Skip to content

Keep role names from OIDC #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: upstream/v0.6.32
Choose a base branch
from
Open

Keep role names from OIDC #34

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion backend/open_webui/utils/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,7 +347,7 @@ def get_current_user_by_api_key(api_key: str):


def get_verified_user(user=Depends(get_current_user)):
if user.role not in {"user", "admin"}:
if user.role not in {"user", "admin", "builder", "local-admin"}:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
Expand Down
8 changes: 6 additions & 2 deletions backend/open_webui/utils/oauth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -843,8 +843,12 @@ def get_user_role(self, user, user_data):
for allowed_role in oauth_allowed_roles:
# If the user has any of the allowed roles, assign the role "user"
if allowed_role in oauth_roles:
log.debug("Assigned user the user role")
role = "user"
log.debug(f"Using first role from OAuth: {oauth_roles[0]}")
first_role = oauth_roles[0]
if first_role == "end-user":
role = "user"
else:
role = first_role
break
for admin_role in oauth_admin_roles:
# If the user has any of the admin roles, assign the role "admin"
Expand Down
8 changes: 5 additions & 3 deletions src/lib/components/admin/Users/UserList/EditUserModal.svelte
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,9 +135,11 @@
disabled={_user.id == sessionUser.id}
required
>
<option value="admin">{$i18n.t('Admin')}</option>
<option value="user">{$i18n.t('User')}</option>
<option value="pending">{$i18n.t('Pending')}</option>
<option value="admin">{$i18n.t('Admin')}</option>
<option value="user">{$i18n.t('User')}</option>
<option value="local-admin">{$i18n.t('Local admin')}</option>
<option value="builder">{$i18n.t('Builder')}</option>
<option value="pending">{$i18n.t('Pending')}</option>
</select>
</div>
</div>
Expand Down
2 changes: 1 addition & 1 deletion src/routes/(app)/+layout.svelte
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -290,7 +290,7 @@
<div
class=" text-gray-700 dark:text-gray-100 bg-white dark:bg-gray-900 h-screen max-h-[100dvh] overflow-auto flex flex-row justify-end"
>
{#if !['user', 'admin'].includes($user?.role)}
{#if ['pending'].includes($user?.role)}
<AccountPending />
{:else}
{#if localDBChats.length > 0}
Expand Down