Contrib.social

Access to Webform denied for certain users, despite Webform ACCESS being correct

Open on Drupal.org β†’
Created on 3 October 2023, 12 months ago
Updated 4 October 2023, 12 months ago

This is an issue that I cannot explain, because some users with the same roles and access are allowed to view the webform and others with the same roles and access are denied access with a 403 error:

In the log, the following is reported:

Path: /en/meeting-attendance-status. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: in Drupal\webform\WebformSubmissionForm->setEntity() (line 387 of /home/cqsaservices/public_html/modules/contrib/webform/src/WebformSubmissionForm.php).

I have looked at this code and it states

   if ($entity->isNew()) {
      $last_submission = NULL;
      if ($webform->getSetting('limit_total_unique')) {
        // Require user to have update any submission access.
       if (!$webform->access('submission_view_any')
          || !$webform->access('submission_update_any')) {
LINE387           throw new AccessDeniedHttpException();
        }
        // Get last webform/source entity submission.
        $last_submission = $this->getStorage()->getLastSubmission($webform, $source_entity, NULL, ['in_draft' => FALSE]);
      }

The particular user has these ACCESS rights, but still gets a 403 error - this has completely foxed me

How can I overcome this?

πŸ’¬ Support request
Status

Closed: duplicate

Version

6.2

Component

Code

Created by

πŸ‡¬πŸ‡§United Kingdom cebab54

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @cebab54
  • Comment 12 months ago β†’
    πŸ‡¬πŸ‡§United Kingdom cebab54
  • Comment 12 months ago β†’
    cilefen

    Is $webform->getSetting('limit_total_unique') true and is 

    !$webform->access('submission_view_any')
          || !$webform->access('submission_update_any')

    true? That’s just what the code says.

    The simplest explanation is probably the one. There are no steps to reproduce so I am making this a support request.

  • Status changed to Closed: outdated 12 months ago
  • Comment 12 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jrockowitz Brooklyn, NY

    I don't have the bandwidth to support individual access control questions.

    My only recommendation is to do a very detailed comparison of the users, their roles, and permissions. For example, if the user being denied access's role is changed, are they granted access? Also, try clearing the cache to see if the access denied is being cached.

  • Comment 12 months ago β†’
    πŸ‡¬πŸ‡§United Kingdom cebab54

    Hi Jacob

    https://www.drupal.org/project/webform/issues/3157367 β†’ solved my issue.

    it was to do with the number of submissions and number per user when set to one

    I must say this section of the screen is somewhat difficult to decipher and probably should be rewritten to be more explanatory, because I still don't understand what it truly means. Also changing the values triggers warning and error message which are not useful to Form users, and it would be helpful to have a way to trigger these messages on and off.

    Andrew

  • Status changed to Closed: duplicate 12 months ago
  • Comment 12 months ago β†’
    cilefen
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024