[PR #23028] [CLOSED] fix: tool calls fail for non-admin users due to model access check #42611

New Issue

Closed

opened 2026-04-25 14:26:50 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-04-25 14:26:50 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/23028
Author: @yang1002378395-cmyk
Created: 3/25/2026
Status: ❌ Closed

Base: dev ← Head: fix-tool-call-permission-check

---

📝 Commits (10+)

• fe6783c Merge pull request #19030 from open-webui/dev
• fc05e0a Merge pull request #19405 from open-webui/dev
• e3faec6 Merge pull request #19416 from open-webui/dev
• 9899293 Merge pull request #19448 from open-webui/dev
• 140605e Merge pull request #19462 from open-webui/dev
• 6f1486f Merge pull request #19466 from open-webui/dev
• d95f533 Merge pull request #19729 from open-webui/dev
• a727153 0.6.43 (#20093)
• 6adde20 Merge pull request #20394 from open-webui/dev
• f9b0534 Merge pull request #20522 from open-webui/dev

📊 Changes

1 file changed (+3 additions, -1 deletions)

View changed files

📝 backend/open_webui/utils/middleware.py (+3 -1)

📄 Description

Fixes #22851

Problem

Non-admin users experience tool call failures:

• Tool calls execute successfully but subsequent generation fails
• Log shows task=None -> title_generation (missing follow-up call)
• Admin users work correctly: task=None -> task=None -> title_generation

Root Cause

generate_chat_completion() calls check_model_access() to verify model permissions. When non-admin users use tools:

1. Tool decision generation succeeds (uses task model)
2. Response generation fails because it calls generate_chat_completion() without bypass_filter=True
3. If user does not have explicit access to response model, permission check fails and generation is interrupted

Solution

Add bypass_filter=True to all generate_chat_completion() calls in middleware.py that are for tool decision/response generation.

Changes

• Line 1245: Tool decision generation - add bypass_filter=True
• Line 4553: Response generation (tool_calls) - add bypass_filter=True
• Line 4738: Response generation (native_function_calling) - add bypass_filter=True

Impact

Non-admin users can now successfully use tools and functions without needing explicit model access grants.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/23028 **Author:** [@yang1002378395-cmyk](https://github.com/yang1002378395-cmyk) **Created:** 3/25/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `fix-tool-call-permission-check` --- ### 📝 Commits (10+) - [`fe6783c`](https://github.com/open-webui/open-webui/commit/fe6783c16699911c7be17392596d579333fb110c) Merge pull request #19030 from open-webui/dev - [`fc05e0a`](https://github.com/open-webui/open-webui/commit/fc05e0a6c5d39da60b603b4d520f800d6e36f748) Merge pull request #19405 from open-webui/dev - [`e3faec6`](https://github.com/open-webui/open-webui/commit/e3faec62c58e3a83d89aa3df539feacefa125e0c) Merge pull request #19416 from open-webui/dev - [`9899293`](https://github.com/open-webui/open-webui/commit/9899293f050ad50ae12024cbebee7e018acd851e) Merge pull request #19448 from open-webui/dev - [`140605e`](https://github.com/open-webui/open-webui/commit/140605e660b8186a7d5c79fb3be6ffb147a2f498) Merge pull request #19462 from open-webui/dev - [`6f1486f`](https://github.com/open-webui/open-webui/commit/6f1486ffd0cb288d0e21f41845361924e0d742b3) Merge pull request #19466 from open-webui/dev - [`d95f533`](https://github.com/open-webui/open-webui/commit/d95f533214e3fe5beb5e41ec1f349940bc4c7043) Merge pull request #19729 from open-webui/dev - [`a727153`](https://github.com/open-webui/open-webui/commit/a7271532f8a38da46785afcaa7e65f9a45e7d753) 0.6.43 (#20093) - [`6adde20`](https://github.com/open-webui/open-webui/commit/6adde203cd292a9e3af9c64a2ae36b603fed096a) Merge pull request #20394 from open-webui/dev - [`f9b0534`](https://github.com/open-webui/open-webui/commit/f9b0534e0c442631d1cb7205169588b9b6204179) Merge pull request #20522 from open-webui/dev ### 📊 Changes **1 file changed** (+3 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/utils/middleware.py` (+3 -1) </details> ### 📄 Description Fixes #22851 ## Problem Non-admin users experience tool call failures: - Tool calls execute successfully but subsequent generation fails - Log shows task=None -> title_generation (missing follow-up call) - Admin users work correctly: task=None -> task=None -> title_generation ## Root Cause generate_chat_completion() calls check_model_access() to verify model permissions. When non-admin users use tools: 1. Tool decision generation succeeds (uses task model) 2. Response generation fails because it calls generate_chat_completion() without bypass_filter=True 3. If user does not have explicit access to response model, permission check fails and generation is interrupted ## Solution Add bypass_filter=True to all generate_chat_completion() calls in middleware.py that are for tool decision/response generation. ## Changes - Line 1245: Tool decision generation - add bypass_filter=True - Line 4553: Response generation (tool_calls) - add bypass_filter=True - Line 4738: Response generation (native_function_calling) - add bypass_filter=True ## Impact Non-admin users can now successfully use tools and functions without needing explicit model access grants. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2026-04-25 14:26:50 -05:00

GiteaMirror closed this issue 2026-04-25 14:26:50 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#42611