Commit 13b8d275 authored by bucefal91's avatar bucefal91 Committed by jrockowitz

Issue #2998830 by bucefal91: Provide API for checking if $account is owner of a submission

parent 27e14d81
......@@ -11,6 +11,7 @@ use Drupal\Core\Field\BaseFieldDefinition;
use Drupal\Core\Entity\ContentEntityBase;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Entity\EntityChangedTrait;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\StringTranslation\StringTranslationTrait;
use Drupal\user\Entity\User;
use Drupal\user\UserInterface;
......@@ -555,6 +556,18 @@ class WebformSubmission extends ContentEntityBase implements WebformSubmissionIn
return (bool) $this->get('sticky')->value;
}
/**
* {@inheritdoc}
*/
public function isOwner(AccountInterface $account) {
if ($account->isAnonymous()) {
return !empty($_SESSION['webform_submissions']) && isset($_SESSION['webform_submissions'][$this->id()]);
}
else {
return $account->id() === $this->getOwnerId();
}
}
/**
* {@inheritdoc}
*/
......
......@@ -60,12 +60,7 @@ class WebformAccessRulesManager implements WebformAccessRulesManagerInterface {
return $access;
}
// Check the webform submission owner.
$is_authenticated_owner = ($account->isAuthenticated() && $account->id() === $webform_submission->getOwnerId());
$is_anonymous_owner = ($account->isAnonymous() && !empty($_SESSION['webform_submissions']) && isset($_SESSION['webform_submissions'][$webform_submission->id()]));
$is_owner = ($is_authenticated_owner || $is_anonymous_owner);
if ($is_owner && isset($access_rules[$operation . '_own']) && $this->checkAccessRule($access_rules[$operation . '_own'], $account)) {
if ($webform_submission->isOwner($account) && isset($access_rules[$operation . '_own']) && $this->checkAccessRule($access_rules[$operation . '_own'], $account)) {
return AccessResult::allowed()->cachePerUser()->addCacheableDependency($access);
}
......
......@@ -2113,17 +2113,8 @@ class WebformSubmissionForm extends ContentEntityForm {
// Allow anonymous and authenticated users edit own submission.
/** @var \Drupal\webform\WebformSubmissionInterface $webform_submission */
$webform_submission = $this->getEntity();
if ($webform_submission->id()) {
if ($this->currentUser()->isAnonymous()) {
if (!empty($_SESSION['webform_submissions']) && in_array($webform_submission->id(), $_SESSION['webform_submissions'])) {
return FALSE;
}
}
else {
if ($webform_submission->getOwnerId() === $this->currentUser()->id()) {
return FALSE;
}
}
if ($webform_submission->id() && $webform_submission->isOwner($this->currentUser())) {
return FALSE;
}
// Get the submission owner and not current user.
......
......@@ -2,6 +2,7 @@
namespace Drupal\webform;
use Drupal\Core\Session\AccountInterface;
use Drupal\user\EntityOwnerInterface;
use Drupal\Core\Entity\ContentEntityInterface;
use Drupal\user\UserInterface;
......@@ -239,6 +240,17 @@ interface WebformSubmissionInterface extends ContentEntityInterface, EntityOwner
*/
public function isSticky();
/**
* Test whether the provided account is owner of this webform submission.
*
* @param \Drupal\Core\Session\AccountInterface $account
* Account whose ownership to test.
*
* @return bool
* Whether the provided account is owner of this webform submission.
*/
public function isOwner(AccountInterface $account);
/**
* Checks submission notes.
*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment