Problem/Motivation

We built a custom export solution based on the WebformSubmissionExporter for regular users. The process is that they can create events, a webform is automatically attached and they have a button to download *only* the submissions that reference their node.

#3006765: Webform submission entity access is not enforced in view query broke this, as the access check runs and denies access to these submissions because the user correctly doesn't have the view permission. There doesn't seem to be a way to either opt out of the access check for the generated query or an easy way to influence the query alter logic to allow access in this case.

getQuery() seems to be public, so I suppose I could get the count easily, but the export itself then would be

Proposed resolution

Maybe there could be an flag to prevent webform_query_webform_submission_access_alter() from running, e.g. $query->getMetaData('webform_no_access_check') == TRUE.

Alternatively, I just realized I could inline getTotal() as well as generate() into my code as all the methods they seem to call are public, surprised to see that all those things are considered part of the API.

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

CommentFileSizeAuthor
#4 3020874-4.patch636 bytesjrockowitz

Comments

Berdir created an issue. See original summary.

jrockowitz’s picture

jrockowitz commented

I just to confirm that you can't directly use $query->accessCheck(FALSE) documented in the change record.

I am not sure how you are invoking the download but if you are specifying custom export options we can probably add $export_options['check_access'] support to \Drupal\webform\WebformSubmissionExporter::getQuery.

berdir’s picture

berdir
Primary language German
Location Switzerland
commented

Well, the query is built internally, I could only access the query if I duplicate those two methods, which I'd like to avoid if possible.

An exporter option sounds like an interesting idea, yes.

jrockowitz’s picture

jrockowitz commented
Status: Active » Needs review
StatusFileSize
new 3020874-4.patch636 bytes

Because the exporter UI and Drush already have access checking, I think it is safe and smart to remove access checking from the submission exporter query.

@Berdir Does this sound like a reasonable assumption?

berdir’s picture

berdir
Primary language German
Location Switzerland
commented

Fine with me if you don't see a problem with it.

jrockowitz’s picture

jrockowitz commented
Status: Needs review » Reviewed & tested by the community

  • jrockowitz committed 10a11ae on 8.x-5.x 
    Issue #3020874 by jrockowitz: [regression] WebformSubmissionExporter::...
jrockowitz’s picture

jrockowitz commented
Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.