Custom permissions for books #202

Closed
opened 2026-02-04 17:37:54 +03:00 by OVERLORD · 7 comments
Owner

Originally created by @Hauptquartier on GitHub (Nov 14, 2016).

Are you planning a feature where you can set permissions for each books ?
It would be nice, when not all users can see a book, but choosen one!

Originally created by @Hauptquartier on GitHub (Nov 14, 2016). Are you planning a feature where you can set permissions for each books ? It would be nice, when not all users can see a book, but choosen one!
Author
Owner

@ssddanbrown commented on GitHub (Nov 15, 2016):

@Hauptquartier At the moment you can control access to individual books, chapters & pages via the 'Permissions' page found when clicking the dropdown at the top right when viewing any book, chapter or page.

Are these the permissions you wanted or did you want something different?

@ssddanbrown commented on GitHub (Nov 15, 2016): @Hauptquartier At the moment you can control access to individual books, chapters & pages via the 'Permissions' page found when clicking the dropdown at the top right when viewing any book, chapter or page. Are these the permissions you wanted or did you want something different?
Author
Owner

@mcblum commented on GitHub (Mar 26, 2018):

So interestingly I was able to set custom permissions for the chapter, but I'm seeing some weird behavior. We have a book called Client Data and a chapter called Client A. The user should not be able to view all chapters in Client Data, just the client information they need, in this case Client A. Setting view update create for that user's permissions does not allow them to list all pages in a chapter nor create a new page in that chapter. Any idea what might be happening?

@mcblum commented on GitHub (Mar 26, 2018): So interestingly I was able to set custom permissions for the chapter, but I'm seeing some weird behavior. We have a book called `Client Data` and a chapter called `Client A`. The user should not be able to view all chapters in `Client Data`, just the client information they need, in this case `Client A`. Setting `view update create` for that user's permissions does not allow them to list all pages in a chapter nor create a new page in that chapter. Any idea what might be happening?
Author
Owner

@Abijeet commented on GitHub (Mar 26, 2018):

@mcblum - As I understand you want a particular user to not be able to see the book - Book A but see the chapter under it Chapter 1.

For this you'll need to enable custom permission for the book itself. Then enable custom permission for the Chapter 1, and give the group that the user belongs to permission to view / update / create etc.

Can you confirm that, that is what you want?

@Abijeet commented on GitHub (Mar 26, 2018): @mcblum - As I understand you want a particular user to not be able to see the book - Book A but see the chapter under it Chapter 1. For this you'll need to enable custom permission for the book itself. Then enable custom permission for the Chapter 1, and give the group that the user belongs to permission to view / update / create etc. Can you confirm that, that is what you want?
Author
Owner

@mcblum commented on GitHub (Mar 26, 2018):

That is exactly correct. The user should be able to see the chapter and list its contents, but they should not be able to list all chapters in the book. I did enable custom permissions for the book itself, but if I set their user to be able to view that means they are able to view all other chapters. I also set the chapter permissions you mentioned and those appear to be working correctly.

@mcblum commented on GitHub (Mar 26, 2018): That is exactly correct. The user should be able to see the chapter and list its contents, but they should not be able to list all chapters in the book. I did enable custom permissions for the book itself, but if I set their user to be able to view that means they are able to view all other chapters. I also set the chapter permissions you mentioned and those appear to be working correctly.
Author
Owner

@ssddanbrown commented on GitHub (Mar 26, 2018):

@mcblum Permissions from books 'trickle-down' to child entities so view permissions will apply to child items unless they have their own permission set.

You could either remove 'view' permission from the book or set permission on the other chapters.

If removing book 'view' permissions' users will still be able to go straight to the chapter and it's pages or find it via search but it does mean the book name itself will be hidden.

@ssddanbrown commented on GitHub (Mar 26, 2018): @mcblum Permissions from books 'trickle-down' to child entities so view permissions will apply to child items unless they have their own permission set. You could either remove 'view' permission from the book or set permission on the other chapters. If removing book 'view' permissions' users will still be able to go straight to the chapter and it's pages or find it via search but it does mean the book name itself will be hidden.
Author
Owner

@dsp76 commented on GitHub (Jan 3, 2023):

@ssddanbrown in permissions that would be via roles? So each client gets another new role assigned? I didn't see user based permissions, only roles. Are there user groups?

@dsp76 commented on GitHub (Jan 3, 2023): @ssddanbrown in permissions that would be via roles? So each client gets another new role assigned? I didn't see user based permissions, only roles. Are there user groups?
Author
Owner

@ssddanbrown commented on GitHub (Jan 4, 2023):

@dsp76 Currently roles are only really role-based. You can though create user-specific roles if you really needed.
I've started user-specific content permissions as part of #3908 intended for the next release.

@ssddanbrown commented on GitHub (Jan 4, 2023): @dsp76 Currently roles are only really role-based. You can though create user-specific roles if you really needed. I've started user-specific content permissions as part of #3908 intended for the next release.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#202