As a User I can access the URL Path /admin/settings/ and /workspace -> maybe there are even more paths... #1663

New Issue

Closed

opened 2025-11-11 14:49:34 -06:00 by GiteaMirror · 1 comment

GiteaMirror commented 2025-11-11 14:49:34 -06:00

Owner

Copy Link

Originally created by @wggcch on GitHub (Aug 2, 2024).

Bug Report

Description

Bug Summary:
Given I am logged in as a User

/workspace
Steps to Reproduce:
When I append /workspace to my URL (e.g. http://localhost:3000/workspace)
When I visit the URL

Actual Behavior:
I can open the Workspace Settings

Expected Behavior:
I think it would be better to not be able to visit the page as a user at all or add a "local" /workspace for a more group and user based access

/admin/settings
Steps to Reproduce:
When I append /admin/settings
When I visit the URL

Actual Behavior:
I can open the Admin Settings

Expected Behavior:

As a User I would not expect to enter the Admin settings

Environment

• Open WebUI Version: [0.3.10]

• Operating System: [ macOS Big Sur]

• Browser: [Firefox, Chrome, MS Edge where tested]

Reproduction Details

Confirmation:

• [ x ] I have read and followed all the instructions provided in the README.md.
• [ x] I am on the latest version of both Open WebUI and Ollama.

Logs and Screenshots

I've made two Screenshots of a User entering the mentioned paths

Installation Method

I've installed openwebui over docker, like its discribed within the readme.md

echo "Starting open webui"
docker run -d -p 3005:8080 \
  --add-host=host.docker.internal:host-gateway \
  -v open-webui:/app/backend/data \
  --name open-webui \
  --env-file ./openwebui.env \
  --restart always \
  ghcr.io/open-webui/open-webui:main

#openwebui.env 
WEBUI_AUTH=True
ENABLE_OAUTH_SIGNUP=False
WEBUI_NAME="MYWEBUI"

Originally created by @wggcch on GitHub (Aug 2, 2024). # Bug Report ## Description **Bug Summary:** Given I am logged in as a User /workspace **Steps to Reproduce:** When I append /workspace to my URL (e.g. http://localhost:3000/workspace) When I visit the URL **Actual Behavior:** I can open the Workspace Settings **Expected Behavior:** I think it would be better to not be able to visit the page as a user at all or add a "local" /workspace for a more group and user based access /admin/settings **Steps to Reproduce:** When I append /admin/settings When I visit the URL **Actual Behavior:** I can open the Admin Settings **Expected Behavior:** As a User I would not expect to enter the Admin settings ## Environment - **Open WebUI Version:** [0.3.10] - **Operating System:** [ macOS Big Sur] - **Browser:** [Firefox, Chrome, MS Edge where tested] ## Reproduction Details **Confirmation:** - [ x ] I have read and followed all the instructions provided in the README.md. - [ x] I am on the latest version of both Open WebUI and Ollama. ## Logs and Screenshots I've made two Screenshots of a User entering the mentioned paths   ## Installation Method I've installed openwebui over docker, like its discribed within the readme.md ```console echo "Starting open webui" docker run -d -p 3005:8080 \ --add-host=host.docker.internal:host-gateway \ -v open-webui:/app/backend/data \ --name open-webui \ --env-file ./openwebui.env \ --restart always \ ghcr.io/open-webui/open-webui:main ``` ``` #openwebui.env WEBUI_AUTH=True ENABLE_OAUTH_SIGNUP=False WEBUI_NAME="MYWEBUI" ```

GiteaMirror closed this issue 2025-11-11 14:49:34 -06:00

GiteaMirror commented 2025-11-11 14:49:35 -06:00

Author

Owner

Copy Link

@tjbck commented on GitHub (Aug 2, 2024):

Fixed on dev!

@tjbck commented on GitHub (Aug 2, 2024): Fixed on dev!

GiteaMirror referenced this issue 2025-11-11 15:52:34 -06:00

feat: Allow multi-line values in table cells #4372

GiteaMirror referenced this issue 2025-11-11 17:29:39 -06:00

[PR #1665] [MERGED] fix: <br> is not escaped in output text #7542

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

bits-ui-v2

backend-outlet

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#1663