github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 10:58:17 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #16498] [MERGED] fix: Chat model selector bypasses ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS privacy setting #39780

New Issue
Closed
opened 2026-04-25 12:13:53 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-25 12:13:53 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/16498
Author: @Classic298
Created: 8/11/2025
Status: Merged
Merged: 8/13/2025
Merged by: @tjbck

Base: devHead: fix_model_access

📝 Commits (5)

📊 Changes

2 files changed (+9 additions, -8 deletions)

View changed files

📝 backend/open_webui/main.py (+8 -7)
📝 backend/open_webui/routers/models.py (+1 -1)

📄 Description

Pull Request Checklist

Before submitting, make sure you've checked the following:

  • Target branch: Please verify that the pull request targets the dev branch.
  • Description: Provide a concise description of the changes made in this pull request.
  • Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
  • Documentation: Have you updated relevant documentation Open WebUI Docs, or other documentation sources?
  • Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?
  • Testing: Have you written and run sufficient tests to validate the changes?
  • Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
  • Prefix: To clearly categorize this pull request, prefix the pull request title using one of the following:

Changelog Entry

Description

Fixes a critical privacy bug where private models were still visible and usable in the chat model selector for administrators when ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS=false. This ensures complete and consistent enforcement of the admin workspace privacy control across all model types.

Added

  • Admin workspace access validation in the main model filtering logic
  • Consistent privacy enforcement for both custom and base models

Changed

  • Modified get_filtered_models() in main.py to respect admin workspace access settings when filtering models for chat interface
  • Updated get_model_by_id() in routers/models.py to check admin workspace access permissions for individual model access
  • Applied principle of least privilege consistently across all model types

Deprecated

  • None

Removed

  • None

Fixed

  • Critical Privacy Issue: Private models (both custom and base) no longer appear in chat model selector when admin workspace access is disabled
  • Access Control Bypass: Administrators can no longer access or use private models through the chat interface when workspace access is restricted
  • Inconsistent Behavior: Model visibility now uniformly consistent between workspace admin panel and chat interface

Security

  • Enhanced Data Separation: Prevents administrators from accessing private models unless explicitly granted access, improving multi-tenant security
  • Privacy Enforcement: Closes privacy bypass that allowed admin access to private content despite configured restrictions
  • Consistent Access Control: Admin workspace privacy setting now applies uniformly to all model types

Breaking Changes

  • None - maintains backward compatibility with default admin access enabled

Additional Information

Root Cause Analysis:
The issue was in the main model filtering function (get_filtered_models() in main.py) which was not checking the ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS setting when determining admin access to models. This caused private models to appear in the chat model selector even when admins should not have access.

Technical Details:

  • The workspace admin panel correctly respected the privacy setting by using filtered endpoints
  • However, the chat model selector used get_filtered_models() which gave admins blanket access regardless of the workspace privacy setting
  • The fix adds proper admin workspace access validation to ensure consistent privacy enforcement

Behavior:
When ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS=false:

  • Admin Panel: Admins can still manage ALL models (infrastructure management)
  • Chat Interface: Admins only see models they have explicit access to (content access follows privacy rules)
  • Consistency: This applies uniformly to both custom models and base models marked as private

Testing Performed:

  1. Created private custom model as regular user
  2. Verified admin cannot see model in workspace with ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS=false
  3. Confirmed model no longer appears in chat model selector for admin
  4. Verified individual model access is also blocked
  5. Tested that base models with proper access remain visible to admin
  6. Tested that private base models are correctly hidden from admin chat interface
  7. Verified that the custom model remains accessible to the user that created it
  8. Confirmed admin panel model management remains unaffected

Design Philosophy:
This implementation follows the principle of least privilege - when workspace privacy is disabled, admins follow the same access control rules as regular users for content consumption, while maintaining full infrastructure management capabilities in the admin panel.

Related Issues:

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/16498 **Author:** [@Classic298](https://github.com/Classic298) **Created:** 8/11/2025 **Status:** ✅ Merged **Merged:** 8/13/2025 **Merged by:** [@tjbck](https://github.com/tjbck) **Base:** `dev` ← **Head:** `fix_model_access` --- ### 📝 Commits (5) - [`d8c4dd6`](https://github.com/open-webui/open-webui/commit/d8c4dd6f79b39e105a084b79f4467cf74697730e) Fix admin model access (#17) - [`357b57e`](https://github.com/open-webui/open-webui/commit/357b57e1d609efcf14991e62cbbf6f71459e8225) Update models.py - [`f758bf7`](https://github.com/open-webui/open-webui/commit/f758bf74c2e308a6af7613a376e7cd28b6a3f558) Update main.py - [`df314fd`](https://github.com/open-webui/open-webui/commit/df314fda1d1d7768e4a0a48b571b303d84773626) Update main.py - [`8a745b9`](https://github.com/open-webui/open-webui/commit/8a745b9bbf5619df76d1d98bd2aae69296122f6c) Merge branch 'dev' into fix_model_access ### 📊 Changes **2 files changed** (+9 additions, -8 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/main.py` (+8 -7) 📝 `backend/open_webui/routers/models.py` (+1 -1) </details> ### 📄 Description # Pull Request Checklist **Before submitting, make sure you've checked the following:** - [x] **Target branch:** Please verify that the pull request targets the `dev` branch. - [x] **Description:** Provide a concise description of the changes made in this pull request. - [x] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [X] **Documentation:** Have you updated relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs), or other documentation sources? - [X] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? - [x] **Testing:** Have you written and run sufficient tests to validate the changes? - [x] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? - [x] **Prefix:** To clearly categorize this pull request, prefix the pull request title using one of the following: # Changelog Entry ### Description Fixes a critical privacy bug where private models were still visible and usable in the chat model selector for administrators when `ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS=false`. This ensures complete and consistent enforcement of the admin workspace privacy control across all model types. ### Added - Admin workspace access validation in the main model filtering logic - Consistent privacy enforcement for both custom and base models ### Changed - Modified `get_filtered_models()` in `main.py` to respect admin workspace access settings when filtering models for chat interface - Updated `get_model_by_id()` in `routers/models.py` to check admin workspace access permissions for individual model access - Applied principle of least privilege consistently across all model types ### Deprecated - None ### Removed - None ### Fixed - **Critical Privacy Issue**: Private models (both custom and base) no longer appear in chat model selector when admin workspace access is disabled - **Access Control Bypass**: Administrators can no longer access or use private models through the chat interface when workspace access is restricted - **Inconsistent Behavior**: Model visibility now uniformly consistent between workspace admin panel and chat interface ### Security - **Enhanced Data Separation**: Prevents administrators from accessing private models unless explicitly granted access, improving multi-tenant security - **Privacy Enforcement**: Closes privacy bypass that allowed admin access to private content despite configured restrictions - **Consistent Access Control**: Admin workspace privacy setting now applies uniformly to all model types ### Breaking Changes - None - maintains backward compatibility with default admin access enabled --- ### Additional Information **Root Cause Analysis:** The issue was in the main model filtering function (`get_filtered_models()` in `main.py`) which was not checking the `ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS` setting when determining admin access to models. This caused private models to appear in the chat model selector even when admins should not have access. **Technical Details:** - The workspace admin panel correctly respected the privacy setting by using filtered endpoints - However, the chat model selector used `get_filtered_models()` which gave admins blanket access regardless of the workspace privacy setting - The fix adds proper admin workspace access validation to ensure consistent privacy enforcement **Behavior:** When `ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS=false`: - **Admin Panel**: Admins can still manage ALL models (infrastructure management) - **Chat Interface**: Admins only see models they have explicit access to (content access follows privacy rules) - **Consistency**: This applies uniformly to both custom models and base models marked as private **Testing Performed:** 1. Created private custom model as regular user 2. Verified admin cannot see model in workspace with `ENABLE_ADMIN_WORKSPACE_CONTENT_ACCESS=false` 3. Confirmed model no longer appears in chat model selector for admin 4. Verified individual model access is also blocked 5. Tested that base models with proper access remain visible to admin 6. Tested that private base models are correctly hidden from admin chat interface 7. Verified that the custom model remains accessible to the user that created it 8. Confirmed admin panel model management remains unaffected **Design Philosophy:** This implementation follows the principle of least privilege - when workspace privacy is disabled, admins follow the same access control rules as regular users for content consumption, while maintaining full infrastructure management capabilities in the admin panel. **Related Issues:** - Addresses the follow-up issue mentioned in PR #15746 - Referenced in: https://github.com/open-webui/open-webui/pull/15746#issuecomment-3174007841 ### Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-25 12:13:53 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#39780
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?