diff --git a/backend/open_webui/routers/channels.py b/backend/open_webui/routers/channels.py index 7f4b347bef..0e2ac1ecc1 100644 --- a/backend/open_webui/routers/channels.py +++ b/backend/open_webui/routers/channels.py @@ -22,6 +22,7 @@ from open_webui.models.users import ( UserListResponse, UserModelResponse, Users, + UserModel, UserNameResponse, ) @@ -80,13 +81,22 @@ router = APIRouter() ############################ -def check_channels_access(request: Request): +def check_channels_access(request: Request, user=Optional[UserModel] = None): """Dependency to ensure channels are globally enabled.""" if not request.app.state.config.ENABLE_CHANNELS: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="Channels are not enabled", ) + + if user: + if user.role != "admin" and not has_permission( + user.id, "features.channels", request.app.state.config.USER_PERMISSIONS + ): + raise HTTPException( + status_code=status.HTTP_401_UNAUTHORIZED, + detail=ERROR_MESSAGES.UNAUTHORIZED, + ) ############################ @@ -355,7 +365,7 @@ async def get_channel_by_id( user=Depends(get_verified_user), db: Session = Depends(get_session), ): - check_channels_access(request) + check_channels_access(request, user) channel = Channels.get_channel_by_id(id, db=db) if not channel: raise HTTPException( @@ -467,7 +477,7 @@ async def get_channel_members_by_id( user=Depends(get_verified_user), db: Session = Depends(get_session), ): - check_channels_access(request) + check_channels_access(request, user) channel = Channels.get_channel_by_id(id, db=db) if not channel: @@ -788,7 +798,7 @@ async def get_channel_messages( user=Depends(get_verified_user), db: Session = Depends(get_session), ): - check_channels_access(request) + check_channels_access(request, user) channel = Channels.get_channel_by_id(id, db=db) if not channel: raise HTTPException(