From 565f40c64250c69ec1f7a5a296c85f0d7dbd4a6b Mon Sep 17 00:00:00 2001
From: Jun Siang Cheah <git@jscheah.me>
Date: Sun, 4 Aug 2024 15:16:14 +0100
Subject: [PATCH] feat: add ENABLE_ADMIN_CHAT_ACCESS to control admin access to
user chats
---
backend/apps/webui/routers/chats.py | 9 +++++++--
backend/config.py | 4 ++++
backend/main.py | 2 ++
src/lib/stores/index.ts | 1 +
src/routes/(app)/admin/+page.svelte | 2 +-
5 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/backend/apps/webui/routers/chats.py b/backend/apps/webui/routers/chats.py
index 80308a451..26eefd4af 100644
--- a/backend/apps/webui/routers/chats.py
+++ b/backend/apps/webui/routers/chats.py
@@ -28,7 +28,7 @@ from apps.webui.models.tags import (
from constants import ERROR_MESSAGES
-from config import SRC_LOG_LEVELS, ENABLE_ADMIN_EXPORT
+from config import SRC_LOG_LEVELS, ENABLE_ADMIN_EXPORT, ENABLE_ADMIN_CHAT_ACCESS
log = logging.getLogger(__name__)
log.setLevel(SRC_LOG_LEVELS["MODELS"])
@@ -81,6 +81,11 @@ async def get_user_chat_list_by_user_id(
skip: int = 0,
limit: int = 50,
):
+ if not ENABLE_ADMIN_CHAT_ACCESS:
+ raise HTTPException(
+ status_code=status.HTTP_401_UNAUTHORIZED,
+ detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
+ )
return Chats.get_chat_list_by_user_id(
user_id, include_archived=True, skip=skip, limit=limit
)
@@ -183,7 +188,7 @@ async def get_shared_chat_by_id(share_id: str, user=Depends(get_verified_user)):
if user.role == "user":
chat = Chats.get_chat_by_share_id(share_id)
- elif user.role == "admin":
+ elif user.role == "admin" and ENABLE_ADMIN_CHAT_ACCESS:
chat = Chats.get_chat_by_id(share_id)
if chat:
diff --git a/backend/config.py b/backend/config.py
index e976b226d..5e7d000c6 100644
--- a/backend/config.py
+++ b/backend/config.py
@@ -824,6 +824,10 @@ WEBHOOK_URL = PersistentConfig(
ENABLE_ADMIN_EXPORT = os.environ.get("ENABLE_ADMIN_EXPORT", "True").lower() == "true"
+ENABLE_ADMIN_CHAT_ACCESS = (
+ os.environ.get("ENABLE_ADMIN_CHAT_ACCESS", "True").lower() == "true"
+)
+
ENABLE_COMMUNITY_SHARING = PersistentConfig(
"ENABLE_COMMUNITY_SHARING",
"ui.enable_community_sharing",
diff --git a/backend/main.py b/backend/main.py
index a7dd8bc23..7a7efcd5f 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -116,6 +116,7 @@ from config import (
WEBUI_SECRET_KEY,
WEBUI_SESSION_COOKIE_SAME_SITE,
WEBUI_SESSION_COOKIE_SECURE,
+ ENABLE_ADMIN_CHAT_ACCESS,
AppConfig,
)
@@ -2001,6 +2002,7 @@ async def get_app_config():
"enable_image_generation": images_app.state.config.ENABLED,
"enable_community_sharing": webui_app.state.config.ENABLE_COMMUNITY_SHARING,
"enable_admin_export": ENABLE_ADMIN_EXPORT,
+ "enable_admin_chat_access": ENABLE_ADMIN_CHAT_ACCESS,
},
"audio": {
"tts": {
diff --git a/src/lib/stores/index.ts b/src/lib/stores/index.ts
index 1b0257c4b..5874ce456 100644
--- a/src/lib/stores/index.ts
+++ b/src/lib/stores/index.ts
@@ -149,6 +149,7 @@ type Config = {
enable_web_search?: boolean;
enable_image_generation: boolean;
enable_admin_export: boolean;
+ enable_admin_chat_access: boolean;
enable_community_sharing: boolean;
};
oauth: {
diff --git a/src/routes/(app)/admin/+page.svelte b/src/routes/(app)/admin/+page.svelte
index 26375c9c3..3387e2746 100644
--- a/src/routes/(app)/admin/+page.svelte
+++ b/src/routes/(app)/admin/+page.svelte
@@ -307,7 +307,7 @@
<td class="px-3 py-2 text-right">
<div class="flex justify-end w-full">
- {#if user.role !== 'admin'}
+ {#if $config.features.enable_admin_chat_access && user.role !== 'admin'}
<Tooltip content={$i18n.t('Chats')}>
<button
class="self-center w-fit text-sm px-2 py-2 hover:bg-black/5 dark:hover:bg-white/5 rounded-xl"