open-webui/backend/open_webui/routers/users.py

327 lines
8.8 KiB
Python
Raw Normal View History

import logging
2024-08-27 22:10:27 +00:00
from typing import Optional
2023-11-19 08:13:59 +00:00
2024-12-10 08:54:13 +00:00
from open_webui.models.auths import Auths
from open_webui.models.chats import Chats
from open_webui.models.users import (
2024-05-27 05:47:42 +00:00
UserModel,
UserRoleUpdateForm,
Users,
2024-08-27 22:10:27 +00:00
UserSettings,
UserUpdateForm,
)
2024-12-27 07:29:33 +00:00
from open_webui.socket.main import get_active_status_by_user_id
from open_webui.constants import ERROR_MESSAGES
from open_webui.env import SRC_LOG_LEVELS
2024-08-27 22:10:27 +00:00
from fastapi import APIRouter, Depends, HTTPException, Request, status
from pydantic import BaseModel
2024-12-09 00:01:56 +00:00
from open_webui.utils.auth import get_admin_user, get_password_hash, get_verified_user
2024-03-31 08:13:39 +00:00
log = logging.getLogger(__name__)
log.setLevel(SRC_LOG_LEVELS["MODELS"])
2023-11-19 08:13:59 +00:00
router = APIRouter()
############################
# GetUsers
############################
2024-08-14 12:46:31 +00:00
@router.get("/", response_model=list[UserModel])
2024-12-25 20:39:04 +00:00
async def get_users(
skip: Optional[int] = None,
limit: Optional[int] = None,
user=Depends(get_admin_user),
):
return Users.get_users(skip, limit)
2023-11-19 08:13:59 +00:00
2024-11-16 09:24:34 +00:00
############################
# User Groups
############################
@router.get("/groups")
async def get_user_groups(user=Depends(get_verified_user)):
return Users.get_user_groups(user.id)
2024-02-14 09:17:43 +00:00
############################
# User Permissions
############################
2024-11-16 09:24:34 +00:00
@router.get("/permissions")
async def get_user_permissisions(user=Depends(get_verified_user)):
return Users.get_user_groups(user.id)
############################
# User Default Permissions
############################
2024-11-15 09:29:07 +00:00
class WorkspacePermissions(BaseModel):
2025-01-16 07:01:43 +00:00
models: bool = False
knowledge: bool = False
prompts: bool = False
tools: bool = False
2024-11-15 09:29:07 +00:00
class ChatPermissions(BaseModel):
2025-01-16 07:01:43 +00:00
controls: bool = True
file_upload: bool = True
delete: bool = True
edit: bool = True
temporary: bool = True
class FeaturesPermissions(BaseModel):
web_search: bool = True
image_generation: bool = True
2024-11-15 09:29:07 +00:00
class UserPermissions(BaseModel):
workspace: WorkspacePermissions
chat: ChatPermissions
2025-01-16 07:01:43 +00:00
features: FeaturesPermissions
2024-11-15 09:29:07 +00:00
2025-01-16 07:01:43 +00:00
@router.get("/default/permissions", response_model=UserPermissions)
2024-02-14 09:17:43 +00:00
async def get_user_permissions(request: Request, user=Depends(get_admin_user)):
2025-01-16 07:01:43 +00:00
return {
"workspace": WorkspacePermissions(
**request.app.state.config.USER_PERMISSIONS.get("workspace", {})
),
"chat": ChatPermissions(
**request.app.state.config.USER_PERMISSIONS.get("chat", {})
),
"features": FeaturesPermissions(
**request.app.state.config.USER_PERMISSIONS.get("features", {})
),
}
2024-02-14 09:17:43 +00:00
2024-11-16 09:24:34 +00:00
@router.post("/default/permissions")
2024-02-14 09:17:43 +00:00
async def update_user_permissions(
2024-11-15 09:29:07 +00:00
request: Request, form_data: UserPermissions, user=Depends(get_admin_user)
2024-02-14 09:17:43 +00:00
):
2024-11-15 09:29:07 +00:00
request.app.state.config.USER_PERMISSIONS = form_data.model_dump()
return request.app.state.config.USER_PERMISSIONS
2024-02-14 09:17:43 +00:00
2024-01-06 05:02:49 +00:00
############################
# UpdateUserRole
############################
@router.post("/update/role", response_model=Optional[UserModel])
2024-06-24 07:57:08 +00:00
async def update_user_role(form_data: UserRoleUpdateForm, user=Depends(get_admin_user)):
if user.id != form_data.id and form_data.id != Users.get_first_user().id:
return Users.update_user_role_by_id(form_data.id, form_data.role)
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACTION_PROHIBITED,
)
2024-01-06 05:02:49 +00:00
2024-05-27 05:47:42 +00:00
############################
# GetUserSettingsBySessionUser
############################
@router.get("/user/settings", response_model=Optional[UserSettings])
2024-06-24 07:57:08 +00:00
async def get_user_settings_by_session_user(user=Depends(get_verified_user)):
user = Users.get_user_by_id(user.id)
2024-05-27 05:47:42 +00:00
if user:
return user.settings
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
############################
# UpdateUserSettingsBySessionUser
############################
@router.post("/user/settings/update", response_model=UserSettings)
async def update_user_settings_by_session_user(
form_data: UserSettings, user=Depends(get_verified_user)
2024-05-27 05:47:42 +00:00
):
user = Users.update_user_by_id(user.id, {"settings": form_data.model_dump()})
2024-05-27 05:47:42 +00:00
if user:
return user.settings
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
2024-06-16 22:32:26 +00:00
############################
# GetUserInfoBySessionUser
############################
@router.get("/user/info", response_model=Optional[dict])
2024-06-24 07:57:08 +00:00
async def get_user_info_by_session_user(user=Depends(get_verified_user)):
user = Users.get_user_by_id(user.id)
2024-06-16 22:32:26 +00:00
if user:
return user.info
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
############################
# UpdateUserInfoBySessionUser
############################
@router.post("/user/info/update", response_model=Optional[dict])
async def update_user_info_by_session_user(
form_data: dict, user=Depends(get_verified_user)
2024-06-16 22:32:26 +00:00
):
user = Users.get_user_by_id(user.id)
2024-06-16 22:32:26 +00:00
if user:
if user.info is None:
user.info = {}
2024-06-24 07:57:08 +00:00
user = Users.update_user_by_id(user.id, {"info": {**user.info, **form_data}})
2024-06-16 22:32:26 +00:00
if user:
return user.info
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
2024-05-18 21:19:48 +00:00
############################
# GetUserById
############################
class UserResponse(BaseModel):
name: str
profile_image_url: str
2024-12-27 07:29:33 +00:00
active: Optional[bool] = None
2024-05-18 21:19:48 +00:00
@router.get("/{user_id}", response_model=UserResponse)
2024-06-24 07:57:08 +00:00
async def get_user_by_id(user_id: str, user=Depends(get_verified_user)):
2024-05-27 05:47:42 +00:00
# Check if user_id is a shared chat
# If it is, get the user_id from the chat
2024-05-18 22:23:36 +00:00
if user_id.startswith("shared-"):
chat_id = user_id.replace("shared-", "")
chat = Chats.get_chat_by_id(chat_id)
2024-05-18 22:23:36 +00:00
if chat:
user_id = chat.user_id
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
user = Users.get_user_by_id(user_id)
2024-05-18 21:19:48 +00:00
if user:
2024-12-27 07:29:33 +00:00
return UserResponse(
**{
"name": user.name,
"profile_image_url": user.profile_image_url,
"active": get_active_status_by_user_id(user_id),
}
)
2024-05-18 21:19:48 +00:00
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
2023-11-19 08:13:59 +00:00
############################
2024-01-06 04:59:56 +00:00
# UpdateUserById
2023-11-19 08:13:59 +00:00
############################
2024-01-06 04:59:56 +00:00
@router.post("/{user_id}/update", response_model=Optional[UserModel])
async def update_user_by_id(
user_id: str,
form_data: UserUpdateForm,
session_user=Depends(get_admin_user),
2024-01-06 04:59:56 +00:00
):
user = Users.get_user_by_id(user_id)
2024-01-06 04:59:56 +00:00
if user:
2024-01-06 10:51:57 +00:00
if form_data.email.lower() != user.email:
email_user = Users.get_user_by_email(form_data.email.lower())
2024-01-06 04:59:56 +00:00
if email_user:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.EMAIL_TAKEN,
)
if form_data.password:
hashed = get_password_hash(form_data.password)
log.debug(f"hashed: {hashed}")
Auths.update_user_password_by_id(user_id, hashed)
2024-01-06 04:59:56 +00:00
Auths.update_email_by_id(user_id, form_data.email.lower())
2024-01-06 04:59:56 +00:00
updated_user = Users.update_user_by_id(
user_id,
{
"name": form_data.name,
2024-01-06 10:51:57 +00:00
"email": form_data.email.lower(),
2024-01-06 04:59:56 +00:00
"profile_image_url": form_data.profile_image_url,
},
)
if updated_user:
return updated_user
2023-11-19 08:13:59 +00:00
raise HTTPException(
2024-01-06 04:59:56 +00:00
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.DEFAULT(),
2023-11-19 08:13:59 +00:00
)
2023-12-29 07:02:49 +00:00
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
)
2023-12-29 07:02:49 +00:00
############################
2023-12-29 07:24:51 +00:00
# DeleteUserById
2023-12-29 07:02:49 +00:00
############################
@router.delete("/{user_id}", response_model=bool)
2024-06-24 07:57:08 +00:00
async def delete_user_by_id(user_id: str, user=Depends(get_admin_user)):
if user.id != user_id:
result = Auths.delete_auth_by_id(user_id)
if result:
return True
2023-12-29 07:02:49 +00:00
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=ERROR_MESSAGES.DELETE_USER_ERROR,
2023-12-29 07:02:49 +00:00
)
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACTION_PROHIBITED,
)