refac: access controls

2025-06-26 18:26:48 +00:00 · 2025-01-20 23:20:47 -08:00
parent aa442f694b
commit 45f4bc18f8
8 changed files with 59 additions and 20 deletions
--- a/backend/open_webui/models/groups.py
+++ b/backend/open_webui/models/groups.py
@@ -188,5 +188,24 @@ class GroupTable:
            except Exception:
                return False

+    def remove_user_from_all_groups(self, user_id: str) -> bool:
+        with get_db() as db:
+            try:
+                groups = self.get_groups_by_member_id(user_id)
+
+                for group in groups:
+                    group.user_ids.remove(user_id)
+                    db.query(Group).filter_by(id=group.id).update(
+                        {
+                            "user_ids": group.user_ids,
+                            "updated_at": int(time.time()),
+                        }
+                    )
+                    db.commit()
+
+                return True
+            except Exception:
+                return False
+

 Groups = GroupTable()
--- a/backend/open_webui/models/users.py
+++ b/backend/open_webui/models/users.py
@@ -2,7 +2,12 @@ import time
 from typing import Optional

 from open_webui.internal.db import Base, JSONField, get_db
+
+
 from open_webui.models.chats import Chats
+from open_webui.models.groups import Groups
+
+
 from pydantic import BaseModel, ConfigDict
 from sqlalchemy import BigInteger, Column, String, Text

@@ -268,9 +273,11 @@ class UsersTable:

    def delete_user_by_id(self, id: str) -> bool:
        try:
+            # Remove User from Groups
+            Groups.remove_user_from_all_groups(id)
+
            # Delete User Chats
            result = Chats.delete_chats_by_user_id(id)
-
            if result:
                with get_db() as db:
                    # Delete User