ISTWCMS-6480: add patch from https://www.drupal.org/project/fillpdf/issues/3460893

fillpdf.services.yml

@@ -31,7 +31,7 @@ services:
 
   fillpdf.access_helper:
     class: Drupal\fillpdf\FillPdfAccessHelper
-    arguments: ["@fillpdf.link_manipulator", "@fillpdf.context_manager"]
+    arguments: [ "@fillpdf.link_manipulator", "@fillpdf.context_manager", "@module_handler" ]
 
   fillpdf.token_resolver:
     class: Drupal\fillpdf\TokenResolver

src/FillPdfAccessHelper.php

@@ -3,8 +3,10 @@
 namespace Drupal\fillpdf;
 
 use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Extension\ModuleHandlerInterface;
 use Drupal\Core\Session\AccountInterface;
 use Drupal\Core\Url;
+use Drupal\webform\Entity\WebformSubmission;
 
 /**
  * {@inheritdoc}
@@ -27,6 +29,13 @@ class FillPdfAccessHelper implements FillPdfAccessHelperInterface {
    */
   protected $contextManager;
 
+  /**
+   * The module handler service.
+   *
+   * @var \Drupal\Core\Extension\ModuleHandlerInterface
+   */
+  protected $moduleHandler;
+
   /**
    * Constructs a FillPdfAccessManager object.
    *
@@ -34,10 +43,17 @@ class FillPdfAccessHelper implements FillPdfAccessHelperInterface {
    *   The FillPDF link manipulator.
    * @param \Drupal\fillpdf\FillPdfContextManagerInterface $context_manager
    *   The FillPDF context manager.
+   * @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler
+   *   The module handler.
    */
-  public function __construct(FillPdfLinkManipulatorInterface $link_manipulator, FillPdfContextManagerInterface $context_manager) {
+  public function __construct(
+    FillPdfLinkManipulatorInterface $link_manipulator,
+    FillPdfContextManagerInterface $context_manager,
+    ModuleHandlerInterface $module_handler
+  ) {
     $this->linkManipulator = $link_manipulator;
     $this->contextManager = $context_manager;
+    $this->moduleHandler = $module_handler;
   }
 
   /**
@@ -74,10 +90,42 @@ class FillPdfAccessHelper implements FillPdfAccessHelperInterface {
       return $cachedAllowed;
     }
 
+    // Issue 3460893: Check if there is a token and that
+    // the webform allows for users to view their
+    // submission.
+    if (
+      $this->moduleHandler->moduleExists('webform') &&
+      isset($context['token']) &&
+      isset($context['fid']) &&
+      isset($context['entity_ids']) &&
+      count($context['entity_ids']) > 0
+    ) {
+
+      // Load the webform submission.
+      $webform_submission = WebformSubmission::load(current($context['entity_ids']['webform_submission']));
+
+      // Load the actual webform.
+      $webform = $webform_submission->getWebform();
+
+      // Get the settings for the webform.
+      $settings = $webform->getSettings();
+
+      // If the webfom allows for users to view their submission
+      // via a token, check the token.
+      if ($settings['token_view']) {
+
+        // If the token matches the webform, allow it through.
+        if ($context['token'] == $webform_submission->token->value) {
+          return $cachedAllowed;
+        }
+      }
+    }
+
     $cachedForbidden = AccessResult::forbidden()
       ->cachePerUser()
       ->cachePerPermissions();
     $can_publish = $account->hasPermission('publish own pdfs');
+
     if (!$is_sample && $can_publish) {
       $entities = $this->contextManager->loadEntities($context);
 

src/Service/FillPdfLinkManipulator.php

@@ -90,6 +90,11 @@ class FillPdfLinkManipulator implements FillPdfLinkManipulatorInterface {
       }
     }
 
+    // Issue #3460893: add token to context.
+    if (!empty($query['token'])) {
+      $context['token'] = $query['token'];
+    }
+
     // Merge in parsed entities.
     $context += static::parseEntityIds($query);