Public vs. private components

If I'm understanding you, you mean "public" in that end-users will see the fields when submitting values, but only administrators will see certain fields when editing the values. Is this correct?

You can already do something similar with "hidden" elements, in that they're only visible when views/editing an existing submission. There aren't any plans currently to make other fields have this behavior.

I have a need for user field visibility settings in webform (like field creation functions in user 'Profiles' field creation function under 'User Management'.)

Can the field 'Visibility' user settings be offered as part of webform field creation?

e.g. (from the 'Profiles' field creation tool in 'User Management']:

Visibility:
[ ] Hidden profile field, only accessible by administrators, modules and themes.
[ ] Private field, content only available to privileged users.
[ ] Public field, content shown on profile page but not used on member list pages.
[ ] Public field, content shown on profile page and on member list pages.

We only want to display certain fields publicly in the public form record... and privileged or admin site users would be able to view and edit private fields only viewable in a private version of the form...

Also, if you are asking for a form submitter to enter confidential/contact information in form entry fields, you often do not want that displayed in the public view of the record - like someone's email, phone number, address, etc.

Any chance that user visibility field functionality can be added to webform?

Moving to the 3.x issue queue.

Subscribe.

I would like to see this feature soon, as a hidden field can only be used as a text box, but cannot be used as a checkbox or radio button. It would be good to have a visibility setting associated with every field.

+1

subscribing

This would definitely be a great feature, especially as the ability to create hidden fields that a webform admin could edit has been rolled back in version 3.x. Glad it's on the roadmap.

+1 (subscribing)

I'd like to upgrade from Webform 2.x to Webform 3.x, but we've got some internal workflows that make use of forms with admin-only editable Webform components. Until real support for public/private components gets added, is there any reason I shouldn't modify the hidden component so that _webform_render_component() treats hidden fields as text fields if the user has the permission "edit all webform submissions"?

I can see where this isn't really a good general solution, but it seems like it might work for my situation, and I'm wondering if people with more experience see any pitfalls.

/**
 * Implementation of _webform_render_component().
 */
function _webform_render_hidden($component, $value = NULL, $filter = TRUE) {
  $element = array(
    '#type' => 'hidden',
    '#title' => $filter ? _webform_filter_xss($component['name'] ." (hidden)") : $component['name'] ." (hidden)" ,
    '#default_value' => $filter ? _webform_filter_values($component['value']) : $component['value'],
    '#weight' => $component['weight'],
  );
  
  // Stopgap until Public/Private components is implemented
  // if the user can edit all webform submissions, treat the hidden field
  //  as an editable text field when building the form
  if( user_access('edit all webform submissions')  ) {
      $element['#type'] = 'textfield';
  }

  if (isset($value[0])) {
    $element['#default_value'] = $value[0];
  }

  return $element;
}

subscribing

In complement to comment #12, if you dont want to modify webform code itself, you can still put that in your own module:

function my_module_form_alter(&$form, &$form_state, $form_id) {
        if ($form_id == 'my_webform_id') {
                if(user_access('edit all webform submissions'))
                        $form['my_hidden_field_internal_name']['#type'] = 'textfield';
        }
}

Thanks for the above - very useful.

To clarify, my_webform_id was 'webform_client_form_[nid]' for this.

And instead of my_hidden_field_internal_name, I had to use $form['submitted']['my_component_name']['#type'] = 'textfield';

Not sure where the submitted part comes from though...

Any news about the possibility for administrators to edit hidden fields in version 6-3?

Thanks a lot in advance, this feature would be very important to me.

subscribing

Yep, I have also had the same request (and kept saying 'No' for several months). Finally, I decided to take a crack at this issue.

Right now, I only need administrator only webform component access controls so my below code is very basic. The concept is if a webform component's 'Field key' (aka form_key) is prefixed with 'admin_' then the webform component (aka form field) is only accessible to administrators. In my code an administrator is anyone who can update the webform's node.

Using #access is more secure, it insures that a general user will never see an admin only webform component. Also, this approach should allow any webform component to be accessible to admins only. I like the concept of only allowing only admins to upload certain file to a webform submissions.

Personally, I am not convinced this feature should be included in the webform.module. A webform is primarily meant to collect data, not manage it. This functionality might make more sense as an webform add-on module. Also, the more complete approach might be to add an additional field to the webform component edit form that says something like 'Restrict edit access to this component to only these user roles' with the site's user roles as checkboxes.

Hope this helps.

// Below code is for Drupal 6.

/**
 * Implementation of hook_form_alter(). 
 */
function mymodule_form_alter(&$form, &$form_state, $form_id) {
  // Set #access for admin components.
  if (strpos($form_id, 'webform_client_form_') === 0) {
    $access_admin_components = node_access('update', $form['#node']);
    _mymodule_check_admin_component_access_recursive($form['submitted'], $access_admin_components);
}

/**
 * Recursively set admin component access.
 */
function _mymodule_check_admin_component_access_recursive(&$form, $access_admin_components = FALSE) {
  foreach ($form as $name => &$field) {
    // Skip form properties and fields that are not arrays.
    if (strpos($name, '#') === 0 || !is_array($field)) {
      continue;
    }

    // Webform admin component must begin with admin_*
    if (strpos($name, 'admin_') === 0) {
      $field['#access'] = $access_admin_components;
    }

    // Recurse through all the webform's fields.
    _mymodule_check_admin_component_access_recursive($field, $access_admin_components);
  }
}

/**
 * Implement of hook_form_FORM_ID_alter().
 */
function mymodule_form_webform_component_edit_form_alter(&$form, &$form_state) {
  // Append some help to 'Field Key' description.
  $value = (!empty($form['form_key']['#value'])) ? $form['form_key']['#value'] : $form['form_key']['#default_value'];
  $example = (strpos($value, 'admin_') === 0) ? $value : 'admin_'. $value;
  $t_args = array('%title' => $form['form_key']['#title'], '%example' => $example, '%prefix' => 'admin_');
  $form['form_key']['#description'] .= '<br/>'. t('To create a webform component that is only visible to <b>administrators only</b>, just prefix the %title with %prefix. (i.e %example)', $t_args);
}

Thank you, jrockowitz -- I just tried this code out in my module and it works beautifully!

I've made a patch on something similar that I wouldn't mind additional reviews/testing on here: http://drupal.org/node/1054650#comment-4601648

At comment 17. I'm a complete newbie to Drupal and I would like to know where do I add this code? I added it to the bottom of the webform.module file, but I still could not edit the hidden field value. So not sure if I added it to the correct file. Please help as I need to be able to edit hidden values after the form has been submitted. Thanks in advance.

@xylum

You need to create a new module..

You have to create a new directory [yourmodulename] and paste the code into a [yourmodulename].module file and create a [yourmodulename].info file

Where [yourmodulename] is the name of your module. For example if you called the module webform_private

You need to create a webform_private directory and have two files inside there called webform_private.module and webform_private.info

See http://drupal.org/node/206753 for more information.

New webform releases for D6 and D7 include this feature

By the way, just noticed that this fix in the 3.13 and onward is implemented a different way from the above code. It's just an option in the UI now, doesn't require a particular field name.

Yeah as mentioned by @thomasmurphy and @vernond, this feature was implemented directly in the module as part of this issue: #1054650: Webform Fields Permission (private components).