Mirrors/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-16 03:47:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

refac: user permissions validation

Browse Source
This commit is contained in:
Timothy Jaeryang Baek
2024-11-17 03:04:31 -08:00
parent fbdda55564
commit 37f19f68eb
4 changed files with 42 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/open_webui/apps/webui/routers/tools.py
View File

@@ -9,7 +9,7 @@ from open_webui.constants import ERROR_MESSAGES
from fastapi import APIRouter, Depends, HTTPException, Request, status
from open_webui.utils.tools import get_tools_specs
from open_webui.utils.utils import get_admin_user, get_verified_user
from open_webui.utils.access_control import has_access
from open_webui.utils.access_control import has_access, has_permission
router = APIRouter()
@@ -64,6 +64,14 @@ async def create_new_tools(
form_data: ToolForm,
user=Depends(get_verified_user),
):
if user.role != "admin" and not has_permission(
user.id, "workspace.knowledge", request.app.state.config.USER_PERMISSIONS
):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.UNAUTHORIZED,
)
if not form_data.id.isidentifier():
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,