I'm not 100% sure that this is a bug, but I wanted to report it in case other people ran across this issue...
Problem/Motivation
We've got a webform to collect job applications:
1. This webform includes a private file attachment field for the resume.
2. Anonymous users are allowed to create submissions.
3. The file attachment field has "Element access" settings to allow only administrative users to "View webform submission".
4. There is a handler set up to send an email with the submission values ([webform_submission:values]) to administrative users.
5. The email should include a link to the private file.
If the form is submitted by an administrative user, the link to the private file *is* included. If it's submitted by an anonymous user, the link to the private file *is not* included.
This is because of a call to WebformElementBase::checkAccessRules() by WebformSubmissionViewBuilder::buildElements(). $element['#access_view_roles'] is set for the file field, and administrative users are allowed while anonymous users are not.
Proposed resolution
To work around / solve this, we changed the "Element access" settings mentioned above to allow both anonymous and authenticated users to "View webform submission". Leaving this setting blank did not work. Making this change was acceptable because we had other access restrictions set to prevent anonymous users from viewing submissions at all.
Questions
Because of item 3 above, this *may* be the expected behavior. Is this the case? If so, it's a bit confusing that the "Element access" would carry over to the contents of the email and would then be dependent on the user filling out and submitting the form. It doesn't seem like the email should be different based on the permissions of the submitter.
Should the email be allowed to just include everything, regardless of permissions? Then, the site builder would be responsible for sending the right content to the right recipients. Actual access to any link would end up being controlled by the site once the recipient clicked on it.
Comment | File | Size | Author |
---|---|---|---|
#9 | email_sent_via_handler-2885507-8.patch | 37.39 KB | jrockowitz |
| |||
#7 | Screen Shot 2017-06-21 at 7.06.31 AM.png | 61.69 KB | jrockowitz |
#5 | email_sent_via_handler-2885507-4.patch | 36.77 KB | jrockowitz |
Comments
Comment #2
jrockowitz CreditAttribution: jrockowitz as a volunteer and at The Big Blue House commentedYES!!! This will require some work and test coverage.
I think we might have to include a link to the private file that redirects to the user login page if the user can't access private webform file upload.
Comment #5
jrockowitz CreditAttribution: jrockowitz as a volunteer and at The Big Blue House commentedComment #7
jrockowitz CreditAttribution: jrockowitz as a volunteer and at The Big Blue House commentedYou will now have to explicitly decide if access controls should be ignored.
This is tricky because the absolute last thing we want to happen is accidently including private elements in emails generated by anonymous users.
Comment #9
jrockowitz CreditAttribution: jrockowitz as a volunteer and at The Big Blue House commentedComment #12
jrockowitz CreditAttribution: jrockowitz as a volunteer and at The Big Blue House commented