#298440 by Moonshine and KarenS: move form permission checking to content_field_form() and don't call hook_widget for users w/out permission.