[PR #24860] [CLOSED] feat: add admin.analytics permission for analytics-only access #115202

Closed
opened 2026-05-18 16:09:15 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/24860
Author: @guility
Created: 5/18/2026
Status: Closed

Base: devHead: feat/admin-analytics-access


📝 Commits (1)

  • c2768d7 feat: add admin.analytics permission for analytics-only admin access

📊 Changes

27 files changed (+876 additions, -63 deletions)

View changed files

📝 backend/open_webui/config.py (+7 -0)
📝 backend/open_webui/main.py (+10 -0)
backend/open_webui/migrations/versions/f8a9b0c1d2e3_add_admin_analytics_permissions.py (+121 -0)
📝 backend/open_webui/models/users.py (+1 -0)
📝 backend/open_webui/routers/analytics.py (+9 -9)
📝 backend/open_webui/routers/users.py (+30 -2)
backend/open_webui/test/conftest.py (+15 -0)
backend/open_webui/test/migrations/test_admin_analytics_permissions_migration.py (+68 -0)
backend/open_webui/test/util/test_access_control_admin_analytics.py (+187 -0)
backend/open_webui/test/util/test_analytics_api_integration.py (+99 -0)
backend/open_webui/test/util/test_auth_analytics.py (+52 -0)
📝 backend/open_webui/utils/access_control/__init__.py (+37 -4)
📝 backend/open_webui/utils/auth.py (+26 -1)
pytest.ini (+9 -0)
📝 src/lib/apis/users/index.ts (+7 -1)
📝 src/lib/components/admin/Analytics.svelte (+3 -1)
📝 src/lib/components/admin/Users/Groups/EditGroupModal.svelte (+2 -1)
📝 src/lib/components/admin/Users/Groups/Permissions.svelte (+24 -1)
📝 src/lib/components/admin/Users/UserList/EditUserModal.svelte (+21 -1)
📝 src/lib/components/layout/Sidebar/UserMenu.svelte (+7 -4)

...and 7 more files

📄 Description

# Pull Request Checklist

Before submitting, make sure you've checked the following:

  • Linked Issue/Discussion: Relates to community feature request for analytics-only admin access (discussion to be linked after creation).
  • Target branch: The pull request targets the dev branch.
  • Description: A concise description of the changes is provided below.
  • Changelog: A changelog entry following Keep a Changelog format is included at the bottom.
  • Documentation: Relevant documentation has been added or updated in the Open WebUI Docs Repository.
  • Dependencies: No new runtime dependencies.
  • Testing: Manual tests performed (analytics-only user, full admin, API permission checks).
  • No Unchecked AI Code: Human-reviewed and manually tested.
  • Self-Review: Self-review completed.
  • Architecture: Uses existing permissions system; no new global settings.
  • Git Hygiene: Atomic change, based on dev.
  • Title Prefix: feat

Changelog Entry

Description

  • Add admin.analytics permission so users can access the Analytics admin tab without full administrator role.
  • Preserves backward compatibility: default is false; admins always retain analytics access.

Added

  • admin.analytics permission in backend access control, API guard (get_analytics_user), and frontend UI (user edit modal, group permissions, admin layout, user menu).
  • Alembic migration to add admin.analytics key to stored default permissions and existing groups.
  • Unit tests for access control, auth dependency, and migration.

Changed

  • Analytics router endpoints use get_analytics_user instead of get_admin_user.
  • Analytics.svelte checks hasAnalyticsAccess instead of role === 'admin'.
  • Analytics-only users see a single Analytics tab; /admin/settings redirects to /admin/analytics.

Fixed

  • Race on direct /admin/* navigation before session user loads.
  • Analytics page incorrectly redirecting non-admin users with admin.analytics permission.

Breaking Changes

  • None.

Additional Information

  • Replaces closed PR #24859 (missing CLA text in description).

Test plan

  • Admin: Admin Panel with all tabs including Analytics
  • User with admin.analytics only: menu shows Analytics, single tab, settings redirect
  • GET /api/v1/analytics/summary → 200 with permission, 401 without
  • pytest backend/open_webui/test/util/test_auth_analytics.py backend/open_webui/test/util/test_access_control_admin_analytics.py backend/open_webui/test/migrations/

Contributor License Agreement


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/24860 **Author:** [@guility](https://github.com/guility) **Created:** 5/18/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `feat/admin-analytics-access` --- ### 📝 Commits (1) - [`c2768d7`](https://github.com/open-webui/open-webui/commit/c2768d706f4f9771b3332be0723d985b60fb4dcf) feat: add admin.analytics permission for analytics-only admin access ### 📊 Changes **27 files changed** (+876 additions, -63 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/config.py` (+7 -0) 📝 `backend/open_webui/main.py` (+10 -0) ➕ `backend/open_webui/migrations/versions/f8a9b0c1d2e3_add_admin_analytics_permissions.py` (+121 -0) 📝 `backend/open_webui/models/users.py` (+1 -0) 📝 `backend/open_webui/routers/analytics.py` (+9 -9) 📝 `backend/open_webui/routers/users.py` (+30 -2) ➕ `backend/open_webui/test/conftest.py` (+15 -0) ➕ `backend/open_webui/test/migrations/test_admin_analytics_permissions_migration.py` (+68 -0) ➕ `backend/open_webui/test/util/test_access_control_admin_analytics.py` (+187 -0) ➕ `backend/open_webui/test/util/test_analytics_api_integration.py` (+99 -0) ➕ `backend/open_webui/test/util/test_auth_analytics.py` (+52 -0) 📝 `backend/open_webui/utils/access_control/__init__.py` (+37 -4) 📝 `backend/open_webui/utils/auth.py` (+26 -1) ➕ `pytest.ini` (+9 -0) 📝 `src/lib/apis/users/index.ts` (+7 -1) 📝 `src/lib/components/admin/Analytics.svelte` (+3 -1) 📝 `src/lib/components/admin/Users/Groups/EditGroupModal.svelte` (+2 -1) 📝 `src/lib/components/admin/Users/Groups/Permissions.svelte` (+24 -1) 📝 `src/lib/components/admin/Users/UserList/EditUserModal.svelte` (+21 -1) 📝 `src/lib/components/layout/Sidebar/UserMenu.svelte` (+7 -4) _...and 7 more files_ </details> ### 📄 Description # Pull Request Checklist **Before submitting, make sure you've checked the following:** - [ ] **Linked Issue/Discussion:** Relates to community feature request for analytics-only admin access (discussion to be linked after creation). - [x] **Target branch:** The pull request targets the `dev` branch. - [x] **Description:** A concise description of the changes is provided below. - [x] **Changelog:** A changelog entry following [Keep a Changelog](https://keepachangelog.com/) format is included at the bottom. - [ ] **Documentation:** Relevant documentation has been added or updated in the [Open WebUI Docs Repository](https://github.com/open-webui/docs). - [ ] **Dependencies:** No new runtime dependencies. - [x] **Testing:** Manual tests performed (analytics-only user, full admin, API permission checks). - [x] **No Unchecked AI Code:** Human-reviewed and manually tested. - [x] **Self-Review:** Self-review completed. - [x] **Architecture:** Uses existing permissions system; no new global settings. - [x] **Git Hygiene:** Atomic change, based on `dev`. - [x] **Title Prefix:** `feat` # Changelog Entry ### Description - Add `admin.analytics` permission so users can access the **Analytics** admin tab without full administrator role. - Preserves backward compatibility: default is `false`; admins always retain analytics access. ### Added - `admin.analytics` permission in backend access control, API guard (`get_analytics_user`), and frontend UI (user edit modal, group permissions, admin layout, user menu). - Alembic migration to add `admin.analytics` key to stored default permissions and existing groups. - Unit tests for access control, auth dependency, and migration. ### Changed - Analytics router endpoints use `get_analytics_user` instead of `get_admin_user`. - `Analytics.svelte` checks `hasAnalyticsAccess` instead of `role === 'admin'`. - Analytics-only users see a single **Analytics** tab; `/admin/settings` redirects to `/admin/analytics`. ### Fixed - Race on direct `/admin/*` navigation before session user loads. - Analytics page incorrectly redirecting non-admin users with `admin.analytics` permission. ### Breaking Changes - None. --- ### Additional Information - Replaces closed PR #24859 (missing CLA text in description). ### Test plan - [x] Admin: Admin Panel with all tabs including Analytics - [x] User with `admin.analytics` only: menu shows **Analytics**, single tab, settings redirect - [x] `GET /api/v1/analytics/summary` → 200 with permission, 401 without - [x] `pytest backend/open_webui/test/util/test_auth_analytics.py backend/open_webui/test/util/test_access_control_admin_analytics.py backend/open_webui/test/migrations/` ### Contributor License Agreement - [x] By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-18 16:09:15 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#115202