OpenWebUI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-06-12 09:23:05 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Add toggle to read/write perms on access control

Browse Source
This commit is contained in:
tarmst 2025-01-10 18:44:26 +00:00
parent cd20c578d2
commit 49eca68e28
5 changed files with 39 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
backend/open_webui/routers/knowledge.py
View File

@ -213,8 +213,8 @@ async def update_knowledge_by_id(
status_code=status.HTTP_400_BAD_REQUEST, status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.NOT_FOUND, detail=ERROR_MESSAGES.NOT_FOUND,
) )
# Is the user the original creator, in a group with write access, or an admin
if knowledge.user_id != user.id and user.role != "admin": if knowledge.user_id != user.id and not has_access(user.id, "write", knowledge.access_control) and user.role != "admin":
raise HTTPException( raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST, status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED, detail=ERROR_MESSAGES.ACCESS_PROHIBITED,

5
backend/open_webui/routers/prompts.py
View File

@ -111,8 +111,9 @@ async def update_prompt_by_command(
status_code=status.HTTP_401_UNAUTHORIZED, status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.NOT_FOUND, detail=ERROR_MESSAGES.NOT_FOUND,
) )
if prompt.user_id != user.id and user.role != "admin": # Is the user the original creator, in a group with write access, or an admin
if prompt.user_id != user.id and not has_access(user.id, "write", prompt.access_control) and user.role != "admin":
raise HTTPException( raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED, detail=ERROR_MESSAGES.ACCESS_PROHIBITED,

3
backend/open_webui/routers/tools.py
View File

@ -165,7 +165,8 @@ async def update_tools_by_id(
detail=ERROR_MESSAGES.NOT_FOUND, detail=ERROR_MESSAGES.NOT_FOUND,
) )
if tools.user_id != user.id and user.role != "admin": # Is the user the original creator, in a group with write access, or an admin
if tools.user_id != user.id and not has_access(user.id, "write", tools.access_control) and user.role != "admin":
raise HTTPException( raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.UNAUTHORIZED, detail=ERROR_MESSAGES.UNAUTHORIZED,

8
src/lib/components/workspace/Models.svelte
View File

@ -21,6 +21,7 @@
} from '$lib/apis/models'; } from '$lib/apis/models';
import { getModels } from '$lib/apis'; import { getModels } from '$lib/apis';
import { getGroups } from '$lib/apis/groups';
import EllipsisHorizontal from '../icons/EllipsisHorizontal.svelte'; import EllipsisHorizontal from '../icons/EllipsisHorizontal.svelte';
import ModelMenu from './Models/ModelMenu.svelte'; import ModelMenu from './Models/ModelMenu.svelte';
@ -47,6 +48,8 @@
let showModelDeleteConfirm = false; let showModelDeleteConfirm = false;
let group_ids = [];
$: if (models) { $: if (models) {
filteredModels = models.filter( filteredModels = models.filter(
(m) => searchValue === '' || m.name.toLowerCase().includes(searchValue.toLowerCase()) (m) => searchValue === '' || m.name.toLowerCase().includes(searchValue.toLowerCase())
@ -151,6 +154,9 @@
onMount(async () => { onMount(async () => {
models = await getWorkspaceModels(localStorage.token); models = await getWorkspaceModels(localStorage.token);
let groups = await getGroups(localStorage.token);
group_ids = groups.map(group => group.id);
loaded = true; loaded = true;
@ -308,7 +314,7 @@
</button> </button>
</Tooltip> </Tooltip>
{:else} {:else}
{#if $user?.role === 'admin' || model.user_id === $user?.id} {#if $user?.role === 'admin' || model.user_id === $user?.id || model.access_control.write.group_ids.some(wg => group_ids.includes(wg))}
<a <a
class="self-center w-fit text-sm px-2 py-2 dark:text-gray-300 dark:hover:text-white hover:bg-black/5 dark:hover:bg-white/5 rounded-xl" class="self-center w-fit text-sm px-2 py-2 dark:text-gray-300 dark:hover:text-white hover:bg-black/5 dark:hover:bg-white/5 rounded-xl"
type="button" type="button"

26
src/lib/components/workspace/common/AccessControl.svelte
View File

@ -8,6 +8,7 @@
import Plus from '$lib/components/icons/Plus.svelte'; import Plus from '$lib/components/icons/Plus.svelte';
import UserCircleSolid from '$lib/components/icons/UserCircleSolid.svelte'; import UserCircleSolid from '$lib/components/icons/UserCircleSolid.svelte';
import XMark from '$lib/components/icons/XMark.svelte'; import XMark from '$lib/components/icons/XMark.svelte';
import Badge from '$lib/components/common/Badge.svelte';
export let onChange: Function = () => {}; export let onChange: Function = () => {};
@ -91,6 +92,9 @@
accessControl = { accessControl = {
read: { read: {
group_ids: [] group_ids: []
},
write: {
group_ids: []
} }
}; };
} }
@ -110,7 +114,6 @@
</div> </div>
</div> </div>
</div> </div>
{#if accessControl !== null} {#if accessControl !== null}
{@const accessGroups = groups.filter((group) => {@const accessGroups = groups.filter((group) =>
accessControl.read.group_ids.includes(group.id) accessControl.read.group_ids.includes(group.id)
@ -138,6 +141,27 @@
</div> </div>
<div class="w-full flex justify-end"> <div class="w-full flex justify-end">
<button
class=" translate-y-0.5"
type="button"
on:click={() => {
if (accessControl.write.group_ids.includes(group.id)) {
accessControl.write.group_ids = accessControl.write.group_ids.filter(
(group_id) => group_id !== group.id)
} else {
accessControl.write.group_ids = [
...accessControl.write.group_ids,
group.id
];
}
}}
>
<Badge
type={accessControl.write.group_ids.includes(group.id) ? 'info' : 'success'}
content={$i18n.t(accessControl.write.group_ids.includes(group.id) ? "Write" : "Read")}
/>
</button>
<button <button
class=" rounded-full p-1 hover:bg-gray-100 dark:hover:bg-gray-850 transition" class=" rounded-full p-1 hover:bg-gray-100 dark:hover:bg-gray-850 transition"
type="button" type="button"