Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
granting permissions per vocabulary does not seem to work. It seems to be an all or none proposition. Is this a (critical) bug or I am missing something very obvious?
Comments
Comment #1
rschwab CreditAttribution: rschwab commentedI think this is just how core works. Have you tried looking for a contributed module for more fine grained taxonomy permissions?
Or do you mean that if you grant permissions to edit/delete vocabulary X, all vocabularies can be edited deleted?
Comment #2
spinoza_gl CreditAttribution: spinoza_gl commentedThanks.
edit/delete by itself does not grant any permissions unless "Administer vocabularies and terms" permission is granted. When that permission is granted, it allows edit/delete on all vocabularies regardless of individual vocabulary permissions. If this is how core is supposed to work then I am trying to figure out the point of a user interface for edit/delete on each vocabulary?
No, I haven't been able to find a module for a more fine-grained vocabulary permissions.
Comment #3
rschwab CreditAttribution: rschwab commentedI see. That doesn't seem right at all, and I'm probably overlooking something too but I'm having trouble getting taxonomy to work at all even with uid 1.
Comment #4
spinoza_gl CreditAttribution: spinoza_gl commentedNo it doesn't. It seems to be a seriously misleading UI to show permissions per vocabulary and then not implement it, if that is indeed the case. I would still like to believe that I am missing something here.
If you are logged in as an administrator, you should be able to edit/delete/add vocabularies regardless of being assigned that permission in the Permissions page. That is another confusing UI, if that is how it is supposed to work.
Comment #5
spinoza_gl CreditAttribution: spinoza_gl commentedComment #6
Les LimThe "Administer vocabularies and terms" permission works similarly to the "Administer content" permission, in that it grants full permissions across all vocabularies without having to check each individual box. It also allows access to the administration interface at admin/structure/taxonomy.
The individual taxonomy permissions do not allow access to the administration page (admin/structure/taxonomy). Instead, they are intended to control permissions for individual term pages (i.e., taxonomy/term/3). These permissions are working as described.
Comment #7
spinoza_gl CreditAttribution: spinoza_gl commentedYou can give permission to add/edit/delete per content type but you cannot assign permission to add/edit/delete per vocabulary. You can only edit/delete per term
Permissions can be granted on per content type without granting the "Administer content" permission. I gave permissions on content types x, y, etc., to a particular role without granting the general "administer content" permission to this role, and it works as expected. The said role can perform actions on content types x, y without needing the general "Administer content" permission.
However, with vocabularies, that is not the case. In order to edit/delete any vocabulary, the "Administer vocabularies and terms" permission needs to be granted. Granting that permission enables edit/delete on all vocabularies.
FYI, taxonomy permissions do not appear to control permission for individual term pages as you say. My role 'x' has no permissions on taxonomy term 7 for e.g. and it still has access to taxonomy/term/7 and can successfully edit that term. Is that a bug? It seems to be.strike that: "Administer vocabularies and terms" was still enabled for that role. So that is correct as you say.
I am only trying to allow certain roles to add terms to a few select vocabularies, just as I have been able to assign permissions to add only a few select content types. That is not possible, it seems to me, with the way the vocabulary permissions are currently structured. Not without writing a separate module: my next task.
Thanks for your input.
Comment #8
catchLes Lim explained it correctly, I'll try again though:
The behaviour is that when you grant access to individual vocabularies, that gives you access to edit/delete the terms in that vocabulary via taxonomy/term/n/edit pages.
You can not edit/delete the vocabulary itself - i.e. the container that is listed at admin/structure/taxonomy/foo
However this is exactly the same as node type permissions. If you give users access to edit $type permission, they can't get to admin/structure/types either - they can only edit individual nodes of that type.
Comment #9
Les LimMarking as fixed, per #7.
Comment #10
spinoza_gl CreditAttribution: spinoza_gl commentedI see what Les Lim and you are saying. For node types, I can give permission to add nodes for few node types only. I cannot give permission to add terms only to a few vocabularies. Thanks for your input.
Comment #11
spinoza_gl CreditAttribution: spinoza_gl commentedgetting caught between replies, sorry. What is missing then is "Create new terms for x" as in vocabulary x similar to content: Create new content".
"fixed" I suppose.
Comment #12
spinoza_gl CreditAttribution: spinoza_gl commentedComment #13
rschwab CreditAttribution: rschwab commentedYou should be able to find a contributed module to do what you need, spinoza. Its one of the great parts about Drupal afterall. Here is a list of modules related to permissions for taxonomy terms
Comment #14
rschwab CreditAttribution: rschwab commenteddoh! I didn't mean to do that...
Comment #15
catchAhh, now I get the issue. The initial patch that added delete/edit permissions added a create permission to, but this went in just before code freeze, and there wasn't time to properly resolve create permissions (needs to handle autocomplete, other widgets don't have any way of adding terms - you can read the background at #340652: Edit/delete terms permission per vocabulary.
It would be worth posting a 'task' against Drupal 8 to add create permissions per vocabulary too. Also nothing stops contributed Drupal 7 modules providing field widgets that allow adding of terms, and exposing permissions for that.
Comment #16
spinoza_gl CreditAttribution: spinoza_gl commentedThanks. I will look into this before I roll my own.
Comment #17
johnvThe permission 'Administer vocabularies and terms' should be split in 'Administer vocabularies' and 'Administer terms', just as the Node system contains both 'Administer content types' and 'Administer content'.
The 'Administer terms' can then be set per Vcabulary with the existing Edit/Delete permissions.
This way a developer can design the Vocabularies, and the site maintainer can create/edit/rearrange the terms.
The big change between D6 and D7 regarding this issue, is that Vocabularies are now Fieldable. In D6, There was no difference between maintaining Voc's or terms', in D7 is.
According to catch's post #15, the permission system is not complete, so the design of that feature should be amended.
I'll set this to an active bug report, perhaps someone will set it to 'feature request'.
(I didn't find a proper D7 module either)
Comment #18
marcingy CreditAttribution: marcingy commentedComment #19
mrfelton CreditAttribution: mrfelton commented+1 for this. Whilst granting the edit/delete terms permission does give the ability to edit and delete existing terms, it doesn't let you add new ones. Also, there is no easy way to get to the edit/delete term pages unless you have the administer vocabularies permission since you can't access the admin page that lists the vocabularies.
Comment #20
mrfelton CreditAttribution: mrfelton commentedSo, what should the full set of permissions be? I'm thinking following in the light of node.module:
Bypass taxonomy access control
View, edit and delete all vocabularies and terms regardless of permission restrictions. Warning: Give to trusted roles only; this permission has security implications.
Administer vocabularies
Warning: Give to trusted roles only; this permission has security implications.
Administer terms
Warning: Give to trusted roles only; this permission has security implications.
Access the taxonomy overview page
Vocab 1: Create new terms
Vocab 1: Edit terms
Vocab 1: Delete terms
Vocab x: Create new terms
Vocab x: Edit terms
Vocab x: Delete terms
The only one I'm not sure about is Administer terms - presumably it would grant the ability yo create edit and delete terms for any vocabulary? would that have security implications?
Comment #21
Cyberwolf CreditAttribution: Cyberwolf commentedSubscribing.
Comment #22
catchThere's a tab on taxonomy/term pages for editing/deleting terms. I think there are use cases for letting people create new terms via field widgets (autocomplete or select + create). So ideally we want those permissions to make sense without admin permissions - same as they do for nodes now.
Comment #23
likewhoa CreditAttribution: likewhoa commented+1 on separation of vocabulary and term permissions, also subscribing.
Comment #24
droplet CreditAttribution: droplet commented+1
Comment #26
candelas CreditAttribution: candelas commented+1 :)
and thanks!
Comment #27
giorgio79 CreditAttribution: giorgio79 commentedIn addition to #20 I would love to see more granular vocabulary permissions as well:
Administer vocabularies
Create Vocabularies
Edit Vocabularies
Edit Own Vocabularies
Delete Vocabularies
Delete Own Vocabularies
Administer Terms in Vocabularies
Comment #28
awm CreditAttribution: awm commentedsubscribing
Comment #29
moskito CreditAttribution: moskito commentedsubscribing
Comment #30
xjm@moskito, you don't need to "subscribe" anymore. There is a green "Follow" button in the upper-right corner of the issue that you can click.
Comment #31
kristiaanvandeneyndeWould love to see this implemented as well.
A combination of #20 and #27 seems great.
Comment #32
Encarte CreditAttribution: Encarte commented#27 seems complicated since terms and vocabularies, unlike nodes, don't have «owners». But #20 is really important, specially the Create new terms permission.
It's strange that you need to give the «Administer vocabularies and terms» permission (which includes adding and removing fields) in order to just allow adding a new term. IMHO, this particular aspect is a major problem.
Comment #33
mrfelton CreditAttribution: mrfelton commentedWe definitely need to get this in core, but those that need this right now in D7 might want to checkout out Taxonomy Access Fix
Comment #34
hibersh CreditAttribution: hibersh commented#33 works well
It will be great to gotta this in 8.x
Comment #35
tim.plunkettI wouldn't say this is major.
Comment #36
lpalgarvio CreditAttribution: lpalgarvio commentedagree with #20.
can this be fixed for 7.x or just for 8.x?
interesting module (adds create term per vocab permission and fixes access on taxonomy page):
http://drupal.org/project/taxonomy_access_fix
Comment #37
ParisLiakos CreditAttribution: ParisLiakos commentedmight be duplicate of #1848686: Add a dedicated permission to access the term overview page (without 'administer taxonomy' permission)
there is a patch there
Comment #38
rschwab CreditAttribution: rschwab commentedYep, its the same issue, but more progress over there. I'm gonna mark this duplicate and note it on that issue.