If you select the option “Tags can be used by everyone”, it causes only staff to be able to access the tag.
To reproduce, create a tag group with some tags. Edit the tag group and set “Tags are visible only to staff”. Then edit it again and set “Tags can be used by everyone”.
The cause of this appears to be a conflict in the way the DiscourseTagging module and TagGroup record handle everyone having full access.
When update is called on TagGroup with “Parameters {“everyone”=>1}”, it sets the new tag_group_permissions entries to be empty (resolve_permissions). This results in there no longer being any tag_group_permission entries for this tag_group.
When DiscourseTagging is querying for hidden tag_groups, it looks for all tag_groups that do not have a permission entry for everyone.
Yes, I can repro this on try. Repro steps above are correct:
Create a tag group with some tags.
Edit the tag group and set “Tags are visible only to staff”.
Edit it again and set “Tags can be used by everyone”.
Non staff users cannot see the tags in this group at /tags, and attempts to create topics with the tags fails with The tag "tag_name" may only be applied by staff.
This was a tricky issue to debug. It was happening because once the radio button was selected → deselected → selected, the change in property was not triggering. I verified that this issue was also affecting radio buttons on /admin/api/web_hooks/new. Created a PR for it: