BookStack icon indicating copy to clipboard operation
BookStack copied to clipboard
verified publisher icon BookStackApp

Feature: Owner of an item can always view them (optional admin setting)

Open Bolthier opened this issue 4 years ago • 4 comments

Describe the feature you'd like With the ability to change ownership of an item I think it would be great to have a safeguard for normal users to set custom permissions for items like shelves, books, chapters and pages without locking themselves out. Right now when you set custom permissions for a group you're not a part of it's no longer possible to change the custom permissions, because you can not view the file.

Because this changes the way existing permissions would be handled maybe it would be a good idea to have it optional in the admin settings.

Describe the benefits this feature would bring to BookStack users Normal users could use the custom permissions more frequently without locking themselves out and not beeing able to see items they have ownership of.

Bolthier avatar Apr 21 '21 12:04 Bolthier

See https://github.com/BookStackApp/BookStack/issues/2903#issuecomment-945172515

MexHigh avatar Oct 17 '21 18:10 MexHigh

I think there must be a better solution here. I'll try to summarize the problem and give an example.

  • As a bookstack administrator of a medium large instance, I want my users to manage rights to their objects.
  • This can be done by using roles. Inevitably a user, who owns an object, will be in a role.
    • Let's organize the users by department - so we have a role "Engineering"
  • A user wants to share important information from within their department, but the department shouldn't be able to edit this information
    • Maybe the user is the specialist for a specific topic in the team
    • This can not be achieved with the described setup.
    • One way to achieve this, would be to make a separate role for the one user. But this won't scale when other users of this department want to share information for their area of ​​expertise
    • It's quite easy for a user to lock himself out this way. And he has no possibility to change the rights, as he can't view the object.
    • This is a frustrating experience for the user and the administrator

I think there are two solutions:

  1. Owners should always have full access to their objects
  2. Owners should be able to configure rights on the user level (this way an owner can grant more rights to his user)

Additionally, these changes could help to help with the issue:

  • Owners should be able to configure object rights, even if they can't view the object itself
  • Replace concept of owners with additional right to edit permissions

cdrfun avatar Dec 18 '24 07:12 cdrfun

I strongly agree to fix this problem. I believe this is definitely a bug but not a feature. The administrator always has full acess whatever the owner set the permission. The owner should definitely also have this ability for its own book/shelve.

im-Kitsch avatar Dec 18 '24 21:12 im-Kitsch

Commenting for visibility. It just should not be possible to lock myself out of my own content.

Should there be a need for extra control here, it should be at a separate Owner permission level that takes priority over content level permissions. The default Owner permissions for new content could then be set using a new role permission e.g. "Edit Owner permissions".

With the way things are right now, creating flexible permission schemes is not possible, and you need to create manager roles to compensate, which only creates complexity and doesn't fully address the problem. This especially affects non-technical users who expect ownership to guarantee access.

rozdun avatar Jun 14 '25 22:06 rozdun