Contrib.social

Set submission owner when creating using URL parameter

Open on Drupal.org β†’
Created on 13 March 2025, 26 days ago

Problem/Motivation

A person with permission, such as the administrator, needs to create a submission for another use. This will typically be left in draft mode but one the is submitted would be viewable by the owner. Those with the appropriate roles could also access the submission but anyone else would not.

Proposed resolution

Provide a new permission to allow a URL parameter like this to specify the user ID.

https://new-submission-url?owner=uid

Remaining tasks

This might be doable with a separate module but I suspect the hooks might be too version specific. I have not delved into the code yet to see how difficult this might be.

✨ Feature request
Status

Active

Version

5.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States bwong

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @bwong
  • Comment 11 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jrockowitz Brooklyn, NY

    There are security implications for allowing someone to specify the submission owner via query parameter.

    ChatGPT suggested the below approach which is a valid solution

    /**
 * Implements hook_webform_submission_presave().
 *
 * Allow setting the webform submission owner from a query string parameter.
 */
function MYMODULE_webform_submission_presave(WebformSubmissionInterface $webform_submission) {
  // Check if a query parameter 'submission_owner' exists.
  $owner_uid = \Drupal::request()->query->get('submission_owner');
  
  if ($owner_uid && is_numeric($owner_uid)) {
    // Ensure the user ID exists in the system.
    $user = \Drupal\user\Entity\User::load($owner_uid);

    if ($user) {
      // Set the submission's owner to the user ID from the query string.
      $webform_submission->setOwnerId($owner_uid);
    }
  }
}
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024