Issue:
I seem to be getting Access Denied on a submission Reply page for Anonymous users. I checked all the roles for the entityform being submitted and in fact the form submits. The only issue is that the user gets a 403 when they are suppose to be delivered a confirmation page thanking them for their feedback.

I searched and found out there was a patch for this issue, but it seems to not be working for me. The issue I am referencing is : https://www.drupal.org/node/1613128 and patch that "fixes" it half way is https://www.drupal.org/files/entityform-fixed_anonymous_confirm_page-161...

This patch seems to be in beta4 and up release wise. The issue is that the patch assumes that entityform_access() aka. hook_access() is only going to be called once. Which isn't the case for me. From my testing its called 4 times. So the if logic says it works the first time and then it proceeds to the $SESSION variable that gives it the okay. Which then causes a 403 fro the next 3 calls.

I think that the session information could be cleaned up somewhere else if that is the objective in doing the

unset($_SESSION['entityform_submission']);

CommentFileSizeAuthor
#11 entityform-fix-403-for-anonymous-2842523-11-D7.patch483 bytesalexdmccabe
#4 entityform_anonymous-2842523.patch404 bytesdan kolbas
#2 entityform_anonymous-2842523.patch272 bytesdan kolbas

Comments

Dan Kolbas created an issue. See original summary.

dan kolbas’s picture

dan kolbas commented
StatusFileSize
new entityform_anonymous-2842523.patch272 bytes
dan kolbas’s picture

dan kolbas commented
dan kolbas’s picture

dan kolbas commented
StatusFileSize
new entityform_anonymous-2842523.patch404 bytes

Here is the quick patch removing that unset line of code. The first file i uploaded had bad time stamps.

joelpittet’s picture

joelpittet
he/him
Primary language English
Location Vancouver
commented
Version: 7.x-2.0-rc3 » 7.x-2.x-dev

Can you try the latest -dev release please there was some changes already in play around permissions.

joelpittet’s picture

joelpittet
he/him
Primary language English
Location Vancouver
commented
Status: Active » Needs work
dan kolbas’s picture

dan kolbas commented

joelpittet,

I downloaded the latest dev version and i still have the same issue described above, but applying my patch above on the dev branch as well seems to solve the issue.

joelpittet’s picture

joelpittet
he/him
Primary language English
Location Vancouver
commented
Status: Needs work » Needs review

@Dan Kolbas, thanks. The original issue was here #1613128: Access Denied Message on Submission Reply Page for Anonymous user where that was put in, I got that through the git blame.

With permission changes I don't want to make this kind of change lightly.

Status: Needs review » Needs work

The last submitted patch, 4: entityform_anonymous-2842523.patch, failed testing.

joelpittet’s picture

joelpittet
he/him
Primary language English
Location Vancouver
commented

The testbot failed on how the patch is created. Using git diff > name.patch would be preferred, how did you create that one?

alexdmccabe’s picture

alexdmccabe
he/him
Primary language English
Location Orlando, FL, US / Seminole lands
commented
Status: Needs work » Needs review
StatusFileSize
new entityform-fix-403-for-anonymous-2842523-11-D7.patch483 bytes

Rerolled the patch using git diff.

pixelsweatshop’s picture

pixelsweatshop commented

Tested patch in #11. Still receiving Access Denied.