A user with a role with 'manage users' system permission does not see the settings menu #895

New Issue

OVERLORD · 2026-02-04T22:45:47+03:00

OVERLORD commented

2026-02-04 22:45:47 +03:00

Originally created by @mark-james on GitHub (Nov 8, 2018).

Describe the bug
A user with a role with 'manage users' system permission does not see the 'settings' menu on the top bar. In order to see the bar the 'Manage app settings' system permission must also be included in the role.

Steps To Reproduce

Create a new role that includes the Manage Users system permission.
Assign the new role to a user
Login with this user and check the top bar. The Settings menu is missing.

Expected behavior
A user with the role should be able to access the Users sub menu of settings without having access to change the core app settings.

Your Configuration (please complete the following information):

Exact BookStack Version (Found in settings): BookStack v0.24.1
Hosting Method (Nginx/Apache/Docker): Ubuntu 18.04 - Using included installation script

Originally created by @mark-james on GitHub (Nov 8, 2018). **Describe the bug** A user with a role with 'manage users' system permission does not see the 'settings' menu on the top bar. In order to see the bar the 'Manage app settings' system permission must also be included in the role. **Steps To Reproduce** 1. Create a new role that includes the Manage Users system permission. 2. Assign the new role to a user 3. Login with this user and check the top bar. The Settings menu is missing. **Expected behavior** A user with the role should be able to access the Users sub menu of settings without having access to change the core app settings. **Your Configuration (please complete the following information):** - Exact BookStack Version (Found in settings): BookStack v0.24.1 - Hosting Method (Nginx/Apache/Docker): Ubuntu 18.04 - Using included installation script

OVERLORD added the 🛠️ Enhancement 💆 UX labels 2026-02-04 22:45:47 +03:00

OVERLORD closed this issue

2026-02-04 22:45:48 +03:00

OVERLORD commented

2026-02-04 22:45:53 +03:00

@mark-james commented on GitHub (Nov 8, 2018):

I've also discovered a related issue. A user with 'manage users' system permissions can update their user to any role including the admin role. Essentially giving themselves global access. Should I create a new issue or just update the above?

@mark-james commented on GitHub (Nov 8, 2018): I've also discovered a related issue. A user with 'manage users' system permissions can update their user to any role including the admin role. Essentially giving themselves global access. Should I create a new issue or just update the above?

OVERLORD commented

2026-02-04 22:45:55 +03:00

@ssddanbrown commented on GitHub (Jan 5, 2019):

@mark-james Thanks for raising this and sorry for my late reply, Looks like it'll be covered in #1119.

For the other point, It's probably best to open a new isuse and it may need a bit of discussion to confirm the exact logic to be implemented.

@ssddanbrown commented on GitHub (Jan 5, 2019): @mark-james Thanks for raising this and sorry for my late reply, Looks like it'll be covered in #1119. For the other point, It's probably best to open a new isuse and it may need a bit of discussion to confirm the exact logic to be implemented.

OVERLORD commented

2026-02-04 22:45:57 +03:00

@ssddanbrown commented on GitHub (Jan 5, 2019):

This base issue is now closed via #1119, Ready for the next release.

@ssddanbrown commented on GitHub (Jan 5, 2019): This base issue is now closed via #1119, Ready for the next release.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#895