When anonymous users are provided URL edit/view links with access tokens (for later editing), they can't switch back and forth between the View and Edit tabs since those tabs do not inherit the access token query string in the URL, so they go from having access to 'Access Denied.'

Would it be feasible for this module to make that happen? Or is there another creative suggestion to workaround this inconvenience for visitors?

Default View link:
http://localhost/nexamp/node/3768/submission/130

Default Edit link:
http://localhost/nexamp/node/3768/submission/130/edit

Hoping something can automatically adjust those links and append the ?token=XXXXXXXXXXXXXXXXXXX as soon as either tab is access with a token.

CommentFileSizeAuthor
Safari - www.acquia.com - CMS, Commerce, Community | Drupal | Acquia - Screen Shot June 30, 2015 at 1:23 PM.png17.98 KBamaisano
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

amaisano’s picture

amaisano CreditAttribution: amaisano commented
Issue summary: View changes
DanChadwick’s picture

DanChadwick CreditAttribution: DanChadwick commented
Status: Active » Closed (won't fix)

I think you can accomplish this using something like the solution proposed in #1344902: Provide an optional destination parameter for local actions. I don't see webform customizing its menu tabs for this, but I'm happy to listening to additional discussion from others about the technical merits. If so, please re-open with discussion.

pbosmans’s picture

pbosmans CreditAttribution: pbosmans at UC Leuven-Limburg for UC Leuven-Limburg commented

I've tesame issue here.
My setup :
- Drupal 7
- In the webform permissions, anonymous users can edit/delete there own submissions.
- In the confirmation page (and mail) i use the access token : <p>Go to your submission: <a href="/node/[node:nid]/submission/[submission:sid]?token=[submission:access-token]">Submission [submission:serial]</a></p>
This produce me a link to 'http://my.wwwdev.be/node/5354/submission/17262?token=af6fa8343c4e09e40ed...'
When the anonymous user use on this link, he can see his submission and in the admin-tabs there are three links.
'View' -> 'http://my.wwwdev.be/node/5354/submission/17262'
'edit' -> 'http://my.wwwdev.be/node/5354/submission/17262/edit'
'delete' -> 'http://my.wwwdev.be/node/5354/submission/17262/delete'
All three without the token. So when the anonymous users klicks on these link, he gets een 'access denied'.
If these links where appended with the token, the links will work for the anonymous users.

I can't get the provided solution (https://www.drupal.org/node/1344902) to work in drupal 7

pbosmans’s picture

pbosmans CreditAttribution: pbosmans at UC Leuven-Limburg for UC Leuven-Limburg commented
Status: Closed (won't fix) » Active
pbosmans’s picture

pbosmans CreditAttribution: pbosmans at UC Leuven-Limburg for UC Leuven-Limburg commented
Status: Active » Closed (won't fix)

Sorry to re-activate this issue.
I will close it again because i solved it in Drupal 7 with hook_menu_local_tasks_alter :

function yourmodule_menu_local_tasks_alter(&$data, $router_item, $root_path) {
  if (user_is_anonymous() && !strcmp($root_path,'node/%/submission/%') && isset($_GET['token'])) {
    $mytoken = $_GET['token'];
    foreach ($data['tabs'][0]['output'] as &$link) {
      $link['#link']['localized_options'] = array('query' => array('token' => $mytoken));
    }    
  }
}
Mingsong’s picture

Mingsong
Location 🇦🇺
CreditAttribution: Mingsong as a volunteer and commented

Thanks @pbosmans,

I think your solution of using hook_menu_local_tasks_alter is the best.

carlovdb’s picture

carlovdb CreditAttribution: carlovdb commented

Code in #5 works.
Bur when you edit the submission by clicking the button "save". You get the message "Acces denied" because the save button does nog know the access token.. How can you solve this?

* EDIT *
By using the acces token in the destination, this is solved