Inconsistent Visibility of Book Content #4496

New Issue

OVERLORD · 2026-02-05T09:00:35+03:00

OVERLORD commented

2026-02-05 09:00:35 +03:00

Originally created by @SwarteEugene on GitHub (Mar 5, 2024).

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

In our company, we use Bookstack as our company knowledge base and want to expand it so that customers can also access product data (installation manuals, etc.).

Roles are configured such that customers cannot see or do anything. Thus, permissions must be granted for each resource to allow customers to view shelves, books, chapters, and pages. However, administrators have noticed that a book is not visible to customers, even though multiple chapters and pages in the book are shared with them. When we grant customer role access to the book, customers can see all content in that book, which is not desired. For example, in Microsoft Sharepoint, we are familiar with using Bottom-Up access control. This means that all parent resources are visible to some extent, allowing navigation to the desired resource. So, if a page in a chapter in a book is shared, the book with that chapter and only that page should be visible.

We also tried sharing the book for the customer role and not sharing the chapter for the customer role. In this case, we shared a page for customers in the chapter. The result was that the page was visible to customers, but no longer within the chapter. The expected behavior was that the chapter would appear for the customer role but only with the shared page inside. With the current behavior, a non-redundant information structure is not achievable.

It would be great if we could disable automatic inheritance for individual books and chapters.

Exact BookStack Version

v23.10.4

Log Content

No response

Hosting Environment

PHP8.0 on Windows with IIS 10

Originally created by @SwarteEugene on GitHub (Mar 5, 2024). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario In our company, we use Bookstack as our company knowledge base and want to expand it so that customers can also access product data (installation manuals, etc.). Roles are configured such that customers cannot see or do anything. Thus, permissions must be granted for each resource to allow customers to view shelves, books, chapters, and pages. However, administrators have noticed that a book is not visible to customers, even though multiple chapters and pages in the book are shared with them. When we grant customer role access to the book, customers can see all content in that book, which is not desired. For example, in Microsoft Sharepoint, we are familiar with using Bottom-Up access control. This means that all parent resources are visible to some extent, allowing navigation to the desired resource. So, if a page in a chapter in a book is shared, the book with that chapter and only that page should be visible. We also tried sharing the book for the customer role and not sharing the chapter for the customer role. In this case, we shared a page for customers in the chapter. The result was that the page was visible to customers, but no longer within the chapter. The expected behavior was that the chapter would appear for the customer role but only with the shared page inside. With the current behavior, a non-redundant information structure is not achievable. It would be great if we could disable automatic inheritance for individual books and chapters. ### Exact BookStack Version v23.10.4 ### Log Content _No response_ ### Hosting Environment PHP8.0 on Windows with IIS 10

OVERLORD added the 🐕 Support label 2026-02-05 09:00:35 +03:00

OVERLORD closed this issue

2026-02-05 09:00:37 +03:00

OVERLORD commented

2026-02-05 09:00:49 +03:00

@ssddanbrown commented on GitHub (Mar 5, 2024):

That all sounds as expected from the current permission system.
Content is not visible unless there's specifically view access for that content, and this includes parent layers.
So parent items (books/chapters) will not be accessible/visible unless there's permissions to make them visible, there's no "upwards" auto cascade of visibility.

You could open a feature request for that kind of behavior, but I'm not sure if I'd leave it open for too long since it's not something I've seen specifically desired too much before, and I really want to avoid adding any extra complexity/controls to the permission system where possible without significant requirement.

@ssddanbrown commented on GitHub (Mar 5, 2024): That all sounds as expected from the current permission system. Content is not visible unless there's specifically view access for that content, and this includes parent layers. So parent items (books/chapters) will not be accessible/visible unless there's permissions to make them visible, there's no "upwards" auto cascade of visibility. You could open a feature request for that kind of behavior, but I'm not sure if I'd leave it open for too long since it's not something I've seen specifically desired too much before, and I really want to avoid adding any extra complexity/controls to the permission system where possible without significant requirement.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4496