|
|
@@ -15,7 +15,7 @@ from starlette.responses import RedirectResponse
|
|
|
|
|
|
from open_webui.models.auths import Auths
|
|
|
from open_webui.models.users import Users
|
|
|
-from open_webui.models.groups import Groups, GroupModel, GroupUpdateForm
|
|
|
+from open_webui.models.groups import Groups, GroupModel, GroupUpdateForm, GroupForm
|
|
|
from open_webui.config import (
|
|
|
DEFAULT_USER_ROLE,
|
|
|
ENABLE_OAUTH_SIGNUP,
|
|
|
@@ -23,6 +23,7 @@ from open_webui.config import (
|
|
|
OAUTH_PROVIDERS,
|
|
|
ENABLE_OAUTH_ROLE_MANAGEMENT,
|
|
|
ENABLE_OAUTH_GROUP_MANAGEMENT,
|
|
|
+ ENABLE_OAUTH_GROUP_CREATION,
|
|
|
OAUTH_ROLES_CLAIM,
|
|
|
OAUTH_GROUPS_CLAIM,
|
|
|
OAUTH_EMAIL_CLAIM,
|
|
|
@@ -57,6 +58,7 @@ auth_manager_config.ENABLE_OAUTH_SIGNUP = ENABLE_OAUTH_SIGNUP
|
|
|
auth_manager_config.OAUTH_MERGE_ACCOUNTS_BY_EMAIL = OAUTH_MERGE_ACCOUNTS_BY_EMAIL
|
|
|
auth_manager_config.ENABLE_OAUTH_ROLE_MANAGEMENT = ENABLE_OAUTH_ROLE_MANAGEMENT
|
|
|
auth_manager_config.ENABLE_OAUTH_GROUP_MANAGEMENT = ENABLE_OAUTH_GROUP_MANAGEMENT
|
|
|
+auth_manager_config.ENABLE_OAUTH_GROUP_CREATION = ENABLE_OAUTH_GROUP_CREATION
|
|
|
auth_manager_config.OAUTH_ROLES_CLAIM = OAUTH_ROLES_CLAIM
|
|
|
auth_manager_config.OAUTH_GROUPS_CLAIM = OAUTH_GROUPS_CLAIM
|
|
|
auth_manager_config.OAUTH_EMAIL_CLAIM = OAUTH_EMAIL_CLAIM
|
|
|
@@ -152,6 +154,44 @@ class OAuthManager:
|
|
|
user_current_groups: list[GroupModel] = Groups.get_groups_by_member_id(user.id)
|
|
|
all_available_groups: list[GroupModel] = Groups.get_groups()
|
|
|
|
|
|
+ # Create groups if they don't exist and creation is enabled
|
|
|
+ if auth_manager_config.ENABLE_OAUTH_GROUP_CREATION:
|
|
|
+ log.debug("Checking for missing groups to create...")
|
|
|
+ all_group_names = {g.name for g in all_available_groups}
|
|
|
+ groups_created = False
|
|
|
+ # Determine creator ID: Prefer admin, fallback to current user if no admin exists
|
|
|
+ admin_user = Users.get_admin_user()
|
|
|
+ creator_id = admin_user.id if admin_user else user.id
|
|
|
+ log.debug(f"Using creator ID {creator_id} for potential group creation.")
|
|
|
+
|
|
|
+ for group_name in user_oauth_groups:
|
|
|
+ if group_name not in all_group_names:
|
|
|
+ log.info(f"Group '{group_name}' not found via OAuth claim. Creating group...")
|
|
|
+ try:
|
|
|
+ new_group_form = GroupForm(
|
|
|
+ name=group_name,
|
|
|
+ description=f"Group '{group_name}' created automatically via OAuth.",
|
|
|
+ permissions=default_permissions, # Use default permissions from function args
|
|
|
+ user_ids=[], # Start with no users, user will be added later by subsequent logic
|
|
|
+ )
|
|
|
+ # Use determined creator ID (admin or fallback to current user)
|
|
|
+ created_group = Groups.insert_new_group(creator_id, new_group_form)
|
|
|
+ if created_group:
|
|
|
+ log.info(f"Successfully created group '{group_name}' with ID {created_group.id} using creator ID {creator_id}")
|
|
|
+ groups_created = True
|
|
|
+ # Add to local set to prevent duplicate creation attempts in this run
|
|
|
+ all_group_names.add(group_name)
|
|
|
+ else:
|
|
|
+ log.error(f"Failed to create group '{group_name}' via OAuth.")
|
|
|
+ except Exception as e:
|
|
|
+ log.error(f"Error creating group '{group_name}' via OAuth: {e}")
|
|
|
+
|
|
|
+ # Refresh the list of all available groups if any were created
|
|
|
+ if groups_created:
|
|
|
+ all_available_groups = Groups.get_groups()
|
|
|
+ log.debug("Refreshed list of all available groups after creation.")
|
|
|
+
|
|
|
+
|
|
|
log.debug(f"Oauth Groups claim: {oauth_claim}")
|
|
|
log.debug(f"User oauth groups: {user_oauth_groups}")
|
|
|
log.debug(f"User's current groups: {[g.name for g in user_current_groups]}")
|
Tim Jaeryang Baek