HOW TO: enforce ACL on Tags

Document created by Francesca Shiekh on Jan 4, 2017
Version 1Show Document
  • View in full screen mode

As some may have noticed the Tags module in 7.7.x can be locked down via ACL but users whose Roles deny them Edit permissions on that module can still create tags. I am told this is as intended in the design.


What if you want to avoid tag overload and control WHO can create new tags while allowing everyone to use those tags? Simple: set your permissions in ACL, and enforce them in the tag field type by extending it.


Note the if statement added at the comment line: //CUSTOM: check ACL



    extendsFrom: 'TagField',
    initialize: function(options) {
        this._super('initialize', [options]);
    _createSearchChoice: function(term, results) {
        this._super('_createSearchChoice', [term, results]);
        // If tag is for filter, don't allow new choices to be selected
        if (this.view.action === 'filter-rows') {
            return false;

        // Trim up the term for sanity sake
        term = $.trim(term);

        // Check previously found results to see tag exists with different casing
        if (results && results.length) {
            if (_.find(results, function(tag) {
                return tag.text.toLowerCase() === term.toLowerCase();
            })) {
                return false;

        // Check if input is empty after trim
        if (term === '') {
            return false;

        // Check for existence amongst tags that exist but haven't been saved yet
        if (this.checkExistingTags(term)) {
            return false;
        //CUSTOM: check ACL
          return {
            id: term,
            text: term + ' ' + app.lang.get('LBL_TAG_NEW_TAG'),
            locked: false,
            newTag: true
          return false;


 hope you find this useful.


1 person found this helpful