From f44b7a01f5b854f47c1594a1ab5f72096f736262 Mon Sep 17 00:00:00 2001 From: Timothy Jaeryang Baek Date: Fri, 17 Apr 2026 13:59:46 +0900 Subject: [PATCH] refac --- backend/open_webui/retrieval/utils.py | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/backend/open_webui/retrieval/utils.py b/backend/open_webui/retrieval/utils.py index 721d7263a4..07c1ae5210 100644 --- a/backend/open_webui/retrieval/utils.py +++ b/backend/open_webui/retrieval/utils.py @@ -939,12 +939,16 @@ async def filter_accessible_collections( ) -> set[str]: """ Return only the collection names the user is allowed to access. - Admins bypass all checks. For non-admins: + Admins bypass all checks. For non-admins the policy is: + - file-* → validated via has_access_to_file - user-memory-* → must match user's own memory collection - - knowledge-bases → always denied (meta-collection) - - known KB ids → validated via Knowledges.check_access_by_user_id - - everything else → allowed (ephemeral collections like web-search-*) + - web-search-* → ephemeral per-query collections, always allowed + - knowledge-bases → always denied (system meta-collection) + - everything else → if the name matches a knowledge base, validated + via Knowledges.check_access_by_user_id; if no + such KB exists, the name is treated as an + ephemeral/legacy collection and allowed """ if user.role == 'admin': return collection_names @@ -952,6 +956,7 @@ async def filter_accessible_collections( validated = set() for name in collection_names: if name == 'knowledge-bases': + # System meta-collection — never exposed to non-admins. continue elif name.startswith('file-'): file_id = name[len('file-'):] @@ -960,12 +965,20 @@ async def filter_accessible_collections( elif name.startswith('user-memory-'): if name == f'user-memory-{user.id}': validated.add(name) + elif name.startswith('web-search-'): + # Ephemeral collections created by process_web_search — safe + # to allow because they contain only transient web-search + # results scoped to the requesting user's session. + validated.add(name) else: - # May be a knowledge-base ID or an ephemeral collection + # May be a knowledge-base ID or a legacy/ephemeral collection. + # If it IS a KB, enforce access control. If no such KB + # exists, treat it as a non-sensitive collection (e.g. legacy + # model knowledge, process_text SHA256 collections) and allow. if await Knowledges.check_access_by_user_id(name, user.id, permission=access_type): validated.add(name) elif not await Knowledges.get_knowledge_by_id(name): - # Not a KB at all — ephemeral collection (e.g. web-search-*), allow + # Not a KB at all — legacy/ephemeral collection, allow validated.add(name) return validated