UniqAI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-02-01 07:17:23 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

fix: tools valves access

Browse Source
This commit is contained in:
Timothy Jaeryang Baek 2025-01-23 10:37:44 -08:00
parent 4a2792b4da
commit 8fc5532e2f
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
backend/open_webui/routers/tools.py
View File

@ -309,6 +309,17 @@ async def update_tools_valves_by_id(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.NOT_FOUND,
)
if (
tools.user_id != user.id
and not has_access(user.id, "write", tools.access_control)
and user.role != "admin"
):
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
)
if id in request.app.state.TOOLS:
tools_module = request.app.state.TOOLS[id]
else: