The Term Permissions module does a very good job limiting specific taxonomy terms a user can apply to a node upon when it is created.
BUT, once the node is created, anyone with permission to edit/delete that node can.
Also, if a user without terms permission edits and saves a node that has those terms applied, those terms will be removed from the node.
(I hope this was clear)

Depending on how you implement this module, this issue might be a security risk.

I realize this feature request is not a small or trivial one. It could take a lot of time and effort to implement, if ever. But I think it makes a lot of sense.

Comments

deviantintegral’s picture

deviantintegral commented

If the permissions are only applying on the node add form, and not the edit form, that's a bug. Is this happening to you?

Removing terms from a node is "by design" at this point... but preserving the state of hidden terms does make some sense. So anyone wanting to submit a patch is welcome to :)

dokuf’s picture

dokuf commented

I also expected taxonomy terms permissions to be able to prevent 'unauthorized' users to change nodes that have taxonomy terms assigned they have no permission for. That was one of the main reasons I installed this module.

If this feature is not available is there another module that would do something like that?