Skip to content
Snippets Groups Projects

ISTWCMS-5863 Authenticated webforms should properly enforce individual user access

Merged ISTWCMS-5863 Authenticated webforms should properly enforce individual user access
feature/ISTWCMS-5863-l26yan-Authenticated-webforms-enforce-individual-user-access into 1.1.x
Merged Lily Yan requested to merge feature/ISTWCMS-5863-l26yan-Authenticated-webforms-enforce-individual-user-access into 1.1.x
Compare
and
Show latest version
1 file
+ 2
5
Compare changes
  • Side-by-side
  • Inline
uw_cfg_common.module
+ 2
5
@@ -1033,11 +1033,8 @@ function uw_cfg_common_webform_access(WebformInterface $webform, string $operati
// admin/structure/webform/manage/WEBFORM_ID/access.
$create_user_ids = $webform->getAccessRules()['create']['users'];
// Get current logged in user id.
$current_user_id = \Drupal::currentUser()->id();
// If the logged user is in not a specified user, get access denied.
if (!in_array($current_user_id, $create_user_ids)) {
// If the logged in user is not a specified user, get access denied.
if (!in_array($account->id(), $create_user_ids)) {
return AccessResult::forbidden();
}
break;