Tags in article edit screen administrator does not respect view access set on tag

[Romkabouter]

Steps to reproduce the issue

Create a TAG in the Tags component, set the access to Super Users
Login in as a manager or another user not in Super User group
Create new article and select Tags

Expected result

The tag with view access Super Users is not visible

Actual result

All tags visible, regardless of access set in Tag component

System information (as much as possible)

The function getOptions() in libraries/cms/form/field/tag.php does not check the group and access of a tag, whereas the model in components/com_tags/models/tags.php does.

Additional comments

[RonakParmar]

I have created tag having "Super Users" access level and do login at front-side using registered user account.
Give permission to registered user to create and edit own article.
In "Tags" drop-down I can see "Super Users" tag and I can select it.

System Information:
Joomla! Version: Joomla! 3.4.5 Stable [ Ember ] 22-October-2015 21:30 GMT
Joomla! Platform Version: Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
PHP Version: 5.5.30-1+deb.sury.orgprecise+1
System Linux desktop 3.5.0-54-generic #81precise1-Ubuntu SMP Tue Jul 15 04:02:22 UTC 2014 x86_64

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8569.}

[Romkabouter]

Hi Ronak, that is exactly the problem.
You should not be able to select a tag with view access Super User, because the registered user does not belong to the group / access level.
I can see you have voted that you do not experience this issue, but to my opnion, you do.

Am I incorrectly describing the issue?

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8569.}

[RonakParmar]

Hi Romkabouter, Where I can see my given vote?

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8569.}

[ggppdk]

Hello

i think, there is no bug in this behaviour, but maybe i am wrong

• view access level <> create ACL permission

view access level is used

• to decide which tags to show to frontend user
• and but also it is used for listing them in backend (about this behaviour it is another discussion)
• other ?

Look at the categories

• by your logic the view access level should be used for assigning categories to articles, instead of using the create ACL

I am guessing, you could make a feature request for adding: create ACL to the tags ?

• but this would be a little heavy for sites with 2,000 or 20,000 different tags ?

Or you could ask that view access is used for assigning tags, but (i think) this is inconsistent with the purpose of view access

[Romkabouter]

Hi,

Thanks for your reply.
I understand your point of view and it could well be a correct behavior.
My point is exactly your point 2 when access level is used.
When a user creates an article, the tag field shows all tags. I believe it should only show the tags to which to user has view access, just like in the frontend for showing the tags.

Using your categories point of view: You can not assign a (new) article to a category you do not have view access to. That category will not be visible in the dropdown.
So why should a user be able to add a tag he/she has no view access to, to a (new) article?
That user cannot view the tag in the frontend when logged in.
There already is ACL on tags, so no problems there.

Thanks

[ghost]

@Romkabouter my opinion is like your. What mean UX, @cpfeifer?

[AlexRed]

I can confirm in Joomla! 3.7.0-staging

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/8569.}

[zero-24]

PR is done: #15467 please test.

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/8569.}

[zero-24]

I have reopend here because my PR did not fixed the issue.

[zero-24]

New PR is #16173 thanks @ggppdk