From f8b941fb963d6aa0efc8d2de2e8a9116a39d229e Mon Sep 17 00:00:00 2001
From: Timothy Jaeryang Baek <tim@openwebui.com>
Date: Tue, 3 Jun 2025 17:24:31 +0400
Subject: [PATCH] refac

---
 backend/open_webui/routers/notes.py | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/backend/open_webui/routers/notes.py b/backend/open_webui/routers/notes.py
index 5ad5ff051..09bcb97e8 100644
--- a/backend/open_webui/routers/notes.py
+++ b/backend/open_webui/routers/notes.py
@@ -124,10 +124,8 @@ async def get_note_by_id(request: Request, id: str, user=Depends(get_verified_us
             status_code=status.HTTP_404_NOT_FOUND, detail=ERROR_MESSAGES.NOT_FOUND
         )
 
-    if (
-        user.role != "admin"
-        and user.id != note.user_id
-        and not has_access(user.id, type="read", access_control=note.access_control)
+    if (user.role != "admin" and user.id != note.user_id) or (
+        not has_access(user.id, type="read", access_control=note.access_control)
     ):
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.DEFAULT()
@@ -159,10 +157,8 @@ async def update_note_by_id(
             status_code=status.HTTP_404_NOT_FOUND, detail=ERROR_MESSAGES.NOT_FOUND
         )
 
-    if (
-        user.role != "admin"
-        and user.id != note.user_id
-        and not has_access(user.id, type="write", access_control=note.access_control)
+    if (user.role != "admin" and user.id != note.user_id) or (
+        not has_access(user.id, type="write", access_control=note.access_control)
     ):
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.DEFAULT()
@@ -199,10 +195,8 @@ async def delete_note_by_id(request: Request, id: str, user=Depends(get_verified
             status_code=status.HTTP_404_NOT_FOUND, detail=ERROR_MESSAGES.NOT_FOUND
         )
 
-    if (
-        user.role != "admin"
-        and user.id != note.user_id
-        and not has_access(user.id, type="write", access_control=note.access_control)
+    if (user.role != "admin" and user.id != note.user_id) or (
+        not has_access(user.id, type="write", access_control=note.access_control)
     ):
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.DEFAULT()