fix

Merge branch 'main' into permissions-2
v0.24.1
2026-05-07 14:43:06 +08:00 · 2025-12-18 18:32:24 +00:00 · 2025-12-18 18:30:48 +00:00 · 2025-12-14 13:24:09 +00:00 · 2025-12-14 13:16:40 +00:00 · 2025-12-13 14:15:41 +00:00
81 changed files with 3025 additions and 166 deletions
@@ -1,4 +1,4 @@
-FROM node:22-alpine AS base
+FROM node:22-slim AS base
 LABEL org.opencontainers.image.source="https://github.com/docmost/docmost"

 FROM base AS builder
@@ -13,7 +13,9 @@ RUN pnpm build

 FROM base AS installer

-RUN apk add --no-cache curl bash
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends curl bash \
+  && rm -rf /var/lib/apt/lists/*

 WORKDIR /app

@@ -1,7 +1,7 @@
 {
  "name": "client",
  "private": true,
-  "version": "0.23.2",
+  "version": "0.24.1",
  "scripts": {
    "dev": "vite",
    "build": "tsc && vite build",
@@ -42,7 +42,7 @@
  "Delete group": "Gruppe löschen",
  "Are you sure you want to delete this page? This will delete its children and page history. This action is irreversible.": "Sind Sie sicher, dass Sie diese Seite löschen möchten? Dadurch werden ihre Unterseiten und die Seitengeschichte gelöscht. Diese Aktion ist unwiderruflich.",
  "Description": "Beschreibung",
-  "Details": "Einzelheiten",
+  "Details": "Details",
  "e.g ACME": "z.B. ACME",
  "e.g ACME Inc": "z.B. ACME Inc.",
  "e.g Developers": "z.B. Entwickler",
@@ -525,5 +525,47 @@
  "Delete SSO provider": "SSO-Anbieter löschen",
  "Are you sure you want to delete this SSO provider?": "Sind Sie sicher, dass Sie diesen SSO-Anbieter löschen möchten?",
  "Action": "Aktion",
-  "{{ssoProviderType}} configuration": "{{ssoProviderType}}-Konfiguration"
+  "{{ssoProviderType}} configuration": "{{ssoProviderType}}-Konfiguration",
+  "Icon": "Icon",
+  "Upload image": "Bild hochladen",
+  "Remove image": "Bild entfernen",
+  "Failed to remove image": "Fehler beim Entfernen des Bildes",
+  "Image exceeds 10MB limit.": "Bild überschreitet das Limit von 10 MB.",
+  "Image removed successfully": "Bild erfolgreich entfernt",
+  "API key": "API-Schlüssel",
+  "API key created successfully": "API-Schlüssel erfolgreich erstellt",
+  "API keys": "API-Schlüssel",
+  "API management": "API-Verwaltung",
+  "Are you sure you want to revoke this API key": "Sind Sie sicher, dass Sie diesen API-Schlüssel widerrufen möchten?",
+  "Create API Key": "API-Schlüssel erstellen",
+  "Custom expiration date": "Benutzerdefiniertes Ablaufdatum",
+  "Enter a descriptive token name": "Geben Sie einen beschreibenden Token-Namen ein",
+  "Expiration": "Ablauf",
+  "Expired": "Abgelaufen",
+  "Expires": "Läuft ab",
+  "I've saved my API key": "Ich habe meinen API-Schlüssel gespeichert",
+  "Last use": "Zuletzt verwendet",
+  "No API keys found": "Keine API-Schlüssel gefunden",
+  "No expiration": "Kein Ablauf",
+  "Revoke API key": "API-Schlüssel widerrufen",
+  "Revoked successfully": "Erfolgreich widerrufen",
+  "Select expiration date": "Ablaufdatum wählen",
+  "This action cannot be undone. Any applications using this API key will stop working.": "Diese Aktion kann nicht rückgängig gemacht werden. Alle Anwendungen, die diesen API-Schlüssel verwenden, werden nicht mehr funktionieren.",
+  "Update API key": "API-Schlüssel aktualisieren",
+  "Manage API keys for all users in the workspace": "Verwalten Sie API-Schlüssel für alle Benutzer im Arbeitsbereich",
+  "AI settings": "KI-Einstellungen",
+  "AI search": "KI-Suche",
+  "AI Answer": "KI-Antwort",
+  "Ask AI": "KI fragen",
+  "AI is thinking...": "Die KI überlegt...",
+  "Ask a question...": "Fragen stellen...",
+  "AI-powered search (Ask AI)": "KI-gestützte Suche (KI fragen)",
+  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "Die KI-Suche verwendet Vektor-Einbettungen, um semantische Suchfunktionen in Ihrem Arbeitsbereich bereitzustellen.",
+  "Toggle AI search": "KI-Suche umschalten",
+  "Sources": "Quellen",
+  "Ask AI not available for attachments": "KI fragen nicht für Anhänge verfügbar",
+  "No answer available": "Keine Antwort verfügbar",
+  "Background color": "Hintergrundfarbe",
+  "Highlight color": "Hervorhebungsfarbe",
+  "Remove color": "Farbe entfernen"
 }
@@ -527,5 +527,47 @@
  "Delete SSO provider": "Eliminar proveedor de SSO",
  "Are you sure you want to delete this SSO provider?": "¿Está seguro de que desea eliminar este proveedor de SSO?",
  "Action": "Acción",
-  "{{ssoProviderType}} configuration": "Configuración de {{ssoProviderType}}"
+  "{{ssoProviderType}} configuration": "Configuración de {{ssoProviderType}}",
+  "Icon": "Icono",
+  "Upload image": "Subir imagen",
+  "Remove image": "Eliminar imagen",
+  "Failed to remove image": "No se ha podido eliminar la imagen",
+  "Image exceeds 10MB limit.": "La imagen excede del límite de 10 MB",
+  "Image removed successfully": "Imagen eliminada correctamente",
+  "API key": "Clave API",
+  "API key created successfully": "Clave API creada correctamente",
+  "API keys": "Claves API",
+  "API management": "Gestión de API",
+  "Are you sure you want to revoke this API key": "¿Está seguro de que desea revocar esta clave API? ",
+  "Create API Key": "Crear clave API",
+  "Custom expiration date": "Fecha de vencimiento personalizada",
+  "Enter a descriptive token name": "Introduce un nombre descriptivo del token",
+  "Expiration": "Vencimiento",
+  "Expired": "Vencido",
+  "Expires": "Vence",
+  "I've saved my API key": "He guardado mi clave API",
+  "Last use": "Último uso",
+  "No API keys found": "No se han encontrado claves API",
+  "No expiration": "Sin vencimiento",
+  "Revoke API key": "Revocar clave API",
+  "Revoked successfully": "Revocada correctamente",
+  "Select expiration date": "Seleccionar fecha de vencimiento",
+  "This action cannot be undone. Any applications using this API key will stop working.": "Esta acción no se puede deshacer. Las aplicaciones que utilicen esta clave API dejarán de funcionar.",
+  "Update API key": "Actualizar clave API",
+  "Manage API keys for all users in the workspace": "Gestionar claves API para todos los usuarios en el espacio de trabajo",
+  "AI settings": "Configuración de IA",
+  "AI search": "Búsqueda de IA",
+  "AI Answer": "Respuesta de IA",
+  "Ask AI": "Preguntar a IA",
+  "AI is thinking...": "IA está pensando...",
+  "Ask a question...": "Haz una pregunta...",
+  "AI-powered search (Ask AI)": "Búsqueda impulsada por IA (Preguntar a IA)",
+  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "La búsqueda de IA utiliza incrustaciones vectoriales para proporcionar capacidades de búsqueda semántica en todo el contenido de su espacio de trabajo.",
+  "Toggle AI search": "Alternar búsqueda de IA",
+  "Sources": "Fuentes",
+  "Ask AI not available for attachments": "Preguntar a IA no está disponible para adjuntos",
+  "No answer available": "No hay respuesta disponible",
+  "Background color": "Color de fondo",
+  "Highlight color": "Color de resaltado",
+  "Remove color": "Eliminar color"
 }
@@ -527,5 +527,47 @@
  "Delete SSO provider": "Supprimer le fournisseur SSO",
  "Are you sure you want to delete this SSO provider?": "Êtes-vous sûr de vouloir supprimer ce fournisseur SSO ?",
  "Action": "Action",
-  "{{ssoProviderType}} configuration": "Configuration {{ssoProviderType}}"
+  "{{ssoProviderType}} configuration": "Configuration {{ssoProviderType}}",
+  "Icon": "Icône",
+  "Upload image": "Téléverser une image",
+  "Remove image": "Supprimer l'image",
+  "Failed to remove image": "Échec de la suppression de l'image",
+  "Image exceeds 10MB limit.": "L'image dépasse la limite de 10 Mo.",
+  "Image removed successfully": "Image supprimée avec succès",
+  "API key": "Clé API",
+  "API key created successfully": "Clé API créée avec succès",
+  "API keys": "Clés API",
+  "API management": "Gestion des API",
+  "Are you sure you want to revoke this API key": "Êtes-vous sûr de vouloir révoquer cette clé API",
+  "Create API Key": "Créer une clé API",
+  "Custom expiration date": "Date d'expiration personnalisée",
+  "Enter a descriptive token name": "Entrez un nom descriptif pour le jeton",
+  "Expiration": "Expiration",
+  "Expired": "Expiré(e)",
+  "Expires": "Expire",
+  "I've saved my API key": "J'ai enregistré ma clé API",
+  "Last use": "Dernière utilisation",
+  "No API keys found": "Aucune clé API trouvée",
+  "No expiration": "Pas d'expiration",
+  "Revoke API key": "Révoquer la clé API",
+  "Revoked successfully": "Révoqué(e) avec succès",
+  "Select expiration date": "Sélectionnez la date d'expiration",
+  "This action cannot be undone. Any applications using this API key will stop working.": "Cette action ne peut pas être annulée. Toutes les applications utilisant cette clé API cesseront de fonctionner.",
+  "Update API key": "Mettre à jour la clé API",
+  "Manage API keys for all users in the workspace": "Gérer les clés API pour tous les utilisateurs dans l'espace de travail",
+  "AI settings": "Paramètres de l'IA",
+  "AI search": "Recherche IA",
+  "AI Answer": "Réponse IA",
+  "Ask AI": "Demander à l'IA",
+  "AI is thinking...": "L'IA réfléchit...",
+  "Ask a question...": "Posez une question...",
+  "AI-powered search (Ask AI)": "Recherche assistée par l'IA (Demander à l'IA)",
+  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "La recherche IA utilise des incorporations vectorielles pour fournir des capacités de recherche sémantique à travers le contenu de votre espace de travail.",
+  "Toggle AI search": "Basculer la recherche IA",
+  "Sources": "Sources",
+  "Ask AI not available for attachments": "Demande à l'IA non disponible pour les pièces jointes",
+  "No answer available": "Pas de réponse disponible",
+  "Background color": "Couleur de fond",
+  "Highlight color": "Couleur de surbrillance",
+  "Remove color": "Supprimer la couleur"
 }
@@ -527,5 +527,47 @@
  "Delete SSO provider": "Elimina provider SSO",
  "Are you sure you want to delete this SSO provider?": "Sei sicuro di voler eliminare questo provider SSO?",
  "Action": "Azione",
-  "{{ssoProviderType}} configuration": "Configurazione {{ssoProviderType}}"
+  "{{ssoProviderType}} configuration": "Configurazione {{ssoProviderType}}",
+  "Icon": "Icona",
+  "Upload image": "Carica immagine",
+  "Remove image": "Rimuovi immagine",
+  "Failed to remove image": "Rimozione immagine fallita",
+  "Image exceeds 10MB limit.": "L'immagine supera il limite di 10MB.",
+  "Image removed successfully": "Immagine rimossa con successo",
+  "API key": "Chiave API",
+  "API key created successfully": "Chiave API creata con successo",
+  "API keys": "Chiavi API",
+  "API management": "Gestione API",
+  "Are you sure you want to revoke this API key": "Sei sicuro di voler revocare questa chiave API",
+  "Create API Key": "Crea Chiave API",
+  "Custom expiration date": "Data di scadenza personalizzata",
+  "Enter a descriptive token name": "Inserisci un nome descrittivo del token",
+  "Expiration": "Scadenza",
+  "Expired": "Scaduto",
+  "Expires": "Scade",
+  "I've saved my API key": "Ho salvato la mia chiave API",
+  "Last use": "Ultimo utilizzo",
+  "No API keys found": "Nessuna chiave API trovata",
+  "No expiration": "Nessuna scadenza",
+  "Revoke API key": "Revoca chiave API",
+  "Revoked successfully": "Revocata con successo",
+  "Select expiration date": "Seleziona la data di scadenza",
+  "This action cannot be undone. Any applications using this API key will stop working.": "Questa azione non può essere annullata. Qualsiasi applicazione che utilizza questa chiave API smetterà di funzionare.",
+  "Update API key": "Aggiorna chiave API",
+  "Manage API keys for all users in the workspace": "Gestisci le chiavi API per tutti gli utenti nell'area di lavoro",
+  "AI settings": "Impostazioni AI",
+  "AI search": "Ricerca AI",
+  "AI Answer": "Risposta AI",
+  "Ask AI": "Chiedi all'AI",
+  "AI is thinking...": "L'AI sta pensando...",
+  "Ask a question...": "Fai una domanda...",
+  "AI-powered search (Ask AI)": "Ricerca potenziata dall'AI (Chiedi all'AI)",
+  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "La ricerca AI utilizza embeddings vettoriali per fornire capacità di ricerca semantica nel contenuto della tua area di lavoro.",
+  "Toggle AI search": "Attiva/disattiva ricerca AI",
+  "Sources": "Fonti",
+  "Ask AI not available for attachments": "Chiedere all'AI non è disponibile per gli allegati",
+  "No answer available": "Nessuna risposta disponibile",
+  "Background color": "Colore di sfondo",
+  "Highlight color": "Colore evidenziato",
+  "Remove color": "Rimuovi colore"
 }
@@ -527,5 +527,47 @@
  "Delete SSO provider": "SSOプロバイダーを削除する",
  "Are you sure you want to delete this SSO provider?": "このSSOプロバイダーを削除してもよろしいですか？",
  "Action": "アクション",
-  "{{ssoProviderType}} configuration": "{{ssoProviderType}}の構成"
+  "{{ssoProviderType}} configuration": "{{ssoProviderType}}の構成",
+  "Icon": "アイコン",
+  "Upload image": "画像をアップロード",
+  "Remove image": "画像を削除",
+  "Failed to remove image": "画像の削除に失敗しました",
+  "Image exceeds 10MB limit.": "画像が10MBの制限を超えています。",
+  "Image removed successfully": "画像が正常に削除されました",
+  "API key": "APIキー",
+  "API key created successfully": "APIキーが正常に作成されました",
+  "API keys": "APIキー",
+  "API management": "API管理",
+  "Are you sure you want to revoke this API key": "このAPIキーを無効にしてもよろしいですか",
+  "Create API Key": "APIキーを作成",
+  "Custom expiration date": "カスタム有効期限",
+  "Enter a descriptive token name": "説明的なトークン名を入力してください",
+  "Expiration": "有効期限",
+  "Expired": "期限切れ",
+  "Expires": "期限が切れます",
+  "I've saved my API key": "APIキーを保存しました",
+  "Last use": "最終使用",
+  "No API keys found": "APIキーが見つかりません",
+  "No expiration": "期限なし",
+  "Revoke API key": "APIキーを無効にする",
+  "Revoked successfully": "正常に無効化されました",
+  "Select expiration date": "有効期限を選択してください",
+  "This action cannot be undone. Any applications using this API key will stop working.": "この操作は元に戻せません。このAPIキーを使用しているアプリケーションは動作を停止します。",
+  "Update API key": "APIキーを更新",
+  "Manage API keys for all users in the workspace": "ワークスペース内のすべてのユーザーのAPIキーを管理",
+  "AI settings": "AI設定",
+  "AI search": "AI検索",
+  "AI Answer": "AI回答",
+  "Ask AI": "AIに質問する",
+  "AI is thinking...": "AIが考え中...",
+  "Ask a question...": "質問を入力...",
+  "AI-powered search (Ask AI)": "AIによる検索（AIに質問）",
+  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "AI検索はベクター埋め込みを使用して、ワークスペースコンテンツ全体にわたって意味検索機能を提供します。",
+  "Toggle AI search": "AI検索を切り替え",
+  "Sources": "ソース",
+  "Ask AI not available for attachments": "添付ファイルにはAI質問は利用できません",
+  "No answer available": "回答がありません",
+  "Background color": "背景色",
+  "Highlight color": "ハイライト色",
+  "Remove color": "色を削除"
 }
@@ -527,5 +527,47 @@
  "Delete SSO provider": "SSO 제공자 삭제",
  "Are you sure you want to delete this SSO provider?": "이 SSO 제공자를 삭제하시겠습니까?",
  "Action": "작업",
-  "{{ssoProviderType}} configuration": "{{ssoProviderType}} 구성"
+  "{{ssoProviderType}} configuration": "{{ssoProviderType}} 구성",
+  "Icon": "아이콘",
+  "Upload image": "이미지 업로드",
+  "Remove image": "이미지 제거",
+  "Failed to remove image": "이미지 제거 실패",
+  "Image exceeds 10MB limit.": "이미지가 10MB 용량 제한을 초과합니다.",
+  "Image removed successfully": "이미지가 성공적으로 제거되었습니다",
+  "API key": "API 키",
+  "API key created successfully": "API 키 생성 완료",
+  "API keys": "API 키",
+  "API management": "API 관리",
+  "Are you sure you want to revoke this API key": "이 API 키를 취소하시겠습니까?",
+  "Create API Key": "API 키 생성",
+  "Custom expiration date": "사용자 정의 만료일",
+  "Enter a descriptive token name": "토큰 이름을 입력하세요",
+  "Expiration": "만료",
+  "Expired": "만료됨",
+  "Expires": "만료일",
+  "I've saved my API key": "API 키를 저장했습니다",
+  "Last use": "최근 사용",
+  "No API keys found": "API 키를 찾을 수 없습니다",
+  "No expiration": "유효기간 없음",
+  "Revoke API key": "API 키 취소",
+  "Revoked successfully": "성공적으로 취소되었습니다",
+  "Select expiration date": "만료일 선택",
+  "This action cannot be undone. Any applications using this API key will stop working.": "이 작업은 되돌릴 수 없습니다. 이 API 키를 사용하는 모든 응용 프로그램이 작동을 멈출 것입니다.",
+  "Update API key": "API 키 갱신",
+  "Manage API keys for all users in the workspace": "워크스페이스 내 모든 사용자의 API 키 관리",
+  "AI settings": "AI 설정",
+  "AI search": "AI 검색",
+  "AI Answer": "AI 답변",
+  "Ask AI": "AI에게 묻기",
+  "AI is thinking...": "AI가 생각 중입니다...",
+  "Ask a question...": "질문하세요...",
+  "AI-powered search (Ask AI)": "AI 지원 검색 (AI에게 묻기)",
+  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "AI 검색은 벡터 임베딩을 사용하여 작업공간 콘텐츠에 대한 의미 검색 기능을 제공합니다.",
+  "Toggle AI search": "AI 검색 전환",
+  "Sources": "출처",
+  "Ask AI not available for attachments": "AI에게 묻기 기능은 첨부 파일에 대해 사용할 수 없습니다",
+  "No answer available": "답변을 제공할 수 없습니다",
+  "Background color": "배경 색",
+  "Highlight color": "강조 색",
+  "Remove color": "색 제거"
 }
@@ -34,7 +34,7 @@
  "Create group": "Groep aanmaken",
  "Create page": "Pagina aanmaken",
  "Create space": "Ruimte aanmaken",
-  "Create workspace": "Wwerkruimte aanmaken",
+  "Create workspace": "Werkruimte aanmaken",
  "Current password": "Huidig wachtwoord",
  "Dark": "Donker",
  "Date": "Datum",
@@ -91,7 +91,7 @@
  "Invite by email": "Uitnodigen via e-mail",
  "Invite members": "Leden uitnodigen",
  "Invite new members": "Nieuwe leden uitnodigen",
-  "Invited members who are yet to accept their invitation will appear here.": "Uigenodigde leden die hun uitnodiging nog moeten accepteren zullen hier worden getoond.",
+  "Invited members who are yet to accept their invitation will appear here.": "Uitgenodigde leden die hun uitnodiging nog moeten accepteren zullen hier worden getoond.",
  "Invited members will be granted access to spaces the groups can access": "Uitgenodigde leden wordt toegang gegeven tot ruimtes de groepen toegang toe heeft",
  "Join the workspace": "Word lid van de werkruimte",
  "Language": "Taal",
@@ -527,5 +527,47 @@
  "Delete SSO provider": "Verwijder SSO-provider",
  "Are you sure you want to delete this SSO provider?": "Weet u zeker dat u deze SSO-provider wilt verwijderen?",
  "Action": "Actie",
-  "{{ssoProviderType}} configuration": "{{ssoProviderType}} configuratie"
+  "{{ssoProviderType}} configuration": "{{ssoProviderType}} configuratie",
+  "Icon": "Icoon",
+  "Upload image": "Afbeelding uploaden",
+  "Remove image": "Afbeelding verwijderen",
+  "Failed to remove image": "Afbeelding verwijderen mislukt",
+  "Image exceeds 10MB limit.": "Afbeelding overschrijdt de limiet van 10MB.",
+  "Image removed successfully": "Afbeelding succesvol verwijderd",
+  "API key": "API-sleutel",
+  "API key created successfully": "API-sleutel succesvol aangemaakt",
+  "API keys": "API-sleutels",
+  "API management": "API-beheer",
+  "Are you sure you want to revoke this API key": "Weet u zeker dat u deze API-sleutel wilt intrekken",
+  "Create API Key": "API-sleutel aanmaken",
+  "Custom expiration date": "Aangepaste vervaldatum",
+  "Enter a descriptive token name": "Voer een beschrijvende tokennaam in",
+  "Expiration": "Vervaldatum",
+  "Expired": "Verlopen",
+  "Expires": "Verloopt",
+  "I've saved my API key": "Ik heb mijn API-sleutel opgeslagen",
+  "Last use": "Laatst gebruikt",
+  "No API keys found": "Geen API-sleutels gevonden",
+  "No expiration": "Geen vervaldatum",
+  "Revoke API key": "API-sleutel intrekken",
+  "Revoked successfully": "Succesvol ingetrokken",
+  "Select expiration date": "Selecteer vervaldatum",
+  "This action cannot be undone. Any applications using this API key will stop working.": "Deze actie kan niet ongedaan worden gemaakt. Alle toepassingen die deze API-sleutel gebruiken, zullen niet meer werken.",
+  "Update API key": "API-sleutel bijwerken",
+  "Manage API keys for all users in the workspace": "Beheer API-sleutels voor alle gebruikers in de werkruimte",
+  "AI settings": "AI-instellingen",
+  "AI search": "AI-zoekopdracht",
+  "AI Answer": "AI Antwoord",
+  "Ask AI": "Vraag AI",
+  "AI is thinking...": "AI is aan het nadenken...",
+  "Ask a question...": "Stel een vraag...",
+  "AI-powered search (Ask AI)": "AI-ondersteunde zoekopdracht (Vraag AI)",
+  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "AI-zoekopdracht maakt gebruik van vectorembeddings om semantische zoekmogelijkheden te bieden in uw werkruimte-inhoud.",
+  "Toggle AI search": "Schakel AI-zoekopdracht in/uit",
+  "Sources": "Bronnen",
+  "Ask AI not available for attachments": "Vraag AI is niet beschikbaar voor bijlages",
+  "No answer available": "Geen antwoord beschikbaar",
+  "Background color": "Achtergrondkleur",
+  "Highlight color": "Markeerkleur",
+  "Remove color": "Kleur verwijderen"
 }
@@ -527,5 +527,47 @@
  "Delete SSO provider": "Excluir provedor de SSO",
  "Are you sure you want to delete this SSO provider?": "Tem certeza de que deseja excluir este provedor de SSO?",
  "Action": "Ação",
-  "{{ssoProviderType}} configuration": "Configuração de {{ssoProviderType}}"
+  "{{ssoProviderType}} configuration": "Configuração de {{ssoProviderType}}",
+  "Icon": "Ícone",
+  "Upload image": "Fazer upload da imagem",
+  "Remove image": "Remover imagem",
+  "Failed to remove image": "Falha ao remover imagem",
+  "Image exceeds 10MB limit.": "A imagem excede o limite de 10MB.",
+  "Image removed successfully": "Imagem removida com sucesso",
+  "API key": "Chave API",
+  "API key created successfully": "Chave API criada com sucesso",
+  "API keys": "Chaves API",
+  "API management": "Gestão de API",
+  "Are you sure you want to revoke this API key": "Tem certeza de que deseja revogar esta chave API",
+  "Create API Key": "Criar Chave API",
+  "Custom expiration date": "Data de expiração personalizada",
+  "Enter a descriptive token name": "Insira um nome descritivo para o token",
+  "Expiration": "Expiração",
+  "Expired": "Expirado",
+  "Expires": "Expira",
+  "I've saved my API key": "Salvei minha chave API",
+  "Last use": "Último uso",
+  "No API keys found": "Nenhuma chave API encontrada",
+  "No expiration": "Sem expiração",
+  "Revoke API key": "Revogar chave API",
+  "Revoked successfully": "Revogada com sucesso",
+  "Select expiration date": "Selecionar data de expiração",
+  "This action cannot be undone. Any applications using this API key will stop working.": "Esta ação não pode ser desfeita. Qualquer aplicação usando esta chave API deixará de funcionar.",
+  "Update API key": "Atualizar chave API",
+  "Manage API keys for all users in the workspace": "Gerenciar chaves API para todos os usuários no espaço de trabalho",
+  "AI settings": "Configurações de IA",
+  "AI search": "Pesquisa IA",
+  "AI Answer": "Resposta de IA",
+  "Ask AI": "Pergunte à IA",
+  "AI is thinking...": "IA está pensando...",
+  "Ask a question...": "Faça uma pergunta...",
+  "AI-powered search (Ask AI)": "Pesquisa com IA (Pergunte à IA)",
+  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "A pesquisa IA usa vetores de incorporação para fornecer capacidades de pesquisa semântica em todo o conteúdo do seu espaço de trabalho.",
+  "Toggle AI search": "Alternar pesquisa de IA",
+  "Sources": "Fontes",
+  "Ask AI not available for attachments": "Perguntar à IA não está disponível para anexos",
+  "No answer available": "Nenhuma resposta disponível",
+  "Background color": "Cor de fundo",
+  "Highlight color": "Cor de destaque",
+  "Remove color": "Remover cor"
 }
@@ -498,10 +498,10 @@
  "Deleted at": "Удалено в",
  "Preview": "Предпросмотр",
  "Subpages": "Подстраницы",
-  "Failed to load subpages": "Не удалось загрузить подстраницы",
+  "Failed to load subpages": "Не удалось загрузить под страницы",
  "No subpages": "Нет подстраниц",
  "Subpages (Child pages)": "Подстраницы (вложенные страницы)",
-  "List all subpages of the current page": "Показать все подстраницы текущей страницы",
+  "List all subpages of the current page": "Показать все под страницы",
  "Attachments": "Вложения",
  "All spaces": "Все пространства",
  "Unknown": "Неизвестно",
@@ -527,5 +527,47 @@
  "Delete SSO provider": "Удалить поставщика SSO",
  "Are you sure you want to delete this SSO provider?": "Вы уверены, что хотите удалить этого поставщика SSO?",
  "Action": "Действие",
-  "{{ssoProviderType}} configuration": "Настройка {{ssoProviderType}}"
+  "{{ssoProviderType}} configuration": "Настройка {{ssoProviderType}}",
+  "Icon": "Иконка",
+  "Upload image": "Загрузить изображение",
+  "Remove image": "Удалить изображение",
+  "Failed to remove image": "Не удалось удалить изображение",
+  "Image exceeds 10MB limit.": "Изображение превышает предел 10MB.",
+  "Image removed successfully": "Изображение успешно удалено",
+  "API key": "API ключ",
+  "API key created successfully": "API ключ успешно создан",
+  "API keys": "API ключи",
+  "API management": "Управление API",
+  "Are you sure you want to revoke this API key": "Вы уверены, что хотите отозвать этот API ключ",
+  "Create API Key": "Создать API ключ",
+  "Custom expiration date": "Пользовательская дата срока действия",
+  "Enter a descriptive token name": "Введите понятное имя токена",
+  "Expiration": "Срок действия",
+  "Expired": "Истек",
+  "Expires": "Истекает",
+  "I've saved my API key": "Я сохранил мой API ключ",
+  "Last use": "Последнее использование",
+  "No API keys found": "API ключи не найдены",
+  "No expiration": "Не истекает",
+  "Revoke API key": "Отозвать API ключ",
+  "Revoked successfully": "Отозван успешно",
+  "Select expiration date": "Выберете срок действия",
+  "This action cannot be undone. Any applications using this API key will stop working.": "Это действие необратимо. Любые приложения, использующие этот API ключ, перестанут работать.",
+  "Update API key": "Обновить API ключ",
+  "Manage API keys for all users in the workspace": "Управлять API ключами для всех пользователей в рабочей области",
+  "AI settings": "Настройки ИИ",
+  "AI search": "Поиск ИИ",
+  "AI Answer": "Ответ ИИ",
+  "Ask AI": "Спросить ИИ",
+  "AI is thinking...": "ИИ обрабатывает запрос...",
+  "Ask a question...": "Задайте вопрос...",
+  "AI-powered search (Ask AI)": "Поиск на базе ИИ (Спросить ИИ)",
+  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "Поиск ИИ использует векторные встраивания для обеспечения семантического поиска по содержимому вашего рабочего пространства.",
+  "Toggle AI search": "Переключить поиск ИИ",
+  "Sources": "Источники",
+  "Ask AI not available for attachments": "Функция \"Спросить ИИ\" недоступна для вложений",
+  "No answer available": "Ответ недоступен",
+  "Background color": "Цвет фона",
+  "Highlight color": "Цвет выделения",
+  "Remove color": "Удалить цвет"
 }
@@ -527,5 +527,47 @@
  "Delete SSO provider": "Видалити постачальника SSO",
  "Are you sure you want to delete this SSO provider?": "Ви впевнені, що хочете видалити цього постачальника SSO?",
  "Action": "Дія",
-  "{{ssoProviderType}} configuration": "Конфігурація {{ssoProviderType}}"
+  "{{ssoProviderType}} configuration": "Конфігурація {{ssoProviderType}}",
+  "Icon": "Іконка",
+  "Upload image": "Завантажити зображення",
+  "Remove image": "Видалити зображення",
+  "Failed to remove image": "Не вдалося видалити зображення",
+  "Image exceeds 10MB limit.": "Зображення має займати менше, ніж 10 МБ.",
+  "Image removed successfully": "Зображення видалено",
+  "API key": "Ключ API",
+  "API key created successfully": "Ключ API успішно створено",
+  "API keys": "Ключі API",
+  "API management": "Управління API",
+  "Are you sure you want to revoke this API key": "Ви впевнені, що хочете відкликати цей ключ API",
+  "Create API Key": "Створити ключ API",
+  "Custom expiration date": "Користувацька дата закінчення",
+  "Enter a descriptive token name": "Введіть описову назву токена",
+  "Expiration": "Термін дії",
+  "Expired": "Закінчився",
+  "Expires": "Закінчується",
+  "I've saved my API key": "Я зберіг свій ключ API",
+  "Last use": "Останнє використання",
+  "No API keys found": "Ключі API не знайдено",
+  "No expiration": "Без терміну дії",
+  "Revoke API key": "Відкликати ключ API",
+  "Revoked successfully": "Успішно відкликано",
+  "Select expiration date": "Виберіть дату закінчення",
+  "This action cannot be undone. Any applications using this API key will stop working.": "Цю дію не можна скасувати. Будь-які додатки, що використовують цей ключ API, перестануть працювати.",
+  "Update API key": "Оновити ключ API",
+  "Manage API keys for all users in the workspace": "Керувати ключами API для всіх користувачів у робочій області",
+  "AI settings": "Налаштування ШІ",
+  "AI search": "Пошук з ШІ",
+  "AI Answer": "Відповідь ШІ",
+  "Ask AI": "Запитати ШІ",
+  "AI is thinking...": "ШІ думає...",
+  "Ask a question...": "Задайте питання...",
+  "AI-powered search (Ask AI)": "Пошук на базі ШІ (Запитати ШІ)",
+  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "Пошук з ШІ використовує векторні вбудовування для надання можливостей семантичного пошуку у вашому робочому вмісті.",
+  "Toggle AI search": "Переключити пошук з ШІ",
+  "Sources": "Джерела",
+  "Ask AI not available for attachments": "Запитати ШІ недоступно для вкладень",
+  "No answer available": "Відповідь недоступна",
+  "Background color": "Колір фону",
+  "Highlight color": "Колір підсвічування",
+  "Remove color": "Видалити колір"
 }
@@ -527,5 +527,47 @@
  "Delete SSO provider": "删除SSO提供商",
  "Are you sure you want to delete this SSO provider?": "您确定要删除此SSO提供商吗？",
  "Action": "操作",
-  "{{ssoProviderType}} configuration": "{{ssoProviderType}} 配置"
+  "{{ssoProviderType}} configuration": "{{ssoProviderType}} 配置",
+  "Icon": "图标",
+  "Upload image": "上传图片",
+  "Remove image": "删除图片",
+  "Failed to remove image": "无法删除图片",
+  "Image exceeds 10MB limit.": "图片超过10MB限制。",
+  "Image removed successfully": "图片删除成功",
+  "API key": "API密钥",
+  "API key created successfully": "API密钥创建成功",
+  "API keys": "API密钥",
+  "API management": "API管理",
+  "Are you sure you want to revoke this API key": "确定要撤销此API密钥吗",
+  "Create API Key": "创建API密钥",
+  "Custom expiration date": "自定义到期日期",
+  "Enter a descriptive token name": "输入描述性令牌名称",
+  "Expiration": "到期",
+  "Expired": "已过期",
+  "Expires": "到期",
+  "I've saved my API key": "我已保存我的API密钥",
+  "Last use": "上次使用",
+  "No API keys found": "找不到API密钥",
+  "No expiration": "无到期",
+  "Revoke API key": "撤销API密钥",
+  "Revoked successfully": "撤销成功",
+  "Select expiration date": "选择到期日期",
+  "This action cannot be undone. Any applications using this API key will stop working.": "此操作无法撤销。使用此API密钥的任何应用程序将停止工作。",
+  "Update API key": "更新API密钥",
+  "Manage API keys for all users in the workspace": "管理工作空间中所有用户的API密钥",
+  "AI settings": "AI设置",
+  "AI search": "AI搜索",
+  "AI Answer": "AI回答",
+  "Ask AI": "询问AI",
+  "AI is thinking...": "AI正在思考...",
+  "Ask a question...": "提问...",
+  "AI-powered search (Ask AI)": "AI驱动的搜索（询问AI）",
+  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "AI搜索使用向量嵌入提供跨工作空间内容的语义搜索功能。",
+  "Toggle AI search": "切换AI搜索",
+  "Sources": "来源",
+  "Ask AI not available for attachments": "附件不支持询问AI",
+  "No answer available": "无可用答案",
+  "Background color": "背景颜色",
+  "Highlight color": "突出显示颜色",
+  "Remove color": "移除颜色"
 }
@@ -37,14 +37,18 @@ export async function askAi(

  let answer = "";
  let sources: any[] = [];
+  let buffer = "";

  if (reader) {
    while (true) {
      const { done, value } = await reader.read();
      if (done) break;

-      const chunk = decoder.decode(value);
-      const lines = chunk.split("\n");
+      buffer += decoder.decode(value, { stream: true });
+      const lines = buffer.split("\n");
+
+      // Keep the last incomplete line in the buffer
+      buffer = lines.pop() || "";

      for (const line of lines) {
        if (line.startsWith("data: ")) {
@@ -5,6 +5,7 @@ import { v4 as uuidv4 } from "uuid";
 import classes from "./code-block.module.css";
 import { useTranslation } from "react-i18next";
 import { useComputedColorScheme } from "@mantine/core";
+import DOMPurify from "dompurify";

 interface MermaidViewProps {
  props: NodeViewProps;
@@ -37,7 +38,7 @@ export default function MermaidView({ props }: MermaidViewProps) {
        .catch((err) => {
          if (props.editor.isEditable) {
            setPreview(
-              `<div class="${classes.error}">${t("Mermaid diagram error:")} ${err}</div>`,
+              `<div class="${classes.error}">${t("Mermaid diagram error:")} ${DOMPurify.sanitize(err)}</div>`,
            );
          } else {
            setPreview(
@@ -87,7 +87,7 @@ export default function DrawioView(props: NodeViewProps) {
  };

  return (
-    <NodeViewWrapper>
+    <NodeViewWrapper data-drag-handle>
      <Modal.Root opened={opened} onClose={close} fullScreen>
        <Modal.Overlay />
        <Modal.Content style={{ overflow: "hidden" }}>
@@ -85,7 +85,7 @@ export default function EmbedView(props: NodeViewProps) {
  }

  return (
-    <NodeViewWrapper>
+    <NodeViewWrapper data-drag-handle>
      {embedUrl ? (
        <ResizableWrapper
          initialHeight={nodeHeight || 480}
@@ -118,7 +118,7 @@ export default function ExcalidrawView(props: NodeViewProps) {
  };

  return (
-    <NodeViewWrapper>
+    <NodeViewWrapper data-drag-handle>
      <ReactClearModal
        style={{
          backgroundColor: "rgba(0, 0, 0, 0.5)",
@@ -16,7 +16,7 @@ export default function ImageView(props: NodeViewProps) {
  }, [align]);

  return (
-    <NodeViewWrapper>
+    <NodeViewWrapper data-drag-handle>
      <Image
        radius="md"
        fit="contain"
@@ -31,7 +31,7 @@ export default function MentionView(props: NodeViewProps) {
  });

  return (
-    <NodeViewWrapper style={{ display: "inline" }}>
+    <NodeViewWrapper style={{ display: "inline" }} data-drag-handle>
      {entityType === "user" && (
        <Text className={classes.userMention} component="span">
          @{label}
@@ -20,7 +20,6 @@ import {
  IconCalendar,
  IconAppWindow,
  IconSitemap,
-  IconPageBreak,
 } from "@tabler/icons-react";
 import {
  CommandProps,
@@ -154,19 +153,6 @@ const CommandGroups: SlashMenuGroupedItemsType = {
      command: ({ editor, range }: CommandProps) =>
        editor.chain().focus().deleteRange(range).setHorizontalRule().run(),
    },
-    {
-      title: "Page break",
-      description: "Insert page break",
-      searchTerms: ["page break", "hr"],
-      icon: IconPageBreak,
-      command: ({ editor, range }: CommandProps) =>
-        editor
-          .chain()
-          .focus()
-          .deleteRange(range)
-          .insertContent('<hr data-type="pagebreak" /><p></p>')
-          .run(),
-    },
    {
      title: "Image",
      description: "Upload any image from your device.",
@@ -52,7 +52,7 @@ export default function SubpagesView(props: NodeViewProps) {

  if (error && !shareId) {
    return (
-      <NodeViewWrapper>
+      <NodeViewWrapper data-drag-handle>
        <Text c="dimmed" size="md" py="md">
          {t("Failed to load subpages")}
        </Text>
@@ -62,7 +62,7 @@ export default function SubpagesView(props: NodeViewProps) {

  if (subpages.length === 0) {
    return (
-      <NodeViewWrapper>
+      <NodeViewWrapper data-drag-handle>
        <div className={classes.container}>
          <Text c="dimmed" size="md" py="md">
            {t("No subpages")}
@@ -73,7 +73,7 @@ export default function SubpagesView(props: NodeViewProps) {
  }

  return (
-    <NodeViewWrapper>
+    <NodeViewWrapper data-drag-handle>
      <div className={classes.container}>
        <Stack gap={5}>
          {subpages.map((page) => (
@@ -15,7 +15,7 @@ export default function VideoView(props: NodeViewProps) {
  }, [align]);

  return (
-    <NodeViewWrapper>
+    <NodeViewWrapper data-drag-handle>
      <video
        preload="metadata"
        width={width}
@@ -46,7 +46,6 @@ import {
  Heading,
  Highlight,
  UniqueID,
-  HorizontalRule,
 } from "@docmost/editor-ext";
 import {
  randomElement,
@@ -109,9 +108,7 @@ export const mainExtensions = [
        spellcheck: false,
      },
    },
-    horizontalRule: false,
  }),
-  HorizontalRule,
  Heading,
  UniqueID.configure({
    types: ["heading", "paragraph"],
@@ -110,14 +110,6 @@
    border-top: 1px solid #68cef8;
  }

-  hr[data-type="pagebreak"] {
-    border-top: 1px dashed var(--mantine-color-dark-2) !important;
-  }
-
-  .ProseMirror[contenteditable="false"] hr[data-type="pagebreak"] {
-    display: none !important;
-  }
-
  .ProseMirror-selectednode {
    outline: 2px solid #70cff8;
  }
@@ -194,6 +186,7 @@
    margin-left: auto;
    margin-right: auto;
  }
+
 }

 .ProseMirror > h1,
@@ -202,11 +195,13 @@
 .ProseMirror > h4,
 .ProseMirror > h5,
 .ProseMirror > h6 {
+  
  > .link-btn {
    cursor: pointer;
    position: relative;
-  }

+  }
+  
  > .link-btn > .link-btn-content {
    opacity: 0;
    position: absolute;
@@ -218,7 +213,7 @@
    justify-content: center;
    flex-direction: column;
  }
-
+  
  &:hover > .link-btn > .link-btn-content {
    opacity: 1;
  }
@@ -20,10 +20,4 @@
  .tableWrapper {
    overflow: hidden !important;
  }
-
-  hr[data-type="pagebreak"] {
-    break-before: always;
-    page-break-before: always;
-    visibility: hidden;
-  }
 }
@@ -62,14 +62,17 @@ export default function SpaceSettingsModal({
                </Tabs.List>

                <Tabs.Panel value="general">
-                  <ScrollArea h={550} scrollbarSize={4} pr={8}>
-                    <SpaceDetails
-                      spaceId={space?.id}
-                      readOnly={spaceAbility.cannot(
-                        SpaceCaslAction.Manage,
-                        SpaceCaslSubject.Settings,
-                      )}
-                    />
+                  <ScrollArea h={580} scrollbarSize={5} pr={8}>
+                    <div style={{ paddingBottom: "100px"}}>
+                      <SpaceDetails
+                        spaceId={space?.id}
+                        readOnly={spaceAbility.cannot(
+                          SpaceCaslAction.Manage,
+                          SpaceCaslSubject.Settings,
+                        )}
+                      />
+                    </div>
+
                  </ScrollArea>
                </Tabs.Panel>

@@ -113,7 +113,7 @@ export default function SpaceMembersList({
  return (
    <>
      <SearchInput onSearch={handleSearch} />
-      <ScrollArea h={400}>
+      <ScrollArea h={450}>
        <Table.ScrollContainer minWidth={500}>
          <Table highlightOnHover verticalSpacing={8}>
            <Table.Thead>
@@ -1,6 +1,6 @@
 {
  "name": "server",
-  "version": "0.23.2",
+  "version": "0.24.1",
  "description": "",
  "author": "",
  "private": true,
@@ -36,7 +36,6 @@ import {
  Highlight,
  UniqueID,
  addUniqueIdsToDoc,
-  HorizontalRule,
 } from '@docmost/editor-ext';
 import { generateText, getSchema, JSONContent } from '@tiptap/core';
 import { generateHTML, generateJSON } from '../common/helpers/prosemirror/html';
@@ -49,9 +48,7 @@ export const tiptapExtensions = [
  StarterKit.configure({
    codeBlock: false,
    heading: false,
-    horizontalRule: false,
  }),
-  HorizontalRule,
  Heading,
  UniqueID.configure({
    types: ['heading', 'paragraph'],
@@ -1,5 +1,6 @@
 export enum EventName {
  COLLAB_PAGE_UPDATED = 'collab.page.updated',
+
  PAGE_CREATED = 'page.created',
  PAGE_UPDATED = 'page.updated',
  PAGE_CONTENT_UPDATED = 'page-content-updated',
@@ -5,4 +5,4 @@ export const nanoIdGen = customAlphabet(alphabet, 10);

 const slugIdAlphabet =
  '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
-export const generateSlugId = customAlphabet(slugIdAlphabet, 10);
+export const generateSlugId = customAlphabet(slugIdAlphabet, 10);
@@ -10,6 +10,12 @@ export enum SpaceRole {
  READER = 'reader', // can only read pages in space
 }

+export enum PageRole {
+  WRITER = 'writer', // can read and write pages in space
+  READER = 'reader', // can only read pages in space
+  RESTRICTED = 'restricted', // cannot access page
+}
+
 export enum SpaceVisibility {
  OPEN = 'open', // any workspace member can see that it exists and join.
  PRIVATE = 'private', // only added space users can see
@@ -14,11 +14,18 @@ export class InternalLogFilter extends ConsoleLogger {
    super();
    const isProduction = process.env.NODE_ENV === 'production';
    const isDebugMode = process.env.DEBUG_MODE === 'true';
-    
+
    if (isProduction && !isDebugMode) {
      this.allowedLogLevels = ['log', 'error', 'fatal'];
    } else {
-      this.allowedLogLevels = ['log', 'debug', 'verbose', 'warn', 'error', 'fatal'];
+      this.allowedLogLevels = [
+        'log',
+        'debug',
+        'verbose',
+        'warn',
+        'error',
+        'fatal',
+      ];
    }
  }

@@ -0,0 +1,168 @@
+import { Injectable, Logger, NotFoundException } from '@nestjs/common';
+import {
+  AbilityBuilder,
+  createMongoAbility,
+  MongoAbility,
+} from '@casl/ability';
+import { PageRole, SpaceRole } from '../../../common/helpers/types/permission';
+import { User } from '@docmost/db/types/entity.types';
+import {
+  PagePermissionRepo,
+  PageMemberRole,
+} from '@docmost/db/repos/page/page-permission-repo.service';
+import { PageRepo } from '@docmost/db/repos/page/page.repo';
+import {
+  PageCaslAction,
+  IPageAbility,
+  PageCaslSubject,
+} from '../interfaces/page-ability.type';
+import { findHighestUserSpaceRole } from '@docmost/db/repos/Space/utils';
+import { UserSpaceRole } from '@docmost/db/repos/space/types';
+import { SpaceMemberRepo } from '@docmost/db/repos/space/space-member.repo';
+
+@Injectable()
+export default class PageAbilityFactory {
+  private readonly logger = new Logger(PageAbilityFactory.name);
+
+  constructor(
+    private readonly pagePermissionRepo: PagePermissionRepo,
+    private readonly pageRepo: PageRepo,
+    private readonly spaceMemberRepo: SpaceMemberRepo,
+  ) {}
+
+  async createForUser(user: User, pageId: string) {
+    //user.id = '0197750c-a70c-73a6-83ad-65a193433f5c';
+
+    // This opens the possibility to share pages with individual users from other Spaces
+
+    /*     
+    //TODO: we might account for space permission here too.
+    // we could just do it all here. no need to call two abilities.
+    const userSpaceRoles = await this.spaceMemberRepo.getUserSpaceRoles(
+      user.id,
+      spaceId,
+    );
+    */
+
+    // const userPageRole = findHighestUserPageRole(userPageRoles);
+    // if no role abort
+
+    // Check page-level permissions first if pageId provided
+
+    const permission = await this.pagePermissionRepo.getUserPagePermission({
+      pageId: pageId,
+      userId: user.id,
+    });
+
+    // does it pick one? what if the user has permissions via groups? what roles takes precedence?
+
+    if (!permission) {
+      //TODO: it means we should use the space level permission
+      // need deeper understanding here though
+      // call the space factory?
+    }
+
+    this.logger.log('permissions', permission);
+    if (permission) {
+      // make sure the permission is for this page
+      // or cascaded/inherited from a parent page
+      /*this.logger.debug('role', permission.role, 'cascade', permission.cascade);
+      if (permission.pageId !== pageId && !permission.cascade) {
+        this.logger.debug('no permission');
+        // No explicit access and not inheriting - deny
+        return new AbilityBuilder<MongoAbility<IPageAbility>>(
+          createMongoAbility,
+        ).build();
+      }*/
+    }
+
+    // if no permission should we use space permission here?
+    // if non, skip for default to take precedence
+
+    switch (permission.role) {
+      case PageRole.WRITER:
+        return buildPageWriterAbility();
+      case PageRole.READER:
+        return buildPageReaderAbility();
+      case PageRole.RESTRICTED:
+        return buildPageRestrictedAbility();
+      default:
+        throw new NotFoundException('Page permissions not found');
+    }
+  }
+
+  private buildAbilityForRole(role: string) {
+    switch (role) {
+      case PageRole.WRITER:
+        return buildPageWriterAbility();
+      case PageRole.READER:
+        return buildPageReaderAbility();
+      case PageRole.RESTRICTED:
+        return buildPageRestrictedAbility();
+      default:
+        return new AbilityBuilder<MongoAbility<IPageAbility>>(
+          createMongoAbility,
+        ).build();
+    }
+  }
+}
+
+function buildPageWriterAbility() {
+  const { can, build } = new AbilityBuilder<MongoAbility<IPageAbility>>(
+    createMongoAbility,
+  );
+  can(PageCaslAction.Read, PageCaslSubject.Settings);
+  can(PageCaslAction.Read, PageCaslSubject.Member);
+  can(PageCaslAction.Manage, PageCaslSubject.Page);
+  can(PageCaslAction.Manage, PageCaslSubject.Share);
+  return build();
+}
+
+function buildPageReaderAbility() {
+  const { can, build } = new AbilityBuilder<MongoAbility<IPageAbility>>(
+    createMongoAbility,
+  );
+  can(PageCaslAction.Read, PageCaslSubject.Settings);
+  can(PageCaslAction.Read, PageCaslSubject.Member);
+  can(PageCaslAction.Read, PageCaslSubject.Page);
+  can(PageCaslAction.Read, PageCaslSubject.Share);
+  return build();
+}
+
+function buildPageRestrictedAbility() {
+  const { cannot, build } = new AbilityBuilder<MongoAbility<IPageAbility>>(
+    createMongoAbility,
+  );
+  cannot(PageCaslAction.Read, PageCaslSubject.Settings);
+  cannot(PageCaslAction.Read, PageCaslSubject.Member);
+  cannot(PageCaslAction.Read, PageCaslSubject.Page);
+  cannot(PageCaslAction.Read, PageCaslSubject.Share);
+  return build();
+}
+
+export interface UserPageRole {
+  userId: string;
+  role: string;
+}
+
+export function findHighestUserPageRole(userPageRoles: UserPageRole[]) {
+  //TODO: perhaps, we want the lowest here?
+  if (!userPageRoles) {
+    return undefined;
+  }
+
+  const roleOrder: { [key in PageRole]: number } = {
+    [PageRole.WRITER]: 3,
+    [PageRole.READER]: 2,
+    [PageRole.RESTRICTED]: 1,
+  };
+  let highestRole: string;
+
+  for (const userPageRole of userPageRoles) {
+    const currentRole = userPageRole.role;
+    if (!highestRole || roleOrder[currentRole] > roleOrder[highestRole]) {
+      highestRole = currentRole;
+    }
+  }
+  return highestRole;
+}
@@ -1,10 +1,11 @@
 import { Global, Module } from '@nestjs/common';
 import SpaceAbilityFactory from './abilities/space-ability.factory';
 import WorkspaceAbilityFactory from './abilities/workspace-ability.factory';
+import PageAbilityFactory from './abilities/page-ability.factory';

@Global()
@Module({
-  providers: [WorkspaceAbilityFactory, SpaceAbilityFactory],
-  exports: [WorkspaceAbilityFactory, SpaceAbilityFactory],
+  providers: [WorkspaceAbilityFactory, SpaceAbilityFactory, PageAbilityFactory],
+  exports: [WorkspaceAbilityFactory, SpaceAbilityFactory, PageAbilityFactory],
 })
 export class CaslModule {}
@@ -0,0 +1,19 @@
+export enum PageCaslAction {
+  Manage = 'manage',
+  Create = 'create',
+  Read = 'read',
+  Edit = 'edit',
+  Delete = 'delete',
+}
+export enum PageCaslSubject {
+  Settings = 'settings',
+  Member = 'member',
+  Page = 'page',
+  Share = 'share',
+}
+
+export type IPageAbility =
+  | [PageCaslAction, PageCaslSubject.Settings]
+  | [PageCaslAction, PageCaslSubject.Member]
+  | [PageCaslAction, PageCaslSubject.Page]
+  | [PageCaslAction, PageCaslSubject.Share];
@@ -7,7 +7,7 @@ import {
  MaxLength,
  MinLength,
 } from 'class-validator';
-import {Transform, TransformFnParams} from "class-transformer";
+import { Transform, TransformFnParams } from 'class-transformer';

 export class CreateGroupDto {
  @MinLength(2)
@@ -0,0 +1,34 @@
+import {
+  ArrayMaxSize,
+  IsArray,
+  IsBoolean,
+  IsEnum,
+  IsOptional,
+  IsUUID,
+} from 'class-validator';
+import { PageIdDto } from './page.dto';
+import { PageMemberRole } from '@docmost/db/repos/page/page-permission-repo.service';
+
+export class AddPageMembersDto extends PageIdDto {
+  @IsEnum(PageMemberRole)
+  role: string;
+  // optional
+  @IsArray()
+  @ArrayMaxSize(25, {
+    message: 'userIds must be an array with no more than 25 elements',
+  })
+  @IsUUID('all', { each: true })
+  userIds: string[];
+
+  @IsOptional()
+  @IsArray()
+  @ArrayMaxSize(25, {
+    message: 'groupIds must be an array with no more than 25 elements',
+  })
+  @IsUUID('all', { each: true })
+  groupIds: string[];
+
+  @IsBoolean()
+  @IsOptional()
+  cascade?: boolean; // Apply to all child pages
+}
@@ -4,4 +4,4 @@ export class DeletedPageDto {
  @IsNotEmpty()
  @IsString()
  spaceId: string;
-}
+}
@@ -17,8 +17,8 @@ export type CopyPageMapEntry = {
 };

 export type ICopyPageAttachment = {
-  newPageId: string,
-  oldPageId: string,
-  oldAttachmentId: string,
-  newAttachmentId: string,
+  newPageId: string;
+  oldPageId: string;
+  oldAttachmentId: string;
+  newAttachmentId: string;
 };
@@ -0,0 +1,22 @@
+import { IsOptional, IsNumber, IsString, Min, Max } from 'class-validator';
+import { PageIdDto } from './page.dto';
+import { Type } from 'class-transformer';
+
+export class GetPageMembersDto extends PageIdDto {
+  @IsOptional()
+  @Type(() => Number)
+  @IsNumber()
+  @Min(1)
+  page?: number = 1;
+
+  @IsOptional()
+  @Type(() => Number)
+  @IsNumber()
+  @Min(1)
+  @Max(100)
+  limit?: number = 20;
+
+  @IsOptional()
+  @IsString()
+  query?: string;
+}
@@ -0,0 +1,7 @@
+import { IsUUID } from 'class-validator';
+import { PageIdDto } from './page.dto';
+
+export class RemovePageMemberDto extends PageIdDto {
+  @IsUUID()
+  memberId: string;
+}
@@ -0,0 +1,11 @@
+import { IsEnum, IsUUID } from 'class-validator';
+import { PageIdDto } from './page.dto';
+import { PageMemberRole } from '@docmost/db/repos/page/page-permission-repo.service';
+
+export class UpdatePageMemberRoleDto extends PageIdDto {
+  @IsUUID()
+  memberId: string;
+
+  @IsEnum(PageMemberRole)
+  role: string;
+}
@@ -0,0 +1,21 @@
+import { IsBoolean, IsEnum, IsOptional, IsUUID } from 'class-validator';
+import { PageMemberRole } from '@docmost/db/repos/page/page-permission-repo.service';
+
+export class UpdatePagePermissionDto {
+  @IsUUID()
+  pageId: string;
+
+  @IsUUID()
+  @IsOptional()
+  userId?: string;
+
+  @IsUUID()
+  @IsOptional()
+  groupId?: string;
+
+  @IsEnum(PageMemberRole)
+  role: string;
+
+  @IsBoolean()
+  cascade: boolean; // Apply to all child pages
+}
@@ -32,9 +32,24 @@ import {
 } from '../casl/interfaces/space-ability.type';
 import SpaceAbilityFactory from '../casl/abilities/space-ability.factory';
 import { PageRepo } from '@docmost/db/repos/page/page.repo';
+import { SharedPagesRepo } from '@docmost/db/repos/page/shared-pages.repo';
 import { RecentPageDto } from './dto/recent-page.dto';
 import { DuplicatePageDto } from './dto/duplicate-page.dto';
 import { DeletedPageDto } from './dto/deleted-page.dto';
+import { AddPageMembersDto } from './dto/add-page-members.dto';
+import { RemovePageMemberDto } from './dto/remove-page-member.dto';
+import { UpdatePageMemberRoleDto } from './dto/update-page-member-role.dto';
+import { UpdatePagePermissionDto } from './dto/update-page-permission.dto';
+import { GetPageMembersDto } from './dto/get-page-members.dto';
+import {
+  PagePermissionService,
+  PagePermissionsResponse,
+} from './services/page-member.service';
+import PageAbilityFactory from '../casl/abilities/page-ability.factory';
+import {
+  PageCaslAction,
+  PageCaslSubject,
+} from '../casl/interfaces/page-ability.type';

@UseGuards(JwtAuthGuard)
@Controller('pages')
@@ -44,6 +59,9 @@ export class PageController {
    private readonly pageRepo: PageRepo,
    private readonly pageHistoryService: PageHistoryService,
    private readonly spaceAbility: SpaceAbilityFactory,
+    private readonly pageAbility: PageAbilityFactory,
+    private readonly pagePermissionService: PagePermissionService,
+    private readonly sharedPagesRepo: SharedPagesRepo,
  ) {}

  @HttpCode(HttpStatus.OK)
@@ -61,11 +79,21 @@ export class PageController {
      throw new NotFoundException('Page not found');
    }

-    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
-    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
+    const pageAbility = await this.pageAbility.createForUser(user, page.id);
+
+    if (pageAbility.cannot(PageCaslAction.Read, PageCaslSubject.Page)) {
      throw new ForbiddenException();
    }

+    /*const ability = await this.spaceAbility.createForUser(
+      user,
+      page.spaceId,
+    );
+    
+    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }*/
+
    return page;
  }

@@ -389,4 +417,162 @@ export class PageController {
    }
    return this.pageService.getPageBreadCrumbs(page.id);
  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('permissions/restrict')
+  async restrictPage(@Body() dto: PageIdDto, @AuthUser() user: User) {
+    const page = await this.pageRepo.findById(dto.pageId);
+    if (!page) {
+      throw new NotFoundException('Page not found');
+    }
+
+    // TODO: make sure they have access to the page, and can restrict
+    // And the page is not already restricted
+    // They can add and remove page restriction
+    // When a page restriction is removed, we remove the entries in page permissions table.
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }
+
+    return this.pagePermissionService.restrictPage(user, page.id);
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('permissions/add')
+  async addPageMembers(
+    @Body() dto: AddPageMembersDto,
+    @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    const page = await this.pageRepo.findById(dto.pageId);
+    if (!page) {
+      throw new NotFoundException('Page not found');
+    }
+
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }
+
+    return this.pagePermissionService.addMembersToPageBatch(
+      dto,
+      user,
+      workspace.id,
+    );
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('permissions/remove')
+  async removePageMember(
+    @Body() dto: RemovePageMemberDto,
+    @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    const page = await this.pageRepo.findById(dto.pageId);
+    if (!page) {
+      throw new NotFoundException('Page not found');
+    }
+
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }
+
+    return this.pagePermissionService.removePageMember(dto, workspace.id);
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('permissions/update-role')
+  async updatePageMemberRole(
+    @Body() dto: UpdatePageMemberRoleDto,
+    @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    const page = await this.pageRepo.findById(dto.pageId);
+    if (!page) {
+      throw new NotFoundException('Page not found');
+    }
+
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }
+
+    return this.pagePermissionService.updatePageMemberRole(dto, workspace.id);
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('permissions/update')
+  async updatePagePermissions(
+    @Body() dto: UpdatePagePermissionDto,
+    @AuthUser() user: User,
+  ): Promise<PagePermissionsResponse> {
+    const page = await this.pageRepo.findById(dto.pageId);
+    if (!page) {
+      throw new NotFoundException('Page not found');
+    }
+
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }
+
+    return this.pagePermissionService.updatePagePermission(dto);
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('permissions/info')
+  async getPagePermissions(
+    @Body() dto: PageIdDto,
+    @AuthUser() user: User,
+  ): Promise<PagePermissionsResponse> {
+    const page = await this.pageRepo.findById(dto.pageId);
+    if (!page) {
+      throw new NotFoundException('Page not found');
+    }
+
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }
+
+    return this.pagePermissionService.getPagePermissions(dto.pageId);
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('permissions/list')
+  async getPageMembers(
+    @Body() dto: GetPageMembersDto,
+    @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    const page = await this.pageRepo.findById(dto.pageId);
+    if (!page) {
+      throw new NotFoundException('Page not found');
+    }
+
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }
+
+    const pagination: PaginationOptions = {
+      page: dto.page || 1,
+      limit: dto.limit || 20,
+      query: dto.query,
+    };
+
+    return this.pagePermissionService.getPageMembers(
+      dto.pageId,
+      workspace.id,
+      pagination,
+    );
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('shared')
+  async getUserSharedPages(@AuthUser() user: User) {
+    return this.sharedPagesRepo.getUserSharedPages(user.id);
+  }
 }
@@ -3,12 +3,20 @@ import { PageService } from './services/page.service';
 import { PageController } from './page.controller';
 import { PageHistoryService } from './services/page-history.service';
 import { TrashCleanupService } from './services/trash-cleanup.service';
+import { PagePermissionService } from './services/page-member.service';
+import { SharedPagesRepo } from '@docmost/db/repos/page/shared-pages.repo';
 import { StorageModule } from '../../integrations/storage/storage.module';

@Module({
  controllers: [PageController],
-  providers: [PageService, PageHistoryService, TrashCleanupService],
-  exports: [PageService, PageHistoryService],
+  providers: [
+    PageService,
+    PageHistoryService,
+    TrashCleanupService,
+    PagePermissionService,
+    SharedPagesRepo,
+  ],
+  exports: [PageService, PageHistoryService, PagePermissionService],
  imports: [StorageModule],
 })
 export class PageModule {}
@@ -0,0 +1,648 @@
+import {
+  BadRequestException,
+  Injectable,
+  NotFoundException,
+} from '@nestjs/common';
+import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
+import { KyselyDB, KyselyTransaction } from '@docmost/db/types/kysely.types';
+import {
+  PagePermissionRepo,
+  PageMemberRole,
+} from '@docmost/db/repos/page/page-permission-repo.service';
+import { SharedPagesRepo } from '@docmost/db/repos/page/shared-pages.repo';
+import { AddPageMembersDto } from '../dto/add-page-members.dto';
+import { InjectKysely } from 'nestjs-kysely';
+import { Page, PagePermission, User } from '@docmost/db/types/entity.types';
+import { PageRepo } from '@docmost/db/repos/page/page.repo';
+import { RemovePageMemberDto } from '../dto/remove-page-member.dto';
+import { UpdatePageMemberRoleDto } from '../dto/update-page-member-role.dto';
+import { UpdatePagePermissionDto } from '../dto/update-page-permission.dto';
+import { UserRepo } from '@docmost/db/repos/user/user.repo';
+import { GroupRepo } from '@docmost/db/repos/group/group.repo';
+import { SpaceMemberRepo } from '@docmost/db/repos/space/space-member.repo';
+import { executeTx } from '@docmost/db/utils';
+
+export interface IPagePermission {
+  id: string;
+  cascade: boolean;
+  member: {
+    id: string;
+    type: 'user' | 'group' | 'public';
+    email?: string;
+    displayName?: string;
+    avatarUrl?: string;
+    workspaceRole?: string;
+    name?: string;
+    memberCount?: number;
+  };
+  membershipRole: {
+    id: string;
+    level: string;
+    source: 'direct' | 'inherited';
+  };
+  grantedBy: {
+    id: string;
+    type: 'page' | 'space';
+    title?: string;
+    name?: string;
+    parentId?: string;
+  };
+}
+
+export interface PagePermissionsResponse {
+  page: {
+    id: string;
+    title: string;
+    hasCustomPermissions: boolean;
+    inheritPermissions: boolean;
+    permissions: IPagePermission[];
+  };
+}
+
+@Injectable()
+export class PagePermissionService {
+  constructor(
+    private pageMemberRepo: PagePermissionRepo,
+    private pageRepo: PageRepo,
+    private sharedPagesRepo: SharedPagesRepo,
+    private userRepo: UserRepo,
+    private groupRepo: GroupRepo,
+    private spaceMemberRepo: SpaceMemberRepo,
+    @InjectKysely() private readonly db: KyselyDB,
+  ) {}
+
+  async addUserToPage(
+    userId: string,
+    pageId: string,
+    role: string,
+    workspaceId: string,
+    trx?: KyselyTransaction,
+  ): Promise<void> {
+    await this.pageMemberRepo.insertPageMember(
+      {
+        userId: userId,
+        pageId: pageId,
+        role: role,
+      },
+      trx,
+    );
+  }
+
+  async addGroupToPage(
+    groupId: string,
+    pageId: string,
+    role: string,
+    workspaceId: string,
+    trx?: KyselyTransaction,
+  ): Promise<void> {
+    await this.pageMemberRepo.insertPageMember(
+      {
+        groupId: groupId,
+        pageId: pageId,
+        role: role,
+      },
+      trx,
+    );
+  }
+
+  async getPageMembers(
+    pageId: string,
+    workspaceId: string,
+    pagination: PaginationOptions,
+  ) {
+    const page = await this.pageRepo.findById(pageId);
+    // const page = await this.pageRepo.findById(pageId, { workspaceId });
+
+    if (!page) {
+      throw new NotFoundException('Page not found');
+    }
+
+    const members = await this.pageMemberRepo.getPageMembersPaginated(
+      pageId,
+      pagination,
+    );
+
+    return members;
+  }
+
+  async restrictPage(authUser: User, pageId: string) {
+    // to add custom permissions to a page,
+    // we have to restrict the page first.
+    // the user is here because they can restrict this page
+    // TODO: make sure page is not in trash
+    // Not sure if normal users can see restricted pages in trash.
+    await this.db
+      .updateTable('pages')
+      .set({
+        isRestricted: true,
+        restrictedById: authUser.id,
+      })
+      .where('id', '=', pageId)
+      .execute();
+  }
+
+  async addMembersToPageBatch(
+    dto: AddPageMembersDto,
+    authUser: User,
+    workspaceId: string,
+  ): Promise<void> {
+    try {
+      const page = await this.pageRepo.findById(dto.pageId);
+      //const page = await this.pageRepo.findById(dto.pageId, { workspaceId });
+
+      if (!page) {
+        throw new NotFoundException('Page not found');
+      }
+
+      // Validate role
+      if (!Object.values(PageMemberRole).includes(dto.role as PageMemberRole)) {
+        throw new BadRequestException(`Invalid role: ${dto.role}`);
+      }
+
+      // Enable custom permissions if adding first member
+      /*if (!page.hasCustomPermissions) {
+        await this.pageRepo.update(dto.pageId, {
+          hasCustomPermissions: true,
+          inheritPermissions: false,
+        });
+      }*/
+
+      // Make sure we have valid workspace users
+      const validUsersQuery = this.db
+        .selectFrom('users')
+        .select(['id', 'name'])
+        .where('users.id', 'in', dto.userIds)
+        .where('users.workspaceId', '=', workspaceId)
+        .where(({ not, exists, selectFrom }) =>
+          not(
+            exists(
+              selectFrom('pagePermissions')
+                .select('id')
+                .whereRef('pagePermissions.userId', '=', 'users.id')
+                .where('pagePermissions.pageId', '=', dto.pageId),
+            ),
+          ),
+        );
+
+      const validGroupsQuery = this.db
+        .selectFrom('groups')
+        .select(['id', 'name'])
+        .where('groups.id', 'in', dto.groupIds)
+        .where('groups.workspaceId', '=', workspaceId)
+        .where(({ not, exists, selectFrom }) =>
+          not(
+            exists(
+              selectFrom('pagePermissions')
+                .select('id')
+                .whereRef('pagePermissions.groupId', '=', 'groups.id')
+                .where('pagePermissions.pageId', '=', dto.pageId),
+            ),
+          ),
+        );
+
+      let validUsers = [],
+        validGroups = [];
+      if (dto.userIds && dto.userIds.length > 0) {
+        validUsers = await validUsersQuery.execute();
+      }
+      if (dto.groupIds && dto.groupIds.length > 0) {
+        validGroups = await validGroupsQuery.execute();
+      }
+
+      const usersToAdd = [];
+      for (const user of validUsers) {
+        usersToAdd.push({
+          pageId: dto.pageId,
+          userId: user.id,
+          role: dto.role,
+          addedById: authUser.id,
+        });
+
+        // Track orphaned page access if user doesn't have parent access
+        if (page.parentPageId && dto.role !== PageMemberRole.NONE) {
+          const hasParentAccess = await this.checkParentAccess(
+            user.id,
+            page.parentPageId,
+          );
+          if (!hasParentAccess) {
+            await this.sharedPagesRepo.addSharedPage(user.id, dto.pageId);
+          }
+        }
+      }
+
+      const groupsToAdd = [];
+      for (const group of validGroups) {
+        groupsToAdd.push({
+          pageId: dto.pageId,
+          groupId: group.id,
+          role: dto.role,
+          addedById: authUser.id,
+        });
+      }
+
+      const membersToAdd = [...usersToAdd, ...groupsToAdd];
+      if (membersToAdd.length > 0) {
+        await this.db
+          .insertInto('pagePermissions')
+          .values(membersToAdd)
+          .execute();
+      }
+
+      // Apply to child pages if requested
+      if (dto.cascade) {
+        await this.cascadeToChildren(dto.pageId, membersToAdd);
+      }
+    } catch (error) {
+      if (
+        error instanceof NotFoundException ||
+        error instanceof BadRequestException
+      ) {
+        throw error;
+      }
+      throw new BadRequestException(
+        'Failed to add members to page. Please try again.',
+      );
+    }
+  }
+
+  async removePageMember(
+    dto: RemovePageMemberDto,
+    workspaceId: string,
+  ): Promise<void> {
+    const member = await this.db
+      .selectFrom('pagePermissions')
+      .innerJoin('pages', 'pages.id', 'pagePermissions.pageId')
+      .select(['pagePermissions.id', 'pagePermissions.userId'])
+      .where('pagePermissions.id', '=', dto.memberId)
+      .where('pagePermissions.pageId', '=', dto.pageId)
+      .where('pages.workspaceId', '=', workspaceId)
+      .executeTakeFirst();
+
+    if (!member) {
+      throw new NotFoundException('Page member not found');
+    }
+
+    // Check if this is the last admin
+    const adminCount = await this.pageMemberRepo.roleCountByPageId(
+      PageMemberRole.ADMIN,
+      dto.pageId,
+    );
+
+    if (adminCount === 1) {
+      const memberToRemove = await this.pageMemberRepo.getPageMemberByTypeId(
+        dto.pageId,
+        { userId: member.userId },
+      );
+      if (memberToRemove?.role === PageMemberRole.ADMIN) {
+        throw new BadRequestException('Cannot remove the last admin from page');
+      }
+    }
+
+    await this.pageMemberRepo.removePageMemberById(dto.memberId, dto.pageId);
+
+    // Remove from shared pages if it was tracked
+    if (member.userId) {
+      await this.sharedPagesRepo.removeSharedPage(member.userId, dto.pageId);
+    }
+  }
+
+  async updatePageMemberRole(
+    dto: UpdatePageMemberRoleDto,
+    workspaceId: string,
+  ): Promise<void> {
+    const member = await this.db
+      .selectFrom('pagePermissions')
+      .innerJoin('pages', 'pages.id', 'pagePermissions.pageId')
+      .select(['pagePermissions.id', 'pagePermissions.role'])
+      .where('pagePermissions.id', '=', dto.memberId)
+      .where('pagePermissions.pageId', '=', dto.pageId)
+      .where('pages.workspaceId', '=', workspaceId)
+      .executeTakeFirst();
+
+    if (!member) {
+      throw new NotFoundException('Page member not found');
+    }
+
+    if (
+      member.role === PageMemberRole.ADMIN &&
+      dto.role !== PageMemberRole.ADMIN
+    ) {
+      const adminCount = await this.pageMemberRepo.roleCountByPageId(
+        PageMemberRole.ADMIN,
+        dto.pageId,
+      );
+      if (adminCount === 1) {
+        throw new BadRequestException('Cannot change role of the last admin');
+      }
+    }
+
+    await this.pageMemberRepo.updatePageMember(
+      { role: dto.role },
+      dto.memberId,
+      dto.pageId,
+    );
+  }
+
+  async updatePagePermission(
+    dto: UpdatePagePermissionDto,
+  ): Promise<PagePermissionsResponse> {
+    const { pageId, userId, groupId, role, cascade } = dto;
+
+    try {
+      // Validate inputs
+      if (!userId && !groupId) {
+        throw new BadRequestException(
+          'Either userId or groupId must be provided',
+        );
+      }
+
+      if (userId && groupId) {
+        throw new BadRequestException('Cannot provide both userId and groupId');
+      }
+
+      if (!Object.values(PageMemberRole).includes(role as PageMemberRole)) {
+        throw new BadRequestException(`Invalid role: ${role}`);
+      }
+
+      await executeTx(this.db, async (trx) => {
+        // Update the role
+        if (userId) {
+          await this.pageMemberRepo.upsertPageMember(
+            {
+              pageId,
+              userId,
+              role,
+            },
+            trx,
+          );
+        } else if (groupId) {
+          await this.pageMemberRepo.upsertPageMember(
+            {
+              pageId,
+              groupId,
+              role,
+            },
+            trx,
+          );
+        }
+
+        // Mark page as having custom permissions
+        /* await this.pageRepo.update(
+          pageId,
+          {
+            hasCustomPermissions: true,
+            inheritPermissions: false,
+          },
+          trx,
+        );*/
+
+        // Cascade to children if requested
+        if (cascade) {
+          const descendants = await this.pageRepo.getAllDescendants(
+            pageId,
+            trx,
+          );
+          for (const childId of descendants) {
+            if (userId) {
+              await this.pageMemberRepo.upsertPageMember(
+                {
+                  pageId: childId,
+                  userId,
+                  role,
+                },
+                trx,
+              );
+            } else if (groupId) {
+              await this.pageMemberRepo.upsertPageMember(
+                {
+                  pageId: childId,
+                  groupId,
+                  role,
+                },
+                trx,
+              );
+            }
+          }
+        }
+      });
+
+      // Return comprehensive permission data
+      return this.getPagePermissions(pageId);
+    } catch (error) {
+      if (error instanceof BadRequestException) {
+        throw error;
+      }
+      throw new BadRequestException(
+        'Failed to update page permissions. Please try again.',
+      );
+    }
+  }
+
+  async getPagePermissions(pageId: string): Promise<PagePermissionsResponse> {
+    const page = await this.pageRepo.findById(pageId, { includeSpace: true });
+    if (!page) {
+      throw new NotFoundException('Page not found');
+    }
+
+    const permissions: IPagePermission[] = [];
+
+    // 1. Get direct page members
+    const directMembers = await this.pageMemberRepo.getPageMembers(pageId);
+
+    // Batch fetch all users and groups
+    const userIds = directMembers.filter((m) => m.userId).map((m) => m.userId);
+    const groupIds = directMembers
+      .filter((m) => m.groupId)
+      .map((m) => m.groupId);
+
+    const [users, groups] = await Promise.all([
+      userIds.length > 0
+        ? this.db
+            .selectFrom('users')
+            .selectAll()
+            .where('id', 'in', userIds)
+            .execute()
+        : Promise.resolve([]),
+      groupIds.length > 0
+        ? this.db
+            .selectFrom('groups')
+            .selectAll()
+            .where('id', 'in', groupIds)
+            .execute()
+        : Promise.resolve([]),
+    ]);
+
+    const userMap = new Map(users.map((u) => [u.id, u] as const));
+    const groupMap = new Map(groups.map((g) => [g.id, g] as const));
+
+    // Build permissions with batch-fetched data
+    for (const member of directMembers) {
+      let memberData: any = null;
+
+      if (member.userId) {
+        const user = userMap.get(member.userId);
+        if (user) {
+          memberData = {
+            id: user.id,
+            type: 'user' as const,
+            email: user.email,
+            displayName: user.name,
+            avatarUrl: user.avatarUrl,
+            workspaceRole: user.role,
+          };
+        }
+      } else if (member.groupId) {
+        const group = groupMap.get(member.groupId);
+        if (group) {
+          memberData = {
+            id: group.id,
+            type: 'group' as const,
+            name: group.name,
+            memberCount: await this.db
+              .selectFrom('groupUsers')
+              .select((eb) => eb.fn.count('userId').as('count'))
+              .where('groupId', '=', group.id)
+              .executeTakeFirst()
+              .then((result) => Number(result?.count || 0)),
+          };
+        }
+      }
+
+      if (memberData) {
+        permissions.push({
+          id: member.id,
+          cascade: true, // Page permissions cascade by default
+          member: memberData,
+          membershipRole: {
+            id: member.id,
+            level: member.role,
+            source: 'direct',
+          },
+          grantedBy: {
+            id: pageId,
+            type: 'page',
+            title: page.title,
+          },
+        });
+      }
+    }
+
+    // 2. Get inherited space members (if page inherits)
+    if (page) {
+      //if (page.inheritPermissions || !page.hasCustomPermissions) {
+      const spaceMembers = await this.spaceMemberRepo.getSpaceMembersPaginated(
+        page.spaceId,
+        { page: 1, limit: 100 },
+      );
+
+      for (const spaceMember of spaceMembers.items as any[]) {
+        // Skip if user has direct page permission
+        const hasDirect = directMembers.some(
+          (dm) =>
+            (dm.userId === spaceMember.id && spaceMember.type === 'user') ||
+            (dm.groupId === spaceMember.id && spaceMember.type === 'group'),
+        );
+        if (!hasDirect) {
+          permissions.push({
+            id: `space-${spaceMember.id}`,
+            cascade: false, // Space permissions don't cascade to page children
+            member: {
+              id: spaceMember.id,
+              type: spaceMember.type as 'user' | 'group',
+              email: spaceMember.email,
+              displayName: spaceMember.name,
+              avatarUrl: spaceMember.avatarUrl,
+              name: spaceMember.name,
+              memberCount: Number(spaceMember.memberCount || 0),
+            },
+            membershipRole: {
+              id: `space-role-${spaceMember.id}`,
+              level: spaceMember.role,
+              source: 'inherited',
+            },
+            grantedBy: {
+              id: page.spaceId,
+              type: 'space',
+              name: (page as any).space?.name,
+            },
+          });
+        }
+      }
+    }
+
+    return {
+      page: {
+        id: page.id,
+        title: page.title,
+        hasCustomPermissions: true,
+        inheritPermissions: false,
+        permissions,
+      },
+    };
+  }
+
+  private async checkParentAccess(
+    userId: string,
+    parentPageId: string | null,
+  ): Promise<boolean> {
+    if (!parentPageId) return true; // Root pages always accessible
+
+    const parentAccess = await this.pageMemberRepo.resolveUserPageAccess(
+      userId,
+      parentPageId,
+    );
+    return parentAccess !== null && parentAccess !== PageMemberRole.NONE;
+  }
+
+  private async cascadeToChildren(
+    pageId: string,
+    membersToAdd: any[],
+  ): Promise<void> {
+    const descendants = await this.pageRepo.getAllDescendants(pageId);
+    if (descendants.length === 0) return;
+
+    // Separate user and group members for proper conflict handling
+    const userMembers = membersToAdd.filter((m) => m.userId);
+    const groupMembers = membersToAdd.filter((m) => m.groupId);
+
+    for (const childId of descendants) {
+      // Handle user members with proper conflict resolution
+      if (userMembers.length > 0) {
+        const childUserMembers = userMembers.map((m) => ({
+          ...m,
+          pageId: childId,
+        }));
+
+        await this.db
+          .insertInto('pagePermissions')
+          .values(childUserMembers)
+          .onConflict((oc) =>
+            oc.columns(['pageId', 'userId']).doUpdateSet({
+              role: (eb) => eb.ref('excluded.role'),
+              updatedAt: new Date(),
+            }),
+          )
+          .execute();
+      }
+
+      // Handle group members separately
+      if (groupMembers.length > 0) {
+        const childGroupMembers = groupMembers.map((m) => ({
+          ...m,
+          pageId: childId,
+        }));
+
+        await this.db
+          .insertInto('pagePermissions')
+          .values(childGroupMembers)
+          .onConflict((oc) =>
+            oc.columns(['pageId', 'groupId']).doUpdateSet({
+              role: (eb) => eb.ref('excluded.role'),
+              updatedAt: new Date(),
+            }),
+          )
+          .execute();
+      }
+    }
+  }
+}
@@ -69,8 +69,8 @@ export class ShareService {
      return await this.shareRepo.insertShare({
        key: nanoIdGen().toLowerCase(),
        pageId: page.id,
-        includeSubPages: createShareDto.includeSubPages || true,
-        searchIndexing: createShareDto.searchIndexing || true,
+        includeSubPages: createShareDto.includeSubPages ?? false,
+        searchIndexing: createShareDto.searchIndexing ?? false,
        creatorId: authUserId,
        spaceId: page.spaceId,
        workspaceId,
@@ -5,7 +5,7 @@ import {
  MaxLength,
  MinLength,
 } from 'class-validator';
-import {Transform, TransformFnParams} from "class-transformer";
+import { Transform, TransformFnParams } from 'class-transformer';

 export class CreateSpaceDto {
  @MinLength(2)
@@ -70,7 +70,9 @@ export class UserService {
      );

      if (!isPasswordMatch) {
-        throw new BadRequestException('You must provide the correct password to change your email');
+        throw new BadRequestException(
+          'You must provide the correct password to change your email',
+        );
      }

      if (await this.userRepo.findByEmail(updateUserDto.email, workspace.id)) {
@@ -26,6 +26,7 @@ import { UserTokenRepo } from './repos/user-token/user-token.repo';
 import { BacklinkRepo } from '@docmost/db/repos/backlink/backlink.repo';
 import { ShareRepo } from '@docmost/db/repos/share/share.repo';
 import { PageListener } from '@docmost/db/listeners/page.listener';
+import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission-repo.service';

 // https://github.com/brianc/node-postgres/issues/811
 types.setTypeParser(types.builtins.INT8, (val) => Number(val));
@@ -78,6 +79,7 @@ types.setTypeParser(types.builtins.INT8, (val) => Number(val));
    BacklinkRepo,
    ShareRepo,
    PageListener,
+    PagePermissionRepo,
  ],
  exports: [
    WorkspaceRepo,
@@ -93,6 +95,7 @@ types.setTypeParser(types.builtins.INT8, (val) => Number(val));
    UserTokenRepo,
    BacklinkRepo,
    ShareRepo,
+    PagePermissionRepo,
  ],
 })
 export class DatabaseModule
@@ -3,7 +3,7 @@ import { type Kysely, sql } from 'kysely';
 export async function up(db: Kysely<any>): Promise<void> {
  await db.schema
    .alterTable('pages')
-    .addColumn('contributor_ids', sql`uuid[]`, (col) => col.defaultTo("{}"))
+    .addColumn('contributor_ids', sql`uuid[]`, (col) => col.defaultTo('{}'))
    .execute();
 }

@@ -0,0 +1,102 @@
+import { Kysely, sql } from 'kysely';
+
+export async function up(db: Kysely<any>): Promise<void> {
+  await db.schema
+    .createTable('page_permissions')
+    .addColumn('id', 'uuid', (col) =>
+      col.primaryKey().defaultTo(sql`gen_uuid_v7()`),
+    )
+    .addColumn('user_id', 'uuid', (col) =>
+      col.references('users.id').onDelete('cascade'),
+    )
+    .addColumn('group_id', 'uuid', (col) =>
+      col.references('groups.id').onDelete('cascade'),
+    )
+    .addColumn('page_id', 'uuid', (col) =>
+      col.notNull().references('pages.id').onDelete('cascade'),
+    )
+    .addColumn('role', 'varchar', (col) => col.notNull())
+    .addColumn('cascade', 'boolean', (col) => col.defaultTo(true).notNull()) // children can inherit
+    .addColumn('added_by_id', 'uuid', (col) =>
+      col.references('users.id').onDelete('set null'),
+    )
+    .addColumn('created_at', 'timestamptz', (col) =>
+      col.notNull().defaultTo(sql`now()`),
+    )
+    .addColumn('updated_at', 'timestamptz', (col) =>
+      col.notNull().defaultTo(sql`now()`),
+    )
+    .addColumn('deleted_at', 'timestamptz')
+    .addUniqueConstraint('unique_page_user', ['page_id', 'user_id'])
+    .addUniqueConstraint('unique_page_group', ['page_id', 'group_id'])
+    .addCheckConstraint(
+      'allow_either_user_id_or_group_id_check',
+      sql`(user_id IS NOT NULL AND group_id IS NULL) OR (user_id IS NULL AND group_id IS NOT NULL)`,
+    )
+    .execute();
+
+  await db.schema
+    .alterTable('pages')
+    .addColumn('is_restricted', 'boolean', (col) =>
+      col.defaultTo(false).notNull(),
+    )
+    .addColumn('restricted_by_id', 'uuid', (col) =>
+      col.references('users.id').onDelete('set null'),
+    )
+    .execute();
+
+  // Add indexes for performance
+  await db.schema
+    .createIndex('idx_page_permissions_page_id')
+    .on('page_permissions')
+    .column('page_id')
+    .execute();
+
+  await db.schema
+    .createIndex('idx_page_permissions_user_id')
+    .on('page_permissions')
+    .column('user_id')
+    .execute();
+
+  await db.schema
+    .createIndex('idx_page_permissions_group_id')
+    .on('page_permissions')
+    .column('group_id')
+    .execute();
+
+  // Create user_shared_pages table for tracking orphaned page access
+  await db.schema
+    .createTable('user_shared_pages')
+    .addColumn('user_id', 'uuid', (col) =>
+      col.notNull().references('users.id').onDelete('cascade'),
+    )
+    .addColumn('page_id', 'uuid', (col) =>
+      col.notNull().references('pages.id').onDelete('cascade'),
+    )
+    .addColumn('shared_at', 'timestamptz', (col) =>
+      col.notNull().defaultTo(sql`now()`),
+    )
+    .addPrimaryKeyConstraint('user_shared_pages_pkey', ['user_id', 'page_id'])
+    .execute();
+
+  await db.schema
+    .createIndex('idx_user_shared_pages_user_id')
+    .on('user_shared_pages')
+    .column('user_id')
+    .execute();
+
+  await db.schema
+    .createIndex('idx_user_shared_pages_shared_at')
+    .on('user_shared_pages')
+    .column('shared_at')
+    .execute();
+}
+
+export async function down(db: Kysely<any>): Promise<void> {
+  await db.schema.alterTable('pages').dropColumn('is_restricted').execute();
+  await db.schema.alterTable('pages').dropColumn('restricted_by_id').execute();
+
+  await db.schema.dropTable('user_shared_pages').execute();
+
+  await db.schema.dropTable('page_permissions').execute();
+}
@@ -23,9 +23,9 @@ export class PaginationOptions {

  @IsOptional()
  @IsString()
-  query: string;
+  query?: string;

  @IsOptional()
  @IsBoolean()
-  adminView: boolean;
+  adminView?: boolean;
 }
@@ -105,7 +105,10 @@ export class CommentRepo {
    return Number(result?.count) > 0;
  }

-  async hasChildrenFromOtherUsers(commentId: string, userId: string): Promise<boolean> {
+  async hasChildrenFromOtherUsers(
+    commentId: string,
+    userId: string,
+  ): Promise<boolean> {
    const result = await this.db
      .selectFrom('comments')
      .select((eb) => eb.fn.count('id').as('count'))
@@ -57,7 +57,11 @@ export class GroupUserRepo {

    if (pagination.query) {
      query = query.where((eb) =>
-        eb(sql`f_unaccent(users.name)`, 'ilike', sql`f_unaccent(${'%' + pagination.query + '%'})`),
+        eb(
+          sql`f_unaccent(users.name)`,
+          'ilike',
+          sql`f_unaccent(${'%' + pagination.query + '%'})`,
+        ),
      );
    }

@@ -114,7 +114,11 @@ export class GroupRepo {

    if (pagination.query) {
      query = query.where((eb) =>
-        eb(sql`f_unaccent(name)`, 'ilike', sql`f_unaccent(${'%' + pagination.query + '%'})`).or(
+        eb(
+          sql`f_unaccent(name)`,
+          'ilike',
+          sql`f_unaccent(${'%' + pagination.query + '%'})`,
+        ).or(
          sql`f_unaccent(description)`,
          'ilike',
          sql`f_unaccent(${'%' + pagination.query + '%'})`,
@@ -454,4 +454,46 @@ export class PageRepo {
      .selectAll()
      .execute();
  }
+
+  async update(
+    pageId: string,
+    updatablePage: UpdatablePage,
+    trx?: KyselyTransaction,
+  ): Promise<void> {
+    const db = dbOrTx(this.db, trx);
+    await db
+      .updateTable('pages')
+      .set({ ...updatablePage, updatedAt: new Date() })
+      .where('id', '=', pageId)
+      .execute();
+  }
+
+  async getAllDescendants(
+    pageId: string,
+    trx?: KyselyTransaction,
+  ): Promise<string[]> {
+    const db = dbOrTx(this.db, trx);
+
+    // Recursive CTE to get all descendants
+    const descendants = await db
+      .withRecursive('page_tree', (qb) =>
+        qb
+          .selectFrom('pages')
+          .select(['id', 'parentPageId'])
+          .where('parentPageId', '=', pageId)
+          .where('deletedAt', 'is', null)
+          .unionAll((eb) =>
+            eb
+              .selectFrom('pages as p')
+              .innerJoin('page_tree as pt', 'p.parentPageId', 'pt.id')
+              .select(['p.id', 'p.parentPageId'])
+              .where('p.deletedAt', 'is', null),
+          ),
+      )
+      .selectFrom('page_tree')
+      .select('id')
+      .execute();
+
+    return descendants.map((d) => d.id);
+  }
 }
@@ -0,0 +1,58 @@
+import { Injectable } from '@nestjs/common';
+import { InjectKysely } from 'nestjs-kysely';
+import { KyselyDB } from '../../types/kysely.types';
+import { Page } from '../../types/entity.types';
+import { PageMemberRole } from './page-permission-repo.service';
+
+@Injectable()
+export class SharedPagesRepo {
+  constructor(@InjectKysely() private readonly db: KyselyDB) {}
+
+  async addSharedPage(userId: string, pageId: string): Promise<void> {
+    await this.db
+      .insertInto('userSharedPages')
+      .values({
+        userId,
+        pageId,
+        sharedAt: new Date(),
+      })
+      .onConflict((oc) => oc.columns(['userId', 'pageId']).doNothing())
+      .execute();
+  }
+
+  async removeSharedPage(userId: string, pageId: string): Promise<void> {
+    await this.db
+      .deleteFrom('userSharedPages')
+      .where('userId', '=', userId)
+      .where('pageId', '=', pageId)
+      .execute();
+  }
+
+  async getUserSharedPages(userId: string): Promise<Page[]> {
+    return await this.db
+      .selectFrom('userSharedPages as usp')
+      .innerJoin('pages as p', 'p.id', 'usp.pageId')
+      .innerJoin('pagePermissions as pm', (join) =>
+        join
+          .onRef('pm.pageId', '=', 'p.id')
+          .on('pm.userId', '=', userId)
+          .on('pm.role', '!=', PageMemberRole.NONE),
+      )
+      .selectAll('p')
+      .where('usp.userId', '=', userId)
+      .where('p.deletedAt', 'is', null)
+      .orderBy('usp.sharedAt', 'desc')
+      .execute();
+  }
+
+  async isPageSharedWithUser(userId: string, pageId: string): Promise<boolean> {
+    const result = await this.db
+      .selectFrom('userSharedPages')
+      .select('userId')
+      .where('userId', '=', userId)
+      .where('pageId', '=', pageId)
+      .executeTakeFirst();
+
+    return !!result;
+  }
+}
@@ -214,6 +214,19 @@ export interface PageHistory {
  workspaceId: string;
 }

+export interface PagePermissions {
+  addedById: string | null;
+  cascade: Generated<boolean>;
+  createdAt: Generated<Timestamp>;
+  deletedAt: Timestamp | null;
+  groupId: string | null;
+  id: Generated<string>;
+  pageId: string;
+  role: string;
+  updatedAt: Generated<Timestamp>;
+  userId: string | null;
+}
+
 export interface Pages {
  content: Json | null;
  contributorIds: Generated<string[] | null>;
@@ -225,9 +238,11 @@ export interface Pages {
  icon: string | null;
  id: Generated<string>;
  isLocked: Generated<boolean>;
+  isRestricted: Generated<boolean>;
  lastUpdatedById: string | null;
  parentPageId: string | null;
  position: string | null;
+  restrictedById: string | null;
  slugId: string;
  spaceId: string;
  textContent: string | null;
@@ -313,6 +328,12 @@ export interface Users {
  workspaceId: string | null;
 }

+export interface UserSharedPages {
+  pageId: string;
+  sharedAt: Generated<Timestamp>;
+  userId: string;
+}
+
 export interface UserTokens {
  createdAt: Generated<Timestamp>;
  expiresAt: Timestamp | null;
@@ -372,12 +393,14 @@ export interface DB {
  groups: Groups;
  groupUsers: GroupUsers;
  pageHistory: PageHistory;
+  pagePermissions: PagePermissions;
  pages: Pages;
  shares: Shares;
  spaceMembers: SpaceMembers;
  spaces: Spaces;
  userMfa: UserMfa;
  users: Users;
+  userSharedPages: UserSharedPages;
  userTokens: UserTokens;
  workspaceInvitations: WorkspaceInvitations;
  workspaces: Workspaces;
@@ -10,12 +10,14 @@ import {
  Groups,
  GroupUsers,
  PageHistory,
+  PagePermissions,
  Pages,
  Shares,
  SpaceMembers,
  Spaces,
  UserMfa,
  Users,
+  UserSharedPages,
  UserTokens,
  WorkspaceInvitations,
  Workspaces,
@@ -33,6 +35,7 @@ export interface DbInterface {
  groups: Groups;
  groupUsers: GroupUsers;
  pageEmbeddings: PageEmbeddings;
+  pagePermissions: PagePermissions;
  pageHistory: PageHistory;
  pages: Pages;
  shares: Shares;
@@ -40,6 +43,7 @@ export interface DbInterface {
  spaces: Spaces;
  userMfa: UserMfa;
  users: Users;
+  userSharedPages: UserSharedPages;
  userTokens: UserTokens;
  workspaceInvitations: WorkspaceInvitations;
  workspaces: Workspaces;
@@ -4,8 +4,10 @@ import {
  Comments,
  Groups,
  Pages,
+  PagePermissions,
  Spaces,
  Users,
+  UserSharedPages,
  Workspaces,
  PageHistory as History,
  GroupUsers,
@@ -50,6 +52,15 @@ export type SpaceMember = Selectable<SpaceMembers>;
 export type InsertableSpaceMember = Insertable<SpaceMembers>;
 export type UpdatableSpaceMember = Updateable<Omit<SpaceMembers, 'id'>>;

+// PageMember
+export type PagePermission = Selectable<PagePermissions>;
+export type InsertablePagePermission = Insertable<PagePermissions>;
+export type UpdatablePagePermission = Updateable<Omit<PagePermissions, 'id'>>;
+
+// UserSharedPage
+export type UserSharedPage = Selectable<UserSharedPages>;
+export type InsertableUserSharedPage = Insertable<UserSharedPages>;
+
 // Group
 export type ExtendedGroup = Groups & { memberCount: number };

@@ -117,7 +117,7 @@ export class EnvironmentVariables {

  @IsOptional()
  @ValidateIf((obj) => obj.AI_EMBEDDING_DIMENSION)
-  @IsIn(['768', '1024', '1536'])
+  @IsIn(['768', '1024', '1536', '2000'])
  @IsString()
  AI_EMBEDDING_DIMENSION: string;

@@ -41,4 +41,4 @@ export class ExportSpaceDto {
  @IsOptional()
  @IsBoolean()
  includeAttachments?: boolean;
-}
+}
@@ -107,7 +107,7 @@ export class ExportService {
      const page = await this.pageRepo.findById(pageId, {
        includeContent: true,
      });
-      if (page){
+      if (page) {
        pages = [page];
      }
    }
@@ -69,17 +69,21 @@ function taskList(turndownService: TurndownService) {
        'input[type="checkbox"]',
      ) as HTMLInputElement;
      const isChecked = checkbox.checked;
-      
+
      // Process content like regular list items
      content = content
        .replace(/^\n+/, '') // remove leading newlines
        .replace(/\n+$/, '\n') // replace trailing newlines with just a single one
        .replace(/\n/gm, '\n  '); // indent nested content with 2 spaces
-      
+
      // Create the checkbox prefix
      const prefix = `- ${isChecked ? '[x]' : '[ ]'} `;
-      
-      return prefix + content + (node.nextSibling && !/\n$/.test(content) ? '\n' : '');
+
+      return (
+        prefix +
+        content +
+        (node.nextSibling && !/\n$/.test(content) ? '\n' : '')
+      );
    },
  });
 }
@@ -15,4 +15,4 @@ export type ImportPageNode = {
  parentPageId: string | null;
  fileExtension: string;
  filePath: string;
-};
+};
@@ -1,5 +1,4 @@
-import { MentionNode } from "../../../common/helpers/prosemirror/utils";
-
+import { MentionNode } from '../../../common/helpers/prosemirror/utils';

 export interface IPageBacklinkJob {
  pageId: string;
@@ -9,4 +8,4 @@ export interface IPageBacklinkJob {

 export interface IStripeSeatsSyncJob {
  workspaceId: string;
-}
+}
@@ -42,7 +42,7 @@ export class LocalDriver implements StorageDriver {
    try {
      const fromFullPath = this._fullPath(fromFilePath);
      const toFullPath = this._fullPath(toFilePath);
-      
+
      if (await this.exists(fromFilePath)) {
        await fs.copy(fromFullPath, toFullPath);
      }
@@ -40,8 +40,8 @@ export const storageDriverConfigProvider = {
          },
        };

-      case StorageOption.S3:
-        { const s3Config = {
+      case StorageOption.S3: {
+        const s3Config = {
          driver,
          config: {
            region: environmentService.getAwsS3Region(),
@@ -68,7 +68,8 @@ export const storageDriverConfigProvider = {
          };
        }

-        return s3Config; }
+        return s3Config;
+      }

      default:
        throw new Error(`Unknown storage driver: ${driver}`);
@@ -15,10 +15,12 @@ async function bootstrap() {
  const app = await NestFactory.create<NestFastifyApplication>(
    AppModule,
    new FastifyAdapter({
-      ignoreTrailingSlash: true,
-      ignoreDuplicateSlashes: true,
-      maxParamLength: 1000,
      trustProxy: true,
+      routerOptions: {
+        maxParamLength: 1000,
+        ignoreTrailingSlash: true,
+        ignoreDuplicateSlashes: true,
+      },
    }),
    {
      rawBody: true,
@@ -1,7 +1,7 @@
 {
  "name": "docmost",
  "homepage": "https://docmost.com",
-  "version": "0.23.2",
+  "version": "0.24.1",
  "private": true,
  "scripts": {
    "build": "nx run-many -t build",
@@ -38,7 +38,6 @@
    "@tiptap/extension-heading": "2.27.1",
    "@tiptap/extension-highlight": "2.27.1",
    "@tiptap/extension-history": "2.27.1",
-    "@tiptap/extension-horizontal-rule": "2.27.1",
    "@tiptap/extension-image": "2.27.1",
    "@tiptap/extension-link": "2.27.1",
    "@tiptap/extension-list-item": "2.27.1",
@@ -101,6 +100,7 @@
    },
    "overrides": {
      "jsdom": "25.0.1",
+      "jsonwebtoken": "9.0.3",
      "y-prosemirror": "1.3.7"
    },
    "neverBuiltDependencies": []
@@ -23,4 +23,3 @@ export * from "./lib/subpages";
 export * from "./lib/highlight";
 export * from "./lib/heading/heading";
 export * from "./lib/unique-id";
-export * from "./lib/hr";
@@ -1,21 +0,0 @@
-import { HorizontalRule as TiptapHorizontalRule } from "@tiptap/extension-horizontal-rule";
-
-export type HorizontalRuleType = "pageBreak";
-
-export const HorizontalRule = TiptapHorizontalRule.extend({
-  addAttributes() {
-    return {
-      type: {
-        default: null,
-        parseHTML: (element) => element.getAttribute("data-type"),
-        renderHTML: (attributes) => {
-          if (attributes.type) {
-            return {
-              "data-type": attributes.type,
-            };
-          }
-        },
-      },
-    };
-  },
-});
@@ -165,6 +165,7 @@ export const Mention = Node.create<MentionOptions>({
  inline: true,
  selectable: true,
  atom: true,
+  draggable: true,

  addAttributes() {
    return {
@@ -28,7 +28,7 @@ export const Subpages = Node.create<SubpagesOptions>({

  group: "block",
  atom: true,
-  draggable: false,
+  draggable: true,

  parseHTML() {
    return [
@@ -3,7 +3,6 @@ import { Editor, findParentNode, isTextSelection } from "@tiptap/core";
 import { Selection, Transaction } from "@tiptap/pm/state";
 import { CellSelection, TableMap } from "@tiptap/pm/tables";
 import { Node, ResolvedPos } from "@tiptap/pm/model";
-import Table from "@tiptap/extension-table";
 import { sanitizeUrl as braintreeSanitizeUrl } from "@braintree/sanitize-url";
 import { customAlphabet } from "nanoid";

@@ -289,7 +288,7 @@ export const isColumnGripSelected = ({
  const node = nodeDOM || domAtPos;

  if (
-    !editor.isActive(Table.name) ||
+    !editor.isActive("table") ||
    !node ||
    isTableSelected(state.selection)
  ) {
@@ -6,6 +6,7 @@ settings:

 overrides:
  jsdom: 25.0.1
+  jsonwebtoken: 9.0.3
  y-prosemirror: 1.3.7

 patchedDependencies:
@@ -77,9 +78,6 @@ importers:
      '@tiptap/extension-history':
        specifier: 2.27.1
        version: 2.27.1(@tiptap/core@2.27.1(@tiptap/pm@2.27.1))(@tiptap/pm@2.27.1)
-      '@tiptap/extension-horizontal-rule':
-        specifier: 2.27.1
-        version: 2.27.1(@tiptap/core@2.27.1(@tiptap/pm@2.27.1))(@tiptap/pm@2.27.1)
      '@tiptap/extension-image':
        specifier: 2.27.1
        version: 2.27.1(@tiptap/core@2.27.1(@tiptap/pm@2.27.1))
@@ -560,8 +558,8 @@ importers:
        specifier: ^5.4.1
        version: 5.4.1
      jsonwebtoken:
-        specifier: ^9.0.2
-        version: 9.0.2
+        specifier: 9.0.3
+        version: 9.0.3
      kysely:
        specifier: ^0.28.2
        version: 0.28.2
@@ -7407,8 +7405,8 @@ packages:
  jsonfile@6.1.0:
    resolution: {integrity: sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==}

-  jsonwebtoken@9.0.2:
-    resolution: {integrity: sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==}
+  jsonwebtoken@9.0.3:
+    resolution: {integrity: sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==}
    engines: {node: '>=12', npm: '>=6'}

  jsx-ast-utils@3.3.5:
@@ -7418,11 +7416,11 @@ packages:
  jszip@3.10.1:
    resolution: {integrity: sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==}

-  jwa@1.4.1:
-    resolution: {integrity: sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==}
+  jwa@2.0.1:
+    resolution: {integrity: sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==}

-  jws@3.2.2:
-    resolution: {integrity: sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==}
+  jws@4.0.1:
+    resolution: {integrity: sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==}

  jwt-decode@4.0.0:
    resolution: {integrity: sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==}
@@ -13416,7 +13414,7 @@ snapshots:
    dependencies:
      '@nestjs/common': 11.1.9(class-transformer@0.5.1)(class-validator@0.14.3)(reflect-metadata@0.2.2)(rxjs@7.8.2)
      '@types/jsonwebtoken': 9.0.7
-      jsonwebtoken: 9.0.2
+      jsonwebtoken: 9.0.3

  '@nestjs/mapped-types@2.1.0(@nestjs/common@11.1.9(class-transformer@0.5.1)(class-validator@0.14.3)(reflect-metadata@0.2.2)(rxjs@7.8.2))(class-transformer@0.5.1)(class-validator@0.14.3)(reflect-metadata@0.2.2)':
    dependencies:
@@ -18473,9 +18471,9 @@ snapshots:
    optionalDependencies:
      graceful-fs: 4.2.11

-  jsonwebtoken@9.0.2:
+  jsonwebtoken@9.0.3:
    dependencies:
-      jws: 3.2.2
+      jws: 4.0.1
      lodash.includes: 4.3.0
      lodash.isboolean: 3.0.3
      lodash.isinteger: 4.0.4
@@ -18500,15 +18498,15 @@ snapshots:
      readable-stream: 2.3.8
      setimmediate: 1.0.5

-  jwa@1.4.1:
+  jwa@2.0.1:
    dependencies:
      buffer-equal-constant-time: 1.0.1
      ecdsa-sig-formatter: 1.0.11
      safe-buffer: 5.2.1

-  jws@3.2.2:
+  jws@4.0.1:
    dependencies:
-      jwa: 1.4.1
+      jwa: 2.0.1
      safe-buffer: 5.2.1

  jwt-decode@4.0.0: {}
@@ -19481,7 +19479,7 @@ snapshots:

  passport-jwt@4.0.1:
    dependencies:
-      jsonwebtoken: 9.0.2
+      jsonwebtoken: 9.0.3
      passport-strategy: 1.0.0

  passport-oauth2@1.8.0:
Author	SHA1	Message	Date
Philipinho	404e6c0b2f	fix	2025-12-18 18:32:24 +00:00
Philipinho	900e367677	Merge branch 'main' into permissions-2	2025-12-18 18:30:48 +00:00
Philipinho	732951a322	v0.24.1	2025-12-14 13:24:09 +00:00
Philipinho	2544775266	fix: switch to node slim image	2025-12-14 13:16:40 +00:00
Philipinho	d59539f197	fix ai streaming	2025-12-13 14:15:41 +00:00
Philipinho	b061df7f7d	Use new fastify router options	2025-12-13 14:15:06 +00:00
Philipinho	0fe1459864	fix: override jsonwebtoken version	2025-12-12 17:25:27 +00:00
Philipinho	6af7956889	v0.24.0	2025-12-12 17:15:59 +00:00
Philip Okugbe	3dbb957bd7	New Crowdin updates (#1541 ) * New translations translation.json (Dutch) * New translations translation.json (French) * New translations translation.json (Spanish) * New translations translation.json (German) * New translations translation.json (Italian) * New translations translation.json (Japanese) * New translations translation.json (Korean) * New translations translation.json (Dutch) * New translations translation.json (Russian) * New translations translation.json (Ukrainian) * New translations translation.json (Chinese Simplified) * New translations translation.json (English) * New translations translation.json (Portuguese, Brazilian) * New translations translation.json (Russian) * New translations translation.json (German) * New translations translation.json (German) * New translations translation.json (German) * New translations translation.json (French) * New translations translation.json (Spanish) * New translations translation.json (Italian) * New translations translation.json (Japanese) * New translations translation.json (Korean) * New translations translation.json (Dutch) * New translations translation.json (Russian) * New translations translation.json (Ukrainian) * New translations translation.json (Chinese Simplified) * New translations translation.json (English) * New translations translation.json (Portuguese, Brazilian) * New translations translation.json (Russian) * New translations translation.json (Ukrainian) * New translations translation.json (Ukrainian) * New translations translation.json (Russian) * New translations translation.json (Spanish) * New translations translation.json (Korean) * New translations translation.json (Korean) * New translations translation.json (French) * New translations translation.json (Spanish) * New translations translation.json (German) * New translations translation.json (Italian) * New translations translation.json (Japanese) * New translations translation.json (Korean) * New translations translation.json (Dutch) * New translations translation.json (Russian) * New translations translation.json (Ukrainian) * New translations translation.json (Chinese Simplified) * New translations translation.json (English) * New translations translation.json (Portuguese, Brazilian) * New translations translation.json (French) * New translations translation.json (Spanish) * New translations translation.json (German) * New translations translation.json (Italian) * New translations translation.json (Japanese) * New translations translation.json (Korean) * New translations translation.json (Dutch) * New translations translation.json (Russian) * New translations translation.json (Ukrainian) * New translations translation.json (Chinese Simplified) * New translations translation.json (English) * New translations translation.json (Portuguese, Brazilian) * New translations translation.json (French) * New translations translation.json (Spanish) * New translations translation.json (German) * New translations translation.json (Italian) * New translations translation.json (Japanese) * New translations translation.json (Korean) * New translations translation.json (Dutch) * New translations translation.json (Russian) * New translations translation.json (Ukrainian) * New translations translation.json (Chinese Simplified) * New translations translation.json (Portuguese, Brazilian)	2025-12-12 17:15:19 +00:00
Philipinho	f39a4cf2d5	fix space modal spacing	2025-12-12 14:08:30 +00:00
Philipinho	724e01bd55	fix default page share state (API)	2025-12-11 20:43:26 +00:00
Philip Okugbe	6e350f6746	fix nodeview dragging (#1775 )	2025-12-11 19:32:18 +00:00
Philip Okugbe	cb9f27da9a	fix mermaid security (#1774 )	2025-12-11 16:44:52 +00:00
Philipinho	ace00a0b0a	WIP	2025-08-14 08:58:23 -07:00