|
|
@@ -19,6 +19,8 @@ from fastapi import (
|
|
|
from fastapi.responses import FileResponse, StreamingResponse
|
|
|
from open_webui.constants import ERROR_MESSAGES
|
|
|
from open_webui.env import SRC_LOG_LEVELS
|
|
|
+
|
|
|
+from open_webui.models.users import Users
|
|
|
from open_webui.models.files import (
|
|
|
FileForm,
|
|
|
FileModel,
|
|
|
@@ -449,6 +451,14 @@ async def get_html_file_content_by_id(id: str, user=Depends(get_verified_user)):
|
|
|
detail=ERROR_MESSAGES.NOT_FOUND,
|
|
|
)
|
|
|
|
|
|
+ file_user = Users.get_user_by_id(file.user_id)
|
|
|
+ if not file_user.role == "admin":
|
|
|
+ if not file_user:
|
|
|
+ raise HTTPException(
|
|
|
+ status_code=status.HTTP_404_NOT_FOUND,
|
|
|
+ detail=ERROR_MESSAGES.NOT_FOUND,
|
|
|
+ )
|
|
|
+
|
|
|
if (
|
|
|
file.user_id == user.id
|
|
|
or user.role == "admin"
|
Timothy Jaeryang Baek