[PR #13480] [CLOSED] feat: Add Playground Access Control - Permission Setting #10007

New Issue

GiteaMirror · 2025-11-11T18:37:00-06:00

GiteaMirror commented

2025-11-11 18:37:00 -06:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/13480
Author: @Classic298
Created: 5/4/2025
Status: ❌ Closed

Base: dev ← Head: dev

📝 Commits (10+)

865b5bd Update users.py
50575a2 Update users.py
02fb149 Update translation.json
75fbb87 Update translation.json
eaa9ff7 Update translation.json
c71e444 Update translation.json
08220a1 Update translation.json
00969f0 Update translation.json
bbcba47 Update translation.json
6bcacff Update translation.json

📊 Changes

62 files changed (+157 additions, -67 deletions)

View changed files

📝 backend/open_webui/config.py (+8 -1)
📝 backend/open_webui/routers/users.py (+1 -0)
📝 src/lib/components/admin/Users/Groups.svelte (+1 -0)
📝 src/lib/components/admin/Users/Groups/EditGroupModal.svelte (+2 -1)
📝 src/lib/components/admin/Users/Groups/Permissions.svelte (+10 -0)
📝 src/lib/components/layout/Sidebar/UserMenu.svelte (+3 -2)
📝 src/lib/components/playground/Chat.svelte (+1 -1)
📝 src/lib/components/playground/Completions.svelte (+1 -1)
📝 src/lib/i18n/locales/ar-BH/translation.json (+1 -0)
📝 src/lib/i18n/locales/ar/translation.json (+1 -0)
📝 src/lib/i18n/locales/bg-BG/translation.json (+1 -0)
📝 src/lib/i18n/locales/bn-BD/translation.json (+1 -0)
📝 src/lib/i18n/locales/bo-TB/translation.json (+1 -0)
📝 src/lib/i18n/locales/ca-ES/translation.json (+1 -0)
📝 src/lib/i18n/locales/ceb-PH/translation.json (+1 -0)
📝 src/lib/i18n/locales/cs-CZ/translation.json (+1 -0)
📝 src/lib/i18n/locales/da-DK/translation.json (+1 -0)
📝 src/lib/i18n/locales/de-DE/translation.json (+1 -0)
📝 src/lib/i18n/locales/dg-DG/translation.json (+1 -0)
📝 src/lib/i18n/locales/el-GR/translation.json (+1 -0)

...and 42 more files

📄 Description

Pull Request Checklist

Before submitting, make sure you've checked the following:

Target branch: Please verify that the pull request targets the dev branch.
Description: Provide a concise description of the changes made in this pull request.
Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
Documentation: Have you updated relevant documentation Open WebUI Docs, or other documentation sources? (Note: Documentation for the new permission setting in the Admin Panel might be needed)
Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation? (No new dependencies added)
Testing: Have you written and run sufficient tests to validate the changes? (Manual testing steps outlined below)
Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
Prefix: To clearly categorize this pull request, prefix the pull request title using one of the following:
- feat: Introduces a new feature or enhancement to the codebase

feat: Add Playground Access Control

Description

Related issues / discussions:

This PR introduces a new permission setting, playground_access, under "Features Permissions" to control user access to the Playground feature (/playground). Administrators can now manage this access instance-wide via Default Permissions or on a per-group basis within the Admin Panel.

By default, Playground access is disabled (false) for non-admin users but can be enabled via these new settings. Administrators always retain access to the Playground regardless of the permission setting.

Changelog Entry

Added

New permission key playground_access to the features section of user permissions.
New environment variable USER_PERMISSIONS_FEATURES_PLAYGROUND_ACCESS to configure the default value for playground_access (defaults to False).
- Documentation for environment variable can be found here: https://github.com/open-webui/docs/pull/523
UI Switch for "Playground Access" in the Admin Panel under "Users -> Groups -> Edit/Default Permissions -> Features Permissions" (src/lib/components/admin/Users/Groups/Permissions.svelte).
Access control guard to the Playground layout (src/routes/(app)/playground/+layout.svelte) checking for admin role or playground_access permission.
New i18n key "Playground Access" added, with German translation provided.

Changed

The Playground link in the user menu (src/lib/components/layout/Sidebar/UserMenu.svelte) is now conditionally displayed based on admin role or playground_access permission.
Backend configuration (backend/open_webui/config.py) updated to include and process the USER_PERMISSIONS_FEATURES_PLAYGROUND_ACCESS variable and add playground_access to DEFAULT_USER_PERMISSIONS.
Backend default permissions endpoint (backend/open_webui/routers/users.py) updated via Pydantic model (FeaturesPermissions) to include playground_access.
Default permission structures within relevant frontend components (Permissions.svelte, EditGroupModal.svelte, Groups.svelte) updated to include playground_access.

Security

Added role-based and permission-based access control to the /playground routes.

Additional Information

Admin Access: Users with the admin role will always have access to the Playground, irrespective of the playground_access permission setting.
Testing: Manual testing verified:
1. Admins always see the link and can access /playground.
2. Default users without permission cannot see the link and are redirected from /playground to the homepage '/'.
3. Enabling the permission grants access to non-admin users.
4. Disabling the permission revokes access again.
Documentation: Environment Variable Documentation here: (https://github.com/open-webui/docs/pull/523)

Screenshots or Videos

Please excuse the poor video quality and the suboptimal presentation, but the video does showcase how it works and that it works:

https://github.com/user-attachments/assets/9b865f16-2beb-4442-ab9b-cfb7935181d0

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the CONTRIBUTOR_LICENSE_AGREEMENT, and I am providing my contributions under its terms.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/13480 **Author:** [@Classic298](https://github.com/Classic298) **Created:** 5/4/2025 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `dev` --- ### 📝 Commits (10+) - [`865b5bd`](https://github.com/open-webui/open-webui/commit/865b5bdbcb51e9170b5c11bb1aaa198477a36529) Update users.py - [`50575a2`](https://github.com/open-webui/open-webui/commit/50575a261e63cda87b979b442be84b6d26c1b65c) Update users.py - [`02fb149`](https://github.com/open-webui/open-webui/commit/02fb14917ff79f1be7731fff9b78d6109f03bb97) Update translation.json - [`75fbb87`](https://github.com/open-webui/open-webui/commit/75fbb8787f553a2e18651584ca351a097832e269) Update translation.json - [`eaa9ff7`](https://github.com/open-webui/open-webui/commit/eaa9ff75b8eaa7e22d5c1f46798d7d9684d081b1) Update translation.json - [`c71e444`](https://github.com/open-webui/open-webui/commit/c71e44463bce12df3104a64b6b08c26d661adf29) Update translation.json - [`08220a1`](https://github.com/open-webui/open-webui/commit/08220a10acbdc3ce77d25f2c4cd79d8f93ec0869) Update translation.json - [`00969f0`](https://github.com/open-webui/open-webui/commit/00969f09694864a5fa3c47d5bcf933a8ecc0dc45) Update translation.json - [`bbcba47`](https://github.com/open-webui/open-webui/commit/bbcba47f6197e8af782c415191f7d19d96bca796) Update translation.json - [`6bcacff`](https://github.com/open-webui/open-webui/commit/6bcacff944e1049f2bc2ccfe94d55645f89bfcc2) Update translation.json ### 📊 Changes **62 files changed** (+157 additions, -67 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/config.py` (+8 -1) 📝 `backend/open_webui/routers/users.py` (+1 -0) 📝 `src/lib/components/admin/Users/Groups.svelte` (+1 -0) 📝 `src/lib/components/admin/Users/Groups/EditGroupModal.svelte` (+2 -1) 📝 `src/lib/components/admin/Users/Groups/Permissions.svelte` (+10 -0) 📝 `src/lib/components/layout/Sidebar/UserMenu.svelte` (+3 -2) 📝 `src/lib/components/playground/Chat.svelte` (+1 -1) 📝 `src/lib/components/playground/Completions.svelte` (+1 -1) 📝 `src/lib/i18n/locales/ar-BH/translation.json` (+1 -0) 📝 `src/lib/i18n/locales/ar/translation.json` (+1 -0) 📝 `src/lib/i18n/locales/bg-BG/translation.json` (+1 -0) 📝 `src/lib/i18n/locales/bn-BD/translation.json` (+1 -0) 📝 `src/lib/i18n/locales/bo-TB/translation.json` (+1 -0) 📝 `src/lib/i18n/locales/ca-ES/translation.json` (+1 -0) 📝 `src/lib/i18n/locales/ceb-PH/translation.json` (+1 -0) 📝 `src/lib/i18n/locales/cs-CZ/translation.json` (+1 -0) 📝 `src/lib/i18n/locales/da-DK/translation.json` (+1 -0) 📝 `src/lib/i18n/locales/de-DE/translation.json` (+1 -0) 📝 `src/lib/i18n/locales/dg-DG/translation.json` (+1 -0) 📝 `src/lib/i18n/locales/el-GR/translation.json` (+1 -0) _...and 42 more files_ </details> ### 📄 Description # Pull Request Checklist **Before submitting, make sure you've checked the following:** - [x] **Target branch:** Please verify that the pull request targets the `dev` branch. - [x] **Description:** Provide a concise description of the changes made in this pull request. - [x] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [X] **Documentation:** Have you updated relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs), or other documentation sources? *(Note: Documentation for the new permission setting in the Admin Panel might be needed)* - [x] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? *(No new dependencies added)* - [x] **Testing:** Have you written and run sufficient tests to validate the changes? *(Manual testing steps outlined below)* - [x] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? - [x] **Prefix:** To clearly categorize this pull request, prefix the pull request title using one of the following: - **feat**: Introduces a new feature or enhancement to the codebase --- # feat: Add Playground Access Control ## Description Related issues / discussions: - https://github.com/open-webui/open-webui/discussions/12936 - https://github.com/open-webui/open-webui/discussions/3572 - https://github.com/open-webui/open-webui/issues/4816 This PR introduces a new permission setting, `playground_access`, under "Features Permissions" to control user access to the Playground feature (`/playground`). Administrators can now manage this access instance-wide via Default Permissions or on a per-group basis within the Admin Panel. By default, Playground access is disabled (`false`) for non-admin users but can be enabled via these new settings. Administrators always retain access to the Playground regardless of the permission setting. --- # Changelog Entry ## Added - New permission key `playground_access` to the `features` section of user permissions. - New environment variable `USER_PERMISSIONS_FEATURES_PLAYGROUND_ACCESS` to configure the default value for `playground_access` (defaults to `False`). - Documentation for environment variable can be found here: https://github.com/open-webui/docs/pull/523 - UI Switch for "Playground Access" in the Admin Panel under "Users -> Groups -> Edit/Default Permissions -> Features Permissions" (`src/lib/components/admin/Users/Groups/Permissions.svelte`). - Access control guard to the Playground layout (`src/routes/(app)/playground/+layout.svelte`) checking for admin role or `playground_access` permission. - New i18n key `"Playground Access"` added, with German translation provided. ## Changed - The Playground link in the user menu (`src/lib/components/layout/Sidebar/UserMenu.svelte`) is now conditionally displayed based on admin role or `playground_access` permission. - Backend configuration (`backend/open_webui/config.py`) updated to include and process the `USER_PERMISSIONS_FEATURES_PLAYGROUND_ACCESS` variable and add `playground_access` to `DEFAULT_USER_PERMISSIONS`. - Backend default permissions endpoint (`backend/open_webui/routers/users.py`) updated via Pydantic model (`FeaturesPermissions`) to include `playground_access`. - Default permission structures within relevant frontend components (`Permissions.svelte`, `EditGroupModal.svelte`, `Groups.svelte`) updated to include `playground_access`. ## Security - Added role-based and permission-based access control to the `/playground` routes. --- ## Additional Information - **Admin Access:** Users with the `admin` role will *always* have access to the Playground, irrespective of the `playground_access` permission setting. - **Testing:** Manual testing verified: 1. Admins always see the link and can access `/playground`. 2. Default users without permission cannot see the link and are redirected from `/playground` to the homepage '/'. 3. Enabling the permission grants access to non-admin users. 4. Disabling the permission revokes access again. - **Documentation:** Environment Variable Documentation here: (https://github.com/open-webui/docs/pull/523) ## Screenshots or Videos Please excuse the poor video quality and the suboptimal presentation, but the video does showcase how it works and that it works: https://github.com/user-attachments/assets/9b865f16-2beb-4442-ab9b-cfb7935181d0 ## Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the [CONTRIBUTOR_LICENSE_AGREEMENT](CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2025-11-11 18:37:00 -06:00

GiteaMirror closed this issue

2025-11-11 18:37:00 -06:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#10007