ISTWCMS-5863 Authenticated webforms should properly enforce individual user access

ISTWCMS-5863 Authenticated webforms should properly enforce individual user access

uw_cfg_common.module

@@ -1022,6 +1022,22 @@ function uw_cfg_common_webform_access(WebformInterface $webform, string $operati
         return AccessResult::forbidden();
       }
       break;
+
+    case 'user':
+      // Must be authenticated for group auth.
+      if (!$account->isAuthenticated()) {
+        return AccessResult::forbidden();
+      }
+
+      // Get all users when selecting 'Users specified below' under
+      // admin/structure/webform/manage/WEBFORM_ID/access.
+      $create_user_ids = $webform->getAccessRules()['create']['users'];
+
+      // If the logged in user is not a specified user, get access denied.
+      if (!in_array($account->id(), $create_user_ids)) {
+        return AccessResult::forbidden();
+      }
+      break;
   }
 
   return AccessResult::neutral();