ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-15 13:55:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #16498 from Classic298/fix_model_access

Browse source 
fix: Chat model selector bypasses ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS privacy setting
This commit is contained in:
Tim Jaeryang Baek 2025-08-13 18:11:46 +04:00 committed by GitHub
commit 20101579e0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 9 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
backend/open_webui/main.py
View file

@ -376,6 +376,7 @@ from open_webui.config import (
RESPONSE_WATERMARK, RESPONSE_WATERMARK,
# Admin # Admin
ENABLE_ADMIN_CHAT_ACCESS, ENABLE_ADMIN_CHAT_ACCESS,
ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS,
ENABLE_ADMIN_EXPORT, ENABLE_ADMIN_EXPORT,
# Tasks # Tasks
TASK_MODEL, TASK_MODEL,
@ -1279,14 +1280,16 @@ async def get_models(
): ):
filtered_models.append(model) filtered_models.append(model)
continue continue
model_info = Models.get_model_by_id(model["id"]) model_info = Models.get_model_by_id(model["id"])
if model_info: if model_info:
if user.id == model_info.user_id or has_access( if (
user.id, type="read", access_control=model_info.access_control (user.role == "admin" and ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS)
or user.id == model_info.user_id
or has_access(user.id, type="read", access_control=model_info.access_control)
): ):
filtered_models.append(model) filtered_models.append(model)
return filtered_models return filtered_models
all_models = await get_all_models(request, refresh=refresh, user=user) all_models = await get_all_models(request, refresh=refresh, user=user)
@ -1322,9 +1325,7 @@ async def get_models(
) )
# Filter out models that the user does not have access to # Filter out models that the user does not have access to
if not BYPASS_MODEL_ACCESS_CONTROL and ( if (user.role == "user" or (user.role == "admin" and not ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS)) and not BYPASS_MODEL_ACCESS_CONTROL:
user.role != "admin" or not ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS
):
models = get_filtered_models(models, user) models = get_filtered_models(models, user)
log.debug( log.debug(

2
backend/open_webui/routers/models.py
View file

@ -117,7 +117,7 @@ async def get_model_by_id(id: str, user=Depends(get_verified_user)):
model = Models.get_model_by_id(id) model = Models.get_model_by_id(id)
if model: if model:
if ( if (
user.role == "admin" (user.role == "admin" and ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS)
or model.user_id == user.id or model.user_id == user.id
or has_access(user.id, "read", model.access_control) or has_access(user.id, "read", model.access_control)
): ):