root
/
open-webui
mirror of https://github.com/open-webui/open-webui.git
1
0
Fork 0
Code Issues Actions 4 Packages Projects Releases Wiki Activity

enh: validate user id before saving group

This commit is contained in:
Timothy Jaeryang Baek 2025-01-20 23:09:55 -08:00
parent 31ed1fcdb8
commit aa442f694b
3 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
backend/open_webui/models/groups.py
View File

@ -85,7 +85,6 @@ class GroupForm(BaseModel):
class GroupUpdateForm(GroupForm): class GroupUpdateForm(GroupForm):
user_ids: Optional[list[str]] = None user_ids: Optional[list[str]] = None
admin_ids: Optional[list[str]] = None
class GroupTable: class GroupTable:

5
backend/open_webui/models/users.py
View File

@ -300,5 +300,10 @@ class UsersTable:
except Exception: except Exception:
return None return None
def get_valid_user_ids(self, user_ids: list[str]) -> list[str]:
with get_db() as db:
users = db.query(User).filter(User.id.in_(user_ids)).all()
return [user.id for user in users]
Users = UsersTable() Users = UsersTable()

5
backend/open_webui/routers/groups.py
View File

@ -2,6 +2,8 @@ import os
from pathlib import Path from pathlib import Path
from typing import Optional from typing import Optional
from open_webui.models.users import Users
from open_webui.models.groups import ( from open_webui.models.groups import (
Groups, Groups,
GroupForm, GroupForm,
@ -80,6 +82,9 @@ async def update_group_by_id(
id: str, form_data: GroupUpdateForm, user=Depends(get_admin_user) id: str, form_data: GroupUpdateForm, user=Depends(get_admin_user)
): ):
try: try:
if form_data.user_ids:
form_data.user_ids = Users.get_valid_user_ids(form_data.user_ids)
group = Groups.update_group_by_id(id, form_data) group = Groups.update_group_by_id(id, form_data)
if group: if group:
return group return group