mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-07-18 13:43:51 +03:00
Custom permissions for books #202
Closed
opened 2026-02-04 17:37:54 +03:00 by OVERLORD
·
7 comments
No Branch/Tag Specified
development
l10n_development
release
snyk-action
ci_and_static
mfa_key
phpstan_june26
MilnerMart/development
GamerClassN7/impersonations-for-admin
Zhey-on/feature/csp-image-css-controls-6033
tortillas5/development
llm_only
vectors
McTom234/oidc-key-algorithms
captcha_example
v26.05.2
v26.05.1
v26.05
v26.03.5
v26.03.4
v26.03.3
v26.03.2
v26.03.1
v26.03
v25.12.9
v25.12.8
v25.12.7
v25.12.6
v25.12.5
v25.12.4
v25.12.3
v25.12.2
v25.12.1
v25.12
v25.11.6
v25.11.5
v25.11.4
v24.11.4
v25.11.3
v25.11.2
v25.11.1
v25.11
v25.07.3
v25.07.2
v25.07.1
v25.07
v25.05.2
v25.05.1
v25.05
v25.02.5
v25.02.4
v25.02.3
v25.02.2
v25.02.1
v25.02
v24.12.1
v24.12
v24.10.3
v24.10.2
v24.10.1
v24.10
v24.05.4
v24.05.3
v24.05.2
v24.05.1
v24.05
v24.02.3
v24.02.2
v24.02.1
v24.02
v23.12.3
v23.12.2
v23.12.1
v23.12
v23.10.4
v23.10.3
v23.10.2
v23.10.1
v23.10
v23.08.3
v23.08.2
v23.08.1
v23.08
v23.06.2
v23.06.1
v23.06
v23.05.2
v23.05.1
v23.05
v23.02.3
v23.02.2
v23.02.1
v23.02
v23.01.1
v23.01
v22.11.1
v22.11
v22.10.2
v22.10.1
v22.10
v22.09.1
v22.09
v22.07.3
v22.07.2
v22.07.1
v22.07
v22.06.2
v22.06.1
v22.06
v22.04.2
v22.04.1
v22.04
v22.03.1
v22.03
v22.02.3
v22.02.2
v22.02.1
v22.02
v21.12.5
v21.12.4
v21.12.3
v21.12.2
v21.12.1
v21.12
v21.11.3
v21.11.2
v21.11.1
v21.11
v21.10.3
v21.10.2
v21.10.1
v21.10
v21.08.6
v21.08.5
v21.08.4
v21.08.3
v21.08.2
v21.08.1
v21.08
v21.05.4
v21.05.3
v21.05.2
v21.05.1
v21.05
v21.04.6
v21.04.5
v21.04.4
v21.04.3
v21.04.2
v21.04.1
v21.04
v0.31.8
v0.31.7
v0.31.6
v0.31.5
v0.31.4
v0.31.3
v0.31.2
v0.31.1
v0.31.0
v0.30.7
v0.30.6
v0.30.5
v0.30.4
v0.30.3
v0.30.2
v0.30.1
v0.30.0
v0.29.3
v0.29.2
v0.29.1
v0.29.0
v0.28.3
v0.28.2
v0.28.1
v0.28.0
v0.27.5
v0.27.4
v0.27.3
v0.27.2
v0.27.1
v0.27
v0.26.4
v0.26.3
v0.26.2
v0.26.1
v0.26.0
v0.25.5
v0.25.4
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.3
v0.24.2
v0.24.1
v0.24.0
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.3
v0.20.2
v0.20.1
v0.20.0
v0.19.0
v0.18.5
v0.18.4
v0.18.3
v0.18.2
v0.18.1
v0.18.0
v0.17.4
v0.17.3
v0.17.2
v0.17.1
v0.17.0
v0.16.3
v0.16.2
v0.16.1
v0.16.0
v0.15.3
v0.15.2
v0.15.1
v0.15.0
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.13.1
v0.13.0
v0.12.2
v0.12.1
v0.12.0
v0.11.2
v0.11.1
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.2
v0.8.1
v0.8.0
v0.7.6
v0.7.5
v0.7.4
v0.7.3
0.7.2
v.0.7.1
v0.7.0
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.0
Labels
Clear labels
🎨 Design
📖 Docs Update
🐛 Bug
🐛 Bug
:cat2:🐈 Possible duplicate
💿 Database
☕ Open to discussion
💻 Front-End
🐕 Support
🚪 Authentication
🌍 Translations
🔌 API Task
🏭 Back-End
⛲ Upstream
🔨 Feature Request
🛠️ Enhancement
🛠️ Enhancement
🛠️ Enhancement
❤️ Happy feedback
🔒 Security
🔍 Pending Validation
💆 UX
📝 WYSIWYG Editor
🌔 Out of scope
🔩 API Request
:octocat: Admin/Meta
🖌️ View Customization
❓ Question
🚀 Priority
🛡️ Blocked
🚚 Export System
♿ A11y
🔧 Maintenance
> Markdown Editor
pull-request
Mirrored from GitHub Pull Request
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: starred/BookStack#202
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @Hauptquartier on GitHub (Nov 14, 2016).
Are you planning a feature where you can set permissions for each books ?
It would be nice, when not all users can see a book, but choosen one!
@ssddanbrown commented on GitHub (Nov 15, 2016):
@Hauptquartier At the moment you can control access to individual books, chapters & pages via the 'Permissions' page found when clicking the dropdown at the top right when viewing any book, chapter or page.
Are these the permissions you wanted or did you want something different?
@mcblum commented on GitHub (Mar 26, 2018):
So interestingly I was able to set custom permissions for the chapter, but I'm seeing some weird behavior. We have a book called
Client Dataand a chapter calledClient A. The user should not be able to view all chapters inClient Data, just the client information they need, in this caseClient A. Settingview update createfor that user's permissions does not allow them to list all pages in a chapter nor create a new page in that chapter. Any idea what might be happening?@Abijeet commented on GitHub (Mar 26, 2018):
@mcblum - As I understand you want a particular user to not be able to see the book - Book A but see the chapter under it Chapter 1.
For this you'll need to enable custom permission for the book itself. Then enable custom permission for the Chapter 1, and give the group that the user belongs to permission to view / update / create etc.
Can you confirm that, that is what you want?
@mcblum commented on GitHub (Mar 26, 2018):
That is exactly correct. The user should be able to see the chapter and list its contents, but they should not be able to list all chapters in the book. I did enable custom permissions for the book itself, but if I set their user to be able to view that means they are able to view all other chapters. I also set the chapter permissions you mentioned and those appear to be working correctly.
@ssddanbrown commented on GitHub (Mar 26, 2018):
@mcblum Permissions from books 'trickle-down' to child entities so view permissions will apply to child items unless they have their own permission set.
You could either remove 'view' permission from the book or set permission on the other chapters.
If removing book 'view' permissions' users will still be able to go straight to the chapter and it's pages or find it via search but it does mean the book name itself will be hidden.
@dsp76 commented on GitHub (Jan 3, 2023):
@ssddanbrown in permissions that would be via roles? So each client gets another new role assigned? I didn't see user based permissions, only roles. Are there user groups?
@ssddanbrown commented on GitHub (Jan 4, 2023):
@dsp76 Currently roles are only really role-based. You can though create user-specific roles if you really needed.
I've started user-specific content permissions as part of #3908 intended for the next release.