As some may have noticed the Tags module in 7.7.x can be locked down via ACL but users whose Roles deny them Edit permissions on that module can still create tags. I am told this is as intended in the design.
What if you want to avoid tag overload and control WHO can create new tags while allowing everyone to use those tags? Simple: set your permissions in ACL, and enforce them in the tag field type by extending it.
Note the if statement added at the comment line: //CUSTOM: check ACL
custom/clients/base/fields/tag/tag.js
({
extendsFrom: 'TagField',
initialize: function(options) {
this._super('initialize', [options]);
},
_createSearchChoice: function(term, results) {
this._super('_createSearchChoice', [term, results]);
// If tag is for filter, don't allow new choices to be selected
if (this.view.action === 'filter-rows') {
return false;
}
// Trim up the term for sanity sake
term = $.trim(term);
// Check previously found results to see tag exists with different casing
if (results && results.length) {
if (_.find(results, function(tag) {
return tag.text.toLowerCase() === term.toLowerCase();
})) {
return false;
}
}
// Check if input is empty after trim
if (term === '') {
return false;
}
// Check for existence amongst tags that exist but haven't been saved yet
if (this.checkExistingTags(term)) {
return false;
}
//CUSTOM: check ACL
if(app.acl.hasAccess('edit','Tags')){
return {
id: term,
text: term + ' ' + app.lang.get('LBL_TAG_NEW_TAG'),
locked: false,
newTag: true
};
}else{
return false;
}
},
})
hope you find this useful.
FrancescaS