[PR #13466] [CLOSED] feat: Add Playground Access Control - Permission Setting #38836

New Issue

GiteaMirror · 2026-04-25T11:39:42-05:00

GiteaMirror commented

2026-04-25 11:39:42 -05:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/13466
Author: @Classic298
Created: 5/3/2025
Status: ❌ Closed

Base: dev ← Head: dev

📄 Description

Pull Request Checklist

Before submitting, make sure you've checked the following:

Target branch: Please verify that the pull request targets the dev branch.
Description: Provide a concise description of the changes made in this pull request.
Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
Documentation: Have you updated relevant documentation Open WebUI Docs, or other documentation sources? (Note: Documentation for the new permission setting in the Admin Panel might be needed)
Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation? (No new dependencies added)
Testing: Have you written and run sufficient tests to validate the changes? (Manual testing steps outlined below)
Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
Prefix: To clearly categorize this pull request, prefix the pull request title using one of the following:
- feat: Introduces a new feature or enhancement to the codebase

feat: Add Playground Access Control

Description

Related issues / discussions:

This PR introduces a new permission setting, playground_access, under "Features Permissions" to control user access to the Playground feature (/playground). Administrators can now manage this access instance-wide via Default Permissions or on a per-group basis within the Admin Panel.

By default, Playground access is disabled (false) for non-admin users but can be enabled via these new settings. Administrators always retain access to the Playground regardless of the permission setting.

Changelog Entry

Added

New permission key playground_access to the features section of user permissions.
New environment variable USER_PERMISSIONS_FEATURES_PLAYGROUND_ACCESS to configure the default value for playground_access (defaults to False).
- Documentation for environment variable can be found here: https://github.com/open-webui/docs/pull/523
UI Switch for "Playground Access" in the Admin Panel under "Users -> Groups -> Edit/Default Permissions -> Features Permissions" (src/lib/components/admin/Users/Groups/Permissions.svelte).
Access control guard to the Playground layout (src/routes/(app)/playground/+layout.svelte) checking for admin role or playground_access permission.
New i18n key "Playground Access" added, with German translation provided.

Changed

The Playground link in the user menu (src/lib/components/layout/Sidebar/UserMenu.svelte) is now conditionally displayed based on admin role or playground_access permission.
Backend configuration (backend/open_webui/config.py) updated to include and process the USER_PERMISSIONS_FEATURES_PLAYGROUND_ACCESS variable and add playground_access to DEFAULT_USER_PERMISSIONS.
Backend default permissions endpoint (backend/open_webui/routers/users.py) updated via Pydantic model (FeaturesPermissions) to include playground_access.
Default permission structures within relevant frontend components (Permissions.svelte, EditGroupModal.svelte, Groups.svelte) updated to include playground_access.

Security

Added role-based and permission-based access control to the /playground routes.

Additional Information

Admin Access: Users with the admin role will always have access to the Playground, irrespective of the playground_access permission setting.
Testing: Manual testing verified:
1. Admins always see the link and can access /playground.
2. Default users without permission cannot see the link and are redirected from /playground to the homepage '/'.
3. Enabling the permission grants access to non-admin users.
4. Disabling the permission revokes access again.
Documentation: Environment Variable Documentation here: (https://github.com/open-webui/docs/pull/523)

Screenshots or Videos

Please excuse the poor video quality and the suboptimal presentation, but the video does showcase how it works and that it works:

https://github.com/user-attachments/assets/9b865f16-2beb-4442-ab9b-cfb7935181d0

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the CONTRIBUTOR_LICENSE_AGREEMENT, and I am providing my contributions under its terms.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/13466 **Author:** [@Classic298](https://github.com/Classic298) **Created:** 5/3/2025 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `dev` --- ### 📄 Description # Pull Request Checklist **Before submitting, make sure you've checked the following:** - [x] **Target branch:** Please verify that the pull request targets the `dev` branch. - [x] **Description:** Provide a concise description of the changes made in this pull request. - [x] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [X] **Documentation:** Have you updated relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs), or other documentation sources? *(Note: Documentation for the new permission setting in the Admin Panel might be needed)* - [x] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? *(No new dependencies added)* - [x] **Testing:** Have you written and run sufficient tests to validate the changes? *(Manual testing steps outlined below)* - [x] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? - [x] **Prefix:** To clearly categorize this pull request, prefix the pull request title using one of the following: - **feat**: Introduces a new feature or enhancement to the codebase --- # feat: Add Playground Access Control ## Description Related issues / discussions: - https://github.com/open-webui/open-webui/discussions/12936 - https://github.com/open-webui/open-webui/discussions/3572 - https://github.com/open-webui/open-webui/issues/4816 This PR introduces a new permission setting, `playground_access`, under "Features Permissions" to control user access to the Playground feature (`/playground`). Administrators can now manage this access instance-wide via Default Permissions or on a per-group basis within the Admin Panel. By default, Playground access is disabled (`false`) for non-admin users but can be enabled via these new settings. Administrators always retain access to the Playground regardless of the permission setting. --- # Changelog Entry ## Added - New permission key `playground_access` to the `features` section of user permissions. - New environment variable `USER_PERMISSIONS_FEATURES_PLAYGROUND_ACCESS` to configure the default value for `playground_access` (defaults to `False`). - Documentation for environment variable can be found here: https://github.com/open-webui/docs/pull/523 - UI Switch for "Playground Access" in the Admin Panel under "Users -> Groups -> Edit/Default Permissions -> Features Permissions" (`src/lib/components/admin/Users/Groups/Permissions.svelte`). - Access control guard to the Playground layout (`src/routes/(app)/playground/+layout.svelte`) checking for admin role or `playground_access` permission. - New i18n key `"Playground Access"` added, with German translation provided. ## Changed - The Playground link in the user menu (`src/lib/components/layout/Sidebar/UserMenu.svelte`) is now conditionally displayed based on admin role or `playground_access` permission. - Backend configuration (`backend/open_webui/config.py`) updated to include and process the `USER_PERMISSIONS_FEATURES_PLAYGROUND_ACCESS` variable and add `playground_access` to `DEFAULT_USER_PERMISSIONS`. - Backend default permissions endpoint (`backend/open_webui/routers/users.py`) updated via Pydantic model (`FeaturesPermissions`) to include `playground_access`. - Default permission structures within relevant frontend components (`Permissions.svelte`, `EditGroupModal.svelte`, `Groups.svelte`) updated to include `playground_access`. ## Security - Added role-based and permission-based access control to the `/playground` routes. --- ## Additional Information - **Admin Access:** Users with the `admin` role will *always* have access to the Playground, irrespective of the `playground_access` permission setting. - **Testing:** Manual testing verified: 1. Admins always see the link and can access `/playground`. 2. Default users without permission cannot see the link and are redirected from `/playground` to the homepage '/'. 3. Enabling the permission grants access to non-admin users. 4. Disabling the permission revokes access again. - **Documentation:** Environment Variable Documentation here: (https://github.com/open-webui/docs/pull/523) ## Screenshots or Videos Please excuse the poor video quality and the suboptimal presentation, but the video does showcase how it works and that it works: https://github.com/user-attachments/assets/9b865f16-2beb-4442-ab9b-cfb7935181d0 ## Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the [CONTRIBUTOR_LICENSE_AGREEMENT](CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-25 11:39:42 -05:00

GiteaMirror closed this issue

2026-04-25 11:39:43 -05:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#38836