# Theme System # Anzeige der Revisionen in einem PDF Export

getestet mit Version **24.02**

## Anforderung Um die Revisionen und ggfs. den Changelog in einem PDF Export ganz zum Schluss anzeigen lassen zu können sind einige Anpassungen nötig. Zuerst habe ich dafür einen zusätzlichen Link in das Export-Menü eingebaut um einmal eine Version ohne Revisionen und eine mit Revisionen exportieren zu können. ## betroffene Dateien

Dateien müssen sich in der entsprechenden Struktur unterhalb des Themes befinden. Ordner = *kursiv* Dateien = **fett**

- *entities* - **export-menu.blade.php** - *exports* - *parts* - **revisions-index-row-compact.blade.php** - **page.blade.php** ## Inhalte der Dateien

export-menu.blade.php

Hier wurde ein weiterer Link in **Zeile 6** eingefügt, der mittels GET den Wert `history=true` übergibt. Diese GET Variable kann dann später abgefragt werden. ```html [...] [...] ```

revisions-index-row-compact.blade.php

Ich habe in dem Ordner eine weitere Datei angelegt und mit folgendem Inhalt gefüllt: ```html {{ $revision->created_at->isoFormat('D MMMM Y') }} {{ $revision->revision_number == 0 ? '' : $revision->revision_number }} @if($revision->createdBy) {{ $revision->createdBy->name }} @else {{ trans('common.deleted_user') }} @endif {{ $revision->summary }} ```

page.blade.php

In dieser Datei habe ich an das Ende der Seite folgenden Code eingefügt und die alte Meta Ansicht deaktiviert. Der geänderte Code beginnt in **Zeile 7** (in diesem Codeschnipsel). ```html [...]

{!! $page->renderedHTML ?? $page->html !!} @if(request()->query('history'))

Dokumentenhistorie

@if(count($page->revisions) > 0) @foreach($page->revisions as $index => $revision) @include('exports.parts.revisions-index-row-compact', ['revision' => $revision, 'current' => $page->revision_count === $revision->revision_number]) @endforeach @else

@endif

Datum	Version	Autor	Anmerkungen

@endif @endsection ``` Der Codeabschnitt kann auch an jeder anderen Stelle hinterlegt werden, für mich hat es aber am Ende des Dokuments den meisten Sinn gemacht.

Ich habe bei den Anpassungen auf Übersetzungen verzichtet, das würde sich aber problemlos ändern lassen. ## Screenshots [![image.png](https://bookstack.jelinek-rz.de/uploads/images/gallery/2024-04/scaled-1680-/nsfimage.png)](https://bookstack.jelinek-rz.de/uploads/images/gallery/2024-04/nsfimage.png) # URL mit Mausklick kopieren

getestet mit Version **24.02**

## Anforderung Wenn man Bookstack als PWA nutzt ist es nur umständlich möglich, die URL zu kopieren wenn man diese jemandem schicken möchte. ## betroffene Dateien

Dateien müssen sich in der entsprechenden Struktur unterhalb des Themes befinden. Ordner = *kursiv* Dateien = **fett**

- *entities* - **share-link.blade.php** - *shelves* - **show.blade.php** - *books* - **show.blade.php** - *chapters* - **show.blade.php** - *page* - **show.blade.php** ## Inhalte der Dateien

show.blade.php (gleich für jede Datei)

Hier wurde die Zeile 10 hinzugefügt (Zeilennummer nur für diesen Ausschnitt) ```html @if($watchOptions->canWatch() && !$watchOptions->isWatching()) @include('entities.watch-action', ['entity' => $page]) @endif @if(user()->hasAppAccess()) @include('entities.favourite-action', ['entity' => $page]) @endif @if(userCan('content-export')) @include('entities.export-menu', ['entity' => $page]) @endif @include('entities.share-link', ['entity' => $page]) @stop ```

## Screenshots [![image.png](https://bookstack.jelinek-rz.de/uploads/images/gallery/2024-04/scaled-1680-/fUFimage.png)](https://bookstack.jelinek-rz.de/uploads/images/gallery/2024-04/fUFimage.png) # tabellarische Darstellung der Tags in einem PDF Export

getestet mit Version **24.02**

## Anforderung Für diverse Zertifizierungsdokument wird ein "Dokumentenheader" benötigt. Da ich die Informationen in Tags versteckt habe lasse ich diese einfach als Tabelle bei einem PDF Export darstellen. ## betroffene Dateien

Dateien müssen sich in der entsprechenden Struktur unterhalb des Themes befinden. Ordner = *kursiv* Dateien = **fett**

- *exports* - *parts* - **tag-export-table.blade.php** - **page.blade.php** ## Inhalte der Dateien

page.blade.php

An der gewünschten Stelle muss folgender Code eingefügt werden: ```php @if($page->tags->count() > 0)

Dokumenteninformationen

@foreach($page->tags as $tag) @include('exports.parts.tag-export-table', ['tag' => $tag]) @endforeach

@endif ```

## Screenshots [![image.png](https://bookstack.jelinek-rz.de/uploads/images/gallery/2024-04/scaled-1680-/d7Limage.png)](https://bookstack.jelinek-rz.de/uploads/images/gallery/2024-04/d7Limage.png) # PDF Export mit QR-Code

getestet mit Version **24.02**

## Anforderung Ich wollte gerne die Möglichkeit haben, exportierte Daten einfach wieder in der digitalen Welt zu finden. Was ist dazu besser geeignet als ein **QR-Code**. ## betroffene Dateien

Dateien müssen sich in der entsprechenden Struktur unterhalb des Themes befinden. Ordner = *kursiv* Dateien = **fett**

- *layouts* - *parts* - **export-body-start.blade.php** - *entities* - **export-menu.blade.php** ## Inhalte der Dateien

export-body-start.blade.php

Vor dem ersten `div`-Container muss hier folgendes eingetragen werden: ``` @inject('totp', 'BookStack\Access\Mfa\TotpService') @php $qrCode = $totp->generateQrCodeSvg($page->getUrl()); $imgStr = 'data:image/svg+xml;base64,' . base64_encode($qrCode); @endphp ``` Im Anschluss kann an einer beliebigen Stelle das Bild an die PDF übergeben werden. Dazu muss folgender Abschnitt hinzugefügt werden: ```php @if(request()->query('qr'))

@endif ```

export-menu.blade.php

Hier muss nun einfach nach der Zeile gesucht werden mit dem Inhalt `/export/pdf`. Danach die Zeile kopieren und den String ?qr=true anhängen an die selbe Stelle. Es sollte dann wie folgt aussehen: ```html ``` In diesem Ausschnitt ist in Zeile 4 der neue Export Link hinzugefügt.

## Screenshots [![image.png](https://bookstack.jelinek-rz.de/uploads/images/gallery/2024-06/scaled-1680-/image.png)](https://bookstack.jelinek-rz.de/uploads/images/gallery/2024-06/image.png) # PDF Export anpassen mit Header und Footer

getestet mit Version **25.07**

## Anforderung Die Standard-PDF Seite ist nicht wirklich ansprechend, also werden hier Header und Footer sowie Seitenzahlen eingefügt. ## betroffene Dateien

Dateien müssen sich in der entsprechenden Struktur unterhalb des Themes befinden. Ordner = *kursiv* Dateien = **fett**

- *layouts* - *parts* - **export-body-start.blade.php** ## Inhalte der Dateien

export-body-start.blade.php

Die Datei muss am Ende wie folgt aussehen: ```html @if ($format === 'pdf')

@endif ```

# News-Seite / schwarzes Brett

getestet mit Version 24.12

## Anforderung Zum Abbilden der Funktion eines schwarzen Bretts bzw. einer News-Seite um aktuelle Infos anzuzeigen. ## betroffene Dateien

Dateien müssen sich in der entsprechenden Struktur unterhalb des Themes befinden. Ordner = *kursiv* Dateien = **fett**

- *home* - **specific-page.blade.php** ## Inhalte der Dateien

specific-page.blade.php

Innerhalb der `section('left')` oder `section('right')`, je nach Präferenz, muss folgender `

`-Block eingefügt werden: ```html

@php $newsBookId = 34; $newsItems = \BookStack\Entities\Models\Page::visible() ->where('book_id', $newsBookId) ->orderBy('created_at', 'desc') ->take(7) ->get(); @endphp

@include('entities.list', [ 'entities' => $newsItems, 'style' => 'compact', ])

``` die ID für das Buch welches hier genutzt werden soll lässt sich einfach herausfinden, in dem ein Buch öffnet und dann die Entwicklertools startet (`F12`). Hier sucht man dann nach folgendem Begriff: `option:entity-search:entity-id` Direkt dahinter steht die ID des Buches, welches dann in der Anpassung hinterlegt werden muss.

## Screenshots [![image.png](https://bookstack.jelinek-rz.de/uploads/images/gallery/2025-01/scaled-1680-/image.png)](https://bookstack.jelinek-rz.de/uploads/images/gallery/2025-01/image.png) # Regale zu denen ein Buch gehört anzeigen

getestet mit Version **25.02**

## Anforderung Ich wollte sehen in welchen Regalen ein Buch steht, da ein Buch in mehreren Regalen stehen kann und weil die Brotkrumen Navigation das Regal nicht anzeigt wenn man nicht das Buch z.B. über die Suche öffnet. ## betroffene Dateien

Dateien müssen sich in der entsprechenden Struktur unterhalb des Themes befinden. Ordner = *kursiv* Dateien = **fett**

- *books* - **show.blade.oph** ## Inhalte der Dateien ## Screenshots [![image.png](https://bookstack.jelinek-rz.de/uploads/images/gallery/2025-03/scaled-1680-/image.png)](https://bookstack.jelinek-rz.de/uploads/images/gallery/2025-03/image.png) # BookStack Page Lock & PIN Protection

getestet mit Version **25.12.2**

## Quelle [https://github.com/Rockyroad1827/Bookstacks-Password-Protect-Page-Hack](https://github.com/Rockyroad1827/Bookstacks-Password-Protect-Page-Hack)

originale Anleitung

# BookStack Page Lock & PIN Protection

[](https://github.com/Rockyroad1827/Bookstacks-Password-Protect-Page-Hack/tree/main#bookstack-page-lock--pin-protection)

[![BookStack](https://camo.githubusercontent.com/d3a8965b17311941c3f7cfe16ab847b9b12304d5de0fee658881c9c313afcf1a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f426f6f6b537461636b2d4164646f6e2d3032383844313f7374796c653d666c61742d737175617265266c6f676f3d626f6f6b737461636b266c6f676f436f6c6f723d7768697465)](https://camo.githubusercontent.com/d3a8965b17311941c3f7cfe16ab847b9b12304d5de0fee658881c9c313afcf1a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f426f6f6b537461636b2d4164646f6e2d3032383844313f7374796c653d666c61742d737175617265266c6f676f3d626f6f6b737461636b266c6f676f436f6c6f723d7768697465) [![BookStack Version](https://camo.githubusercontent.com/3b55e116c1f17c7a6a5adfcae56701e8a548a32375c7d71fd303a3c01fa5a808/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f426f6f6b537461636b2d7632352e31322e322d6c69676874626c75653f7374796c653d666c61742d737175617265266c6f676f3d626f6f6b737461636b266c6f676f436f6c6f723d7768697465)](https://camo.githubusercontent.com/3b55e116c1f17c7a6a5adfcae56701e8a548a32375c7d71fd303a3c01fa5a808/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f426f6f6b537461636b2d7632352e31322e322d6c69676874626c75653f7374796c653d666c61742d737175617265266c6f676f3d626f6f6b737461636b266c6f676f436f6c6f723d7768697465) [![PHP](https://camo.githubusercontent.com/423698a15c259fe99627b4ab8328a052b729761f9c4b01dafc58b699b85f352b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e302532422d3737374242343f7374796c653d666c61742d737175617265266c6f676f3d706870266c6f676f436f6c6f723d7768697465)](https://camo.githubusercontent.com/423698a15c259fe99627b4ab8328a052b729761f9c4b01dafc58b699b85f352b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e302532422d3737374242343f7374796c653d666c61742d737175617265266c6f676f3d706870266c6f676f436f6c6f723d7768697465) [![Security](https://camo.githubusercontent.com/15401b22d514eddee1fa7ed2ef094a829e01d49af6ce51b7edfb3401f81799a4/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f53656375726974792d50494e5f4c6f636b2d637269746963616c3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/15401b22d514eddee1fa7ed2ef094a829e01d49af6ce51b7edfb3401f81799a4/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f53656375726974792d50494e5f4c6f636b2d637269746963616c3f7374796c653d666c61742d737175617265) [![License](https://camo.githubusercontent.com/422db9fd40f5831c765cf6530b6750c081b696bd18d904cf89554df98c676277/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/422db9fd40f5831c765cf6530b6750c081b696bd18d904cf89554df98c676277/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e3f7374796c653d666c61742d737175617265) A lightweight, PIN-based protection layer for [BookStack](https://www.bookstackapp.com/). This modification allows administrators to "lock" specific pages behind a custom PIN or a global Master PIN, effectively hiding the content until the correct code is entered. --- ## Features

[](https://github.com/Rockyroad1827/Bookstacks-Password-Protect-Page-Hack/tree/main#features)

- **Per-Page Locking:** Secure specific pages without altering global role permissions. - **Dual PIN Modes:** Pages can use a specific "Custom Password" or fall back to a global "Master PIN" defined in your `.env` file. - **Native UI Integration:** Controls are embedded directly into the Page "Permissions" view. - **Visual Indicators:** Automatically adds a lock symbol (🔒) to page titles and status indicators in the UI. - **Search & Preview Scrubbing:** Prevents protected content from leaking into search results or list previews by clearing preview text for protected items. - **CLI Management Tool:** Includes a terminal script to manage locks, update passwords, and remove protections. --- ## Installation

[](https://github.com/Rockyroad1827/Bookstacks-Password-Protect-Page-Hack/tree/main#installation)

### 1. File Placement

[](https://github.com/Rockyroad1827/Bookstacks-Password-Protect-Page-Hack/tree/main#1-file-placement)

This guide assumes you are using the [BookStack Logical Theme System](https://www.bookstackapp.com/docs/admin/themes/). Replace `themes/my-theme/` with your actual theme folder.

Component	Source File	Destination	Description
Logic	`functions.php`	`themes/my-theme/functions.php`	Handles backend interception and PIN validation.
Footer	`footer.blade.php`	`themes/my-theme/layouts/parts/footer.blade.php`	Handles JS visual scrubbing of tags.
UI	`entity-permissions.blade.php`	`themes/my-theme/form/entity-permissions.blade.php`	Adds the lock interface to the permissions page.
CLI Tool	`ManageLocksCommand.php`	`themes/my-theme/app/Console/Commands/ManageLocksCommand.php`	sudo php artisan bookstack:manage-locks. Admin tool for managing locks.

### 2. Configuration

[](https://github.com/Rockyroad1827/Bookstacks-Password-Protect-Page-Hack/tree/main#2-configuration)

Open your BookStack `.env` file and add a Master PIN. This is used if a page is locked but no custom password is set. ``` # .env SECURE_PAGE_PIN=123456 ```

### 3. Usage: Web Interface

[](https://github.com/Rockyroad1827/Bookstacks-Password-Protect-Page-Hack/tree/main#3-usage-web-interface)

- Navigate to the page you wish to protect. - Click Permissions in the sidebar. - Scroll down to the PIN Protection card. - Enter a Custom Password (optional) and click Enable Lock. Warning If you leave the password blank, the page will require the SECURE\_PAGE\_PIN defined in your .env. The page title will automatically update to include "🔒" to indicate its protected status. ### 4. Parent Deletion

[](https://github.com/Rockyroad1827/Bookstacks-Password-Protect-Page-Hack/tree/main#4-parent-deletion)

Users will be asked to Unlock, Move or delete locked pages before parents can be deleted (Shelf, Book, Chapter). This is to stop abuse of admin permissions if they haven't got access to the Locked file. It also goes under the prosumption that the file is locked for an important reason stopping loss of important data ### 5. Usage: CLI Tool

[](https://github.com/Rockyroad1827/Bookstacks-Password-Protect-Page-Hack/tree/main#5-usage-cli-tool)

You can manage locks directly from the terminal using `php artisan bookstack:manage-locks`. This is useful for auditing protected pages, resetting forgotten PINs, or bulk unlocking content. How to run it Open your terminal and navigate to your BookStack root directory (e.g., /var/www/bookstack). Run the script using PHP: ``` php artisan bookstack:manage-locks ```

Note When you run the command, you will see a list of all currently protected pages: ``` 🔒 BookStack Secure Page Manager ================================ ID | Page Title | Current Password ---------------------------------------------------------------------- [1] | Server Access Codes 🔒 | [Master PIN] [2] | HR Confidential 🔒 | secret123 ---------------------------------------------------------------------- Current .env Master PIN: **** ```

``` Enter Page ID to edit, "M" to Change Master PIN, or press Enter to exit: To Edit a Lock: Type the ID number (e.g., 2) and press Enter. ```

The command will show the current status and ask for a new password. ``` Selected: HR Confidential 🔒 Current Password: secret123 Enter NEW password (leave empty to use Master PIN, or type 'DELETE' to unlock): Options: ```

Type a new password: Updates the lock to the new code. Press `Enter` (Empty): Sets the page to use the global Master PIN. Type `DELETE`: Removes the lock entirely and makes the page public again. ``` To Edit the master pin: Type "M" and follow the prompts ```

**Full Changelog**: [https://github.com/Rockyroad1827/Bookstacks-Password-Protect-Page-Hack/commits/Bookstack-Hack](https://github.com/Rockyroad1827/Bookstacks-Password-Protect-Page-Hack/commits/Bookstack-Hack)

## Anforderung lightweight, PIN-based protection layer for [BookStack](https://www.bookstackapp.com/). This modification allows administrators to "lock" specific pages behind a custom PIN or a global Master PIN, effectively hiding the content until the correct code is entered. ### Features - **Per-Page Locking:** Secure specific pages without altering global role permissions. - **Dual PIN Modes:** Pages can use a specific "Custom Password" or fall back to a global "Master PIN" defined in your `.env` file. - **Native UI Integration:** Controls are embedded directly into the Page "Permissions" view. - **Visual Indicators:** Automatically adds a lock symbol (🔒) to page titles and status indicators in the UI. - **Search & Preview Scrubbing:** Prevents protected content from leaking into search results or list previews by clearing preview text for protected items. - **CLI Management Tool:** Includes a terminal script to manage locks, update passwords, and remove protections. ## betroffene Dateien

Dateien müssen sich in der entsprechenden Struktur unterhalb des Themes befinden. Ordner = *kursiv* Dateien = **fett**

- **functions.php** - *layouts* - *parts* - **footer.blade.php** - *form* - **entity-permissions.blade.php** - *app* - *Console* - *Commands* - **ManageLocksCommand.php** ## Inhalte der Dateien

ManageLocksCommand.php

```php info("🔒 BookStack Secure Page Manager"); $this->info("================================"); // Fetch Protected Pages $protectedPages = Page::whereHas('tags', function ($query) { $query->where('name', 'Protected'); })->get(); if ($protectedPages->isEmpty()) { $this->warn("No protected pages found."); } // Build Table Data $headers = ['ID', 'Page Title', 'Current Password']; $rows = []; $map = []; foreach ($protectedPages as $page) { $tag = $page->tags->where('name', 'Protected')->first(); $currentPass = $tag->value ? $tag->value : "[Master PIN]"; $rows[] = [ $page->id, $page->name, $currentPass ]; // Map ID to Page Object for easy lookup $map[$page->id] = $page; } $this->table($headers, $rows); $this->line("Current .env Master PIN: " . env('SECURE_PAGE_PIN', '(Not Set)') . ""); $this->line(""); // Interactive Selection $choice = $this->ask('Enter Page ID to edit, "M" to Change Master PIN, or press Enter to exit'); // --- OPTION M: CHANGE MASTER PIN --- if (strtoupper($choice) === 'M') { return $this->changeMasterPin($protectedPages); } // --- OPTION: EXIT --- if (!$choice || !isset($map[$choice])) { $this->info("Exiting."); return 0; } // --- OPTION: EDIT SINGLE PAGE --- $selectedPage = $map[$choice]; $currentTag = $selectedPage->tags->where('name', 'Protected')->first(); $this->line(""); $this->info("Selected: {$selectedPage->name}"); $this->line("Current Password: " . ($currentTag->value ?: "Master PIN")); // Update Logic $newPass = $this->ask("Enter NEW password (leave empty for Master PIN, or type 'DELETE' to unlock)"); if ($newPass === 'DELETE') { // Remove the protection tag $currentTag->delete(); // Remove the Lock Symbol from the Page Title $lockSymbol = '🔒'; if (strpos($selectedPage->name, $lockSymbol) !== false) { $selectedPage->name = trim(str_replace($lockSymbol, '', $selectedPage->name)); $selectedPage->save(); $this->info("✅ Lock symbol removed from page title."); } $this->info("✅ Protection REMOVED from page."); } else { $currentTag->value = $newPass; $currentTag->save(); $status = empty($newPass) ? "Master PIN" : $newPass; $this->info("✅ Password updated to: {$status}"); } return 0; } /** * Handle the Master PIN update logic */ protected function changeMasterPin($allProtectedPages) { $this->info("\n--- UPDATING MASTER PIN ---"); // Capture the OLD Master PIN (from loaded env) before we change it $oldMasterPin = env('SECURE_PAGE_PIN'); $newPin = $this->ask("Enter the NEW Master PIN"); if (empty($newPin)) { $this->error("PIN cannot be empty."); return 1; } if (!$this->confirm("Are you sure you want to change the Master PIN to '{$newPin}'?")) { $this->info("Operation cancelled."); return 0; } // Update .env File $envPath = base_path('.env'); if (File::exists($envPath)) { $content = File::get($envPath); $key = 'SECURE_PAGE_PIN'; if (strpos($content, "$key=") !== false) { // Replace existing key $content = preg_replace("/^{$key}=.*/m", "{$key}={$newPin}", $content); } else { // Append new key $content .= "\n{$key}={$newPin}"; } File::put($envPath, $content); $this->info("✅ Updated .env file."); } else { $this->error("Could not find .env file at: $envPath"); return 1; } // Update Relevant Pages (Explicit + Implicit) $explicitUpdates = 0; $totalUpdated = 0; foreach ($allProtectedPages as $page) { $tag = $page->tags()->where('name', 'Protected')->first(); if ($tag) { $val = $tag->value; // Explicitly using the OLD Master PIN -> Update DB to New PIN if (!empty($val) && $val == $oldMasterPin) { $tag->value = $newPin; $tag->save(); $explicitUpdates++; $totalUpdated++; } // Implicitly using Master PIN (empty value) -> Inherits New PIN automatically elseif (empty($val)) { $totalUpdated++; } // Custom Password -> Ignored } } if ($explicitUpdates > 0) { $this->comment("ℹ️ Database updated for {$explicitUpdates} pages that explicitly used the old PIN."); } // Clear Config Cache $this->call('config:clear'); // Final Summary $this->info("✅ Updated {$totalUpdated} total pages."); return 0; } } ```

functions.php

```php Timestamp ] $unlockedPages = Session::get('secure_unlocked_pages', []); // Check if this ID exists and the timestamp is in the future if (isset($unlockedPages[$pageId]) && $unlockedPages[$pageId] > time()) { return true; } return false; } } // -------------------------------------------------------------------------------- // HELPER: GET REQUIRED PIN // -------------------------------------------------------------------------------- if (!function_exists('getSecurePagePin')) { function getSecurePagePin($page) { $tag = $page->tags()->where('name', 'Protected')->first(); if (!$tag) return null; return !empty($tag->value) ? $tag->value : env('SECURE_PAGE_PIN'); } } // -------------------------------------------------------------------------------- // EXPORT INTERCEPTOR (PDF, HTML, TXT, MD, ZIP) // -------------------------------------------------------------------------------- // Listens for ANY route that matches. If the URL contains '/export/', we verify access. Event::listen(RouteMatched::class, function (RouteMatched $event) { $request = request(); $path = $request->path(); // Check if this is an export URL if (strpos($path, '/export/') !== false) { // Try to find the Page Slug in the route parameters // BookStack usually names this parameter 'pageSlug' or 'page' $slug = $event->route->parameter('pageSlug'); if ($slug) { // Find the page in the DB $page = Page::where('slug', $slug)->first(); // Check if Page exists, is Protected, and is NOT unlocked if ($page && $page->tags()->where('name', 'Protected')->exists()) { if (!isPageUnlocked($page->id)) { // Block Download & Redirect to Lock Screen // We attach the CURRENT export URL as the "redirect_after_unlock" target. // Once unlocked, the user will be bounced right back here to start the download. $currentExportUrl = $request->fullUrl(); $lockScreenUrl = $page->getUrl() . '?redirect_after_unlock=' . urlencode($currentExportUrl); header("Location: " . $lockScreenUrl); exit(); } } } } }); // -------------------------------------------------------------------------------- // BACKEND ROUTES (PIN LOGIC) // -------------------------------------------------------------------------------- if (!app()->routesAreCached()) { // Check PIN Route::post('/secure-pin-check', function () { $input = request()->input('pin_code'); $pageId = request()->input('page_id'); $redirect = request()->input('redirect_to', '/'); $targetPin = env('SECURE_PAGE_PIN'); if ($pageId) { $page = Page::find($pageId); if ($page) { $targetPin = getSecurePagePin($page); } } if ($input && $targetPin && (string)$input === (string)$targetPin) { $unlockedPages = Session::get('secure_unlocked_pages', []); $unlockedPages[$pageId] = time() + 5; Session::put('secure_unlocked_pages', $unlockedPages); Session::save(); return redirect($redirect); } return redirect($redirect)->with('pin_error', 'Invalid Access Code'); })->middleware('web'); // Enable Lock & Add Emoji Route::post('/secure-lock-page', function () { $pageId = request()->input('page_id'); $customPass = request()->input('custom_password'); $redirectUrl = request()->input('redirect_to', '/'); $page = Page::find($pageId); if ($page && userCan('page-update', $page)) { // 1. Add Tag if (!$page->tags()->where('name', 'Protected')->exists()) { $page->tags()->create(['name' => 'Protected', 'value' => $customPass]); // 2. Add Lock Emoji to Title if (strpos($page->name, '🔒') === false) { $page->name = trim($page->name) . ' 🔒'; $page->save(); } Session::flash('success', 'PIN protection enabled.'); } } return redirect($redirectUrl); })->middleware('web'); // Disable Lock & Remove Emoji Route::post('/secure-unlock-page', function () { $pageId = request()->input('page_id'); $redirectUrl = request()->input('redirect_to', '/'); $page = Page::find($pageId); if ($page && userCan('page-update', $page)) { $tag = $page->tags()->where('name', 'Protected')->first(); if ($tag) { // 1. Remove Tag $tag->delete(); // 2. Remove Lock Emoji from Title if (strpos($page->name, '🔒') !== false) { $page->name = trim(str_replace('🔒', '', $page->name)); $page->save(); } Session::flash('success', 'PIN protection removed.'); } } return redirect($redirectUrl); })->middleware('web'); } // -------------------------------------------------------------------------------- // LOCK SCREEN GENERATOR // -------------------------------------------------------------------------------- if (!function_exists('renderSecureLockScreen')) { function renderSecureLockScreen($title = 'Protected Content', $pageId = null) { $errorHtml = Session::has('pin_error') ? '

' . Session::get('pin_error') . '

' : ''; $pageIdInput = $pageId ? '' : ''; // Detect Redirect Intent $targetRedirect = request()->get('redirect_after_unlock'); if (!$targetRedirect) { $targetRedirect = request()->fullUrl(); } return '

' . $title . '

This page is password protected.

' . $errorHtml . '

'; } } // -------------------------------------------------------------------------------- // VIEW INTERCEPTOR: SHOW PAGE (Main Content) // -------------------------------------------------------------------------------- View::composer(['pages.show'], function ($view) { $data = $view->getData(); if (!isset($data['page'])) return; $page = $data['page']; if ($page->tags()->where('name', 'Protected')->exists() && !isPageUnlocked($page->id)) { $page->html = renderSecureLockScreen("Protected Content", $page->id); } }); // -------------------------------------------------------------------------------- // VIEW INTERCEPTOR: ACTIONS (Edit, Copy, Move, etc.) // -------------------------------------------------------------------------------- View::composer([ 'pages.edit', 'pages.move', 'pages.revisions', 'pages.delete', 'pages.copy', 'form.entity-permissions' ], function ($view) { $data = $view->getData(); $page = $data['page'] ?? $data['model'] ?? null; if ($page instanceof \BookStack\Entities\Models\Page) { if ($page->tags()->where('name', 'Protected')->exists() && !isPageUnlocked($page->id)) { $currentActionUrl = request()->fullUrl(); $redirectUrl = $page->getUrl() . '?redirect_after_unlock=' . urlencode($currentActionUrl); header("Location: " . $redirectUrl); exit(); } } }); // -------------------------------------------------------------------------------- // LIST VIEW SCRUBBER // -------------------------------------------------------------------------------- View::composer([ 'partials.entity-list-item', 'partials.page-list-item', 'partials.book-content-list-item' ], function ($view) { $data = $view->getData(); $entity = $data['entity'] ?? $data['page'] ?? null; if ($entity && isset($entity->tags)) { $hasProtectedTag = $entity->tags->contains(function($tag) { return strtolower($tag->name) === 'protected'; }); if ($hasProtectedTag) { $entity->text = ''; $entity->html = ''; $entity->preview_html = ''; } $entity->tags = $entity->tags->filter(function($tag) { return strtolower($tag->name) !== 'protected'; }); } }); // -------------------------------------------------------------------------------- // REGISTER CUSTOM ARTISAN COMMAND // -------------------------------------------------------------------------------- if (app()->runningInConsole()) { // 1. Manually load the class file $commandFile = __DIR__ . '/app/Console/Commands/ManageLocksCommand.php'; if (file_exists($commandFile)) { require_once $commandFile; // 2. Register the command with Laravel // FIX: Use the concrete Application class instead of the Artisan facade \Illuminate\Console\Application::starting(function ($artisan) { $artisan->resolveCommands([\BookStack\Console\Commands\ManageLocksCommand::class]); }); } } // -------------------------------------------------------------------------------- // PARENT DELETION BLOCKER (Shelves, Books, Chapters) // -------------------------------------------------------------------------------- // Prevents deletion if the entity contains any "Protected" pages. View::composer(['shelves.delete', 'books.delete', 'chapters.delete'], function ($view) { $data = $view->getData(); $entity = null; $protectedCount = 0; // Identify Entity Type and Count Protected Children if (isset($data['shelf'])) { $entity = $data['shelf']; foreach ($entity->books as $book) { $protectedCount += $book->pages()->whereHas('tags', function($q){ $q->where('name', 'Protected'); })->count(); } } elseif (isset($data['book'])) { $entity = $data['book']; $protectedCount = $entity->pages()->whereHas('tags', function($q){ $q->where('name', 'Protected'); })->count(); } elseif (isset($data['chapter'])) { $entity = $data['chapter']; $protectedCount = $entity->pages()->whereHas('tags', function($q){ $q->where('name', 'Protected'); })->count(); } // If protected content is found, block access if ($entity && $protectedCount > 0) { // FLASH A SPECIAL SESSION KEY TO TRIGGER THE POPUP Session::flash('protected_deletion_blocked', $protectedCount); // CRITICAL FIX: Force Laravel to write the session before we exit Session::save(); // Redirect back to the entity page header("Location: " . $entity->getUrl()); exit(); } }); ```

footer.blade.php

```php {{-- DELETION BLOCKED MODAL --}} @if(session()->has('protected_deletion_blocked')) @endif

```

entity-permissions.blade.php

```php tags()->where('name', 'Protected')->first(); $isProtected = !is_null($tag); $hasCustomPass = $isProtected && !empty($tag->value); } ?> {{-- MAIN PERMISSIONS FORM --}}

{!! csrf_field() !!}

{{ trans('entities.permissions_desc') }} @if($model instanceof \BookStack\Entities\Models\Book)
{{ trans('entities.permissions_book_cascade') }} @elseif($model instanceof \BookStack\Entities\Models\Chapter)
{{ trans('entities.permissions_chapter_cascade') }} @endif

{{-- WARNINGS --}} @if($model instanceof \BookStack\Entities\Models\Bookshelf)

@endif

{{ trans('entities.permissions_owner') }} @include('form.user-select', ['user' => $model->ownedBy, 'name' => 'owned_by'])

@foreach($data->permissionsWithRoles() as $permission) @include('form.entity-permissions-row', [ 'permission' => $permission, 'role' => $permission->role, 'entityType' => $model->getType(), 'inheriting' => false, ]) @endforeach

@include('form.entity-permissions-row', [ 'role' => $data->everyoneElseRole(), 'permission' => $data->everyoneElseEntityPermission(), 'entityType' => $model->getType(), 'inheriting' => !$model->permissions()->where('role_id', '=', 0)->exists(), ])

{{-- NATIVE-STYLE PIN CONTROL --}} @if($model instanceof \BookStack\Entities\Models\Page)

@if($isProtected) @icon('lock') PIN Protection Active @else @icon('lock-open') PIN Protection Inactive @endif

@if($isProtected) This page is locked. @if($hasCustomPass) (Using Custom Password) @else (Using Master PIN) @endif @else Restrict access to this page with a password. @endif

@if($isProtected) {{-- UNLOCK BUTTON --}}

@else {{-- LOCK FORM with Input --}}

@endif

@endif {{-- END PIN CONTROL --}}

@if($model instanceof \BookStack\Entities\Models\Bookshelf)

* {{ trans('entities.shelves_permissions_create') }}

@endif

{{-- HIDDEN FORMS --}} @if($model instanceof \BookStack\Entities\Models\Page) @endif ```

## Screenshots # Anzeige von Buch, Kapitel und Seitentitel im Footer

getestet mit Version **25.12.8**

## Anforderung Zur besseren Nachverfolgung von Exports an welcher Stelle die exportierte Seite im BookStack zu finden sind. ## betroffene Dateien

Dateien müssen sich in der entsprechenden Struktur unterhalb des Themes befinden. Ordner = *kursiv* Dateien = **fett**

- *layouts* - *parts* - **export-body-start.blade.php** ## Inhalte der Dateien

export-body-start.blade.php

Hier wird folgender Bereich benötigt wenn nicht schon vorhanden bzw. muss im den Teil ergänzt werden wenn schon vorhanden: ```html [...]

@if(isset($page)) {{-- Buch & optional Kapitel & Seite --}} {{ trans('entities.book') }}: {{ $page->book->name ?? '' }} @if(isset($page->chapter)) – {{ trans('entities.chapter') }}: {{ $page->chapter->name }} @endif
{{ trans('entities.pages_title') }}: {{ $page->name }} @elseif(isset($chapter)) {{-- Export eines Kapitels --}} {{ trans('entities.book') }}: {{ $chapter->book->name ?? '' }}
{{ trans('entities.chapter') }}: {{ $chapter->name }} @elseif(isset($book)) {{-- Export eines ganzen Buchs --}} {{ trans('entities.book') }}: {{ $book->name }} @endif

[...] ```

## Screenshots [![image.png](https://bookstack.jelinek-rz.de/uploads/images/gallery/2026-03/scaled-1680-/image.png)](https://bookstack.jelinek-rz.de/uploads/images/gallery/2026-03/image.png)

Dokumentenhistorie

Dokumenteninformationen

{{ trans('common.actualnews') }}

{{ trans('entities.shelves') }}

' . $title . '

{{ $title }}

Dokumentenhistorie

Dokumenteninformationen

{{ trans('common.actualnews') }}

{{ trans('entities.shelves') }}

' . $title . '

Action Blocked

{{ $title }}