BookStack icon indicating copy to clipboard operation
BookStack copied to clipboard

Published 20 hours ago verified publisher icon BookStackApp

Ability to turn off "Books on multiple shelves" feature

Open BloodyIron opened this issue 3 years ago • 1 comments

Describe the feature you'd like

From a security perspective, it is concerning to me that Books can exist on multiple shelves, and I think it would be nice to have this feature turned off.

There are times where sensitive information needs to exist only one one shelf (for example, the IT Security shelf) and the ability to conclusively block books from being visible from other Shelves with different permissions is desirable.

It would be nice to be able to disable this feature system-wide so that it doesn't get intentionally/accidentally used and lead to security problems that can be challenging to prove exist.

Describe the benefits this would bring to existing BookStack users

Add certainty as to where the content exists and who has access to it, such that it can satisfy conclusively IT Security concerns (where needed).

Can the goal of this request already be achieved via other means?

Not that I am aware of.

Have you searched for an existing open/closed issue?

  • [X] I have searched for existing issues and none cover my fundemental request

How long have you been using BookStack?

Not using yet, just scoping

Additional context

No response

BloodyIron avatar Aug 25 '22 21:08 BloodyIron

Thanks for the request @BloodyIron.

Personally, I would not be keen to implement this due to the conditional complexity this would introduce. Additionally, the described benefits details the satisfaction of a specific IT team, which in reality is subjective and often business-case specific.

There are some alternatives to achieving this:

  • You could simply not use shelves, via removing shelve permissions from all users.
  • You could limit permission management capability to very few trusted people, and train them to never copy down shelf permissions to books.

As a less intrusive option implementation idea for addressing the problematic scenario:

  • Prevention/Disabling of the ability to copy shelf permissions to books.

ssddanbrown avatar Aug 28 '22 11:08 ssddanbrown

I'm going to proceed and close this off due to my reasoning provided above, and due to not wanting to introduce diverging functionality for core structural systems.

ssddanbrown avatar Nov 10 '22 16:11 ssddanbrown