL" checkbox and send the token URL to the users E-Mail.
Opening the URL just loads the empty form, even when permissions to view, edit and delete own submissions for guest users are set.
Viewing and deleting the Own submission via token URL works.

What seems strange to me is the fact, that the generated URLs differ:
Edit:
https://blablub.com/Formular-D9?token=CJQDGqu1W8BrKpZPQ0KnO3yEKv0HBXOBLU...
View:
https://blablub.com/webform/drupal_9_test/submissions/19?token=CJQDGqu1W...
Delete:
https://blablub.com/webform/drupal_9_test/submissions/19/delete?token=CJ...

But as soon as a logged in User submits the form, the URL for editing sent by mail changes to
https://blablub.com/webform/drupal_9_test?token=CJQDGqu1W8BrKpZPQ0KnO3yE...
and it can be edited by anybody who gets hold of that URL

I wonder if the statement at 'update' shouldn't be using the route webform.user.submission.edit like the view and delete case does:

 public function getTokenUrl($operation = 'update') {
    switch ($operation) {
      case 'view':
        /** @var \Drupal\webform\WebformRequestInterface $request_handler */
        $request_handler = \Drupal::service('webform.request');
        $url = $request_handler->getUrl($this, $this->getSourceEntity(), 'webform.user.submission');
        break;

      case 'update':
        $url = $this->getSourceUrl();
        break;

      case 'delete':
        /** @var \Drupal\webform\WebformRequestInterface $request_handler */
        $request_handler = \Drupal::service('webform.request');
        $url = $request_handler->getUrl($this, $this->getSourceEntity(), 'webform.user.submission.delete');
        break;

      default:
        throw new \Exception("Token URL operation $operation is not supported");
    }

πŸ› Bug report
Status

Needs work

Version

6.2

Component

Code

Created by

πŸ‡©πŸ‡ͺGermany macdev_drupal Wiesbaden

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024