Wrote out main content for v0.31 post.

diff --git a/content/blog/beta-release-v0-31-0.md b/content/blog/beta-release-v0-31-0.md
index ad0eb454b8c4bc57fdd2a97486d223b41dcf3985..ee965aee4f19d38f3ab53b0fad5432b85c0ded37 100644 (file)
--- a/content/blog/beta-release-v0-31-0.md
+++ b/content/blog/beta-release-v0-31-0.md
@@ -24,30 +24,116 @@ read through the version specific notes on the [updates page](https://www.bookst
   ### Recycle Bin      ### Recycle Bin   
+Every had an accidental deletion in your instance that you needed to undo? Now you can, +without having to restore a database backup, using the new recycle bin system.  +When you delete a shelf, book, chapter or page they'll now be sent to the recycle bin: + + +RECYCLE BIN LIST IMAGE + + +On each item you can choose to restore or permenantly delete it as required. By default, Items deleted +over 30 days ago may be automatically permenantly deleted from the recycle bin. + +The recycle bin can be accessed via the maintenance page: + +MAINTENANCE PAGE IMAGE + +The inclusion of the recycle bin also introduces a change into how chapter deletion works. Previously deleting +a chapter would cause all child pages to be moved to the parent book. From v0.31, deleting a chapter will send +the chapter and all child pages to the recycle bin. This aligns the deletion behaviour with that of books. 
     ### Item Ownership        ### Item Ownership   
+BookStack has long had permissions available that permit the owner of content to make certain actions, Things like +user is able to create pages witihn their own books. While potentially useful, these permissions were hard to  +use in practice since the owner would always simply be the creator. + +In v0.31 the owner is now a separately tracked user, defaulting to the creator. The owner can be changed +on the permissions page of a shelf, book, chapter or page as shown below: + +OWNER PERMISSIONS PAGE IMAGE 
    
+When you delete a user, you'll now be given the option to transfer ownership to another user if required. + +These changes should make it much easier to setup scenarios where you have user-owned books where +they can only create, edit and delete within their own book. 
   ### Audit Log Updates      ### Audit Log Updates   
+With v0.30 introducing the audit log, time has been spent this release cycle on expanding the tracked activities +to include many more events such as logins, user-management actions and settings update actions. 
    
+AUDIT LOG WITH MORE ACTIVITIES IMAGE 
   ### User List Changes      ### User List Changes   
+A common requirement when managing users is to see who's inactive and therefore might need to be removed from the system. +This was previously tricky to do without direct database queries or careful manual monitoring but now in v0.31 +the latest activity will now be shown on the users list within a sortable column: + +USER LIST IMAGE + +Since you can sort by this column you can quickly find inactive users. Note, the latest activity date +reflected is based on the activity tracked in the audit-log, so does not include view/read only events but should  +include anything that counts as a modification. Activities made before v0.31 may not be reflected. 
    
+### New Revision Changes System 
    
-### New Revision Comparison System +When viewing a revision you have the option to preview pages. +This was done through the [gathercontent/htmldiff](https://github.com/gathercontent/htmldiff) which was great +but had not been supported in a while and required the PHP Tidy extension which could be tricky to locate and  +install on some systems.  
    
+In v0.31 we've now switched to [ssddanbrown/htmldiff](https://github.com/ssddanbrown/htmldiff/) which I ported +from a [c# implementation found here](https://github.com/Rohland/htmldiff.net) which is a port of a [ruby implementation found here](https://github.com/myobie/htmldiff).  Major credit to [@Rohland](https://github.com/Rohland) and [@myobie](https://github.com/myobie) for their original work which I +have simply ported. 
    
+CHANGES SCREENSHOT + +This new library does not have the PHP Tidy extension requirement so should make installation & maintenance +easier for some. From my testing this new library has appeared to work without issue but we will have to see +how it performs in wider use.  
   ### API Update - Pages      ### API Update - Pages   
+This release brings page endpoints to the REST API. This completes the initial phase +of the API now that we have CRUD endpoints for shelves, books, chapters and pages. + +API DOCS FOR PAGES SCREENSHOT + +Now the core content parts are in place, I'm open to GitHub issues being created to request +specific features or endpoints so further actions can be performed.  + +To support usage of the API, I've setup a new BookStack api-scripts repository on GitHub: +https://github.com/BookStackApp/api-scripts. This will be a collection of useful scripts I, +or others, create as examples or for specific tasks. These can be used directly, or as a base/guide to +create other scripts. 
     ### Iframe & Cookie Security Updates        ### Iframe & Cookie Security Updates   
+Over the last 6 months some of the mainstream browsers has added addition protections for cookies +restricting the default usage within a third-part context. For BookStack, this meant that access +through an iframe may not fully work due to cookies being blocked. + +In v0.31, we've added additional controls to prevent usage within an iframe. [CSP frame-ancestors](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors) headers will now be set, and used by modern browsers, to ensure it will only load within an iframe  +where the parent page is on the same host as BookStack.  + +A new `ALLOWED_IFRAME_HOSTS` option, to be used in the `.env` file, can be used to allow iframe access for certain hosts. This can be used like so: + +```bash +# Adding a single host +ALLOWED_IFRAME_HOSTS="https://example.com" + +# Mulitple hosts can be separated with a space +ALLOWED_IFRAME_HOSTS="https://a.example.com https://b.example.com" +``` + +Setting this option will also adjust cookie security so that they can be set in a third-party context, and hence work when inside an iframe. + +Details of this have been added to the [security page of the docs](/docs/admin/security/#iframe-control). 
     ### Translations      ### Translations 

@@ -81,8 +167,11 @@ look to spend some time reviewing a few of those.
   Now we have the core elements of the API integrated we'll now see what other features people may need. I'm imagining we'd add a few endpoints each future release for a while.      Now we have the core elements of the API integrated we'll now see what other features people may need. I'm imagining we'd add a few endpoints each future release for a while.   
-With the API base down and the activity system fleshed out, now may be a good time to implement an outbound webook system. I'll likely create an implementation proposal so I -can ensure we'd be covering the main use-cases required. +With the API base down and the activity system fleshed out, now may be a good time to implement an outbound webook system. +I'll likely create an implementation proposal so I can ensure we'd be covering the main use-cases required. + +PHP 8 support is another thing I'll look to work on over the next release cycle. Some work has been put into this but, due to  +scale of changes in PHP 8 and the rate that some required packages move at, it's a trickier process than previous new PHP versions. 
   ----      ----