Describe the Bug
When a user who was previously an Admin gets demoted to a non-admin role with "own"-scoped asset permissions (e.g. "View own books"), the content they created as Admin becomes invisible to them. Running php artisan bookstack:regenerate-permissions does not fix the issue.
Root cause: After regenerate-permissions, the joint_permissions table has owner_id = NULL for non-admin roles, even though entities.owned_by and entities.created_by are correctly set to the user's ID. BookStack's permission query grants access via owner_id = <user_id> — with NULL, access is denied despite the user being the owner.
Steps to Reproduce
- User A has the Admin role and creates a book (e.g. entities.owned_by = 1, created_by = 1)
- A new admin account is created
- User A's Admin role is removed and replaced with a non-admin role (e.g. "Editor") with "View own" book permission
- User A can no longer see their own book
- Run php artisan bookstack:regenerate-permissions → does not fix the issue
- Run php artisan cache:clear → does not fix the issue
Expected Behaviour
regenerate-permissions should populate joint_permissions.owner_id from entities.owned_by for all roles, including non-admin roles with "own"-scoped permissions.
Screenshots or Additional Context
Workaround
Creating a dedicated role with "View all" scope for the affected user restores visibility, but is not a clean solution for multi-user setups with strict "own"-scoped isolation.
Browser Details
No response
Exact BookStack Version
v26.03.3
Describe the Bug
When a user who was previously an Admin gets demoted to a non-admin role with "own"-scoped asset permissions (e.g. "View own books"), the content they created as Admin becomes invisible to them. Running php artisan bookstack:regenerate-permissions does not fix the issue.
Root cause: After regenerate-permissions, the joint_permissions table has owner_id = NULL for non-admin roles, even though entities.owned_by and entities.created_by are correctly set to the user's ID. BookStack's permission query grants access via owner_id = <user_id> — with NULL, access is denied despite the user being the owner.
Steps to Reproduce
Expected Behaviour
regenerate-permissions should populate joint_permissions.owner_id from entities.owned_by for all roles, including non-admin roles with "own"-scoped permissions.
Screenshots or Additional Context
Workaround
Creating a dedicated role with "View all" scope for the affected user restores visibility, but is not a clean solution for multi-user setups with strict "own"-scoped isolation.
Browser Details
No response
Exact BookStack Version
v26.03.3