open-webui/backend/open_webui/apps/webui/routers/users.py

296 lines
7.9 KiB
Python
Raw Normal View History

import logging
2024-08-27 22:10:27 +00:00
from typing import Optional
2023-11-19 08:13:59 +00:00
from open_webui.apps.webui.models.auths import Auths
from open_webui.apps.webui.models.chats import Chats
from open_webui.apps.webui.models.users import (
2024-05-27 05:47:42 +00:00
UserModel,
UserRoleUpdateForm,
Users,
2024-08-27 22:10:27 +00:00
UserSettings,
UserUpdateForm,
)
from open_webui.constants import ERROR_MESSAGES
from open_webui.env import SRC_LOG_LEVELS
2024-08-27 22:10:27 +00:00
from fastapi import APIRouter, Depends, HTTPException, Request, status
from pydantic import BaseModel
2024-12-09 00:01:56 +00:00
from open_webui.utils.auth import get_admin_user, get_password_hash, get_verified_user
2024-03-31 08:13:39 +00:00
log = logging.getLogger(__name__)
log.setLevel(SRC_LOG_LEVELS["MODELS"])
2023-11-19 08:13:59 +00:00
router = APIRouter()
############################
# GetUsers
############################
2024-08-14 12:46:31 +00:00
@router.get("/", response_model=list[UserModel])
2024-06-24 07:57:08 +00:00
async def get_users(skip: int = 0, limit: int = 50, user=Depends(get_admin_user)):
return Users.get_users(skip, limit)
2023-11-19 08:13:59 +00:00
2024-11-16 09:24:34 +00:00
############################
# User Groups
############################
@router.get("/groups")
async def get_user_groups(user=Depends(get_verified_user)):
return Users.get_user_groups(user.id)
2024-02-14 09:17:43 +00:00
############################
# User Permissions
############################
2024-11-16 09:24:34 +00:00
@router.get("/permissions")
async def get_user_permissisions(user=Depends(get_verified_user)):
return Users.get_user_groups(user.id)
############################
# User Default Permissions
############################
2024-11-15 09:29:07 +00:00
class WorkspacePermissions(BaseModel):
models: bool
knowledge: bool
prompts: bool
tools: bool
class ChatPermissions(BaseModel):
2024-11-16 10:31:04 +00:00
file_upload: bool
2024-11-15 09:29:07 +00:00
delete: bool
edit: bool
temporary: bool
class UserPermissions(BaseModel):
workspace: WorkspacePermissions
chat: ChatPermissions
2024-11-16 09:24:34 +00:00
@router.get("/default/permissions")
2024-02-14 09:17:43 +00:00
async def get_user_permissions(request: Request, user=Depends(get_admin_user)):
return request.app.state.config.USER_PERMISSIONS
2024-02-14 09:17:43 +00:00
2024-11-16 09:24:34 +00:00
@router.post("/default/permissions")
2024-02-14 09:17:43 +00:00
async def update_user_permissions(
2024-11-15 09:29:07 +00:00
request: Request, form_data: UserPermissions, user=Depends(get_admin_user)
2024-02-14 09:17:43 +00:00
):
2024-11-15 09:29:07 +00:00
request.app.state.config.USER_PERMISSIONS = form_data.model_dump()
return request.app.state.config.USER_PERMISSIONS
2024-02-14 09:17:43 +00:00
2024-01-06 05:02:49 +00:00
############################
# UpdateUserRole
############################
@router.post("/update/role", response_model=Optional[UserModel])
2024-06-24 07:57:08 +00:00
async def update_user_role(form_data: UserRoleUpdateForm, user=Depends(get_admin_user)):
if user.id != form_data.id and form_data.id != Users.get_first_user().id:
return Users.update_user_role_by_id(form_data.id, form_data.role)
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACTION_PROHIBITED,
)
2024-01-06 05:02:49 +00:00
2024-05-27 05:47:42 +00:00
############################
# GetUserSettingsBySessionUser
############################
@router.get("/user/settings", response_model=Optional[UserSettings])
2024-06-24 07:57:08 +00:00
async def get_user_settings_by_session_user(user=Depends(get_verified_user)):
user = Users.get_user_by_id(user.id)
2024-05-27 05:47:42 +00:00
if user:
return user.settings
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
############################
# UpdateUserSettingsBySessionUser
############################
@router.post("/user/settings/update", response_model=UserSettings)
async def update_user_settings_by_session_user(
form_data: UserSettings, user=Depends(get_verified_user)
2024-05-27 05:47:42 +00:00
):
user = Users.update_user_by_id(user.id, {"settings": form_data.model_dump()})
2024-05-27 05:47:42 +00:00
if user:
return user.settings
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
2024-06-16 22:32:26 +00:00
############################
# GetUserInfoBySessionUser
############################
@router.get("/user/info", response_model=Optional[dict])
2024-06-24 07:57:08 +00:00
async def get_user_info_by_session_user(user=Depends(get_verified_user)):
user = Users.get_user_by_id(user.id)
2024-06-16 22:32:26 +00:00
if user:
return user.info
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
############################
# UpdateUserInfoBySessionUser
############################
@router.post("/user/info/update", response_model=Optional[dict])
async def update_user_info_by_session_user(
form_data: dict, user=Depends(get_verified_user)
2024-06-16 22:32:26 +00:00
):
user = Users.get_user_by_id(user.id)
2024-06-16 22:32:26 +00:00
if user:
if user.info is None:
user.info = {}
2024-06-24 07:57:08 +00:00
user = Users.update_user_by_id(user.id, {"info": {**user.info, **form_data}})
2024-06-16 22:32:26 +00:00
if user:
return user.info
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
2024-05-18 21:19:48 +00:00
############################
# GetUserById
############################
class UserResponse(BaseModel):
name: str
profile_image_url: str
@router.get("/{user_id}", response_model=UserResponse)
2024-06-24 07:57:08 +00:00
async def get_user_by_id(user_id: str, user=Depends(get_verified_user)):
2024-05-27 05:47:42 +00:00
# Check if user_id is a shared chat
# If it is, get the user_id from the chat
2024-05-18 22:23:36 +00:00
if user_id.startswith("shared-"):
chat_id = user_id.replace("shared-", "")
chat = Chats.get_chat_by_id(chat_id)
2024-05-18 22:23:36 +00:00
if chat:
user_id = chat.user_id
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
user = Users.get_user_by_id(user_id)
2024-05-18 21:19:48 +00:00
if user:
return UserResponse(name=user.name, profile_image_url=user.profile_image_url)
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
2023-11-19 08:13:59 +00:00
############################
2024-01-06 04:59:56 +00:00
# UpdateUserById
2023-11-19 08:13:59 +00:00
############################
2024-01-06 04:59:56 +00:00
@router.post("/{user_id}/update", response_model=Optional[UserModel])
async def update_user_by_id(
user_id: str,
form_data: UserUpdateForm,
session_user=Depends(get_admin_user),
2024-01-06 04:59:56 +00:00
):
user = Users.get_user_by_id(user_id)
2024-01-06 04:59:56 +00:00
if user:
2024-01-06 10:51:57 +00:00
if form_data.email.lower() != user.email:
email_user = Users.get_user_by_email(form_data.email.lower())
2024-01-06 04:59:56 +00:00
if email_user:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.EMAIL_TAKEN,
)
if form_data.password:
hashed = get_password_hash(form_data.password)
log.debug(f"hashed: {hashed}")
Auths.update_user_password_by_id(user_id, hashed)
2024-01-06 04:59:56 +00:00
Auths.update_email_by_id(user_id, form_data.email.lower())
2024-01-06 04:59:56 +00:00
updated_user = Users.update_user_by_id(
user_id,
{
"name": form_data.name,
2024-01-06 10:51:57 +00:00
"email": form_data.email.lower(),
2024-01-06 04:59:56 +00:00
"profile_image_url": form_data.profile_image_url,
},
)
if updated_user:
return updated_user
2023-11-19 08:13:59 +00:00
raise HTTPException(
2024-01-06 04:59:56 +00:00
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.DEFAULT(),
2023-11-19 08:13:59 +00:00
)
2023-12-29 07:02:49 +00:00
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
2023-12-29 07:02:49 +00:00
############################
2023-12-29 07:24:51 +00:00
# DeleteUserById
2023-12-29 07:02:49 +00:00
############################
@router.delete("/{user_id}", response_model=bool)
2024-06-24 07:57:08 +00:00
async def delete_user_by_id(user_id: str, user=Depends(get_admin_user)):
if user.id != user_id:
result = Auths.delete_auth_by_id(user_id)
if result:
return True
2023-12-29 07:02:49 +00:00
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=ERROR_MESSAGES.DELETE_USER_ERROR,
2023-12-29 07:02:49 +00:00
)
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACTION_PROHIBITED,
)