From 31d71d137a6d19986b05cd9ea56fe3481f7cf6fe Mon Sep 17 00:00:00 2001
From: zhangzhanwei <zhanwei.zhang@fit2cloud.com>
Date: Mon, 18 Aug 2025 18:13:40 +0800
Subject: [PATCH] feat: Front end permissions for resource authorization

---
 .../permission/application/system-manage.ts   |   1 +
 ui/src/permission/application/workspace.ts    |  10 +
 ui/src/permission/knowledge/system-manage.ts  |   1 +
 ui/src/permission/knowledge/system-share.ts   |   1 +
 .../permission/knowledge/workspace-share.ts   |   1 +
 ui/src/permission/knowledge/workspace.ts      |  10 +
 ui/src/permission/model/system-manage.ts      |   1 +
 ui/src/permission/model/system-share.ts       |   1 +
 ui/src/permission/model/workspace.ts          |  10 +
 ui/src/permission/tool/system-manage.ts       |   1 +
 ui/src/permission/tool/system-share.ts        |   1 +
 ui/src/permission/tool/workspace.ts           |  10 +
 ui/src/utils/permission/data.ts               |  13 ++
 ui/src/views/application/index.vue            | 199 +++++-------------
 .../component/KnowledgeListContainer.vue      |   2 +-
 ui/src/views/model/component/ModelCard.vue    |   2 +-
 .../tool/component/ToolListContainer.vue      |   2 +-
 17 files changed, 118 insertions(+), 148 deletions(-)

diff --git a/ui/src/permission/application/system-manage.ts b/ui/src/permission/application/system-manage.ts
index dfacb96b8..2369ea7e7 100644
--- a/ui/src/permission/application/system-manage.ts
+++ b/ui/src/permission/application/system-manage.ts
@@ -38,6 +38,7 @@ const systemManage = {
             'OR'
     ),
     folderDelete: () => false,
+    auth: () => false,
     overview_embed: () =>
         hasPermission(
             [
diff --git a/ui/src/permission/application/workspace.ts b/ui/src/permission/application/workspace.ts
index 396ef53f9..59d913d1a 100644
--- a/ui/src/permission/application/workspace.ts
+++ b/ui/src/permission/application/workspace.ts
@@ -43,6 +43,16 @@ const workspace = {
             ],
             'OR'
     ),
+    auth: (source_id:string) => 
+        hasPermission(
+            [
+              new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(source_id)],[],'AND'),
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
+              PermissionConst.APPLICATION_RESOURCE_AUTHORIZATION.getApplicationWorkspaceResourcePermission(source_id)  
+            ],
+            'OR'
+    ),
     folderEdit: () => 
         hasPermission(
             [
diff --git a/ui/src/permission/knowledge/system-manage.ts b/ui/src/permission/knowledge/system-manage.ts
index 8f3662a66..6f88abe38 100644
--- a/ui/src/permission/knowledge/system-manage.ts
+++ b/ui/src/permission/knowledge/system-manage.ts
@@ -151,6 +151,7 @@ const systemManage = {
     ],'OR'
     ),
   
+  auth: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
   folderDelete: () => false,
diff --git a/ui/src/permission/knowledge/system-share.ts b/ui/src/permission/knowledge/system-share.ts
index cc5fa6a8a..655be62b3 100644
--- a/ui/src/permission/knowledge/system-share.ts
+++ b/ui/src/permission/knowledge/system-share.ts
@@ -182,6 +182,7 @@ const share = {
       ],
       'OR'
     ),
+  auth: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
   folderDelete: () => false,
diff --git a/ui/src/permission/knowledge/workspace-share.ts b/ui/src/permission/knowledge/workspace-share.ts
index 8747d8a00..a7dc28dcf 100644
--- a/ui/src/permission/knowledge/workspace-share.ts
+++ b/ui/src/permission/knowledge/workspace-share.ts
@@ -10,6 +10,7 @@ const workspaceShare = {
   edit: () => false,
   export: () => false,
   delete: () => false,
+  auth: () => false,
 
   doc_read: () => false,  
   doc_create: () => false,
diff --git a/ui/src/permission/knowledge/workspace.ts b/ui/src/permission/knowledge/workspace.ts
index b4e9d0030..5c42f8970 100644
--- a/ui/src/permission/knowledge/workspace.ts
+++ b/ui/src/permission/knowledge/workspace.ts
@@ -70,6 +70,16 @@ const workspace = {
       ],
       'OR',
     ),
+  auth: (source_id:string) =>
+    hasPermission(
+      [
+        new ComplexPermission([RoleConst.USER],[PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(source_id)],[],'AND'),
+        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+        PermissionConst.KNOWLEDGE_RESOURCE_AUTHORIZATION.getKnowledgeWorkspaceResourcePermission(source_id),
+        PermissionConst.KNOWLEDGE_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
+      ],
+      'OR',
+    ),
   folderEdit: () =>
     hasPermission(
       [
diff --git a/ui/src/permission/model/system-manage.ts b/ui/src/permission/model/system-manage.ts
index decfebc78..104323306 100644
--- a/ui/src/permission/model/system-manage.ts
+++ b/ui/src/permission/model/system-manage.ts
@@ -20,6 +20,7 @@ const systemManage = {
   delete: () =>
     hasPermission([RoleConst.ADMIN, PermissionConst.RESOURCE_MODEL_DELETE], 'OR'),
 
+  auth: () => false,  
   folderCreate: () => false,
   folderEdit: () => false,
   folderDelete: () => false,
diff --git a/ui/src/permission/model/system-share.ts b/ui/src/permission/model/system-share.ts
index 635d52f42..0c025fe53 100644
--- a/ui/src/permission/model/system-share.ts
+++ b/ui/src/permission/model/system-share.ts
@@ -35,6 +35,7 @@ const share = {
       ],
       'OR',
     ),
+  auth: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
   folderDelete: () => false,
diff --git a/ui/src/permission/model/workspace.ts b/ui/src/permission/model/workspace.ts
index 6992ed400..089558674 100644
--- a/ui/src/permission/model/workspace.ts
+++ b/ui/src/permission/model/workspace.ts
@@ -40,6 +40,16 @@ const workspace = {
       ],
       'OR'
     ),
+  auth: (source_id:string) =>
+    hasPermission(
+      [
+        new ComplexPermission([RoleConst.USER],[PermissionConst.MODEL.getModelWorkspaceResourcePermission(source_id)],[],'AND'),
+        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+        PermissionConst.MODEL_RESOURCE_AUTHORIZATION.getModelWorkspaceResourcePermission(source_id),
+        PermissionConst.MODEL_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole
+      ],
+      'OR'
+    ),
   folderEdit: () =>
     hasPermission(
       [
diff --git a/ui/src/permission/tool/system-manage.ts b/ui/src/permission/tool/system-manage.ts
index 7c36c1eb0..bbac81d66 100644
--- a/ui/src/permission/tool/system-manage.ts
+++ b/ui/src/permission/tool/system-manage.ts
@@ -57,6 +57,7 @@ const systemManage = {
       'OR',
     ),
 
+  auth: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
   folderDelete: () => false,
diff --git a/ui/src/permission/tool/system-share.ts b/ui/src/permission/tool/system-share.ts
index 95d3698ad..b5b77b015 100644
--- a/ui/src/permission/tool/system-share.ts
+++ b/ui/src/permission/tool/system-share.ts
@@ -68,6 +68,7 @@ const share = {
       'OR',
     ),
     
+  auth: () => false,  
   folderCreate: () => false,
   folderEdit: () => false,
   folderDelete: () => false,
diff --git a/ui/src/permission/tool/workspace.ts b/ui/src/permission/tool/workspace.ts
index 666b7906e..197539802 100644
--- a/ui/src/permission/tool/workspace.ts
+++ b/ui/src/permission/tool/workspace.ts
@@ -110,6 +110,16 @@ const workspace = {
       ],
       'OR'
     ), 
+  auth: (source_id:string) =>
+    hasPermission(
+      [
+        new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(source_id)],[],'AND'),
+        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+        PermissionConst.TOOL_RESOURCE_AUTHORIZATION.getToolWorkspaceResourcePermission(source_id),
+        PermissionConst.TOOL_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole
+      ],
+      'OR'
+    ), 
   debug: () =>
     hasPermission(
       [ 
diff --git a/ui/src/utils/permission/data.ts b/ui/src/utils/permission/data.ts
index 40ce97979..c43345fe6 100644
--- a/ui/src/utils/permission/data.ts
+++ b/ui/src/utils/permission/data.ts
@@ -296,6 +296,19 @@ const PermissionConst = {
   CHANGE_PASSWORD: new Permission('OTHER:READ+CREATE'),
   SYSTEM_API_KEY_EDIT: new Permission('OTHER:READ+DELETE'),
 
+  APPLICATION_RESOURCE_AUTHORIZATION: new Permission(
+    'APPLICATION:READ+AUTH',
+  ),
+  KNOWLEDGE_RESOURCE_AUTHORIZATION: new Permission(
+    'KNOWLEDGE:READ+AUTH',
+  ),
+  TOOL_RESOURCE_AUTHORIZATION: new Permission(
+    'TOOL:READ+AUTH',
+  ),
+  MODEL_RESOURCE_AUTHORIZATION: new Permission(
+    'MODEL:READ+AUTH',
+  ),
+
   APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION_READ: new Permission(
     'APPLICATION_WORKSPACE_USER_RESOURCE_PERMISSION:READ',
   ),
diff --git a/ui/src/views/application/index.vue b/ui/src/views/application/index.vue
index 0b0a81aa5..5eca3eb29 100644
--- a/ui/src/views/application/index.vue
+++ b/ui/src/views/application/index.vue
@@ -3,13 +3,8 @@
     <template #left>
       <h4 class="p-12-16 pb-0 mt-12">{{ $t('views.application.title') }}</h4>
       <div class="p-8">
-        <folder-tree
-          :source="SourceTypeEnum.APPLICATION"
-          :data="folderList"
-          :currentNodeKey="folder.currentFolder?.id"
-          @handleNodeClick="folderClickHandle"
-          @refreshTree="refreshFolder"
-        />
+        <folder-tree :source="SourceTypeEnum.APPLICATION" :data="folderList" :currentNodeKey="folder.currentFolder?.id"
+          @handleNodeClick="folderClickHandle" @refreshTree="refreshFolder" />
       </div>
     </template>
     <ContentContainer>
@@ -19,44 +14,22 @@
       <template #search>
         <div class="flex">
           <div class="flex-between complex-search">
-            <el-select
-              class="complex-search__left"
-              v-model="search_type"
-              style="width: 120px"
-              @change="search_type_change"
-            >
+            <el-select class="complex-search__left" v-model="search_type" style="width: 120px"
+              @change="search_type_change">
               <el-option :label="$t('common.creator')" value="create_user" />
 
               <el-option :label="$t('common.name')" value="name" />
 
               <el-option :label="$t('common.publishStatus')" value="publish_status" />
             </el-select>
-            <el-input
-              v-if="search_type === 'name'"
-              v-model="search_form.name"
-              @change="searchHandle"
-              :placeholder="$t('common.searchBar.placeholder')"
-              style="width: 220px"
-              clearable
-            />
-            <el-select
-              v-else-if="search_type === 'create_user'"
-              v-model="search_form.create_user"
-              @change="searchHandle"
-              filterable
-              clearable
-              style="width: 220px"
-            >
+            <el-input v-if="search_type === 'name'" v-model="search_form.name" @change="searchHandle"
+              :placeholder="$t('common.searchBar.placeholder')" style="width: 220px" clearable />
+            <el-select v-else-if="search_type === 'create_user'" v-model="search_form.create_user"
+              @change="searchHandle" filterable clearable style="width: 220px">
               <el-option v-for="u in user_options" :key="u.id" :value="u.id" :label="u.nick_name" />
             </el-select>
-            <el-select
-              v-else-if="search_type === 'publish_status'"
-              v-model="search_form.publish_status"
-              @change="searchHandle"
-              filterable
-              clearable
-              style="width: 220px"
-            >
+            <el-select v-else-if="search_type === 'publish_status'" v-model="search_form.publish_status"
+              @change="searchHandle" filterable clearable style="width: 220px">
               <el-option :label="$t('common.published')" value="published" />
               <el-option :label="$t('common.unpublished')" value="unpublished" />
             </el-select>
@@ -73,16 +46,11 @@
                 <el-dropdown-item @click="openCreateDialog('SIMPLE')">
                   <div class="flex">
                     <el-avatar shape="square" class="avatar-blue mt-4" :size="36">
-                      <img
-                        src="@/assets/application/icon_simple_application.svg"
-                        style="width: 65%"
-                        alt=""
-                      />
+                      <img src="@/assets/application/icon_simple_application.svg" style="width: 65%" alt="" />
                     </el-avatar>
                     <div class="pre-wrap ml-8">
                       <div class="lighter">{{ $t('views.application.simple') }}</div>
-                      <el-text type="info" size="small"
-                        >{{ $t('views.application.simplePlaceholder') }}
+                      <el-text type="info" size="small">{{ $t('views.application.simplePlaceholder') }}
                       </el-text>
                     </div>
                   </div>
@@ -90,31 +58,18 @@
                 <el-dropdown-item @click="openCreateDialog('WORK_FLOW')">
                   <div class="flex">
                     <el-avatar shape="square" class="avatar-purple mt-4" :size="36">
-                      <img
-                        src="@/assets/application/icon_workflow_application.svg"
-                        style="width: 65%"
-                        alt=""
-                      />
+                      <img src="@/assets/application/icon_workflow_application.svg" style="width: 65%" alt="" />
                     </el-avatar>
                     <div class="pre-wrap ml-8">
                       <div class="lighter">{{ $t('views.application.workflow') }}</div>
-                      <el-text type="info" size="small"
-                        >{{ $t('views.application.workflowPlaceholder') }}
+                      <el-text type="info" size="small">{{ $t('views.application.workflowPlaceholder') }}
                       </el-text>
                     </div>
                   </div>
                 </el-dropdown-item>
-                <el-upload
-                  class="import-button"
-                  ref="elUploadRef"
-                  :file-list="[]"
-                  action="#"
-                  multiple
-                  :auto-upload="false"
-                  :show-file-list="false"
-                  :limit="1"
-                  :on-change="(file: any, fileList: any) => importApplication(file)"
-                >
+                <el-upload class="import-button" ref="elUploadRef" :file-list="[]" action="#" multiple
+                  :auto-upload="false" :show-file-list="false" :limit="1"
+                  :on-change="(file: any, fileList: any) => importApplication(file)">
                   <el-dropdown-item>
                     <div class="flex align-center w-full">
                       <el-avatar shape="square" class="mt-4" :size="36" style="background: none">
@@ -141,35 +96,16 @@
           </el-dropdown>
         </div>
       </template>
-      <div
-        v-loading.fullscreen.lock="paginationConfig.current_page === 1 && loading"
-        style="max-height: calc(100vh - 120px)"
-      >
-        <InfiniteScroll
-          :size="applicationList.length"
-          :total="paginationConfig.total"
-          :page_size="paginationConfig.page_size"
-          v-model:current_page="paginationConfig.current_page"
-          @load="getList"
-          :loading="loading"
-        >
+      <div v-loading.fullscreen.lock="paginationConfig.current_page === 1 && loading"
+        style="max-height: calc(100vh - 120px)">
+        <InfiniteScroll :size="applicationList.length" :total="paginationConfig.total"
+          :page_size="paginationConfig.page_size" v-model:current_page="paginationConfig.current_page" @load="getList"
+          :loading="loading">
           <el-row v-if="applicationList.length > 0" :gutter="15" class="w-full">
             <template v-for="(item, index) in applicationList" :key="index">
-              <el-col
-                v-if="item.resource_type === 'folder'"
-                :xs="24"
-                :sm="12"
-                :md="12"
-                :lg="8"
-                :xl="6"
-                class="mb-16"
-              >
-                <CardBox
-                  :title="item.name"
-                  :description="item.desc || $t('components.noDesc')"
-                  class="cursor"
-                  @click="clickFolder(item)"
-                >
+              <el-col v-if="item.resource_type === 'folder'" :xs="24" :sm="12" :md="12" :lg="8" :xl="6" class="mb-16">
+                <CardBox :title="item.name" :description="item.desc || $t('components.noDesc')" class="cursor"
+                  @click="clickFolder(item)">
                   <template #icon>
                     <el-avatar shape="square" :size="32" style="background: none">
                       <AppIcon iconName="app-folder" style="font-size: 32px"></AppIcon>
@@ -183,12 +119,7 @@
                 </CardBox>
               </el-col>
               <el-col v-else :xs="24" :sm="12" :md="12" :lg="8" :xl="6" class="mb-16">
-                <CardBox
-                  :title="item.name"
-                  :description="item.desc"
-                  class="cursor"
-                  @click="goApp(item)"
-                >
+                <CardBox :title="item.name" :description="item.desc" class="cursor" @click="goApp(item)">
                   <template #icon>
                     <el-avatar shape="square" :size="32" style="background: none">
                       <img :src="resetUrl(item?.icon, resetUrl('./favicon.ico'))" alt="" />
@@ -242,48 +173,33 @@
                               <AppIcon iconName="app-create-chat" class="color-secondary"></AppIcon>
                               {{ $t('views.application.operation.toChat') }}
                             </el-dropdown-item>
-                            <el-dropdown-item
-                              @click.stop="settingApplication(item)"
-                              v-if="permissionPrecise.edit(item.id)"
-                            >
+                            <el-dropdown-item @click.stop="settingApplication(item)"
+                              v-if="permissionPrecise.edit(item.id)">
                               <AppIcon iconName="app-setting" class="color-secondary"></AppIcon>
                               {{ $t('common.setting') }}
                             </el-dropdown-item>
 
-                            <el-dropdown-item @click.stop="openAuthorization(item)">
-                              <AppIcon
-                                iconName="app-resource-authorization"
-                                class="color-secondary"
-                              ></AppIcon>
+                            <el-dropdown-item @click.stop="openAuthorization(item)"
+                              v-if="permissionPrecise.auth(item.id)">
+                              <AppIcon iconName="app-resource-authorization" class="color-secondary"></AppIcon>
                               {{ $t('views.system.resourceAuthorization.title') }}
                             </el-dropdown-item>
-                            <el-dropdown-item
-                              @click.stop="openMoveToDialog(item)"
-                              v-if="permissionPrecise.edit(item.id) && apiType === 'workspace'"
-                            >
+                            <el-dropdown-item @click.stop="openMoveToDialog(item)"
+                              v-if="permissionPrecise.edit(item.id) && apiType === 'workspace'">
                               <AppIcon iconName="app-migrate" class="color-secondary"></AppIcon>
                               {{ $t('common.moveTo') }}
                             </el-dropdown-item>
-                            <el-dropdown-item
-                              @click="copyApplication(item)"
-                              v-if="permissionPrecise.create()"
-                            >
+                            <el-dropdown-item @click="copyApplication(item)" v-if="permissionPrecise.create()">
                               <AppIcon iconName="app-copy" class="color-secondary"></AppIcon>
                               {{ $t('common.copy') }}
                             </el-dropdown-item>
-                            <el-dropdown-item
-                              divided
-                              @click.stop="exportApplication(item)"
-                              v-if="permissionPrecise.export(item.id)"
-                            >
+                            <el-dropdown-item divided @click.stop="exportApplication(item)"
+                              v-if="permissionPrecise.export(item.id)">
                               <AppIcon iconName="app-export" class="color-secondary"></AppIcon>
                               {{ $t('common.export') }}
                             </el-dropdown-item>
-                            <el-dropdown-item
-                              divided
-                              @click.stop="deleteApplication(item)"
-                              v-if="permissionPrecise.delete(item.id)"
-                            >
+                            <el-dropdown-item divided @click.stop="deleteApplication(item)"
+                              v-if="permissionPrecise.delete(item.id)">
                               <AppIcon iconName="app-delete" class="color-secondary"></AppIcon>
                               {{ $t('common.delete') }}
                             </el-dropdown-item>
@@ -303,16 +219,9 @@
     <CreateApplicationDialog ref="CreateApplicationDialogRef" />
     <CopyApplicationDialog ref="CopyApplicationDialogRef" />
     <CreateFolderDialog ref="CreateFolderDialogRef" @refresh="refreshFolder" />
-    <MoveToDialog
-      ref="MoveToDialogRef"
-      :source="SourceTypeEnum.APPLICATION"
-      @refresh="refreshApplicationList"
-      v-if="apiType === 'workspace'"
-    />
-    <ResourceAuthorizationDrawer
-      :type="SourceTypeEnum.APPLICATION"
-      ref="ResourceAuthorizationDrawerRef"
-    />
+    <MoveToDialog ref="MoveToDialogRef" :source="SourceTypeEnum.APPLICATION" @refresh="refreshApplicationList"
+      v-if="apiType === 'workspace'" />
+    <ResourceAuthorizationDrawer :type="SourceTypeEnum.APPLICATION" ref="ResourceAuthorizationDrawerRef" />
   </LayoutContainer>
 </template>
 
@@ -535,20 +444,20 @@ function toChat(row: any) {
     .map((v: any) => {
       apiInputParams.value = v.properties.api_input_field_list
         ? v.properties.api_input_field_list.map((v: any) => {
-            return {
-              name: v.variable,
-              value: v.default_value,
-            }
-          })
+          return {
+            name: v.variable,
+            value: v.default_value,
+          }
+        })
         : v.properties.input_field_list
           ? v.properties.input_field_list
-              .filter((v: any) => v.assignment_method === 'api_input')
-              .map((v: any) => {
-                return {
-                  name: v.variable,
-                  value: v.default_value,
-                }
-              })
+            .filter((v: any) => v.assignment_method === 'api_input')
+            .map((v: any) => {
+              return {
+                name: v.variable,
+                value: v.default_value,
+              }
+            })
           : []
     })
   const apiParams = mapToUrlParams(apiInputParams.value)
@@ -606,7 +515,7 @@ function deleteApplication(row: any) {
         MsgSuccess(t('common.deleteSuccess'))
       })
     })
-    .catch(() => {})
+    .catch(() => { })
 }
 
 const exportApplication = (application: any) => {
diff --git a/ui/src/views/knowledge/component/KnowledgeListContainer.vue b/ui/src/views/knowledge/component/KnowledgeListContainer.vue
index c3d46185d..0c414aaaa 100644
--- a/ui/src/views/knowledge/component/KnowledgeListContainer.vue
+++ b/ui/src/views/knowledge/component/KnowledgeListContainer.vue
@@ -260,7 +260,7 @@
                           >
                           <el-dropdown-item
                             @click.stop="openAuthorization(item)"
-                            v-if="apiType === 'workspace'"
+                            v-if="apiType === 'workspace' && permissionPrecise.auth(item.id)"
                           >
                             <AppIcon
                               iconName="app-resource-authorization"
diff --git a/ui/src/views/model/component/ModelCard.vue b/ui/src/views/model/component/ModelCard.vue
index 44a9a1a05..a9273bf84 100644
--- a/ui/src/views/model/component/ModelCard.vue
+++ b/ui/src/views/model/component/ModelCard.vue
@@ -100,7 +100,7 @@
               <AppIcon iconName="app-setting" class="color-secondary"></AppIcon>
               {{ $t('views.model.modelForm.title.paramSetting') }}
             </el-dropdown-item>
-            <el-dropdown-item @click.stop="openAuthorization(model)" v-if="apiType === 'workspace'">
+            <el-dropdown-item @click.stop="openAuthorization(model)" v-if="apiType === 'workspace' && permissionPrecise.auth(model.id)">
               <AppIcon iconName="app-resource-authorization" class="color-secondary"></AppIcon>
               {{ $t('views.system.resourceAuthorization.title') }}
             </el-dropdown-item>
diff --git a/ui/src/views/tool/component/ToolListContainer.vue b/ui/src/views/tool/component/ToolListContainer.vue
index d3eda4706..953508258 100644
--- a/ui/src/views/tool/component/ToolListContainer.vue
+++ b/ui/src/views/tool/component/ToolListContainer.vue
@@ -252,7 +252,7 @@
                           </el-dropdown-item>
                           <el-dropdown-item
                             @click.stop="openAuthorization(item)"
-                            v-if="apiType === 'workspace'"
+                            v-if="apiType === 'workspace' && permissionPrecise.auth(item.id)"
                           >
                             <AppIcon
                               iconName="app-resource-authorization"