ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-12 12:25:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

feat/enh: user sharing perms

Browse source
This commit is contained in:
Timothy Jaeryang Baek 2025-11-20 18:32:34 -05:00
parent 849278ca4f
commit f69e37a850
11 changed files with 297 additions and 144 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
backend/open_webui/config.py
View file

@ -1276,6 +1276,12 @@ USER_PERMISSIONS_WORKSPACE_TOOLS_EXPORT = (
os.environ.get("USER_PERMISSIONS_WORKSPACE_TOOLS_EXPORT", "False").lower() == "true" os.environ.get("USER_PERMISSIONS_WORKSPACE_TOOLS_EXPORT", "False").lower() == "true"
) )
USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_SHARING = (
os.environ.get("USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_SHARING", "False").lower()
== "true"
)
USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_PUBLIC_SHARING = ( USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_PUBLIC_SHARING = (
os.environ.get( os.environ.get(
"USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_PUBLIC_SHARING", "False" "USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_PUBLIC_SHARING", "False"
@ -1283,8 +1289,10 @@ USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_PUBLIC_SHARING = (
== "true" == "true"
) )
USER_PERMISSIONS_NOTES_ALLOW_PUBLIC_SHARING = ( USER_PERMISSIONS_WORKSPACE_KNOWLEDGE_ALLOW_SHARING = (
os.environ.get("USER_PERMISSIONS_NOTES_ALLOW_PUBLIC_SHARING", "False").lower() os.environ.get(
"USER_PERMISSIONS_WORKSPACE_KNOWLEDGE_ALLOW_PUBLIC_SHARING", "False"
).lower()
== "true" == "true"
) )
@ -1295,6 +1303,11 @@ USER_PERMISSIONS_WORKSPACE_KNOWLEDGE_ALLOW_PUBLIC_SHARING = (
== "true" == "true"
) )
USER_PERMISSIONS_WORKSPACE_PROMPTS_ALLOW_SHARING = (
os.environ.get("USER_PERMISSIONS_WORKSPACE_PROMPTS_ALLOW_SHARING", "False").lower()
== "true"
)
USER_PERMISSIONS_WORKSPACE_PROMPTS_ALLOW_PUBLIC_SHARING = ( USER_PERMISSIONS_WORKSPACE_PROMPTS_ALLOW_PUBLIC_SHARING = (
os.environ.get( os.environ.get(
"USER_PERMISSIONS_WORKSPACE_PROMPTS_ALLOW_PUBLIC_SHARING", "False" "USER_PERMISSIONS_WORKSPACE_PROMPTS_ALLOW_PUBLIC_SHARING", "False"
@ -1302,6 +1315,12 @@ USER_PERMISSIONS_WORKSPACE_PROMPTS_ALLOW_PUBLIC_SHARING = (
== "true" == "true"
) )
USER_PERMISSIONS_WORKSPACE_TOOLS_ALLOW_SHARING = (
os.environ.get("USER_PERMISSIONS_WORKSPACE_TOOLS_ALLOW_SHARING", "False").lower()
== "true"
)
USER_PERMISSIONS_WORKSPACE_TOOLS_ALLOW_PUBLIC_SHARING = ( USER_PERMISSIONS_WORKSPACE_TOOLS_ALLOW_PUBLIC_SHARING = (
os.environ.get( os.environ.get(
"USER_PERMISSIONS_WORKSPACE_TOOLS_ALLOW_PUBLIC_SHARING", "False" "USER_PERMISSIONS_WORKSPACE_TOOLS_ALLOW_PUBLIC_SHARING", "False"
@ -1310,6 +1329,17 @@ USER_PERMISSIONS_WORKSPACE_TOOLS_ALLOW_PUBLIC_SHARING = (
) )
USER_PERMISSIONS_NOTES_ALLOW_SHARING = (
os.environ.get("USER_PERMISSIONS_NOTES_ALLOW_PUBLIC_SHARING", "False").lower()
== "true"
)
USER_PERMISSIONS_NOTES_ALLOW_PUBLIC_SHARING = (
os.environ.get("USER_PERMISSIONS_NOTES_ALLOW_PUBLIC_SHARING", "False").lower()
== "true"
)
USER_PERMISSIONS_CHAT_CONTROLS = ( USER_PERMISSIONS_CHAT_CONTROLS = (
os.environ.get("USER_PERMISSIONS_CHAT_CONTROLS", "True").lower() == "true" os.environ.get("USER_PERMISSIONS_CHAT_CONTROLS", "True").lower() == "true"
) )
@ -1431,10 +1461,15 @@ DEFAULT_USER_PERMISSIONS = {
"tools_export": USER_PERMISSIONS_WORKSPACE_TOOLS_EXPORT, "tools_export": USER_PERMISSIONS_WORKSPACE_TOOLS_EXPORT,
}, },
"sharing": { "sharing": {
"models": USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_SHARING,
"public_models": USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_PUBLIC_SHARING, "public_models": USER_PERMISSIONS_WORKSPACE_MODELS_ALLOW_PUBLIC_SHARING,
"knowledge": USER_PERMISSIONS_WORKSPACE_KNOWLEDGE_ALLOW_SHARING,
"public_knowledge": USER_PERMISSIONS_WORKSPACE_KNOWLEDGE_ALLOW_PUBLIC_SHARING, "public_knowledge": USER_PERMISSIONS_WORKSPACE_KNOWLEDGE_ALLOW_PUBLIC_SHARING,
"prompts": USER_PERMISSIONS_WORKSPACE_PROMPTS_ALLOW_SHARING,
"public_prompts": USER_PERMISSIONS_WORKSPACE_PROMPTS_ALLOW_PUBLIC_SHARING, "public_prompts": USER_PERMISSIONS_WORKSPACE_PROMPTS_ALLOW_PUBLIC_SHARING,
"tools": USER_PERMISSIONS_WORKSPACE_TOOLS_ALLOW_SHARING,
"public_tools": USER_PERMISSIONS_WORKSPACE_TOOLS_ALLOW_PUBLIC_SHARING, "public_tools": USER_PERMISSIONS_WORKSPACE_TOOLS_ALLOW_PUBLIC_SHARING,
"notes": USER_PERMISSIONS_NOTES_ALLOW_SHARING,
"public_notes": USER_PERMISSIONS_NOTES_ALLOW_PUBLIC_SHARING, "public_notes": USER_PERMISSIONS_NOTES_ALLOW_PUBLIC_SHARING,
}, },
"chat": { "chat": {

11
backend/open_webui/routers/users.py
View file

@ -183,10 +183,15 @@ class WorkspacePermissions(BaseModel):
class SharingPermissions(BaseModel): class SharingPermissions(BaseModel):
public_models: bool = True models: bool = False
public_knowledge: bool = True public_models: bool = False
public_prompts: bool = True knowledge: bool = False
public_knowledge: bool = False
prompts: bool = False
public_prompts: bool = False
tools: bool = False
public_tools: bool = True public_tools: bool = True
notes: bool = False
public_notes: bool = True public_notes: bool = True

5
src/lib/components/admin/Users/Groups/EditGroupModal.svelte
View file

@ -49,10 +49,15 @@
tools_export: false tools_export: false
}, },
sharing: { sharing: {
models: false,
public_models: false, public_models: false,
knowledge: false,
public_knowledge: false, public_knowledge: false,
prompts: false,
public_prompts: false, public_prompts: false,
tools: false,
public_tools: false, public_tools: false,
notes: false,
public_notes: false public_notes: false
}, },
chat: { chat: {

95
src/lib/components/admin/Users/Groups/Permissions.svelte
View file

@ -20,10 +20,15 @@
tools_export: false tools_export: false
}, },
sharing: { sharing: {
models: false,
public_models: false, public_models: false,
knowledge: false,
public_knowledge: false, public_knowledge: false,
prompts: false,
public_prompts: false, public_prompts: false,
tools: false,
public_tools: false, public_tools: false,
notes: false,
public_notes: false public_notes: false
}, },
chat: { chat: {
@ -214,6 +219,23 @@
<div> <div>
<div class=" mb-2 text-sm font-medium">{$i18n.t('Sharing Permissions')}</div> <div class=" mb-2 text-sm font-medium">{$i18n.t('Sharing Permissions')}</div>
<div class="flex flex-col w-full">
<div class="flex w-full justify-between my-1">
<div class=" self-center text-xs font-medium">
{$i18n.t('Models Sharing')}
</div>
<Switch bind:state={permissions.sharing.models} />
</div>
{#if defaultPermissions?.sharing?.models && !permissions.sharing.models}
<div>
<div class="text-xs text-gray-500">
{$i18n.t('This is a default user permission and will remain enabled.')}
</div>
</div>
{/if}
</div>
{#if permissions.sharing.models}
<div class="flex flex-col w-full"> <div class="flex flex-col w-full">
<div class="flex w-full justify-between my-1"> <div class="flex w-full justify-between my-1">
<div class=" self-center text-xs font-medium"> <div class=" self-center text-xs font-medium">
@ -229,7 +251,25 @@
</div> </div>
{/if} {/if}
</div> </div>
{/if}
<div class="flex flex-col w-full">
<div class="flex w-full justify-between my-1">
<div class=" self-center text-xs font-medium">
{$i18n.t('Knowledge Sharing')}
</div>
<Switch bind:state={permissions.sharing.knowledge} />
</div>
{#if defaultPermissions?.sharing?.knowledge && !permissions.sharing.knowledge}
<div>
<div class="text-xs text-gray-500">
{$i18n.t('This is a default user permission and will remain enabled.')}
</div>
</div>
{/if}
</div>
{#if permissions.sharing.knowledge}
<div class="flex flex-col w-full"> <div class="flex flex-col w-full">
<div class="flex w-full justify-between my-1"> <div class="flex w-full justify-between my-1">
<div class=" self-center text-xs font-medium"> <div class=" self-center text-xs font-medium">
@ -245,7 +285,25 @@
</div> </div>
{/if} {/if}
</div> </div>
{/if}
<div class="flex flex-col w-full">
<div class="flex w-full justify-between my-1">
<div class=" self-center text-xs font-medium">
{$i18n.t('Prompts Sharing')}
</div>
<Switch bind:state={permissions.sharing.prompts} />
</div>
{#if defaultPermissions?.sharing?.prompts && !permissions.sharing.prompts}
<div>
<div class="text-xs text-gray-500">
{$i18n.t('This is a default user permission and will remain enabled.')}
</div>
</div>
{/if}
</div>
{#if permissions.sharing.prompts}
<div class="flex flex-col w-full"> <div class="flex flex-col w-full">
<div class="flex w-full justify-between my-1"> <div class="flex w-full justify-between my-1">
<div class=" self-center text-xs font-medium"> <div class=" self-center text-xs font-medium">
@ -261,7 +319,25 @@
</div> </div>
{/if} {/if}
</div> </div>
{/if}
<div class="flex flex-col w-full">
<div class="flex w-full justify-between my-1">
<div class=" self-center text-xs font-medium">
{$i18n.t('Tools Sharing')}
</div>
<Switch bind:state={permissions.sharing.tools} />
</div>
{#if defaultPermissions?.sharing?.tools && !permissions.sharing.tools}
<div>
<div class="text-xs text-gray-500">
{$i18n.t('This is a default user permission and will remain enabled.')}
</div>
</div>
{/if}
</div>
{#if permissions.sharing.tools}
<div class="flex flex-col w-full"> <div class="flex flex-col w-full">
<div class="flex w-full justify-between my-1"> <div class="flex w-full justify-between my-1">
<div class=" self-center text-xs font-medium"> <div class=" self-center text-xs font-medium">
@ -277,7 +353,25 @@
</div> </div>
{/if} {/if}
</div> </div>
{/if}
<div class="flex flex-col w-full">
<div class="flex w-full justify-between my-1">
<div class=" self-center text-xs font-medium">
{$i18n.t('Notes Sharing')}
</div>
<Switch bind:state={permissions.sharing.notes} />
</div>
{#if defaultPermissions?.sharing?.notes && !permissions.sharing.notes}
<div>
<div class="text-xs text-gray-500">
{$i18n.t('This is a default user permission and will remain enabled.')}
</div>
</div>
{/if}
</div>
{#if permissions.sharing.notes}
<div class="flex flex-col w-full"> <div class="flex flex-col w-full">
<div class="flex w-full justify-between my-1"> <div class="flex w-full justify-between my-1">
<div class=" self-center text-xs font-medium"> <div class=" self-center text-xs font-medium">
@ -293,6 +387,7 @@
</div> </div>
{/if} {/if}
</div> </div>
{/if}
</div> </div>
<hr class=" border-gray-100 dark:border-gray-850" /> <hr class=" border-gray-100 dark:border-gray-850" />

3
src/lib/components/workspace/Knowledge/CreateKnowledgeBase.svelte
View file

@ -116,7 +116,8 @@
<AccessControl <AccessControl
bind:accessControl bind:accessControl
accessRoles={['read', 'write']} accessRoles={['read', 'write']}
allowPublic={$user?.permissions?.sharing?.public_knowledge || $user?.role === 'admin'} share={$user?.permissions?.sharing?.knowledge || $user?.role === 'admin'}
sharePublic={$user?.permissions?.sharing?.public_knowledge || $user?.role === 'admin'}
/> />
</div> </div>
</div> </div>

21
src/lib/components/workspace/Knowledge/KnowledgeBase.svelte
View file

@ -548,11 +548,10 @@
const handleUploadingFileFolder = (items) => { const handleUploadingFileFolder = (items) => {
for (const item of items) { for (const item of items) {
if (item.isFile) { if (item.isFile) {
item.file((file) => { item.file((file) => {
uploadFileHandler(file); uploadFileHandler(file);
}) });
continue; continue;
} }
@ -561,25 +560,28 @@
const isDirectory = wkentry.isDirectory; const isDirectory = wkentry.isDirectory;
if (isDirectory) { if (isDirectory) {
// Read the directory // Read the directory
wkentry.createReader().readEntries((entries) => { wkentry.createReader().readEntries(
handleUploadingFileFolder(entries) (entries) => {
}, (error) => { handleUploadingFileFolder(entries);
},
(error) => {
console.error('Error reading directory entries:', error); console.error('Error reading directory entries:', error);
}); }
);
} else { } else {
toast.info($i18n.t('Uploading file...')); toast.info($i18n.t('Uploading file...'));
uploadFileHandler(item.getAsFile()); uploadFileHandler(item.getAsFile());
toast.success($i18n.t('File uploaded!')); toast.success($i18n.t('File uploaded!'));
} }
} }
} };
if (e.dataTransfer?.types?.includes('Files')) { if (e.dataTransfer?.types?.includes('Files')) {
if (e.dataTransfer?.files) { if (e.dataTransfer?.files) {
const inputItems = e.dataTransfer?.items; const inputItems = e.dataTransfer?.items;
if (inputItems && inputItems.length > 0) { if (inputItems && inputItems.length > 0) {
handleUploadingFileFolder(inputItems) handleUploadingFileFolder(inputItems);
} else { } else {
toast.error($i18n.t(`File not found.`)); toast.error($i18n.t(`File not found.`));
} }
@ -708,7 +710,8 @@
<AccessControlModal <AccessControlModal
bind:show={showAccessControlModal} bind:show={showAccessControlModal}
bind:accessControl={knowledge.access_control} bind:accessControl={knowledge.access_control}
allowPublic={$user?.permissions?.sharing?.public_knowledge || $user?.role === 'admin'} share={$user?.permissions?.sharing?.knowledge || $user?.role === 'admin'}
sharePublic={$user?.permissions?.sharing?.public_knowledge || $user?.role === 'admin'}
onChange={() => { onChange={() => {
changeDebounceHandler(); changeDebounceHandler();
}} }}

3
src/lib/components/workspace/Models/ModelEditor.svelte
View file

@ -591,7 +591,8 @@
<AccessControl <AccessControl
bind:accessControl bind:accessControl
accessRoles={['read', 'write']} accessRoles={['read', 'write']}
allowPublic={$user?.permissions?.sharing?.public_models || $user?.role === 'admin'} share={$user?.permissions?.sharing?.models || $user?.role === 'admin'}
sharePublic={$user?.permissions?.sharing?.public_models || $user?.role === 'admin'}
/> />
</div> </div>
</div> </div>

3
src/lib/components/workspace/Prompts/PromptEditor.svelte
View file

@ -83,7 +83,8 @@
bind:show={showAccessControlModal} bind:show={showAccessControlModal}
bind:accessControl bind:accessControl
accessRoles={['read', 'write']} accessRoles={['read', 'write']}
allowPublic={$user?.permissions?.sharing?.public_prompts || $user?.role === 'admin'} share={$user?.permissions?.sharing?.prompts || $user?.role === 'admin'}
sharePublic={$user?.permissions?.sharing?.public_prompts || $user?.role === 'admin'}
/> />
<div class="w-full max-h-full flex justify-center"> <div class="w-full max-h-full flex justify-center">

3
src/lib/components/workspace/Tools/ToolkitEditor.svelte
View file

@ -189,7 +189,8 @@ class Tools:
bind:show={showAccessControlModal} bind:show={showAccessControlModal}
bind:accessControl bind:accessControl
accessRoles={['read', 'write']} accessRoles={['read', 'write']}
allowPublic={$user?.permissions?.sharing?.public_tools || $user?.role === 'admin'} share={$user?.permissions?.sharing?.tools || $user?.role === 'admin'}
sharePublic={$user?.permissions?.sharing?.public_tools || $user?.role === 'admin'}
/> />
<div class=" flex flex-col justify-between w-full overflow-y-auto h-full"> <div class=" flex flex-col justify-between w-full overflow-y-auto h-full">

18
src/lib/components/workspace/common/AccessControl.svelte
View file

@ -15,17 +15,18 @@
export let accessRoles = ['read']; export let accessRoles = ['read'];
export let accessControl = {}; export let accessControl = {};
export let allowPublic = true; export let share = true;
export let sharePublic = true;
let selectedGroupId = ''; let selectedGroupId = '';
let groups = []; let groups = [];
$: if (!allowPublic && accessControl === null) { $: if (!sharePublic && accessControl === null) {
initPublicAccess(); initPublicAccess();
} }
const initPublicAccess = () => { const initPublicAccess = () => {
if (!allowPublic && accessControl === null) { if (!sharePublic && accessControl === null) {
accessControl = { accessControl = {
read: { read: {
group_ids: [], group_ids: [],
@ -125,7 +126,7 @@
}} }}
> >
<option class=" text-gray-700" value="private" selected>{$i18n.t('Private')}</option> <option class=" text-gray-700" value="private" selected>{$i18n.t('Private')}</option>
{#if allowPublic} {#if share && sharePublic}
<option class=" text-gray-700" value="public" selected>{$i18n.t('Public')}</option> <option class=" text-gray-700" value="public" selected>{$i18n.t('Public')}</option>
{/if} {/if}
</select> </select>
@ -140,6 +141,8 @@
</div> </div>
</div> </div>
</div> </div>
{#if share}
{#if accessControl !== null} {#if accessControl !== null}
{@const accessGroups = groups.filter((group) => {@const accessGroups = groups.filter((group) =>
(accessControl?.read?.group_ids ?? []).includes(group.id) (accessControl?.read?.group_ids ?? []).includes(group.id)
@ -243,9 +246,9 @@
class=" rounded-full p-1 hover:bg-gray-100 dark:hover:bg-gray-850 transition" class=" rounded-full p-1 hover:bg-gray-100 dark:hover:bg-gray-850 transition"
type="button" type="button"
on:click={() => { on:click={() => {
accessControl.read.group_ids = (accessControl?.read?.group_ids ?? []).filter( accessControl.read.group_ids = (
(id) => id !== group.id accessControl?.read?.group_ids ?? []
); ).filter((id) => id !== group.id);
accessControl.write.group_ids = ( accessControl.write.group_ids = (
accessControl?.write?.group_ids ?? [] accessControl?.write?.group_ids ?? []
).filter((id) => id !== group.id); ).filter((id) => id !== group.id);
@ -268,4 +271,5 @@
</div> </div>
</div> </div>
{/if} {/if}
{/if}
</div> </div>

6
src/lib/components/workspace/common/AccessControlModal.svelte
View file

@ -9,7 +9,9 @@
export let show = false; export let show = false;
export let accessControl = {}; export let accessControl = {};
export let accessRoles = ['read']; export let accessRoles = ['read'];
export let allowPublic = true;
export let share = true;
export let sharePublic = true;
export let onChange = () => {}; export let onChange = () => {};
</script> </script>
@ -31,7 +33,7 @@
</div> </div>
<div class="w-full px-5 pb-4 dark:text-white"> <div class="w-full px-5 pb-4 dark:text-white">
<AccessControl bind:accessControl {onChange} {accessRoles} {allowPublic} /> <AccessControl bind:accessControl {onChange} {accessRoles} {share} {sharePublic} />
</div> </div>
</div> </div>
</Modal> </Modal>