github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 10:58:17 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #23029] [CLOSED] fix: tool calls fail for non-admin users due to model access check #26982

New Issue
Closed
opened 2026-04-20 06:48:02 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-20 06:48:02 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/23029
Author: @yang1002378395-cmyk
Created: 3/25/2026
Status: Closed

Base: devHead: fix-tool-call-permission-check

📝 Commits (10+)

📊 Changes

1 file changed (+3 additions, -1 deletions)

View changed files

📝 backend/open_webui/utils/middleware.py (+3 -1)

📄 Description

Fixes #22851

Pull Request Checklist

  • Target branch: Targets the dev branch
  • Description: Fix for non-admin users tool call failures
  • Changelog: Added below
  • Testing: Manual code review and analysis performed

Changelog Entry

Description

Fixes a bug where non-admin users tool calls would fail during subsequent response generation due to model access permission checks.

Fixed

  • Tool calls for non-admin users now complete successfully by bypassing model access checks for internal middleware-generated requests

Problem

Non-admin users experience tool call failures:

  • Tool calls execute successfully but subsequent generation fails
  • Log shows task=None -> title_generation (missing follow-up call)
  • Admin users work correctly: task=None -> task=None -> title_generation

Root Cause

generate_chat_completion() calls check_model_access() to verify model permissions. When non-admin users use tools:

  1. Tool decision generation succeeds (uses task model)
  2. Response generation fails because it calls generate_chat_completion() without bypass_filter=True
  3. If user does not have explicit access to response model, permission check fails and generation is interrupted

Solution

Add bypass_filter=True to all generate_chat_completion() calls in middleware.py that are for tool decision/response generation.

Changes

  • Line 1245: Tool decision generation - add bypass_filter=True
  • Line 4553: Response generation (tool_calls) - add bypass_filter=True
  • Line 4738: Response generation (native_function_calling) - add bypass_filter=True

Testing

Analyzed the code flow through middleware.py and chat.py to identify the permission check issue. The fix allows internal system calls to bypass model access checks while maintaining security for direct user requests.

Contributor License Agreement

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/23029 **Author:** [@yang1002378395-cmyk](https://github.com/yang1002378395-cmyk) **Created:** 3/25/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `fix-tool-call-permission-check` --- ### 📝 Commits (10+) - [`fe6783c`](https://github.com/open-webui/open-webui/commit/fe6783c16699911c7be17392596d579333fb110c) Merge pull request #19030 from open-webui/dev - [`fc05e0a`](https://github.com/open-webui/open-webui/commit/fc05e0a6c5d39da60b603b4d520f800d6e36f748) Merge pull request #19405 from open-webui/dev - [`e3faec6`](https://github.com/open-webui/open-webui/commit/e3faec62c58e3a83d89aa3df539feacefa125e0c) Merge pull request #19416 from open-webui/dev - [`9899293`](https://github.com/open-webui/open-webui/commit/9899293f050ad50ae12024cbebee7e018acd851e) Merge pull request #19448 from open-webui/dev - [`140605e`](https://github.com/open-webui/open-webui/commit/140605e660b8186a7d5c79fb3be6ffb147a2f498) Merge pull request #19462 from open-webui/dev - [`6f1486f`](https://github.com/open-webui/open-webui/commit/6f1486ffd0cb288d0e21f41845361924e0d742b3) Merge pull request #19466 from open-webui/dev - [`d95f533`](https://github.com/open-webui/open-webui/commit/d95f533214e3fe5beb5e41ec1f349940bc4c7043) Merge pull request #19729 from open-webui/dev - [`a727153`](https://github.com/open-webui/open-webui/commit/a7271532f8a38da46785afcaa7e65f9a45e7d753) 0.6.43 (#20093) - [`6adde20`](https://github.com/open-webui/open-webui/commit/6adde203cd292a9e3af9c64a2ae36b603fed096a) Merge pull request #20394 from open-webui/dev - [`f9b0534`](https://github.com/open-webui/open-webui/commit/f9b0534e0c442631d1cb7205169588b9b6204179) Merge pull request #20522 from open-webui/dev ### 📊 Changes **1 file changed** (+3 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/utils/middleware.py` (+3 -1) </details> ### 📄 Description Fixes #22851 # Pull Request Checklist - [x] **Target branch:** Targets the dev branch - [x] **Description:** Fix for non-admin users tool call failures - [x] **Changelog:** Added below - [x] **Testing:** Manual code review and analysis performed # Changelog Entry ### Description Fixes a bug where non-admin users tool calls would fail during subsequent response generation due to model access permission checks. ### Fixed - Tool calls for non-admin users now complete successfully by bypassing model access checks for internal middleware-generated requests --- ## Problem Non-admin users experience tool call failures: - Tool calls execute successfully but subsequent generation fails - Log shows task=None -> title_generation (missing follow-up call) - Admin users work correctly: task=None -> task=None -> title_generation ## Root Cause generate_chat_completion() calls check_model_access() to verify model permissions. When non-admin users use tools: 1. Tool decision generation succeeds (uses task model) 2. Response generation fails because it calls generate_chat_completion() without bypass_filter=True 3. If user does not have explicit access to response model, permission check fails and generation is interrupted ## Solution Add bypass_filter=True to all generate_chat_completion() calls in middleware.py that are for tool decision/response generation. ## Changes - Line 1245: Tool decision generation - add bypass_filter=True - Line 4553: Response generation (tool_calls) - add bypass_filter=True - Line 4738: Response generation (native_function_calling) - add bypass_filter=True ## Testing Analyzed the code flow through middleware.py and chat.py to identify the permission check issue. The fix allows internal system calls to bypass model access checks while maintaining security for direct user requests. ### Contributor License Agreement - [x] By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-20 06:48:02 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#26982
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?