UniqAI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-03-04 11:29:59 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

fix: model update access

Browse Source
This commit is contained in:
Timothy Jaeryang Baek 2025-01-23 10:40:49 -08:00
parent 8fc5532e2f
commit dd6de749d5
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
backend/open_webui/routers/models.py
View File

@ -155,6 +155,16 @@ async def update_model_by_id(
detail=ERROR_MESSAGES.NOT_FOUND, detail=ERROR_MESSAGES.NOT_FOUND,
) )
if (
model.user_id != user.id
and not has_access(user.id, "write", model.access_control)
and user.role != "admin"
):
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
)
model = Models.update_model_by_id(id, form_data) model = Models.update_model_by_id(id, form_data)
return model return model