mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 14:39:31 -05:00
[PR #23481] [MERGED] fix: enforce model access control on /responses endpoint #114524
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/23481
Author: @Classic298
Created: 4/7/2026
Status: ✅ Merged
Merged: 4/12/2026
Merged by: @tjbck
Base:
dev← Head:fix/responses-endpoint-access-control📝 Commits (1)
f50b5e4fix: enforce model access control on /responses endpoint📊 Changes
3 files changed (+64 additions, -113 deletions)
View changed files
📝
backend/open_webui/routers/ollama.py(+10 -89)📝
backend/open_webui/routers/openai.py(+10 -24)📝
backend/open_webui/utils/access_control/__init__.py(+44 -0)📄 Description
The /responses proxy endpoint only required authentication via get_verified_user but did not check per-model access grants. This allowed any authenticated user to access any model through this endpoint, bypassing the access control system that generate_chat_completion enforces.
Apply the same access control pattern: check model ownership and AccessGrants for regular users, deny non-admin users when no model_info exists, and respect BYPASS_MODEL_ACCESS_CONTROL.
Contributor License Agreement
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.