[PR #3569] [MERGED] Permissions System Refactor #6220

New Issue

OVERLORD · 2026-02-05T10:27:07+03:00

OVERLORD commented

2026-02-05 10:27:07 +03:00

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/3569
Author: @ssddanbrown
Created: 7/12/2022
Status: ✅ Merged
Merged: 7/17/2022
Merged by: @ssddanbrown

Base: development ← Head: permissions_v2

📝 Commits (10+)

c5e9dfa Optimized pre-joint-permission logic efficiency
2d4f708 Extracted permission building out of permission service
b0a4d3d Renamed and cleaned up existing permission service classes use
2989852 Added simple data model for faster permission generation
4fb85a9 Started removal of non-view permission queries
1d875cc Continued removal of joint permission non-view queries
f459a68 Removed remaining dynamic action usages in joint permission queries
afe1a04 Aligned permission applicator method names
2332401 Fixed a couple of non-intended logical permission issues
8f90996 Dropped use of non-view joint permissions

📊 Changes

42 files changed (+865 additions, -905 deletions)

View changed files

📝 app/Actions/ActivityLogger.php (+0 -8)
📝 app/Actions/ActivityQueries.php (+8 -8)
📝 app/Actions/TagRepo.php (+7 -8)
➕ app/Auth/Permissions/JointPermissionBuilder.php (+405 -0)
➕ app/Auth/Permissions/PermissionApplicator.php (+248 -0)
➖ app/Auth/Permissions/PermissionService.php (+0 -719)
📝 app/Auth/Permissions/PermissionsRepo.php (+17 -22)
➕ app/Auth/Permissions/SimpleEntityData.php (+13 -0)
📝 app/Auth/User.php (+1 -1)
📝 app/Config/app.php (+0 -1)
📝 app/Console/Commands/RegeneratePermissions.php (+11 -15)
📝 app/Entities/Models/Bookshelf.php (+0 -6)
📝 app/Entities/Models/Entity.php (+6 -15)
📝 app/Entities/Models/Page.php (+2 -2)
📝 app/Entities/Queries/EntityQuery.php (+3 -3)
📝 app/Entities/Queries/Popular.php (+2 -2)
📝 app/Entities/Queries/RecentlyViewed.php (+2 -3)
📝 app/Entities/Queries/TopFavourites.php (+1 -1)
📝 app/Entities/Tools/SearchRunner.php (+11 -18)
📝 app/Entities/Tools/ShelfContext.php (+1 -0)

...and 22 more files

📄 Description

This PR is an initial refactor of the permission system in BookStack.
This culls back a lot of the processing work, and logic, to store joint permission for non-view types. Just by removing other permission types we cut back the amount of permission generation needed upon many actions within the system.
This is in preparation to extending the permission for other use-cases in the system, which might use-up some of the gains made here.

Rough Benchmarking

System - Complete permission regen

Timed via time command and regen bookstack CLI command, 5 run sample.
2296 Pages, 563 Chapters, 24 Books, 4 Shelves, Default roles (3+admin)

Before: 6.93-6.99s
After: 1.10-1.16s

Single Book

Performed as web request app endpoint, without middleware. Timed via clockwork request time.
Book contained 200 Pages, 50 Chapters

Before: 893-1060ms
After: 290-320ms

Todo

Remove test route
Migration to drop non-view joint permissions.
Double check visibility controls on search results, especially draft visibility.
Test SearchController@searchEntitiesAjax responses when permissions are lacking (New locked/disabled state).

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/3569 **Author:** [@ssddanbrown](https://github.com/ssddanbrown) **Created:** 7/12/2022 **Status:** ✅ Merged **Merged:** 7/17/2022 **Merged by:** [@ssddanbrown](https://github.com/ssddanbrown) **Base:** `development` ← **Head:** `permissions_v2` --- ### 📝 Commits (10+) - [`c5e9dfa`](https://github.com/BookStackApp/BookStack/commit/c5e9dfa168f2f02106491779349663f9c3f5827b) Optimized pre-joint-permission logic efficiency - [`2d4f708`](https://github.com/BookStackApp/BookStack/commit/2d4f708c7961f7ef7da3fd1d89d39a99581afa9e) Extracted permission building out of permission service - [`b0a4d3d`](https://github.com/BookStackApp/BookStack/commit/b0a4d3d0597dcdbe2cd15261ecc874f2d5a7f666) Renamed and cleaned up existing permission service classes use - [`2989852`](https://github.com/BookStackApp/BookStack/commit/2989852520ee05581abbf156a0b6aa8aad2cc910) Added simple data model for faster permission generation - [`4fb85a9`](https://github.com/BookStackApp/BookStack/commit/4fb85a9a5cd75f1f0a0f605a916d4c3a746ee672) Started removal of non-view permission queries - [`1d875cc`](https://github.com/BookStackApp/BookStack/commit/1d875ccfb7c62854c9c3253a0d83b39310fefbf8) Continued removal of joint permission non-view queries - [`f459a68`](https://github.com/BookStackApp/BookStack/commit/f459a68535fc42ef5079e2514b82bff28504fc50) Removed remaining dynamic action usages in joint permission queries - [`afe1a04`](https://github.com/BookStackApp/BookStack/commit/afe1a042396454e071b4b3bb5bb0043586ba333a) Aligned permission applicator method names - [`2332401`](https://github.com/BookStackApp/BookStack/commit/23324018540624d7a6beafd0514f4b7dbe327431) Fixed a couple of non-intended logical permission issues - [`8f90996`](https://github.com/BookStackApp/BookStack/commit/8f90996ceff6dca02c6f80d6f7d0d3f837dd1601) Dropped use of non-view joint permissions ### 📊 Changes **42 files changed** (+865 additions, -905 deletions) <details> <summary>View changed files</summary> 📝 `app/Actions/ActivityLogger.php` (+0 -8) 📝 `app/Actions/ActivityQueries.php` (+8 -8) 📝 `app/Actions/TagRepo.php` (+7 -8) ➕ `app/Auth/Permissions/JointPermissionBuilder.php` (+405 -0) ➕ `app/Auth/Permissions/PermissionApplicator.php` (+248 -0) ➖ `app/Auth/Permissions/PermissionService.php` (+0 -719) 📝 `app/Auth/Permissions/PermissionsRepo.php` (+17 -22) ➕ `app/Auth/Permissions/SimpleEntityData.php` (+13 -0) 📝 `app/Auth/User.php` (+1 -1) 📝 `app/Config/app.php` (+0 -1) 📝 `app/Console/Commands/RegeneratePermissions.php` (+11 -15) 📝 `app/Entities/Models/Bookshelf.php` (+0 -6) 📝 `app/Entities/Models/Entity.php` (+6 -15) 📝 `app/Entities/Models/Page.php` (+2 -2) 📝 `app/Entities/Queries/EntityQuery.php` (+3 -3) 📝 `app/Entities/Queries/Popular.php` (+2 -2) 📝 `app/Entities/Queries/RecentlyViewed.php` (+2 -3) 📝 `app/Entities/Queries/TopFavourites.php` (+1 -1) 📝 `app/Entities/Tools/SearchRunner.php` (+11 -18) 📝 `app/Entities/Tools/ShelfContext.php` (+1 -0) _...and 22 more files_ </details> ### 📄 Description This PR is an initial refactor of the permission system in BookStack. This culls back a lot of the processing work, and logic, to store joint permission for non-view types. Just by removing other permission types we cut back the amount of permission generation needed upon many actions within the system. This is in preparation to extending the permission for other use-cases in the system, which might use-up some of the gains made here. ### Rough Benchmarking ##### System - Complete permission regen Timed via `time` command and regen bookstack CLI command, 5 run sample. 2296 Pages, 563 Chapters, 24 Books, 4 Shelves, Default roles (3+admin) - Before: 6.93-6.99s - After: 1.10-1.16s ##### Single Book Performed as web request app endpoint, without middleware. Timed via clockwork request time. Book contained 200 Pages, 50 Chapters - Before: 893-1060ms - After: 290-320ms ### Todo - [x] Remove test route - [x] Migration to drop non-view joint permissions. - [x] Double check visibility controls on search results, especially draft visibility. - [x] Test `SearchController@searchEntitiesAjax` responses when permissions are lacking (New locked/disabled state). --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-05 10:27:07 +03:00

OVERLORD closed this issue

2026-02-05 10:27:07 +03:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#6220