enh: validate user id before saving group

backend/open_webui/models/groups.py

@@ -85,7 +85,6 @@ class GroupForm(BaseModel):
 
 class GroupUpdateForm(GroupForm):
     user_ids: Optional[list[str]] = None
-    admin_ids: Optional[list[str]] = None
 
 
 class GroupTable:

backend/open_webui/models/users.py

@@ -300,5 +300,10 @@ class UsersTable:
         except Exception:
             return None
 
+    def get_valid_user_ids(self, user_ids: list[str]) -> list[str]:
+        with get_db() as db:
+            users = db.query(User).filter(User.id.in_(user_ids)).all()
+            return [user.id for user in users]
+
 
 Users = UsersTable()

backend/open_webui/routers/groups.py

@@ -2,6 +2,8 @@ import os
 from pathlib import Path
 from typing import Optional
 
+
+from open_webui.models.users import Users
 from open_webui.models.groups import (
     Groups,
     GroupForm,
@@ -80,6 +82,9 @@ async def update_group_by_id(
     id: str, form_data: GroupUpdateForm, user=Depends(get_admin_user)
 ):
     try:
+        if form_data.user_ids:
+            form_data.user_ids = Users.get_valid_user_ids(form_data.user_ids)
+
         group = Groups.update_group_by_id(id, form_data)
         if group:
             return group