Here is a trick for GDPR : every user who fills a form should be able to view, edit and delete his submission
but what about guest users ?
same thing !
the problem is that since he is not registered how can he returns to the site and view his "content' ?
the only way we found is to send him an url to the form in the email he receives after the submission
then if the contact form is /contact for example
he can return to HIS form with /contact?id=xxx
there we add a FREE Button with a delete behaviour and a MODIFY workflow restriction so that he can delete his submission if he wants to
the url I wrote (/contact?id=xx) is much too easy to fake !!!
So anyone could easily find and edit the submission of everyone else!
and the GDPR texts explicitely claim that NO IDs linking to personnal datas should be found in the url !!!
there we have a problem :(
So back to the starting point: how can we grant unregistered users the ability to edit his submission ?
rsjoomla writes HERE that the solution is to NEVER store the submissions of unregistered users. it means your contact form would never produce contents
but I find this solution very disturbing
I also tried to generate a random uniq ID (with THIS plugin) in the form, create a Seblod search list that would take this GDPR uniq ID to find the content and display the form.
It works but when the form is displayed the URL is reverted back to a generic url with the content ID !!!
Any idea please ?