mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-02-07 03:09:44 +03:00
Add cascading permission for shelves #4510
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @mso-l on GitHub (Mar 13, 2024).
Describe the feature you'd like
Like other permissions, add the ability for books to inherite permissions from parent shelves. Combine permissions if the book is on multiple shelves. Ideally remove permissions if the book is removed from a shelve.
Describe the benefits this would bring to existing BookStack users
Bookstack users could apply initial permissions for an entire group / service / partner to a shelve, and place books they want to share with this group / service / partner. Allow to manage permissions in one place only, and allow a clear view of all books shared (unlike setting permissions on each book).
Can the goal of this request already be achieved via other means?
Not really, we've consider 2 other methods so far :
Have you searched for an existing open/closed issue?
How long have you been using BookStack?
1 to 5 years
Additional context
No response
@ssddanbrown commented on GitHub (Mar 14, 2024):
Related to previous threads #1091 #3959 #2652 #1455
@ssddanbrown commented on GitHub (Mar 15, 2025):
Thanks for offering to contribute @shadighorbani7171, but this wouldn't be an idea I'd look to incorporate at this time, regardless of implementation, since this would further entrench the idea of books belonging to a shelf (instead of the looser relation which exists), whereas I'd prefer to keep that open to other solutions long-term (and is something I need to think further on).
@mso-l commented on GitHub (Mar 18, 2025):
Thanks for your reply, maybe there is another way to adress the need of permissions management for books on multiple shelves ?
@GamerClassN7 commented on GitHub (Jun 2, 2025):
Hi,
This is necessary since it's easy to create a public-accessible page inside a private shelf that could contain sensitive information. Would it be possible to add a checkbox when creating a new book inside a shelf to cascade the correct permissions from the parent shelf?
Is there an easy way to implement this functionality without modifying the PHP code and losing the ability to update Docker containers seamlessly?
Thank oyu in advance for any help :)
@cyberm8 commented on GitHub (Jan 20, 2026):
Hello, to add to the discussion, we have “non-technical” people who write content on Bookstack, such as HR or general services.
When they create a book, they don't always think to configure the rights for the “HR editor” role, and in any case, they would inevitably forget to check a box or might even choose the wrong role.
On our end, we created an “HR” shelf with the appropriate permissions so they can create their books there, and as stated in the GUI, the permissions are not inherited in the books. So from time to time, we have to review their books permissions and fix them.
I don't have many ideas for this problem.
Perhaps introduce the concept of default roles for users?
When a user creates a book, they are the owner, but their default role is also applied to the content they create? That's kind of how it works on Linux: the primary group is used as the group for the files created.
Or perhaps we could have two different approaches depending on how a book is created?
If a user goes to the HR shelf to create a book, then it seems logical to me that they would inherit the permissions of the HR shelf, since that is where it was created.
If I could create a book without first going to a shelf, then that book would not have any special permissions (except for the owner). But that would require having a concept of a nameless shelf.