From e966f54001c7c82de6da6567e9b06092ad9ecb14 Mon Sep 17 00:00:00 2001
From: Shirasawa <764798966@qq.com>
Date: Wed, 13 Aug 2025 07:02:36 +0000
Subject: [PATCH] feat: Add administrator permission control to the two
 remaining APIs

---
 backend/open_webui/main.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/backend/open_webui/main.py b/backend/open_webui/main.py
index 076d4c486d..3f3b9df30c 100644
--- a/backend/open_webui/main.py
+++ b/backend/open_webui/main.py
@@ -327,6 +327,7 @@ from open_webui.config import (
     ENABLE_MESSAGE_RATING,
     ENABLE_USER_WEBHOOKS,
     ENABLE_EVALUATION_ARENA_MODELS,
+    ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS,
     USER_PERMISSIONS,
     DEFAULT_USER_ROLE,
     PENDING_USER_OVERLAY_CONTENT,
@@ -1321,7 +1322,9 @@ async def get_models(
         )
 
     # Filter out models that the user does not have access to
-    if user.role == "user" and not BYPASS_MODEL_ACCESS_CONTROL:
+    if not BYPASS_MODEL_ACCESS_CONTROL and (
+        user.role != "admin" or not ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS
+    ):
         models = get_filtered_models(models, user)
 
     log.debug(
@@ -1392,7 +1395,9 @@ async def chat_completion(
             model_info = Models.get_model_by_id(model_id)
 
             # Check if user has access to the model
-            if not BYPASS_MODEL_ACCESS_CONTROL and user.role == "user":
+            if not BYPASS_MODEL_ACCESS_CONTROL and (
+                user.role != "admin" or not ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS
+            ):
                 try:
                     check_model_access(user, model)
                 except Exception as e: