It is possible to change the access permission to a note through the little button on the top right of the view.
There are six possible options:
Permission Icon/Name | Owner read/write | Signed-in read | Signed-in write | Guest read | Guest write |
---|---|---|---|---|---|
Freely | โ | โ | โ | โ | โ |
Editable | โ | โ | โ | โ | โ |
Limited | โ | โ | โ | โ | โ |
Locked | โ | โ | โ | โ | โ |
Protected | โ | โ | โ | โ | โ |
Private | โ | โ | โ | โ | โ |
Only the owner of the note can change the note's permissions.
If you don't want guest users to create note or view note, you can set CMD_ALLOW_ANONYMOUS
, CMD_ALLOW_ANONYMOUS_EDITS
, CMD_ALLOW_ANONYMOUS_VIEWS
.
Set those config and the consequence is showing below table.
CMD_ALLOW_ANONYMOUS |
CMD_ALLOW_ANONYMOUS_EDITS |
CMD_ALLOW_ANONYMOUS_VIEWS |
New guest note button |
freely permission |
editable/locked permission |
---|---|---|---|---|---|
true | - | - | active | active | active |
false | - | false | inactive | inactive | inactive |
false | false | true | inactive | inactive | active |
false | true | true | inactive | active | active |
If you didn't change any config that related permission, the note permission is default to editable
, And CMD_ALLOW_ANONYMOUS
is set to true
.
false
true
true
Depending on your image upload settings, CodiMD allows you to upload to different image hosting providers.
CodiMD does not enforce any access restrictions on uploaded images. If you use the filesystem
upload option (default one), the image URL will be YOUR_INSTANCE/uploads/IMAGE_NAME
. Even if your note permission is set to private, the image will still be accessible if your instance is publicly accessible.
If you set your upload provider to other cloud services (e.g., s3, minio, azure), the uploaded image will have a URL from the respective service. You can set up additional permission access rules based on your specific requirements. Please note that CodiMD does not offer options to assist with this.
Please note that the /uploadimage
endpoint is also publicly accessible.