From 93bab8d822996fb29c5ee0406be49d3b4da08eb9 Mon Sep 17 00:00:00 2001
From: Timothy Jaeryang Baek <tim@openwebui.com>
Date: Sun, 1 Mar 2026 13:54:44 -0600
Subject: [PATCH] refac

---
 backend/open_webui/routers/retrieval.py       | 20 +++++++++----------
 backend/open_webui/socket/main.py             |  2 +-
 .../open_webui/utils/access_control/files.py  |  4 ++++
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/backend/open_webui/routers/retrieval.py b/backend/open_webui/routers/retrieval.py
index 5292546285..2d264e5a12 100644
--- a/backend/open_webui/routers/retrieval.py
+++ b/backend/open_webui/routers/retrieval.py
@@ -2592,17 +2592,15 @@ async def query_collection_handler(
                     )
             elif collection_name.startswith("file-"):
                 file_id = collection_name[len("file-") :]
-                file = Files.get_file_by_id(file_id)
-                if file and file.user_id != user.id:
-                    if not has_access_to_file(
-                        file_id=file_id,
-                        access_type="read",
-                        user=user,
-                    ):
-                        raise HTTPException(
-                            status_code=status.HTTP_403_FORBIDDEN,
-                            detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
-                        )
+                if not has_access_to_file(
+                    file_id=file_id,
+                    access_type="read",
+                    user=user,
+                ):
+                    raise HTTPException(
+                        status_code=status.HTTP_403_FORBIDDEN,
+                        detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
+                    )
 
     try:
         if request.app.state.config.ENABLE_RAG_HYBRID_SEARCH and (
diff --git a/backend/open_webui/socket/main.py b/backend/open_webui/socket/main.py
index 8f3b7429da..758b530c92 100644
--- a/backend/open_webui/socket/main.py
+++ b/backend/open_webui/socket/main.py
@@ -804,7 +804,7 @@ def get_event_emitter(request_info, update_db=True):
                     Chats.add_message_status_to_chat_by_id_and_message_id,
                     request_info["chat_id"],
                     request_info["message_id"],
-                    status_data,
+                    event_data.get("data", {}),
                 )
 
             elif event_type == "message":
diff --git a/backend/open_webui/utils/access_control/files.py b/backend/open_webui/utils/access_control/files.py
index b863c404f3..11c06f14ad 100644
--- a/backend/open_webui/utils/access_control/files.py
+++ b/backend/open_webui/utils/access_control/files.py
@@ -32,6 +32,10 @@ def has_access_to_file(
     if not file:
         return False
 
+    # Direct ownership
+    if file.user_id == user.id:
+        return True
+
     # Check if the file is associated with any knowledge bases the user has access to
     knowledge_bases = Knowledges.get_knowledges_by_file_id(file_id, db=db)
     user_group_ids = {