refac

backend/open_webui/routers/retrieval.py

@@ -2592,17 +2592,15 @@ async def query_collection_handler(
                     )
             elif collection_name.startswith("file-"):
                 file_id = collection_name[len("file-") :]
-                file = Files.get_file_by_id(file_id)
-                if file and file.user_id != user.id:
-                    if not has_access_to_file(
-                        file_id=file_id,
-                        access_type="read",
-                        user=user,
-                    ):
-                        raise HTTPException(
-                            status_code=status.HTTP_403_FORBIDDEN,
-                            detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
-                        )
+                if not has_access_to_file(
+                    file_id=file_id,
+                    access_type="read",
+                    user=user,
+                ):
+                    raise HTTPException(
+                        status_code=status.HTTP_403_FORBIDDEN,
+                        detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
+                    )
 
     try:
         if request.app.state.config.ENABLE_RAG_HYBRID_SEARCH and (

backend/open_webui/socket/main.py

@@ -804,7 +804,7 @@ def get_event_emitter(request_info, update_db=True):
                     Chats.add_message_status_to_chat_by_id_and_message_id,
                     request_info["chat_id"],
                     request_info["message_id"],
-                    status_data,
+                    event_data.get("data", {}),
                 )
 
             elif event_type == "message":

backend/open_webui/utils/access_control/files.py

@@ -32,6 +32,10 @@ def has_access_to_file(
     if not file:
         return False
 
+    # Direct ownership
+    if file.user_id == user.id:
+        return True
+
     # Check if the file is associated with any knowledge bases the user has access to
     knowledge_bases = Knowledges.get_knowledges_by_file_id(file_id, db=db)
     user_group_ids = {