OpenWebUI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-06-26 18:26:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

enh: notes user group permission

Browse Source
This commit is contained in:
Timothy Jaeryang Baek 2025-05-04 17:22:51 +04:00
parent f716968009
commit 84a05bec7b
8 changed files with 165 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
backend/open_webui/config.py
View File

@ -1137,6 +1137,10 @@ USER_PERMISSIONS_FEATURES_CODE_INTERPRETER = (
== "true"
)
USER_PERMISSIONS_FEATURES_NOTES = (
os.environ.get("USER_PERMISSIONS_FEATURES_NOTES", "True").lower() == "true"
)
DEFAULT_USER_PERMISSIONS = {
"workspace": {
@ -1170,6 +1174,7 @@ DEFAULT_USER_PERMISSIONS = {
"web_search": USER_PERMISSIONS_FEATURES_WEB_SEARCH,
"image_generation": USER_PERMISSIONS_FEATURES_IMAGE_GENERATION,
"code_interpreter": USER_PERMISSIONS_FEATURES_CODE_INTERPRETER,
"notes": USER_PERMISSIONS_FEATURES_NOTES,
},
}

67
backend/open_webui/routers/notes.py
View File

@ -15,7 +15,7 @@ from open_webui.env import SRC_LOG_LEVELS
from open_webui.utils.auth import get_admin_user, get_verified_user
from open_webui.utils.access_control import has_access
from open_webui.utils.access_control import has_permission
log = logging.getLogger(__name__)
log.setLevel(SRC_LOG_LEVELS["MODELS"])
@ -28,7 +28,16 @@ router = APIRouter()
@router.get("/", response_model=list[NoteUserResponse])
async def get_notes(user=Depends(get_verified_user)):
async def get_notes(request: Request, user=Depends(get_verified_user)):
if user.role != "admin" and not has_permission(
user.id, "features.notes", request.app.state.config.USER_PERMISSIONS
):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.UNAUTHORIZED,
)
notes = [
NoteUserResponse(
**{
@ -43,7 +52,16 @@ async def get_notes(user=Depends(get_verified_user)):
@router.get("/list", response_model=list[NoteUserResponse])
async def get_note_list(user=Depends(get_verified_user)):
async def get_note_list(request: Request, user=Depends(get_verified_user)):
if user.role != "admin" and not has_permission(
user.id, "features.notes", request.app.state.config.USER_PERMISSIONS
):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.UNAUTHORIZED,
)
notes = [
NoteUserResponse(
**{
@ -63,7 +81,18 @@ async def get_note_list(user=Depends(get_verified_user)):
@router.post("/create", response_model=Optional[NoteModel])
async def create_new_note(form_data: NoteForm, user=Depends(get_admin_user)):
async def create_new_note(
request: Request, form_data: NoteForm, user=Depends(get_verified_user)
):
if user.role != "admin" and not has_permission(
user.id, "features.notes", request.app.state.config.USER_PERMISSIONS
):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.UNAUTHORIZED,
)
try:
note = Notes.insert_new_note(form_data, user.id)
return note
@ -80,7 +109,15 @@ async def create_new_note(form_data: NoteForm, user=Depends(get_admin_user)):
@router.get("/{id}", response_model=Optional[NoteModel])
async def get_note_by_id(id: str, user=Depends(get_verified_user)):
async def get_note_by_id(request: Request, id: str, user=Depends(get_verified_user)):
if user.role != "admin" and not has_permission(
user.id, "features.notes", request.app.state.config.USER_PERMISSIONS
):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.UNAUTHORIZED,
)
note = Notes.get_note_by_id(id)
if not note:
raise HTTPException(
@ -104,8 +141,16 @@ async def get_note_by_id(id: str, user=Depends(get_verified_user)):
@router.post("/{id}/update", response_model=Optional[NoteModel])
async def update_note_by_id(
id: str, form_data: NoteForm, user=Depends(get_verified_user)
request: Request, id: str, form_data: NoteForm, user=Depends(get_verified_user)
):
if user.role != "admin" and not has_permission(
user.id, "features.notes", request.app.state.config.USER_PERMISSIONS
):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.UNAUTHORIZED,
)
note = Notes.get_note_by_id(id)
if not note:
raise HTTPException(
@ -135,7 +180,15 @@ async def update_note_by_id(
@router.delete("/{id}/delete", response_model=bool)
async def delete_note_by_id(id: str, user=Depends(get_verified_user)):
async def delete_note_by_id(request: Request, id: str, user=Depends(get_verified_user)):
if user.role != "admin" and not has_permission(
user.id, "features.notes", request.app.state.config.USER_PERMISSIONS
):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.UNAUTHORIZED,
)
note = Notes.get_note_by_id(id)
if not note:
raise HTTPException(

1
backend/open_webui/routers/users.py
View File

@ -129,6 +129,7 @@ class FeaturesPermissions(BaseModel):
web_search: bool = True
image_generation: bool = True
code_interpreter: bool = True
notes: bool = True
class UserPermissions(BaseModel):

3
src/lib/components/admin/Users/Groups.svelte
View File

@ -81,7 +81,8 @@
direct_tool_servers: false,
web_search: true,
image_generation: true,
code_interpreter: true
code_interpreter: true,
notes: true
}
};

11
src/lib/components/admin/Users/Groups/Permissions.svelte
View File

@ -37,7 +37,8 @@
direct_tool_servers: false,
web_search: true,
image_generation: true,
code_interpreter: true
code_interpreter: true,
notes: true
}
};
@ -380,5 +381,13 @@
<Switch bind:state={permissions.features.code_interpreter} />
</div>
<div class=" flex w-full justify-between my-2 pr-2">
<div class=" self-center text-xs font-medium">
{$i18n.t('Notes')}
</div>
<Switch bind:state={permissions.features.notes} />
</div>
</div>
</div>

2
src/lib/components/layout/Sidebar.svelte
View File

@ -570,7 +570,7 @@
</div>
{/if} -->
{#if $config?.features?.enable_notes ?? false}
{#if ($config?.features?.enable_notes ?? false) && ($user?.role === 'admin' || ($user?.permissions?.features?.notes ?? true))}
<div class="px-1.5 flex justify-center text-gray-800 dark:text-gray-200">
<a
class="grow flex items-center space-x-3 rounded-lg px-2 py-[7px] hover:bg-gray-100 dark:hover:bg-gray-900 transition"

13
src/lib/components/notes/NoteEditor.svelte
View File

@ -53,7 +53,9 @@
export let id: null | string = null;
let note = {
let note = null;
const newNote = {
title: '',
data: {
content: {
@ -85,8 +87,7 @@
note = res;
files = res.data.files || [];
} else {
toast.error($i18n.t('Note not found'));
goto('/notes');
goto('/');
return;
}
@ -101,6 +102,12 @@
}
debounceTimeout = setTimeout(async () => {
if (!note) {
return;
}
console.log('Saving note:', note);
const res = await updateNoteById(localStorage.token, id, {
...note,
title: note.title === '' ? $i18n.t('Untitled') : note.title

16
src/routes/(app)/notes/+layout.svelte
View File

@ -1,17 +1,27 @@
<script lang="ts">
import { onMount, getContext } from 'svelte';
import { WEBUI_NAME, showSidebar, functions, config, user, showArchivedChats } from '$lib/stores';
import { goto } from '$app/navigation';
import MenuLines from '$lib/components/icons/MenuLines.svelte';
import { page } from '$app/stores';
import UserMenu from '$lib/components/layout/Sidebar/UserMenu.svelte';
const i18n = getContext('i18n');
let loaded = false;
onMount(async () => {
if (!$config?.features?.enable_notes) {
if (
!(
($config?.features?.enable_notes ?? false) &&
($user?.role === 'admin' || ($user?.permissions?.features?.notes ?? true))
)
) {
// If the feature is not enabled, redirect to the home page
goto('/');
}
loaded = true;
});
</script>
@ -21,6 +31,7 @@
</title>
</svelte:head>
{#if loaded}
<div
class=" flex flex-col w-full h-screen max-h-[100dvh] transition-width duration-200 ease-in-out {$showSidebar
? 'md:max-w-[calc(100%-260px)]'
@ -89,3 +100,4 @@
<slot />
</div>
</div>
{/if}