Specific startpage should depend from user rights / role #933

New Issue

Closed

opened 2026-02-04 23:01:20 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-04 23:01:20 +03:00

Owner

Copy Link

Originally created by @ezzra on GitHub (Dec 1, 2018).

When using a "Specific Page" for Application Homepage, even users without any rights can see this page.

I have set a specific page as application homepage and I use it to present my users some useful informations and even important news from time to time. I also have enabled registration, so new team members can register by their own. Because only actual team members should get rights for the wiki, their starting role ("unconfirmed") is without any rights. If I checked the account, I have to confirm their registration and set an actual member role for them.

The problem is, that even with the first standard role "unconfirmed", they can see the starting page with the more or less sensitive informations. And because the registration needs to be open to everyone (I cannot use the domain restrictions), anyone can register and read the content of this starting page.

Thats of course a security issue for me and I chose a workaround, to just put a link on the welcome page to the "actual" welcome page which is not accessible for "unconfirmed". But of course, thats pretty inconvenient.

Aside from that, I would really love to present different welcome pages to different team groups, I guess that would be a big improvement and would even fix this security issue.

Originally created by @ezzra on GitHub (Dec 1, 2018). When using a "Specific Page" for Application Homepage, even users without any rights can see this page. I have set a specific page as application homepage and I use it to present my users some useful informations and even important news from time to time. I also have enabled registration, so new team members can register by their own. Because only actual team members should get rights for the wiki, their starting role ("unconfirmed") is without any rights. If I checked the account, I have to confirm their registration and set an actual member role for them. The problem is, that even with the first standard role "unconfirmed", they can see the starting page with the more or less sensitive informations. And because the registration needs to be open to everyone (I cannot use the domain restrictions), anyone can register and read the content of this starting page. Thats of course a security issue for me and I chose a workaround, to just put a link on the welcome page to the "actual" welcome page which is not accessible for "unconfirmed". But of course, thats pretty inconvenient. Aside from that, I would really love to present different welcome pages to different team groups, I guess that would be a big improvement and would even fix this security issue.

OVERLORD added the 🔨 Feature Request label 2026-02-04 23:01:20 +03:00

OVERLORD closed this issue 2026-02-04 23:01:24 +03:00

OVERLORD commented 2026-02-04 23:01:30 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Nov 8, 2022):

I'm going to go ahead and close this off since it's had relatively little further desire since opening.
If happy to hack, it would be possible to implement something like this using the visual theme system.

@ssddanbrown commented on GitHub (Nov 8, 2022): I'm going to go ahead and close this off since it's had relatively little further desire since opening. If happy to hack, it would be possible to implement something like this using the [visual theme system](https://github.com/BookStackApp/BookStack/blob/development/dev/docs/visual-theme-system.md).

OVERLORD commented 2026-02-04 23:01:34 +03:00

Author

Owner

Copy Link

@crazyyzarc commented on GitHub (Apr 10, 2025):

@ssddanbrown there is still interest on my part. Maybe you can make it simple for now by setting a different landing page for all logged-in users compared to non-logged-in users. With hacks this is also possible?

@crazyyzarc commented on GitHub (Apr 10, 2025): @ssddanbrown there is still interest on my part. Maybe you can make it simple for now by setting a different landing page for all logged-in users compared to non-logged-in users. With hacks this is also possible?

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

further_theme_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

No Label 🔨 Feature Request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#933