search

BookStackApp / BookStack

A platform to create documentation/wiki content built with PHP & Laravel
https://www.bookstackapp.com/
MIT License
14.83k stars 1.86k forks source link

[v23.12.2] Book custom permissions not cascading to chapters and pages #4835

Closed jsarnowski96 closed 7 months ago

jsarnowski96 commented 7 months ago

Describe the Bug

After migrating content between old and new shelves I've received several reports that users are unable to display certain chapters or pages despite cascading shelf permissions to books.

"Inherit defaults" usually helps, but that's not something we want to get into because of more restricted access policy. right now only direct permissions override per chapter/page solves that issue.

Steps to Reproduce

  1. Cascade permissions from shelf
  2. Verify that target role has permissions override set in book
  3. Open up chapter/page permissions and verify that no permissions override has been inherited from book - only Everyone Else is available by default.

Expected Behaviour

Chapter/page permissions should behave the way it is described in BookStack documentation - by auto cascading from book.

Screenshots or Additional Context

image image

Browser Details

No response

Exact BookStack Version

v23.12.2

ssddanbrown commented 7 months ago

Hi @jsarnowski96,

Chapter/page permissions should behave the way it is described in BookStack documentation - by auto cascading from book.

They do auto-cascade from books to chapters (and chapters to pages), but they don't appear in the permissions view for that specific item (Since they're not permissions specifically set on that item).

jsarnowski96 commented 7 months ago

@ssddanbrown ok, I'd like to clear things up here - "inherit defaults" means that chapter/page gets the permissions set on book level and not that any role with global "View All" permission, not specified in override section, will suddenly gain access to that content?

by global I mean this: image

ssddanbrown commented 7 months ago

"inherit defaults" means that chapter/page gets the permissions set on book level and not that any role with global "View All" permission, not specified in override section, will suddenly gain access to that content?

"inherit defaults" will accept the permissions from the parent (and/or grandparent if the parent is inheriting) if set, and the role permissions if none of the parents have disabled inheritance. Combination of permissions follows the "Advanced Permission Logic" section on this page: https://www.bookstackapp.com/docs/user/roles-and-permissions/#advanced-permission-logic

jsarnowski96 commented 7 months ago

@ssddanbrown so only if both shelf and book had this setting ticked off AND no permission override set, chapters and pages would be available to any role having global view own/all permission?

ssddanbrown commented 7 months ago

so only if both shelf and book had this setting ticked off AND no permission override set, chapters and pages would be available to any role having global view own/all permission?

Shelf permissions don't come into play here, since they don't auto-cascade (Only copied to books on demand).

If the "Everyone Else" > "inherit defaults" is unchecked on a book, with no other role permissions added, and child chapter/page left inheriting with no other permissions configured, then the book and all pages/chapters within would only be visible to those assigned to the default admin role.

jsarnowski96 commented 7 months ago

@ssddanbrown great, that's exactly what I wanted to achieve. thanks a lot, in that case I'll close this issue