Download & Extend
Taxonomy Access Control » Issues

Move control of create into hook_form_alter() and hook_nodeapi() to prevent numerous problems

Posted by xjm on September 6, 2010 at 3:07pm
Project:Taxonomy Access Control
Version:master
Component:Code
Category:task
Priority:normal
Assigned:Unassigned
Status:needs work

Issue Summary

Currently, the create op is controlled solely in hook_db_rewrite_sql(). This has advantages and disadvantages. Another method would be to use hook_nodeapi() and hook_form_alter().

This would resolve:
#112307: Cannot create node in taxonomy term without create permission for parent term

and avoid problems like:
#881210: No list or create permissions on any terms may result in incorrect use of default on save
#660668: TAC + revisioning: Empty taxonomy term select list on node/add for regular users

There are a couple of disadvantages. One is that FAPI's #access option can only apply to whole form elements, so if the user has access to create some terms in a vocabulary but not others, we still have to override the whole form element. Another is that any form overrides we provide will by default support only the core taxonomy forms, not other modules that alter those forms (like Content Taxonomy).

For these reason, we might want to make this behavior configurable, and possibly release it only in a new branch since it involves major changes to the way create functions.

Original patch is at:
http://drupal.org/files/issues/tac_881210-9.patch

Login or register to post comments

Comments

#1

Posted by xjm on September 6, 2010 at 3:21pm

Also, a hook_update_N() would need to be provided because of #112307: Cannot create node in taxonomy term without create permission for parent term, to prevent an unexpected change in behavior for anyone
who for whatever reason has create checked for a parent term but not its children.

Same patch as above, just renamed for consistency. It applies with an offset currently.

AttachmentSizeStatusTest resultOperations
tac_903522.patch16.88 KBIgnored: Check issue status.NoneNone

#2

Posted by xjm on September 6, 2010 at 3:38pm

See also #202039: Content Taxonomy Autocomplete terms are created twice if role does not have "create" privs for the vocab.
Controlling create in hook_nodeapi might help resolve that issue and other issues with freetag vocabularies:
#198773: Free tag vocabularies do not respect TAC and may cause duplicate term insertion
#676176: Caching in tac_db_rewrite_sql results in duplicate tags for freetaging vocabularies
#114341: Exclude freetagging enabled vocabularies from category permissions page

#3

Posted by xjm on October 21, 2010 at 3:39pm

See also #308682: Cooperation with Clone/Revisioning/... module. We need to address that case somehow as well.

#4

Posted by xjm on October 21, 2010 at 3:43pm

See also:
http://drupal.org/node/112307#comment-3410204
http://drupal.org/node/881210#comment-3411118

#5

Posted by xjm on March 8, 2011 at 7:03pm

Related bug: #1078808: Non-multiple, required vocabulary: Update without Create forces node to be tagged with an extra term

nobody click here