From 6b5643c78666f511af86a9018b0de55caa7d906f Mon Sep 17 00:00:00 2001
From: Classic298 <27028174+Classic298@users.noreply.github.com>
Date: Mon, 5 Jan 2026 01:45:48 +0100
Subject: [PATCH] feat: Add read-only access support for Knowledge Bases
 (#20371)

- Backend: Add BYPASS_ADMIN_ACCESS_CONTROL check to write_access calculation
- Frontend: Knowledge already has Read Only badge and disabled inputs
---
 backend/open_webui/routers/knowledge.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/open_webui/routers/knowledge.py b/backend/open_webui/routers/knowledge.py
index aa85e59f20..5d2167c2cd 100644
--- a/backend/open_webui/routers/knowledge.py
+++ b/backend/open_webui/routers/knowledge.py
@@ -81,6 +81,7 @@ async def get_knowledge_bases(
                 **knowledge_base.model_dump(),
                 write_access=(
                     user.id == knowledge_base.user_id
+                    or (user.role == "admin" and BYPASS_ADMIN_ACCESS_CONTROL)
                     or has_access(
                         user.id, "write", knowledge_base.access_control, db=db
                     )
@@ -127,6 +128,7 @@ async def search_knowledge_bases(
                 **knowledge_base.model_dump(),
                 write_access=(
                     user.id == knowledge_base.user_id
+                    or (user.role == "admin" and BYPASS_ADMIN_ACCESS_CONTROL)
                     or has_access(
                         user.id, "write", knowledge_base.access_control, db=db
                     )
@@ -303,6 +305,7 @@ async def get_knowledge_by_id(
                 **knowledge.model_dump(),
                 write_access=(
                     user.id == knowledge.user_id
+                    or (user.role == "admin" and BYPASS_ADMIN_ACCESS_CONTROL)
                     or has_access(user.id, "write", knowledge.access_control, db=db)
                 ),
             )