User can create page for every books

Do you mean that users can create a page content type, and then add it to the book like child page?

I ask because there are two content types that have a similar name; one is page, and the other is book page: the first is created with Create content > Page, while the second is created with Create content > Book page.

This will happen if you have user permissions configured improperly. any permissions you enable there will be sufficient to grant privileges.

make sure you have turned off all such permissions in admin/user/permissions.

That answer to the support request that can be considered fixed (won't fix status is for bug reports).

Automatically closed -- issue fixed for 2 weeks with no activity.

I would like to reopen this issue because I have the same problem and don't understand the answer.

I have 2 roles A and B and 2 diferent content types a_book and b_book.
Both content types are marked "Allowed book outline types".

Users of role A have the permission to create content of type a_book.
Users of role B have the permission to create content of type b_book.

Both roles have the permission "add content to book" (if they don't have this permission the book form does not show up in the content creation form).

The problem is that the users can choose to add pages to all books they have "View this book" permission, it doesn't matter if they have or not "Edit pages in this book" permission.

Thanks,
Manfred

+1 for what manuweb explained. (I think the original post was explaining the same issue as well.) I've tried many ways to adjust the permissions but cannot find a solution.

This modules needs a "Create pages in this Book" permission in addition to the " View this book", "Edit pages in this book", and "Delete pages in this book".

I looked deeper into this with intentions of adding a "Create pages in this Book" permission. But it seems that permission is unnecessary, the problem is arising from some bugs:

I discovered the "_book_access_restrict_options" function is buggy. It is using the $nid variable that doesn't exist in that scope.

I've attached a patch. The patch fixes the bug, so a user can only create a book page for a book on which the user has "Edit" (update) permission. However, the patch is not complete and still needs to take into account if the user has the "create new books" permission. (With this patch only the superuser can create new books.)

For my purposes, this fixed my problem. I also themed out the "Add child page" link to avoid confusion.
However, this module needs more work for full functionality. I'll post if I find time to patch it up anymore.

I extended my previous patch to properly show the "Add child page" link only for books the user has edit access to. I used the hook_nodeapi, I'm not sure if that is the best way to do this. And I'm still not entirely sure on how the owners of this modules meant to use the {book_access} table.

Please review this patch and let me know if you find any issues.

The 02 patch seems to work. However, if the Book Navigation block is enabled, the permissions on the individual books seem to go away.

I found the patch from #10 caused fatal errors with Views RSS feeds. The problem is hook_nodeapi() returning $node in all cases. The documentation states that the return value should depend on $op and we should never need to return $node as it is passed by reference. The attached patch modifies the patch from #10 to not anything. This has fixed my RSS feed problem.