feat: page break command

2026-05-07 22:53:08 +08:00 · 2025-12-06 22:08:12 +00:00
64 changed files with 268 additions and 2821 deletions
@@ -1,4 +1,4 @@
-FROM node:22-slim AS base
+FROM node:22-alpine AS base
 LABEL org.opencontainers.image.source="https://github.com/docmost/docmost"

 FROM base AS builder
@@ -13,9 +13,7 @@ RUN pnpm build

 FROM base AS installer

-RUN apt-get update \
-  && apt-get install -y --no-install-recommends curl bash \
-  && rm -rf /var/lib/apt/lists/*
+RUN apk add --no-cache curl bash

 WORKDIR /app

@@ -1,7 +1,7 @@
 {
  "name": "client",
  "private": true,
-  "version": "0.24.1",
+  "version": "0.23.2",
  "scripts": {
    "dev": "vite",
    "build": "tsc && vite build",
@@ -42,7 +42,7 @@
  "Delete group": "Gruppe löschen",
  "Are you sure you want to delete this page? This will delete its children and page history. This action is irreversible.": "Sind Sie sicher, dass Sie diese Seite löschen möchten? Dadurch werden ihre Unterseiten und die Seitengeschichte gelöscht. Diese Aktion ist unwiderruflich.",
  "Description": "Beschreibung",
-  "Details": "Details",
+  "Details": "Einzelheiten",
  "e.g ACME": "z.B. ACME",
  "e.g ACME Inc": "z.B. ACME Inc.",
  "e.g Developers": "z.B. Entwickler",
@@ -525,47 +525,5 @@
  "Delete SSO provider": "SSO-Anbieter löschen",
  "Are you sure you want to delete this SSO provider?": "Sind Sie sicher, dass Sie diesen SSO-Anbieter löschen möchten?",
  "Action": "Aktion",
-  "{{ssoProviderType}} configuration": "{{ssoProviderType}}-Konfiguration",
-  "Icon": "Icon",
-  "Upload image": "Bild hochladen",
-  "Remove image": "Bild entfernen",
-  "Failed to remove image": "Fehler beim Entfernen des Bildes",
-  "Image exceeds 10MB limit.": "Bild überschreitet das Limit von 10 MB.",
-  "Image removed successfully": "Bild erfolgreich entfernt",
-  "API key": "API-Schlüssel",
-  "API key created successfully": "API-Schlüssel erfolgreich erstellt",
-  "API keys": "API-Schlüssel",
-  "API management": "API-Verwaltung",
-  "Are you sure you want to revoke this API key": "Sind Sie sicher, dass Sie diesen API-Schlüssel widerrufen möchten?",
-  "Create API Key": "API-Schlüssel erstellen",
-  "Custom expiration date": "Benutzerdefiniertes Ablaufdatum",
-  "Enter a descriptive token name": "Geben Sie einen beschreibenden Token-Namen ein",
-  "Expiration": "Ablauf",
-  "Expired": "Abgelaufen",
-  "Expires": "Läuft ab",
-  "I've saved my API key": "Ich habe meinen API-Schlüssel gespeichert",
-  "Last use": "Zuletzt verwendet",
-  "No API keys found": "Keine API-Schlüssel gefunden",
-  "No expiration": "Kein Ablauf",
-  "Revoke API key": "API-Schlüssel widerrufen",
-  "Revoked successfully": "Erfolgreich widerrufen",
-  "Select expiration date": "Ablaufdatum wählen",
-  "This action cannot be undone. Any applications using this API key will stop working.": "Diese Aktion kann nicht rückgängig gemacht werden. Alle Anwendungen, die diesen API-Schlüssel verwenden, werden nicht mehr funktionieren.",
-  "Update API key": "API-Schlüssel aktualisieren",
-  "Manage API keys for all users in the workspace": "Verwalten Sie API-Schlüssel für alle Benutzer im Arbeitsbereich",
-  "AI settings": "KI-Einstellungen",
-  "AI search": "KI-Suche",
-  "AI Answer": "KI-Antwort",
-  "Ask AI": "KI fragen",
-  "AI is thinking...": "Die KI überlegt...",
-  "Ask a question...": "Fragen stellen...",
-  "AI-powered search (Ask AI)": "KI-gestützte Suche (KI fragen)",
-  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "Die KI-Suche verwendet Vektor-Einbettungen, um semantische Suchfunktionen in Ihrem Arbeitsbereich bereitzustellen.",
-  "Toggle AI search": "KI-Suche umschalten",
-  "Sources": "Quellen",
-  "Ask AI not available for attachments": "KI fragen nicht für Anhänge verfügbar",
-  "No answer available": "Keine Antwort verfügbar",
-  "Background color": "Hintergrundfarbe",
-  "Highlight color": "Hervorhebungsfarbe",
-  "Remove color": "Farbe entfernen"
+  "{{ssoProviderType}} configuration": "{{ssoProviderType}}-Konfiguration"
 }
@@ -527,47 +527,5 @@
  "Delete SSO provider": "Eliminar proveedor de SSO",
  "Are you sure you want to delete this SSO provider?": "¿Está seguro de que desea eliminar este proveedor de SSO?",
  "Action": "Acción",
-  "{{ssoProviderType}} configuration": "Configuración de {{ssoProviderType}}",
-  "Icon": "Icono",
-  "Upload image": "Subir imagen",
-  "Remove image": "Eliminar imagen",
-  "Failed to remove image": "No se ha podido eliminar la imagen",
-  "Image exceeds 10MB limit.": "La imagen excede del límite de 10 MB",
-  "Image removed successfully": "Imagen eliminada correctamente",
-  "API key": "Clave API",
-  "API key created successfully": "Clave API creada correctamente",
-  "API keys": "Claves API",
-  "API management": "Gestión de API",
-  "Are you sure you want to revoke this API key": "¿Está seguro de que desea revocar esta clave API? ",
-  "Create API Key": "Crear clave API",
-  "Custom expiration date": "Fecha de vencimiento personalizada",
-  "Enter a descriptive token name": "Introduce un nombre descriptivo del token",
-  "Expiration": "Vencimiento",
-  "Expired": "Vencido",
-  "Expires": "Vence",
-  "I've saved my API key": "He guardado mi clave API",
-  "Last use": "Último uso",
-  "No API keys found": "No se han encontrado claves API",
-  "No expiration": "Sin vencimiento",
-  "Revoke API key": "Revocar clave API",
-  "Revoked successfully": "Revocada correctamente",
-  "Select expiration date": "Seleccionar fecha de vencimiento",
-  "This action cannot be undone. Any applications using this API key will stop working.": "Esta acción no se puede deshacer. Las aplicaciones que utilicen esta clave API dejarán de funcionar.",
-  "Update API key": "Actualizar clave API",
-  "Manage API keys for all users in the workspace": "Gestionar claves API para todos los usuarios en el espacio de trabajo",
-  "AI settings": "Configuración de IA",
-  "AI search": "Búsqueda de IA",
-  "AI Answer": "Respuesta de IA",
-  "Ask AI": "Preguntar a IA",
-  "AI is thinking...": "IA está pensando...",
-  "Ask a question...": "Haz una pregunta...",
-  "AI-powered search (Ask AI)": "Búsqueda impulsada por IA (Preguntar a IA)",
-  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "La búsqueda de IA utiliza incrustaciones vectoriales para proporcionar capacidades de búsqueda semántica en todo el contenido de su espacio de trabajo.",
-  "Toggle AI search": "Alternar búsqueda de IA",
-  "Sources": "Fuentes",
-  "Ask AI not available for attachments": "Preguntar a IA no está disponible para adjuntos",
-  "No answer available": "No hay respuesta disponible",
-  "Background color": "Color de fondo",
-  "Highlight color": "Color de resaltado",
-  "Remove color": "Eliminar color"
+  "{{ssoProviderType}} configuration": "Configuración de {{ssoProviderType}}"
 }
@@ -527,47 +527,5 @@
  "Delete SSO provider": "Supprimer le fournisseur SSO",
  "Are you sure you want to delete this SSO provider?": "Êtes-vous sûr de vouloir supprimer ce fournisseur SSO ?",
  "Action": "Action",
-  "{{ssoProviderType}} configuration": "Configuration {{ssoProviderType}}",
-  "Icon": "Icône",
-  "Upload image": "Téléverser une image",
-  "Remove image": "Supprimer l'image",
-  "Failed to remove image": "Échec de la suppression de l'image",
-  "Image exceeds 10MB limit.": "L'image dépasse la limite de 10 Mo.",
-  "Image removed successfully": "Image supprimée avec succès",
-  "API key": "Clé API",
-  "API key created successfully": "Clé API créée avec succès",
-  "API keys": "Clés API",
-  "API management": "Gestion des API",
-  "Are you sure you want to revoke this API key": "Êtes-vous sûr de vouloir révoquer cette clé API",
-  "Create API Key": "Créer une clé API",
-  "Custom expiration date": "Date d'expiration personnalisée",
-  "Enter a descriptive token name": "Entrez un nom descriptif pour le jeton",
-  "Expiration": "Expiration",
-  "Expired": "Expiré(e)",
-  "Expires": "Expire",
-  "I've saved my API key": "J'ai enregistré ma clé API",
-  "Last use": "Dernière utilisation",
-  "No API keys found": "Aucune clé API trouvée",
-  "No expiration": "Pas d'expiration",
-  "Revoke API key": "Révoquer la clé API",
-  "Revoked successfully": "Révoqué(e) avec succès",
-  "Select expiration date": "Sélectionnez la date d'expiration",
-  "This action cannot be undone. Any applications using this API key will stop working.": "Cette action ne peut pas être annulée. Toutes les applications utilisant cette clé API cesseront de fonctionner.",
-  "Update API key": "Mettre à jour la clé API",
-  "Manage API keys for all users in the workspace": "Gérer les clés API pour tous les utilisateurs dans l'espace de travail",
-  "AI settings": "Paramètres de l'IA",
-  "AI search": "Recherche IA",
-  "AI Answer": "Réponse IA",
-  "Ask AI": "Demander à l'IA",
-  "AI is thinking...": "L'IA réfléchit...",
-  "Ask a question...": "Posez une question...",
-  "AI-powered search (Ask AI)": "Recherche assistée par l'IA (Demander à l'IA)",
-  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "La recherche IA utilise des incorporations vectorielles pour fournir des capacités de recherche sémantique à travers le contenu de votre espace de travail.",
-  "Toggle AI search": "Basculer la recherche IA",
-  "Sources": "Sources",
-  "Ask AI not available for attachments": "Demande à l'IA non disponible pour les pièces jointes",
-  "No answer available": "Pas de réponse disponible",
-  "Background color": "Couleur de fond",
-  "Highlight color": "Couleur de surbrillance",
-  "Remove color": "Supprimer la couleur"
+  "{{ssoProviderType}} configuration": "Configuration {{ssoProviderType}}"
 }
@@ -527,47 +527,5 @@
  "Delete SSO provider": "Elimina provider SSO",
  "Are you sure you want to delete this SSO provider?": "Sei sicuro di voler eliminare questo provider SSO?",
  "Action": "Azione",
-  "{{ssoProviderType}} configuration": "Configurazione {{ssoProviderType}}",
-  "Icon": "Icona",
-  "Upload image": "Carica immagine",
-  "Remove image": "Rimuovi immagine",
-  "Failed to remove image": "Rimozione immagine fallita",
-  "Image exceeds 10MB limit.": "L'immagine supera il limite di 10MB.",
-  "Image removed successfully": "Immagine rimossa con successo",
-  "API key": "Chiave API",
-  "API key created successfully": "Chiave API creata con successo",
-  "API keys": "Chiavi API",
-  "API management": "Gestione API",
-  "Are you sure you want to revoke this API key": "Sei sicuro di voler revocare questa chiave API",
-  "Create API Key": "Crea Chiave API",
-  "Custom expiration date": "Data di scadenza personalizzata",
-  "Enter a descriptive token name": "Inserisci un nome descrittivo del token",
-  "Expiration": "Scadenza",
-  "Expired": "Scaduto",
-  "Expires": "Scade",
-  "I've saved my API key": "Ho salvato la mia chiave API",
-  "Last use": "Ultimo utilizzo",
-  "No API keys found": "Nessuna chiave API trovata",
-  "No expiration": "Nessuna scadenza",
-  "Revoke API key": "Revoca chiave API",
-  "Revoked successfully": "Revocata con successo",
-  "Select expiration date": "Seleziona la data di scadenza",
-  "This action cannot be undone. Any applications using this API key will stop working.": "Questa azione non può essere annullata. Qualsiasi applicazione che utilizza questa chiave API smetterà di funzionare.",
-  "Update API key": "Aggiorna chiave API",
-  "Manage API keys for all users in the workspace": "Gestisci le chiavi API per tutti gli utenti nell'area di lavoro",
-  "AI settings": "Impostazioni AI",
-  "AI search": "Ricerca AI",
-  "AI Answer": "Risposta AI",
-  "Ask AI": "Chiedi all'AI",
-  "AI is thinking...": "L'AI sta pensando...",
-  "Ask a question...": "Fai una domanda...",
-  "AI-powered search (Ask AI)": "Ricerca potenziata dall'AI (Chiedi all'AI)",
-  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "La ricerca AI utilizza embeddings vettoriali per fornire capacità di ricerca semantica nel contenuto della tua area di lavoro.",
-  "Toggle AI search": "Attiva/disattiva ricerca AI",
-  "Sources": "Fonti",
-  "Ask AI not available for attachments": "Chiedere all'AI non è disponibile per gli allegati",
-  "No answer available": "Nessuna risposta disponibile",
-  "Background color": "Colore di sfondo",
-  "Highlight color": "Colore evidenziato",
-  "Remove color": "Rimuovi colore"
+  "{{ssoProviderType}} configuration": "Configurazione {{ssoProviderType}}"
 }
@@ -527,47 +527,5 @@
  "Delete SSO provider": "SSOプロバイダーを削除する",
  "Are you sure you want to delete this SSO provider?": "このSSOプロバイダーを削除してもよろしいですか？",
  "Action": "アクション",
-  "{{ssoProviderType}} configuration": "{{ssoProviderType}}の構成",
-  "Icon": "アイコン",
-  "Upload image": "画像をアップロード",
-  "Remove image": "画像を削除",
-  "Failed to remove image": "画像の削除に失敗しました",
-  "Image exceeds 10MB limit.": "画像が10MBの制限を超えています。",
-  "Image removed successfully": "画像が正常に削除されました",
-  "API key": "APIキー",
-  "API key created successfully": "APIキーが正常に作成されました",
-  "API keys": "APIキー",
-  "API management": "API管理",
-  "Are you sure you want to revoke this API key": "このAPIキーを無効にしてもよろしいですか",
-  "Create API Key": "APIキーを作成",
-  "Custom expiration date": "カスタム有効期限",
-  "Enter a descriptive token name": "説明的なトークン名を入力してください",
-  "Expiration": "有効期限",
-  "Expired": "期限切れ",
-  "Expires": "期限が切れます",
-  "I've saved my API key": "APIキーを保存しました",
-  "Last use": "最終使用",
-  "No API keys found": "APIキーが見つかりません",
-  "No expiration": "期限なし",
-  "Revoke API key": "APIキーを無効にする",
-  "Revoked successfully": "正常に無効化されました",
-  "Select expiration date": "有効期限を選択してください",
-  "This action cannot be undone. Any applications using this API key will stop working.": "この操作は元に戻せません。このAPIキーを使用しているアプリケーションは動作を停止します。",
-  "Update API key": "APIキーを更新",
-  "Manage API keys for all users in the workspace": "ワークスペース内のすべてのユーザーのAPIキーを管理",
-  "AI settings": "AI設定",
-  "AI search": "AI検索",
-  "AI Answer": "AI回答",
-  "Ask AI": "AIに質問する",
-  "AI is thinking...": "AIが考え中...",
-  "Ask a question...": "質問を入力...",
-  "AI-powered search (Ask AI)": "AIによる検索（AIに質問）",
-  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "AI検索はベクター埋め込みを使用して、ワークスペースコンテンツ全体にわたって意味検索機能を提供します。",
-  "Toggle AI search": "AI検索を切り替え",
-  "Sources": "ソース",
-  "Ask AI not available for attachments": "添付ファイルにはAI質問は利用できません",
-  "No answer available": "回答がありません",
-  "Background color": "背景色",
-  "Highlight color": "ハイライト色",
-  "Remove color": "色を削除"
+  "{{ssoProviderType}} configuration": "{{ssoProviderType}}の構成"
 }
@@ -527,47 +527,5 @@
  "Delete SSO provider": "SSO 제공자 삭제",
  "Are you sure you want to delete this SSO provider?": "이 SSO 제공자를 삭제하시겠습니까?",
  "Action": "작업",
-  "{{ssoProviderType}} configuration": "{{ssoProviderType}} 구성",
-  "Icon": "아이콘",
-  "Upload image": "이미지 업로드",
-  "Remove image": "이미지 제거",
-  "Failed to remove image": "이미지 제거 실패",
-  "Image exceeds 10MB limit.": "이미지가 10MB 용량 제한을 초과합니다.",
-  "Image removed successfully": "이미지가 성공적으로 제거되었습니다",
-  "API key": "API 키",
-  "API key created successfully": "API 키 생성 완료",
-  "API keys": "API 키",
-  "API management": "API 관리",
-  "Are you sure you want to revoke this API key": "이 API 키를 취소하시겠습니까?",
-  "Create API Key": "API 키 생성",
-  "Custom expiration date": "사용자 정의 만료일",
-  "Enter a descriptive token name": "토큰 이름을 입력하세요",
-  "Expiration": "만료",
-  "Expired": "만료됨",
-  "Expires": "만료일",
-  "I've saved my API key": "API 키를 저장했습니다",
-  "Last use": "최근 사용",
-  "No API keys found": "API 키를 찾을 수 없습니다",
-  "No expiration": "유효기간 없음",
-  "Revoke API key": "API 키 취소",
-  "Revoked successfully": "성공적으로 취소되었습니다",
-  "Select expiration date": "만료일 선택",
-  "This action cannot be undone. Any applications using this API key will stop working.": "이 작업은 되돌릴 수 없습니다. 이 API 키를 사용하는 모든 응용 프로그램이 작동을 멈출 것입니다.",
-  "Update API key": "API 키 갱신",
-  "Manage API keys for all users in the workspace": "워크스페이스 내 모든 사용자의 API 키 관리",
-  "AI settings": "AI 설정",
-  "AI search": "AI 검색",
-  "AI Answer": "AI 답변",
-  "Ask AI": "AI에게 묻기",
-  "AI is thinking...": "AI가 생각 중입니다...",
-  "Ask a question...": "질문하세요...",
-  "AI-powered search (Ask AI)": "AI 지원 검색 (AI에게 묻기)",
-  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "AI 검색은 벡터 임베딩을 사용하여 작업공간 콘텐츠에 대한 의미 검색 기능을 제공합니다.",
-  "Toggle AI search": "AI 검색 전환",
-  "Sources": "출처",
-  "Ask AI not available for attachments": "AI에게 묻기 기능은 첨부 파일에 대해 사용할 수 없습니다",
-  "No answer available": "답변을 제공할 수 없습니다",
-  "Background color": "배경 색",
-  "Highlight color": "강조 색",
-  "Remove color": "색 제거"
+  "{{ssoProviderType}} configuration": "{{ssoProviderType}} 구성"
 }
@@ -34,7 +34,7 @@
  "Create group": "Groep aanmaken",
  "Create page": "Pagina aanmaken",
  "Create space": "Ruimte aanmaken",
-  "Create workspace": "Werkruimte aanmaken",
+  "Create workspace": "Wwerkruimte aanmaken",
  "Current password": "Huidig wachtwoord",
  "Dark": "Donker",
  "Date": "Datum",
@@ -91,7 +91,7 @@
  "Invite by email": "Uitnodigen via e-mail",
  "Invite members": "Leden uitnodigen",
  "Invite new members": "Nieuwe leden uitnodigen",
-  "Invited members who are yet to accept their invitation will appear here.": "Uitgenodigde leden die hun uitnodiging nog moeten accepteren zullen hier worden getoond.",
+  "Invited members who are yet to accept their invitation will appear here.": "Uigenodigde leden die hun uitnodiging nog moeten accepteren zullen hier worden getoond.",
  "Invited members will be granted access to spaces the groups can access": "Uitgenodigde leden wordt toegang gegeven tot ruimtes de groepen toegang toe heeft",
  "Join the workspace": "Word lid van de werkruimte",
  "Language": "Taal",
@@ -527,47 +527,5 @@
  "Delete SSO provider": "Verwijder SSO-provider",
  "Are you sure you want to delete this SSO provider?": "Weet u zeker dat u deze SSO-provider wilt verwijderen?",
  "Action": "Actie",
-  "{{ssoProviderType}} configuration": "{{ssoProviderType}} configuratie",
-  "Icon": "Icoon",
-  "Upload image": "Afbeelding uploaden",
-  "Remove image": "Afbeelding verwijderen",
-  "Failed to remove image": "Afbeelding verwijderen mislukt",
-  "Image exceeds 10MB limit.": "Afbeelding overschrijdt de limiet van 10MB.",
-  "Image removed successfully": "Afbeelding succesvol verwijderd",
-  "API key": "API-sleutel",
-  "API key created successfully": "API-sleutel succesvol aangemaakt",
-  "API keys": "API-sleutels",
-  "API management": "API-beheer",
-  "Are you sure you want to revoke this API key": "Weet u zeker dat u deze API-sleutel wilt intrekken",
-  "Create API Key": "API-sleutel aanmaken",
-  "Custom expiration date": "Aangepaste vervaldatum",
-  "Enter a descriptive token name": "Voer een beschrijvende tokennaam in",
-  "Expiration": "Vervaldatum",
-  "Expired": "Verlopen",
-  "Expires": "Verloopt",
-  "I've saved my API key": "Ik heb mijn API-sleutel opgeslagen",
-  "Last use": "Laatst gebruikt",
-  "No API keys found": "Geen API-sleutels gevonden",
-  "No expiration": "Geen vervaldatum",
-  "Revoke API key": "API-sleutel intrekken",
-  "Revoked successfully": "Succesvol ingetrokken",
-  "Select expiration date": "Selecteer vervaldatum",
-  "This action cannot be undone. Any applications using this API key will stop working.": "Deze actie kan niet ongedaan worden gemaakt. Alle toepassingen die deze API-sleutel gebruiken, zullen niet meer werken.",
-  "Update API key": "API-sleutel bijwerken",
-  "Manage API keys for all users in the workspace": "Beheer API-sleutels voor alle gebruikers in de werkruimte",
-  "AI settings": "AI-instellingen",
-  "AI search": "AI-zoekopdracht",
-  "AI Answer": "AI Antwoord",
-  "Ask AI": "Vraag AI",
-  "AI is thinking...": "AI is aan het nadenken...",
-  "Ask a question...": "Stel een vraag...",
-  "AI-powered search (Ask AI)": "AI-ondersteunde zoekopdracht (Vraag AI)",
-  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "AI-zoekopdracht maakt gebruik van vectorembeddings om semantische zoekmogelijkheden te bieden in uw werkruimte-inhoud.",
-  "Toggle AI search": "Schakel AI-zoekopdracht in/uit",
-  "Sources": "Bronnen",
-  "Ask AI not available for attachments": "Vraag AI is niet beschikbaar voor bijlages",
-  "No answer available": "Geen antwoord beschikbaar",
-  "Background color": "Achtergrondkleur",
-  "Highlight color": "Markeerkleur",
-  "Remove color": "Kleur verwijderen"
+  "{{ssoProviderType}} configuration": "{{ssoProviderType}} configuratie"
 }
@@ -527,47 +527,5 @@
  "Delete SSO provider": "Excluir provedor de SSO",
  "Are you sure you want to delete this SSO provider?": "Tem certeza de que deseja excluir este provedor de SSO?",
  "Action": "Ação",
-  "{{ssoProviderType}} configuration": "Configuração de {{ssoProviderType}}",
-  "Icon": "Ícone",
-  "Upload image": "Fazer upload da imagem",
-  "Remove image": "Remover imagem",
-  "Failed to remove image": "Falha ao remover imagem",
-  "Image exceeds 10MB limit.": "A imagem excede o limite de 10MB.",
-  "Image removed successfully": "Imagem removida com sucesso",
-  "API key": "Chave API",
-  "API key created successfully": "Chave API criada com sucesso",
-  "API keys": "Chaves API",
-  "API management": "Gestão de API",
-  "Are you sure you want to revoke this API key": "Tem certeza de que deseja revogar esta chave API",
-  "Create API Key": "Criar Chave API",
-  "Custom expiration date": "Data de expiração personalizada",
-  "Enter a descriptive token name": "Insira um nome descritivo para o token",
-  "Expiration": "Expiração",
-  "Expired": "Expirado",
-  "Expires": "Expira",
-  "I've saved my API key": "Salvei minha chave API",
-  "Last use": "Último uso",
-  "No API keys found": "Nenhuma chave API encontrada",
-  "No expiration": "Sem expiração",
-  "Revoke API key": "Revogar chave API",
-  "Revoked successfully": "Revogada com sucesso",
-  "Select expiration date": "Selecionar data de expiração",
-  "This action cannot be undone. Any applications using this API key will stop working.": "Esta ação não pode ser desfeita. Qualquer aplicação usando esta chave API deixará de funcionar.",
-  "Update API key": "Atualizar chave API",
-  "Manage API keys for all users in the workspace": "Gerenciar chaves API para todos os usuários no espaço de trabalho",
-  "AI settings": "Configurações de IA",
-  "AI search": "Pesquisa IA",
-  "AI Answer": "Resposta de IA",
-  "Ask AI": "Pergunte à IA",
-  "AI is thinking...": "IA está pensando...",
-  "Ask a question...": "Faça uma pergunta...",
-  "AI-powered search (Ask AI)": "Pesquisa com IA (Pergunte à IA)",
-  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "A pesquisa IA usa vetores de incorporação para fornecer capacidades de pesquisa semântica em todo o conteúdo do seu espaço de trabalho.",
-  "Toggle AI search": "Alternar pesquisa de IA",
-  "Sources": "Fontes",
-  "Ask AI not available for attachments": "Perguntar à IA não está disponível para anexos",
-  "No answer available": "Nenhuma resposta disponível",
-  "Background color": "Cor de fundo",
-  "Highlight color": "Cor de destaque",
-  "Remove color": "Remover cor"
+  "{{ssoProviderType}} configuration": "Configuração de {{ssoProviderType}}"
 }
@@ -498,10 +498,10 @@
  "Deleted at": "Удалено в",
  "Preview": "Предпросмотр",
  "Subpages": "Подстраницы",
-  "Failed to load subpages": "Не удалось загрузить под страницы",
+  "Failed to load subpages": "Не удалось загрузить подстраницы",
  "No subpages": "Нет подстраниц",
  "Subpages (Child pages)": "Подстраницы (вложенные страницы)",
-  "List all subpages of the current page": "Показать все под страницы",
+  "List all subpages of the current page": "Показать все подстраницы текущей страницы",
  "Attachments": "Вложения",
  "All spaces": "Все пространства",
  "Unknown": "Неизвестно",
@@ -527,47 +527,5 @@
  "Delete SSO provider": "Удалить поставщика SSO",
  "Are you sure you want to delete this SSO provider?": "Вы уверены, что хотите удалить этого поставщика SSO?",
  "Action": "Действие",
-  "{{ssoProviderType}} configuration": "Настройка {{ssoProviderType}}",
-  "Icon": "Иконка",
-  "Upload image": "Загрузить изображение",
-  "Remove image": "Удалить изображение",
-  "Failed to remove image": "Не удалось удалить изображение",
-  "Image exceeds 10MB limit.": "Изображение превышает предел 10MB.",
-  "Image removed successfully": "Изображение успешно удалено",
-  "API key": "API ключ",
-  "API key created successfully": "API ключ успешно создан",
-  "API keys": "API ключи",
-  "API management": "Управление API",
-  "Are you sure you want to revoke this API key": "Вы уверены, что хотите отозвать этот API ключ",
-  "Create API Key": "Создать API ключ",
-  "Custom expiration date": "Пользовательская дата срока действия",
-  "Enter a descriptive token name": "Введите понятное имя токена",
-  "Expiration": "Срок действия",
-  "Expired": "Истек",
-  "Expires": "Истекает",
-  "I've saved my API key": "Я сохранил мой API ключ",
-  "Last use": "Последнее использование",
-  "No API keys found": "API ключи не найдены",
-  "No expiration": "Не истекает",
-  "Revoke API key": "Отозвать API ключ",
-  "Revoked successfully": "Отозван успешно",
-  "Select expiration date": "Выберете срок действия",
-  "This action cannot be undone. Any applications using this API key will stop working.": "Это действие необратимо. Любые приложения, использующие этот API ключ, перестанут работать.",
-  "Update API key": "Обновить API ключ",
-  "Manage API keys for all users in the workspace": "Управлять API ключами для всех пользователей в рабочей области",
-  "AI settings": "Настройки ИИ",
-  "AI search": "Поиск ИИ",
-  "AI Answer": "Ответ ИИ",
-  "Ask AI": "Спросить ИИ",
-  "AI is thinking...": "ИИ обрабатывает запрос...",
-  "Ask a question...": "Задайте вопрос...",
-  "AI-powered search (Ask AI)": "Поиск на базе ИИ (Спросить ИИ)",
-  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "Поиск ИИ использует векторные встраивания для обеспечения семантического поиска по содержимому вашего рабочего пространства.",
-  "Toggle AI search": "Переключить поиск ИИ",
-  "Sources": "Источники",
-  "Ask AI not available for attachments": "Функция \"Спросить ИИ\" недоступна для вложений",
-  "No answer available": "Ответ недоступен",
-  "Background color": "Цвет фона",
-  "Highlight color": "Цвет выделения",
-  "Remove color": "Удалить цвет"
+  "{{ssoProviderType}} configuration": "Настройка {{ssoProviderType}}"
 }
@@ -527,47 +527,5 @@
  "Delete SSO provider": "Видалити постачальника SSO",
  "Are you sure you want to delete this SSO provider?": "Ви впевнені, що хочете видалити цього постачальника SSO?",
  "Action": "Дія",
-  "{{ssoProviderType}} configuration": "Конфігурація {{ssoProviderType}}",
-  "Icon": "Іконка",
-  "Upload image": "Завантажити зображення",
-  "Remove image": "Видалити зображення",
-  "Failed to remove image": "Не вдалося видалити зображення",
-  "Image exceeds 10MB limit.": "Зображення має займати менше, ніж 10 МБ.",
-  "Image removed successfully": "Зображення видалено",
-  "API key": "Ключ API",
-  "API key created successfully": "Ключ API успішно створено",
-  "API keys": "Ключі API",
-  "API management": "Управління API",
-  "Are you sure you want to revoke this API key": "Ви впевнені, що хочете відкликати цей ключ API",
-  "Create API Key": "Створити ключ API",
-  "Custom expiration date": "Користувацька дата закінчення",
-  "Enter a descriptive token name": "Введіть описову назву токена",
-  "Expiration": "Термін дії",
-  "Expired": "Закінчився",
-  "Expires": "Закінчується",
-  "I've saved my API key": "Я зберіг свій ключ API",
-  "Last use": "Останнє використання",
-  "No API keys found": "Ключі API не знайдено",
-  "No expiration": "Без терміну дії",
-  "Revoke API key": "Відкликати ключ API",
-  "Revoked successfully": "Успішно відкликано",
-  "Select expiration date": "Виберіть дату закінчення",
-  "This action cannot be undone. Any applications using this API key will stop working.": "Цю дію не можна скасувати. Будь-які додатки, що використовують цей ключ API, перестануть працювати.",
-  "Update API key": "Оновити ключ API",
-  "Manage API keys for all users in the workspace": "Керувати ключами API для всіх користувачів у робочій області",
-  "AI settings": "Налаштування ШІ",
-  "AI search": "Пошук з ШІ",
-  "AI Answer": "Відповідь ШІ",
-  "Ask AI": "Запитати ШІ",
-  "AI is thinking...": "ШІ думає...",
-  "Ask a question...": "Задайте питання...",
-  "AI-powered search (Ask AI)": "Пошук на базі ШІ (Запитати ШІ)",
-  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "Пошук з ШІ використовує векторні вбудовування для надання можливостей семантичного пошуку у вашому робочому вмісті.",
-  "Toggle AI search": "Переключити пошук з ШІ",
-  "Sources": "Джерела",
-  "Ask AI not available for attachments": "Запитати ШІ недоступно для вкладень",
-  "No answer available": "Відповідь недоступна",
-  "Background color": "Колір фону",
-  "Highlight color": "Колір підсвічування",
-  "Remove color": "Видалити колір"
+  "{{ssoProviderType}} configuration": "Конфігурація {{ssoProviderType}}"
 }
@@ -527,47 +527,5 @@
  "Delete SSO provider": "删除SSO提供商",
  "Are you sure you want to delete this SSO provider?": "您确定要删除此SSO提供商吗？",
  "Action": "操作",
-  "{{ssoProviderType}} configuration": "{{ssoProviderType}} 配置",
-  "Icon": "图标",
-  "Upload image": "上传图片",
-  "Remove image": "删除图片",
-  "Failed to remove image": "无法删除图片",
-  "Image exceeds 10MB limit.": "图片超过10MB限制。",
-  "Image removed successfully": "图片删除成功",
-  "API key": "API密钥",
-  "API key created successfully": "API密钥创建成功",
-  "API keys": "API密钥",
-  "API management": "API管理",
-  "Are you sure you want to revoke this API key": "确定要撤销此API密钥吗",
-  "Create API Key": "创建API密钥",
-  "Custom expiration date": "自定义到期日期",
-  "Enter a descriptive token name": "输入描述性令牌名称",
-  "Expiration": "到期",
-  "Expired": "已过期",
-  "Expires": "到期",
-  "I've saved my API key": "我已保存我的API密钥",
-  "Last use": "上次使用",
-  "No API keys found": "找不到API密钥",
-  "No expiration": "无到期",
-  "Revoke API key": "撤销API密钥",
-  "Revoked successfully": "撤销成功",
-  "Select expiration date": "选择到期日期",
-  "This action cannot be undone. Any applications using this API key will stop working.": "此操作无法撤销。使用此API密钥的任何应用程序将停止工作。",
-  "Update API key": "更新API密钥",
-  "Manage API keys for all users in the workspace": "管理工作空间中所有用户的API密钥",
-  "AI settings": "AI设置",
-  "AI search": "AI搜索",
-  "AI Answer": "AI回答",
-  "Ask AI": "询问AI",
-  "AI is thinking...": "AI正在思考...",
-  "Ask a question...": "提问...",
-  "AI-powered search (Ask AI)": "AI驱动的搜索（询问AI）",
-  "AI search uses vector embeddings to provide semantic search capabilities across your workspace content.": "AI搜索使用向量嵌入提供跨工作空间内容的语义搜索功能。",
-  "Toggle AI search": "切换AI搜索",
-  "Sources": "来源",
-  "Ask AI not available for attachments": "附件不支持询问AI",
-  "No answer available": "无可用答案",
-  "Background color": "背景颜色",
-  "Highlight color": "突出显示颜色",
-  "Remove color": "移除颜色"
+  "{{ssoProviderType}} configuration": "{{ssoProviderType}} 配置"
 }
@@ -37,18 +37,14 @@ export async function askAi(

  let answer = "";
  let sources: any[] = [];
-  let buffer = "";

  if (reader) {
    while (true) {
      const { done, value } = await reader.read();
      if (done) break;

-      buffer += decoder.decode(value, { stream: true });
-      const lines = buffer.split("\n");
-
-      // Keep the last incomplete line in the buffer
-      buffer = lines.pop() || "";
+      const chunk = decoder.decode(value);
+      const lines = chunk.split("\n");

      for (const line of lines) {
        if (line.startsWith("data: ")) {
@@ -5,7 +5,6 @@ import { v4 as uuidv4 } from "uuid";
 import classes from "./code-block.module.css";
 import { useTranslation } from "react-i18next";
 import { useComputedColorScheme } from "@mantine/core";
-import DOMPurify from "dompurify";

 interface MermaidViewProps {
  props: NodeViewProps;
@@ -38,7 +37,7 @@ export default function MermaidView({ props }: MermaidViewProps) {
        .catch((err) => {
          if (props.editor.isEditable) {
            setPreview(
-              `<div class="${classes.error}">${t("Mermaid diagram error:")} ${DOMPurify.sanitize(err)}</div>`,
+              `<div class="${classes.error}">${t("Mermaid diagram error:")} ${err}</div>`,
            );
          } else {
            setPreview(
@@ -87,7 +87,7 @@ export default function DrawioView(props: NodeViewProps) {
  };

  return (
-    <NodeViewWrapper data-drag-handle>
+    <NodeViewWrapper>
      <Modal.Root opened={opened} onClose={close} fullScreen>
        <Modal.Overlay />
        <Modal.Content style={{ overflow: "hidden" }}>
@@ -85,7 +85,7 @@ export default function EmbedView(props: NodeViewProps) {
  }

  return (
-    <NodeViewWrapper data-drag-handle>
+    <NodeViewWrapper>
      {embedUrl ? (
        <ResizableWrapper
          initialHeight={nodeHeight || 480}
@@ -118,7 +118,7 @@ export default function ExcalidrawView(props: NodeViewProps) {
  };

  return (
-    <NodeViewWrapper data-drag-handle>
+    <NodeViewWrapper>
      <ReactClearModal
        style={{
          backgroundColor: "rgba(0, 0, 0, 0.5)",
@@ -16,7 +16,7 @@ export default function ImageView(props: NodeViewProps) {
  }, [align]);

  return (
-    <NodeViewWrapper data-drag-handle>
+    <NodeViewWrapper>
      <Image
        radius="md"
        fit="contain"
@@ -31,7 +31,7 @@ export default function MentionView(props: NodeViewProps) {
  });

  return (
-    <NodeViewWrapper style={{ display: "inline" }} data-drag-handle>
+    <NodeViewWrapper style={{ display: "inline" }}>
      {entityType === "user" && (
        <Text className={classes.userMention} component="span">
          @{label}
@@ -20,6 +20,7 @@ import {
  IconCalendar,
  IconAppWindow,
  IconSitemap,
+  IconPageBreak,
 } from "@tabler/icons-react";
 import {
  CommandProps,
@@ -153,6 +154,19 @@ const CommandGroups: SlashMenuGroupedItemsType = {
      command: ({ editor, range }: CommandProps) =>
        editor.chain().focus().deleteRange(range).setHorizontalRule().run(),
    },
+    {
+      title: "Page break",
+      description: "Insert page break",
+      searchTerms: ["page break", "hr"],
+      icon: IconPageBreak,
+      command: ({ editor, range }: CommandProps) =>
+        editor
+          .chain()
+          .focus()
+          .deleteRange(range)
+          .insertContent('<hr data-type="pagebreak" /><p></p>')
+          .run(),
+    },
    {
      title: "Image",
      description: "Upload any image from your device.",
@@ -52,7 +52,7 @@ export default function SubpagesView(props: NodeViewProps) {

  if (error && !shareId) {
    return (
-      <NodeViewWrapper data-drag-handle>
+      <NodeViewWrapper>
        <Text c="dimmed" size="md" py="md">
          {t("Failed to load subpages")}
        </Text>
@@ -62,7 +62,7 @@ export default function SubpagesView(props: NodeViewProps) {

  if (subpages.length === 0) {
    return (
-      <NodeViewWrapper data-drag-handle>
+      <NodeViewWrapper>
        <div className={classes.container}>
          <Text c="dimmed" size="md" py="md">
            {t("No subpages")}
@@ -73,7 +73,7 @@ export default function SubpagesView(props: NodeViewProps) {
  }

  return (
-    <NodeViewWrapper data-drag-handle>
+    <NodeViewWrapper>
      <div className={classes.container}>
        <Stack gap={5}>
          {subpages.map((page) => (
@@ -15,7 +15,7 @@ export default function VideoView(props: NodeViewProps) {
  }, [align]);

  return (
-    <NodeViewWrapper data-drag-handle>
+    <NodeViewWrapper>
      <video
        preload="metadata"
        width={width}
@@ -46,6 +46,7 @@ import {
  Heading,
  Highlight,
  UniqueID,
+  HorizontalRule,
 } from "@docmost/editor-ext";
 import {
  randomElement,
@@ -108,7 +109,9 @@ export const mainExtensions = [
        spellcheck: false,
      },
    },
+    horizontalRule: false,
  }),
+  HorizontalRule,
  Heading,
  UniqueID.configure({
    types: ["heading", "paragraph"],
@@ -110,6 +110,14 @@
    border-top: 1px solid #68cef8;
  }

+  hr[data-type="pagebreak"] {
+    border-top: 1px dashed var(--mantine-color-dark-2) !important;
+  }
+
+  .ProseMirror[contenteditable="false"] hr[data-type="pagebreak"] {
+    display: none !important;
+  }
+
  .ProseMirror-selectednode {
    outline: 2px solid #70cff8;
  }
@@ -186,7 +194,6 @@
    margin-left: auto;
    margin-right: auto;
  }
-
 }

 .ProseMirror > h1,
@@ -195,13 +202,11 @@
 .ProseMirror > h4,
 .ProseMirror > h5,
 .ProseMirror > h6 {
-  
  > .link-btn {
    cursor: pointer;
    position: relative;
-
  }
-  
+
  > .link-btn > .link-btn-content {
    opacity: 0;
    position: absolute;
@@ -213,7 +218,7 @@
    justify-content: center;
    flex-direction: column;
  }
-  
+
  &:hover > .link-btn > .link-btn-content {
    opacity: 1;
  }
@@ -20,4 +20,10 @@
  .tableWrapper {
    overflow: hidden !important;
  }
+
+  hr[data-type="pagebreak"] {
+    break-before: always;
+    page-break-before: always;
+    visibility: hidden;
+  }
 }
@@ -62,17 +62,14 @@ export default function SpaceSettingsModal({
                </Tabs.List>

                <Tabs.Panel value="general">
-                  <ScrollArea h={580} scrollbarSize={5} pr={8}>
-                    <div style={{ paddingBottom: "100px"}}>
-                      <SpaceDetails
-                        spaceId={space?.id}
-                        readOnly={spaceAbility.cannot(
-                          SpaceCaslAction.Manage,
-                          SpaceCaslSubject.Settings,
-                        )}
-                      />
-                    </div>
-
+                  <ScrollArea h={550} scrollbarSize={4} pr={8}>
+                    <SpaceDetails
+                      spaceId={space?.id}
+                      readOnly={spaceAbility.cannot(
+                        SpaceCaslAction.Manage,
+                        SpaceCaslSubject.Settings,
+                      )}
+                    />
                  </ScrollArea>
                </Tabs.Panel>

@@ -113,7 +113,7 @@ export default function SpaceMembersList({
  return (
    <>
      <SearchInput onSearch={handleSearch} />
-      <ScrollArea h={450}>
+      <ScrollArea h={400}>
        <Table.ScrollContainer minWidth={500}>
          <Table highlightOnHover verticalSpacing={8}>
            <Table.Thead>
@@ -1,6 +1,6 @@
 {
  "name": "server",
-  "version": "0.24.1",
+  "version": "0.23.2",
  "description": "",
  "author": "",
  "private": true,
@@ -36,6 +36,7 @@ import {
  Highlight,
  UniqueID,
  addUniqueIdsToDoc,
+  HorizontalRule,
 } from '@docmost/editor-ext';
 import { generateText, getSchema, JSONContent } from '@tiptap/core';
 import { generateHTML, generateJSON } from '../common/helpers/prosemirror/html';
@@ -48,7 +49,9 @@ export const tiptapExtensions = [
  StarterKit.configure({
    codeBlock: false,
    heading: false,
+    horizontalRule: false,
  }),
+  HorizontalRule,
  Heading,
  UniqueID.configure({
    types: ['heading', 'paragraph'],
@@ -9,7 +9,6 @@ import { TokenService } from '../../core/auth/services/token.service';
 import { UserRepo } from '@docmost/db/repos/user/user.repo';
 import { PageRepo } from '@docmost/db/repos/page/page.repo';
 import { SpaceMemberRepo } from '@docmost/db/repos/space/space-member.repo';
-import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
 import { findHighestUserSpaceRole } from '@docmost/db/repos/space/utils';
 import { SpaceRole } from '../../common/helpers/types/permission';
 import { getPageId } from '../collaboration.util';
@@ -24,7 +23,6 @@ export class AuthenticationExtension implements Extension {
    private userRepo: UserRepo,
    private pageRepo: PageRepo,
    private readonly spaceMemberRepo: SpaceMemberRepo,
-    private readonly pagePermissionRepo: PagePermissionRepo,
  ) {}

  async onAuthenticate(data: onAuthenticatePayload) {
@@ -70,31 +68,9 @@ export class AuthenticationExtension implements Extension {
      throw new UnauthorizedException();
    }

-    // Check page-level permissions
-    const { hasRestriction, canAccess, canEdit } =
-      await this.pagePermissionRepo.getUserPageAccessLevel(user.id, page.id);
-
-    if (hasRestriction) {
-      // Page has restrictions - use page-level permissions
-      if (!canAccess) {
-        this.logger.warn(
-          `User ${user.id} denied page-level access to page: ${pageId}`,
-        );
-        throw new UnauthorizedException();
-      }
-
-      if (!canEdit) {
-        data.connection.readOnly = true;
-        this.logger.debug(
-          `User ${user.id} granted readonly access to restricted page: ${pageId}`,
-        );
-      }
-    } else {
-      // No restrictions - use space-level permissions
-      if (userSpaceRole === SpaceRole.READER) {
-        data.connection.readOnly = true;
-        this.logger.debug(`User granted readonly access to page: ${pageId}`);
-      }
+    if (userSpaceRole === SpaceRole.READER) {
+      data.connection.readOnly = true;
+      this.logger.debug(`User granted readonly access to page: ${pageId}`);
    }

    this.logger.debug(`Authenticated user ${user.id} on page ${pageId}`);
@@ -14,12 +14,3 @@ export enum SpaceVisibility {
  OPEN = 'open', // any workspace member can see that it exists and join.
  PRIVATE = 'private', // only added space users can see
 }
-
-export enum PageAccessLevel {
-  RESTRICTED = 'restricted', // only specific users/groups can view or edit
-}
-
-export enum PagePermissionRole {
-  READER = 'reader', // can only view content and descendants
-  WRITER = 'writer', // can edit content, descendants, and add new users to permission
-}
@@ -53,7 +53,6 @@ import { TokenService } from '../auth/services/token.service';
 import { JwtAttachmentPayload, JwtType } from '../auth/dto/jwt-payload';
 import * as path from 'path';
 import { RemoveIconDto } from './dto/attachment.dto';
-import { PageAccessService } from '../page-access/page-access.service';

@Controller()
 export class AttachmentController {
@@ -68,7 +67,6 @@ export class AttachmentController {
    private readonly attachmentRepo: AttachmentRepo,
    private readonly environmentService: EnvironmentService,
    private readonly tokenService: TokenService,
-    private readonly pageAccessService: PageAccessService,
  ) {}

  @UseGuards(JwtAuthGuard)
@@ -113,8 +111,13 @@ export class AttachmentController {
      throw new NotFoundException('Page not found');
    }

-    // Checks both space-level and page-level edit permissions
-    await this.pageAccessService.validateCanEdit(page, user);
+    const spaceAbility = await this.spaceAbility.createForUser(
+      user,
+      page.spaceId,
+    );
+    if (spaceAbility.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }

    const spaceId = page.spaceId;

@@ -168,13 +171,14 @@ export class AttachmentController {
      throw new NotFoundException();
    }

-    const page = await this.pageRepo.findById(attachment.pageId);
-    if (!page) {
-      throw new NotFoundException();
-    }
+    const spaceAbility = await this.spaceAbility.createForUser(
+      user,
+      attachment.spaceId,
+    );

-    // Checks both space-level and page-level view permissions
-    await this.pageAccessService.validateCanView(page, user);
+    if (spaceAbility.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }

    try {
      const fileStream = await this.storageService.read(attachment.filePath);
@@ -24,7 +24,6 @@ import {
  SpaceCaslSubject,
 } from '../casl/interfaces/space-ability.type';
 import { CommentRepo } from '@docmost/db/repos/comment/comment.repo';
-import { PageAccessService } from '../page-access/page-access.service';

@UseGuards(JwtAuthGuard)
@Controller('comments')
@@ -34,7 +33,6 @@ export class CommentController {
    private readonly commentRepo: CommentRepo,
    private readonly pageRepo: PageRepo,
    private readonly spaceAbility: SpaceAbilityFactory,
-    private readonly pageAccessService: PageAccessService,
  ) {}

  @HttpCode(HttpStatus.OK)
@@ -49,7 +47,10 @@ export class CommentController {
      throw new NotFoundException('Page not found');
    }

-    await this.pageAccessService.validateCanEdit(page, user);
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Create, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }

    return this.commentService.create(
      {
@@ -74,8 +75,10 @@ export class CommentController {
      throw new NotFoundException('Page not found');
    }

-    await this.pageAccessService.validateCanView(page, user);
-
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }
    return this.commentService.findByPageId(page.id, pagination);
  }

@@ -87,13 +90,13 @@ export class CommentController {
      throw new NotFoundException('Comment not found');
    }

-    const page = await this.pageRepo.findById(comment.pageId);
-    if (!page) {
-      throw new NotFoundException('Page not found');
+    const ability = await this.spaceAbility.createForUser(
+      user,
+      comment.spaceId,
+    );
+    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
    }
-
-    await this.pageAccessService.validateCanView(page, user);
-
    return comment;
  }

@@ -105,12 +108,17 @@ export class CommentController {
      throw new NotFoundException('Comment not found');
    }

-    const page = await this.pageRepo.findById(comment.pageId);
-    if (!page) {
-      throw new NotFoundException('Page not found');
-    }
+    const ability = await this.spaceAbility.createForUser(
+      user,
+      comment.spaceId,
+    );

-    await this.pageAccessService.validateCanEdit(page, user);
+    // must be a space member with edit permission
+    if (ability.cannot(SpaceCaslAction.Edit, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException(
+        'You must have space edit permission to edit comments',
+      );
+    }

    return this.commentService.update(comment, dto, user);
  }
@@ -123,27 +131,41 @@ export class CommentController {
      throw new NotFoundException('Comment not found');
    }

-    const page = await this.pageRepo.findById(comment.pageId);
-    if (!page) {
-      throw new NotFoundException('Page not found');
-    }
+    const ability = await this.spaceAbility.createForUser(
+      user,
+      comment.spaceId,
+    );

-    // Check page-level edit permission first
-    await this.pageAccessService.validateCanEdit(page, user);
+    // must be a space member with edit permission
+    if (ability.cannot(SpaceCaslAction.Edit, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }

    // Check if user is the comment owner
    const isOwner = comment.creatorId === user.id;

    if (isOwner) {
+      /*
+      // Check if comment has children from other users
+      const hasChildrenFromOthers =
+        await this.commentRepo.hasChildrenFromOtherUsers(comment.id, user.id);
+
+      // Owner can delete if no children from other users
+      if (!hasChildrenFromOthers) {
+        await this.commentRepo.deleteComment(comment.id);
+        return;
+      }
+
+      // If has children from others, only space admin can delete
+      if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Settings)) {
+        throw new ForbiddenException(
+          'Only space admins can delete comments with replies from other users',
+        );
+      }*/
      await this.commentRepo.deleteComment(comment.id);
      return;
    }

-    const ability = await this.spaceAbility.createForUser(
-      user,
-      comment.spaceId,
-    );
-
    // Space admin can delete any comment
    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Settings)) {
      throw new ForbiddenException(
@@ -14,7 +14,6 @@ import { SearchModule } from './search/search.module';
 import { SpaceModule } from './space/space.module';
 import { GroupModule } from './group/group.module';
 import { CaslModule } from './casl/casl.module';
-import { PageAccessModule } from './page-access/page-access.module';
 import { DomainMiddleware } from '../common/middlewares/domain.middleware';
 import { ShareModule } from './share/share.module';

@@ -30,7 +29,6 @@ import { ShareModule } from './share/share.module';
    SpaceModule,
    GroupModule,
    CaslModule,
-    PageAccessModule,
    ShareModule,
  ],
 })
@@ -1,9 +0,0 @@
-import { Global, Module } from '@nestjs/common';
-import { PageAccessService } from './page-access.service';
-
-@Global()
-@Module({
-  providers: [PageAccessService],
-  exports: [PageAccessService],
-})
-export class PageAccessModule {}
@@ -1,71 +0,0 @@
-import { ForbiddenException, Injectable } from '@nestjs/common';
-import { Page, User } from '@docmost/db/types/entity.types';
-import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
-import SpaceAbilityFactory from '../casl/abilities/space-ability.factory';
-import {
-  SpaceCaslAction,
-  SpaceCaslSubject,
-} from '../casl/interfaces/space-ability.type';
-
-@Injectable()
-export class PageAccessService {
-  constructor(
-    private readonly pagePermissionRepo: PagePermissionRepo,
-    private readonly spaceAbility: SpaceAbilityFactory,
-  ) {}
-
-  /**
-   * Validate user can view page, throws ForbiddenException if not.
-   * If page has restrictions: page-level permission determines access.
-   * If no restrictions: space-level permission determines access.
-   */
-  async validateCanView(page: Page, user: User): Promise<void> {
-    // TODO: cache by pageId and userId.
-    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
-
-    // User must be at least a space member
-    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
-      throw new ForbiddenException();
-    }
-
-    const { hasRestriction, canAccess } =
-      await this.pagePermissionRepo.getUserPageAccessLevel(user.id, page.id);
-
-    if (hasRestriction) {
-      // Page has restrictions - use page-level permission
-      if (!canAccess) {
-        throw new ForbiddenException();
-      }
-    }
-    // No restriction - space membership (checked above) is sufficient for view
-  }
-
-  /**
-   * Validate user can edit page, throws ForbiddenException if not.
-   * If page has restrictions: page-level writer permission determines access.
-   * If no restrictions: space-level edit permission determines access.
-   */
-  async validateCanEdit(page: Page, user: User): Promise<void> {
-    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
-
-    // User must be at least a space member
-    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
-      throw new ForbiddenException();
-    }
-
-    const { hasRestriction, canEdit } =
-      await this.pagePermissionRepo.getUserPageAccessLevel(user.id, page.id);
-
-    if (hasRestriction) {
-      // Page has restrictions - use page-level permission
-      if (!canEdit) {
-        throw new ForbiddenException();
-      }
-    } else {
-      // No restrictions - use space-level permission
-      if (ability.cannot(SpaceCaslAction.Edit, SpaceCaslSubject.Page)) {
-        throw new ForbiddenException();
-      }
-    }
-  }
-}
@@ -1,67 +0,0 @@
-import {
-  ArrayMaxSize,
-  ArrayMinSize,
-  IsArray,
-  IsEnum,
-  IsNotEmpty,
-  IsOptional,
-  IsString,
-  IsUUID,
-} from 'class-validator';
-import { PagePermissionRole } from '../../../common/helpers/types/permission';
-
-export class PageIdDto {
-  @IsString()
-  @IsNotEmpty()
-  pageId: string;
-}
-
-export class RestrictPageDto extends PageIdDto {}
-
-export class AddPagePermissionDto extends PageIdDto {
-  @IsEnum(PagePermissionRole)
-  role: string;
-
-  @IsOptional()
-  @IsArray()
-  @ArrayMaxSize(25, {
-    message: 'userIds must be an array with no more than 25 elements',
-  })
-  @ArrayMinSize(1)
-  @IsUUID('all', { each: true })
-  userIds?: string[];
-
-  @IsOptional()
-  @IsArray()
-  @ArrayMaxSize(25, {
-    message: 'groupIds must be an array with no more than 25 elements',
-  })
-  @ArrayMinSize(1)
-  @IsUUID('all', { each: true })
-  groupIds?: string[];
-}
-
-export class RemovePagePermissionDto extends PageIdDto {
-  @IsOptional()
-  @IsUUID()
-  userId?: string;
-
-  @IsOptional()
-  @IsUUID()
-  groupId?: string;
-}
-
-export class UpdatePagePermissionRoleDto extends PageIdDto {
-  @IsEnum(PagePermissionRole)
-  role: string;
-
-  @IsOptional()
-  @IsUUID()
-  userId?: string;
-
-  @IsOptional()
-  @IsUUID()
-  groupId?: string;
-}
-
-export class RemovePageRestrictionDto extends PageIdDto {}
@@ -1,107 +0,0 @@
-import {
-  BadRequestException,
-  Body,
-  Controller,
-  HttpCode,
-  HttpStatus,
-  Post,
-  UseGuards,
-} from '@nestjs/common';
-import { PagePermissionService } from './services/page-permission.service';
-import {
-  AddPagePermissionDto,
-  PageIdDto,
-  RemovePagePermissionDto,
-  RemovePageRestrictionDto,
-  RestrictPageDto,
-  UpdatePagePermissionRoleDto,
-} from './dto/page-permission.dto';
-import { AuthUser } from '../../common/decorators/auth-user.decorator';
-import { AuthWorkspace } from '../../common/decorators/auth-workspace.decorator';
-import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
-import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
-import { User, Workspace } from '@docmost/db/types/entity.types';
-
-@UseGuards(JwtAuthGuard)
-@Controller('pages/permissions')
-export class PagePermissionController {
-  constructor(
-    private readonly pagePermissionService: PagePermissionService,
-  ) {}
-
-  @HttpCode(HttpStatus.OK)
-  @Post('restrict')
-  async restrictPage(
-    @Body() dto: RestrictPageDto,
-    @AuthUser() user: User,
-    @AuthWorkspace() workspace: Workspace,
-  ) {
-    await this.pagePermissionService.restrictPage(dto.pageId, user, workspace.id);
-  }
-
-  @HttpCode(HttpStatus.OK)
-  @Post('add')
-  async addPagePermission(
-    @Body() dto: AddPagePermissionDto,
-    @AuthUser() user: User,
-    @AuthWorkspace() workspace: Workspace,
-  ) {
-    if (
-      (!dto.userIds || dto.userIds.length === 0) &&
-      (!dto.groupIds || dto.groupIds.length === 0)
-    ) {
-      throw new BadRequestException('userIds or groupIds is required');
-    }
-
-    await this.pagePermissionService.addPagePermissions(dto, user, workspace.id);
-  }
-
-  @HttpCode(HttpStatus.OK)
-  @Post('remove')
-  async removePagePermission(
-    @Body() dto: RemovePagePermissionDto,
-    @AuthUser() user: User,
-  ) {
-    if (!dto.userId && !dto.groupId) {
-      throw new BadRequestException('userId or groupId is required');
-    }
-
-    await this.pagePermissionService.removePagePermission(dto, user);
-  }
-
-  @HttpCode(HttpStatus.OK)
-  @Post('update-role')
-  async updatePagePermissionRole(
-    @Body() dto: UpdatePagePermissionRoleDto,
-    @AuthUser() user: User,
-  ) {
-    if (!dto.userId && !dto.groupId) {
-      throw new BadRequestException('userId or groupId is required');
-    }
-
-    await this.pagePermissionService.updatePagePermissionRole(dto, user);
-  }
-
-  @HttpCode(HttpStatus.OK)
-  @Post('unrestrict')
-  async removePageRestriction(
-    @Body() dto: RemovePageRestrictionDto,
-    @AuthUser() user: User,
-  ) {
-    await this.pagePermissionService.removePageRestriction(dto.pageId, user);
-  }
-
-  @HttpCode(HttpStatus.OK)
-  @Post('list')
-  async getPagePermissions(
-    @Body() dto: PageIdDto,
-    @Body() pagination: PaginationOptions,
-    @AuthUser() user: User,
-  ) {
-    return this.pagePermissionService.getPagePermissions(
-      dto.pageId,
-      user,
-      pagination,
-    );
-  }
-}
@@ -10,7 +10,6 @@ import {
  UseGuards,
 } from '@nestjs/common';
 import { PageService } from './services/page.service';
-import { PageAccessService } from '../page-access/page-access.service';
 import { CreatePageDto } from './dto/create-page.dto';
 import { UpdatePageDto } from './dto/update-page.dto';
 import { MovePageDto, MovePageToSpaceDto } from './dto/move-page.dto';
@@ -45,7 +44,6 @@ export class PageController {
    private readonly pageRepo: PageRepo,
    private readonly pageHistoryService: PageHistoryService,
    private readonly spaceAbility: SpaceAbilityFactory,
-    private readonly pageAccessService: PageAccessService,
  ) {}

  @HttpCode(HttpStatus.OK)
@@ -63,7 +61,10 @@ export class PageController {
      throw new NotFoundException('Page not found');
    }

-    await this.pageAccessService.validateCanView(page, user);
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }

    return page;
  }
@@ -75,24 +76,12 @@ export class PageController {
    @AuthUser() user: User,
    @AuthWorkspace() workspace: Workspace,
  ) {
-    if (createPageDto.parentPageId) {
-      // Creating under a parent page - check edit permission on parent
-      const parentPage = await this.pageRepo.findById(
-        createPageDto.parentPageId,
-      );
-      if (!parentPage || parentPage.spaceId !== createPageDto.spaceId) {
-        throw new NotFoundException('Parent page not found');
-      }
-      await this.pageAccessService.validateCanEdit(parentPage, user);
-    } else {
-      // Creating at root level - require space-level permission
-      const ability = await this.spaceAbility.createForUser(
-        user,
-        createPageDto.spaceId,
-      );
-      if (ability.cannot(SpaceCaslAction.Create, SpaceCaslSubject.Page)) {
-        throw new ForbiddenException();
-      }
+    const ability = await this.spaceAbility.createForUser(
+      user,
+      createPageDto.spaceId,
+    );
+    if (ability.cannot(SpaceCaslAction.Create, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
    }

    return this.pageService.create(user.id, workspace.id, createPageDto);
@@ -107,7 +96,10 @@ export class PageController {
      throw new NotFoundException('Page not found');
    }

-    await this.pageAccessService.validateCanEdit(page, user);
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Edit, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }

    return this.pageService.update(page, updatePageDto, user.id);
  }
@@ -136,9 +128,10 @@ export class PageController {
      }
      await this.pageService.forceDelete(deletePageDto.pageId, workspace.id);
    } else {
-      // User with edit permission can delete
-      await this.pageAccessService.validateCanEdit(page, user);
-
+      // Soft delete requires page manage permissions
+      if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
+        throw new ForbiddenException();
+      }
      await this.pageService.removePage(
        deletePageDto.pageId,
        user.id,
@@ -160,18 +153,11 @@ export class PageController {
      throw new NotFoundException('Page not found');
    }

-    //Todo: currently, this means if they are not admins, they need to add a space admin to the page, which is not possible as it was soft-deleted
-    // so page is virtually lost. Fix.
    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
      throw new ForbiddenException();
    }

-    //TODO: can users with page level edit, but no space level edit restore pages they can edit?
-
-    // Check page-level edit permission (if restoring to a restricted ancestor)
-    await this.pageAccessService.validateCanEdit(page, user);
-
    await this.pageRepo.restorePage(pageIdDto.pageId, workspace.id);

    return this.pageRepo.findById(pageIdDto.pageId, {
@@ -198,7 +184,6 @@ export class PageController {

      return this.pageService.getRecentSpacePages(
        recentPageDto.spaceId,
-        user.id,
        pagination,
      );
    }
@@ -213,7 +198,6 @@ export class PageController {
    @Body() pagination: PaginationOptions,
    @AuthUser() user: User,
  ) {
-    //TODO: should space admin see deleted pages they dont have access to?
    if (deletedPageDto.spaceId) {
      const ability = await this.spaceAbility.createForUser(
        user,
@@ -231,6 +215,7 @@ export class PageController {
    }
  }

+  // TODO: scope to workspaces
  @HttpCode(HttpStatus.OK)
  @Post('/history')
  async getPageHistory(
@@ -243,7 +228,10 @@ export class PageController {
      throw new NotFoundException('Page not found');
    }

-    await this.pageAccessService.validateCanView(page, user);
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }

    return this.pageHistoryService.findHistoryByPageId(page.id, pagination);
  }
@@ -259,14 +247,13 @@ export class PageController {
      throw new NotFoundException('Page history not found');
    }

-    // Get the page to check permissions
-    const page = await this.pageRepo.findById(history.pageId);
-    if (!page) {
-      throw new NotFoundException('Page not found');
+    const ability = await this.spaceAbility.createForUser(
+      user,
+      history.spaceId,
+    );
+    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
    }
-
-    await this.pageAccessService.validateCanView(page, user);
-
    return history;
  }

@@ -298,12 +285,7 @@ export class PageController {
      throw new ForbiddenException();
    }

-    return this.pageService.getSidebarPages(
-      spaceId,
-      pagination,
-      dto.pageId,
-      user.id,
-    );
+    return this.pageService.getSidebarPages(spaceId, pagination, dto.pageId);
  }

  @HttpCode(HttpStatus.OK)
@@ -333,11 +315,7 @@ export class PageController {
      throw new ForbiddenException();
    }

-    // Check page-level edit permission on the source page
-    await this.pageAccessService.validateCanEdit(movedPage, user);
-
-    // Moves only accessible pages; inaccessible child pages become root pages in original space
-    return this.pageService.movePageToSpace(movedPage, dto.spaceId, user.id);
+    return this.pageService.movePageToSpace(movedPage, dto.spaceId);
  }

  @HttpCode(HttpStatus.OK)
@@ -348,10 +326,6 @@ export class PageController {
      throw new NotFoundException('Page to copy not found');
    }

-    // Check page-level view permission on the source page (need to read to copy)
-    // Inaccessible child branches are automatically skipped during duplication
-    await this.pageAccessService.validateCanView(copiedPage, user);
-
    // If spaceId is provided, it's a copy to different space
    if (dto.spaceId) {
      const abilities = await Promise.all([
@@ -394,22 +368,10 @@ export class PageController {
      user,
      movedPage.spaceId,
    );
-
    if (ability.cannot(SpaceCaslAction.Edit, SpaceCaslSubject.Page)) {
      throw new ForbiddenException();
    }

-    // Check page-level edit permission
-    await this.pageAccessService.validateCanEdit(movedPage, user);
-
-    // If moving to a new parent, check permission on the target parent
-    if (dto.parentPageId && dto.parentPageId !== movedPage.parentPageId) {
-      const targetParent = await this.pageRepo.findById(dto.parentPageId);
-      if (targetParent) {
-        await this.pageAccessService.validateCanEdit(targetParent, user);
-      }
-    }
-
    return this.pageService.movePage(dto, movedPage);
  }

@@ -421,8 +383,10 @@ export class PageController {
      throw new NotFoundException('Page not found');
    }

-    await this.pageAccessService.validateCanView(page, user);
-
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
+      throw new ForbiddenException();
+    }
    return this.pageService.getPageBreadCrumbs(page.id);
  }
 }
@@ -3,14 +3,12 @@ import { PageService } from './services/page.service';
 import { PageController } from './page.controller';
 import { PageHistoryService } from './services/page-history.service';
 import { TrashCleanupService } from './services/trash-cleanup.service';
-import { PagePermissionService } from './services/page-permission.service';
-import { PagePermissionController } from './page-permission.controller';
 import { StorageModule } from '../../integrations/storage/storage.module';

@Module({
-  controllers: [PageController, PagePermissionController],
-  providers: [PageService, PageHistoryService, TrashCleanupService, PagePermissionService],
-  exports: [PageService, PageHistoryService, PagePermissionService],
+  controllers: [PageController],
+  providers: [PageService, PageHistoryService, TrashCleanupService],
+  exports: [PageService, PageHistoryService],
  imports: [StorageModule],
 })
 export class PageModule {}
@@ -1,438 +0,0 @@
-import {
-  BadRequestException,
-  ForbiddenException,
-  Injectable,
-  NotFoundException,
-} from '@nestjs/common';
-import { InjectKysely } from 'nestjs-kysely';
-import { KyselyDB } from '@docmost/db/types/kysely.types';
-import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
-import { PageRepo } from '@docmost/db/repos/page/page.repo';
-import {
-  AddPagePermissionDto,
-  RemovePagePermissionDto,
-  UpdatePagePermissionRoleDto,
-} from '../dto/page-permission.dto';
-import { Page, User } from '@docmost/db/types/entity.types';
-import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
-import {
-  PageAccessLevel,
-  PagePermissionRole,
-} from '../../../common/helpers/types/permission';
-import { executeTx } from '@docmost/db/utils';
-import SpaceAbilityFactory from '../../casl/abilities/space-ability.factory';
-import {
-  SpaceCaslAction,
-  SpaceCaslSubject,
-} from '../../casl/interfaces/space-ability.type';
-
-@Injectable()
-export class PagePermissionService {
-  constructor(
-    private pagePermissionRepo: PagePermissionRepo,
-    private pageRepo: PageRepo,
-    private spaceAbility: SpaceAbilityFactory,
-    @InjectKysely() private readonly db: KyselyDB,
-  ) {}
-
-  async restrictPage(
-    pageId: string,
-    authUser: User,
-    workspaceId: string,
-  ): Promise<void> {
-    const page = await this.pageRepo.findById(pageId);
-    if (!page) {
-      throw new NotFoundException('Page not found');
-    }
-
-    const ability = await this.spaceAbility.createForUser(authUser, page.spaceId);
-    if (ability.cannot(SpaceCaslAction.Edit, SpaceCaslSubject.Page)) {
-      throw new ForbiddenException();
-    }
-
-    // TODO: does this check if any of the page's ancestor's is restricted and the user don't have access to it?
-    // to have access to this page, they must already have access to the page if any of it's ancestor's is restricted
-
-    const existingAccess =
-      await this.pagePermissionRepo.findPageAccessByPageId(pageId);
-    if (existingAccess) {
-      throw new BadRequestException('Page is already restricted');
-    }
-
-    await executeTx(this.db, async (trx) => {
-      const pageAccess = await this.pagePermissionRepo.insertPageAccess(
-        {
-          pageId: pageId,
-          workspaceId: workspaceId,
-          accessLevel: PageAccessLevel.RESTRICTED,
-          creatorId: authUser.id,
-        },
-        trx,
-      );
-
-      await this.pagePermissionRepo.insertPagePermissions(
-        [
-          {
-            pageAccessId: pageAccess.id,
-            userId: authUser.id,
-            role: PagePermissionRole.WRITER,
-            addedById: authUser.id,
-          },
-        ],
-        trx,
-      );
-    });
-  }
-
-  async addPagePermissions(
-    dto: AddPagePermissionDto,
-    authUser: User,
-    workspaceId: string,
-  ): Promise<void> {
-    const page = await this.pageRepo.findById(dto.pageId);
-    if (!page) {
-      throw new NotFoundException('Page not found');
-    }
-
-    await this.validateWriteAccess(page, authUser);
-
-    const pageAccess = await this.pagePermissionRepo.findPageAccessByPageId(
-      dto.pageId,
-    );
-    if (!pageAccess) {
-      throw new BadRequestException(
-        'Page is not restricted. Restrict the page first.',
-      );
-    }
-
-    let validUsers = [];
-    let validGroups = [];
-
-    if (dto.userIds && dto.userIds.length > 0) {
-      validUsers = await this.db
-        .selectFrom('users')
-        .select(['id'])
-        .where('id', 'in', dto.userIds)
-        .where('workspaceId', '=', workspaceId)
-        .where(({ not, exists, selectFrom }) =>
-          not(
-            exists(
-              selectFrom('pagePermissions')
-                .select('id')
-                .whereRef('pagePermissions.userId', '=', 'users.id')
-                .where('pagePermissions.pageAccessId', '=', pageAccess.id),
-            ),
-          ),
-        )
-        .execute();
-    }
-
-    if (dto.groupIds && dto.groupIds.length > 0) {
-      validGroups = await this.db
-        .selectFrom('groups')
-        .select(['id'])
-        .where('id', 'in', dto.groupIds)
-        .where('workspaceId', '=', workspaceId)
-        .where(({ not, exists, selectFrom }) =>
-          not(
-            exists(
-              selectFrom('pagePermissions')
-                .select('id')
-                .whereRef('pagePermissions.groupId', '=', 'groups.id')
-                .where('pagePermissions.pageAccessId', '=', pageAccess.id),
-            ),
-          ),
-        )
-        .execute();
-    }
-
-    const permissionsToAdd = [];
-
-    for (const user of validUsers) {
-      permissionsToAdd.push({
-        pageAccessId: pageAccess.id,
-        userId: user.id,
-        role: dto.role,
-        addedById: authUser.id,
-      });
-    }
-
-    for (const group of validGroups) {
-      permissionsToAdd.push({
-        pageAccessId: pageAccess.id,
-        groupId: group.id,
-        role: dto.role,
-        addedById: authUser.id,
-      });
-    }
-
-    if (permissionsToAdd.length > 0) {
-      await this.pagePermissionRepo.insertPagePermissions(permissionsToAdd);
-    }
-  }
-
-  async removePagePermission(
-    dto: RemovePagePermissionDto,
-    authUser: User,
-  ): Promise<void> {
-    const page = await this.pageRepo.findById(dto.pageId);
-    if (!page) {
-      throw new NotFoundException('Page not found');
-    }
-
-    await this.validateWriteAccess(page, authUser);
-
-    const pageAccess = await this.pagePermissionRepo.findPageAccessByPageId(
-      dto.pageId,
-    );
-    if (!pageAccess) {
-      throw new BadRequestException('Page is not restricted');
-    }
-
-    if (!dto.userId && !dto.groupId) {
-      throw new BadRequestException('Please provide a userId or groupId');
-    }
-
-    if (dto.userId) {
-      const permission = await this.pagePermissionRepo.findPagePermissionByUserId(
-        pageAccess.id,
-        dto.userId,
-      );
-      if (!permission) {
-        throw new NotFoundException('Permission not found');
-      }
-
-      if (permission.role === PagePermissionRole.WRITER) {
-        await this.validateLastWriter(pageAccess.id);
-      }
-
-      await this.pagePermissionRepo.deletePagePermissionByUserId(
-        pageAccess.id,
-        dto.userId,
-      );
-    } else if (dto.groupId) {
-      const permission =
-        await this.pagePermissionRepo.findPagePermissionByGroupId(
-          pageAccess.id,
-          dto.groupId,
-        );
-      if (!permission) {
-        throw new NotFoundException('Permission not found');
-      }
-
-      if (permission.role === PagePermissionRole.WRITER) {
-        await this.validateLastWriter(pageAccess.id);
-      }
-
-      await this.pagePermissionRepo.deletePagePermissionByGroupId(
-        pageAccess.id,
-        dto.groupId,
-      );
-    }
-  }
-
-  async updatePagePermissionRole(
-    dto: UpdatePagePermissionRoleDto,
-    authUser: User,
-  ): Promise<void> {
-    const page = await this.pageRepo.findById(dto.pageId);
-    if (!page) {
-      throw new NotFoundException('Page not found');
-    }
-
-    await this.validateWriteAccess(page, authUser);
-
-    const pageAccess = await this.pagePermissionRepo.findPageAccessByPageId(
-      dto.pageId,
-    );
-    if (!pageAccess) {
-      throw new BadRequestException('Page is not restricted');
-    }
-
-    if (!dto.userId && !dto.groupId) {
-      throw new BadRequestException('Please provide a userId or groupId');
-    }
-
-    if (dto.userId) {
-      const permission =
-        await this.pagePermissionRepo.findPagePermissionByUserId(
-          pageAccess.id,
-          dto.userId,
-        );
-      if (!permission) {
-        throw new NotFoundException('Permission not found');
-      }
-
-      if (permission.role === dto.role) {
-        return;
-      }
-
-      if (permission.role === PagePermissionRole.WRITER) {
-        await this.validateLastWriter(pageAccess.id);
-      }
-
-      await this.pagePermissionRepo.updatePagePermissionRole(
-        pageAccess.id,
-        dto.role,
-        { userId: dto.userId },
-      );
-    } else if (dto.groupId) {
-      const permission =
-        await this.pagePermissionRepo.findPagePermissionByGroupId(
-          pageAccess.id,
-          dto.groupId,
-        );
-      if (!permission) {
-        throw new NotFoundException('Permission not found');
-      }
-
-      if (permission.role === dto.role) {
-        return;
-      }
-
-      if (permission.role === PagePermissionRole.WRITER) {
-        await this.validateLastWriter(pageAccess.id);
-      }
-
-      await this.pagePermissionRepo.updatePagePermissionRole(
-        pageAccess.id,
-        dto.role,
-        { groupId: dto.groupId },
-      );
-    }
-  }
-
-  async removePageRestriction(pageId: string, authUser: User): Promise<void> {
-    const page = await this.pageRepo.findById(pageId);
-    if (!page) {
-      throw new NotFoundException('Page not found');
-    }
-
-    await this.validateWriteAccess(page, authUser);
-
-    const pageAccess =
-      await this.pagePermissionRepo.findPageAccessByPageId(pageId);
-    if (!pageAccess) {
-      throw new BadRequestException('Page is not restricted');
-    }
-
-    await this.pagePermissionRepo.deletePageAccess(pageId);
-  }
-
-  async getPagePermissions(
-    pageId: string,
-    authUser: User,
-    pagination: PaginationOptions,
-  ) {
-    const page = await this.pageRepo.findById(pageId);
-    if (!page) {
-      throw new NotFoundException('Page not found');
-    }
-
-    const ability = await this.spaceAbility.createForUser(authUser, page.spaceId);
-    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
-      throw new ForbiddenException();
-    }
-
-    const pageAccess =
-      await this.pagePermissionRepo.findPageAccessByPageId(pageId);
-    if (!pageAccess) {
-      return {
-        items: [],
-        pagination: {
-          page: 1,
-          perPage: pagination.limit,
-          totalItems: 0,
-          totalPages: 0,
-          hasNextPage: false,
-          hasPrevPage: false,
-        },
-      };
-    }
-
-    return this.pagePermissionRepo.getPagePermissionsPaginated(
-      pageAccess.id,
-      pagination,
-    );
-  }
-
-  async validateLastWriter(pageAccessId: string): Promise<void> {
-    const writerCount =
-      await this.pagePermissionRepo.countWritersByPageAccessId(pageAccessId);
-    if (writerCount <= 1) {
-      throw new BadRequestException(
-        'There must be at least one user with "Can edit" permission',
-      );
-    }
-  }
-
-  /**
-   * Check if user has writer permission on ALL restricted ancestors of a page.
-   * Used for permission management operations.
-   */
-  async hasWritePermission(userId: string, pageId: string): Promise<boolean> {
-    const hasRestriction =
-      await this.pagePermissionRepo.hasRestrictedAncestor(pageId);
-
-    if (!hasRestriction) {
-      return false; // no restrictions, defer to space permissions
-    }
-
-    return this.pagePermissionRepo.canUserEditPage(userId, pageId);
-  }
-
-  async hasPageAccess(pageId: string): Promise<boolean> {
-    const pageAccess =
-      await this.pagePermissionRepo.findPageAccessByPageId(pageId);
-    return !!pageAccess;
-  }
-
-  async validateWriteAccess(page: Page, user: User): Promise<void> {
-    const hasWritePermission = await this.hasWritePermission(user.id, page.id);
-    if (hasWritePermission) {
-      return;
-    }
-
-    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
-    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
-      throw new ForbiddenException();
-    }
-  }
-
-  /**
-   * Check if user can view a page.
-   * User must have permission (reader or writer) on EVERY restricted ancestor.
-   * Returns true if:
-   * - No ancestors are restricted (defer to space permission)
-   * - User has permission on all restricted ancestors
-   */
-  async canViewPage(userId: string, pageId: string): Promise<boolean> {
-    return this.pagePermissionRepo.canUserAccessPage(userId, pageId);
-  }
-
-  /**
-   * Check if user can edit a page.
-   * User must have WRITER permission on EVERY restricted ancestor.
-   * Returns true if:
-   * - No ancestors are restricted (defer to space permission)
-   * - User has writer permission on all restricted ancestors
-   */
-  async canEditPage(userId: string, pageId: string): Promise<boolean> {
-    return this.pagePermissionRepo.canUserEditPage(userId, pageId);
-  }
-
-  /**
-   * Filter page IDs to only those the user can access.
-   */
-  async filterAccessiblePages(
-    pageIds: string[],
-    userId: string,
-  ): Promise<string[]> {
-    const results =
-      await this.pagePermissionRepo.filterAccessiblePageIdsWithPermissions(
-        pageIds,
-        userId,
-      );
-    return results.map((r) => r.id);
-  }
-}
@@ -7,7 +7,6 @@ import {
 import { CreatePageDto } from '../dto/create-page.dto';
 import { UpdatePageDto } from '../dto/update-page.dto';
 import { PageRepo } from '@docmost/db/repos/page/page.repo';
-import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
 import { InsertablePage, Page, User } from '@docmost/db/types/entity.types';
 import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
 import {
@@ -48,7 +47,6 @@ export class PageService {

  constructor(
    private pageRepo: PageRepo,
-    private pagePermissionRepo: PagePermissionRepo,
    private attachmentRepo: AttachmentRepo,
    @InjectKysely() private readonly db: KyselyDB,
    private readonly storageService: StorageService,
@@ -57,61 +55,6 @@ export class PageService {
    private eventEmitter: EventEmitter2,
  ) {}

-  /**
-   * Filters a list of pages to only those accessible to the user while maintaining tree integrity.
-   * A page is included only if:
-   * 1. The user has access to it
-   * 2. Its parent is also included (or it's the root page)
-   * This ensures that if a middle page is inaccessible, its entire subtree is excluded.
-   */
-  private async filterAccessibleTreePages<T extends { id: string; parentPageId: string | null }>(
-    pages: T[],
-    rootPageId: string,
-    userId: string,
-  ): Promise<T[]> {
-    if (pages.length === 0) return [];
-
-    const pageIds = pages.map((p) => p.id);
-    const accessiblePages =
-      await this.pagePermissionRepo.filterAccessiblePageIdsWithPermissions(
-        pageIds,
-        userId,
-      );
-    const accessibleSet = new Set(accessiblePages.map((p) => p.id));
-
-    // Build a map for quick lookup
-    const pageMap = new Map(pages.map((p) => [p.id, p]));
-
-    // Prune: include a page only if it's accessible AND its parent chain to root is included
-    const includedIds = new Set<string>();
-
-    // Process pages in a way that ensures parents are processed before children
-    // We do this by iterating until no more pages can be added
-    let changed = true;
-    while (changed) {
-      changed = false;
-      for (const page of pages) {
-        if (includedIds.has(page.id)) continue;
-        if (!accessibleSet.has(page.id)) continue;
-
-        // Root page: include if accessible
-        if (page.id === rootPageId) {
-          includedIds.add(page.id);
-          changed = true;
-          continue;
-        }
-
-        // Non-root: include if parent is already included
-        if (page.parentPageId && includedIds.has(page.parentPageId)) {
-          includedIds.add(page.id);
-          changed = true;
-        }
-      }
-    }
-
-    return pages.filter((p) => includedIds.has(p.id));
-  }
-
  async findById(
    pageId: string,
    includeContent?: boolean,
@@ -224,7 +167,7 @@ export class PageService {
      page.id,
    );

-    return this.pageRepo.findById(page.id, {
+    return await this.pageRepo.findById(page.id, {
      includeSpace: true,
      includeContent: true,
      includeCreator: true,
@@ -237,7 +180,6 @@ export class PageService {
    spaceId: string,
    pagination: PaginationOptions,
    pageId?: string,
-    userId?: string,
  ): Promise<any> {
    let query = this.db
      .selectFrom('pages')
@@ -263,83 +205,16 @@ export class PageService {
      query = query.where('parentPageId', 'is', null);
    }

-    const result = await executeWithPagination(query, {
+    const result = executeWithPagination(query, {
      page: pagination.page,
      perPage: 250,
    });

-    if (userId && result.items.length > 0) {
-      const pageIds = result.items.map((p: any) => p.id);
-
-      // Single query to get accessible pages with their edit permissions
-      const accessiblePages =
-        await this.pagePermissionRepo.filterAccessiblePageIdsWithPermissions(
-          pageIds,
-          userId,
-        );
-
-      const permissionMap = new Map(
-        accessiblePages.map((p) => [p.id, p.canEdit]),
-      );
-
-      // Filter and add canEdit flag in one pass
-      result.items = result.items
-        .filter((p: any) => permissionMap.has(p.id))
-        .map((p: any) => ({
-          ...p,
-          canEdit: permissionMap.get(p.id),
-        }));
-
-      // For pages with hasChildren: true, verify they have accessible children
-      const pagesWithChildren = result.items.filter((p: any) => p.hasChildren);
-      if (pagesWithChildren.length > 0) {
-        const parentIds = pagesWithChildren.map((p: any) => p.id);
-        const parentsWithAccessibleChildren =
-          await this.pagePermissionRepo.getParentIdsWithAccessibleChildren(
-            parentIds,
-            userId,
-          );
-        const hasAccessibleChildrenSet = new Set(parentsWithAccessibleChildren);
-
-        result.items = result.items.map((p: any) => ({
-          ...p,
-          hasChildren: p.hasChildren && hasAccessibleChildrenSet.has(p.id),
-        }));
-      }
-    }
-
    return result;
  }

-  async movePageToSpace(rootPage: Page, spaceId: string, userId: string) {
-    const allPages = await this.pageRepo.getPageAndDescendants(rootPage.id, {
-      includeContent: false,
-    });
-
-    // Filter to only accessible pages while maintaining tree integrity
-    const accessiblePages = await this.filterAccessibleTreePages(
-      allPages,
-      rootPage.id,
-      userId,
-    );
-    const accessibleIds = new Set(accessiblePages.map((p) => p.id));
-
-    // Find inaccessible pages whose parent is being moved - these need to be orphaned
-    const pagesToOrphan = allPages.filter(
-      (p) => !accessibleIds.has(p.id) && p.parentPageId && accessibleIds.has(p.parentPageId),
-    );
-
+  async movePageToSpace(rootPage: Page, spaceId: string) {
    await executeTx(this.db, async (trx) => {
-      // Orphan inaccessible child pages (make them root pages in original space)
-      for (const page of pagesToOrphan) {
-        const orphanPosition = await this.nextPagePosition(rootPage.spaceId, null);
-        await this.pageRepo.updatePage(
-          { parentPageId: null, position: orphanPosition },
-          page.id,
-          trx,
-        );
-      }
-
      // Update root page
      const nextPosition = await this.nextPagePosition(spaceId);
      await this.pageRepo.updatePage(
@@ -347,50 +222,44 @@ export class PageService {
        rootPage.id,
        trx,
      );
-
-      const pageIdsToMove = accessiblePages.map((p) => p.id);
-
-      if (pageIdsToMove.length > 1) {
-        // Update sub pages (all accessible pages except root)
+      const pageIds = await this.pageRepo
+        .getPageAndDescendants(rootPage.id, { includeContent: false })
+        .then((pages) => pages.map((page) => page.id));
+      // The first id is the root page id
+      if (pageIds.length > 1) {
+        // Update sub pages
        await this.pageRepo.updatePages(
          { spaceId },
-          pageIdsToMove.filter((id) => id !== rootPage.id),
+          pageIds.filter((id) => id !== rootPage.id),
          trx,
        );
      }

-      if (pageIdsToMove.length > 0) {
-        // Clear page-level permissions - moved pages inherit destination space permissions
-        // (page_permissions cascade deletes via foreign key)
-        await trx
-          .deleteFrom('pageAccess')
-          .where('pageId', 'in', pageIdsToMove)
-          .execute();
-
+      if (pageIds.length > 0) {
        // update spaceId in shares
        await trx
          .updateTable('shares')
          .set({ spaceId: spaceId })
-          .where('pageId', 'in', pageIdsToMove)
+          .where('pageId', 'in', pageIds)
          .execute();

        // Update comments
        await trx
          .updateTable('comments')
          .set({ spaceId: spaceId })
-          .where('pageId', 'in', pageIdsToMove)
+          .where('pageId', 'in', pageIds)
          .execute();

        // Update attachments
        await this.attachmentRepo.updateAttachmentsByPageId(
          { spaceId },
-          pageIdsToMove,
+          pageIds,
          trx,
        );

        await this.aiQueue.add(QueueJob.PAGE_MOVED_TO_SPACE, {
-          pageId: pageIdsToMove,
-          workspaceId: rootPage.workspaceId,
+          pageId: pageIds,
+          workspaceId: rootPage.workspaceId
        });
      }
    });
@@ -415,17 +284,10 @@ export class PageService {
      nextPosition = await this.nextPagePosition(spaceId);
    }

-    const allPages = await this.pageRepo.getPageAndDescendants(rootPage.id, {
+    const pages = await this.pageRepo.getPageAndDescendants(rootPage.id, {
      includeContent: true,
    });

-    // Filter to only accessible pages while maintaining tree integrity
-    const pages = await this.filterAccessibleTreePages(
-      allPages,
-      rootPage.id,
-      authUser.id,
-    );
-
    const pageMap = new Map<string, CopyPageMapEntry>();
    pages.forEach((page) => {
      pageMap.set(page.id, {
@@ -525,14 +387,9 @@ export class PageService {
          workspaceId: page.workspaceId,
          creatorId: authUser.id,
          lastUpdatedById: authUser.id,
-          parentPageId:
-            page.id === rootPage.id
-              ? isDuplicateInSameSpace
-                ? rootPage.parentPageId
-                : null
-              : page.parentPageId
-                ? pageMap.get(page.parentPageId)?.newPageId
-                : null,
+          parentPageId: page.id === rootPage.id
+            ? (isDuplicateInSameSpace ? rootPage.parentPageId : null)
+            : (page.parentPageId ? pageMap.get(page.parentPageId)?.newPageId : null),
        };
      }),
    );
@@ -711,43 +568,16 @@ export class PageService {

  async getRecentSpacePages(
    spaceId: string,
-    userId: string,
    pagination: PaginationOptions,
  ): Promise<PaginationResult<Page>> {
-    const result = await this.pageRepo.getRecentPagesInSpace(spaceId, pagination);
-
-    if (result.items.length > 0) {
-      const pageIds = result.items.map((p) => p.id);
-      const accessiblePages =
-        await this.pagePermissionRepo.filterAccessiblePageIdsWithPermissions(
-          pageIds,
-          userId,
-        );
-      const accessibleSet = new Set(accessiblePages.map((p) => p.id));
-      result.items = result.items.filter((p) => accessibleSet.has(p.id));
-    }
-
-    return result;
+    return await this.pageRepo.getRecentPagesInSpace(spaceId, pagination);
  }

  async getRecentPages(
    userId: string,
    pagination: PaginationOptions,
  ): Promise<PaginationResult<Page>> {
-    const result = await this.pageRepo.getRecentPages(userId, pagination);
-
-    if (result.items.length > 0) {
-      const pageIds = result.items.map((p) => p.id);
-      const accessiblePages =
-        await this.pagePermissionRepo.filterAccessiblePageIdsWithPermissions(
-          pageIds,
-          userId,
-        );
-      const accessibleSet = new Set(accessiblePages.map((p) => p.id));
-      result.items = result.items.filter((p) => accessibleSet.has(p.id));
-    }
-
-    return result;
+    return await this.pageRepo.getRecentPages(userId, pagination);
  }

  async getDeletedSpacePages(
@@ -7,7 +7,6 @@ import { sql } from 'kysely';
 import { PageRepo } from '@docmost/db/repos/page/page.repo';
 import { SpaceMemberRepo } from '@docmost/db/repos/space/space-member.repo';
 import { ShareRepo } from '@docmost/db/repos/share/share.repo';
-import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';

 // eslint-disable-next-line @typescript-eslint/no-require-imports
 const tsquery = require('pg-tsquery')();
@@ -19,7 +18,6 @@ export class SearchService {
    private pageRepo: PageRepo,
    private shareRepo: ShareRepo,
    private spaceMemberRepo: SpaceMemberRepo,
-    private pagePermissionRepo: PagePermissionRepo,
  ) {}

  async searchPage(
@@ -120,22 +118,10 @@ export class SearchService {
    }

    //@ts-ignore
-    let results: any[] = await queryResults.execute();
-
-    // Filter results by page-level permissions (if user is authenticated)
-    if (opts.userId && results.length > 0) {
-      const pageIds = results.map((r: any) => r.id);
-      const accessiblePages =
-        await this.pagePermissionRepo.filterAccessiblePageIdsWithPermissions(
-          pageIds,
-          opts.userId,
-        );
-      const accessibleSet = new Set(accessiblePages.map((p) => p.id));
-      results = results.filter((r: any) => accessibleSet.has(r.id));
-    }
+    queryResults = await queryResults.execute();

    //@ts-ignore
-    const searchResults = results.map((result: SearchResponseDto) => {
+    const searchResults = queryResults.map((result: SearchResponseDto) => {
      if (result.highlight) {
        result.highlight = result.highlight
          .replace(/\r\n|\r|\n/g, ' ')
@@ -224,18 +210,6 @@ export class SearchService {
        pageSearch = pageSearch.where('spaceId', 'in', userSpaceIds);
        pages = await pageSearch.execute();
      }
-
-      // Filter by page-level permissions
-      if (pages.length > 0) {
-        const pageIds = pages.map((p) => p.id);
-        const accessiblePages =
-          await this.pagePermissionRepo.filterAccessiblePageIdsWithPermissions(
-            pageIds,
-            userId,
-          );
-        const accessibleSet = new Set(accessiblePages.map((p) => p.id));
-        pages = pages.filter((p) => accessibleSet.has(p.id));
-      }
    }

    return { users, groups, pages };
@@ -26,8 +26,6 @@ import {
  UpdateShareDto,
 } from './dto/share.dto';
 import { PageRepo } from '@docmost/db/repos/page/page.repo';
-import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
-import { PageAccessService } from '../page-access/page-access.service';
 import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
 import { Public } from '../../common/decorators/public.decorator';
 import { ShareRepo } from '@docmost/db/repos/share/share.repo';
@@ -43,8 +41,6 @@ export class ShareController {
    private readonly spaceAbility: SpaceAbilityFactory,
    private readonly shareRepo: ShareRepo,
    private readonly pageRepo: PageRepo,
-    private readonly pagePermissionRepo: PagePermissionRepo,
-    private readonly pageAccessService: PageAccessService,
    private readonly environmentService: EnvironmentService,
  ) {}

@@ -100,7 +96,6 @@ export class ShareController {
    @AuthUser() user: User,
    @AuthWorkspace() workspace: Workspace,
  ) {
-    // TODO: look into permission
    const page = await this.pageRepo.findById(dto.pageId);
    if (!page) {
      throw new NotFoundException('Shared page not found');
@@ -127,21 +122,9 @@ export class ShareController {
      throw new NotFoundException('Page not found');
    }

-    // User must be able to edit the page to create a share
-    await this.pageAccessService.validateCanEdit(page, user);
-
-    // Block includeSubPages if user cannot access all descendants
-    if (createShareDto.includeSubPages) {
-      const hasInaccessible =
-        await this.pagePermissionRepo.hasInaccessibleDescendants(
-          page.id,
-          user.id,
-        );
-      if (hasInaccessible) {
-        throw new BadRequestException(
-          'Cannot share subpages: restricted pages found',
-        );
-      }
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Create, SpaceCaslSubject.Share)) {
+      throw new ForbiddenException();
    }

    return this.shareService.createShare({
@@ -161,26 +144,9 @@ export class ShareController {
      throw new NotFoundException('Share not found');
    }

-    const page = await this.pageRepo.findById(share.pageId);
-    if (!page) {
-      throw new NotFoundException('Page not found');
-    }
-
-    // User must be able to edit the page to update its share
-    await this.pageAccessService.validateCanEdit(page, user);
-
-    // Block includeSubPages if user cannot access all descendants
-    if (updateShareDto.includeSubPages) {
-      const hasInaccessible =
-        await this.pagePermissionRepo.hasInaccessibleDescendants(
-          page.id,
-          user.id,
-        );
-      if (hasInaccessible) {
-        throw new BadRequestException(
-          'Cannot share subpages: restricted pages found',
-        );
-      }
+    const ability = await this.spaceAbility.createForUser(user, share.spaceId);
+    if (ability.cannot(SpaceCaslAction.Edit, SpaceCaslSubject.Share)) {
+      throw new ForbiddenException();
    }

    return this.shareService.updateShare(share.id, updateShareDto);
@@ -195,14 +161,11 @@ export class ShareController {
      throw new NotFoundException('Share not found');
    }

-    const page = await this.pageRepo.findById(share.pageId);
-    if (!page) {
-      throw new NotFoundException('Page not found');
+    const ability = await this.spaceAbility.createForUser(user, share.spaceId);
+    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Share)) {
+      throw new ForbiddenException();
    }

-    // User must be able to edit the page to delete its share
-    await this.pageAccessService.validateCanEdit(page, user);
-
    await this.shareRepo.deleteShare(share.id);
  }

@@ -19,7 +19,6 @@ import {
 } from '../../common/helpers/prosemirror/utils';
 import { Node } from '@tiptap/pm/model';
 import { ShareRepo } from '@docmost/db/repos/share/share.repo';
-import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
 import { updateAttachmentAttr } from './share.util';
 import { Page } from '@docmost/db/types/entity.types';
 import { validate as isValidUUID } from 'uuid';
@@ -32,7 +31,6 @@ export class ShareService {
  constructor(
    private readonly shareRepo: ShareRepo,
    private readonly pageRepo: PageRepo,
-    private readonly pagePermissionRepo: PagePermissionRepo,
    @InjectKysely() private readonly db: KyselyDB,
    private readonly tokenService: TokenService,
  ) {}
@@ -44,114 +42,16 @@ export class ShareService {
    }

    if (share.includeSubPages) {
-      const allPages = await this.pageRepo.getPageAndDescendants(share.pageId, {
+      const pageList = await this.pageRepo.getPageAndDescendants(share.pageId, {
        includeContent: false,
      });

-      // Filter out restricted pages and maintain tree integrity
-      const filteredPages = await this.filterPublicPages(allPages, share.pageId);
-
-      return { share, pageTree: filteredPages };
+      return { share, pageTree: pageList };
    } else {
      return { share, pageTree: [] };
    }
  }

-  /**
-   * Filter pages for public share - exclude restricted pages.
-   * A page is included only if:
-   * 1. It has no page_access restriction AND
-   * 2. Its parent is also included (or it's the root)
-   */
-  private async filterPublicPages<
-    T extends { id: string; parentPageId: string | null },
-  >(pages: T[], rootPageId: string): Promise<T[]> {
-    if (pages.length === 0) return [];
-
-    // Get all restricted page IDs
-    const restrictedIds =
-      await this.pagePermissionRepo.getRestrictedDescendantIds(rootPageId);
-    const restrictedSet = new Set(restrictedIds);
-
-    // Include pages that are NOT restricted and have valid parent chain
-    const includedIds = new Set<string>();
-
-    let changed = true;
-    while (changed) {
-      changed = false;
-      for (const page of pages) {
-        if (includedIds.has(page.id)) continue;
-        if (restrictedSet.has(page.id)) continue;
-
-        // Root page: include if not restricted
-        if (page.id === rootPageId) {
-          includedIds.add(page.id);
-          changed = true;
-          continue;
-        }
-
-        // Non-root: include if parent is included
-        if (page.parentPageId && includedIds.has(page.parentPageId)) {
-          includedIds.add(page.id);
-          changed = true;
-        }
-      }
-    }
-
-    return pages.filter((p) => includedIds.has(p.id));
-  }
-
-  /**
-   * Check if a specific page is accessible within a public share.
-   * A page is accessible if no page in its ancestor chain
-   * (from the page up to and including the share root) has a page_access restriction.
-   */
-  private async isPagePubliclyAccessible(
-    pageId: string,
-    shareRootPageId: string,
-  ): Promise<boolean> {
-    if (pageId === shareRootPageId) {
-      const hasRestriction = await this.db
-        .selectFrom('pageAccess')
-        .select('id')
-        .where('pageId', '=', pageId)
-        .executeTakeFirst();
-      return !hasRestriction;
-    }
-
-    // Get the depth from share root to the requested page
-    const shareToPage = await this.db
-      .selectFrom('pageHierarchy')
-      .select('depth')
-      .where('ancestorId', '=', shareRootPageId)
-      .where('descendantId', '=', pageId)
-      .executeTakeFirst();
-
-    if (!shareToPage) {
-      return false;
-    }
-
-    // Get all ancestor IDs in the chain from pageId to shareRootPageId
-    const chainPageIds = await this.db
-      .selectFrom('pageHierarchy')
-      .select('ancestorId')
-      .where('descendantId', '=', pageId)
-      .where('depth', '<=', shareToPage.depth)
-      .where('depth', '>', 0)
-      .execute();
-
-    const idsToCheck = [pageId, ...chainPageIds.map((c) => c.ancestorId)];
-
-    // Check if any page in the chain has a restriction
-    const hasRestricted = await this.db
-      .selectFrom('pageAccess')
-      .select('pageId')
-      .where('pageId', 'in', idsToCheck)
-      .executeTakeFirst();
-
-    return !hasRestricted;
-  }
-
  async createShare(opts: {
    authUserId: string;
    workspaceId: string;
@@ -169,8 +69,8 @@ export class ShareService {
      return await this.shareRepo.insertShare({
        key: nanoIdGen().toLowerCase(),
        pageId: page.id,
-        includeSubPages: createShareDto.includeSubPages ?? false,
-        searchIndexing: createShareDto.searchIndexing ?? false,
+        includeSubPages: createShareDto.includeSubPages || true,
+        searchIndexing: createShareDto.searchIndexing || true,
        creatorId: authUserId,
        spaceId: page.spaceId,
        workspaceId,
@@ -203,17 +103,6 @@ export class ShareService {
      throw new NotFoundException('Shared page not found');
    }

-    // For descendant pages, verify the ancestor chain has no restrictions
-    if (share.level > 0) {
-      const isAccessible = await this.isPagePubliclyAccessible(
-        dto.pageId,
-        share.pageId,
-      );
-      if (!isAccessible) {
-        throw new NotFoundException('Shared page not found');
-      }
-    }
-
    const page = await this.pageRepo.findById(dto.pageId, {
      includeContent: true,
      includeCreator: true,
@@ -16,7 +16,6 @@ import { GroupUserRepo } from '@docmost/db/repos/group/group-user.repo';
 import { SpaceRepo } from '@docmost/db/repos/space/space.repo';
 import { SpaceMemberRepo } from '@docmost/db/repos/space/space-member.repo';
 import { PageRepo } from './repos/page/page.repo';
-import { PagePermissionRepo } from './repos/page/page-permission.repo';
 import { CommentRepo } from './repos/comment/comment.repo';
 import { PageHistoryRepo } from './repos/page/page-history.repo';
 import { AttachmentRepo } from './repos/attachment/attachment.repo';
@@ -72,7 +71,6 @@ types.setTypeParser(types.builtins.INT8, (val) => Number(val));
    SpaceRepo,
    SpaceMemberRepo,
    PageRepo,
-    PagePermissionRepo,
    PageHistoryRepo,
    CommentRepo,
    AttachmentRepo,
@@ -89,7 +87,6 @@ types.setTypeParser(types.builtins.INT8, (val) => Number(val));
    SpaceRepo,
    SpaceMemberRepo,
    PageRepo,
-    PagePermissionRepo,
    PageHistoryRepo,
    CommentRepo,
    AttachmentRepo,
@@ -1,200 +0,0 @@
-import { Kysely, sql } from 'kysely';
-
-export async function up(db: Kysely<any>): Promise<void> {
-  await db.schema
-    .createTable('page_hierarchy')
-    .ifNotExists()
-    .addColumn('ancestor_id', 'uuid', (col) =>
-      col.notNull().references('pages.id').onDelete('cascade'),
-    )
-    .addColumn('descendant_id', 'uuid', (col) =>
-      col.notNull().references('pages.id').onDelete('cascade'),
-    )
-    .addColumn('depth', 'integer', (col) => col.notNull().defaultTo(0))
-    .addPrimaryKeyConstraint('page_hierarchy_pkey', [
-      'ancestor_id',
-      'descendant_id',
-    ])
-    .execute();
-
-  // indexes
-  await db.schema
-    .createIndex('idx_page_hierarchy_descendant')
-    .ifNotExists()
-    .on('page_hierarchy')
-    .column('descendant_id')
-    .execute();
-
-  await db.schema
-    .createIndex('idx_page_hierarchy_ancestor_depth')
-    .ifNotExists()
-    .on('page_hierarchy')
-    .columns(['ancestor_id', 'depth'])
-    .execute();
-
-  await db.schema
-    .createIndex('idx_page_hierarchy_descendant_depth')
-    .ifNotExists()
-    .on('page_hierarchy')
-    .columns(['descendant_id', 'depth'])
-    .execute();
-
-  // rebuild function
-  await sql`
-    CREATE OR REPLACE FUNCTION rebuild_page_hierarchy()
-    RETURNS void
-    LANGUAGE plpgsql
-    AS $$
-    BEGIN
-      TRUNCATE page_hierarchy;
-
-      WITH RECURSIVE page_tree AS (
-        SELECT id AS ancestor_id, id AS descendant_id, 0 AS depth
-        FROM pages WHERE deleted_at IS NULL
-        UNION ALL
-        SELECT pt.ancestor_id, p.id AS descendant_id, pt.depth + 1
-        FROM page_tree pt
-        JOIN pages p ON p.parent_page_id = pt.descendant_id
-        WHERE p.deleted_at IS NULL
-      )
-      INSERT INTO page_hierarchy (ancestor_id, descendant_id, depth)
-      SELECT ancestor_id, descendant_id, depth FROM page_tree;
-    END;
-    $$;
-  `.execute(db);
-
-  // Create insert trigger function
-  await sql`
-    CREATE OR REPLACE FUNCTION page_hierarchy_after_insert()
-    RETURNS TRIGGER
-    LANGUAGE plpgsql
-    AS $$
-    BEGIN
-      IF NEW.deleted_at IS NOT NULL THEN
-        RETURN NEW;
-      END IF;
-
-      IF NEW.parent_page_id IS NULL THEN
-        INSERT INTO page_hierarchy (ancestor_id, descendant_id, depth)
-        VALUES (NEW.id, NEW.id, 0);
-      ELSE
-        INSERT INTO page_hierarchy (ancestor_id, descendant_id, depth)
-        SELECT ancestor_id, NEW.id, depth + 1
-        FROM page_hierarchy
-        WHERE descendant_id = NEW.parent_page_id
-        UNION ALL
-        SELECT NEW.id, NEW.id, 0;
-      END IF;
-
-      RETURN NEW;
-    END;
-    $$;
-  `.execute(db);
-
-  await sql`
-    CREATE OR REPLACE TRIGGER page_hierarchy_after_insert_trigger
-    AFTER INSERT ON pages
-    FOR EACH ROW
-    EXECUTE FUNCTION page_hierarchy_after_insert();
-  `.execute(db);
-
-  // Create update trigger function
-  await sql`
-    CREATE OR REPLACE FUNCTION page_hierarchy_after_update()
-    RETURNS TRIGGER
-    LANGUAGE plpgsql
-    AS $$
-    DECLARE
-      subtree_ids UUID[];
-    BEGIN
-      -- Only process if parent_page_id or deleted_at changed
-      IF OLD.parent_page_id IS NOT DISTINCT FROM NEW.parent_page_id
-         AND OLD.deleted_at IS NOT DISTINCT FROM NEW.deleted_at THEN
-        RETURN NEW;
-      END IF;
-
-      -- Handle soft-delete: remove from closure when deleted_at is set
-      IF OLD.deleted_at IS NULL AND NEW.deleted_at IS NOT NULL THEN
-        SELECT array_agg(descendant_id) INTO subtree_ids
-        FROM page_hierarchy
-        WHERE ancestor_id = NEW.id;
-
-        DELETE FROM page_hierarchy
-        WHERE descendant_id = ANY(subtree_ids);
-
-        RETURN NEW;
-      END IF;
-
-      -- Handle restore: rebuild closure when deleted_at is cleared
-      IF OLD.deleted_at IS NOT NULL AND NEW.deleted_at IS NULL THEN
-        IF NEW.parent_page_id IS NULL THEN
-          INSERT INTO page_hierarchy (ancestor_id, descendant_id, depth)
-          VALUES (NEW.id, NEW.id, 0);
-        ELSE
-          INSERT INTO page_hierarchy (ancestor_id, descendant_id, depth)
-          SELECT ancestor_id, NEW.id, depth + 1
-          FROM page_hierarchy
-          WHERE descendant_id = NEW.parent_page_id
-          UNION ALL
-          SELECT NEW.id, NEW.id, 0;
-        END IF;
-        RETURN NEW;
-      END IF;
-
-      -- Skip if page is soft-deleted
-      IF NEW.deleted_at IS NOT NULL THEN
-        RETURN NEW;
-      END IF;
-
-      -- Move operation: parent changed
-      -- Get all descendants of the moved page (including itself)
-      SELECT array_agg(descendant_id) INTO subtree_ids
-      FROM page_hierarchy
-      WHERE ancestor_id = NEW.id;
-
-      -- Delete old ancestor relationships (keep internal subtree links)
-      DELETE FROM page_hierarchy
-      WHERE descendant_id = ANY(subtree_ids)
-        AND NOT (ancestor_id = ANY(subtree_ids));
-
-      -- Insert new ancestor relationships (if new parent exists)
-      IF NEW.parent_page_id IS NOT NULL THEN
-        INSERT INTO page_hierarchy (ancestor_id, descendant_id, depth)
-        SELECT
-          new_anc.ancestor_id,
-          sub.descendant_id,
-          new_anc.depth + sub.depth + 1
-        FROM page_hierarchy new_anc
-        CROSS JOIN page_hierarchy sub
-        WHERE new_anc.descendant_id = NEW.parent_page_id
-          AND sub.ancestor_id = NEW.id
-          AND sub.descendant_id = ANY(subtree_ids);
-      END IF;
-
-      RETURN NEW;
-    END;
-    $$;
-  `.execute(db);
-
-  await sql`
-    CREATE OR REPLACE TRIGGER page_hierarchy_after_update_trigger
-    AFTER UPDATE ON pages
-    FOR EACH ROW
-    EXECUTE FUNCTION page_hierarchy_after_update();
-  `.execute(db);
-
-  await sql`SELECT rebuild_page_hierarchy()`.execute(db);
-}
-
-export async function down(db: Kysely<any>): Promise<void> {
-  await sql`DROP TRIGGER IF EXISTS page_hierarchy_after_update_trigger ON pages`.execute(
-    db,
-  );
-  await sql`DROP TRIGGER IF EXISTS page_hierarchy_after_insert_trigger ON pages`.execute(
-    db,
-  );
-  await sql`DROP FUNCTION IF EXISTS page_hierarchy_after_update()`.execute(db);
-  await sql`DROP FUNCTION IF EXISTS page_hierarchy_after_insert()`.execute(db);
-  await sql`DROP FUNCTION IF EXISTS rebuild_page_hierarchy()`.execute(db);
-  await db.schema.dropTable('page_hierarchy').ifExists().execute();
-}
@@ -1,93 +0,0 @@
-import { Kysely, sql } from 'kysely';
-
-export async function up(db: Kysely<any>): Promise<void> {
-  await db.schema
-    .createTable('page_access')
-    .addColumn('id', 'uuid', (col) =>
-      col.primaryKey().defaultTo(sql`gen_uuid_v7()`),
-    )
-    .addColumn('page_id', 'uuid', (col) =>
-      col.notNull().unique().references('pages.id').onDelete('cascade'),
-    )
-    .addColumn('workspace_id', 'uuid', (col) =>
-      col.notNull().references('workspaces.id').onDelete('cascade'),
-    )
-    .addColumn('access_level', 'varchar', (col) => col.notNull())
-    .addColumn('creator_id', 'uuid', (col) =>
-      col.references('users.id').onDelete('set null'),
-    )
-    .addColumn('created_at', 'timestamptz', (col) =>
-      col.notNull().defaultTo(sql`now()`),
-    )
-    .addColumn('updated_at', 'timestamptz', (col) =>
-      col.notNull().defaultTo(sql`now()`),
-    )
-    .execute();
-
-  await db.schema
-    .createTable('page_permissions')
-    .addColumn('id', 'uuid', (col) =>
-      col.primaryKey().defaultTo(sql`gen_uuid_v7()`),
-    )
-    .addColumn('page_access_id', 'uuid', (col) =>
-      col.notNull().references('page_access.id').onDelete('cascade'),
-    )
-    .addColumn('user_id', 'uuid', (col) =>
-      col.references('users.id').onDelete('cascade'),
-    )
-    .addColumn('group_id', 'uuid', (col) =>
-      col.references('groups.id').onDelete('cascade'),
-    )
-    .addColumn('role', 'varchar', (col) => col.notNull())
-    .addColumn('added_by_id', 'uuid', (col) =>
-      col.references('users.id').onDelete('set null'),
-    )
-    .addColumn('created_at', 'timestamptz', (col) =>
-      col.notNull().defaultTo(sql`now()`),
-    )
-    .addColumn('updated_at', 'timestamptz', (col) =>
-      col.notNull().defaultTo(sql`now()`),
-    )
-    .addUniqueConstraint('page_access_user_unique', [
-      'page_access_id',
-      'user_id',
-    ])
-    .addUniqueConstraint('page_access_group_unique', [
-      'page_access_id',
-      'group_id',
-    ])
-    .addCheckConstraint(
-      'allow_either_user_id_or_group_id_check',
-      sql`((user_id IS NOT NULL AND group_id IS NULL) OR (user_id IS NULL AND group_id IS NOT NULL))`,
-    )
-    .execute();
-
-  await db.schema
-    .createIndex('idx_page_access_workspace')
-    .on('page_access')
-    .column('workspace_id')
-    .execute();
-
-  await db.schema
-    .createIndex('idx_page_permissions_page_access')
-    .on('page_permissions')
-    .column('page_access_id')
-    .execute();
-
-  await db.schema
-    .createIndex('idx_page_permissions_user')
-    .on('page_permissions')
-    .column('user_id')
-    .execute();
-
-  await db.schema
-    .createIndex('idx_page_permissions_group')
-    .on('page_permissions')
-    .column('group_id')
-    .execute();
-}
-
-export async function down(db: Kysely<any>): Promise<void> {
-  await db.schema.dropTable('page_permissions').ifExists().execute();
-  await db.schema.dropTable('page_access').ifExists().execute();
-}
@@ -152,14 +152,4 @@ export class GroupUserRepo {
      .where('groupId', '=', groupId)
      .execute();
  }
-
-  async getUserGroupIds(userId: string): Promise<string[]> {
-    const results = await this.db
-      .selectFrom('groupUsers')
-      .select('groupId')
-      .where('userId', '=', userId)
-      .execute();
-
-    return results.map((r) => r.groupId);
-  }
 }
@@ -1,692 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import { InjectKysely } from 'nestjs-kysely';
-import { KyselyDB, KyselyTransaction } from '@docmost/db/types/kysely.types';
-import { dbOrTx } from '@docmost/db/utils';
-import {
-  InsertablePageAccess,
-  InsertablePagePermission,
-  PageAccess,
-  PagePermission,
-} from '@docmost/db/types/entity.types';
-import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
-import { executeWithPagination } from '@docmost/db/pagination/pagination';
-import { sql } from 'kysely';
-import { GroupRepo } from '@docmost/db/repos/group/group.repo';
-import { GroupUserRepo } from '@docmost/db/repos/group/group-user.repo';
-
-@Injectable()
-export class PagePermissionRepo {
-  constructor(
-    @InjectKysely() private readonly db: KyselyDB,
-    private readonly groupRepo: GroupRepo,
-    private readonly groupUserRepo: GroupUserRepo,
-  ) {}
-
-  async findPageAccessByPageId(
-    pageId: string,
-    trx?: KyselyTransaction,
-  ): Promise<PageAccess | undefined> {
-    const db = dbOrTx(this.db, trx);
-    return db
-      .selectFrom('pageAccess')
-      .selectAll()
-      .where('pageId', '=', pageId)
-      .executeTakeFirst();
-  }
-
-  async insertPageAccess(
-    data: InsertablePageAccess,
-    trx?: KyselyTransaction,
-  ): Promise<PageAccess> {
-    const db = dbOrTx(this.db, trx);
-    return db
-      .insertInto('pageAccess')
-      .values(data)
-      .returningAll()
-      .executeTakeFirst();
-  }
-
-  async deletePageAccess(pageId: string, trx?: KyselyTransaction): Promise<void> {
-    const db = dbOrTx(this.db, trx);
-    await db.deleteFrom('pageAccess').where('pageId', '=', pageId).execute();
-  }
-
-  async insertPagePermissions(
-    permissions: InsertablePagePermission[],
-    trx?: KyselyTransaction,
-  ): Promise<void> {
-    if (permissions.length === 0) return;
-    const db = dbOrTx(this.db, trx);
-    await db
-      .insertInto('pagePermissions')
-      .values(permissions)
-      .execute();
-  }
-
-  async findPagePermissionByUserId(
-    pageAccessId: string,
-    userId: string,
-    trx?: KyselyTransaction,
-  ): Promise<PagePermission | undefined> {
-    const db = dbOrTx(this.db, trx);
-    return db
-      .selectFrom('pagePermissions')
-      .selectAll()
-      .where('pageAccessId', '=', pageAccessId)
-      .where('userId', '=', userId)
-      .executeTakeFirst();
-  }
-
-  async findPagePermissionByGroupId(
-    pageAccessId: string,
-    groupId: string,
-    trx?: KyselyTransaction,
-  ): Promise<PagePermission | undefined> {
-    const db = dbOrTx(this.db, trx);
-    return db
-      .selectFrom('pagePermissions')
-      .selectAll()
-      .where('pageAccessId', '=', pageAccessId)
-      .where('groupId', '=', groupId)
-      .executeTakeFirst();
-  }
-
-  async deletePagePermissionByUserId(
-    pageAccessId: string,
-    userId: string,
-    trx?: KyselyTransaction,
-  ): Promise<void> {
-    const db = dbOrTx(this.db, trx);
-    await db
-      .deleteFrom('pagePermissions')
-      .where('pageAccessId', '=', pageAccessId)
-      .where('userId', '=', userId)
-      .execute();
-  }
-
-  async deletePagePermissionByGroupId(
-    pageAccessId: string,
-    groupId: string,
-    trx?: KyselyTransaction,
-  ): Promise<void> {
-    const db = dbOrTx(this.db, trx);
-    await db
-      .deleteFrom('pagePermissions')
-      .where('pageAccessId', '=', pageAccessId)
-      .where('groupId', '=', groupId)
-      .execute();
-  }
-
-  async updatePagePermissionRole(
-    pageAccessId: string,
-    role: string,
-    opts: { userId?: string; groupId?: string },
-    trx?: KyselyTransaction,
-  ): Promise<void> {
-    const db = dbOrTx(this.db, trx);
-    let query = db
-      .updateTable('pagePermissions')
-      .set({ role, updatedAt: new Date() })
-      .where('pageAccessId', '=', pageAccessId);
-
-    if (opts.userId) {
-      query = query.where('userId', '=', opts.userId);
-    } else if (opts.groupId) {
-      query = query.where('groupId', '=', opts.groupId);
-    }
-
-    await query.execute();
-  }
-
-  async countWritersByPageAccessId(
-    pageAccessId: string,
-    trx?: KyselyTransaction,
-  ): Promise<number> {
-    const db = dbOrTx(this.db, trx);
-    const result = await db
-      .selectFrom('pagePermissions')
-      .select((eb) => eb.fn.count('id').as('count'))
-      .where('pageAccessId', '=', pageAccessId)
-      .where('role', '=', 'writer')
-      .executeTakeFirst();
-    return Number(result?.count ?? 0);
-  }
-
-  async getPagePermissionsPaginated(
-    pageAccessId: string,
-    pagination: PaginationOptions,
-  ) {
-    let query = this.db
-      .selectFrom('pagePermissions')
-      .leftJoin('users', 'users.id', 'pagePermissions.userId')
-      .leftJoin('groups', 'groups.id', 'pagePermissions.groupId')
-      .select([
-        'pagePermissions.id',
-        'pagePermissions.role',
-        'pagePermissions.createdAt',
-        'users.id as userId',
-        'users.name as userName',
-        'users.avatarUrl as userAvatarUrl',
-        'users.email as userEmail',
-        'groups.id as groupId',
-        'groups.name as groupName',
-        'groups.isDefault as groupIsDefault',
-      ])
-      .select((eb) => this.groupRepo.withMemberCount(eb))
-      .where('pageAccessId', '=', pageAccessId)
-      .orderBy((eb) => eb('groups.id', 'is not', null), 'desc')
-      .orderBy('pagePermissions.createdAt', 'asc');
-
-    if (pagination.query) {
-      query = query.where((eb) =>
-        eb(
-          sql`f_unaccent(users.name)`,
-          'ilike',
-          sql`f_unaccent(${'%' + pagination.query + '%'})`,
-        )
-          .or(
-            sql`users.email`,
-            'ilike',
-            sql`f_unaccent(${'%' + pagination.query + '%'})`,
-          )
-          .or(
-            sql`f_unaccent(groups.name)`,
-            'ilike',
-            sql`f_unaccent(${'%' + pagination.query + '%'})`,
-          ),
-      );
-    }
-
-    const result = await executeWithPagination(query, {
-      page: pagination.page,
-      perPage: pagination.limit,
-    });
-
-    const members = result.items.map((member) => {
-      if (member.userId) {
-        return {
-          id: member.userId,
-          name: member.userName,
-          email: member.userEmail,
-          avatarUrl: member.userAvatarUrl,
-          type: 'user' as const,
-          role: member.role,
-          createdAt: member.createdAt,
-        };
-      } else {
-        return {
-          id: member.groupId,
-          name: member.groupName,
-          memberCount: member.memberCount as number,
-          isDefault: member.groupIsDefault,
-          type: 'group' as const,
-          role: member.role,
-          createdAt: member.createdAt,
-        };
-      }
-    });
-
-    result.items = members as any;
-    return result;
-  }
-
-  async getUserPagePermission(
-    userId: string,
-    pageId: string,
-  ): Promise<{ role: string } | undefined> {
-    const result = await this.db
-      .selectFrom('pageAccess')
-      .innerJoin('pagePermissions', 'pagePermissions.pageAccessId', 'pageAccess.id')
-      .select(['pagePermissions.role'])
-      .where('pageAccess.pageId', '=', pageId)
-      .where('pagePermissions.userId', '=', userId)
-      .unionAll(
-        this.db
-          .selectFrom('pageAccess')
-          .innerJoin('pagePermissions', 'pagePermissions.pageAccessId', 'pageAccess.id')
-          .innerJoin('groupUsers', 'groupUsers.groupId', 'pagePermissions.groupId')
-          .select(['pagePermissions.role'])
-          .where('pageAccess.pageId', '=', pageId)
-          .where('groupUsers.userId', '=', userId),
-      )
-      .executeTakeFirst();
-
-    return result;
-  }
-
-  async findRestrictedAncestor(
-    pageId: string,
-  ): Promise<{ pageId: string; accessLevel: string; depth: number } | undefined> {
-    return this.db
-      .selectFrom('pageHierarchy')
-      .innerJoin('pageAccess', 'pageAccess.pageId', 'pageHierarchy.ancestorId')
-      .select([
-        'pageAccess.pageId',
-        'pageAccess.accessLevel',
-        'pageHierarchy.depth',
-      ])
-      .where('pageHierarchy.descendantId', '=', pageId)
-      .orderBy('pageHierarchy.depth', 'asc')
-      .executeTakeFirst();
-  }
-
-  /**
-   * Check if user can access a page by verifying they have permission on ALL restricted ancestors.
-   */
-  async canUserAccessPage(userId: string, pageId: string): Promise<boolean> {
-    const deniedAncestor = await this.db
-      .selectFrom('pageHierarchy')
-      .innerJoin('pageAccess', 'pageAccess.pageId', 'pageHierarchy.ancestorId')
-      .leftJoin('pagePermissions', (join) =>
-        join
-          .onRef('pagePermissions.pageAccessId', '=', 'pageAccess.id')
-          .on((eb) =>
-            eb.or([
-              eb('pagePermissions.userId', '=', userId),
-              eb(
-                'pagePermissions.groupId',
-                'in',
-                eb
-                  .selectFrom('groupUsers')
-                  .select('groupUsers.groupId')
-                  .where('groupUsers.userId', '=', userId),
-              ),
-            ]),
-          ),
-      )
-      .select('pageAccess.pageId')
-      .where('pageHierarchy.descendantId', '=', pageId)
-      .where('pagePermissions.id', 'is', null)
-      .executeTakeFirst();
-
-    return !deniedAncestor;
-  }
-
-  /**
-   * Check if user can edit a page by verifying they have WRITER permission on ALL restricted ancestors.
-   */
-  async canUserEditPage(userId: string, pageId: string): Promise<boolean> {
-    const deniedAncestor = await this.db
-      .selectFrom('pageHierarchy')
-      .innerJoin('pageAccess', 'pageAccess.pageId', 'pageHierarchy.ancestorId')
-      .leftJoin('pagePermissions', (join) =>
-        join
-          .onRef('pagePermissions.pageAccessId', '=', 'pageAccess.id')
-          .on('pagePermissions.role', '=', 'writer')
-          .on((eb) =>
-            eb.or([
-              eb('pagePermissions.userId', '=', userId),
-              eb(
-                'pagePermissions.groupId',
-                'in',
-                eb
-                  .selectFrom('groupUsers')
-                  .select('groupUsers.groupId')
-                  .where('groupUsers.userId', '=', userId),
-              ),
-            ]),
-          ),
-      )
-      .select('pageAccess.pageId')
-      .where('pageHierarchy.descendantId', '=', pageId)
-      .where('pagePermissions.id', 'is', null)
-      .executeTakeFirst();
-
-    return !deniedAncestor;
-  }
-
-  /**
-   * Get user's access level for a page, checking ALL restricted ancestors.
-   * Returns:
-   * - hasRestriction: whether page or any ancestor has restrictions
-   * - canAccess: user has permission on all restricted ancestors (always true if no restrictions)
-   * - canEdit: user has writer permission on all restricted ancestors (always true if no restrictions)
-   */
-  async getUserPageAccessLevel(
-    userId: string,
-    pageId: string,
-  ): Promise<{ hasRestriction: boolean; canAccess: boolean; canEdit: boolean }> {
-    const result = await this.db
-      .selectFrom('pages')
-      .select((eb) => [
-        // hasRestriction: any ancestor has page_access entry
-        eb
-          .case()
-          .when(
-            eb.exists(
-              eb
-                .selectFrom('pageHierarchy')
-                .innerJoin(
-                  'pageAccess',
-                  'pageAccess.pageId',
-                  'pageHierarchy.ancestorId',
-                )
-                .select('pageAccess.id')
-                .whereRef('pageHierarchy.descendantId', '=', 'pages.id'),
-            ),
-          )
-          .then(true)
-          .else(false)
-          .end()
-          .as('hasRestriction'),
-        // canAccess: no restricted ancestor without ANY permission
-        eb
-          .case()
-          .when(
-            eb.not(
-              eb.exists(
-                eb
-                  .selectFrom('pageHierarchy')
-                  .innerJoin(
-                    'pageAccess',
-                    'pageAccess.pageId',
-                    'pageHierarchy.ancestorId',
-                  )
-                  .leftJoin('pagePermissions', (join) =>
-                    join
-                      .onRef('pagePermissions.pageAccessId', '=', 'pageAccess.id')
-                      .on((eb2) =>
-                        eb2.or([
-                          eb2('pagePermissions.userId', '=', userId),
-                          eb2(
-                            'pagePermissions.groupId',
-                            'in',
-                            eb2
-                              .selectFrom('groupUsers')
-                              .select('groupUsers.groupId')
-                              .where('groupUsers.userId', '=', userId),
-                          ),
-                        ]),
-                      ),
-                  )
-                  .select('pageAccess.pageId')
-                  .whereRef('pageHierarchy.descendantId', '=', 'pages.id')
-                  .where('pagePermissions.id', 'is', null),
-              ),
-            ),
-          )
-          .then(true)
-          .else(false)
-          .end()
-          .as('canAccess'),
-        // canEdit: no restricted ancestor without WRITER permission
-        eb
-          .case()
-          .when(
-            eb.not(
-              eb.exists(
-                eb
-                  .selectFrom('pageHierarchy')
-                  .innerJoin(
-                    'pageAccess',
-                    'pageAccess.pageId',
-                    'pageHierarchy.ancestorId',
-                  )
-                  .leftJoin('pagePermissions', (join) =>
-                    join
-                      .onRef('pagePermissions.pageAccessId', '=', 'pageAccess.id')
-                      .on('pagePermissions.role', '=', 'writer')
-                      .on((eb2) =>
-                        eb2.or([
-                          eb2('pagePermissions.userId', '=', userId),
-                          eb2(
-                            'pagePermissions.groupId',
-                            'in',
-                            eb2
-                              .selectFrom('groupUsers')
-                              .select('groupUsers.groupId')
-                              .where('groupUsers.userId', '=', userId),
-                          ),
-                        ]),
-                      ),
-                  )
-                  .select('pageAccess.pageId')
-                  .whereRef('pageHierarchy.descendantId', '=', 'pages.id')
-                  .where('pagePermissions.id', 'is', null),
-              ),
-            ),
-          )
-          .then(true)
-          .else(false)
-          .end()
-          .as('canEdit'),
-      ])
-      .where('pages.id', '=', pageId)
-      .executeTakeFirst();
-
-    return {
-      hasRestriction: Boolean(result?.hasRestriction),
-      canAccess: Boolean(result?.canAccess),
-      canEdit: Boolean(result?.canEdit),
-    };
-  }
-
-  /**
-   * Filter a list of page IDs to only those the user can access.
-   * Returns page IDs with their permission level (canEdit).
-   * Single query implementation for efficiency.
-   */
-  async filterAccessiblePageIdsWithPermissions(
-    pageIds: string[],
-    userId: string,
-  ): Promise<Array<{ id: string; canEdit: boolean }>> {
-    if (pageIds.length === 0) return [];
-
-    const results = await this.db
-      .selectFrom('pages')
-      .select('pages.id')
-      // Check if user lacks writer permission on any restricted ancestor
-      .select((eb) =>
-        eb
-          .case()
-          .when(
-            eb.not(
-              eb.exists(
-                eb
-                  .selectFrom('pageHierarchy')
-                  .innerJoin(
-                    'pageAccess',
-                    'pageAccess.pageId',
-                    'pageHierarchy.ancestorId',
-                  )
-                  .leftJoin('pagePermissions', (join) =>
-                    join
-                      .onRef('pagePermissions.pageAccessId', '=', 'pageAccess.id')
-                      .on('pagePermissions.role', '=', 'writer')
-                      .on((eb2) =>
-                        eb2.or([
-                          eb2('pagePermissions.userId', '=', userId),
-                          eb2(
-                            'pagePermissions.groupId',
-                            'in',
-                            eb2
-                              .selectFrom('groupUsers')
-                              .select('groupUsers.groupId')
-                              .where('groupUsers.userId', '=', userId),
-                          ),
-                        ]),
-                      ),
-                  )
-                  .select('pageAccess.pageId')
-                  .whereRef('pageHierarchy.descendantId', '=', 'pages.id')
-                  .where('pagePermissions.id', 'is', null),
-              ),
-            ),
-          )
-          .then(true)
-          .else(false)
-          .end()
-          .as('canEdit'),
-      )
-      .where('pages.id', 'in', pageIds)
-      // Filter: user must have access (any permission on all restricted ancestors)
-      .where(({ not, exists, selectFrom }) =>
-        not(
-          exists(
-            selectFrom('pageHierarchy')
-              .innerJoin(
-                'pageAccess',
-                'pageAccess.pageId',
-                'pageHierarchy.ancestorId',
-              )
-              .leftJoin('pagePermissions', (join) =>
-                join
-                  .onRef('pagePermissions.pageAccessId', '=', 'pageAccess.id')
-                  .on((eb) =>
-                    eb.or([
-                      eb('pagePermissions.userId', '=', userId),
-                      eb(
-                        'pagePermissions.groupId',
-                        'in',
-                        eb
-                          .selectFrom('groupUsers')
-                          .select('groupUsers.groupId')
-                          .where('groupUsers.userId', '=', userId),
-                      ),
-                    ]),
-                  ),
-              )
-              .select('pageAccess.pageId')
-              .whereRef('pageHierarchy.descendantId', '=', 'pages.id')
-              .where('pagePermissions.id', 'is', null),
-          ),
-        ),
-      )
-      .execute();
-
-    return results.map((r) => ({ id: r.id, canEdit: Boolean(r.canEdit) }));
-  }
-
-  /**
-   * Check if a page or any of its ancestors has restrictions.
-   * Used to determine if page-level permission checks are needed.
-   */
-  async hasRestrictedAncestor(pageId: string): Promise<boolean> {
-    const result = await this.db
-      .selectFrom('pageHierarchy')
-      .innerJoin('pageAccess', 'pageAccess.pageId', 'pageHierarchy.ancestorId')
-      .select('pageAccess.id')
-      .where('pageHierarchy.descendantId', '=', pageId)
-      .executeTakeFirst();
-
-    return !!result;
-  }
-
-  /**
-   * Given a list of parent page IDs, return which ones have at least one accessible child.
-   * Efficient batch query for sidebar hasChildren calculation.
-   */
-  async getParentIdsWithAccessibleChildren(
-    parentIds: string[],
-    userId: string,
-  ): Promise<string[]> {
-    if (parentIds.length === 0) return [];
-
-    const results = await this.db
-      .selectFrom('pages as child')
-      .select('child.parentPageId')
-      .distinct()
-      .where('child.parentPageId', 'in', parentIds)
-      .where('child.deletedAt', 'is', null)
-      .where(({ not, exists, selectFrom }) =>
-        not(
-          exists(
-            selectFrom('pageHierarchy')
-              .innerJoin(
-                'pageAccess',
-                'pageAccess.pageId',
-                'pageHierarchy.ancestorId',
-              )
-              .leftJoin('pagePermissions', (join) =>
-                join
-                  .onRef('pagePermissions.pageAccessId', '=', 'pageAccess.id')
-                  .on((eb) =>
-                    eb.or([
-                      eb('pagePermissions.userId', '=', userId),
-                      eb(
-                        'pagePermissions.groupId',
-                        'in',
-                        eb
-                          .selectFrom('groupUsers')
-                          .select('groupUsers.groupId')
-                          .where('groupUsers.userId', '=', userId),
-                      ),
-                    ]),
-                  ),
-              )
-              .select('pageAccess.pageId')
-              .whereRef('pageHierarchy.descendantId', '=', 'child.id')
-              .where('pagePermissions.id', 'is', null),
-          ),
-        ),
-      )
-      .execute();
-
-    return results.map((r) => r.parentPageId);
-  }
-
-  /**
-   * Check if any descendant of a page has restrictions that the user cannot access.
-   * Used to determine if includeSubPages can be enabled for sharing.
-   */
-  async hasInaccessibleDescendants(
-    pageId: string,
-    userId: string,
-  ): Promise<boolean> {
-    // Get all descendant page IDs (excluding the root page itself)
-    const descendants = await this.db
-      .selectFrom('pageHierarchy')
-      .select('descendantId')
-      .where('ancestorId', '=', pageId)
-      .where('depth', '>', 0)
-      .execute();
-
-    if (descendants.length === 0) {
-      return false;
-    }
-
-    const descendantIds = descendants.map((d) => d.descendantId);
-
-    // Check if any descendant has a restriction the user cannot access
-    const inaccessible = await this.db
-      .selectFrom('pageAccess')
-      .leftJoin('pagePermissions', (join) =>
-        join
-          .onRef('pagePermissions.pageAccessId', '=', 'pageAccess.id')
-          .on((eb) =>
-            eb.or([
-              eb('pagePermissions.userId', '=', userId),
-              eb(
-                'pagePermissions.groupId',
-                'in',
-                eb
-                  .selectFrom('groupUsers')
-                  .select('groupUsers.groupId')
-                  .where('groupUsers.userId', '=', userId),
-              ),
-            ]),
-          ),
-      )
-      .select('pageAccess.pageId')
-      .where('pageAccess.pageId', 'in', descendantIds)
-      .where('pagePermissions.id', 'is', null)
-      .executeTakeFirst();
-
-    return !!inaccessible;
-  }
-
-  /**
-   * Get all descendant page IDs that have restrictions (page_access entries).
-   * Used to filter restricted pages from public share trees.
-   */
-  async getRestrictedDescendantIds(pageId: string): Promise<string[]> {
-    const results = await this.db
-      .selectFrom('pageHierarchy')
-      .innerJoin('pageAccess', 'pageAccess.pageId', 'pageHierarchy.descendantId')
-      .select('pageHierarchy.descendantId')
-      .where('pageHierarchy.ancestorId', '=', pageId)
-      .execute();
-
-    return results.map((r) => r.descendantId);
-  }
-}
@@ -197,12 +197,6 @@ export interface GroupUsers {
  userId: string;
 }

-export interface PageHierarchy {
-  ancestorId: string;
-  descendantId: string;
-  depth: Generated<number>;
-}
-
 export interface PageHistory {
  content: Json | null;
  coverPhoto: string | null;
@@ -366,27 +360,6 @@ export interface Workspaces {
  updatedAt: Generated<Timestamp>;
 }

-export interface PageAccess {
-  id: Generated<string>;
-  pageId: string;
-  workspaceId: string;
-  accessLevel: string;
-  creatorId: string | null;
-  createdAt: Generated<Timestamp>;
-  updatedAt: Generated<Timestamp>;
-}
-
-export interface PagePermissions {
-  id: Generated<string>;
-  pageAccessId: string;
-  userId: string | null;
-  groupId: string | null;
-  role: string;
-  addedById: string | null;
-  createdAt: Generated<Timestamp>;
-  updatedAt: Generated<Timestamp>;
-}
-
 export interface DB {
  apiKeys: ApiKeys;
  attachments: Attachments;
@@ -398,10 +371,7 @@ export interface DB {
  fileTasks: FileTasks;
  groups: Groups;
  groupUsers: GroupUsers;
-  pageAccess: PageAccess;
-  pageHierarchy: PageHierarchy;
  pageHistory: PageHistory;
-  pagePermissions: PagePermissions;
  pages: Pages;
  shares: Shares;
  spaceMembers: SpaceMembers;
@@ -9,10 +9,7 @@ import {
  FileTasks,
  Groups,
  GroupUsers,
-  PageAccess,
-  PageHierarchy,
  PageHistory,
-  PagePermissions,
  Pages,
  Shares,
  SpaceMembers,
@@ -35,11 +32,8 @@ export interface DbInterface {
  fileTasks: FileTasks;
  groups: Groups;
  groupUsers: GroupUsers;
-  pageAccess: PageAccess;
-  pageHierarchy: PageHierarchy;
  pageEmbeddings: PageEmbeddings;
  pageHistory: PageHistory;
-  pagePermissions: PagePermissions;
  pages: Pages;
  shares: Shares;
  spaceMembers: SpaceMembers;
@@ -3,9 +3,6 @@ import {
  Attachments,
  Comments,
  Groups,
-  PageAccess as _PageAccess,
-  PageHierarchy as _PageHierarchy,
-  PagePermissions as _PagePermissions,
  Pages,
  Spaces,
  Users,
@@ -134,17 +131,3 @@ export type UpdatableApiKey = Updateable<Omit<ApiKeys, 'id'>>;
 export type PageEmbedding = Selectable<PageEmbeddings>;
 export type InsertablePageEmbedding = Insertable<PageEmbeddings>;
 export type UpdatablePageEmbedding = Updateable<Omit<PageEmbeddings, 'id'>>;
-
-// Page Hierarchy (closure table - composite primary key)
-export type PageHierarchy = Selectable<_PageHierarchy>;
-export type InsertablePageHierarchy = Insertable<_PageHierarchy>;
-
-// Page Access
-export type PageAccess = Selectable<_PageAccess>;
-export type InsertablePageAccess = Insertable<_PageAccess>;
-export type UpdatablePageAccess = Updateable<Omit<_PageAccess, 'id'>>;
-
-// Page Permission
-export type PagePermission = Selectable<_PagePermissions>;
-export type InsertablePagePermission = Insertable<_PagePermissions>;
-export type UpdatablePagePermission = Updateable<Omit<_PagePermissions, 'id'>>;
@@ -117,7 +117,7 @@ export class EnvironmentVariables {

  @IsOptional()
  @ValidateIf((obj) => obj.AI_EMBEDDING_DIMENSION)
-  @IsIn(['768', '1024', '1536', '2000'])
+  @IsIn(['768', '1024', '1536'])
  @IsString()
  AI_EMBEDDING_DIMENSION: string;

@@ -15,12 +15,10 @@ async function bootstrap() {
  const app = await NestFactory.create<NestFastifyApplication>(
    AppModule,
    new FastifyAdapter({
+      ignoreTrailingSlash: true,
+      ignoreDuplicateSlashes: true,
+      maxParamLength: 1000,
      trustProxy: true,
-      routerOptions: {
-        maxParamLength: 1000,
-        ignoreTrailingSlash: true,
-        ignoreDuplicateSlashes: true,
-      },
    }),
    {
      rawBody: true,
@@ -1,7 +1,7 @@
 {
  "name": "docmost",
  "homepage": "https://docmost.com",
-  "version": "0.24.1",
+  "version": "0.23.2",
  "private": true,
  "scripts": {
    "build": "nx run-many -t build",
@@ -38,6 +38,7 @@
    "@tiptap/extension-heading": "2.27.1",
    "@tiptap/extension-highlight": "2.27.1",
    "@tiptap/extension-history": "2.27.1",
+    "@tiptap/extension-horizontal-rule": "2.27.1",
    "@tiptap/extension-image": "2.27.1",
    "@tiptap/extension-link": "2.27.1",
    "@tiptap/extension-list-item": "2.27.1",
@@ -100,7 +101,6 @@
    },
    "overrides": {
      "jsdom": "25.0.1",
-      "jsonwebtoken": "9.0.3",
      "y-prosemirror": "1.3.7"
    },
    "neverBuiltDependencies": []
@@ -23,3 +23,4 @@ export * from "./lib/subpages";
 export * from "./lib/highlight";
 export * from "./lib/heading/heading";
 export * from "./lib/unique-id";
+export * from "./lib/hr";
@@ -0,0 +1,21 @@
+import { HorizontalRule as TiptapHorizontalRule } from "@tiptap/extension-horizontal-rule";
+
+export type HorizontalRuleType = "pageBreak";
+
+export const HorizontalRule = TiptapHorizontalRule.extend({
+  addAttributes() {
+    return {
+      type: {
+        default: null,
+        parseHTML: (element) => element.getAttribute("data-type"),
+        renderHTML: (attributes) => {
+          if (attributes.type) {
+            return {
+              "data-type": attributes.type,
+            };
+          }
+        },
+      },
+    };
+  },
+});
@@ -165,7 +165,6 @@ export const Mention = Node.create<MentionOptions>({
  inline: true,
  selectable: true,
  atom: true,
-  draggable: true,

  addAttributes() {
    return {
@@ -28,7 +28,7 @@ export const Subpages = Node.create<SubpagesOptions>({

  group: "block",
  atom: true,
-  draggable: true,
+  draggable: false,

  parseHTML() {
    return [
@@ -3,6 +3,7 @@ import { Editor, findParentNode, isTextSelection } from "@tiptap/core";
 import { Selection, Transaction } from "@tiptap/pm/state";
 import { CellSelection, TableMap } from "@tiptap/pm/tables";
 import { Node, ResolvedPos } from "@tiptap/pm/model";
+import Table from "@tiptap/extension-table";
 import { sanitizeUrl as braintreeSanitizeUrl } from "@braintree/sanitize-url";
 import { customAlphabet } from "nanoid";

@@ -288,7 +289,7 @@ export const isColumnGripSelected = ({
  const node = nodeDOM || domAtPos;

  if (
-    !editor.isActive("table") ||
+    !editor.isActive(Table.name) ||
    !node ||
    isTableSelected(state.selection)
  ) {
@@ -6,7 +6,6 @@ settings:

 overrides:
  jsdom: 25.0.1
-  jsonwebtoken: 9.0.3
  y-prosemirror: 1.3.7

 patchedDependencies:
@@ -78,6 +77,9 @@ importers:
      '@tiptap/extension-history':
        specifier: 2.27.1
        version: 2.27.1(@tiptap/core@2.27.1(@tiptap/pm@2.27.1))(@tiptap/pm@2.27.1)
+      '@tiptap/extension-horizontal-rule':
+        specifier: 2.27.1
+        version: 2.27.1(@tiptap/core@2.27.1(@tiptap/pm@2.27.1))(@tiptap/pm@2.27.1)
      '@tiptap/extension-image':
        specifier: 2.27.1
        version: 2.27.1(@tiptap/core@2.27.1(@tiptap/pm@2.27.1))
@@ -558,8 +560,8 @@ importers:
        specifier: ^5.4.1
        version: 5.4.1
      jsonwebtoken:
-        specifier: 9.0.3
-        version: 9.0.3
+        specifier: ^9.0.2
+        version: 9.0.2
      kysely:
        specifier: ^0.28.2
        version: 0.28.2
@@ -7405,8 +7407,8 @@ packages:
  jsonfile@6.1.0:
    resolution: {integrity: sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==}

-  jsonwebtoken@9.0.3:
-    resolution: {integrity: sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==}
+  jsonwebtoken@9.0.2:
+    resolution: {integrity: sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==}
    engines: {node: '>=12', npm: '>=6'}

  jsx-ast-utils@3.3.5:
@@ -7416,11 +7418,11 @@ packages:
  jszip@3.10.1:
    resolution: {integrity: sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==}

-  jwa@2.0.1:
-    resolution: {integrity: sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==}
+  jwa@1.4.1:
+    resolution: {integrity: sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==}

-  jws@4.0.1:
-    resolution: {integrity: sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==}
+  jws@3.2.2:
+    resolution: {integrity: sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==}

  jwt-decode@4.0.0:
    resolution: {integrity: sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==}
@@ -13414,7 +13416,7 @@ snapshots:
    dependencies:
      '@nestjs/common': 11.1.9(class-transformer@0.5.1)(class-validator@0.14.3)(reflect-metadata@0.2.2)(rxjs@7.8.2)
      '@types/jsonwebtoken': 9.0.7
-      jsonwebtoken: 9.0.3
+      jsonwebtoken: 9.0.2

  '@nestjs/mapped-types@2.1.0(@nestjs/common@11.1.9(class-transformer@0.5.1)(class-validator@0.14.3)(reflect-metadata@0.2.2)(rxjs@7.8.2))(class-transformer@0.5.1)(class-validator@0.14.3)(reflect-metadata@0.2.2)':
    dependencies:
@@ -18471,9 +18473,9 @@ snapshots:
    optionalDependencies:
      graceful-fs: 4.2.11

-  jsonwebtoken@9.0.3:
+  jsonwebtoken@9.0.2:
    dependencies:
-      jws: 4.0.1
+      jws: 3.2.2
      lodash.includes: 4.3.0
      lodash.isboolean: 3.0.3
      lodash.isinteger: 4.0.4
@@ -18498,15 +18500,15 @@ snapshots:
      readable-stream: 2.3.8
      setimmediate: 1.0.5

-  jwa@2.0.1:
+  jwa@1.4.1:
    dependencies:
      buffer-equal-constant-time: 1.0.1
      ecdsa-sig-formatter: 1.0.11
      safe-buffer: 5.2.1

-  jws@4.0.1:
+  jws@3.2.2:
    dependencies:
-      jwa: 2.0.1
+      jwa: 1.4.1
      safe-buffer: 5.2.1

  jwt-decode@4.0.0: {}
@@ -19479,7 +19481,7 @@ snapshots:

  passport-jwt@4.0.1:
    dependencies:
-      jsonwebtoken: 9.0.3
+      jsonwebtoken: 9.0.2
      passport-strategy: 1.0.0

  passport-oauth2@1.8.0: