From fab5bc82adc018e8eddcafdda6fe22cece0b3ec5 Mon Sep 17 00:00:00 2001
From: Eric Bremner <ebremner@Erics-MacBook-Pro.local>
Date: Wed, 4 Sep 2024 11:45:58 -0400
Subject: [PATCH] ISTWCMS-6480: add patch from
 https://www.drupal.org/project/fillpdf/issues/3460893

---
 fillpdf.services.yml                   |  2 +-
 src/FillPdfAccessHelper.php            | 50 +++++++++++++++++++++++++-
 src/Service/FillPdfLinkManipulator.php |  5 +++
 3 files changed, 55 insertions(+), 2 deletions(-)

diff --git a/fillpdf.services.yml b/fillpdf.services.yml
index 5402f8c..d0bdfe5 100644
--- a/fillpdf.services.yml
+++ b/fillpdf.services.yml
@@ -31,7 +31,7 @@ services:
 
   fillpdf.access_helper:
     class: Drupal\fillpdf\FillPdfAccessHelper
-    arguments: ["@fillpdf.link_manipulator", "@fillpdf.context_manager"]
+    arguments: [ "@fillpdf.link_manipulator", "@fillpdf.context_manager", "@module_handler" ]
 
   fillpdf.token_resolver:
     class: Drupal\fillpdf\TokenResolver
diff --git a/src/FillPdfAccessHelper.php b/src/FillPdfAccessHelper.php
index 9589b07..f7e5a7b 100644
--- a/src/FillPdfAccessHelper.php
+++ b/src/FillPdfAccessHelper.php
@@ -3,8 +3,10 @@
 namespace Drupal\fillpdf;
 
 use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Extension\ModuleHandlerInterface;
 use Drupal\Core\Session\AccountInterface;
 use Drupal\Core\Url;
+use Drupal\webform\Entity\WebformSubmission;
 
 /**
  * {@inheritdoc}
@@ -27,6 +29,13 @@ class FillPdfAccessHelper implements FillPdfAccessHelperInterface {
    */
   protected $contextManager;
 
+  /**
+   * The module handler service.
+   *
+   * @var \Drupal\Core\Extension\ModuleHandlerInterface
+   */
+  protected $moduleHandler;
+
   /**
    * Constructs a FillPdfAccessManager object.
    *
@@ -34,10 +43,17 @@ class FillPdfAccessHelper implements FillPdfAccessHelperInterface {
    *   The FillPDF link manipulator.
    * @param \Drupal\fillpdf\FillPdfContextManagerInterface $context_manager
    *   The FillPDF context manager.
+   * @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler
+   *   The module handler.
    */
-  public function __construct(FillPdfLinkManipulatorInterface $link_manipulator, FillPdfContextManagerInterface $context_manager) {
+  public function __construct(
+    FillPdfLinkManipulatorInterface $link_manipulator,
+    FillPdfContextManagerInterface $context_manager,
+    ModuleHandlerInterface $module_handler
+  ) {
     $this->linkManipulator = $link_manipulator;
     $this->contextManager = $context_manager;
+    $this->moduleHandler = $module_handler;
   }
 
   /**
@@ -74,10 +90,42 @@ class FillPdfAccessHelper implements FillPdfAccessHelperInterface {
       return $cachedAllowed;
     }
 
+    // Issue 3460893: Check if there is a token and that
+    // the webform allows for users to view their
+    // submission.
+    if (
+      $this->moduleHandler->moduleExists('webform') &&
+      isset($context['token']) &&
+      isset($context['fid']) &&
+      isset($context['entity_ids']) &&
+      count($context['entity_ids']) > 0
+    ) {
+
+      // Load the webform submission.
+      $webform_submission = WebformSubmission::load(current($context['entity_ids']['webform_submission']));
+
+      // Load the actual webform.
+      $webform = $webform_submission->getWebform();
+
+      // Get the settings for the webform.
+      $settings = $webform->getSettings();
+
+      // If the webfom allows for users to view their submission
+      // via a token, check the token.
+      if ($settings['token_view']) {
+
+        // If the token matches the webform, allow it through.
+        if ($context['token'] == $webform_submission->token->value) {
+          return $cachedAllowed;
+        }
+      }
+    }
+
     $cachedForbidden = AccessResult::forbidden()
       ->cachePerUser()
       ->cachePerPermissions();
     $can_publish = $account->hasPermission('publish own pdfs');
+
     if (!$is_sample && $can_publish) {
       $entities = $this->contextManager->loadEntities($context);
 
diff --git a/src/Service/FillPdfLinkManipulator.php b/src/Service/FillPdfLinkManipulator.php
index 6bfaeeb..aa96427 100644
--- a/src/Service/FillPdfLinkManipulator.php
+++ b/src/Service/FillPdfLinkManipulator.php
@@ -90,6 +90,11 @@ class FillPdfLinkManipulator implements FillPdfLinkManipulatorInterface {
       }
     }
 
+    // Issue #3460893: add token to context.
+    if (!empty($query['token'])) {
+      $context['token'] = $query['token'];
+    }
+
     // Merge in parsed entities.
     $context += static::parseEntityIds($query);
 
-- 
GitLab