mirror of
https://github.com/open-webui/open-webui.git
synced 2026-06-14 03:30:25 +00:00
Classic298
d169f086da
has_access_to_file granted access whenever the file was attached to a shared chat the user could read, ignoring the requested access_type. A read-only shared-chat recipient therefore satisfied write and delete checks and could delete or mutate the chat owner's attached file. Gate the shared-chat branch on read access, matching the channels branch directly above it. Co-authored-by: oxsignal <oxsignal@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>