feat: add read permission checks for system management and sharing components

--bug=1062363 --user=刘瑞斌【应用】简单应用进入编辑页面会弹工具无权限的提示 https://www.tapd.cn/62980211/s/1781286
2025-12-26 01:33:05 +00:00 · 2025-09-29 17:04:38 +08:00 · 2025-09-29 17:04:38 +08:00 · 1dcca7fcc7
parent 124d0ae288
commit 1dcca7fcc7
4 changed files with 44 additions and 15 deletions
--- a/ui/src/permission/tool/system-manage.ts
+++ b/ui/src/permission/tool/system-manage.ts
@ -3,6 +3,14 @@ import {ComplexPermission} from '@/utils/permission/type'
 import {EditionConst, PermissionConst, RoleConst} from '@/utils/permission/data'

 const systemManage = {
+  read: () =>
+    hasPermission(
+      [
+        RoleConst.ADMIN,
+        PermissionConst.RESOURCE_TOOL_READ,
+      ],
+      'OR',
+    ),
  is_share: () =>
    hasPermission(
      new ComplexPermission(
@ -57,7 +65,7 @@ const systemManage = {
      'OR',
    ),

-  auth: () => 
+  auth: () =>
    hasPermission(
      [
        RoleConst.ADMIN,
--- a/ui/src/permission/tool/system-share.ts
+++ b/ui/src/permission/tool/system-share.ts
@ -2,6 +2,14 @@ import { hasPermission } from '@/utils/permission/index'
 import { ComplexPermission } from '@/utils/permission/type'
 import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
 const share = {
+  read: () =>
+    hasPermission(
+     [
+       RoleConst.ADMIN,
+       PermissionConst.SHARED_TOOL_READ,
+     ],
+     'OR',
+    ),
  is_share: () => false,
  create: () =>
    hasPermission(
@ -67,8 +75,8 @@ const share = {
      ],
      'OR',
    ),
-    
-  auth: () => false,  
+
+  auth: () => false,
  folderCreate: () => false,
  folderEdit: () => false,
  folderDelete: () => false,
--- a/ui/src/permission/tool/workspace.ts
+++ b/ui/src/permission/tool/workspace.ts
@ -2,6 +2,11 @@ import { hasPermission } from '@/utils/permission/index'
 import { ComplexPermission } from '@/utils/permission/type'
 import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
 const workspace = {
+  read: () =>
+    hasPermission(
+      [PermissionConst.TOOL_READ.getWorkspacePermission, PermissionConst.TOOL_READ.getWorkspacePermissionWorkspaceManageRole],
+      'OR'
+    ),
  is_share: () =>
    hasPermission(
      new ComplexPermission(
@ -29,7 +34,7 @@ const workspace = {
        PermissionConst.TOOL_IMPORT.getWorkspacePermissionWorkspaceManageRole
      ],
      'OR'
-    ),  
+    ),
  folderCreate: () =>
    hasPermission(
      [
@ -109,7 +114,7 @@ const workspace = {
        PermissionConst.TOOL_EXPORT.getWorkspacePermissionWorkspaceManageRole
      ],
      'OR'
-    ), 
+    ),
  auth: (source_id:string) =>
    hasPermission(
      [
@ -119,18 +124,18 @@ const workspace = {
        PermissionConst.TOOL_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole
      ],
      'OR'
-    ), 
+    ),
  debug: () =>
    hasPermission(
-      [ 
-        RoleConst.USER.getWorkspaceRole,  
+      [
+        RoleConst.USER.getWorkspaceRole,
        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
        PermissionConst.TOOL_EDIT.getWorkspacePermission,
        PermissionConst.TOOL_EDIT.getWorkspacePermissionWorkspaceManageRole
      ],
      'OR'
-    ), 
-     
+    ),
+
 }

 export default workspace
--- a/ui/src/views/application/ApplicationSetting.vue
+++ b/ui/src/views/application/ApplicationSetting.vue
@ -304,7 +304,7 @@
                  />
                </el-form-item>
                <!-- MCP-->
-                <el-form-item @click.prevent>
+                <el-form-item @click.prevent v-if="toolPermissionPrecise.read()">
                  <template #label>
                    <div class="flex-between">
                      <span>MCP</span>
@ -326,8 +326,10 @@
                <div
                  class="w-full mb-16"
                  v-if="
+                  (
                    (applicationForm.mcp_tool_ids && applicationForm.mcp_tool_ids.length > 0) ||
                    (applicationForm.mcp_servers && applicationForm.mcp_servers.length > 0)
+                  ) && toolPermissionPrecise.read()
                  "
                >
                  <template v-for="(item, index) in applicationForm.mcp_tool_ids" :key="index">
@ -368,7 +370,7 @@
                  </template>
                </div>
                <!-- 工具       -->
-                <el-form-item @click.prevent>
+                <el-form-item @click.prevent v-if="toolPermissionPrecise.read()">
                  <template #label>
                    <div class="flex-between">
                      <span class="mr-4">
@ -395,7 +397,7 @@
                </el-form-item>
                <div
                  class="w-full mb-16"
-                  v-if="applicationForm.tool_ids && applicationForm.tool_ids.length > 0"
+                  v-if="applicationForm.tool_ids && applicationForm.tool_ids.length > 0 && toolPermissionPrecise.read()"
                >
                  <template v-for="(item, index) in applicationForm.tool_ids" :key="index">
                    <div
@ -673,6 +675,10 @@ const permissionPrecise = computed(() => {
  return permissionMap['application'][apiType.value]
 })

+const toolPermissionPrecise = computed(() => {
+  return permissionMap['tool'][apiType.value]
+})
+
 const defaultPrompt = t('views.application.form.prompt.defaultPrompt', {
  data: '{data}',
  question: '{question}',
@ -1109,8 +1115,10 @@ onMounted(() => {
  getDetail()
  getSTTModel()
  getTTSModel()
-  getToolSelectOptions()
-  getMcpToolSelectOptions()
+  if (toolPermissionPrecise.value.read()) {
+    getToolSelectOptions();
+    getMcpToolSelectOptions()
+  }
 })
 </script>
 <style lang="scss" scoped>