I'm using the 'Term_access' module to create permissions between a user and content based on a shared taxonomy term.
For instance, if I have a 'media' taxonomy with 'TV', 'Movies', 'Music', and 'Books' in it, and I assign 'Books' to a user, that user will only have permissions to edit content with 'Books' selected using the same taxonomy vocab. That's set up, working, etc. The *problem* is that when a user is *creating* or *editing* content, they have the ability to change the taxonomy term to something they don't have permission to edit. What I'd like to do is either find a more 'robust' module that takes this into account, or alternatively alter the content create/edit form to remove the terms that the user doesn't have permission to create/edit.
Any thoughts on how best to achieve this? Thanks!
Comments
So it turns out that Access
So it turns out that Access by Terms module had the exact same issue, where users appeared to be able to mark content with taxonomy that they weren't themselves marked with. I created a custom module and used hook_alter_form on the node creation/edit form to replace the 'full' list of taxonomy terms with the list the user account was configured with.