Test hook_update_N

I was looking at the patch and, at a glance, it looks like it adds all view permissions to all roles for all vocabularies. Two suggestions.

It might be better if it only assigned these permissions to anonymous and authenticated. This way if you have a lot of roles, you don't have to uncheck a million things.

Also, since this was already released, it is possible that people will have started relying on these permissions. If so, granting these permissions unexpectedly would be a security problem. This wouldn't be a perfect solution, but a slightly better compromise might be to scan and see if any of the new permissions were granted. If they are, assume the site owner has already handled things and don't change their permissions.

It's probably not that big a deal since the change has only been out two weeks.

+1 To this.

If before the terms were visible and now they require a permission then the new permission should be granted by default to keep the backward compatibility.

I'm going to move this to critical because this makes to all the taxonomy term pages stop working.

This bit me also.

Note that manually adding the permissions does fix it... but anyone finding this issue has probably already figured that out.

From my POV, hook_update should check if user have access to view content on site.
Because I see it gave access to view terms to "Blocked user" role, which is not critical because core access check will not allow it. But anyway not very logical.

Also if you gonna add this update to next release, you may override permissions for those projects who already installed current release and fixed permissions manually.

Thanks everyone. As @tarasich correctly points out in #7, unfortunately, we can't release an update hook for this kind of change after the change has been released. That's why we basically reverted this for the security release today and instead print a message now asking users to manually adjust their permissions. Next time, we have to remember to add the hook at the same time as we make the permission change, than it would not have been a problem. I'm closing this as fixed anyway, so that you will get credit for your contribution.