github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 03:18:23 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #20229] issue: Knowledge Base not visible when shared with multiple groups (SQLite) #19131

New Issue
Closed
opened 2026-04-20 01:27:22 -05:00 by GiteaMirror · 7 comments
GiteaMirror commented 2026-04-20 01:27:22 -05:00
Owner
Copy Link

Originally created by @taka817123 on GitHub (Dec 29, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/20229

Check Existing Issues

  • I have searched for any existing and/or related issues.
  • I have searched for any existing and/or related discussions.
  • I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
  • I am using the latest version of Open WebUI.

Installation Method

Git Clone

Open WebUI Version

v0.6.43

Ollama Version (if applicable)

No response

Operating System

Windows11

Browser (if applicable)

No response

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided every relevant configuration, setting, and environment variable used in my setup.
  • I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
  • I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
  • Start with the initial platform/version/OS and dependencies used,
  • Specify exact install/launch/configure commands,
  • List URLs visited, user input (incl. example values/emails/passwords if needed),
  • Describe all options and toggles enabled or changed,
  • Include any files or environmental changes,
  • Identify the expected and actual result at each stage,
  • Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

A user belonging to both Group B and Group C should be able to see a Knowledge Base that is shared with both Group B and Group C.

Actual Behavior

A user belonging to both Group B and Group C cannot see a Knowledge Base that is shared with both Group B and Group C.
However, if the Knowledge Base is shared only with Group B, the user can see it correctly.

Steps to Reproduce

Create a user (User A).
Create two groups (Group B and Group C).
Add User A to both Group B and Group C (or it can be possible to reproduce only adding to Group B) .
Create a Knowledge Base (e.g., "test3").
Update "test3" access control to share it with both Group B and Group C.
Log in as User A.
Observe that "test3" is not visible in the Knowledge Base list.
Update "test3" access control to share it only with Group B.
Observe that "test3" becomes visible to User A.

Logs & Screenshots

Image

For this setting, Test3 KB is not appeared on UserA KB list.

Additional Information

The issue seems to be located in [access_control.py]. The usage of [.contains()] for JSON columns in SQLite via SQLAlchemy might not be behaving as expected when multiple items are present. Replacing it with [json_extract] and LIKE seems to fix the issue.

  • from
                    group_read_conditions.append(
                        DocumentModel.access_control["read"]["group_ids"].contains(
                            [gid]
                        )
                    )
  • to
                    group_read_conditions.append(
                        func.json_extract(
                            DocumentModel.access_control, "$.read.group_ids"
                        ).like(f'%"{gid}"%')
                    )
  • from
    DocumentModel.access_control["write"]["group_ids"].contains(
    [gid]
    )
  • to
    func.json_extract(
    DocumentModel.access_control, "$.write.group_ids"
    ).like(f'%"{gid}"%')
Originally created by @taka817123 on GitHub (Dec 29, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/20229 ### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!). - [x] I am using the latest version of Open WebUI. ### Installation Method Git Clone ### Open WebUI Version v0.6.43 ### Ollama Version (if applicable) _No response_ ### Operating System Windows11 ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior A user belonging to both Group B and Group C should be able to see a Knowledge Base that is shared with both Group B and Group C. ### Actual Behavior A user belonging to both Group B and Group C cannot see a Knowledge Base that is shared with both Group B and Group C. However, if the Knowledge Base is shared only with Group B, the user can see it correctly. ### Steps to Reproduce Create a user (User A). Create two groups (Group B and Group C). Add User A to both Group B and Group C (or it can be possible to reproduce only adding to Group B) . Create a Knowledge Base (e.g., "test3"). Update "test3" access control to share it with both Group B and Group C. Log in as User A. Observe that "test3" is not visible in the Knowledge Base list. Update "test3" access control to share it only with Group B. Observe that "test3" becomes visible to User A. ### Logs & Screenshots <img width="679" height="443" alt="Image" src="https://github.com/user-attachments/assets/64430a6d-4089-4b91-a781-8f6d7947d4b3" /> For this setting, Test3 KB is not appeared on UserA KB list. ### Additional Information The issue seems to be located in [access_control.py]. The usage of [.contains()] for JSON columns in SQLite via SQLAlchemy might not be behaving as expected when multiple items are present. Replacing it with [json_extract] and LIKE seems to fix the issue. - from ``` group_read_conditions.append( DocumentModel.access_control["read"]["group_ids"].contains( [gid] ) ) ``` - to ``` group_read_conditions.append( func.json_extract( DocumentModel.access_control, "$.read.group_ids" ).like(f'%"{gid}"%') ) ``` - from DocumentModel.access_control["write"]["group_ids"].contains( [gid] ) - to func.json_extract( DocumentModel.access_control, "$.write.group_ids" ).like(f'%"{gid}"%')
GiteaMirror added the bugconfirmed issue labels 2026-04-20 01:27:23 -05:00
GiteaMirror commented 2026-04-20 01:27:24 -05:00
Author
Owner
Copy Link

@owui-terminator[bot] commented on GitHub (Dec 29, 2025):

🔍 Similar Issues Found

I found some existing issues that might be related to this one. Please check if any of these are duplicates or contain helpful solutions:

  1. #19752 issue: minor UI Bug: knowledge sharing
    by mahenning • Dec 04, 2025 • bug

  2. #19701 issue: knowledge can not multiple upload file
    by willy808 • Dec 03, 2025 • bug

  3. #19861 issue:
    by QuitHub • Dec 10, 2025 • bug

  4. #19877 issue:
    by dotmobo • Dec 11, 2025 • bug

  5. #20046 issue:
    by pierrelouisbescond • Dec 19, 2025 • bug

Show 5 more related issues

  1. #19190 issue: Synchronization with Folder Leads to Empty Knowledge Base
    by flefevre • Nov 14, 2025 • bug

  2. #20019 issue:
    by j63440490 • Dec 17, 2025 • bug

  3. #19491 issue: Referencing Knowledge in chats with '#' no longer shows which knowledge base does the file belong to
    by donatas-xyz • Nov 25, 2025 • bug

  4. #19426 issue: Strange Behavior With Groups
    by matthew-kusz • Nov 24, 2025 • bug

  5. #19563 issue:
    by naruto7g • Nov 28, 2025 • bug

💡 Tips:

  • If this is a duplicate, please consider closing this issue and adding any additional details to the existing one
  • If you found a solution in any of these issues, please share it here to help others

This comment was generated automatically by a bot. Please react with a 👍 if this comment was helpful, or a 👎 if it was not.

<!-- gh-comment-id:3695298979 --> @owui-terminator[bot] commented on GitHub (Dec 29, 2025): 🔍 **Similar Issues Found** I found some existing issues that might be related to this one. Please check if any of these are duplicates or contain helpful solutions: 1. [#19752](https://github.com/open-webui/open-webui/issues/19752) **issue: minor UI Bug: knowledge sharing** *by mahenning • Dec 04, 2025 • `bug`* 2. [#19701](https://github.com/open-webui/open-webui/issues/19701) **issue: knowledge can not multiple upload file** *by willy808 • Dec 03, 2025 • `bug`* 3. [#19861](https://github.com/open-webui/open-webui/issues/19861) **issue:** *by QuitHub • Dec 10, 2025 • `bug`* 4. [#19877](https://github.com/open-webui/open-webui/issues/19877) **issue:** *by dotmobo • Dec 11, 2025 • `bug`* 5. [#20046](https://github.com/open-webui/open-webui/issues/20046) **issue:** *by pierrelouisbescond • Dec 19, 2025 • `bug`* <details> <summary>Show 5 more related issues</summary> 6. [#19190](https://github.com/open-webui/open-webui/issues/19190) **issue: Synchronization with Folder Leads to Empty Knowledge Base** *by flefevre • Nov 14, 2025 • `bug`* 7. [#20019](https://github.com/open-webui/open-webui/issues/20019) **issue:** *by j63440490 • Dec 17, 2025 • `bug`* 8. [#19491](https://github.com/open-webui/open-webui/issues/19491) **issue: Referencing Knowledge in chats with '#' no longer shows which knowledge base does the file belong to** *by donatas-xyz • Nov 25, 2025 • `bug`* 9. [#19426](https://github.com/open-webui/open-webui/issues/19426) **issue: Strange Behavior With Groups** *by matthew-kusz • Nov 24, 2025 • `bug`* 10. [#19563](https://github.com/open-webui/open-webui/issues/19563) **issue:** *by naruto7g • Nov 28, 2025 • `bug`* </details> --- 💡 **Tips:** - If this is a duplicate, please consider closing this issue and adding any additional details to the existing one - If you found a solution in any of these issues, please share it here to help others *This comment was generated automatically by a bot.* Please react with a 👍 if this comment was helpful, or a 👎 if it was not.
GiteaMirror commented 2026-04-20 01:27:24 -05:00
Author
Owner
Copy Link

@taka817123 commented on GitHub (Dec 29, 2025):

If my assumption is correct, there are 3 points to fix it (FYI).

1. In 'read_only' block - Read permission

if dialect_name == "sqlite":
    group_read_conditions.append(
        func.json_extract(
            DocumentModel.access_control, "$.read.group_ids"
        ).like(f'%"{gid}"%')
    )

# ...

2. In 'read_only' block - Write permission (exclusion)

if dialect_name == "sqlite":
    group_write_conditions.append(
        func.json_extract(
            DocumentModel.access_control, "$.write.group_ids"
        ).like(f'%"{gid}"%')
    )

# ...

3. In General permission block (end of function)

if dialect_name == "sqlite":
    group_conditions.append(
        func.json_extract(
            DocumentModel.access_control, f"$.{permission}.group_ids"
        ).like(f'%"{gid}"%')
    )
<!-- gh-comment-id:3695309044 --> @taka817123 commented on GitHub (Dec 29, 2025): If my assumption is correct, there are 3 points to fix it (FYI). ### 1. In 'read_only' block - Read permission ```python if dialect_name == "sqlite": group_read_conditions.append( func.json_extract( DocumentModel.access_control, "$.read.group_ids" ).like(f'%"{gid}"%') ) # ... ``` ### 2. In 'read_only' block - Write permission (exclusion) ```python if dialect_name == "sqlite": group_write_conditions.append( func.json_extract( DocumentModel.access_control, "$.write.group_ids" ).like(f'%"{gid}"%') ) # ... ``` ### 3. In General permission block (end of function) ```python if dialect_name == "sqlite": group_conditions.append( func.json_extract( DocumentModel.access_control, f"$.{permission}.group_ids" ).like(f'%"{gid}"%') ) ```
GiteaMirror commented 2026-04-20 01:27:25 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Dec 29, 2025):

@silentoplayz

<!-- gh-comment-id:3695978320 --> @Classic298 commented on GitHub (Dec 29, 2025): @silentoplayz
GiteaMirror commented 2026-04-20 01:27:26 -05:00
Author
Owner
Copy Link

@silentoplayz commented on GitHub (Dec 29, 2025):

I have thoroughly tested this issue on the latest dev commit and can confirm that I am able to reproduce it using the provided steps. The issue occurs regardless of whether Group B and Group C both have read access, both have write access, or if one has read access while the other has write access. Adding a third group did not resolve the issue, indicating that the problem arises specifically when a user is a member of more than one group and the Knowledge Base is shared with groups where the user is a member of at least two of them. I tested with the maximum permissions assigned to all user groups.

<!-- gh-comment-id:3696273736 --> @silentoplayz commented on GitHub (Dec 29, 2025): I have thoroughly tested this issue on the latest `dev` commit and can confirm that I am able to reproduce it using the provided steps. The issue occurs regardless of whether Group B and Group C both have read access, both have write access, or if one has read access while the other has write access. Adding a third group did not resolve the issue, indicating that the problem arises specifically when a user is a member of more than one group and the Knowledge Base is shared with groups where the user is a member of at least two of them. I tested with the maximum permissions assigned to all user groups.
GiteaMirror commented 2026-04-20 01:27:27 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Dec 29, 2025):

investigating

<!-- gh-comment-id:3696285788 --> @Classic298 commented on GitHub (Dec 29, 2025): investigating
GiteaMirror commented 2026-04-20 01:27:28 -05:00
Author
Owner
Copy Link

@taka817123 commented on GitHub (Dec 29, 2025):

Happy Holidays! Thanks for the quick fix!

<!-- gh-comment-id:3696690897 --> @taka817123 commented on GitHub (Dec 29, 2025): Happy Holidays! Thanks for the quick fix!
GiteaMirror commented 2026-04-20 01:27:28 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Dec 30, 2025):

fixed by 61e25dc2dc

<!-- gh-comment-id:3699531107 --> @Classic298 commented on GitHub (Dec 30, 2025): fixed by https://github.com/open-webui/open-webui/commit/61e25dc2dce9c12dcb5b88a6b814060c4338e67b
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug confirmed issue
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#19131
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?