diff --git a/fillpdf.services.yml b/fillpdf.services.yml
index 5402f8cecd2934cf0c676c25f2f0088555931060..d0bdfe5d75b820094f92b3182ecc268b44e572e3 100644
--- a/fillpdf.services.yml
+++ b/fillpdf.services.yml
@@ -31,7 +31,7 @@ services:
fillpdf.access_helper:
class: Drupal\fillpdf\FillPdfAccessHelper
- arguments: ["@fillpdf.link_manipulator", "@fillpdf.context_manager"]
+ arguments: [ "@fillpdf.link_manipulator", "@fillpdf.context_manager", "@module_handler" ]
fillpdf.token_resolver:
class: Drupal\fillpdf\TokenResolver
diff --git a/src/FillPdfAccessHelper.php b/src/FillPdfAccessHelper.php
index 9589b07053721bab0a9c1471a37ffcb8163c606c..f7e5a7b86fdef9ebe386c01162f61d1ce8e0b598 100644
--- a/src/FillPdfAccessHelper.php
+++ b/src/FillPdfAccessHelper.php
@@ -3,8 +3,10 @@
namespace Drupal\fillpdf;
use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Extension\ModuleHandlerInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Url;
+use Drupal\webform\Entity\WebformSubmission;
/**
* {@inheritdoc}
@@ -27,6 +29,13 @@ class FillPdfAccessHelper implements FillPdfAccessHelperInterface {
*/
protected $contextManager;
+ /**
+ * The module handler service.
+ *
+ * @var \Drupal\Core\Extension\ModuleHandlerInterface
+ */
+ protected $moduleHandler;
+
/**
* Constructs a FillPdfAccessManager object.
*
@@ -34,10 +43,17 @@ class FillPdfAccessHelper implements FillPdfAccessHelperInterface {
* The FillPDF link manipulator.
* @param \Drupal\fillpdf\FillPdfContextManagerInterface $context_manager
* The FillPDF context manager.
+ * @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler
+ * The module handler.
*/
- public function __construct(FillPdfLinkManipulatorInterface $link_manipulator, FillPdfContextManagerInterface $context_manager) {
+ public function __construct(
+ FillPdfLinkManipulatorInterface $link_manipulator,
+ FillPdfContextManagerInterface $context_manager,
+ ModuleHandlerInterface $module_handler
+ ) {
$this->linkManipulator = $link_manipulator;
$this->contextManager = $context_manager;
+ $this->moduleHandler = $module_handler;
}
/**
@@ -74,10 +90,42 @@ class FillPdfAccessHelper implements FillPdfAccessHelperInterface {
return $cachedAllowed;
}
+ // Issue 3460893: Check if there is a token and that
+ // the webform allows for users to view their
+ // submission.
+ if (
+ $this->moduleHandler->moduleExists('webform') &&
+ isset($context['token']) &&
+ isset($context['fid']) &&
+ isset($context['entity_ids']) &&
+ count($context['entity_ids']) > 0
+ ) {
+
+ // Load the webform submission.
+ $webform_submission = WebformSubmission::load(current($context['entity_ids']['webform_submission']));
+
+ // Load the actual webform.
+ $webform = $webform_submission->getWebform();
+
+ // Get the settings for the webform.
+ $settings = $webform->getSettings();
+
+ // If the webfom allows for users to view their submission
+ // via a token, check the token.
+ if ($settings['token_view']) {
+
+ // If the token matches the webform, allow it through.
+ if ($context['token'] == $webform_submission->token->value) {
+ return $cachedAllowed;
+ }
+ }
+ }
+
$cachedForbidden = AccessResult::forbidden()
->cachePerUser()
->cachePerPermissions();
$can_publish = $account->hasPermission('publish own pdfs');
+
if (!$is_sample && $can_publish) {
$entities = $this->contextManager->loadEntities($context);
diff --git a/src/Service/FillPdfLinkManipulator.php b/src/Service/FillPdfLinkManipulator.php
index 6bfaeeb24c9f9549bc18cc7794fc57c7855afc0b..aa96427c76600a3bb5fa5d4d67e3d3d001f9df45 100644
--- a/src/Service/FillPdfLinkManipulator.php
+++ b/src/Service/FillPdfLinkManipulator.php
@@ -90,6 +90,11 @@ class FillPdfLinkManipulator implements FillPdfLinkManipulatorInterface {
}
}
+ // Issue #3460893: add token to context.
+ if (!empty($query['token'])) {
+ $context['token'] = $query['token'];
+ }
+
// Merge in parsed entities.
$context += static::parseEntityIds($query);