Permission Question

[wedowhateverwewant]

Attempted Debugging

• I have read the debugging page

Searched GitHub Issues

• I have searched GitHub for the issue.

Describe the Scenario

So I get that you create roles and add members to group, then add that role to the shelves, but then the permissions don't cascade down to the books and chapters and pages unless you do the " copy permission" is there a way to have whatever permission shelve has apply to everything under it to NEW and existing items automatically ? some sort of script or is there an option ?

Exact BookStack Version

v23.06.2

Log Content

No response

PHP Version

No response

Hosting Environment

Docker Compose
Nginx Proxy Manager
Bookstack
SAML2 for SSO

[ssddanbrown]

There's no in-platform automatic way. Open request in #1596.

There is a "Copy Shelf Permission" command which can do this externally from command line (including being scheduled if desired). This can run on all shelves in the system. Just be aware that books on multiple shelves will only get the permissions from one of the shelves (Whichever runs through the process later).

Alternatively, if you have some PHP skills, you could listen to book creation events via the logical theme system then trigger this process upon such events.

[wedowhateverwewant]

okay thanks for the info. however if one edits and makes some changes to php files and afterward theres an update to bookstack does that update erase the past changes ?

[ssddanbrown]

If you're making changes to core app files, then yes, that may conflict with git during update (on a normal install) or be wiped (if in a docker container).

The logical theme system allows customizations outside of core app files, so they run as an extension to the platform.
This may still conflict with updates (if your logic is depending on internal code that's changed) but the changes should persist and they can be toggled off via "toggling off" (removing the option) the theme. They wouldn't stop the updates or be lost in the say way as changing core app files.

[wedowhateverwewant]

okay this makes sense, thanks

[Sulkar]

Hello, thanks for the hint. I managed to achieve the result with the following code in the theme's functions.php.

Theme::listen(ThemeEvents::ACTIVITY_LOGGED, function (string $activityType, $detail) {

    $validTypes = [ActivityType::BOOK_CREATE];
    if (!in_array($activityType, $validTypes)) {
        return;
    }

    if ($detail instanceof Book) {
        $contextBookshelfId = session()->get('context_bookshelf_id', null);
        $shelf = Bookshelf::visible()->find($contextBookshelfId);
        if ($shelf) {
            $shelfPermissions = $shelf->permissions()->get(['role_id', 'view', 'create', 'update', 'delete'])->toArray();
            $detail->permissions()->delete();
            $detail->permissions()->createMany($shelfPermissions);
            $detail->rebuildPermissions();
        }
    }
});