starred/BookStack

Fork 0

You've already forked BookStack

mirror of https://github.com/BookStackApp/BookStack.git synced 2026-05-04 18:08:46 +03:00

Code Issues 784 Packages Projects Releases 15 Wiki Activity

[PR #3908] [CLOSED] User permissions #6281

New Issue

Closed

opened 2026-02-05 10:28:23 +03:00 by OVERLORD · 0 comments

OVERLORD commented

2026-02-05 10:28:23 +03:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/3908
Author: @ssddanbrown
Created: 12/7/2022
Status: ❌ Closed

Base: development ← Head: user_permissions

📝 Commits (10+)

1c53ffc Updated entity_permissions table for user perms.
f8c4725 Aligned logic to entity_permission role_id usage change
7a269e7 Added users to permission form interface
93cbd3b Improved user-permissions adding ux
0411185 Added, and built perm. gen for, joint_user_permissions table
60bf838 Added joint_user_permissions handling to query system
e8a8fed Started aligning permission behaviour across application methods
d54ea1b Started more formal permission test case definitions
f844ae0 Create additional test helper classes
491beee Added additional entity_role_permission scenario tests

📊 Changes

105 files changed (+2468 additions, -1130 deletions)

View changed files

📝 app/Actions/ActivityQueries.php (+8 -2)
📝 app/Actions/TagRepo.php (+5 -4)
➕ app/Auth/Permissions/CollapsedPermission.php (+18 -0)
➕ app/Auth/Permissions/CollapsedPermissionBuilder.php (+278 -0)
📝 app/Auth/Permissions/EntityPermission.php (+35 -8)
➕ app/Auth/Permissions/EntityPermissionMap.php (+37 -0)
➖ app/Auth/Permissions/JointPermission.php (+0 -31)
➖ app/Auth/Permissions/JointPermissionBuilder.php (+0 -408)
📝 app/Auth/Permissions/PermissionApplicator.php (+204 -97)
📝 app/Auth/Permissions/PermissionFormData.php (+22 -10)
📝 app/Auth/Permissions/PermissionsRepo.php (+4 -6)
📝 app/Auth/Permissions/SimpleEntityData.php (+0 -1)
📝 app/Auth/Role.php (+9 -9)
📝 app/Auth/User.php (+18 -0)
📝 app/Auth/UserRepo.php (+2 -0)
📝 app/Console/Commands/RegeneratePermissions.php (+3 -3)
📝 app/Entities/Models/Entity.php (+7 -7)
📝 app/Entities/Tools/PermissionsUpdater.php (+22 -6)
📝 app/Entities/Tools/TrashCan.php (+1 -1)
📝 app/Http/Controllers/PermissionsController.php (+27 -1)

...and 80 more files

📄 Description

As start of user permissions work. Related to #1747.

Todo

Update entity permissions table
Update "Other users" permission handling to be denoted by entity permissions with user_id = null AND role_id = null instead of role_id = 0.
Update joint_permissions table to support user_id?
Update joint_permission handling.
- Fix misalignment between joint and non-joint handling, Currently seen with 2-role user, granted view on parent book on Role A, prevented view on chapter on Role B.
  - Check scenario against release.
    - Release has this same scenario. Works if inherit permissions is inactive, otherwise chapter (and content) is visible but not accessible, even if both roles are set to not allow view while inherit is active.
- Chapter permission fallback "Other users" option not taking account.
- Check scenario of "Role A" granting permission via role permissions to sub-item that has blocked "Role B" permission at entity-level.
  - Check on release - Can view (query), can't access (userCan).
  - Check view via joint permission behaviour
  - Check edit via userCan behaviour.
Add user interface for user permissions.
Delete entity permissions and joint permissions on user delete.
Wrap gen/delete in transactions to avoid visibility change during generation.
Check for todos in changes.
Testing.
- Create dev-doc for permission scenario testing, with test case IDs that link to PHPUnit test cases.
- Test admin system role retains full item-level permission.
- Manually & thoroughly scenario test permission application.
- Ensure view (joint permission) logic aligns.
- Check prevention (Lack of permission) aligns with last release, and pre-v22.10 release (Where applicable), in that role permissions will prevent access where defined (Unless another role for the user specifically allows).
- Check copying of shelf permissions.
- Check copying of items (If permissions come across.)
Extract text to language files.

Docs update

Update permissions user doc page.
- Provide an "advanced" overview of deeper combination logic
Add upgrade notice, linking to above added section for more details.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/3908 **Author:** [@ssddanbrown](https://github.com/ssddanbrown) **Created:** 12/7/2022 **Status:** ❌ Closed **Base:** `development` ← **Head:** `user_permissions` --- ### 📝 Commits (10+) - [`1c53ffc`](https://github.com/BookStackApp/BookStack/commit/1c53ffc4d14457803aa207a52963cfc77d4f0242) Updated entity_permissions table for user perms. - [`f8c4725`](https://github.com/BookStackApp/BookStack/commit/f8c4725166ee317b4ec6a19278d1650426dcc419) Aligned logic to entity_permission role_id usage change - [`7a269e7`](https://github.com/BookStackApp/BookStack/commit/7a269e7689d0e000dbf56f9da603e8586106e8bb) Added users to permission form interface - [`93cbd3b`](https://github.com/BookStackApp/BookStack/commit/93cbd3b8aacd52ba352899db41e859c363d1ef1b) Improved user-permissions adding ux - [`0411185`](https://github.com/BookStackApp/BookStack/commit/0411185fbb15ecb4d269bf614be6c4a18836d408) Added, and built perm. gen for, joint_user_permissions table - [`60bf838`](https://github.com/BookStackApp/BookStack/commit/60bf838a4ad9933185c0b9ca0c76f9891b529b9a) Added joint_user_permissions handling to query system - [`e8a8fed`](https://github.com/BookStackApp/BookStack/commit/e8a8fedfd6c1000170baebc92c144db58b302057) Started aligning permission behaviour across application methods - [`d54ea1b`](https://github.com/BookStackApp/BookStack/commit/d54ea1b3ede4fe6ea3ee04108503c62f427fad3f) Started more formal permission test case definitions - [`f844ae0`](https://github.com/BookStackApp/BookStack/commit/f844ae0902e3fa7d17ce1631058531c9f3b06ecd) Create additional test helper classes - [`491beee`](https://github.com/BookStackApp/BookStack/commit/491beee93e790bfd4b29416710a1256cf356f9b5) Added additional entity_role_permission scenario tests ### 📊 Changes **105 files changed** (+2468 additions, -1130 deletions) <details> <summary>View changed files</summary> 📝 `app/Actions/ActivityQueries.php` (+8 -2) 📝 `app/Actions/TagRepo.php` (+5 -4) ➕ `app/Auth/Permissions/CollapsedPermission.php` (+18 -0) ➕ `app/Auth/Permissions/CollapsedPermissionBuilder.php` (+278 -0) 📝 `app/Auth/Permissions/EntityPermission.php` (+35 -8) ➕ `app/Auth/Permissions/EntityPermissionMap.php` (+37 -0) ➖ `app/Auth/Permissions/JointPermission.php` (+0 -31) ➖ `app/Auth/Permissions/JointPermissionBuilder.php` (+0 -408) 📝 `app/Auth/Permissions/PermissionApplicator.php` (+204 -97) 📝 `app/Auth/Permissions/PermissionFormData.php` (+22 -10) 📝 `app/Auth/Permissions/PermissionsRepo.php` (+4 -6) 📝 `app/Auth/Permissions/SimpleEntityData.php` (+0 -1) 📝 `app/Auth/Role.php` (+9 -9) 📝 `app/Auth/User.php` (+18 -0) 📝 `app/Auth/UserRepo.php` (+2 -0) 📝 `app/Console/Commands/RegeneratePermissions.php` (+3 -3) 📝 `app/Entities/Models/Entity.php` (+7 -7) 📝 `app/Entities/Tools/PermissionsUpdater.php` (+22 -6) 📝 `app/Entities/Tools/TrashCan.php` (+1 -1) 📝 `app/Http/Controllers/PermissionsController.php` (+27 -1) _...and 80 more files_ </details> ### 📄 Description As start of user permissions work. Related to #1747. ### Todo - [x] Update entity permissions table - [x] Update "Other users" permission handling to be denoted by entity permissions with `user_id = null AND role_id = null` instead of `role_id = 0`. - [x] Update joint_permissions table to support user_id? - [ ] Update joint_permission handling. - [x] Fix misalignment between joint and non-joint handling, Currently seen with 2-role user, granted view on parent book on Role A, prevented view on chapter on Role B. - [x] Check scenario against release. - Release has this same scenario. Works if inherit permissions is inactive, otherwise chapter (and content) is visible but not accessible, even if both roles are set to not allow view while inherit is active. - [x] Chapter permission fallback "Other users" option not taking account. - [x] Check scenario of "Role A" granting permission via role permissions to sub-item that has blocked "Role B" permission at entity-level. - [x] Check on release - Can view (query), can't access (userCan). - [x] Check view via joint permission behaviour - [x] Check edit via `userCan` behaviour. - [x] Add user interface for user permissions. - [ ] Delete entity permissions and joint permissions on user delete. - [ ] Wrap gen/delete in transactions to avoid visibility change during generation. - [ ] Check for todos in changes. - [ ] Testing. - [x] Create dev-doc for permission scenario testing, with test case IDs that link to PHPUnit test cases. - [ ] Test admin system role retains full item-level permission. - [ ] Manually & thoroughly scenario test permission application. - [x] Ensure view (joint permission) logic aligns. - [ ] Check prevention (Lack of permission) aligns with last release, and pre-v22.10 release (Where applicable), in that role permissions will prevent access where defined (Unless another role for the user specifically allows). - [ ] Check copying of shelf permissions. - [ ] Check copying of items (If permissions come across.) - [ ] Extract text to language files. ### Docs update - Update permissions user doc page. - Provide an "advanced" overview of deeper combination logic - Add upgrade notice, linking to above added section for more details. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-05 10:28:23 +03:00

OVERLORD closed this issue

2026-02-05 10:28:25 +03:00

No Branch/Tag Specified

development

l10n_development

release

v26-03

ci_fixing

codeberg-actions

lexical_may_2026

MilnerMart/development

sort_rule_text

GamerClassN7/impersonations-for-admin

Zhey-on/feature/csp-image-css-controls-6033

tortillas5/development

clauvaldez/mfaReset

llm_only

vectors

McTom234/oidc-key-algorithms

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v26.03.4

v26.03.3

v26.03.2

v26.03.1

v26.03

v25.12.9

v25.12.8

v25.12.7

v25.12.6

v25.12.5

v25.12.4

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#6281

Reference in New Issue

Repository

starred/BookStack

Title

Body

Block a user

Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.

User to block:

Optional note:

The note is not visible to the blocked user.

Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?