mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-10 12:01:29 -05:00
refac
This commit is contained in:
@@ -1081,21 +1081,30 @@ class OAuthManager:
|
||||
log.debug(f'Accepted user roles: {oauth_allowed_roles}')
|
||||
log.debug(f'Accepted admin roles: {oauth_admin_roles}')
|
||||
|
||||
# If any roles are found, check if they match the allowed or admin roles
|
||||
# If roles are present in the token, they must match; otherwise deny access
|
||||
if oauth_roles:
|
||||
# If role management is enabled, and matching roles are provided, use the roles
|
||||
matched = False
|
||||
for allowed_role in oauth_allowed_roles:
|
||||
# If the user has any of the allowed roles, assign the role "user"
|
||||
if allowed_role in oauth_roles:
|
||||
log.debug('Assigned user the user role')
|
||||
role = 'user'
|
||||
matched = True
|
||||
break
|
||||
for admin_role in oauth_admin_roles:
|
||||
# If the user has any of the admin roles, assign the role "admin"
|
||||
if admin_role in oauth_roles:
|
||||
log.debug('Assigned user the admin role')
|
||||
role = 'admin'
|
||||
matched = True
|
||||
break
|
||||
if not matched:
|
||||
log.warning(
|
||||
f'OAuth role management enabled but user roles do not match any allowed/admin roles. '
|
||||
f'User roles: {oauth_roles}, allowed: {oauth_allowed_roles}, admin: {oauth_admin_roles}'
|
||||
)
|
||||
raise HTTPException(
|
||||
status.HTTP_403_FORBIDDEN,
|
||||
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
|
||||
)
|
||||
else:
|
||||
if not user:
|
||||
# If role management is disabled, use the default role for new users
|
||||
|
||||
Reference in New Issue
Block a user