When attempting to implement my own custom permissions hook with webform, restricting the results further, I was unable to do so with the stock module. My module looked like nothing more than so:

function nnlm_core_webform_results_access($node, $account){
  return FALSE;
}

Looking at the code that invokes this hook, we see the following:

function webform_results_access($node, $account = NULL) {
  global $user;
  $account = isset($account) ? $account : $user;

  $module_access = count(array_filter(module_invoke_all('webform_results_access', $node, $account))) > 0;

  return node_access('view', $node, $account) && ($module_access || user_access('access all webform results', $account) || (user_access('access own webform results', $account) && $account->uid == $node->uid));
}

If my hook returns false, the user will still be able to access the results as long as the permissions of the webform module allow it. Which is fine, but it would be nice if the documentation clarified that. Currently, it implies (at least to me) that I can restrict access by returning false.

Comments

quicksketch’s picture

quicksketch
he/him
CreditAttribution: quicksketch commented

Thanks for opening this issue. Looks like you're correct. If Webform grants access (via the normal permissions) then access is granted even if you return FALSE.

DanChadwick’s picture

DanChadwick CreditAttribution: DanChadwick commented
Issue summary: View changes
Status: Active » Fixed

Minor addition to docblock. Committed to 7.x-4.x and 8.x.

  • DanChadwick committed e9e81a4 on 7.x-4.x 
    Issue #2099859 by DanChadwick: Clarify documentation of...
  • DanChadwick committed 1426948 on 8.x-4.x
    Issue #2099859 by DanChadwick: Clarify documentation of...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.