mirror of
https://github.com/open-webui/open-webui.git
synced 2025-12-12 12:25:20 +00:00
b4bc71d1bd
Some checks are pending
Deploy to HuggingFace Spaces / check-secret (push) Waiting to run
Deploy to HuggingFace Spaces / deploy (push) Blocked by required conditions
Create and publish Docker images with specific build args / build-main-image (linux/amd64, ubuntu-latest) (push) Waiting to run
Create and publish Docker images with specific build args / build-main-image (linux/arm64, ubuntu-24.04-arm) (push) Waiting to run
Create and publish Docker images with specific build args / build-cuda-image (linux/amd64, ubuntu-latest) (push) Waiting to run
Create and publish Docker images with specific build args / build-cuda-image (linux/arm64, ubuntu-24.04-arm) (push) Waiting to run
Create and publish Docker images with specific build args / build-cuda126-image (linux/amd64, ubuntu-latest) (push) Waiting to run
Create and publish Docker images with specific build args / merge-slim-images (push) Blocked by required conditions
Create and publish Docker images with specific build args / build-cuda126-image (linux/arm64, ubuntu-24.04-arm) (push) Waiting to run
Create and publish Docker images with specific build args / build-ollama-image (linux/amd64, ubuntu-latest) (push) Waiting to run
Create and publish Docker images with specific build args / build-ollama-image (linux/arm64, ubuntu-24.04-arm) (push) Waiting to run
Create and publish Docker images with specific build args / build-slim-image (linux/amd64, ubuntu-latest) (push) Waiting to run
Create and publish Docker images with specific build args / build-slim-image (linux/arm64, ubuntu-24.04-arm) (push) Waiting to run
Create and publish Docker images with specific build args / merge-main-images (push) Blocked by required conditions
Create and publish Docker images with specific build args / merge-cuda-images (push) Blocked by required conditions
Create and publish Docker images with specific build args / merge-cuda126-images (push) Blocked by required conditions
Create and publish Docker images with specific build args / merge-ollama-images (push) Blocked by required conditions
Python CI / Format Backend (push) Waiting to run
Frontend Build / Format & Build Frontend (push) Waiting to run
Frontend Build / Frontend Unit Tests (push) Waiting to run
* feat: add granular import/export permissions for workspace items (#55) Co-authored-by: Claude <noreply@anthropic.com> * Fix permissions toggles not saving in EditGroupModal (#58) Co-authored-by: Claude <noreply@anthropic.com> * Fix permissions toggles not saving in EditGroupModal (#59) Co-authored-by: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
167 lines
4.8 KiB
Python
167 lines
4.8 KiB
Python
from typing import Optional
|
|
from fastapi import APIRouter, Depends, HTTPException, status, Request
|
|
|
|
from open_webui.models.prompts import (
|
|
PromptForm,
|
|
PromptUserResponse,
|
|
PromptModel,
|
|
Prompts,
|
|
)
|
|
from open_webui.constants import ERROR_MESSAGES
|
|
from open_webui.utils.auth import get_admin_user, get_verified_user
|
|
from open_webui.utils.access_control import has_access, has_permission
|
|
from open_webui.config import BYPASS_ADMIN_ACCESS_CONTROL
|
|
|
|
router = APIRouter()
|
|
|
|
############################
|
|
# GetPrompts
|
|
############################
|
|
|
|
|
|
@router.get("/", response_model=list[PromptModel])
|
|
async def get_prompts(user=Depends(get_verified_user)):
|
|
if user.role == "admin" and BYPASS_ADMIN_ACCESS_CONTROL:
|
|
prompts = Prompts.get_prompts()
|
|
else:
|
|
prompts = Prompts.get_prompts_by_user_id(user.id, "read")
|
|
|
|
return prompts
|
|
|
|
|
|
@router.get("/list", response_model=list[PromptUserResponse])
|
|
async def get_prompt_list(user=Depends(get_verified_user)):
|
|
if user.role == "admin" and BYPASS_ADMIN_ACCESS_CONTROL:
|
|
prompts = Prompts.get_prompts()
|
|
else:
|
|
prompts = Prompts.get_prompts_by_user_id(user.id, "write")
|
|
|
|
return prompts
|
|
|
|
|
|
############################
|
|
# CreateNewPrompt
|
|
############################
|
|
|
|
|
|
@router.post("/create", response_model=Optional[PromptModel])
|
|
async def create_new_prompt(
|
|
request: Request, form_data: PromptForm, user=Depends(get_verified_user)
|
|
):
|
|
if user.role != "admin" and not (
|
|
has_permission(
|
|
user.id, "workspace.prompts", request.app.state.config.USER_PERMISSIONS
|
|
)
|
|
or has_permission(
|
|
user.id, "workspace.prompts_import", request.app.state.config.USER_PERMISSIONS
|
|
)
|
|
):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.UNAUTHORIZED,
|
|
)
|
|
|
|
prompt = Prompts.get_prompt_by_command(form_data.command)
|
|
if prompt is None:
|
|
prompt = Prompts.insert_new_prompt(user.id, form_data)
|
|
|
|
if prompt:
|
|
return prompt
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail=ERROR_MESSAGES.DEFAULT(),
|
|
)
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail=ERROR_MESSAGES.COMMAND_TAKEN,
|
|
)
|
|
|
|
|
|
############################
|
|
# GetPromptByCommand
|
|
############################
|
|
|
|
|
|
@router.get("/command/{command}", response_model=Optional[PromptModel])
|
|
async def get_prompt_by_command(command: str, user=Depends(get_verified_user)):
|
|
prompt = Prompts.get_prompt_by_command(f"/{command}")
|
|
|
|
if prompt:
|
|
if (
|
|
user.role == "admin"
|
|
or prompt.user_id == user.id
|
|
or has_access(user.id, "read", prompt.access_control)
|
|
):
|
|
return prompt
|
|
else:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.NOT_FOUND,
|
|
)
|
|
|
|
|
|
############################
|
|
# UpdatePromptByCommand
|
|
############################
|
|
|
|
|
|
@router.post("/command/{command}/update", response_model=Optional[PromptModel])
|
|
async def update_prompt_by_command(
|
|
command: str,
|
|
form_data: PromptForm,
|
|
user=Depends(get_verified_user),
|
|
):
|
|
prompt = Prompts.get_prompt_by_command(f"/{command}")
|
|
if not prompt:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.NOT_FOUND,
|
|
)
|
|
|
|
# Is the user the original creator, in a group with write access, or an admin
|
|
if (
|
|
prompt.user_id != user.id
|
|
and not has_access(user.id, "write", prompt.access_control)
|
|
and user.role != "admin"
|
|
):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
|
|
)
|
|
|
|
prompt = Prompts.update_prompt_by_command(f"/{command}", form_data)
|
|
if prompt:
|
|
return prompt
|
|
else:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
|
|
)
|
|
|
|
|
|
############################
|
|
# DeletePromptByCommand
|
|
############################
|
|
|
|
|
|
@router.delete("/command/{command}/delete", response_model=bool)
|
|
async def delete_prompt_by_command(command: str, user=Depends(get_verified_user)):
|
|
prompt = Prompts.get_prompt_by_command(f"/{command}")
|
|
if not prompt:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.NOT_FOUND,
|
|
)
|
|
|
|
if (
|
|
prompt.user_id != user.id
|
|
and not has_access(user.id, "write", prompt.access_control)
|
|
and user.role != "admin"
|
|
):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
|
|
)
|
|
|
|
result = Prompts.delete_prompt_by_command(f"/{command}")
|
|
return result
|