According to the README.txt: Permissions by Term module additionally disallows users to select taxonomy terms, for which they don't have access, on the node edit form. This seems to not be working.
My node contains one field_secured_areas field, labeled "Visibility", which references a vocabulary called "Secured Areas". This vocabulary contains two terms:
- "Visible to members only", with allowed role Authenticated user.
- "Visible to staff only", with allowed roles Staff and Administrator.
When an Authenticated User (who is neither Staff nor Administrator) creates content, the form shows three options for the Visibility field:
- N/A
- Visible to members only
- Visible to staff only
The user is able to select "Visible to staff only", and thereby create content that he does not have permission to view.
I am a Drupal beginner, and I apologize if I'm misunderstanding something. Let me know if you need additional information.
FYI, I have also installed view_unpublished 8.x-1.x-dev, but I don't think that should be affecting what I see here.
Comments
Comment #2
Peter MajmeskuThanks for your detailed description. I'm currently working on automated tests to cover regressions. I will definitely write a test for your case and fix it.
Comment #4
BORANBURCIN CreditAttribution: BORANBURCIN commentedI have same problem at Drupal 7
Comment #5
maxilein CreditAttribution: maxilein commentedHi Stefan,
super Module! I have long waited for something like this. This is essential to a CMS and should be a standard Drupal mechanism in my opinion!!
Especially this feature which combines transparent access rights with easy configuration!!!
I am waiting on this, too.
Use Case: Consider this scenario:
Inside of a Company the taxonomy represents the organizational hierarchy in departments.
Company
|_ Dep1
|_ Dep2
Some users are members of only one department.
Would it be possible to create a mechanism which - during content creation - checks if a user is member of only one term and then autopopulate the secured_areas field with ths one term reference?
I cannot thank you enough for this module!
R,
Max
PS: Forgot to mention: excellent dokumentation also - much better than most modules!
Comment #6
jonnyhocks CreditAttribution: jonnyhocks commentedI am also experiencing this issue. We have a front facing node creation/edit form and non 'administrator' users are able to see and select a taxonomy term which has had an 'administrator' role tagged to it.
Comment #7
Peter MajmeskuGuys, thank you for your feedback, compliments and so on. Very motivating - your appreciation is a very important element for community built software.
I will dig again into debugging this issue this week. I had no time recently.
Comment #11
Peter MajmeskuUsers cannot use restricted terms anymore. They are also not appearing by the auto-complete list. Furthermore there is not needed to define 1 field (field_secured_areas) for the access restriction anymore. Every taxonomy term can have access restriction. Beside this I have fixed a few coding standard violations.
Please test the latest dev-version and give me feedback if everything works.
Comment #12
Peter Majmesku@maxilein: Your feature request is too much specific to a single use case. Please build it on top of the module. I will not ship this feature with the Permissions by Term module.
Comment #13
Peter MajmeskuClosing this issue, since it is fixed.