mirror of
https://github.com/open-webui/open-webui
synced 2025-06-12 09:23:05 +00:00
Add toggle to read/write perms on access control
This commit is contained in:
parent
cd20c578d2
commit
49eca68e28
@ -213,8 +213,8 @@ async def update_knowledge_by_id(
|
|||||||
status_code=status.HTTP_400_BAD_REQUEST,
|
status_code=status.HTTP_400_BAD_REQUEST,
|
||||||
detail=ERROR_MESSAGES.NOT_FOUND,
|
detail=ERROR_MESSAGES.NOT_FOUND,
|
||||||
)
|
)
|
||||||
|
# Is the user the original creator, in a group with write access, or an admin
|
||||||
if knowledge.user_id != user.id and user.role != "admin":
|
if knowledge.user_id != user.id and not has_access(user.id, "write", knowledge.access_control) and user.role != "admin":
|
||||||
raise HTTPException(
|
raise HTTPException(
|
||||||
status_code=status.HTTP_400_BAD_REQUEST,
|
status_code=status.HTTP_400_BAD_REQUEST,
|
||||||
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
|
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
|
||||||
|
@ -111,8 +111,9 @@ async def update_prompt_by_command(
|
|||||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||||
detail=ERROR_MESSAGES.NOT_FOUND,
|
detail=ERROR_MESSAGES.NOT_FOUND,
|
||||||
)
|
)
|
||||||
|
|
||||||
if prompt.user_id != user.id and user.role != "admin":
|
# Is the user the original creator, in a group with write access, or an admin
|
||||||
|
if prompt.user_id != user.id and not has_access(user.id, "write", prompt.access_control) and user.role != "admin":
|
||||||
raise HTTPException(
|
raise HTTPException(
|
||||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||||
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
|
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
|
||||||
|
@ -165,7 +165,8 @@ async def update_tools_by_id(
|
|||||||
detail=ERROR_MESSAGES.NOT_FOUND,
|
detail=ERROR_MESSAGES.NOT_FOUND,
|
||||||
)
|
)
|
||||||
|
|
||||||
if tools.user_id != user.id and user.role != "admin":
|
# Is the user the original creator, in a group with write access, or an admin
|
||||||
|
if tools.user_id != user.id and not has_access(user.id, "write", tools.access_control) and user.role != "admin":
|
||||||
raise HTTPException(
|
raise HTTPException(
|
||||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||||
detail=ERROR_MESSAGES.UNAUTHORIZED,
|
detail=ERROR_MESSAGES.UNAUTHORIZED,
|
||||||
|
@ -21,6 +21,7 @@
|
|||||||
} from '$lib/apis/models';
|
} from '$lib/apis/models';
|
||||||
|
|
||||||
import { getModels } from '$lib/apis';
|
import { getModels } from '$lib/apis';
|
||||||
|
import { getGroups } from '$lib/apis/groups';
|
||||||
|
|
||||||
import EllipsisHorizontal from '../icons/EllipsisHorizontal.svelte';
|
import EllipsisHorizontal from '../icons/EllipsisHorizontal.svelte';
|
||||||
import ModelMenu from './Models/ModelMenu.svelte';
|
import ModelMenu from './Models/ModelMenu.svelte';
|
||||||
@ -47,6 +48,8 @@
|
|||||||
|
|
||||||
let showModelDeleteConfirm = false;
|
let showModelDeleteConfirm = false;
|
||||||
|
|
||||||
|
let group_ids = [];
|
||||||
|
|
||||||
$: if (models) {
|
$: if (models) {
|
||||||
filteredModels = models.filter(
|
filteredModels = models.filter(
|
||||||
(m) => searchValue === '' || m.name.toLowerCase().includes(searchValue.toLowerCase())
|
(m) => searchValue === '' || m.name.toLowerCase().includes(searchValue.toLowerCase())
|
||||||
@ -151,6 +154,9 @@
|
|||||||
|
|
||||||
onMount(async () => {
|
onMount(async () => {
|
||||||
models = await getWorkspaceModels(localStorage.token);
|
models = await getWorkspaceModels(localStorage.token);
|
||||||
|
let groups = await getGroups(localStorage.token);
|
||||||
|
group_ids = groups.map(group => group.id);
|
||||||
|
|
||||||
|
|
||||||
loaded = true;
|
loaded = true;
|
||||||
|
|
||||||
@ -308,7 +314,7 @@
|
|||||||
</button>
|
</button>
|
||||||
</Tooltip>
|
</Tooltip>
|
||||||
{:else}
|
{:else}
|
||||||
{#if $user?.role === 'admin' || model.user_id === $user?.id}
|
{#if $user?.role === 'admin' || model.user_id === $user?.id || model.access_control.write.group_ids.some(wg => group_ids.includes(wg))}
|
||||||
<a
|
<a
|
||||||
class="self-center w-fit text-sm px-2 py-2 dark:text-gray-300 dark:hover:text-white hover:bg-black/5 dark:hover:bg-white/5 rounded-xl"
|
class="self-center w-fit text-sm px-2 py-2 dark:text-gray-300 dark:hover:text-white hover:bg-black/5 dark:hover:bg-white/5 rounded-xl"
|
||||||
type="button"
|
type="button"
|
||||||
|
@ -8,6 +8,7 @@
|
|||||||
import Plus from '$lib/components/icons/Plus.svelte';
|
import Plus from '$lib/components/icons/Plus.svelte';
|
||||||
import UserCircleSolid from '$lib/components/icons/UserCircleSolid.svelte';
|
import UserCircleSolid from '$lib/components/icons/UserCircleSolid.svelte';
|
||||||
import XMark from '$lib/components/icons/XMark.svelte';
|
import XMark from '$lib/components/icons/XMark.svelte';
|
||||||
|
import Badge from '$lib/components/common/Badge.svelte';
|
||||||
|
|
||||||
export let onChange: Function = () => {};
|
export let onChange: Function = () => {};
|
||||||
|
|
||||||
@ -91,6 +92,9 @@
|
|||||||
accessControl = {
|
accessControl = {
|
||||||
read: {
|
read: {
|
||||||
group_ids: []
|
group_ids: []
|
||||||
|
},
|
||||||
|
write: {
|
||||||
|
group_ids: []
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@ -110,7 +114,6 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
{#if accessControl !== null}
|
{#if accessControl !== null}
|
||||||
{@const accessGroups = groups.filter((group) =>
|
{@const accessGroups = groups.filter((group) =>
|
||||||
accessControl.read.group_ids.includes(group.id)
|
accessControl.read.group_ids.includes(group.id)
|
||||||
@ -138,6 +141,27 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="w-full flex justify-end">
|
<div class="w-full flex justify-end">
|
||||||
|
<button
|
||||||
|
class=" translate-y-0.5"
|
||||||
|
type="button"
|
||||||
|
on:click={() => {
|
||||||
|
if (accessControl.write.group_ids.includes(group.id)) {
|
||||||
|
accessControl.write.group_ids = accessControl.write.group_ids.filter(
|
||||||
|
(group_id) => group_id !== group.id)
|
||||||
|
} else {
|
||||||
|
accessControl.write.group_ids = [
|
||||||
|
...accessControl.write.group_ids,
|
||||||
|
group.id
|
||||||
|
];
|
||||||
|
}
|
||||||
|
}}
|
||||||
|
>
|
||||||
|
<Badge
|
||||||
|
type={accessControl.write.group_ids.includes(group.id) ? 'info' : 'success'}
|
||||||
|
content={$i18n.t(accessControl.write.group_ids.includes(group.id) ? "Write" : "Read")}
|
||||||
|
/>
|
||||||
|
</button>
|
||||||
|
|
||||||
<button
|
<button
|
||||||
class=" rounded-full p-1 hover:bg-gray-100 dark:hover:bg-gray-850 transition"
|
class=" rounded-full p-1 hover:bg-gray-100 dark:hover:bg-gray-850 transition"
|
||||||
type="button"
|
type="button"
|
||||||
|
Loading…
Reference in New Issue
Block a user