When I select the option "Delete submissions immediately", and I have my Redirection location set to "Confirmation page" with a confirmation message set up, after submitting the form I am redirected to a page with a URL similar to: mywebsite.com/node/1/done?sid=10. However instead of seeing my confirmation message I am shown the following error:

"Access denied"
You are not authorized to access this page.

Is it not possible to redirect to the default "Confirmation page" when using this module? I did not see that documented anywhere...

Comments

ladybug_3777’s picture

ladybug_3777 CreditAttribution: ladybug_3777 commented

I should add I am using Webform 7.x-4.0-beta3 (also just tried version rc3)

ladybug_3777’s picture

ladybug_3777 CreditAttribution: ladybug_3777 commented

It looks like the denied access is coming from the webform.module function for webform_confirmation_page_access($node);

/**
 * Access function for confirmation pages.
 *
 * @param $node
 *   The webform node object.
 *
 * @return
 *  Boolean whether the user has access to the confirmation page.
 */
function webform_confirmation_page_access($node) {
  global $user;

  // Make sure SID is a positive integer.
  $sid = (!empty($_GET['sid']) && (int) $_GET['sid'] > 0) ? (int) $_GET['sid'] : NULL;

  if ($sid) {
    module_load_include('inc', 'webform', 'includes/webform.submissions');
    $submission = webform_get_submission($node->nid, $sid);
  }
  else {
    $submission = NULL;
  }

  if ($submission) {
    // Logged-in users.
    if ($user->uid) {
      // User's own submission.
      if ($submission->uid === $user->uid && node_access('view', $node)) {
        return TRUE;
      }
      // User has results access to this submission.
      elseif (webform_submission_access($node, $submission)) {
        return TRUE;
      }
    }
    // Anonymous user for their own submission. Hash of submission data must
    // match the hash in the query string.
    elseif ((int) $user->uid === 0 && (int) $submission->uid === 0) {
      $hash_query = !empty($_GET['token']) ? $_GET['token'] : NULL;
      $hash = md5($submission->submitted . $submission->sid . drupal_get_private_key());
      if ($hash_query === $hash) {
        return TRUE;
      }
    }
  }

  return FALSE;
}

The issue here is that the variable $submission is empty since the submission has been deleted, which ends up returning FALSE for the access.

Not sure the best way to address this, seems like there should be something in place that will allow the page to show the confirmation message even if the submission has been deleted.

ladybug_3777’s picture

ladybug_3777 CreditAttribution: ladybug_3777 commented

Please see this page for a patch that attempts to address this issue:

https://drupal.org/node/2275943

Robert Castelo’s picture

Robert Castelo CreditAttribution: Robert Castelo commented
Status: Active » Fixed

ladybug_3777 so looks like your Webform patch got committed (well done!).

I'm closing this issue as I assume the latest version of Webform fixes the problem.

ladybug_3777’s picture

ladybug_3777 CreditAttribution: ladybug_3777 commented

Yes, it did. Thanks Robert!!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.