diff --git a/backend/open_webui/main.py b/backend/open_webui/main.py index 0c5a4907b0..b615a1264c 100644 --- a/backend/open_webui/main.py +++ b/backend/open_webui/main.py @@ -376,6 +376,7 @@ from open_webui.config import ( RESPONSE_WATERMARK, # Admin ENABLE_ADMIN_CHAT_ACCESS, + ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS, ENABLE_ADMIN_EXPORT, # Tasks TASK_MODEL, @@ -1279,14 +1280,16 @@ async def get_models( ): filtered_models.append(model) continue - + model_info = Models.get_model_by_id(model["id"]) if model_info: - if user.id == model_info.user_id or has_access( - user.id, type="read", access_control=model_info.access_control + if ( + (user.role == "admin" and ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS) + or user.id == model_info.user_id + or has_access(user.id, type="read", access_control=model_info.access_control) ): filtered_models.append(model) - + return filtered_models all_models = await get_all_models(request, refresh=refresh, user=user) @@ -1322,9 +1325,7 @@ async def get_models( ) # Filter out models that the user does not have access to - if not BYPASS_MODEL_ACCESS_CONTROL and ( - user.role != "admin" or not ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS - ): + if (user.role == "user" or (user.role == "admin" and not ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS)) and not BYPASS_MODEL_ACCESS_CONTROL: models = get_filtered_models(models, user) log.debug( diff --git a/backend/open_webui/routers/models.py b/backend/open_webui/routers/models.py index 3d5f6ccf96..e1a5ec1937 100644 --- a/backend/open_webui/routers/models.py +++ b/backend/open_webui/routers/models.py @@ -117,7 +117,7 @@ async def get_model_by_id(id: str, user=Depends(get_verified_user)): model = Models.get_model_by_id(id) if model: if ( - user.role == "admin" + (user.role == "admin" and ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS) or model.user_id == user.id or has_access(user.id, "read", model.access_control) ):