Taxonomy rewrite

please, let's identify some use cases before we run more queries through the regex and hooks implied by db_qeury_sql. There might be a good reason to do this, but you have to convince us.

Use cases:

- Permissions for taxonomy terms/vocabs, some tables and conditions must be joined for taxonomy queries
- Multilanguage pages/taxonomy (i18n), additional conditions needed also for taxonomy

+1 for being able to put user/role based permissions on vocabularies. I see this as extremely important (can we do menus too?)

This patch has no effect on term/node access.

1. All roles have been given the "access content" permission.
2. I have removed the "all" grant from the node_access table.
3. I have the "Categories" block visible and it is showing the terms and number of nodes which are created.
4. Browsing as an anonymous user I can see the same terms and node count in the categories block that I see as admin.
5. Clicking on a term (/taxonomy/term/2) shows all nodes (and their content) associated with that term. For example, an image node is displayed as a thumbnail and a page node is displayed with the teaser.
6. Clicking on the node title (/node/2) displays a "access denied" message.

Node access is restricted when accessed via node.module but not via taxonomy.module.

Printing out the sql that is generated after the rewrite in taxonomy_term_page(), for example, I don't see any joins added so I guessed that a db_rewrite_sql hook was required for this to be added since the primary in your patch is "tid".

I don't understand if you are saying that this is hard to implement or should be handled in another module. Are you saying that taxonomy_db_rewrite_sql() is required and needs to fire for 'tid' in order to restrict access as I thought?

I'd like to see this patch in core. By running taxonomy queries through db_rewrite_sql() we can achieve two key enhancements:

- access modules can filter out terms to which the current user has no access. this would complete our implemetnation of private forums. jose mentioned this earlier.
- taxonomy node listings and feeds could be filtered by node type using an upcoming simple module which recognizes '&type=event,story' style querystrings as a filter. this will work on taxo lists, home page list, tracker, etc.

there are likely more uses.

+1 for me too. The access functionality that this patch enabled is essential in my opinion and should be in 4.6. Without it, the currently implemented node access functionality is worthless.

I think the final patch should include a db_rewrite_sql hook to complete the functionality though.

+1 from me too. But I would like to see some benchmarking with a database with loads of terms. If someone volunteers I have a DB with approx 300 terms and the same amount of nodes in them. Just give me a private call (berkessels curlythingy gmx dot net) and I might forward it (if i know you ;).

Is this considered for 4.6 or 4.7??

I like it!

this simple change should help us fix the remaining issue with private forums; the dropdown where you pick which forum to post into still shows inaccessible forums.

Committed to HEAD.

I think there are a few more queries that should be rewritten. Patch updated for HEAD.

jose - it would be nice if we had an example of the new rewrites might be used.

Hi,

This is already used by i18n module, and this patch was included as a part of v4.6 of the module. Also, I've just updated i18n-HEAD and you can give it a try.

Committed to HEAD. Thanks.

Can we use this patch on the 4.6 release of taxonomy_access also? Or is this restricted to HEAD versions of the module only?

I am running 4.6.3 stable (not CVS) and would like the features introduced with this patch. If upgrading my site to CVS is the only way to get this functionality (forum restrictions are very important) I will do so. Please advise. Thanks!