github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 10:58:17 -05:00
Code Issues 1.2k Packages Projects Releases 126 Wiki Activity

[PR #23719] [CLOSED] fix: add missing db parameter to filter_allowed_access_grants in update_note_access_by_id #50380

New Issue
Closed
opened 2026-04-30 03:04:45 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-30 03:04:45 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/23719
Author: @Ricardo-M-L
Created: 4/14/2026
Status: Closed

Base: devHead: fix/notes-missing-db-param

📝 Commits (10+)

📊 Changes

1 file changed (+1 additions, -0 deletions)

View changed files

📝 backend/open_webui/routers/notes.py (+1 -0)

📄 Description

Description

In update_note_access_by_id() (notes.py:345), the call to filter_allowed_access_grants() is missing the db=db parameter. The identical call in update_note_by_id() at line 281 correctly passes db=db.

filter_allowed_access_grants() accepts db: Session | None = None and uses it for group-based access grant validation. Without it, the function falls back to None, which may cause incorrect access control behavior when filtering grants.

Changelog

  • Fixed: Missing db parameter in filter_allowed_access_grants() call within update_note_access_by_id(), matching the pattern used in update_note_by_id().

Breaking Changes

  • None

Additional Information

  • One-line fix: add db=db, to the function call at line 345 in backend/open_webui/routers/notes.py

Contributor License Agreement

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/23719 **Author:** [@Ricardo-M-L](https://github.com/Ricardo-M-L) **Created:** 4/14/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `fix/notes-missing-db-param` --- ### 📝 Commits (10+) - [`fe6783c`](https://github.com/open-webui/open-webui/commit/fe6783c16699911c7be17392596d579333fb110c) Merge pull request #19030 from open-webui/dev - [`fc05e0a`](https://github.com/open-webui/open-webui/commit/fc05e0a6c5d39da60b603b4d520f800d6e36f748) Merge pull request #19405 from open-webui/dev - [`e3faec6`](https://github.com/open-webui/open-webui/commit/e3faec62c58e3a83d89aa3df539feacefa125e0c) Merge pull request #19416 from open-webui/dev - [`9899293`](https://github.com/open-webui/open-webui/commit/9899293f050ad50ae12024cbebee7e018acd851e) Merge pull request #19448 from open-webui/dev - [`140605e`](https://github.com/open-webui/open-webui/commit/140605e660b8186a7d5c79fb3be6ffb147a2f498) Merge pull request #19462 from open-webui/dev - [`6f1486f`](https://github.com/open-webui/open-webui/commit/6f1486ffd0cb288d0e21f41845361924e0d742b3) Merge pull request #19466 from open-webui/dev - [`d95f533`](https://github.com/open-webui/open-webui/commit/d95f533214e3fe5beb5e41ec1f349940bc4c7043) Merge pull request #19729 from open-webui/dev - [`a727153`](https://github.com/open-webui/open-webui/commit/a7271532f8a38da46785afcaa7e65f9a45e7d753) 0.6.43 (#20093) - [`6adde20`](https://github.com/open-webui/open-webui/commit/6adde203cd292a9e3af9c64a2ae36b603fed096a) Merge pull request #20394 from open-webui/dev - [`f9b0534`](https://github.com/open-webui/open-webui/commit/f9b0534e0c442631d1cb7205169588b9b6204179) Merge pull request #20522 from open-webui/dev ### 📊 Changes **1 file changed** (+1 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/routers/notes.py` (+1 -0) </details> ### 📄 Description ## Description In `update_note_access_by_id()` (notes.py:345), the call to `filter_allowed_access_grants()` is missing the `db=db` parameter. The identical call in `update_note_by_id()` at line 281 correctly passes `db=db`. `filter_allowed_access_grants()` accepts `db: Session | None = None` and uses it for group-based access grant validation. Without it, the function falls back to `None`, which may cause incorrect access control behavior when filtering grants. ### Changelog - **Fixed**: Missing `db` parameter in `filter_allowed_access_grants()` call within `update_note_access_by_id()`, matching the pattern used in `update_note_by_id()`. ### Breaking Changes - None ### Additional Information - One-line fix: add `db=db,` to the function call at line 345 in `backend/open_webui/routers/notes.py` ### Contributor License Agreement - [x] By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-30 03:04:45 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#50380
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?