diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py
index 647e881b0..6fbe11472 100644
--- a/apps/common/constants/permission_constants.py
+++ b/apps/common/constants/permission_constants.py
@@ -572,7 +572,12 @@ class PermissionConstants(Enum):
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
)
TOOL_FOLDER_DELETE = Permission(
- group=Group.TOOL_FOLDER, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+ group=Group.TOOL_FOLDER, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+ parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
+ resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
+ )
+ TOOL_FOLDER_AUTH = Permission(
+ group=Group.TOOL_FOLDER, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
)
@@ -641,6 +646,11 @@ class PermissionConstants(Enum):
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
)
+ KNOWLEDGE_FOLDER_AUTH = Permission(
+ group=Group.KNOWLEDGE_FOLDER, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+ resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
+ parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
+ )
KNOWLEDGE_WORKFLOW_READ = Permission(
group=Group.KNOWLEDGE_WORKFLOW, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
@@ -954,7 +964,7 @@ class PermissionConstants(Enum):
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_VIEW]
)
- APPLICATION_FOLDER_CREATE = Permission(group=Group.APPLICATION_FOLDER, operate=Operate.EDIT,
+ APPLICATION_FOLDER_CREATE = Permission(group=Group.APPLICATION_FOLDER, operate=Operate.CREATE,
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE]
@@ -969,6 +979,11 @@ class PermissionConstants(Enum):
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE]
)
+ APPLICATION_FOLDER_AUTH = Permission(group=Group.APPLICATION_FOLDER, operate=Operate.AUTH,
+ role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+ parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
+ resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE]
+ )
APPLICATION_OVERVIEW_READ = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.READ,
role_list=[RoleConstants.ADMIN, RoleConstants.USER],
parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
diff --git a/apps/folders/views/folder.py b/apps/folders/views/folder.py
index c172ff435..9a6319f92 100644
--- a/apps/folders/views/folder.py
+++ b/apps/folders/views/folder.py
@@ -38,9 +38,9 @@ class FolderView(APIView):
tags=[_('Folder')] # type: ignore
)
@has_permissions(
- lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
+ lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.CREATE,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{r.data.get('parent_id')}"),
- lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.CREATE,
+ lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.CREATE,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
),
lambda r, kwargs: ViewPermission([RoleConstants.USER.get_workspace_role()],
@@ -99,7 +99,7 @@ class FolderView(APIView):
tags=[_('Folder')] # type: ignore
)
@has_permissions(
- lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
+ lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
),
lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
@@ -151,15 +151,15 @@ class FolderView(APIView):
tags=[_('Folder')] # type: ignore
)
@has_permissions(
- lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.DELETE,
+ lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.DELETE,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
),
- lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
+ lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.DELETE,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{kwargs.get('folder_id')}"
),
lambda r, kwargs: ViewPermission([RoleConstants.USER.get_workspace_role()],
[Permission(group=Group(f"{kwargs.get('source')}_FOLDER"),
- operate=Operate.EDIT,
+ operate=Operate.DELETE,
resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{kwargs.get('folder_id')}"
)], CompareConstants.AND),
RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
diff --git a/ui/src/components/folder-tree/index.vue b/ui/src/components/folder-tree/index.vue
index f50790fa5..095179593 100644
--- a/ui/src/components/folder-tree/index.vue
+++ b/ui/src/components/folder-tree/index.vue
@@ -80,7 +80,7 @@
class="flex align-center w-full custom-tree-node"
>
- {{ i18n_name(node.label) }}
+ {{ i18n_name(node.label) }}
-
+
-
+
-
-
+
+
@@ -292,7 +297,7 @@ function confirmSinglePermission() {
const permissionOptionMap = computed(() => {
return {
rootFolder: getPermissionOptions(true, true),
- folder: getPermissionOptions(true, false),
+ folder: getPermissionOptions(false, false),
}
})
diff --git a/ui/src/permission/application/workspace.ts b/ui/src/permission/application/workspace.ts
index 6c7fa5884..8a22df192 100644
--- a/ui/src/permission/application/workspace.ts
+++ b/ui/src/permission/application/workspace.ts
@@ -18,8 +18,8 @@ const workspace = {
[
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
- PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
- PermissionConst.APPLICATION_CREATE.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.APPLICATION_FOLDER_CREATE.getApplicationWorkspaceResourcePermission(folder_id),
+ PermissionConst.APPLICATION_FOLDER_CREATE.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
@@ -29,7 +29,7 @@ const workspace = {
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.APPLICATION_FOLDER_READ.getApplicationWorkspaceResourcePermission(folder_id),
- PermissionConst.APPLICATION_READ.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.APPLICATION_FOLDER_READ.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
@@ -39,7 +39,7 @@ const workspace = {
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
- PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.APPLICATION_FOLDER_EDIT.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
@@ -48,8 +48,8 @@ const workspace = {
[
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
- PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
- PermissionConst.APPLICATION_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.APPLICATION_FOLDER_AUTH.getApplicationWorkspaceResourcePermission(folder_id),
+ PermissionConst.APPLICATION_FOLDER_AUTH.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
@@ -58,8 +58,8 @@ const workspace = {
[
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
- PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
- PermissionConst.APPLICATION_DELETE.getWorkspacePermissionWorkspaceManageRole
+ PermissionConst.APPLICATION_FOLDER_DELETE.getApplicationWorkspaceResourcePermission(folder_id),
+ PermissionConst.APPLICATION_FOLDER_DELETE.getWorkspacePermissionWorkspaceManageRole
],
'OR'
),
@@ -69,7 +69,7 @@ const workspace = {
new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
- PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.APPLICATION_FOLDER_EDIT.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
diff --git a/ui/src/permission/knowledge/workspace.ts b/ui/src/permission/knowledge/workspace.ts
index 7d403fc70..a47b744f6 100644
--- a/ui/src/permission/knowledge/workspace.ts
+++ b/ui/src/permission/knowledge/workspace.ts
@@ -36,7 +36,7 @@ const workspace = {
),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.KNOWLEDGE_FOLDER_READ.getKnowledgeWorkspaceResourcePermission(folder_id),
- PermissionConst.KNOWLEDGE_READ.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.KNOWLEDGE_FOLDER_READ.getWorkspacePermissionWorkspaceManageRole,
],
'OR',
),
@@ -51,8 +51,8 @@ const workspace = {
'AND',
),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
- PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
- PermissionConst.KNOWLEDGE_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.KNOWLEDGE_FOLDER_AUTH.getKnowledgeWorkspaceResourcePermission(folder_id),
+ PermissionConst.KNOWLEDGE_FOLDER_AUTH.getWorkspacePermissionWorkspaceManageRole,
],
'OR',
),
@@ -66,8 +66,8 @@ const workspace = {
'AND',
),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
- PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
- PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.KNOWLEDGE_FOLDER_CREATE.getKnowledgeWorkspaceResourcePermission(folder_id),
+ PermissionConst.KNOWLEDGE_FOLDER_CREATE.getWorkspacePermissionWorkspaceManageRole,
],
'OR',
),
@@ -81,8 +81,8 @@ const workspace = {
'AND',
),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
- PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
- PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.KNOWLEDGE_FOLDER_DELETE.getKnowledgeWorkspaceResourcePermission(folder_id),
+ PermissionConst.KNOWLEDGE_FOLDER_DELETE.getWorkspacePermissionWorkspaceManageRole,
],
'OR',
),
@@ -97,7 +97,7 @@ const workspace = {
),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
- PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.KNOWLEDGE_FOLDER_EDIT.getWorkspacePermissionWorkspaceManageRole,
],
'OR',
),
diff --git a/ui/src/permission/tool/workspace.ts b/ui/src/permission/tool/workspace.ts
index cba63f41e..b3b3bc28b 100644
--- a/ui/src/permission/tool/workspace.ts
+++ b/ui/src/permission/tool/workspace.ts
@@ -45,8 +45,8 @@ const workspace = {
[
new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
- PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
- PermissionConst.TOOL_CREATE.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.TOOL_FOLDER_CREATE.getToolWorkspaceResourcePermission(folder_id),
+ PermissionConst.TOOL_FOLDER_CREATE.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
@@ -56,7 +56,7 @@ const workspace = {
new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.TOOL_FOLDER_READ.getToolWorkspaceResourcePermission(folder_id),
- PermissionConst.TOOL_READ.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.TOOL_FOLDER_READ.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
@@ -66,7 +66,7 @@ const workspace = {
new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
- PermissionConst.TOOL_EDIT.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.TOOL_FOLDER_EDIT.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
@@ -75,8 +75,8 @@ const workspace = {
[
new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
- PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
- PermissionConst.TOOL_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.TOOL_FOLDER_AUTH.getToolWorkspaceResourcePermission(folder_id),
+ PermissionConst.TOOL_FOLDER_AUTH.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
@@ -85,8 +85,8 @@ const workspace = {
[
new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
- PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
- PermissionConst.TOOL_DELETE.getWorkspacePermissionWorkspaceManageRole,
+ PermissionConst.TOOL_FOLDER_DELETE.getToolWorkspaceResourcePermission(folder_id),
+ PermissionConst.TOOL_FOLDER_DELETE.getWorkspacePermissionWorkspaceManageRole,
],
'OR'
),
diff --git a/ui/src/utils/permission/data.ts b/ui/src/utils/permission/data.ts
index 689f28e09..b461db5df 100644
--- a/ui/src/utils/permission/data.ts
+++ b/ui/src/utils/permission/data.ts
@@ -95,11 +95,22 @@ const PermissionConst = {
ROLE_REMOVE_MEMBER: new Permission('ROLE:READ+REMOVE_MEMBER'),
APPLICATION_FOLDER_READ: new Permission('APPLICATION_FOLDER:READ'),
+ APPLICATION_FOLDER_CREATE: new Permission('APPLICATION_FOLDER:READ+CREATE'),
APPLICATION_FOLDER_EDIT: new Permission('APPLICATION_FOLDER:READ+EDIT'),
+ APPLICATION_FOLDER_DELETE: new Permission('APPLICATION_FOLDER:READ+DELETE'),
+ APPLICATION_FOLDER_AUTH: new Permission('APPLICATION_FOLDER:READ+AUTH'),
+
KNOWLEDGE_FOLDER_READ: new Permission('KNOWLEDGE_FOLDER:READ'),
+ KNOWLEDGE_FOLDER_CREATE: new Permission('KNOWLEDGE_FOLDER:READ+CREATE'),
KNOWLEDGE_FOLDER_EDIT: new Permission('KNOWLEDGE_FOLDER:READ+EDIT'),
+ KNOWLEDGE_FOLDER_DELETE: new Permission('KNOWLEDGE_FOLDER:READ+DELETE'),
+ KNOWLEDGE_FOLDER_AUTH: new Permission('KNOWLEDGE_FOLDER:READ+AUTH'),
+
TOOL_FOLDER_READ: new Permission('TOOL_FOLDER:READ'),
+ TOOL_FOLDER_CREATE: new Permission('TOOL_FOLDER:READ+CREATE'),
TOOL_FOLDER_EDIT: new Permission('TOOL_FOLDER:READ+EDIT'),
+ TOOL_FOLDER_DELETE: new Permission('TOOL_FOLDER:READ+DELETE'),
+ TOOL_FOLDER_AUTH: new Permission('TOOL_FOLDER:READ+AUTH'),
KNOWLEDGE_READ: new Permission('KNOWLEDGE:READ'),
KNOWLEDGE_CREATE: new Permission('KNOWLEDGE:READ+CREATE'),
diff --git a/ui/src/views/system/resource-authorization/component/PermissionTable.vue b/ui/src/views/system/resource-authorization/component/PermissionTable.vue
index 8879a4af7..0ac792967 100644
--- a/ui/src/views/system/resource-authorization/component/PermissionTable.vue
+++ b/ui/src/views/system/resource-authorization/component/PermissionTable.vue
@@ -198,7 +198,7 @@ watch(
const permissionOptionMap = computed(() => {
return {
rootFolder: getPermissionOptions(true, true),
- folder: getPermissionOptions(true, false),
+ folder: getPermissionOptions(false, false),
resource: getPermissionOptions(false, false),
}
})