From 288947a648155b1eacb6b6495b51e37599f6d2f3 Mon Sep 17 00:00:00 2001
From: Timothy Jaeryang Baek <tim@openwebui.com>
Date: Sun, 23 Nov 2025 16:09:37 -0500
Subject: [PATCH] refac

---
 backend/open_webui/utils/auth.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/backend/open_webui/utils/auth.py b/backend/open_webui/utils/auth.py
index 61b8fb13a4..f3069a093f 100644
--- a/backend/open_webui/utils/auth.py
+++ b/backend/open_webui/utils/auth.py
@@ -377,10 +377,13 @@ def get_current_user_by_api_key(request, api_key: str):
             detail=ERROR_MESSAGES.INVALID_TOKEN,
         )
 
-    if not request.state.enable_api_keys or not has_permission(
-        user.id,
-        "features.api_keys",
-        request.app.state.config.USER_PERMISSIONS,
+    if not request.state.enable_api_keys or (
+        user.role != "admin"
+        and not has_permission(
+            user.id,
+            "features.api_keys",
+            request.app.state.config.USER_PERMISSIONS,
+        )
     ):
         raise HTTPException(
             status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED