From 72b9e52c17dd4c6ce714c93cf677c64cdc134411 Mon Sep 17 00:00:00 2001
From: Igor Biki <ibiki@uwaterloo.ca>
Date: Fri, 30 Sep 2022 11:15:50 -0400
Subject: [PATCH 1/2] ISTWCMS-5860: Adding webform presave event subscriber to
 fix submission create permissions for migrated webforms.

---
 .../UwWebformPreSaveEventSubscriber.php       | 49 +++++++++++++++++++
 uw_cfg_common.services.yml                    |  4 ++
 2 files changed, 53 insertions(+)
 create mode 100644 src/EventSubscriber/UwWebformPreSaveEventSubscriber.php

diff --git a/src/EventSubscriber/UwWebformPreSaveEventSubscriber.php b/src/EventSubscriber/UwWebformPreSaveEventSubscriber.php
new file mode 100644
index 0000000..7f20439
--- /dev/null
+++ b/src/EventSubscriber/UwWebformPreSaveEventSubscriber.php
@@ -0,0 +1,49 @@
+<?php
+
+namespace Drupal\uw_cfg_common\EventSubscriber;
+
+use Drupal\core_event_dispatcher\EntityHookEvents;
+use Drupal\core_event_dispatcher\Event\Entity\EntityPresaveEvent;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+
+/**
+ * Fixes roles permission for submission create for webforms.
+ */
+class UwWebformPreSaveEventSubscriber implements EventSubscriberInterface {
+
+  /**
+   * {@inheritDoc}
+   */
+  public static function getSubscribedEvents(): array {
+    return [
+      EntityHookEvents::ENTITY_PRE_SAVE => 'preSave',
+    ];
+  }
+
+  /**
+   * Entity pre save dispatched event.
+   *
+   * @param \Drupal\core_event_dispatcher\Event\Entity\EntityPresaveEvent $event
+   *   Event object.
+   */
+  public function preSave(EntityPresaveEvent $event): void {
+    $entity = $event->getEntity();
+
+    if ($entity->bundle() === 'webform') {
+      /** @var \Drupal\webform\Entity\Webform $entity */
+      $access_rules = $entity->getAccessRules();
+
+      // Update webform submission access roles to be anonymous and
+      // authenticated. This will be done on EVERY webform save.
+      // Fixes migration issue with webforms. Once migration is updated and
+      // fixed, this code is no longer needed and can be removed.
+      $access_rules['create']['roles'] = [
+        'anonymous',
+        'authenticated',
+      ];
+
+      $entity->setAccessRules($access_rules);
+    }
+  }
+
+}
diff --git a/uw_cfg_common.services.yml b/uw_cfg_common.services.yml
index 28b61b8..8b0ca3c 100644
--- a/uw_cfg_common.services.yml
+++ b/uw_cfg_common.services.yml
@@ -45,3 +45,7 @@ services:
   uw_cfg_common.missing_blocks:
     class: Drupal\uw_cfg_common\Service\UWMissingBlocks
     arguments: ['@entity_type.manager', '@keyvalue.expirable', '@layout_builder.tempstore_repository']
+  uw_cfg_common.webform_save.event_subscriber:
+    class: '\Drupal\uw_cfg_common\EventSubscriber\UwWebformPreSaveEventSubscriber'
+    tags:
+      - { name: 'event_subscriber' }
-- 
GitLab


From 72d5b1194d122fd2c0964505d2e967b67786ac71 Mon Sep 17 00:00:00 2001
From: Igor Biki <ibiki@uwaterloo.ca>
Date: Wed, 5 Oct 2022 09:05:03 -0400
Subject: [PATCH 2/2] ISTWCMS-5860: Adding access denied setting for webform.

---
 src/EventSubscriber/UwWebformPreSaveEventSubscriber.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/EventSubscriber/UwWebformPreSaveEventSubscriber.php b/src/EventSubscriber/UwWebformPreSaveEventSubscriber.php
index 7f20439..f5b307a 100644
--- a/src/EventSubscriber/UwWebformPreSaveEventSubscriber.php
+++ b/src/EventSubscriber/UwWebformPreSaveEventSubscriber.php
@@ -4,6 +4,7 @@ namespace Drupal\uw_cfg_common\EventSubscriber;
 
 use Drupal\core_event_dispatcher\EntityHookEvents;
 use Drupal\core_event_dispatcher\Event\Entity\EntityPresaveEvent;
+use Drupal\webform\WebformInterface;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 
 /**
@@ -43,6 +44,9 @@ class UwWebformPreSaveEventSubscriber implements EventSubscriberInterface {
       ];
 
       $entity->setAccessRules($access_rules);
+
+      // Setting default access denied handler.
+      $entity->setSetting('form_access_denied', WebformInterface::ACCESS_DENIED_PAGE);
     }
   }
 
-- 
GitLab