Startsida Utforska Hjälp
Registrera dig Logga in
lqb
/
open-webui
spegling av https://github.com/open-webui/open-webui.git
1
0
Fork 0
Filer Ärenden 0 Wiki
Bläddra i källkod

refac/fix: channel messages

Timothy Jaeryang Baek 2 månader sedan
förälder
ed20f2ea5f
incheckning
24805ca79e
1 ändrade filer med 18 tillägg och 14 borttagningar
Delad Vy Visa Diff Statistik
  1. 18 14
      backend/open_webui/routers/channels.py

+ 18 - 14
backend/open_webui/routers/channels.py
Visa fil 

@@ -434,13 +434,6 @@ async def update_message_by_id(
 
             status_code=status.HTTP_404_NOT_FOUND, detail=ERROR_MESSAGES.NOT_FOUND
 
         )
 
 
-    if user.role != "admin" and not has_access(
 
-        user.id, type="read", access_control=channel.access_control
 
-    ):
 
-        raise HTTPException(
 
-            status_code=status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.DEFAULT()
 
-        )
 
-
 
     message = Messages.get_message_by_id(message_id)
 
     if not message:
 
         raise HTTPException(
 
@@ -452,6 +445,15 @@ async def update_message_by_id(
 
             status_code=status.HTTP_400_BAD_REQUEST, detail=ERROR_MESSAGES.DEFAULT()
 
         )
 
 
+    if (
 
+        user.role != "admin"
 
+        and message.user_id != user.id
 
+        and not has_access(user.id, type="read", access_control=channel.access_control)
 
+    ):
 
+        raise HTTPException(
 
+            status_code=status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.DEFAULT()
 
+        )
 
+
 
     try:
 
         message = Messages.update_message_by_id(message_id, form_data)
 
         message = Messages.get_message_by_id(message_id)
 
@@ -641,13 +643,6 @@ async def delete_message_by_id(
 
             status_code=status.HTTP_404_NOT_FOUND, detail=ERROR_MESSAGES.NOT_FOUND
 
         )
 
 
-    if user.role != "admin" and not has_access(
 
-        user.id, type="read", access_control=channel.access_control
 
-    ):
 
-        raise HTTPException(
 
-            status_code=status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.DEFAULT()
 
-        )
 
-
 
     message = Messages.get_message_by_id(message_id)
 
     if not message:
 
         raise HTTPException(
 
@@ -659,6 +654,15 @@ async def delete_message_by_id(
 
             status_code=status.HTTP_400_BAD_REQUEST, detail=ERROR_MESSAGES.DEFAULT()
 
         )
 
 
+    if (
 
+        user.role != "admin"
 
+        and message.user_id != user.id
 
+        and not has_access(user.id, type="read", access_control=channel.access_control)
 
+    ):
 
+        raise HTTPException(
 
+            status_code=status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.DEFAULT()
 
+        )
 
+
 
     try:
 
         Messages.delete_message_by_id(message_id)
 
         await sio.emit(