Permission Bug - Page create fails within chapter if lacking permissions to view the parent book #734

New Issue

Closed

opened 2026-02-04 22:06:16 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-04 22:06:16 +03:00

Owner

Copy Link

Originally created by @andresilva-cc on GitHub (Jul 3, 2018).

First, let me explain what I'm trying to do:
I have a book which is composed of several chapters. There's a new user who needs access to only a specific chapter in this book, he should be able to create and edit pages in this chapter, but he shouldn't be able to see the other chapters.

Before this modification, I activated custom permission for this book, where group "Telecom" has full access to it, and all chapters inherit this permission. So what I tried to do is: I activated the custom permissions on this chapter, enabled full access to "Telecom" group (to keep this permission), but I also enabled full access to the group this user belongs (it's a "personal" group, only he is in the group). So the permissions are like this:

So, what I realized is that he can't see the book. Ok, that's fine, I think that was expected, he can still access the chapter by using the URL or in the recents panel. The problem is, he can't create new pages, it gives him a 404 error.

I can't understand why this is happening, I gave full access to the chapter, but he still can't create new pages. I can solve this by enabling some permissions on the book itself, but then he would be able to see all the chapters.

Originally created by @andresilva-cc on GitHub (Jul 3, 2018). First, let me explain what I'm trying to do: I have a book which is composed of several chapters. There's a new user who needs access to only a specific chapter in this book, he should be able to create and edit pages in this chapter, but he shouldn't be able to see the other chapters. Before this modification, I activated custom permission for this book, where group "Telecom" has full access to it, and all chapters inherit this permission. So what I tried to do is: I activated the custom permissions on this chapter, enabled full access to "Telecom" group (to keep this permission), but I also enabled full access to the group this user belongs (it's a "personal" group, only he is in the group). So the permissions are like this:  So, what I realized is that he can't see the book. Ok, that's fine, I think that was expected, he can still access the chapter by using the URL or in the recents panel. The problem is, he can't create new pages, it gives him a 404 error. I can't understand why this is happening, I gave full access to the chapter, but he still can't create new pages. I can solve this by enabling some permissions on the book itself, but then he would be able to see all the chapters.

OVERLORD added the 🐛 Bug label 2026-02-04 22:06:16 +03:00

OVERLORD closed this issue 2026-02-04 22:06:19 +03:00

OVERLORD commented 2026-02-04 22:06:24 +03:00

Author

Owner

Copy Link

@andresilva-cc commented on GitHub (Jul 9, 2018):

Anyone?

@andresilva-cc commented on GitHub (Jul 9, 2018): Anyone?

OVERLORD commented 2026-02-04 22:06:26 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jul 14, 2018):

Hi @DeehSlash, Thanks for reporting and sorry for the slow response, It's taken me a couple of goes to understand your exact scenario. I understand the issue now and can confirm the bug.

I've marked the fix for the next release.

Developer Notes

At some point during page creation the book is searched for within Entity repo. This needs to be carefully changed to ignore view permissions, If it's required at all.

@ssddanbrown commented on GitHub (Jul 14, 2018): Hi @DeehSlash, Thanks for reporting and sorry for the slow response, It's taken me a couple of goes to understand your exact scenario. I understand the issue now and can confirm the bug. I've marked the fix for the next release. ### Developer Notes At some point during page creation the book is searched for within Entity repo. This needs to be carefully changed to ignore view permissions, If it's required at all.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

further_theme_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

No Label 🐛 Bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#734