mirror of
https://github.com/open-webui/open-webui
synced 2024-12-29 15:25:29 +00:00
enh: BYPASS_MODEL_ACCESS_CONTROL
This commit is contained in:
parent
460992613f
commit
59c3a18118
@ -24,6 +24,7 @@ from open_webui.config import (
|
|||||||
from open_webui.env import (
|
from open_webui.env import (
|
||||||
AIOHTTP_CLIENT_TIMEOUT,
|
AIOHTTP_CLIENT_TIMEOUT,
|
||||||
AIOHTTP_CLIENT_TIMEOUT_OPENAI_MODEL_LIST,
|
AIOHTTP_CLIENT_TIMEOUT_OPENAI_MODEL_LIST,
|
||||||
|
BYPASS_MODEL_ACCESS_CONTROL,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
@ -359,7 +360,7 @@ async def get_ollama_tags(
|
|||||||
detail=error_detail,
|
detail=error_detail,
|
||||||
)
|
)
|
||||||
|
|
||||||
if user.role == "user":
|
if user.role == "user" and not BYPASS_MODEL_ACCESS_CONTROL:
|
||||||
# Filter models based on user access control
|
# Filter models based on user access control
|
||||||
filtered_models = []
|
filtered_models = []
|
||||||
for model in models.get("models", []):
|
for model in models.get("models", []):
|
||||||
@ -1067,7 +1068,7 @@ async def generate_openai_chat_completion(
|
|||||||
payload = apply_model_system_prompt_to_body(params, payload, user)
|
payload = apply_model_system_prompt_to_body(params, payload, user)
|
||||||
|
|
||||||
# Check if user has access to the model
|
# Check if user has access to the model
|
||||||
if user.role == "user":
|
if user.role == "user" and not BYPASS_MODEL_ACCESS_CONTROL:
|
||||||
if not (
|
if not (
|
||||||
user.id == model_info.user_id
|
user.id == model_info.user_id
|
||||||
or has_access(
|
or has_access(
|
||||||
@ -1156,7 +1157,7 @@ async def get_openai_models(
|
|||||||
detail=error_detail,
|
detail=error_detail,
|
||||||
)
|
)
|
||||||
|
|
||||||
if user.role == "user":
|
if user.role == "user" and not BYPASS_MODEL_ACCESS_CONTROL:
|
||||||
# Filter models based on user access control
|
# Filter models based on user access control
|
||||||
filtered_models = []
|
filtered_models = []
|
||||||
for model in models:
|
for model in models:
|
||||||
|
@ -24,6 +24,7 @@ from open_webui.env import (
|
|||||||
AIOHTTP_CLIENT_TIMEOUT,
|
AIOHTTP_CLIENT_TIMEOUT,
|
||||||
AIOHTTP_CLIENT_TIMEOUT_OPENAI_MODEL_LIST,
|
AIOHTTP_CLIENT_TIMEOUT_OPENAI_MODEL_LIST,
|
||||||
ENABLE_FORWARD_USER_INFO_HEADERS,
|
ENABLE_FORWARD_USER_INFO_HEADERS,
|
||||||
|
BYPASS_MODEL_ACCESS_CONTROL,
|
||||||
)
|
)
|
||||||
|
|
||||||
from open_webui.constants import ERROR_MESSAGES
|
from open_webui.constants import ERROR_MESSAGES
|
||||||
@ -422,7 +423,7 @@ async def get_models(url_idx: Optional[int] = None, user=Depends(get_verified_us
|
|||||||
error_detail = f"Unexpected error: {str(e)}"
|
error_detail = f"Unexpected error: {str(e)}"
|
||||||
raise HTTPException(status_code=500, detail=error_detail)
|
raise HTTPException(status_code=500, detail=error_detail)
|
||||||
|
|
||||||
if user.role == "user":
|
if user.role == "user" and not BYPASS_MODEL_ACCESS_CONTROL:
|
||||||
# Filter models based on user access control
|
# Filter models based on user access control
|
||||||
filtered_models = []
|
filtered_models = []
|
||||||
for model in models.get("data", []):
|
for model in models.get("data", []):
|
||||||
|
@ -702,6 +702,7 @@ ENABLE_LOGIN_FORM = PersistentConfig(
|
|||||||
os.environ.get("ENABLE_LOGIN_FORM", "True").lower() == "true",
|
os.environ.get("ENABLE_LOGIN_FORM", "True").lower() == "true",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
DEFAULT_LOCALE = PersistentConfig(
|
DEFAULT_LOCALE = PersistentConfig(
|
||||||
"DEFAULT_LOCALE",
|
"DEFAULT_LOCALE",
|
||||||
"ui.default_locale",
|
"ui.default_locale",
|
||||||
@ -758,7 +759,6 @@ DEFAULT_USER_ROLE = PersistentConfig(
|
|||||||
os.getenv("DEFAULT_USER_ROLE", "pending"),
|
os.getenv("DEFAULT_USER_ROLE", "pending"),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
USER_PERMISSIONS_WORKSPACE_MODELS_ACCESS = (
|
USER_PERMISSIONS_WORKSPACE_MODELS_ACCESS = (
|
||||||
os.environ.get("USER_PERMISSIONS_WORKSPACE_MODELS_ACCESS", "False").lower()
|
os.environ.get("USER_PERMISSIONS_WORKSPACE_MODELS_ACCESS", "False").lower()
|
||||||
== "true"
|
== "true"
|
||||||
|
@ -329,6 +329,9 @@ WEBUI_AUTH_TRUSTED_EMAIL_HEADER = os.environ.get(
|
|||||||
)
|
)
|
||||||
WEBUI_AUTH_TRUSTED_NAME_HEADER = os.environ.get("WEBUI_AUTH_TRUSTED_NAME_HEADER", None)
|
WEBUI_AUTH_TRUSTED_NAME_HEADER = os.environ.get("WEBUI_AUTH_TRUSTED_NAME_HEADER", None)
|
||||||
|
|
||||||
|
BYPASS_MODEL_ACCESS_CONTROL = (
|
||||||
|
os.environ.get("BYPASS_MODEL_ACCESS_CONTROL", "False").lower() == "true"
|
||||||
|
)
|
||||||
|
|
||||||
####################################
|
####################################
|
||||||
# WEBUI_SECRET_KEY
|
# WEBUI_SECRET_KEY
|
||||||
|
@ -112,6 +112,7 @@ from open_webui.env import (
|
|||||||
WEBUI_SESSION_COOKIE_SAME_SITE,
|
WEBUI_SESSION_COOKIE_SAME_SITE,
|
||||||
WEBUI_SESSION_COOKIE_SECURE,
|
WEBUI_SESSION_COOKIE_SECURE,
|
||||||
WEBUI_URL,
|
WEBUI_URL,
|
||||||
|
BYPASS_MODEL_ACCESS_CONTROL,
|
||||||
RESET_CONFIG_ON_START,
|
RESET_CONFIG_ON_START,
|
||||||
OFFLINE_MODE,
|
OFFLINE_MODE,
|
||||||
)
|
)
|
||||||
@ -621,7 +622,7 @@ class ChatCompletionMiddleware(BaseHTTPMiddleware):
|
|||||||
)
|
)
|
||||||
|
|
||||||
model_info = Models.get_model_by_id(model["id"])
|
model_info = Models.get_model_by_id(model["id"])
|
||||||
if user.role == "user":
|
if user.role == "user" and not BYPASS_MODEL_ACCESS_CONTROL:
|
||||||
if model.get("arena"):
|
if model.get("arena"):
|
||||||
if not has_access(
|
if not has_access(
|
||||||
user.id,
|
user.id,
|
||||||
@ -1224,7 +1225,7 @@ async def get_models(user=Depends(get_verified_user)):
|
|||||||
)
|
)
|
||||||
|
|
||||||
# Filter out models that the user does not have access to
|
# Filter out models that the user does not have access to
|
||||||
if user.role == "user":
|
if user.role == "user" and not BYPASS_MODEL_ACCESS_CONTROL:
|
||||||
filtered_models = []
|
filtered_models = []
|
||||||
for model in models:
|
for model in models:
|
||||||
if model.get("arena"):
|
if model.get("arena"):
|
||||||
|
Loading…
Reference in New Issue
Block a user