From d509ca1133a27ceca5f7e69c2a5fbca2c1d4cdd2 Mon Sep 17 00:00:00 2001
From: Timothy Jaeryang Baek <tim@openwebui.com>
Date: Sat, 12 Jul 2025 00:34:18 +0400
Subject: [PATCH] refac

---
 backend/open_webui/socket/main.py | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/backend/open_webui/socket/main.py b/backend/open_webui/socket/main.py
index 57b952e7fd..ced2a9972b 100644
--- a/backend/open_webui/socket/main.py
+++ b/backend/open_webui/socket/main.py
@@ -353,8 +353,12 @@ async def yjs_document_join(sid, data):
                 log.error(f"Note {note_id} not found")
                 return
 
-            if user.get("role") != "admin" and has_access(
-                user.get("id"), type="read", access_control=note.access_control
+            if (
+                user.get("role") != "admin"
+                and user.get("id") != note.user_id
+                and not has_access(
+                    user.get("id"), type="read", access_control=note.access_control
+                )
             ):
                 log.error(
                     f"User {user.get('id')} does not have access to note {note_id}"
@@ -424,8 +428,12 @@ async def document_save_handler(document_id, data, user):
             log.error(f"Note {note_id} not found")
             return
 
-        if user.get("role") != "admin" and has_access(
-            user.get("id"), type="read", access_control=note.access_control
+        if (
+            user.get("role") != "admin"
+            and user.get("id") != note.user_id
+            and not has_access(
+                user.get("id"), type="read", access_control=note.access_control
+            )
         ):
             log.error(f"User {user.get('id')} does not have access to note {note_id}")
             return