diff --git a/docs/docs/assets/img/pre-v1-backup-location.png b/docs/docs/assets/img/pre-v1-backup-location.png new file mode 100644 index 00000000000..9c68fcf342f Binary files /dev/null and b/docs/docs/assets/img/pre-v1-backup-location.png differ diff --git a/docs/docs/documentation/community-guide/home-assistant.md b/docs/docs/documentation/community-guide/home-assistant.md index 6d1793ad72b..f4ab3dae596 100644 --- a/docs/docs/documentation/community-guide/home-assistant.md +++ b/docs/docs/documentation/community-guide/home-assistant.md @@ -1,5 +1,5 @@ !!! info -This guide was submitted by a community member. Find something wrong? Submit a PR to get it fixed! + This guide was submitted by a community member. Find something wrong? Submit a PR to get it fixed! In a lot of ways, Home Assistant is why this project exists! Since Mealie has a robust API it makes it a great fit for interacting with Home Assistant and pulling information into your dashboard. diff --git a/docs/docs/documentation/getting-started/faq.md b/docs/docs/documentation/getting-started/faq.md index cdc1227e8fa..a7a839bc6ef 100644 --- a/docs/docs/documentation/getting-started/faq.md +++ b/docs/docs/documentation/getting-started/faq.md @@ -105,8 +105,9 @@ python /app/mealie/scripts/change_password.py Managing private groups and recipes can be confusing. The following diagram and notes should help explain how they work to determine if a recipe can be shared publicly. -- Private links that are generated using the `Share` button bypass all group and recipe permissions. +- Private links that are generated from the recipe page using the `Share` button bypass all group and recipe permissions - Private groups block all access to recipes, including those that are public, except as noted above. +- Groups with "Allow users outside of your group to see your recipes" disabled block all access to recipes, except as noted above. - Private recipes block all access to the recipe from public links. This does not affect Private Links. ```mermaid @@ -130,6 +131,8 @@ stateDiagram-v2 p3 --> n1: No ``` +For more information, check out the [Permissions and Public Access guide](./usage/permissions-and-public-access.md). + ## Can I use fail2ban with mealie? Yes, mealie is configured to properly forward external IP addresses into the `mealie.log` logfile. Note that due to restrictions in docker, IP address forwarding only works on Linux. diff --git a/docs/docs/documentation/getting-started/migrating-to-mealie-v1.md b/docs/docs/documentation/getting-started/migrating-to-mealie-v1.md index ff7dfad2321..a6d3d938eda 100644 --- a/docs/docs/documentation/getting-started/migrating-to-mealie-v1.md +++ b/docs/docs/documentation/getting-started/migrating-to-mealie-v1.md @@ -16,19 +16,15 @@ The version 1 release of Mealie should be seen as an entirely different applicat ## Migration Considerations -Before you migrate to v1.0.0-beta-x please consider the following: +Before you migrate to v1.0.0 please consider the following: **API Integration Will Break** Several of the endpoints in the API have changed. This means that you will need to update your code to use the new endpoints. -**Meal Plan Notifications Are Not Yet Implemented** +**Recipes Are Private By Default** -If you're using the Meal Plan webhook feature it has yet to be implemented in v1. This feature is being significantly improved in v1 and has yet to be fully fleshed out. If you were a heavy user, you may want to wait until v1 to use this feature. - -**Recipes are Now Private** - -This can be a plus or a minus depending on your use case. If you relied on the old implementation that allowed viewing of recipes without logging in, you will loose that access. We are planning on implementing a public facing interface for groups/tenants to allow unauthenticated users to view public recipes. +By default, recipes can only be viewed by logged-in users. You can fine-tune public recipe access, or keep your instance fully private. For more information, check out the [Permissions and Public Access guide](../getting-started/usage/permissions-and-public-access.md). ## Step 1: Setting Up The New Application @@ -37,7 +33,9 @@ Given the nature of the upgrade, it is highly recommended that you stand up a ne ## Step 2: Exporting Your Data from Pre-v1 -In your instance of Mealie prior to v1, perform an export of your data in the Admin section. Be sure to include the recipes when performing the export. Checking additional items won't impact the migration, but they will be ignored if they are included. +In your instance of Mealie prior to v1, perform an export (backup) of your data in the Admin section. Be sure to include the recipes when performing the export. Checking additional items won't impact the migration, but they will be ignored if they are included. The backups section is located on the admin dashboard in the section labeled "Backups": + +![pre-v1-backup-location-image](../../assets/img/pre-v1-backup-location.png) ## Step 3: Using the Migration Tool diff --git a/docs/docs/documentation/getting-started/usage/permissions-and-public-access.md b/docs/docs/documentation/getting-started/usage/permissions-and-public-access.md new file mode 100644 index 00000000000..f7a3c1043f2 --- /dev/null +++ b/docs/docs/documentation/getting-started/usage/permissions-and-public-access.md @@ -0,0 +1,57 @@ +# Permissions and Public Access + +Mealie provides various levels of user access and permissions. This includes: +- Authentication and registration ([check out the LDAP guide](./ldap.md) for how to configure access using LDAP) +- Customizable user permissions +- Fine-tuned public access for non-users + +## Customizable User Permissions + +Each user can be configured to have varying levels of access. Some of these permissions include: +- Access to Administrator tools +- Access to inviting other users +- Access to manage their group and group data + +Administrators can navigate to the Settings page and access the User Management page to configure these settings. + + +[User Management Demo](https://demo.mealie.io/admin/manage/users){ .md-button .md-button--primary } + +## Public Recipe Access + +By default, groups are set to private, meaning only logged-in users may access the group. In order for a recipe to be viewable by public (not logged-in) users, two criteria must be met: + +1. The group must not be private, *and* the group setting for allowing users outside of your group to see your recipes must be enabled. These can be toggled on the Group Settings page +2. The recipe must be set to public. This can be toggled for each recipe individually, or in bulk using the Recipe Data Management page + +Additionally, if the group is not private, public users can view all public group data (public recipes, public cookbooks, etc.) from the home page ([e.g. the demo home page](https://demo.mealie.io/g/home)). + +[Group Settings Demo](https://demo.mealie.io/group){ .md-button .md-button--primary } + +More broadly, here are the rules for how recipe access is determined: + +- Private links that are generated from the recipe page using the `Share` button bypass all group and recipe permissions +- Private groups block all access to recipes, including those that are public, except as noted above. +- Groups with "Allow users outside of your group to see your recipes" disabled block all access to recipes, except as noted above. +- Private recipes block all access to the recipe from public links. This does not affect Private Links. + +```mermaid +stateDiagram-v2 + r1: Request Access + p1: Using Private Link? + p2: Is Group Private? + p3: Is Recipe Private? + s1: Deny Access + n1: Allow Access + + + r1 --> p1 + p1 --> p2: No + p1 --> n1: Yes + + p2 --> s1: Yes + p2 --> p3: No + + p3 --> s1: Yes + p3 --> n1: No +``` diff --git a/frontend/static/mealie-email-banner.png b/frontend/static/mealie-email-banner.png new file mode 100644 index 00000000000..70009e3ad56 Binary files /dev/null and b/frontend/static/mealie-email-banner.png differ