Delete permission not used anywhere

you can delete what you publish, no matter.

If other modules aren't checking node_access before deleting, that should be taken up with their modules. I haven't tried it, myself.

Also, this module doesn't give users automatic access to delete items they create, if they hardcoded this in core I don't know, as I haven't tried it, but this module doesn't give them access if nothing else does. Most forums of any decent size don't allow users to delete their own posts, for instance.

Update acts as the create permission, however taxonomy.module only checks the view permission when creating the user form for selecting categories. So if they have view, they can see them for selection in the category select form, but they can't put anything there.

Oh, I'll have to take a look at that. I'm adding a "create" permission, so when I do that I'll fix this to check that new permission in every instance. Thanks for catching it.

Check to see if this is fixed in CVS. Basically there are two places the permission this is checked now. In the taxonomy select form that you get under "create content" and in taxonomy_node_save.

This way, the user using create content (or quickpost, another module of mine) won't even see the categories to post to, and if there's some module out there that's not checking with taxonomy_access before letting users post to a category (such as forum.module), then the node won't actually end up in the category. I think this is the behavior you're describing with the forums, in which case you do need to talk to the forum.module guys to see if they can add taxonomy_access support to their "Submit Forum Topic" page. Really they just need to check with taxonomy_access's new "create" permission before outputting the "Post new forum topic" link.