id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,focuses 26409,Non-Editors can create (non-hierarchical) terms even though they can't manage_terms,westonruter,,"When a taxonomy is registered, the `$default_caps` are: {{{ 'manage_terms' => 'manage_categories', 'edit_terms' => 'manage_categories', 'delete_terms' => 'manage_categories', 'assign_terms' => 'edit_posts', }}} This should mean that Authors and Contributors should not be able to create new terms because they (normally) do not have the `manage_categories` capability. For hierarchical taxonomies (like categories), the UI for creating new terms is removed from the metabox. However, for non-hierarchical taxonomies (like tags), the UI does not change based on whether the they can `manage_categories` or not: they can still enter arbitrary terms and add them, and when saving the post, the new terms get created. This seems wrong. There should be `current_user_can( $taxonomy->caps->manage_terms )` checks done when saving a post, and the UI should be updated to prevent new terms from seeming to be accepted. The `ajax-tag-search` could be used to determine if the entered tag exists, and only allow it to be added if it does.",defect (bug),new,normal,Future Release,Taxonomy,3.0,normal,,needs-patch,,