mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 14:39:31 -05:00
[PR #24863] [CLOSED] feat: add admin.analytics permission for analytics-only access #115204
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/24863
Author: @guility
Created: 5/18/2026
Status: ❌ Closed
Base:
dev← Head:feat/admin-analytics-access📝 Commits (1)
c2768d7feat: add admin.analytics permission for analytics-only admin access📊 Changes
27 files changed (+876 additions, -63 deletions)
View changed files
📝
backend/open_webui/config.py(+7 -0)📝
backend/open_webui/main.py(+10 -0)➕
backend/open_webui/migrations/versions/f8a9b0c1d2e3_add_admin_analytics_permissions.py(+121 -0)📝
backend/open_webui/models/users.py(+1 -0)📝
backend/open_webui/routers/analytics.py(+9 -9)📝
backend/open_webui/routers/users.py(+30 -2)➕
backend/open_webui/test/conftest.py(+15 -0)➕
backend/open_webui/test/migrations/test_admin_analytics_permissions_migration.py(+68 -0)➕
backend/open_webui/test/util/test_access_control_admin_analytics.py(+187 -0)➕
backend/open_webui/test/util/test_analytics_api_integration.py(+99 -0)➕
backend/open_webui/test/util/test_auth_analytics.py(+52 -0)📝
backend/open_webui/utils/access_control/__init__.py(+37 -4)📝
backend/open_webui/utils/auth.py(+26 -1)➕
pytest.ini(+9 -0)📝
src/lib/apis/users/index.ts(+7 -1)📝
src/lib/components/admin/Analytics.svelte(+3 -1)📝
src/lib/components/admin/Users/Groups/EditGroupModal.svelte(+2 -1)📝
src/lib/components/admin/Users/Groups/Permissions.svelte(+24 -1)📝
src/lib/components/admin/Users/UserList/EditUserModal.svelte(+21 -1)📝
src/lib/components/layout/Sidebar/UserMenu.svelte(+7 -4)...and 7 more files
📄 Description
# Pull Request Checklist
Before submitting, make sure you've checked the following:
devbranch.USER_PERMISSIONS_ADMIN_ANALYTICSenv var.dev.featChangelog Entry
Description
admin.analyticspermission so users can access the Analytics admin tab without full administrator role.false; admins always retain analytics access.Added
admin.analyticspermission in backend access control, API guard (get_analytics_user), and frontend UI (user edit modal, group permissions, admin layout, user menu).admin.analyticskey to stored default permissions and existing groups.Changed
get_analytics_userinstead ofget_admin_user.Analytics.sveltecheckshasAnalyticsAccessinstead ofrole === 'admin'./admin/settingsredirects to/admin/analytics.Fixed
/admin/*navigation before session user loads.admin.analyticspermission.Breaking Changes
Additional Information
Test plan
admin.analyticsonly: menu shows Analytics, single tab, settings redirectGET /api/v1/analytics/summary→ 200 with permission, 401 withoutpytest backend/open_webui/test/util/test_auth_analytics.py backend/open_webui/test/util/test_access_control_admin_analytics.py backend/open_webui/test/migrations/Contributor License Agreement
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.