BookStack icon indicating copy to clipboard operation
BookStack copied to clipboard
verified publisher icon BookStackApp

Copy Permissions (to books) only adds permissions, does not remove them

Open BloodyIron opened this issue 1 year ago • 4 comments

Describe the Bug

When saving a permission change on a Shelf I then sometimes hit Copy Permissions (to books on the shelf) below. And when that adds permissions then that is actually applied. However if I remove a permission override (for example if I previously override permissions for the Public role, but now removed those overrides for this shelf) hit save, and then hit Copy Permissions, the removal of those permission overrides is not propagated to books on the shelf.

Steps to Reproduce

Pretty sure I just described how to do this already.

Expected Behaviour

When I hit "Copy Permissions" I expect the permissions on all books on the shelf to precisely match the permissions as set at that time, add/removes, whatever.

Screenshots or Additional Context

No response

Browser Details

No response

Exact BookStack Version

v24.05.2

BloodyIron avatar Jun 13 '24 17:06 BloodyIron

I don't use permissions (bookstack is just a small hobby project for me), but if I were to copy permissions, I would not want it to remove permissions. Suppose I have permissions A, B, C on book 1, and permissions X, Y, Z on book 2. I might be using permissions X, Y, Z on book 2. If I were to copy from book 1, I do not want to lose X, Y, Z, even though those do not exist on book 1.

syh7 avatar Jun 22 '24 16:06 syh7

I don't use permissions (bookstack is just a small hobby project for me), but if I were to copy permissions, I would not want it to remove permissions. Suppose I have permissions A, B, C on book 1, and permissions X, Y, Z on book 2. I might be using permissions X, Y, Z on book 2. If I were to copy from book 1, I do not want to lose X, Y, Z, even though those do not exist on book 1.

Well that may be your preference, but for me, I need absolute certainty that the permission changes I made (including removal/revocation) were applied to the recursive regard that is being applied. I would not want to have to go and audit every single book and other aspect it is applying to just to confirm the revocation happened. There are very good reasons for permissions to be revoked, and I for one would not want too much permissions to be granted in scenarios I don't want them to be granted.

If you, in your case, do not want this functionality, then don't hit the button. But to me, being able to have total confidence that the revocation is applied is very important to me. And as you just said, your use-case is for hobby-scale, I'm talking about any scale, including very busy Bookstack instances where such things matter far more than in the hobby scale.

BloodyIron avatar Jun 23 '24 15:06 BloodyIron

A possibly solution could be a permission set. You could define (in the admin panel) a permission set to contain certain permissions, and then you could select a set to apply to a book/chapter/something. Upon being viewed, a book then checks both its own permissions and the permissions in the set. Any changes in the set would not need to be changed in the books, because the book just refers to the set. Change 1 place, affect multiple places. This way you do not accidentally overwrite book-specific permission while copying permissions from another book.

syh7 avatar Jun 23 '24 15:06 syh7

Sure, that might work. And I would probably want that to be capable of applying to shelves, not just books. But that's not exactly what the original request was about.

BloodyIron avatar Jun 26 '24 21:06 BloodyIron