Try โ€‚โ€‰HackMD

Manage Note Permission

It is possible to change the access permission to a note through the little button on the top right of the view.
There are six possible options:

Permission Icon/Name Owner read/write Signed-in read Signed-in write Guest read Guest write
Freely โœ” โœ” โœ” โœ” โœ”
Editable โœ” โœ” โœ” โœ” โœ–
Limited โœ” โœ” โœ” โœ– โœ–
Locked โœ” โœ” โœ– โœ” โœ–
Protected โœ” โœ” โœ– โœ– โœ–
Private โœ” โœ– โœ– โœ– โœ–

Only the owner of the note can change the note's permissions.

If you don't want guest users to create note or view note, you can set CMD_ALLOW_ANONYMOUS, CMD_ALLOW_ANONYMOUS_EDITS, CMD_ALLOW_ANONYMOUS_VIEWS .
Set those config and the consequence is showing below table.

CMD_ALLOW_ANONYMOUS CMD_ALLOW_ANONYMOUS_EDITS CMD_ALLOW_ANONYMOUS_VIEWS New guest note button freely permission editable/locked permission
true - - active active active
false - false inactive inactive inactive
false false true inactive inactive active
false true true inactive active active

Default Behavior

If you didn't change any config that related permission, the note permission is default to editable, And CMD_ALLOW_ANONYMOUS is set to true.

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More โ†’
Breaking Change
Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More โ†’

After CodiMD 2.0.0, in order to prevent any user to create note, we change anonymous setting default value to:

  • CMD_ALLOW_ANONYMOUS โ†’ false
  • CMD_ALLOW_ANONYMOUS_EDITS โ†’ true
  • CMD_ALLOW_ANONYMOUS_VIEWS โ†’ true

About the Uploaded Images' Permission

Depending on your image upload settings, CodiMD allows you to upload to different image hosting providers.

CodiMD does not enforce any access restrictions on uploaded images. If you use the filesystem upload option (default one), the image URL will be YOUR_INSTANCE/uploads/IMAGE_NAME. Even if your note permission is set to private, the image will still be accessible if your instance is publicly accessible.

If you set your upload provider to other cloud services (e.g., s3, minio, azure), the uploaded image will have a URL from the respective service. You can set up additional permission access rules based on your specific requirements. Please note that CodiMD does not offer options to assist with this.

Please note that the /uploadimage endpoint is also publicly accessible.