refac: access controls

2025-06-26 18:26:48 +00:00 · 2025-01-20 23:20:47 -08:00 · 2025-01-20 23:20:47 -08:00 · 45f4bc18f8
commit 45f4bc18f8
parent aa442f694b
8 changed files with 59 additions and 20 deletions
--- a/backend/open_webui/models/groups.py
+++ b/backend/open_webui/models/groups.py
@ -188,5 +188,24 @@ class GroupTable:
            except Exception:
                return False

+    def remove_user_from_all_groups(self, user_id: str) -> bool:
+        with get_db() as db:
+            try:
+                groups = self.get_groups_by_member_id(user_id)
+
+                for group in groups:
+                    group.user_ids.remove(user_id)
+                    db.query(Group).filter_by(id=group.id).update(
+                        {
+                            "user_ids": group.user_ids,
+                            "updated_at": int(time.time()),
+                        }
+                    )
+                    db.commit()
+
+                return True
+            except Exception:
+                return False
+

 Groups = GroupTable()
--- a/backend/open_webui/models/users.py
+++ b/backend/open_webui/models/users.py
@ -2,7 +2,12 @@ import time
 from typing import Optional

 from open_webui.internal.db import Base, JSONField, get_db
+
+
 from open_webui.models.chats import Chats
+from open_webui.models.groups import Groups
+
+
 from pydantic import BaseModel, ConfigDict
 from sqlalchemy import BigInteger, Column, String, Text

@ -268,9 +273,11 @@ class UsersTable:

    def delete_user_by_id(self, id: str) -> bool:
        try:
+            # Remove User from Groups
+            Groups.remove_user_from_all_groups(id)
+
            # Delete User Chats
            result = Chats.delete_chats_by_user_id(id)
-
            if result:
                with get_db() as db:
                    # Delete User
--- a/src/lib/components/admin/Settings/Connections/OllamaConnection.svelte
+++ b/src/lib/components/admin/Settings/Connections/OllamaConnection.svelte
@ -9,6 +9,7 @@
 	import Cog6 from '$lib/components/icons/Cog6.svelte';
 	import Wrench from '$lib/components/icons/Wrench.svelte';
 	import ManageOllamaModal from './ManageOllamaModal.svelte';
+	import ArrowDownTray from '$lib/components/icons/ArrowDownTray.svelte';

 	export let onDelete = () => {};
 	export let onSubmit = () => {};
@ -70,7 +71,7 @@
 				}}
 				type="button"
 			>
-				<Wrench />
+				<ArrowDownTray />
 			</button>
 		</Tooltip>

--- a/src/lib/components/workspace/Knowledge/KnowledgeBase.svelte
+++ b/src/lib/components/workspace/Knowledge/KnowledgeBase.svelte
@ -620,6 +620,7 @@
 			onChange={() => {
 				changeDebounceHandler();
 			}}
+			accessRoles={['read', 'write']}
 		/>
 		<div class="w-full mb-2.5">
 			<div class=" flex w-full">
--- a/src/lib/components/workspace/Prompts/PromptEditor.svelte
+++ b/src/lib/components/workspace/Prompts/PromptEditor.svelte
@ -68,7 +68,11 @@
 	});
 </script>

-<AccessControlModal bind:show={showAccessControlModal} bind:accessControl />
+<AccessControlModal
+	bind:show={showAccessControlModal}
+	bind:accessControl
+	accessRoles={['read', 'write']}
+/>

 <div class="w-full max-h-full flex justify-center">
 	<form
--- a/src/lib/components/workspace/Tools/ToolkitEditor.svelte
+++ b/src/lib/components/workspace/Tools/ToolkitEditor.svelte
@ -179,7 +179,11 @@ class Tools:
 	};
 </script>

-<AccessControlModal bind:show={showAccessControlModal} bind:accessControl />
+<AccessControlModal
+	bind:show={showAccessControlModal}
+	bind:accessControl
+	accessRoles={['read', 'write']}
+/>

 <div class=" flex flex-col justify-between w-full overflow-y-auto h-full">
 	<div class="mx-auto w-full md:px-0 h-full">
--- a/src/lib/components/workspace/common/AccessControl.svelte
+++ b/src/lib/components/workspace/common/AccessControl.svelte
@ -12,6 +12,7 @@

 	export let onChange: Function = () => {};

+	export let accessRoles = ['read'];
 	export let accessControl = null;

 	let selectedGroupId = '';
@ -192,24 +193,25 @@
 										class=""
 										type="button"
 										on:click={() => {
-											if (accessControl.write.group_ids.includes(group.id)) {
-												accessControl.write.group_ids = accessControl.write.group_ids.filter(
-													(group_id) => group_id !== group.id
-												);
-											} else {
-												accessControl.write.group_ids = [
-													...accessControl.write.group_ids,
-													group.id
-												];
+											if (accessRoles.includes('write')) {
+												if (accessControl.write.group_ids.includes(group.id)) {
+													accessControl.write.group_ids = accessControl.write.group_ids.filter(
+														(group_id) => group_id !== group.id
+													);
+												} else {
+													accessControl.write.group_ids = [
+														...accessControl.write.group_ids,
+														group.id
+													];
+												}
 											}
 										}}
 									>
-										<Badge
-											type={accessControl.write.group_ids.includes(group.id) ? 'info' : 'success'}
-											content={$i18n.t(
-												accessControl.write.group_ids.includes(group.id) ? 'Write' : 'Read'
-											)}
-										/>
+										{#if accessControl.write.group_ids.includes(group.id)}
+											<Badge type={'success'} content={$i18n.t('Write')} />
+										{:else}
+											<Badge type={'info'} content={$i18n.t('Read')} />
+										{/if}
 									</button>

 									<button
--- a/src/lib/components/workspace/common/AccessControlModal.svelte
+++ b/src/lib/components/workspace/common/AccessControlModal.svelte
@ -7,6 +7,7 @@

 	export let show = false;
 	export let accessControl = null;
+	export let accessRoles = ['read'];

 	export let onChange = () => {};
 </script>
@ -37,7 +38,7 @@
 		</div>

 		<div class="w-full px-5 pb-4 dark:text-white">
-			<AccessControl bind:accessControl {onChange} />
+			<AccessControl bind:accessControl {onChange} {accessRoles} />
 		</div>
 	</div>
 </Modal>