[PR #21358] [MERGED] fix: enforce public sharing permission checks across all resource types #26043

Closed
opened 2026-04-20 06:17:05 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/21358
Author: @Classic298
Created: 2/13/2026
Status: Merged
Merged: 2/13/2026
Merged by: @tjbck

Base: devHead: fix-public-sharing-access-control


📝 Commits (1)

  • 39d0ff8 fix: enforce public sharing permission checks across all resource types

📊 Changes

11 files changed (+122 additions, -10 deletions)

View changed files

📝 backend/open_webui/routers/knowledge.py (+19 -0)
📝 backend/open_webui/routers/models.py (+20 -1)
📝 backend/open_webui/routers/notes.py (+18 -0)
📝 backend/open_webui/routers/prompts.py (+20 -1)
📝 backend/open_webui/routers/skills.py (+20 -1)
📝 backend/open_webui/routers/tools.py (+20 -1)
📝 src/lib/components/workspace/Knowledge/KnowledgeBase.svelte (+1 -2)
📝 src/lib/components/workspace/Models/ModelEditor.svelte (+1 -1)
📝 src/lib/components/workspace/Prompts/PromptEditor.svelte (+1 -1)
📝 src/lib/components/workspace/Skills/SkillEditor.svelte (+1 -1)
📝 src/lib/components/workspace/Tools/ToolkitEditor.svelte (+1 -1)

📄 Description

The sharePublic prop in editor components (Knowledge, Tools, Skills, Prompts, Models) incorrectly included an "|| edit" / "|| write_access" condition, allowing users with write access to see and use the "Public" sharing option regardless of their actual public sharing permission. Additionally, all backend access/update endpoints only verified write authorization but did not check the corresponding sharing.public_* permission, allowing direct API calls to bypass frontend restrictions entirely.

Frontend: removed the edit/write_access bypass from sharePublic in all five editor components so visibility is gated solely by the user's sharing.public_* permission or admin role.

Backend: added has_public_read_access_grant checks to the access/update endpoints in knowledge.py, tools.py, prompts.py, skills.py, models.py, and notes.py. Public grants are silently stripped when the user lacks the corresponding permission.

Fixes #21356

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

Note

Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/21358 **Author:** [@Classic298](https://github.com/Classic298) **Created:** 2/13/2026 **Status:** ✅ Merged **Merged:** 2/13/2026 **Merged by:** [@tjbck](https://github.com/tjbck) **Base:** `dev` ← **Head:** `fix-public-sharing-access-control` --- ### 📝 Commits (1) - [`39d0ff8`](https://github.com/open-webui/open-webui/commit/39d0ff80497a654e7cbe38bc32824050e1e68345) fix: enforce public sharing permission checks across all resource types ### 📊 Changes **11 files changed** (+122 additions, -10 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/routers/knowledge.py` (+19 -0) 📝 `backend/open_webui/routers/models.py` (+20 -1) 📝 `backend/open_webui/routers/notes.py` (+18 -0) 📝 `backend/open_webui/routers/prompts.py` (+20 -1) 📝 `backend/open_webui/routers/skills.py` (+20 -1) 📝 `backend/open_webui/routers/tools.py` (+20 -1) 📝 `src/lib/components/workspace/Knowledge/KnowledgeBase.svelte` (+1 -2) 📝 `src/lib/components/workspace/Models/ModelEditor.svelte` (+1 -1) 📝 `src/lib/components/workspace/Prompts/PromptEditor.svelte` (+1 -1) 📝 `src/lib/components/workspace/Skills/SkillEditor.svelte` (+1 -1) 📝 `src/lib/components/workspace/Tools/ToolkitEditor.svelte` (+1 -1) </details> ### 📄 Description The sharePublic prop in editor components (Knowledge, Tools, Skills, Prompts, Models) incorrectly included an "|| edit" / "|| write_access" condition, allowing users with write access to see and use the "Public" sharing option regardless of their actual public sharing permission. Additionally, all backend access/update endpoints only verified write authorization but did not check the corresponding sharing.public_* permission, allowing direct API calls to bypass frontend restrictions entirely. Frontend: removed the edit/write_access bypass from sharePublic in all five editor components so visibility is gated solely by the user's sharing.public_* permission or admin role. Backend: added has_public_read_access_grant checks to the access/update endpoints in knowledge.py, tools.py, prompts.py, skills.py, models.py, and notes.py. Public grants are silently stripped when the user lacks the corresponding permission. Fixes #21356 ### Contributor License Agreement <!-- 🚨 DO NOT DELETE THE TEXT BELOW 🚨 Keep the "Contributor License Agreement" confirmation text intact. Deleting it will trigger the CLA-Bot to INVALIDATE your PR. --> By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. > [!NOTE] > Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-20 06:17:05 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#26043