ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-12 04:15:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fix admin model access (#17)

Browse source 
* Update models.py

* Update models.py

* Update models.py

* Update ollama.py

* Update openai.py

* Update models.py

* Update openai.py

* Update ollama.py
This commit is contained in:
Classic298 2025-08-11 23:23:44 +02:00 committed by GitHub
parent 62506b1955
commit d8c4dd6f79
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 58 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
backend/open_webui/routers/models.py
View file

@ -117,7 +117,7 @@ async def get_model_by_id(id: str, user=Depends(get_verified_user)):
model = Models.get_model_by_id(id)
if model:
if (
user.role == "admin"
(user.role == "admin" and ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS)
or model.user_id == user.id
or has_access(user.id, "read", model.access_control)
):

84
backend/open_webui/utils/models.py
View file

@ -23,6 +23,7 @@ from open_webui.utils.access_control import has_access
from open_webui.config import (
DEFAULT_ARENA_MODEL,
ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS,
)
from open_webui.env import SRC_LOG_LEVELS, GLOBAL_LOG_LEVEL
@ -181,45 +182,62 @@ async def get_all_models(request, refresh: bool = False, user: UserModel = None)
elif custom_model.is_active and (
custom_model.id not in [model["id"] for model in models]
):
owned_by = "openai"
pipe = None
# Check access control for custom models
should_include = False
action_ids = []
filter_ids = []
if user and user.role == "admin" and ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS:
# Admin with full workspace access
should_include = True
elif user and user.id == custom_model.user_id:
# Owner always has access
should_include = True
elif user and has_access(user.id, "read", custom_model.access_control):
# User has explicit read access
should_include = True
elif not user:
# No user context - include for backwards compatibility
should_include = True
for model in models:
if (
custom_model.base_model_id == model["id"]
or custom_model.base_model_id == model["id"].split(":")[0]
):
owned_by = model.get("owned_by", "unknown owner")
if "pipe" in model:
pipe = model["pipe"]
break
if should_include:
owned_by = "openai"
pipe = None
if custom_model.meta:
meta = custom_model.meta.model_dump()
action_ids = []
filter_ids = []
if "actionIds" in meta:
action_ids.extend(meta["actionIds"])
for model in models:
if (
custom_model.base_model_id == model["id"]
or custom_model.base_model_id == model["id"].split(":")[0]
):
owned_by = model.get("owned_by", "unknown owner")
if "pipe" in model:
pipe = model["pipe"]
break
if "filterIds" in meta:
filter_ids.extend(meta["filterIds"])
if custom_model.meta:
meta = custom_model.meta.model_dump()
models.append(
{
"id": f"{custom_model.id}",
"name": custom_model.name,
"object": "model",
"created": custom_model.created_at,
"owned_by": owned_by,
"info": custom_model.model_dump(),
"preset": True,
**({"pipe": pipe} if pipe is not None else {}),
"action_ids": action_ids,
"filter_ids": filter_ids,
}
)
if "actionIds" in meta:
action_ids.extend(meta["actionIds"])
if "filterIds" in meta:
filter_ids.extend(meta["filterIds"])
models.append(
{
"id": f"{custom_model.id}",
"name": custom_model.name,
"object": "model",
"created": custom_model.created_at,
"owned_by": owned_by,
"info": custom_model.model_dump(),
"preset": True,
**({"pipe": pipe} if pipe is not None else {}),
"action_ids": action_ids,
"filter_ids": filter_ids,
}
)
# Process action_ids to get the actions
def get_action_items_from_module(function, module):