From a0d48da406e979616e3a14c0779fced74f19d8a7 Mon Sep 17 00:00:00 2001
From: zhangzhanwei <zhanwei.zhang@fit2cloud.com>
Date: Mon, 22 Dec 2025 14:38:54 +0800
Subject: [PATCH] feat: Add folder permission by role

---
 apps/common/constants/permission_constants.py | 19 +++++++++++++--
 apps/folders/views/folder.py                  | 12 +++++-----
 ui/src/components/folder-tree/index.vue       |  4 ++--
 .../resource-authorization-drawer/index.vue   | 23 +++++++++++--------
 ui/src/permission/application/workspace.ts    | 18 +++++++--------
 ui/src/permission/knowledge/workspace.ts      | 16 ++++++-------
 ui/src/permission/tool/workspace.ts           | 16 ++++++-------
 ui/src/utils/permission/data.ts               | 11 +++++++++
 .../component/PermissionTable.vue             |  2 +-
 9 files changed, 76 insertions(+), 45 deletions(-)

diff --git a/apps/common/constants/permission_constants.py b/apps/common/constants/permission_constants.py
index 647e881b0..6fbe11472 100644
--- a/apps/common/constants/permission_constants.py
+++ b/apps/common/constants/permission_constants.py
@@ -572,7 +572,12 @@ class PermissionConstants(Enum):
         resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
     )
     TOOL_FOLDER_DELETE = Permission(
-        group=Group.TOOL_FOLDER, operate=Operate.EDIT, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+        group=Group.TOOL_FOLDER, operate=Operate.DELETE, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+        parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
+        resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
+    )
+    TOOL_FOLDER_AUTH = Permission(
+        group=Group.TOOL_FOLDER, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
         parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
         resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
     )
@@ -641,6 +646,11 @@ class PermissionConstants(Enum):
         resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
         parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
     )
+    KNOWLEDGE_FOLDER_AUTH = Permission(
+        group=Group.KNOWLEDGE_FOLDER, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+        resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
+        parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
+    )
     KNOWLEDGE_WORKFLOW_READ = Permission(
         group=Group.KNOWLEDGE_WORKFLOW, operate=Operate.READ, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
         resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_VIEW],
@@ -954,7 +964,7 @@ class PermissionConstants(Enum):
                                          parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
                                          resource_permission_group_list=[ResourcePermissionConst.APPLICATION_VIEW]
                                          )
-    APPLICATION_FOLDER_CREATE = Permission(group=Group.APPLICATION_FOLDER, operate=Operate.EDIT,
+    APPLICATION_FOLDER_CREATE = Permission(group=Group.APPLICATION_FOLDER, operate=Operate.CREATE,
                                            role_list=[RoleConstants.ADMIN, RoleConstants.USER],
                                            parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
                                            resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE]
@@ -969,6 +979,11 @@ class PermissionConstants(Enum):
                                            parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
                                            resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE]
                                            )
+    APPLICATION_FOLDER_AUTH = Permission(group=Group.APPLICATION_FOLDER, operate=Operate.AUTH,
+                                           role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+                                           parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
+                                           resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE]
+                                           )
     APPLICATION_OVERVIEW_READ = Permission(group=Group.APPLICATION_OVERVIEW, operate=Operate.READ,
                                            role_list=[RoleConstants.ADMIN, RoleConstants.USER],
                                            parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
diff --git a/apps/folders/views/folder.py b/apps/folders/views/folder.py
index c172ff435..9a6319f92 100644
--- a/apps/folders/views/folder.py
+++ b/apps/folders/views/folder.py
@@ -38,9 +38,9 @@ class FolderView(APIView):
         tags=[_('Folder')]  # type: ignore
     )
     @has_permissions(
-        lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
+        lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.CREATE,
                                      resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{r.data.get('parent_id')}"),
-        lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.CREATE,
+        lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.CREATE,
                                      resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
                                      ),
         lambda r, kwargs: ViewPermission([RoleConstants.USER.get_workspace_role()],
@@ -99,7 +99,7 @@ class FolderView(APIView):
             tags=[_('Folder')]  # type: ignore
         )
         @has_permissions(
-            lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
+            lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
                                          resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
                                          ),
             lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
@@ -151,15 +151,15 @@ class FolderView(APIView):
             tags=[_('Folder')]  # type: ignore
         )
         @has_permissions(
-            lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.DELETE,
+            lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.DELETE,
                                          resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
                                          ),
-            lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
+            lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.DELETE,
                                          resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{kwargs.get('folder_id')}"
                                          ),
             lambda r, kwargs: ViewPermission([RoleConstants.USER.get_workspace_role()],
                                              [Permission(group=Group(f"{kwargs.get('source')}_FOLDER"),
-                                                         operate=Operate.EDIT,
+                                                         operate=Operate.DELETE,
                                                          resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{kwargs.get('folder_id')}"
                                                          )], CompareConstants.AND),
             RoleConstants.WORKSPACE_MANAGE.get_workspace_role()
diff --git a/ui/src/components/folder-tree/index.vue b/ui/src/components/folder-tree/index.vue
index f50790fa5..095179593 100644
--- a/ui/src/components/folder-tree/index.vue
+++ b/ui/src/components/folder-tree/index.vue
@@ -80,7 +80,7 @@
             class="flex align-center w-full custom-tree-node"
           >
             <AppIcon iconName="app-folder" style="font-size: 20px"></AppIcon>
-            <span class="tree-label ml-8 " :title="node.label">{{ i18n_name(node.label) }}</span>
+            <span class="tree-label ml-8" :title="node.label">{{ i18n_name(node.label) }}</span>
 
             <div
               v-if="canOperation && MoreFilledPermission(node, data)"
@@ -148,7 +148,7 @@
     <CreateFolderDialog ref="CreateFolderDialogRef" @refresh="refreshFolder" :title="title" />
     <MoveToDialog ref="MoveToDialogRef" :source="props.source" @refresh="emit('refreshTree')" />
     <ResourceAuthorizationDrawer
-      :type="props.source"
+      :type="`${props.source}_FOLDER`"
       :is-folder="true"
       :is-root-folder="!currentNode?.parent_id"
       ref="ResourceAuthorizationDrawerRef"
diff --git a/ui/src/components/resource-authorization-drawer/index.vue b/ui/src/components/resource-authorization-drawer/index.vue
index 9ae6af2c0..3ad3f4d99 100644
--- a/ui/src/components/resource-authorization-drawer/index.vue
+++ b/ui/src/components/resource-authorization-drawer/index.vue
@@ -23,7 +23,11 @@
           <el-option :label="$t('views.userManage.userForm.nick_name.label')" value="nick_name" />
           <el-option :label="$t('views.login.loginForm.username.label')" value="username" />
           <el-option :label="$t('views.model.modelForm.permissionType.label')" value="permission" />
-          <el-option v-if="hasPermission([EditionConst.IS_EE,EditionConst.IS_PE],'OR')" :label="$t('views.role.member.role')" value="role" />
+          <el-option
+            v-if="hasPermission([EditionConst.IS_EE, EditionConst.IS_PE], 'OR')"
+            :label="$t('views.role.member.role')"
+            value="role"
+          />
         </el-select>
         <el-input
           v-if="searchType === 'nick_name'"
@@ -93,14 +97,15 @@
         show-overflow-tooltip
         :label="$t('views.login.loginForm.username.label')"
       />
-      <el-table-column v-if="hasPermission([EditionConst.IS_EE,EditionConst.IS_PE],'OR')" prop="role_name" :label="$t('views.role.member.role')" width="210">
+      <el-table-column
+        v-if="hasPermission([EditionConst.IS_EE, EditionConst.IS_PE], 'OR')"
+        prop="role_name"
+        :label="$t('views.role.member.role')"
+        width="210"
+      >
         <template #default="{ row }">
-              <TagGroup
-                class="cursor"
-                style="width: fit-content"
-                :tags="row.role_name"
-              />
-            </template>
+          <TagGroup class="cursor" style="width: fit-content" :tags="row.role_name" />
+        </template>
       </el-table-column>
       <el-table-column :label="$t('common.operation')" align="left" width="340">
         <template #default="{ row }">
@@ -292,7 +297,7 @@ function confirmSinglePermission() {
 const permissionOptionMap = computed(() => {
   return {
     rootFolder: getPermissionOptions(true, true),
-    folder: getPermissionOptions(true, false),
+    folder: getPermissionOptions(false, false),
   }
 })
 
diff --git a/ui/src/permission/application/workspace.ts b/ui/src/permission/application/workspace.ts
index 6c7fa5884..8a22df192 100644
--- a/ui/src/permission/application/workspace.ts
+++ b/ui/src/permission/application/workspace.ts
@@ -18,8 +18,8 @@ const workspace = {
             [
               new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-              PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
-              PermissionConst.APPLICATION_CREATE.getWorkspacePermissionWorkspaceManageRole,  
+              PermissionConst.APPLICATION_FOLDER_CREATE.getApplicationWorkspaceResourcePermission(folder_id),
+              PermissionConst.APPLICATION_FOLDER_CREATE.getWorkspacePermissionWorkspaceManageRole,  
             ],
             'OR'
     ),
@@ -29,7 +29,7 @@ const workspace = {
               new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),  
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
               PermissionConst.APPLICATION_FOLDER_READ.getApplicationWorkspaceResourcePermission(folder_id),
-              PermissionConst.APPLICATION_READ.getWorkspacePermissionWorkspaceManageRole,  
+              PermissionConst.APPLICATION_FOLDER_READ.getWorkspacePermissionWorkspaceManageRole,  
             ],
             'OR'
     ),
@@ -39,7 +39,7 @@ const workspace = {
               new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
               PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
-              PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,
+              PermissionConst.APPLICATION_FOLDER_EDIT.getWorkspacePermissionWorkspaceManageRole,
             ],
             'OR'
     ),
@@ -48,8 +48,8 @@ const workspace = {
             [
               new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),  
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-              PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
-              PermissionConst.APPLICATION_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,  
+              PermissionConst.APPLICATION_FOLDER_AUTH.getApplicationWorkspaceResourcePermission(folder_id),
+              PermissionConst.APPLICATION_FOLDER_AUTH.getWorkspacePermissionWorkspaceManageRole,  
             ],
             'OR'
     ),
@@ -58,8 +58,8 @@ const workspace = {
             [
               new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-              PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
-              PermissionConst.APPLICATION_DELETE.getWorkspacePermissionWorkspaceManageRole
+              PermissionConst.APPLICATION_FOLDER_DELETE.getApplicationWorkspaceResourcePermission(folder_id),
+              PermissionConst.APPLICATION_FOLDER_DELETE.getWorkspacePermissionWorkspaceManageRole
             ],
             'OR'
     ),
@@ -69,7 +69,7 @@ const workspace = {
               new ComplexPermission([RoleConst.USER],[PermissionConst.APPLICATION.getApplicationWorkspaceResourcePermission(folder_id)],[],'AND'),  
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
               PermissionConst.APPLICATION_FOLDER_EDIT.getApplicationWorkspaceResourcePermission(folder_id),
-              PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,  
+              PermissionConst.APPLICATION_FOLDER_EDIT.getWorkspacePermissionWorkspaceManageRole,  
             ],
             'OR'
     ),
diff --git a/ui/src/permission/knowledge/workspace.ts b/ui/src/permission/knowledge/workspace.ts
index 7d403fc70..a47b744f6 100644
--- a/ui/src/permission/knowledge/workspace.ts
+++ b/ui/src/permission/knowledge/workspace.ts
@@ -36,7 +36,7 @@ const workspace = {
         ),
         RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
         PermissionConst.KNOWLEDGE_FOLDER_READ.getKnowledgeWorkspaceResourcePermission(folder_id),
-        PermissionConst.KNOWLEDGE_READ.getWorkspacePermissionWorkspaceManageRole,
+        PermissionConst.KNOWLEDGE_FOLDER_READ.getWorkspacePermissionWorkspaceManageRole,
       ],
       'OR',
     ),
@@ -51,8 +51,8 @@ const workspace = {
           'AND',
         ),
         RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-        PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
-        PermissionConst.KNOWLEDGE_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,
+        PermissionConst.KNOWLEDGE_FOLDER_AUTH.getKnowledgeWorkspaceResourcePermission(folder_id),
+        PermissionConst.KNOWLEDGE_FOLDER_AUTH.getWorkspacePermissionWorkspaceManageRole,
       ],
       'OR',
     ),
@@ -66,8 +66,8 @@ const workspace = {
           'AND',
         ),
         RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-        PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
-        PermissionConst.KNOWLEDGE_CREATE.getWorkspacePermissionWorkspaceManageRole,
+        PermissionConst.KNOWLEDGE_FOLDER_CREATE.getKnowledgeWorkspaceResourcePermission(folder_id),
+        PermissionConst.KNOWLEDGE_FOLDER_CREATE.getWorkspacePermissionWorkspaceManageRole,
       ],
       'OR',
     ),
@@ -81,8 +81,8 @@ const workspace = {
           'AND',
         ),
         RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-        PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
-        PermissionConst.KNOWLEDGE_DELETE.getWorkspacePermissionWorkspaceManageRole,
+        PermissionConst.KNOWLEDGE_FOLDER_DELETE.getKnowledgeWorkspaceResourcePermission(folder_id),
+        PermissionConst.KNOWLEDGE_FOLDER_DELETE.getWorkspacePermissionWorkspaceManageRole,
       ],
       'OR',
     ),
@@ -97,7 +97,7 @@ const workspace = {
         ),
         RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
         PermissionConst.KNOWLEDGE_FOLDER_EDIT.getKnowledgeWorkspaceResourcePermission(folder_id),
-        PermissionConst.KNOWLEDGE_EDIT.getWorkspacePermissionWorkspaceManageRole,
+        PermissionConst.KNOWLEDGE_FOLDER_EDIT.getWorkspacePermissionWorkspaceManageRole,
       ],
       'OR',
     ),
diff --git a/ui/src/permission/tool/workspace.ts b/ui/src/permission/tool/workspace.ts
index cba63f41e..b3b3bc28b 100644
--- a/ui/src/permission/tool/workspace.ts
+++ b/ui/src/permission/tool/workspace.ts
@@ -45,8 +45,8 @@ const workspace = {
             [
               new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-              PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
-              PermissionConst.TOOL_CREATE.getWorkspacePermissionWorkspaceManageRole,  
+              PermissionConst.TOOL_FOLDER_CREATE.getToolWorkspaceResourcePermission(folder_id),
+              PermissionConst.TOOL_FOLDER_CREATE.getWorkspacePermissionWorkspaceManageRole,  
             ],
             'OR'
     ),
@@ -56,7 +56,7 @@ const workspace = {
               new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
               PermissionConst.TOOL_FOLDER_READ.getToolWorkspaceResourcePermission(folder_id),
-              PermissionConst.TOOL_READ.getWorkspacePermissionWorkspaceManageRole,  
+              PermissionConst.TOOL_FOLDER_READ.getWorkspacePermissionWorkspaceManageRole,  
             ],
             'OR'
     ),
@@ -66,7 +66,7 @@ const workspace = {
               new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
               PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
-              PermissionConst.TOOL_EDIT.getWorkspacePermissionWorkspaceManageRole,  
+              PermissionConst.TOOL_FOLDER_EDIT.getWorkspacePermissionWorkspaceManageRole,  
             ],
             'OR'
     ),
@@ -75,8 +75,8 @@ const workspace = {
             [
               new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-              PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
-              PermissionConst.TOOL_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole,  
+              PermissionConst.TOOL_FOLDER_AUTH.getToolWorkspaceResourcePermission(folder_id),
+              PermissionConst.TOOL_FOLDER_AUTH.getWorkspacePermissionWorkspaceManageRole,  
             ],
             'OR'
     ),
@@ -85,8 +85,8 @@ const workspace = {
             [
               new ComplexPermission([RoleConst.USER],[PermissionConst.TOOL.getToolWorkspaceResourcePermission(folder_id)],[],'AND'),
               RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-              PermissionConst.TOOL_FOLDER_EDIT.getToolWorkspaceResourcePermission(folder_id),
-              PermissionConst.TOOL_DELETE.getWorkspacePermissionWorkspaceManageRole,  
+              PermissionConst.TOOL_FOLDER_DELETE.getToolWorkspaceResourcePermission(folder_id),
+              PermissionConst.TOOL_FOLDER_DELETE.getWorkspacePermissionWorkspaceManageRole,  
             ],
             'OR'
     ),
diff --git a/ui/src/utils/permission/data.ts b/ui/src/utils/permission/data.ts
index 689f28e09..b461db5df 100644
--- a/ui/src/utils/permission/data.ts
+++ b/ui/src/utils/permission/data.ts
@@ -95,11 +95,22 @@ const PermissionConst = {
   ROLE_REMOVE_MEMBER: new Permission('ROLE:READ+REMOVE_MEMBER'),
 
   APPLICATION_FOLDER_READ: new Permission('APPLICATION_FOLDER:READ'),
+  APPLICATION_FOLDER_CREATE: new Permission('APPLICATION_FOLDER:READ+CREATE'),
   APPLICATION_FOLDER_EDIT: new Permission('APPLICATION_FOLDER:READ+EDIT'),
+  APPLICATION_FOLDER_DELETE: new Permission('APPLICATION_FOLDER:READ+DELETE'),
+  APPLICATION_FOLDER_AUTH: new Permission('APPLICATION_FOLDER:READ+AUTH'),
+
   KNOWLEDGE_FOLDER_READ: new Permission('KNOWLEDGE_FOLDER:READ'),
+  KNOWLEDGE_FOLDER_CREATE: new Permission('KNOWLEDGE_FOLDER:READ+CREATE'),
   KNOWLEDGE_FOLDER_EDIT: new Permission('KNOWLEDGE_FOLDER:READ+EDIT'),
+  KNOWLEDGE_FOLDER_DELETE: new Permission('KNOWLEDGE_FOLDER:READ+DELETE'),
+  KNOWLEDGE_FOLDER_AUTH: new Permission('KNOWLEDGE_FOLDER:READ+AUTH'),
+  
   TOOL_FOLDER_READ: new Permission('TOOL_FOLDER:READ'),
+  TOOL_FOLDER_CREATE: new Permission('TOOL_FOLDER:READ+CREATE'),
   TOOL_FOLDER_EDIT: new Permission('TOOL_FOLDER:READ+EDIT'),
+  TOOL_FOLDER_DELETE: new Permission('TOOL_FOLDER:READ+DELETE'),
+  TOOL_FOLDER_AUTH: new Permission('TOOL_FOLDER:READ+AUTH'),
 
   KNOWLEDGE_READ: new Permission('KNOWLEDGE:READ'),
   KNOWLEDGE_CREATE: new Permission('KNOWLEDGE:READ+CREATE'),
diff --git a/ui/src/views/system/resource-authorization/component/PermissionTable.vue b/ui/src/views/system/resource-authorization/component/PermissionTable.vue
index 8879a4af7..0ac792967 100644
--- a/ui/src/views/system/resource-authorization/component/PermissionTable.vue
+++ b/ui/src/views/system/resource-authorization/component/PermissionTable.vue
@@ -198,7 +198,7 @@ watch(
 const permissionOptionMap = computed(() => {
   return {
     rootFolder: getPermissionOptions(true, true),
-    folder: getPermissionOptions(true, false),
+    folder: getPermissionOptions(false, false),
     resource: getPermissionOptions(false, false),
   }
 })