github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-08 21:09:41 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #23647] [CLOSED] fix: enforce per-model access on chained base models #50347

New Issue
Closed
opened 2026-04-30 03:01:33 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-30 03:01:33 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/23647
Author: @Classic298
Created: 4/12/2026
Status: Closed

Base: devHead: fix/base-model-access-chain-bypass

📝 Commits (5)

  • ad6ea36 fix: enforce per-model access on chained base models
  • 980dd21 fix: preserve HTTPException status in import_models and honor bypass flags in functions.py
  • e874469 fix: thread bypass flag into ollama.py secondary base-model checks
  • 7a0fd37 fix: enforce base-model grants for admins and preserve 403 at dispatch
  • 402881b fix: fold admin bypass into runtime base-model checks in openai/ollama

📊 Changes

6 files changed (+187 additions, -5 deletions)

View changed files

📝 backend/open_webui/functions.py (+9 -1)
📝 backend/open_webui/main.py (+22 -1)
📝 backend/open_webui/routers/models.py (+47 -1)
📝 backend/open_webui/routers/ollama.py (+37 -1)
📝 backend/open_webui/routers/openai.py (+17 -1)
📝 backend/open_webui/utils/access_control/__init__.py (+55 -0)

📄 Description

When a custom model declares base_model_id, the access check on the user-facing wrapper did not extend to the base it forwards to. A caller with read access to the wrapper (ownership or grant) could reach an upstream model they were not authorized for.

Add a helper that re-runs the model access check against the resolved base, and wire it in at two layers: upfront when persisting a chain (create/import/update) so callers cannot plant bases they cannot read, and at dispatch time in every chat completion router path so access revocations after chain creation are still honored.

Contributor License Agreement

Note

Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/23647 **Author:** [@Classic298](https://github.com/Classic298) **Created:** 4/12/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `fix/base-model-access-chain-bypass` --- ### 📝 Commits (5) - [`ad6ea36`](https://github.com/open-webui/open-webui/commit/ad6ea3622e985f4dc867a591c4cc394c8a92d0e7) fix: enforce per-model access on chained base models - [`980dd21`](https://github.com/open-webui/open-webui/commit/980dd2141f535990749f9405d7fdcefe0bb5a7c9) fix: preserve HTTPException status in import_models and honor bypass flags in functions.py - [`e874469`](https://github.com/open-webui/open-webui/commit/e874469d0ffef6513fd5cd5fc9c63f910fe9a020) fix: thread bypass flag into ollama.py secondary base-model checks - [`7a0fd37`](https://github.com/open-webui/open-webui/commit/7a0fd37a6631f6e7fe9928a0053f571fb97186ca) fix: enforce base-model grants for admins and preserve 403 at dispatch - [`402881b`](https://github.com/open-webui/open-webui/commit/402881b621729630c13afe7f680dc4e51006ca1d) fix: fold admin bypass into runtime base-model checks in openai/ollama ### 📊 Changes **6 files changed** (+187 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/functions.py` (+9 -1) 📝 `backend/open_webui/main.py` (+22 -1) 📝 `backend/open_webui/routers/models.py` (+47 -1) 📝 `backend/open_webui/routers/ollama.py` (+37 -1) 📝 `backend/open_webui/routers/openai.py` (+17 -1) 📝 `backend/open_webui/utils/access_control/__init__.py` (+55 -0) </details> ### 📄 Description When a custom model declares base_model_id, the access check on the user-facing wrapper did not extend to the base it forwards to. A caller with read access to the wrapper (ownership or grant) could reach an upstream model they were not authorized for. Add a helper that re-runs the model access check against the resolved base, and wire it in at two layers: upfront when persisting a chain (create/import/update) so callers cannot plant bases they cannot read, and at dispatch time in every chat completion router path so access revocations after chain creation are still honored. ### Contributor License Agreement <!-- 🚨 DO NOT DELETE THE TEXT BELOW 🚨 Keep the "Contributor License Agreement" confirmation text intact. Deleting it will trigger the CLA-Bot to INVALIDATE your PR. Your PR will NOT be reviewed or merged until you check the box below confirming that you have read and agree to the terms of the CLA. --> - [x] By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. > [!NOTE] > Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-30 03:01:33 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#50347
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?