github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 03:18:23 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #22133] issue: No file access for workspace model shared to user #35166

New Issue
Closed
opened 2026-04-25 09:23:37 -05:00 by GiteaMirror · 8 comments
GiteaMirror commented 2026-04-25 09:23:37 -05:00
Owner
Copy Link

Originally created by @Ithanil on GitHub (Mar 2, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/22133

Originally assigned to: @Classic298 on GitHub.

Check Existing Issues

  • I have searched for any existing and/or related issues.
  • I have searched for any existing and/or related discussions.
  • I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
  • I am using the latest version of Open WebUI.

Installation Method

Other

Open WebUI Version

0.8.7

Ollama Version (if applicable)

No response

Operating System

Debian 13

Browser (if applicable)

Firefox/Chromium

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided every relevant configuration, setting, and environment variable used in my setup.
  • I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
  • I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
  • Start with the initial platform/version/OS and dependencies used,
  • Specify exact install/launch/configure commands,
  • List URLs visited, user input (incl. example values/emails/passwords if needed),
  • Describe all options and toggles enabled or changed,
  • Include any files or environmental changes,
  • Identify the expected and actual result at each stage,
  • Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

When uploading files to a workspace model as knowledge and then sharing that model to other users, the query_knowledge tool should work for them and if they have write access, they should be able to inspect the files.

Actual Behavior

For users that got the model shared, query_knowledge doesn't return and if they inspect the knowledge files, they have no content / preview can't be loaded.
For admins or the owner of the model it works fine.

Steps to Reproduce

  1. Create workspace model
  2. Upload some files
  3. Make sure knowledge tool + native tool calling is enabled
  4. Share the model to other users (individually)
  5. Observe abovementioned "Actual Behavior".

Logs & Screenshots

Likely relevant logs:

2026-03-02 11:25:02.041 | DEBUG    | open_webui.utils.access_control.files:has_access_to_file:31 - Checking if user has read access to file
2026-03-02 11:25:02.066 | INFO     | uvicorn.protocols.http.httptools_impl:send:483 - 1.2.3.4:0 - "GET /api/v1/files/0d193573-acee-4f2d-9353-ccbd6d9333c8/content HTTP/1.1" 404
Image Image Image

Additional Information

No response

Originally created by @Ithanil on GitHub (Mar 2, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/22133 Originally assigned to: @Classic298 on GitHub. ### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!). - [x] I am using the latest version of Open WebUI. ### Installation Method Other ### Open WebUI Version 0.8.7 ### Ollama Version (if applicable) _No response_ ### Operating System Debian 13 ### Browser (if applicable) Firefox/Chromium ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior When uploading files to a workspace model as knowledge and then sharing that model to other users, the query_knowledge tool should work for them and if they have write access, they should be able to inspect the files. ### Actual Behavior For users that got the model shared, query_knowledge doesn't return and if they inspect the knowledge files, they have no content / preview can't be loaded. For admins or the owner of the model it works fine. ### Steps to Reproduce 1. Create workspace model 2. Upload some files 3. Make sure knowledge tool + native tool calling is enabled 4. Share the model to other users (individually) 5. Observe abovementioned "Actual Behavior". ### Logs & Screenshots Likely relevant logs: ``` 2026-03-02 11:25:02.041 | DEBUG | open_webui.utils.access_control.files:has_access_to_file:31 - Checking if user has read access to file 2026-03-02 11:25:02.066 | INFO | uvicorn.protocols.http.httptools_impl:send:483 - 1.2.3.4:0 - "GET /api/v1/files/0d193573-acee-4f2d-9353-ccbd6d9333c8/content HTTP/1.1" 404 ``` <img width="887" height="124" alt="Image" src="https://github.com/user-attachments/assets/6de799b5-1a63-4b93-87d6-27492105df41" /> <img width="895" height="458" alt="Image" src="https://github.com/user-attachments/assets/7fd5375f-fd24-474d-bc84-dc0e2b8621cf" /> <img width="939" height="257" alt="Image" src="https://github.com/user-attachments/assets/da7d4762-3698-484e-9a18-83c4c99f0632" /> ### Additional Information _No response_
GiteaMirror added the bug label 2026-04-25 09:23:37 -05:00
GiteaMirror commented 2026-04-25 09:23:40 -05:00
Author
Owner
Copy Link

@Ithanil commented on GitHub (Mar 2, 2026):

Potential quick fix to be tested:

diff --git a/backend/open_webui/tools/builtin.py b/backend/open_webui/tools/builtin.py
index 051f33e81..da522a3db 100644
--- a/backend/open_webui/tools/builtin.py
+++ b/backend/open_webui/tools/builtin.py
@@ -1830,7 +1830,7 @@ async def query_knowledge_files(
                 elif item_type == "file":
                     # Individual file - use file-{id} as collection name
                     file = Files.get_file_by_id(item_id)
-                    if file and (user_role == "admin" or file.user_id == user_id):
+                    if file:
                         collection_names.append(f"file-{item_id}")
 
                 elif item_type == "note":
diff --git a/backend/open_webui/utils/access_control/files.py b/backend/open_webui/utils/access_control/files.py
index 11c06f14a..5127ec9dd 100644
--- a/backend/open_webui/utils/access_control/files.py
+++ b/backend/open_webui/utils/access_control/files.py
@@ -7,11 +7,34 @@ from open_webui.models.knowledge import Knowledges
 from open_webui.models.channels import Channels
 from open_webui.models.chats import Chats
 from open_webui.models.groups import Groups
+from open_webui.models.models import Models
 from open_webui.models.access_grants import AccessGrants
 
 log = logging.getLogger(__name__)
 
 
+def _has_access_to_file_via_shared_model(
+    file,
+    access_type: str,
+    user: UserModel,
+    db: Optional[Any] = None,
+) -> bool:
+    """
+    Shared workspace models implicitly expose directly attached file items.
+    """
+    for model in Models.get_models_by_user_id(user.id, permission=access_type, db=db):
+        knowledge_items = getattr(model.meta, "knowledge", None) or []
+
+        for item in knowledge_items:
+            if not isinstance(item, dict):
+                continue
+
+            if item.get("type") == "file" and item.get("id") == file.id:
+                return True
+
+    return False
+
+
 def has_access_to_file(
     file_id: Optional[str],
     access_type: str,
@@ -21,6 +44,7 @@ def has_access_to_file(
     """
     Check if a user has the specified access to a file through any of:
     - Knowledge bases (ownership or access grants)
+    - Shared workspace models that attach the file directly
     - Channels the user is a member of
     - Shared chats
 
@@ -72,4 +96,12 @@ def has_access_to_file(
     if chats:
         return True
 
+    if _has_access_to_file_via_shared_model(
+        file=file,
+        access_type=access_type,
+        user=user,
+        db=db,
+    ):
+        return True
+
     return False
<!-- gh-comment-id:3984071042 --> @Ithanil commented on GitHub (Mar 2, 2026): Potential quick fix to be tested: ``` diff --git a/backend/open_webui/tools/builtin.py b/backend/open_webui/tools/builtin.py index 051f33e81..da522a3db 100644 --- a/backend/open_webui/tools/builtin.py +++ b/backend/open_webui/tools/builtin.py @@ -1830,7 +1830,7 @@ async def query_knowledge_files( elif item_type == "file": # Individual file - use file-{id} as collection name file = Files.get_file_by_id(item_id) - if file and (user_role == "admin" or file.user_id == user_id): + if file: collection_names.append(f"file-{item_id}") elif item_type == "note": diff --git a/backend/open_webui/utils/access_control/files.py b/backend/open_webui/utils/access_control/files.py index 11c06f14a..5127ec9dd 100644 --- a/backend/open_webui/utils/access_control/files.py +++ b/backend/open_webui/utils/access_control/files.py @@ -7,11 +7,34 @@ from open_webui.models.knowledge import Knowledges from open_webui.models.channels import Channels from open_webui.models.chats import Chats from open_webui.models.groups import Groups +from open_webui.models.models import Models from open_webui.models.access_grants import AccessGrants log = logging.getLogger(__name__) +def _has_access_to_file_via_shared_model( + file, + access_type: str, + user: UserModel, + db: Optional[Any] = None, +) -> bool: + """ + Shared workspace models implicitly expose directly attached file items. + """ + for model in Models.get_models_by_user_id(user.id, permission=access_type, db=db): + knowledge_items = getattr(model.meta, "knowledge", None) or [] + + for item in knowledge_items: + if not isinstance(item, dict): + continue + + if item.get("type") == "file" and item.get("id") == file.id: + return True + + return False + + def has_access_to_file( file_id: Optional[str], access_type: str, @@ -21,6 +44,7 @@ def has_access_to_file( """ Check if a user has the specified access to a file through any of: - Knowledge bases (ownership or access grants) + - Shared workspace models that attach the file directly - Channels the user is a member of - Shared chats @@ -72,4 +96,12 @@ def has_access_to_file( if chats: return True + if _has_access_to_file_via_shared_model( + file=file, + access_type=access_type, + user=user, + db=db, + ): + return True + return False ```
GiteaMirror commented 2026-04-25 09:23:40 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Mar 2, 2026):

will take a look here

<!-- gh-comment-id:3985349996 --> @Classic298 commented on GitHub (Mar 2, 2026): will take a look here
GiteaMirror commented 2026-04-25 09:23:41 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Mar 2, 2026):

might be fixed by https://github.com/open-webui/open-webui/pull/22151

testing wanted

<!-- gh-comment-id:3985884345 --> @Classic298 commented on GitHub (Mar 2, 2026): might be fixed by https://github.com/open-webui/open-webui/pull/22151 testing wanted
GiteaMirror commented 2026-04-25 09:23:41 -05:00
Author
Owner
Copy Link

@Ithanil commented on GitHub (Mar 2, 2026):

might be fixed by #22151

testing wanted

hey! your model just copied my models code :-D

<!-- gh-comment-id:3985899192 --> @Ithanil commented on GitHub (Mar 2, 2026): > might be fixed by [#22151](https://github.com/open-webui/open-webui/pull/22151) > > testing wanted hey! your model just copied my models code :-D
GiteaMirror commented 2026-04-25 09:23:42 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Mar 2, 2026):

my model said your model's code is acceptable

<!-- gh-comment-id:3985918849 --> @Classic298 commented on GitHub (Mar 2, 2026): my model said your model's code is acceptable
GiteaMirror commented 2026-04-25 09:23:43 -05:00
Author
Owner
Copy Link

@Ithanil commented on GitHub (Mar 2, 2026):

my model said your model's code is acceptable

Haha, that's fair. Personally, I would say though that adding a function _has_access_to_file_via_shared_model violates the style of the surrounding code.

But logic-wise I think this is the correct fix. Will test tomorrow and report.

<!-- gh-comment-id:3985933532 --> @Ithanil commented on GitHub (Mar 2, 2026): > my model said your model's code is acceptable Haha, that's fair. Personally, I would say though that adding a function `_has_access_to_file_via_shared_model` violates the style of the surrounding code. But logic-wise I think this is the correct fix. Will test tomorrow and report.
GiteaMirror commented 2026-04-25 09:23:44 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Mar 2, 2026):

good feedback. made small changes

<!-- gh-comment-id:3985967484 --> @Classic298 commented on GitHub (Mar 2, 2026): good feedback. made small changes
GiteaMirror commented 2026-04-25 09:23:45 -05:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Mar 2, 2026):

PR merged

<!-- gh-comment-id:3987528212 --> @Classic298 commented on GitHub (Mar 2, 2026): PR merged
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#35166
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?