Problem/Motivation

We have custom form access implemented with hook_ENTITY_TYPE_access(). We would like to customize the resulting "Access Denied" pages.

For anonymous users, it will need to say something like "You must login to view this form" with a login link. For authenticated users, it will sometimes need to say something like "You must logout to view this form" and sometimes give a reason why the user has no access.

Proposed resolution

I think the easiest way to do this would be if Webform::buildAccessDenied() had an alter hook allowing modules to provide their own messages. If you agree, I will implement this. Do you have another suggestion for how to accomplish this?

CommentFileSizeAuthor
#23 webform-theme-access-denied-3247771-23.patch950 bytesLiam Morland
#15 webform-webform_access_denied-3247771-15-D8.patch4.98 KBLiam Morland
#14 webform-webform_access_denied-3247771-14-D8.patch4.48 KBLiam Morland
#10 3247771-10.patch4.98 KBjrockowitz
#8 3247771-8.patch1.57 KBjrockowitz

Issue fork webform-3247771

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Liam Morland created an issue. See original summary.

Liam Morland opened merge request !67

Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland at University of Waterloo commented
Status: Active » Needs review

Created hook_webform_build_access_denied_alter().

paulocs made their first commit to this issue’s fork.

paulocs’s picture

paulocs
Primary language Portuguese, Brazil
Location Belo Horizonte
CreditAttribution: paulocs at CI&T commented

I like the idea for the new hook. I added documentation for it.

Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland at University of Waterloo commented

Thanks. I've made a few tweaks to the documentation.

jrockowitz’s picture

jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commented

@Liam I am sorry I did not respond sooner.

When I have run into similar issue where something outputted to an end-user needs to be alterable I have opted for adding a theme template so that modules and themes can alter the output

jrockowitz’s picture

jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commented
FileSize
3247771-8.patch1.57 KB

Attached is a POC, I am hoping all the existing tests pass.

Status: Needs review » Needs work

The last submitted patch, 8: 3247771-8.patch, failed testing. View results
- codesniffer_fixes.patch Interdiff of automated coding standards fixes only.

jrockowitz’s picture

jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commented
Status: Needs work » Needs review
FileSize
3247771-10.patch4.98 KB
Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland at University of Waterloo commented
Title: Add alter hook in buildAccessDenied() » Allow override of "access denied" message

Thank you. I will do a full test on Monday.

Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland at University of Waterloo commented

The patch works. I was able to change the output using hook_preprocess_HOOK(). One coding standards issue:

// This:
'variables' => ['message' => '', 'attributes' => [], ],

// Should be:
'variables' => ['message' => '', 'attributes' => []],

Or the array could be broken-up with one element per line.

Tests that fail in #10 are failing on the branch as well.

Would you like me to fix the coding standards and put this in the merge request?

jrockowitz’s picture

jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commented

If you have time, please clean up the patch.

Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland at University of Waterloo commented
FileSize
webform-webform_access_denied-3247771-14-D8.patch4.48 KB
Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland at University of Waterloo commented
FileSize
webform-webform_access_denied-3247771-15-D8.patch4.98 KB

Sorry, the last one was missing the new template.

paulocs’s picture

paulocs
Primary language Portuguese, Brazil
Location Belo Horizonte
CreditAttribution: paulocs at CI&T commented
Status: Needs review » Reviewed & tested by the community

Looks good!

jrockowitz’s picture

jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commented
Status: Reviewed & tested by the community » Fixed

Liam Morland closed merge request !67

jrockowitz’s picture

jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commented

LOL, the DA is slowly nudging me to move from patches to merge requests.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland at University of Waterloo commented

I'm trying to use this in our real-world application now. Inside hook_preprocess_webform_access_denied(), I can change the "access denied" message. However, for my use case, I need access to the Webform object. Is there any way to get this or would buildAccessDenied() need to include $webform as a property in $build?

Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland at University of Waterloo commented
FileSize
webform-theme-access-denied-3247771-23.patch950 bytes

The attached patch does what we need. Is there another way that a hook_preprocess_webform_access_denied() implementation could get the current Webform object?

jrockowitz’s picture

jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commented
Status: Closed (fixed) » Needs review
Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland at University of Waterloo commented
Version: 6.x-dev » 6.1.x-dev

Liam Morland opened merge request !105

jrockowitz’s picture

jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commented
Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.