refac

backend/open_webui/models/models.py

@@ -221,29 +221,30 @@ class ModelsTable:
         ]
 
     def _has_write_permission(self, query, filter: dict):
-        if filter.get("group_ids") or filter.get("user_id"):
+        group_ids = filter.get("group_ids", [])
-            conditions = []
+        user_id = filter.get("user_id")
 
-            # --- ANY group_ids match ("write".group_ids) ---
+        json_group_ids = Model.access_control["write"]["group_ids"]
-            if filter.get("group_ids"):
-                group_ids = filter["group_ids"]
-                like_clauses = []
 
-                for gid in group_ids:
+        conditions = []
-                    like_clauses.append(
+        if group_ids or user_id:
-                        cast(Model.access_control, String).like(
+            conditions.append(Model.access_control.is_(None))
-                            f'%"write"%"group_ids"%"{gid}"%'
-                        )
-                    )
 
-                # ANY → OR
+        if user_id:
-                conditions.append(or_(*like_clauses))
+            conditions.append(Model.user_id == user_id)
 
-            # --- user_id match (owner) ---
+        if group_ids:
-            if filter.get("user_id"):
+            group_conditions = []
-                conditions.append(Model.user_id == filter["user_id"])
 
-            # Apply OR across the two groups of conditions
+            for gid in group_ids:
+                # CASE: gid IN JSON array
+                # SQLite → json_extract(access_control, '$.write.group_ids') LIKE '%gid%'
+                # Postgres → access_control->'write'->'group_ids' @> '[gid]'
+                group_conditions.append(json_group_ids.contains([gid]))
+
+            conditions.append(or_(*group_conditions))
+
+        if conditions:
             query = query.filter(or_(*conditions))
 
         return query