Adding more checks for write access. Adding accessRoles to Model & Knowledge creation

2025-12-16 03:47:49 +01:00 · 2025-01-27 18:11:52 +00:00
parent 6eb51ab62e
commit 751a61a364
6 changed files with 53 additions and 11 deletions
--- a/backend/open_webui/routers/prompts.py
+++ b/backend/open_webui/routers/prompts.py
@@ -147,7 +147,11 @@ async def delete_prompt_by_command(command: str, user=Depends(get_verified_user)
            detail=ERROR_MESSAGES.NOT_FOUND,
        )

-    if prompt.user_id != user.id and user.role != "admin":
+    if (
+        prompt.user_id != user.id
+        and not has_access(user.id, "write", prompt.access_control)
+        and user.role != "admin"
+    ):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail=ERROR_MESSAGES.ACCESS_PROHIBITED,