[PR #23481] [MERGED] fix: enforce model access control on /responses endpoint #50262

Closed
opened 2026-04-30 02:53:52 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/23481
Author: @Classic298
Created: 4/7/2026
Status: Merged
Merged: 4/12/2026
Merged by: @tjbck

Base: devHead: fix/responses-endpoint-access-control


📝 Commits (1)

  • f50b5e4 fix: enforce model access control on /responses endpoint

📊 Changes

3 files changed (+64 additions, -113 deletions)

View changed files

📝 backend/open_webui/routers/ollama.py (+10 -89)
📝 backend/open_webui/routers/openai.py (+10 -24)
📝 backend/open_webui/utils/access_control/__init__.py (+44 -0)

📄 Description

The /responses proxy endpoint only required authentication via get_verified_user but did not check per-model access grants. This allowed any authenticated user to access any model through this endpoint, bypassing the access control system that generate_chat_completion enforces.

Apply the same access control pattern: check model ownership and AccessGrants for regular users, deny non-admin users when no model_info exists, and respect BYPASS_MODEL_ACCESS_CONTROL.

Contributor License Agreement

Note

Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/23481 **Author:** [@Classic298](https://github.com/Classic298) **Created:** 4/7/2026 **Status:** ✅ Merged **Merged:** 4/12/2026 **Merged by:** [@tjbck](https://github.com/tjbck) **Base:** `dev` ← **Head:** `fix/responses-endpoint-access-control` --- ### 📝 Commits (1) - [`f50b5e4`](https://github.com/open-webui/open-webui/commit/f50b5e479cf56535ea61bfe65aff8a728807b1a0) fix: enforce model access control on /responses endpoint ### 📊 Changes **3 files changed** (+64 additions, -113 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/routers/ollama.py` (+10 -89) 📝 `backend/open_webui/routers/openai.py` (+10 -24) 📝 `backend/open_webui/utils/access_control/__init__.py` (+44 -0) </details> ### 📄 Description The /responses proxy endpoint only required authentication via get_verified_user but did not check per-model access grants. This allowed any authenticated user to access any model through this endpoint, bypassing the access control system that generate_chat_completion enforces. Apply the same access control pattern: check model ownership and AccessGrants for regular users, deny non-admin users when no model_info exists, and respect BYPASS_MODEL_ACCESS_CONTROL. ### Contributor License Agreement <!-- 🚨 DO NOT DELETE THE TEXT BELOW 🚨 Keep the "Contributor License Agreement" confirmation text intact. Deleting it will trigger the CLA-Bot to INVALIDATE your PR. Your PR will NOT be reviewed or merged until you check the box below confirming that you have read and agree to the terms of the CLA. --> - [X] By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. > [!NOTE] > Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-30 02:53:52 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#50262