github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-08 04:16:03 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #19461] issue: Models shared with write permission to group no longer visible in workspace #57556

New Issue
Closed
opened 2026-05-05 21:06:20 -05:00 by GiteaMirror · 3 comments
GiteaMirror commented 2026-05-05 21:06:20 -05:00
Owner
Copy Link

Originally created by @destination-one on GitHub (Nov 25, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/19461

Check Existing Issues

  • I have searched for any existing and/or related issues.
  • I have searched for any existing and/or related discussions.
  • I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
  • I am using the latest version of Open WebUI.

Installation Method

Git Clone

Open WebUI Version

v0.6.38

Ollama Version (if applicable)

No response

Operating System

Ubuntu 24.04

Browser (if applicable)

No response

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided every relevant configuration, setting, and environment variable used in my setup.
  • I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
  • I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
  • Start with the initial platform/version/OS and dependencies used,
  • Specify exact install/launch/configure commands,
  • List URLs visited, user input (incl. example values/emails/passwords if needed),
  • Describe all options and toggles enabled or changed,
  • Include any files or environmental changes,
  • Identify the expected and actual result at each stage,
  • Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

When a model has visibility=private, and assigned to a group with write permission, it should appear in the workspace of other users in that group (and /api/v1/models/list)

Actual Behavior

Shared model is not listed

Steps to Reproduce

  • have 2 users (at least one non-admin user that adheres to access control)
  • have a user group the users are in
  • user 1 creates a model, sets visibility private, assigns it to the group with write permission
  • user 2 can use it for chats, but...
  • user 2 does not see it in workspace for editing :(

Logs & Screenshots

no logged errors

Additional Information

I believe the cause is b2034861ae
the new function search_models just filters by the userid of the owner of the model

query = query.filter(Model.user_id == filter.get("user_id"))

and fails to replicate what get_models_by_user_id did in previous version with

or has_access(user_id, permission, model.access_control, user_group_ids)
Originally created by @destination-one on GitHub (Nov 25, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/19461 ### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!). - [x] I am using the latest version of Open WebUI. ### Installation Method Git Clone ### Open WebUI Version v0.6.38 ### Ollama Version (if applicable) _No response_ ### Operating System Ubuntu 24.04 ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior When a model has visibility=private, and assigned to a group with write permission, it should appear in the workspace of other users in that group (and /api/v1/models/list) ### Actual Behavior Shared model is not listed ### Steps to Reproduce - have 2 users (at least one non-admin user that adheres to access control) - have a user group the users are in - user 1 creates a model, sets visibility private, assigns it to the group with write permission - user 2 can use it for chats, but... - user 2 does not see it in workspace for editing :( ### Logs & Screenshots no logged errors ### Additional Information I believe the cause is https://github.com/open-webui/open-webui/commit/b2034861aec51680c809b56920bb0029df872d06 the new function search_models just filters by the userid of the owner of the model ```python query = query.filter(Model.user_id == filter.get("user_id")) ``` and fails to replicate what get_models_by_user_id did in previous version with ```python or has_access(user_id, permission, model.access_control, user_group_ids) ```
GiteaMirror added the bug label 2026-05-05 21:06:20 -05:00
GiteaMirror commented 2026-05-05 21:06:25 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Nov 25, 2025):

Should be addressed with 69722ba973 in dev, testing wanted here.

.41 will most likely be released tomorrow.

<!-- gh-comment-id:3575202453 --> @tjbck commented on GitHub (Nov 25, 2025): Should be addressed with 69722ba973768a5f689f2e2351bf583a8db9bba8 in dev, testing wanted here. .41 will most likely be released tomorrow.
GiteaMirror commented 2026-05-05 21:06:26 -05:00
Author
Owner
Copy Link

@destination-one commented on GitHub (Nov 25, 2025):

thanks, Cherry-picked and works so far.

Note: Would not call a access_control LIKE '%"write"%"group_ids"%"{gid}"%' the cleanest.
Luckily among our models all access_control JSON values follow the order "read": ... "write": and not the reverse, which would be bad if it happened.

As far as I know sqlite has json functions, but I don't know how to use such with sqlalchemy, and obviously may be database backend specific (may be different for postgresql)

(or a model-to-group-permissions table just to mention the "proper SQL way")

<!-- gh-comment-id:3575393972 --> @destination-one commented on GitHub (Nov 25, 2025): thanks, Cherry-picked and works so far. Note: Would not call a access_control LIKE '%"write"%"group_ids"%"{gid}"%' the cleanest. Luckily among our models all access_control JSON values follow the order "read": ... "write": and not the reverse, which would be bad if it happened. As far as I know sqlite has json functions, but I don't know how to use such with sqlalchemy, and obviously may be database backend specific (may be different for postgresql) (or a model-to-group-permissions table just to mention the "proper SQL way")
GiteaMirror commented 2026-05-05 21:06:26 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Nov 25, 2025):

It'll get the job done but definitely not the best solution, open to other PRs here.

<!-- gh-comment-id:3575407391 --> @tjbck commented on GitHub (Nov 25, 2025): It'll get the job done but definitely not the best solution, open to other PRs here.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#57556
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?