From 60e3005aa9cbfc806d0cbca2470f75630a2488cd Mon Sep 17 00:00:00 2001
From: zhangzhanwei <zhanwei.zhang@fit2cloud.com>
Date: Fri, 4 Jul 2025 10:40:19 +0800
Subject: [PATCH] fix: Tool permission by extend workspace manager

---
 apps/tools/views/tool.py | 41 ++++++++++++++++++++++++----------------
 1 file changed, 25 insertions(+), 16 deletions(-)

diff --git a/apps/tools/views/tool.py b/apps/tools/views/tool.py
index 2ee1979c7..ca6b0b72f 100644
--- a/apps/tools/views/tool.py
+++ b/apps/tools/views/tool.py
@@ -39,7 +39,8 @@ class ToolView(APIView):
         tags=[_('Tool')]  # type: ignore
     )
     @has_permissions(
-        PermissionConstants.TOOL_CREATE.get_workspace_permission(),
+        PermissionConstants.TOOL_CREATE.get_workspace_tool_permission(),
+        PermissionConstants.TOOL_CREATE.get_workspace_permission_workspace_manage_role(),
         RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), RoleConstants.USER.get_workspace_role()
     )
     @log(
@@ -61,7 +62,8 @@ class ToolView(APIView):
         tags=[_('Tool')]  # type: ignore
     )
     @has_permissions(
-        PermissionConstants.TOOL_READ.get_workspace_permission(),
+        PermissionConstants.TOOL_READ.get_workspace_tool_permission(),
+        PermissionConstants.TOOL_READ.get_workspace_permission_workspace_manage_role(),
         RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), RoleConstants.USER.get_workspace_role()
     )
     def get(self, request: Request, workspace_id: str):
@@ -82,7 +84,8 @@ class ToolView(APIView):
             tags=[_('Tool')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.TOOL_DEBUG.get_workspace_permission(),
+            PermissionConstants.TOOL_DEBUG.get_workspace_tool_permission(),
+            PermissionConstants.TOOL_DEBUG.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), RoleConstants.USER.get_workspace_role()
         )
         def post(self, request: Request, workspace_id: str):
@@ -104,7 +107,7 @@ class ToolView(APIView):
             tags=[_('Tool')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.TOOL_EDIT.get_workspace_permission(),
+            PermissionConstants.TOOL_EDIT.get_workspace_tool_permission(),
             PermissionConstants.TOOL_EDIT.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
             ViewPermission([RoleConstants.USER.get_workspace_role()],
@@ -131,7 +134,8 @@ class ToolView(APIView):
             tags=[_('Tool')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.TOOL_READ.get_workspace_permission(),
+            PermissionConstants.TOOL_READ.get_workspace_tool_permission(),
+            PermissionConstants.TOOL_READ.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), ViewPermission([RoleConstants.USER.get_workspace_role()],
                                         [PermissionConstants.TOOL.get_workspace_tool_permission()],
                                         CompareConstants.AND),
@@ -152,7 +156,8 @@ class ToolView(APIView):
             tags=[_('Tool')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.TOOL_DELETE.get_workspace_permission(),
+            PermissionConstants.TOOL_DELETE.get_workspace_tool_permission(),
+            PermissionConstants.TOOL_DELETE.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), ViewPermission([RoleConstants.USER.get_workspace_role()],
                                         [PermissionConstants.TOOL.get_workspace_tool_permission()],
                                         CompareConstants.AND),
@@ -180,7 +185,8 @@ class ToolView(APIView):
             tags=[_('Tool')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.TOOL_READ.get_workspace_permission(),
+            PermissionConstants.TOOL_READ.get_workspace_tool_permission(),
+            PermissionConstants.TOOL_READ.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), RoleConstants.USER.get_workspace_role()
         )
         @log(menu='Tool', operate='Get tool list')
@@ -211,7 +217,8 @@ class ToolView(APIView):
             tags=[_("Tool")]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.TOOL_IMPORT.get_workspace_permission(),
+            PermissionConstants.TOOL_IMPORT.get_workspace_tool_permission(),
+            PermissionConstants.TOOL_IMPORT.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), RoleConstants.USER.get_workspace_role()
         )
         @log(menu='Tool', operate='Import tool', )
@@ -233,7 +240,8 @@ class ToolView(APIView):
             tags=[_("Tool")]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.TOOL_EXPORT.get_workspace_permission(),
+            PermissionConstants.TOOL_EXPORT.get_workspace_tool_permission(),
+            PermissionConstants.TOOL_EXPORT.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), ViewPermission([RoleConstants.USER.get_workspace_role()],
                                         [PermissionConstants.TOOL.get_workspace_tool_permission()],
                                         CompareConstants.AND),
@@ -261,8 +269,8 @@ class ToolView(APIView):
             tags=[_('Tool')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.TOOL_CREATE.get_workspace_permission(),
-            PermissionConstants.TOOL_EDIT.get_workspace_permission(),
+            PermissionConstants.TOOL_CREATE.get_workspace_tool_permission(),
+            PermissionConstants.TOOL_EDIT.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
             RoleConstants.USER.get_workspace_role()
         )
@@ -286,7 +294,8 @@ class ToolView(APIView):
             tags=[_('Tool')]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.TOOL_EDIT.get_workspace_permission(),
+            PermissionConstants.TOOL_EDIT.get_workspace_tool_permission(),
+            PermissionConstants.TOOL_EDIT.get_workspace_permission_workspace_manage_role(),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), ViewPermission([RoleConstants.USER.get_workspace_role()],
                                         [PermissionConstants.TOOL.get_workspace_tool_permission()],
                                         CompareConstants.AND),
@@ -331,10 +340,10 @@ class ToolView(APIView):
             tags=[_("Tool")]  # type: ignore
         )
         @has_permissions(
-            PermissionConstants.TOOL_CREATE.get_workspace_permission(),
-            RoleConstants.WORKSPACE_MANAGE.get_workspace_role(), ViewPermission([RoleConstants.USER.get_workspace_role()],
-                                        [PermissionConstants.TOOL.get_workspace_tool_permission()],
-                                        CompareConstants.AND),
+            PermissionConstants.TOOL_CREATE.get_workspace_tool_permission(),
+            PermissionConstants.TOOL_CREATE.get_workspace_permission_workspace_manage_role(),
+            RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
+            RoleConstants.USER.get_workspace_role(),
         )
         @log(
             menu='Tool', operate="Add internal tool",