3 月之前 · 751a61a364
--- a/backend/open_webui/routers/knowledge.py
+++ b/backend/open_webui/routers/knowledge.py
@@ -264,7 +264,10 @@ def add_file_to_knowledge_by_id(
 
				             detail=ERROR_MESSAGES.NOT_FOUND,
			
 
				         )
			
 
				 
			
 
				-    if knowledge.user_id != user.id and user.role != "admin":
			
 
				+    if (knowledge.user_id != user.id
			
 
				+        and not has_access(user.id, "write", knowledge.access_control)
			
 
				+        and user.role != "admin"
			
 
				+    ):
			
 
				         raise HTTPException(
			
 
				             status_code=status.HTTP_400_BAD_REQUEST,
			
 
				             detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
			
@@ -342,7 +345,12 @@ def update_file_from_knowledge_by_id(
 
				             detail=ERROR_MESSAGES.NOT_FOUND,
			
 
				         )
			
 
				 
			
 
				-    if knowledge.user_id != user.id and user.role != "admin":
			
 
				+    if (
			
 
				+        knowledge.user_id != user.id
			
 
				+        and not has_access(user.id, "write", knowledge.access_control)
			
 
				+        and user.role != "admin"
			
 
				+        ):
			
 
				+
			
 
				         raise HTTPException(
			
 
				             status_code=status.HTTP_400_BAD_REQUEST,
			
 
				             detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
			
@@ -406,7 +414,11 @@ def remove_file_from_knowledge_by_id(
 
				             detail=ERROR_MESSAGES.NOT_FOUND,
			
 
				         )
			
 
				 
			
 
				-    if knowledge.user_id != user.id and user.role != "admin":
			
 
				+    if (
			
 
				+        knowledge.user_id != user.id
			
 
				+        and not has_access(user.id, "write", knowledge.access_control)
			
 
				+        and user.role != "admin"
			
 
				+        ):
			
 
				         raise HTTPException(
			
 
				             status_code=status.HTTP_400_BAD_REQUEST,
			
 
				             detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
			
@@ -484,7 +496,11 @@ async def delete_knowledge_by_id(id: str, user=Depends(get_verified_user)):
 
				             detail=ERROR_MESSAGES.NOT_FOUND,
			
 
				         )
			
 
				 
			
 
				-    if knowledge.user_id != user.id and user.role != "admin":
			
 
				+    if (
			
 
				+        knowledge.user_id != user.id
			
 
				+        and not has_access(user.id, "write", knowledge.access_control)
			
 
				+        and user.role != "admin"
			
 
				+        ):
			
 
				         raise HTTPException(
			
 
				             status_code=status.HTTP_400_BAD_REQUEST,
			
 
				             detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
			
@@ -543,7 +559,11 @@ async def reset_knowledge_by_id(id: str, user=Depends(get_verified_user)):
 
				             detail=ERROR_MESSAGES.NOT_FOUND,
			
 
				         )
			
 
				 
			
 
				-    if knowledge.user_id != user.id and user.role != "admin":
			
 
				+    if (
			
 
				+        knowledge.user_id != user.id
			
 
				+        and not has_access(user.id, "write", knowledge.access_control)
			
 
				+        and user.role != "admin"
			
 
				+        ):
			
 
				         raise HTTPException(
			
 
				             status_code=status.HTTP_400_BAD_REQUEST,
			
 
				             detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
			
@@ -582,7 +602,11 @@ def add_files_to_knowledge_batch(
 
				             detail=ERROR_MESSAGES.NOT_FOUND,
			
 
				         )
			
 
				 
			
 
				-    if knowledge.user_id != user.id and user.role != "admin":
			
 
				+    if (
			
 
				+        knowledge.user_id != user.id
			
 
				+        and not has_access(user.id, "write", knowledge.access_control)
			
 
				+        and user.role != "admin"
			
 
				+        ):
			
 
				         raise HTTPException(
			
 
				             status_code=status.HTTP_400_BAD_REQUEST,
			
 
				             detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
			
--- a/backend/open_webui/routers/models.py
+++ b/backend/open_webui/routers/models.py
@@ -183,7 +183,11 @@ async def delete_model_by_id(id: str, user=Depends(get_verified_user)):
 
				             detail=ERROR_MESSAGES.NOT_FOUND,
			
 
				         )
			
 
				 
			
 
				-    if model.user_id != user.id and user.role != "admin":
			
 
				+    if (
			
 
				+            user.role == "admin"
			
 
				+            or model.user_id == user.id
			
 
				+            or has_access(user.id, "write", model.access_control)
			
 
				+        ):
			
 
				         raise HTTPException(
			
 
				             status_code=status.HTTP_401_UNAUTHORIZED,
			
 
				             detail=ERROR_MESSAGES.UNAUTHORIZED,
			
--- a/backend/open_webui/routers/prompts.py
+++ b/backend/open_webui/routers/prompts.py
@@ -147,7 +147,11 @@ async def delete_prompt_by_command(command: str, user=Depends(get_verified_user)
 
				             detail=ERROR_MESSAGES.NOT_FOUND,
			
 
				         )
			
 
				 
			
 
				-    if prompt.user_id != user.id and user.role != "admin":
			
 
				+    if (
			
 
				+        prompt.user_id != user.id
			
 
				+        and not has_access(user.id, "write", prompt.access_control)
			
 
				+        and user.role != "admin"
			
 
				+    ):
			
 
				         raise HTTPException(
			
 
				             status_code=status.HTTP_401_UNAUTHORIZED,
			
 
				             detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
			
--- a/backend/open_webui/routers/tools.py
+++ b/backend/open_webui/routers/tools.py
@@ -227,7 +227,11 @@ async def delete_tools_by_id(
 
				             detail=ERROR_MESSAGES.NOT_FOUND,
			
 
				         )
			
 
				 
			
 
				-    if tools.user_id != user.id and user.role != "admin":
			
 
				+    if (
			
 
				+        tools.user_id != user.id
			
 
				+        and not has_access(user.id, "write", tools.access_control)
			
 
				+        and user.role != "admin"
			
 
				+    ):
			
 
				         raise HTTPException(
			
 
				             status_code=status.HTTP_401_UNAUTHORIZED,
			
 
				             detail=ERROR_MESSAGES.UNAUTHORIZED,
			
--- a/src/lib/components/workspace/Knowledge/CreateKnowledgeBase.svelte
+++ b/src/lib/components/workspace/Knowledge/CreateKnowledgeBase.svelte
@@ -112,7 +112,10 @@
 
				 
			
 
				 		<div class="mt-2">
			
 
				 			<div class="px-3 py-2 bg-gray-50 dark:bg-gray-950 rounded-lg">
			
 
				-				<AccessControl bind:accessControl />
			
 
				+				<AccessControl 
			
 
				+				bind:accessControl 
			
 
				+				accessRoles={['read', 'write']}
			
 
				+				/>
			
 
				 			</div>
			
 
				 		</div>
			
 
				 
			
--- a/src/lib/components/workspace/Models/ModelEditor.svelte
+++ b/src/lib/components/workspace/Models/ModelEditor.svelte
@@ -531,7 +531,10 @@
 
				 
			
 
				 					<div class="my-2">
			
 
				 						<div class="px-3 py-2 bg-gray-50 dark:bg-gray-950 rounded-lg">
			
 
				-							<AccessControl bind:accessControl />
			
 
				+							<AccessControl 
			
 
				+							bind:accessControl 
			
 
				+							accessRoles={['read', 'write']}
			
 
				+							/>
			
 
				 						</div>
			
 
				 					</div>