starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-02-05 00:29:48 +03:00
Code Issues 304 Packages Projects Releases 10 Wiki Activity

Support to Departments #812

New Issue
Closed
opened 2026-02-04 22:21:41 +03:00 by OVERLORD · 15 comments
OVERLORD commented 2026-02-04 22:21:41 +03:00
Owner
Copy Link

Originally created by @lucassmacedo on GitHub (Sep 12, 2018).

Describe the feature you'd like
It would be interesting if the books had support to departments, here in the company that I work I have several departments, like financial, sales, purchases, etc. And with LDAP synchronization it would be interesting to assign a book to the "department"

Describe the benefits this feature would bring to BookStack users
Have exclusive control of the content by department, being able to release the books only for the specific users of that department

Originally created by @lucassmacedo on GitHub (Sep 12, 2018). **Describe the feature you'd like** It would be interesting if the books had support to departments, here in the company that I work I have several departments, like financial, sales, purchases, etc. And with LDAP synchronization it would be interesting to assign a book to the "department" **Describe the benefits this feature would bring to BookStack users** Have exclusive control of the content by department, being able to release the books only for the specific users of that department
OVERLORD commented 2026-02-04 22:21:49 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Sep 12, 2018):

Hi @lucassmacedo, Thanks for your suggestion.

If I'm honest I'm having troubling understanding exactly what you require. Can you explain exactly how you'd see this working in BookStack?

Within BookStack it is currently possible to set custom role permissions on specific Books.
In addition, It is possible to sync LDAP groups with BookStack roles.
Is sounds like those two systems may kind of cover your request?

@ssddanbrown commented on GitHub (Sep 12, 2018): Hi @lucassmacedo, Thanks for your suggestion. If I'm honest I'm having troubling understanding exactly what you require. Can you explain exactly how you'd see this working in BookStack? Within BookStack it is currently possible to set custom role permissions on specific Books. In addition, It is possible to sync LDAP groups with BookStack roles. Is sounds like those two systems may kind of cover your request?
OVERLORD commented 2026-02-04 22:21:53 +03:00
Author
Owner
Copy Link

@lucassmacedo commented on GitHub (Sep 12, 2018):

Hi @ssddanbrown I'll explain more clearly
In the company we have several departments, where each department has a series of documents, manuals, tutorials etc., specific to each department.
Within each department there are managers, who would be the department's managers.
It would be interesting if the user to enter the system, had access only in the department that he belongs and the level of permission of it. You see?

@lucassmacedo commented on GitHub (Sep 12, 2018): Hi @ssddanbrown I'll explain more clearly In the company we have several departments, where each department has a series of documents, manuals, tutorials etc., specific to each department. Within each department there are managers, who would be the department's managers. It would be interesting if the user to enter the system, had access only in the department that he belongs and the level of permission of it. You see?
OVERLORD commented 2026-02-04 22:21:56 +03:00
Author
Owner
Copy Link

@excelite commented on GitHub (Sep 15, 2018):

Hi @ssddanbrown, for me it seems like @lucassmacedo is asking for a group based authentication to different books (feel free to correct me if I'm wrong here).

We are currently thinking about using this neat app for some general documentation stuff in our Formula Student team since it would suite our workflow perfectly, but our business team would like to restrict access to some sections (read: books).

A group access policy would make this nice and easy.

@excelite commented on GitHub (Sep 15, 2018): Hi @ssddanbrown, for me it seems like @lucassmacedo is asking for a group based authentication to different books (feel free to correct me if I'm wrong here). We are currently thinking about using this neat app for some general documentation stuff in our Formula Student team since it would suite our workflow perfectly, but our business team would like to restrict access to some sections (read: books). A group access policy would make this nice and easy.
OVERLORD commented 2026-02-04 22:22:00 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Sep 16, 2018):

A group access policy would make this nice and easy.

@excelite I guess the thing I don't understand is how this differs from the current permission system? Since you can already limit the viewing/updating/deleting of a book (or page or chapter) to certain roles.

@ssddanbrown commented on GitHub (Sep 16, 2018): > A group access policy would make this nice and easy. @excelite I guess the thing I don't understand is how this differs from the current permission system? Since you can already limit the viewing/updating/deleting of a book (or page or chapter) to certain roles.
OVERLORD commented 2026-02-04 22:22:01 +03:00
Author
Owner
Copy Link

@lucassmacedo commented on GitHub (Sep 17, 2018):

Exact @excelite, need to sync with departments, not papers .. Roles is to view / update and delete, but it's all books, my suggestion is books specific to departments (or groups)

@lucassmacedo commented on GitHub (Sep 17, 2018): Exact @excelite, need to sync with departments, not papers .. Roles is to view / update and delete, but it's all books, my suggestion is books specific to departments (or groups)
OVERLORD commented 2026-02-04 22:22:05 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Sep 18, 2018):

Hi @lucassmacedo ,
I'm still having trouble with this.
Please see the below gif, Let me know if you are aware of these book-level permission in BookStack:

bookstack-book-permissions

@ssddanbrown commented on GitHub (Sep 18, 2018): Hi @lucassmacedo , I'm still having trouble with this. Please see the below gif, Let me know if you are aware of these book-level permission in BookStack: ![bookstack-book-permissions](https://user-images.githubusercontent.com/8343178/45692171-10e5ad00-bb52-11e8-99b0-9a673808a865.gif)
OVERLORD commented 2026-02-04 22:22:07 +03:00
Author
Owner
Copy Link

@lucassmacedo commented on GitHub (Sep 18, 2018):

@ssddanbrown The permission manager is perfect. The only thing I need is that I can organize the books by "department" or "category" and associate the user with a category, so he could have all that level of permission that already exists, but only from "certain" books

@lucassmacedo commented on GitHub (Sep 18, 2018): @ssddanbrown The permission manager is perfect. The only thing I need is that I can organize the books by "department" or "category" and associate the user with a category, so he could have all that level of permission that already exists, but only from "certain" books
OVERLORD commented 2026-02-04 22:22:10 +03:00
Author
Owner
Copy Link

@lucassmacedo commented on GitHub (Sep 18, 2018):

@ssddanbrown
But if this is causing a confusion, I'm sorry. I'm trying to be as clear as I can in the English language.

@lucassmacedo commented on GitHub (Sep 18, 2018): @ssddanbrown But if this is causing a confusion, I'm sorry. I'm trying to be as clear as I can in the English language.
OVERLORD commented 2026-02-04 22:22:12 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Sep 19, 2018):

@lucassmacedo No worries, Your English is perfectly clear, I just don't understand how the existing system in BookStack differs to what you are asking for, since you are already able to assign permissions for certain books to certain user roles (So you could set a 'Sales History' book to be only visible by a 'Sales Team' role).

@ssddanbrown commented on GitHub (Sep 19, 2018): @lucassmacedo No worries, Your English is perfectly clear, I just don't understand how the existing system in BookStack differs to what you are asking for, since you are already able to assign permissions for certain books to certain user roles (So you could set a 'Sales History' book to be only visible by a 'Sales Team' role).
OVERLORD commented 2026-02-04 22:22:17 +03:00
Author
Owner
Copy Link

@excelite commented on GitHub (Sep 27, 2018):

@ssddanbrown sry for the late reply but I got to play on this just yesterday.

you were right, this actually does exactly what we (I) were trying to accomplish. What I wasn't able to figure out was that I have to create a Role that is exactly spelled like the LDAP group. then it automatically matches everything just fine! this would be great if you could add that to the LDAP section in the documentation.

actually having the bookshelves now makes it a lot easier for everybody to understand how they are allowed to access stuff and also makes it really easy to organise things in a department way. (each department gets it's own bookshelf and may put their "private" books in there.

I'm starting to really love this project!

From my side, the issue is solved.
@lucassmacedo have a look at 0.24.0, the bookshelves really help a lot to organize things and make it easy for everybody to understand.

@excelite commented on GitHub (Sep 27, 2018): @ssddanbrown sry for the late reply but I got to play on this just yesterday. you were right, this actually does exactly what we (I) were trying to accomplish. What I wasn't able to figure out was that I have to create a Role that is exactly spelled like the LDAP group. then it automatically matches everything just fine! this would be great if you could add that to the LDAP section in the documentation. actually having the bookshelves now makes it a lot easier for everybody to understand how they are allowed to access stuff and also makes it really easy to organise things in a department way. (each department gets it's own bookshelf and may put their "private" books in there. I'm starting to really love this project! From my side, the issue is solved. @lucassmacedo have a look at 0.24.0, the bookshelves really help a lot to organize things and make it easy for everybody to understand.
OVERLORD commented 2026-02-04 22:22:22 +03:00
Author
Owner
Copy Link

@lucassmacedo commented on GitHub (Sep 27, 2018):

Thanks @excelite !

@lucassmacedo commented on GitHub (Sep 27, 2018): Thanks @excelite !
OVERLORD commented 2026-02-04 22:22:25 +03:00
Author
Owner
Copy Link

@CorruptComputer commented on GitHub (Apr 11, 2019):

Just to be sure before I open a new request, lets say I have multiple groups in AD which I am using to auth with Bookstack: "Docs - IT", "Docs - Finance", "Docs - Marketing", etc...

Can I use those to dynamically assign groups within Bookstack, so that anyone with the AD "Docs - IT" group would have my "IT" Bookstack permissions group?

@CorruptComputer commented on GitHub (Apr 11, 2019): Just to be sure before I open a new request, lets say I have multiple groups in AD which I am using to auth with Bookstack: "Docs - IT", "Docs - Finance", "Docs - Marketing", etc... Can I use those to dynamically assign groups within Bookstack, so that anyone with the AD "Docs - IT" group would have my "IT" Bookstack permissions group?
OVERLORD commented 2026-02-04 22:22:26 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Apr 11, 2019):

Hi @CorruptComputer,
There is currently no dynamic matching for roles/groups, Only exact name matching.

You can however match multiple LDAP groups to a single BookStack role by listing the group CN names in the ‘External Authentication IDs’ input, comma separated.

@ssddanbrown commented on GitHub (Apr 11, 2019): Hi @CorruptComputer, There is currently no dynamic matching for roles/groups, Only exact name matching. You can however match multiple LDAP groups to a single BookStack role by listing the group CN names in the ‘External Authentication IDs’ input, comma separated.
OVERLORD commented 2026-02-04 22:22:29 +03:00
Author
Owner
Copy Link

@CorruptComputer commented on GitHub (Apr 11, 2019):

Thanks for the heads up @ssddanbrown,

Does that mean it only matches groups with the same name? For example:

AD Bookstack Works?
"Docs - IT" "Docs - IT" Yes
"Docs - IT" "IT Docs" No

The documentation I found here doesn't say anything about multiple groups either. So I'm guessing I would have to do something like this instead? To allow them to logon, but no access to any documentation.

AD Bookstack
"Docs Access" "User"

Then add the other permission groups for the department manually for each user?

@CorruptComputer commented on GitHub (Apr 11, 2019): Thanks for the heads up @ssddanbrown, Does that mean it only matches groups with the same name? For example: | AD | Bookstack | Works? | | --- | --- | --- | | "Docs - IT" | "Docs - IT" | Yes | | "Docs - IT" | "IT Docs" | No | The documentation I found [here](https://www.bookstackapp.com/docs/admin/ldap-auth/#ldap-group-sync) doesn't say anything about multiple groups either. So I'm guessing I would have to do something like this instead? To allow them to logon, but no access to any documentation. | AD | Bookstack | | --- | --- | | "Docs Access" | "User" | Then add the other permission groups for the department manually for each user?
OVERLORD commented 2026-02-04 22:22:32 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Apr 12, 2019):

@CorruptComputer

Does that mean it only matches groups with the same name?

No, You are able to override the name used for matching using the External Authentication IDs.

From that docs page:

This can be overridden by via the ‘External Authentication IDs’ field which can be seen when editing a role while LDAP authentication is enabled. This field can be populated with common names (CNs) of accounts or groups. If filled, CNs in this field will be used and the role name will be ignored. You can match on multiple CNs by separating them with a comma.

So for a BookStack role of "IT Docs" you could set the external External Authentication IDs field to be Docs - IT,Docs - Marketing and it should match on both.

@ssddanbrown commented on GitHub (Apr 12, 2019): @CorruptComputer > Does that mean it only matches groups with the same name? No, You are able to override the name used for matching using the `External Authentication IDs`. From that docs page: > This can be overridden by via the ‘External Authentication IDs’ field which can be seen when editing a role while LDAP authentication is enabled. This field can be populated with common names (CNs) of accounts or groups. If filled, CNs in this field will be used and the role name will be ignored. **You can match on multiple CNs by separating them with a comma**. So for a BookStack role of "IT Docs" you could set the external `External Authentication IDs` field to be `Docs - IT,Docs - Marketing` and it should match on both.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🎨 Design
📖 Docs Update
🐛 Bug
🐛 Bug
:cat2:🐈 Possible duplicate
💿 Database
Open to discussion
💻 Front-End
🐕 Support
🚪 Authentication
🌍 Translations
🔌 API Task
🏭 Back-End
Upstream
🔨 Feature Request
🛠️ Enhancement
🛠️ Enhancement
🛠️ Enhancement
❤️ Happy feedback
🔒 Security
🔍 Pending Validation
💆 UX
📝 WYSIWYG Editor
🌔 Out of scope
🔩 API Request
:octocat: Admin/Meta
🖌️ View Customization
Question
🚀 Priority
🛡️ Blocked
🚚 Export System
A11y
🔧 Maintenance
> Markdown Editor
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#812
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?