From f5df0625e37f05f3eab737016381389125823ea1 Mon Sep 17 00:00:00 2001 From: Timothy Jaeryang Baek Date: Sat, 16 Nov 2024 21:41:34 -0800 Subject: [PATCH] enh: file upload user permission --- backend/open_webui/utils/access_control.py | 7 +++++-- src/lib/components/chat/MessageInput.svelte | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/backend/open_webui/utils/access_control.py b/backend/open_webui/utils/access_control.py index 57ec1f593..270b28bcc 100644 --- a/backend/open_webui/utils/access_control.py +++ b/backend/open_webui/utils/access_control.py @@ -1,10 +1,11 @@ from typing import Optional, Union, List, Dict, Any from open_webui.apps.webui.models.groups import Groups +import json def get_permissions( user_id: str, - default_permissions: Dict[str, Any] = {}, + default_permissions: Dict[str, Any], ) -> Dict[str, Any]: """ Get all permissions for a user by combining the permissions of all groups the user is a member of. @@ -29,7 +30,9 @@ def get_permissions( return permissions user_groups = Groups.get_groups_by_member_id(user_id) - permissions = default_permissions.copy() + + # deep copy default permissions to avoid modifying the original dict + permissions = json.loads(json.dumps(default_permissions)) for group in user_groups: group_permissions = group.permissions diff --git a/src/lib/components/chat/MessageInput.svelte b/src/lib/components/chat/MessageInput.svelte index 8e45d6b5e..62f41b5fe 100644 --- a/src/lib/components/chat/MessageInput.svelte +++ b/src/lib/components/chat/MessageInput.svelte @@ -92,7 +92,7 @@ }; const uploadFileHandler = async (file) => { - if (!($user?.permissions?.chat?.file_upload ?? true)) { + if ($user?.role !== 'admin' && !($_user?.permissions?.chat?.file_upload ?? true)) { toast.error($i18n.t('You do not have permission to upload files.')); return null; }