The permissions for the following all state that they have no effect for anonymous users, but all of them work perfectly. The only thing that doesn't happen is a message being shown to anonymous users that they've already submitted a form before (which would cause a session to start):

- Access own webform submissions
- Edit own webform submissions
- Delete own webform submissions

Besides this, modules that provide permissions externally (such as OG Webform), might also need to adjust if anonymous users have access to their own submissions. Right now the webform_client_form_submit() function is hard-coded to only check Webform's own permission instead of seeing if other modules want to provide input on this action. This patch solves both problems with anonymous users.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

quicksketch’s picture

Status: Needs review » Fixed
FileSize
760 bytes

Well after letting this patch sit for a few months to see what I thought about it, I don't think I'm comfortable with adding the new access check for "save". It doesn't make sense to me looking at it now, though I still see the limitation in our existing code. Let's just fix the problem at hand right now, and make it so that the description text is accurate. Committed this patch to the D7 branch only, since it's the only affected version.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.