starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-02-08 19:06:06 +03:00
Code Issues 784 Packages Projects Releases 10 Wiki Activity

'Create' Shelf Permissions not overriding group permissions #3869

New Issue
Closed
opened 2026-02-05 07:43:45 +03:00 by OVERLORD · 1 comment
OVERLORD commented 2026-02-05 07:43:45 +03:00
Owner
Copy Link

Originally created by @scwheele on GitHub (Jun 20, 2023).

Describe the Bug

When giving a user Create permissions on a shelf, the user is not able to create a new book. I'm trying to disallow users from creating books in shelves that do not belong to them. Unless I give them general "create book" permissions, they can't create any books at all.

The issue with giving the role create book permissions is that the user is able to create books in shelves that should be viewed, but only edited by the owning team.

Steps to Reproduce

  1. Create a role with no "create book" permissions
  2. Create a shelf and assign an override for that role with "create" permissions
  3. Create book button is missing from the shelf view

Expected Behaviour

The New Book option should be available to users when they have the "create" override on a shelf.

Screenshots or Additional Context

No response

Browser Details

No response

Exact BookStack Version

v23.05.2

PHP Version

8.2

Hosting Environment

Basic Azure App Service with a managed Azure MySQL database.

Originally created by @scwheele on GitHub (Jun 20, 2023). ### Describe the Bug When giving a user Create permissions on a shelf, the user is not able to create a new book. I'm trying to disallow users from creating books in shelves that do not belong to them. Unless I give them general "create book" permissions, they can't create any books at all. The issue with giving the role create book permissions is that the user is able to create books in shelves that should be viewed, but only edited by the owning team. ### Steps to Reproduce 1. Create a role with no "create book" permissions 2. Create a shelf and assign an override for that role with "create" permissions 3. Create book button is missing from the shelf view ### Expected Behaviour The New Book option should be available to users when they have the "create" override on a shelf. ### Screenshots or Additional Context _No response_ ### Browser Details _No response_ ### Exact BookStack Version v23.05.2 ### PHP Version 8.2 ### Hosting Environment Basic Azure App Service with a managed Azure MySQL database.
OVERLORD added the 🐛 Bug label 2026-02-05 07:43:45 +03:00
OVERLORD commented 2026-02-05 07:43:53 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Jun 20, 2023):

Thanks for raising @scwheele, but this is already covered in #2690 so I'm going to close this off as a duplicate.

@ssddanbrown commented on GitHub (Jun 20, 2023): Thanks for raising @scwheele, but this is already covered in #2690 so I'm going to close this off as a duplicate.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🎨 Design
📖 Docs Update
🐛 Bug
🐛 Bug
:cat2:🐈 Possible duplicate
💿 Database
Open to discussion
💻 Front-End
🐕 Support
🚪 Authentication
🌍 Translations
🔌 API Task
🏭 Back-End
Upstream
🔨 Feature Request
🛠️ Enhancement
🛠️ Enhancement
🛠️ Enhancement
❤️ Happy feedback
🔒 Security
🔍 Pending Validation
💆 UX
📝 WYSIWYG Editor
🌔 Out of scope
🔩 API Request
:octocat: Admin/Meta
🖌️ View Customization
Question
🚀 Priority
🛡️ Blocked
🚚 Export System
A11y
🔧 Maintenance
> Markdown Editor
pull-request
Mirrored from GitHub Pull Request
No Label 🐛 Bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#3869
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?