mirror of
https://github.com/open-webui/open-webui.git
synced 2025-12-12 04:15:25 +00:00
281 lines
7.7 KiB
Python
281 lines
7.7 KiB
Python
import json
|
|
import logging
|
|
from typing import Optional
|
|
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Request, status, BackgroundTasks
|
|
from pydantic import BaseModel
|
|
|
|
from open_webui.socket.main import sio
|
|
|
|
from open_webui.models.groups import Groups
|
|
from open_webui.models.users import Users, UserResponse
|
|
from open_webui.models.notes import (
|
|
NoteListResponse,
|
|
Notes,
|
|
NoteModel,
|
|
NoteForm,
|
|
NoteUserResponse,
|
|
)
|
|
|
|
from open_webui.config import (
|
|
BYPASS_ADMIN_ACCESS_CONTROL,
|
|
ENABLE_ADMIN_CHAT_ACCESS,
|
|
ENABLE_ADMIN_EXPORT,
|
|
)
|
|
from open_webui.constants import ERROR_MESSAGES
|
|
from open_webui.env import SRC_LOG_LEVELS
|
|
|
|
|
|
from open_webui.utils.auth import get_admin_user, get_verified_user
|
|
from open_webui.utils.access_control import has_access, has_permission
|
|
|
|
log = logging.getLogger(__name__)
|
|
log.setLevel(SRC_LOG_LEVELS["MODELS"])
|
|
|
|
router = APIRouter()
|
|
|
|
############################
|
|
# GetNotes
|
|
############################
|
|
|
|
|
|
class NoteItemResponse(BaseModel):
|
|
id: str
|
|
title: str
|
|
data: Optional[dict]
|
|
updated_at: int
|
|
created_at: int
|
|
user: Optional[UserResponse] = None
|
|
|
|
|
|
@router.get("/", response_model=list[NoteItemResponse])
|
|
async def get_notes(
|
|
request: Request, page: Optional[int] = None, user=Depends(get_verified_user)
|
|
):
|
|
if user.role != "admin" and not has_permission(
|
|
user.id, "features.notes", request.app.state.config.USER_PERMISSIONS
|
|
):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.UNAUTHORIZED,
|
|
)
|
|
|
|
limit = None
|
|
skip = None
|
|
if page is not None:
|
|
limit = 60
|
|
skip = (page - 1) * limit
|
|
|
|
notes = [
|
|
NoteUserResponse(
|
|
**{
|
|
**note.model_dump(),
|
|
"user": UserResponse(**Users.get_user_by_id(note.user_id).model_dump()),
|
|
}
|
|
)
|
|
for note in Notes.get_notes_by_user_id(user.id, "read", skip=skip, limit=limit)
|
|
]
|
|
return notes
|
|
|
|
|
|
@router.get("/search", response_model=NoteListResponse)
|
|
async def search_notes(
|
|
request: Request,
|
|
query: Optional[str] = None,
|
|
view_option: Optional[str] = None,
|
|
order_by: Optional[str] = None,
|
|
direction: Optional[str] = None,
|
|
page: Optional[int] = 1,
|
|
user=Depends(get_verified_user),
|
|
):
|
|
if user.role != "admin" and not has_permission(
|
|
user.id, "features.notes", request.app.state.config.USER_PERMISSIONS
|
|
):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.UNAUTHORIZED,
|
|
)
|
|
|
|
limit = None
|
|
skip = None
|
|
if page is not None:
|
|
limit = 60
|
|
skip = (page - 1) * limit
|
|
|
|
filter = {}
|
|
if query:
|
|
filter["query"] = query
|
|
if view_option:
|
|
filter["view_option"] = view_option
|
|
if order_by:
|
|
filter["order_by"] = order_by
|
|
if direction:
|
|
filter["direction"] = direction
|
|
|
|
if not user.role == "admin" or not BYPASS_ADMIN_ACCESS_CONTROL:
|
|
groups = Groups.get_groups_by_member_id(user.id)
|
|
if groups:
|
|
filter["group_ids"] = [group.id for group in groups]
|
|
|
|
filter["user_id"] = user.id
|
|
|
|
return Notes.search_notes(user.id, filter, skip=skip, limit=limit)
|
|
|
|
|
|
############################
|
|
# CreateNewNote
|
|
############################
|
|
|
|
|
|
@router.post("/create", response_model=Optional[NoteModel])
|
|
async def create_new_note(
|
|
request: Request, form_data: NoteForm, user=Depends(get_verified_user)
|
|
):
|
|
|
|
if user.role != "admin" and not has_permission(
|
|
user.id, "features.notes", request.app.state.config.USER_PERMISSIONS
|
|
):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.UNAUTHORIZED,
|
|
)
|
|
|
|
try:
|
|
note = Notes.insert_new_note(form_data, user.id)
|
|
return note
|
|
except Exception as e:
|
|
log.exception(e)
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST, detail=ERROR_MESSAGES.DEFAULT()
|
|
)
|
|
|
|
|
|
############################
|
|
# GetNoteById
|
|
############################
|
|
|
|
|
|
@router.get("/{id}", response_model=Optional[NoteModel])
|
|
async def get_note_by_id(request: Request, id: str, user=Depends(get_verified_user)):
|
|
if user.role != "admin" and not has_permission(
|
|
user.id, "features.notes", request.app.state.config.USER_PERMISSIONS
|
|
):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.UNAUTHORIZED,
|
|
)
|
|
|
|
note = Notes.get_note_by_id(id)
|
|
if not note:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND, detail=ERROR_MESSAGES.NOT_FOUND
|
|
)
|
|
|
|
if user.role != "admin" and (
|
|
user.id != note.user_id
|
|
and (not has_access(user.id, type="read", access_control=note.access_control))
|
|
):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.DEFAULT()
|
|
)
|
|
|
|
return note
|
|
|
|
|
|
############################
|
|
# UpdateNoteById
|
|
############################
|
|
|
|
|
|
@router.post("/{id}/update", response_model=Optional[NoteModel])
|
|
async def update_note_by_id(
|
|
request: Request, id: str, form_data: NoteForm, user=Depends(get_verified_user)
|
|
):
|
|
if user.role != "admin" and not has_permission(
|
|
user.id, "features.notes", request.app.state.config.USER_PERMISSIONS
|
|
):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.UNAUTHORIZED,
|
|
)
|
|
|
|
note = Notes.get_note_by_id(id)
|
|
if not note:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND, detail=ERROR_MESSAGES.NOT_FOUND
|
|
)
|
|
|
|
if user.role != "admin" and (
|
|
user.id != note.user_id
|
|
and not has_access(user.id, type="write", access_control=note.access_control)
|
|
):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.DEFAULT()
|
|
)
|
|
|
|
# Check if user can share publicly
|
|
if (
|
|
user.role != "admin"
|
|
and form_data.access_control == None
|
|
and not has_permission(
|
|
user.id,
|
|
"sharing.public_notes",
|
|
request.app.state.config.USER_PERMISSIONS,
|
|
)
|
|
):
|
|
form_data.access_control = {}
|
|
|
|
try:
|
|
note = Notes.update_note_by_id(id, form_data)
|
|
await sio.emit(
|
|
"note-events",
|
|
note.model_dump(),
|
|
to=f"note:{note.id}",
|
|
)
|
|
|
|
return note
|
|
except Exception as e:
|
|
log.exception(e)
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST, detail=ERROR_MESSAGES.DEFAULT()
|
|
)
|
|
|
|
|
|
############################
|
|
# DeleteNoteById
|
|
############################
|
|
|
|
|
|
@router.delete("/{id}/delete", response_model=bool)
|
|
async def delete_note_by_id(request: Request, id: str, user=Depends(get_verified_user)):
|
|
if user.role != "admin" and not has_permission(
|
|
user.id, "features.notes", request.app.state.config.USER_PERMISSIONS
|
|
):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.UNAUTHORIZED,
|
|
)
|
|
|
|
note = Notes.get_note_by_id(id)
|
|
if not note:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND, detail=ERROR_MESSAGES.NOT_FOUND
|
|
)
|
|
|
|
if user.role != "admin" and (
|
|
user.id != note.user_id
|
|
and not has_access(user.id, type="write", access_control=note.access_control)
|
|
):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.DEFAULT()
|
|
)
|
|
|
|
try:
|
|
note = Notes.delete_note_by_id(id)
|
|
return True
|
|
except Exception as e:
|
|
log.exception(e)
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST, detail=ERROR_MESSAGES.DEFAULT()
|
|
)
|