Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I would like to share to the community the custom module I made. It is a module which can set a role permission for every webform fields. For a field that has a role permission can only be access/view by that role.
Comments
Comment #1
yogev004 CreditAttribution: yogev004 commentedComment #2
quicksketchCould you post the module? Looks like your upload may be missing. I'd like to integrate a similar feature directly into Webform if you're interested in writing it as a patch instead of a separate module. See #313639: Public vs. private components .
Comment #3
yogev004 CreditAttribution: yogev004 commentedhere is the module I made.
Comment #4
mherchelThis is exactly what I was looking for. Can this either be
1) Set up as its own Drupal project (my company may be interested in sponsorship) or
2) Integrated into Webform (I know that getting new features integrated may be a PITA)?
Thanks!
Comment #5
drfuzetto CreditAttribution: drfuzetto commentedthis module is great!
Thank you!
Comment #6
vernond CreditAttribution: vernond commented@quicksketch & yogev004: I'll give this a go as a patch - it fits in nicely with development I'm currently doing. Further feedback on/by 06 June 2011
Comment #7
vernond CreditAttribution: vernond commentedDo we want:
a) to limit role-based access to a component (and its value/s) purely to the client forms; or,
b) include table listings, downloads etc. in the limitation?
Seems to make sense that there could be authenticated roles to whom "super-admin" would want to restrict access to certain kinds of information, e.g. a "junior" admin could access a submitted name and telephone number, but not be able to get that same submissions email address, or other information deemed to be "sensitive". This sensitive information would, obviously then, be accessible to a more privileged role.
The idea is to restrict access to information, yet retain access to webform features for all qualified roles.
I guess that this could go some way to integrating (duplicating?) some of the webform_report functionality if we're not careful :-)
Being as how the direction of development here is towards a webform patch, the plan at the moment is to add a role-id array to the webform_component.extra field with the additional fieldset on the webform_component_edit_form. It doesn't seem necessary to create additional database IO.
What say you?
Comment #8
quicksketchThe way I see this working is really quite simple. If you have access to the "Results" tab of a Webform, you are considered an "Admin" and have access to all private components when viewing and (if allowed to edit) editing submissions. I don't really want to implement per-role access to components personally, though if that became enabled (API-wise) through these changes, I wouldn't be opposed. Rather than "field permissions" which seems a bit more complex (from an end-user stand-point), I'd really like to pursue something more along the lines of #313639: Public vs. private components .
Comment #9
mherchelIn my particular use case, I need the functionality to limit webform form components based on user role. Although, table listings, downloads would be nice, I can't think of a use where I would need them.
Thanks!
Comment #10
vernond CreditAttribution: vernond commentedHere are non-standard p0 patches for webform.module and webform.components.inc of Webform 6.x-3.11 for the time being. I'm busy wading through the morass of information around getting properly set up with git and will post standard patches as soon as I have any idea at all what I'm supposed to be doing.
A 'Private' checkbox has been added to 'Form components' (next to the Mandatory checkbox) and to the component edit form (at the bottom of the 'Display' fieldset). If user does not have 'access all webform results' permissions, the checkboxes are visible but disabled.
In my rudimentary testing, private fields were not displayed on client forms when form was viewed by an anonymous user, or by an authenticated user without 'access all webform results' permission.
Comment #11
quicksketchHi vernond! This looks pretty great. A few things that need adjustment:
- Put two spaces before
global $user
.- I don't thing that "Private" is important enough to list on the main component listing page at node/x/webform. Users regularly make fields required, but making a field Private I'm guessing will be a much less common situation.
- We should be checking both permissions for "access all webform results" and "access own webform results". Or even better we should just re-use the existing webform_results_access() function.
- We don't need to be so parenthesis heavy. This code:
could simply be:
It's okay to roll two separate patches (though I find it easier just to do "git diff > patch.txt" which works on all files in that directory), but next time just upload them individually so I don't have to untar them to do the review. Thanks! This is looking great! It's much simpler than I would have expected. :D
Comment #12
vernond CreditAttribution: vernond commentedCool, thanks for the review quicksketch:
- making use of webform_results_access got rid of redundant global $user bits;
- removed Private checkbox from component listing page;
- made description text a little more descriptive on component edit page;
- tidied up the condition check in _webform_client_form_rule_check;
- went easier on parenthesisesses :-)
I toyed briefly with the idea of not showing the disabled Private checkbox to ineligible users on component edit page at all, but then realised that they would need some idea of why a listed component is not showing on their form view (which was the main motivation for originally showing the checkbox on the component listing page as well).
Still wrestling with git, so 'old style' patches attached:
Comment #13
quicksketchThanks again vernond! I promise I'll also get back to you RE: maintainership too. But as you may have noticed, I'm a lot better at the issue queue than I am my e-mail inbox. ;)
A few more points:
if (webform_component_feature($component['type'], 'private')) {
.I still can't believe how simple this patch is. Great work!
Comment #14
vernond CreditAttribution: vernond commentedRighty ho, take 3:
- removed private from GET (and also the hidden field on component form);
- fixed sentence case in two comments;
- I had already placed the Private checkbox on component edit form within the condition that checks if this component should have a Display fieldset to avoid worry about which components the users try to make Private -> if it has no display settings fieldset (such as pagebreak component) then the Private checkbox is not visible and therefore does not apply. I think this achieves the same end as what you describe.
I too spend some time pretty much daily going through the posted issues, so if there's something you would like me to pick up on just leave a note on the issue in the queue.
Comment #15
aerozeppelin CreditAttribution: aerozeppelin commented#3 Thank you, your module is soo useful!
Comment #16
vernond CreditAttribution: vernond commented@quicksketch - patches for 6 and 7 branches attached for review.
Comment #17
mherchel@vernond - the links to those patch files don't work.
Comment #18
vernond CreditAttribution: vernond commented@mherchel - trying again with pound signs removed from file names.
Comment #19
vernond CreditAttribution: vernond commentedCommitted to both branches
Comment #20
vernond CreditAttribution: vernond commentedNew webform releases for D6 & D7 include the requested feature
Comment #21
mvidelgauz CreditAttribution: mvidelgauz commentedHello!
I am very interested in this feature. I have downloaded latest version, but I can't see where field permissions can be set. Can anyone throw a tip?
Thank you very much!
Comment #22
vernond CreditAttribution: vernond commentedWhen you edit a component you will see a checkbox called Private at the of the Display fieldset. Check this box to make the field visible to admins only.
Comment #23
jestrada2011 CreditAttribution: jestrada2011 commentedHello yogev004 !
I greet you from Guatemala. He has called the attention of your module. I think it's great. I took the confidence and freedom to use part of their code to make a version for Drupal 7. But before sharing with the community, I wonder if you agree with this. I await your confirmation. Greetings again.
Comment #25
quicksketchUpdating title as I was having trouble finding this issue.
Comment #26
jplascencia CreditAttribution: jplascencia commentedIs it possible to add it to my drupal installation?
I'm working with Webform 7.x-3.18 and this is my second week using Drupal and this is my first comment (pls forgive me if I'm doing something wrong).
Thanks.
Comment #27
vernond CreditAttribution: vernond commented@jplascencia - see post #22 above.
Comment #28
sydneyDK CreditAttribution: sydneyDK commentedA question in regards to to the 2 to 3 patches posted above. Do I need to apply all the patches or the last one only? In other words, does the last patch include all the corrections from the previous patches? Is there a .zip of the module that has all the patches incorporated available?
Thanks!
Comment #29
vernond CreditAttribution: vernond commented@sydneyDK - the patches have been committed to the project. You should see the Private checkbox as the last field in the DISPLAY fieldset on the component edit page.
Comment #30
alex.skrypnyk@vernond
Has this been committed to 4.x branch?
Comment #31
quicksketchPrivate fields seem to be broken currently. Let's continue in the bug report filed at #1698438: Private fields are not hidden, including dependent fields.