Fix admin model access (#17)

* Update models.py

* Update models.py

* Update models.py

* Update ollama.py

* Update openai.py

* Update models.py

* Update openai.py

* Update ollama.py

backend/open_webui/routers/models.py

@@ -117,7 +117,7 @@ async def get_model_by_id(id: str, user=Depends(get_verified_user)):
     model = Models.get_model_by_id(id)
     if model:
         if (
-            user.role == "admin"
+            (user.role == "admin" and ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS)
             or model.user_id == user.id
             or has_access(user.id, "read", model.access_control)
         ):

backend/open_webui/utils/models.py

@@ -23,6 +23,7 @@ from open_webui.utils.access_control import has_access
 
 from open_webui.config import (
     DEFAULT_ARENA_MODEL,
+    ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS,
 )
 
 from open_webui.env import SRC_LOG_LEVELS, GLOBAL_LOG_LEVEL
@@ -181,6 +182,23 @@ async def get_all_models(request, refresh: bool = False, user: UserModel = None)
         elif custom_model.is_active and (
             custom_model.id not in [model["id"] for model in models]
         ):
+            # Check access control for custom models
+            should_include = False
+            
+            if user and user.role == "admin" and ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS:
+                # Admin with full workspace access
+                should_include = True
+            elif user and user.id == custom_model.user_id:
+                # Owner always has access
+                should_include = True
+            elif user and has_access(user.id, "read", custom_model.access_control):
+                # User has explicit read access
+                should_include = True
+            elif not user:
+                # No user context - include for backwards compatibility
+                should_include = True
+            
+            if should_include:
                 owned_by = "openai"
                 pipe = None