diff -u b/core/modules/taxonomy/lib/Drupal/taxonomy/TaxonomyRouteController.php b/core/modules/taxonomy/lib/Drupal/taxonomy/TaxonomyRouteController.php --- b/core/modules/taxonomy/lib/Drupal/taxonomy/TaxonomyRouteController.php +++ b/core/modules/taxonomy/lib/Drupal/taxonomy/TaxonomyRouteController.php @@ -7,6 +7,8 @@ namespace Drupal\taxonomy; +use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; + /** * Controller routines for taxonomy routes. */ @@ -21,6 +23,11 @@ * String with tags to search for. */ public function autocomplete($field_name, $tags_typed = '') { + // @todo Remove once access control is integrated with routing: + // http://drupal.org/node/1793520 + if (!user_access('access content')) { + throw new AccessDeniedHttpException(); + } $taxonomy = new Taxonomy(); return $taxonomy->autocomplete($field_name, $tags_typed); } diff -u b/core/modules/taxonomy/taxonomy.module b/core/modules/taxonomy/taxonomy.module --- b/core/modules/taxonomy/taxonomy.module +++ b/core/modules/taxonomy/taxonomy.module @@ -10,10 +10,6 @@ use Drupal\taxonomy\Plugin\Core\Entity\Vocabulary; use Drupal\Core\Entity\EntityInterface; -use Symfony\Component\HttpFoundation\JsonResponse; -use Symfony\Component\Routing\RouteCollection; -use Symfony\Component\Routing\Route; - /** * Denotes that no term in the vocabulary has a parent. */ diff -u b/core/modules/taxonomy/taxonomy.routing.yml b/core/modules/taxonomy/taxonomy.routing.yml --- b/core/modules/taxonomy/taxonomy.routing.yml +++ b/core/modules/taxonomy/taxonomy.routing.yml @@ -5,2 +4,0 @@ - requirements: - _permission: 'access content'