mirror of
https://github.com/open-webui/open-webui.git
synced 2025-12-12 04:15:25 +00:00
refac/fix: proper notes db operations
This commit is contained in:
Timothy Jaeryang Baek
parent
5b1f9e3e21
commit
da661756fa
2 changed files with 35 additions and 29 deletions
|
|
@ -128,7 +128,7 @@ class NoteTable:
|
|||
notes = query.all()
|
||||
return [NoteModel.model_validate(note) for note in notes]
|
||||
|
||||
def get_notes_by_access(
|
||||
def get_notes_by_permission(
|
||||
self,
|
||||
user_id: str,
|
||||
permission: str = "write",
|
||||
|
|
@ -137,40 +137,44 @@ class NoteTable:
|
|||
) -> list[NoteModel]:
|
||||
with get_db() as db:
|
||||
user_groups = Groups.get_groups_by_member_id(user_id)
|
||||
user_group_ids = {group_id for group_id in user_groups}
|
||||
user_group_ids = {group.id for group in user_groups}
|
||||
|
||||
query = db.query(Note)
|
||||
|
||||
access_conditions = [Note.user_id == user_id]
|
||||
|
||||
if user_group_ids:
|
||||
access_conditions.append(
|
||||
and_(
|
||||
Note.access_control.isnot(None),
|
||||
Note.access_control != '{}',
|
||||
Note.access_control != 'null'
|
||||
)
|
||||
# Order newest-first. We stream to keep memory usage low.
|
||||
query = (
|
||||
db.query(Note)
|
||||
.order_by(Note.updated_at.desc())
|
||||
.execution_options(stream_results=True)
|
||||
.yield_per(256)
|
||||
)
|
||||
|
||||
query = query.filter(or_(*access_conditions))
|
||||
results: list[NoteModel] = []
|
||||
n_skipped = 0
|
||||
|
||||
query = query.order_by(Note.updated_at.desc())
|
||||
for note in query:
|
||||
# Fast-pass #1: owner
|
||||
if note.user_id == user_id:
|
||||
permitted = True
|
||||
# Fast-pass #2: public/open
|
||||
elif note.access_control is None:
|
||||
permitted = True
|
||||
else:
|
||||
permitted = has_access(
|
||||
user_id, permission, note.access_control, user_group_ids
|
||||
)
|
||||
|
||||
if skip is not None:
|
||||
query = query.offset(skip)
|
||||
if limit is not None:
|
||||
query = query.limit(limit)
|
||||
if not permitted:
|
||||
continue
|
||||
|
||||
notes = query.all()
|
||||
note_models = [NoteModel.model_validate(note) for note in notes]
|
||||
# Apply skip AFTER permission filtering so it counts only accessible notes
|
||||
if skip and n_skipped < skip:
|
||||
n_skipped += 1
|
||||
continue
|
||||
|
||||
filtered_notes = []
|
||||
for note in note_models:
|
||||
if (note.user_id == user_id or
|
||||
has_access(user_id, permission, note.access_control, user_group_ids)):
|
||||
filtered_notes.append(note)
|
||||
results.append(NoteModel.model_validate(note))
|
||||
if limit is not None and len(results) >= limit:
|
||||
break
|
||||
|
||||
return filtered_notes
|
||||
return results
|
||||
|
||||
def get_note_by_id(self, id: str) -> Optional[NoteModel]:
|
||||
with get_db() as db:
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ async def get_notes(request: Request, user=Depends(get_verified_user)):
|
|||
"user": UserResponse(**Users.get_user_by_id(note.user_id).model_dump()),
|
||||
}
|
||||
)
|
||||
for note in Notes.get_notes_by_access(user.id, "write")
|
||||
for note in Notes.get_notes_by_permission(user.id, "write")
|
||||
]
|
||||
|
||||
return notes
|
||||
|
|
@ -81,7 +81,9 @@ async def get_note_list(
|
|||
|
||||
notes = [
|
||||
NoteTitleIdResponse(**note.model_dump())
|
||||
for note in Notes.get_notes_by_access(user.id, "write", skip=skip, limit=limit)
|
||||
for note in Notes.get_notes_by_permission(
|
||||
user.id, "write", skip=skip, limit=limit
|
||||
)
|
||||
]
|
||||
|
||||
return notes
|
||||
|
|
|
|||
Loading…
Reference in a new issue