Is possible to hide or disable the permissions to create or edit vocabularies?

To make Taxonomy Manager to work i must enable the "Administer vocabularies and terms" permission, but this grant access to my term editor role to create and admin vocabularies. I already use the Taxonomy access control and Vocabulary permissions per role modules without result because TM need "Administer vocabularies and terms" permission.



marioangulo’s picture

Issue tags:+Needs tests
new5.9 KB

Hey, since I was facing the same issue I added my own separate access control permissions for the taxonomy manager module.

RAFA3L’s picture

Thanks! work perfect!

RAFA3L’s picture

Hello, I notice that when I try to expand the root of a vocabulary I get an ajax error...

The page at localhost says:
An AJAX error occurred. Reload the page and check your logs.

And in the log:
Failed to load resource: the server responded with a status of 403 (Forbidden)

ñull’s picture

Status:Active» Needs work

I allow a role to access one vocabulary, still the "switch vocabulary" select box in the right top corner shows all the vocabularies, although when selecting a prohibited vocabulary it will say Access Denied. It would be better though when users can select only their permitted vocabularies to avoid confusion.

Also in core there is already a per vocabulary permission. Can't TM just use these?.

What is more dangerous is the fact that "double tree" allows you to open and manipulate all the vocabularies that you are not supposed to touch.

So it is still far from safe

marioangulo’s picture

Since I still need to work on this for a client I can update my patch next week.

anou’s picture

Since we are "next week" :-), have you manage to update your patch to make it more secure ?

carn1x’s picture

I think Double Tree should also have a separate permission, not just restricted to allowed vocabularies.

lukasss’s picture

Issue summary:View changes

not able to apply your patch

Leeteq’s picture

Version:7.x-1.0-rc2» 7.x-1.x-dev
Priority:Normal» Major