From c3ee49217671a1c150af571a7fb81a7585f23d0a Mon Sep 17 00:00:00 2001
From: zhangzhanwei <zhanwei.zhang@fit2cloud.com>
Date: Wed, 25 Jun 2025 17:18:47 +0800
Subject: [PATCH] feat: Application permission

---
 ui/src/permission/application/index.ts        |   5 +
 ui/src/permission/application/workspace.ts    | 101 ++++++++++++++++++
 ui/src/permission/index.ts                    |   2 +
 ui/src/permission/knowledge/workspace.ts      |  12 +--
 ui/src/router/modules/application-detail.ts   |  16 ---
 ui/src/router/modules/application.ts          |   1 +
 ui/src/router/modules/knowledge.ts            |   1 +
 ui/src/router/modules/model.ts                |   1 +
 ui/src/router/modules/system.ts               |  13 ++-
 ui/src/router/modules/tool.ts                 |   1 +
 ui/src/utils/permission/data.ts               |  16 +--
 ui/src/views/application-overview/index.vue   |  43 +++-----
 .../views/application/ApplicationAccess.vue   |  23 ++--
 .../views/application/ApplicationSetting.vue  |  19 ++--
 ui/src/views/application/index.vue            |  53 +++------
 15 files changed, 194 insertions(+), 113 deletions(-)
 create mode 100644 ui/src/permission/application/index.ts
 create mode 100644 ui/src/permission/application/workspace.ts

diff --git a/ui/src/permission/application/index.ts b/ui/src/permission/application/index.ts
new file mode 100644
index 000000000..38104dbd8
--- /dev/null
+++ b/ui/src/permission/application/index.ts
@@ -0,0 +1,5 @@
+import workspace from './workspace'
+const permission = {
+  workspace,
+}
+export default permission
diff --git a/ui/src/permission/application/workspace.ts b/ui/src/permission/application/workspace.ts
new file mode 100644
index 000000000..3a1ad3af7
--- /dev/null
+++ b/ui/src/permission/application/workspace.ts
@@ -0,0 +1,101 @@
+import { hasPermission } from '@/utils/permission/index'
+import { PermissionConst, RoleConst } from '@/utils/permission/data'
+
+const workspace = {
+    create: () => 
+        hasPermission(
+            [
+              RoleConst.ADMIN,
+              RoleConst.USER.getWorkspaceRole,
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_CREATE.getWorkspacePermission,
+              PermissionConst.APPLICATION_CREATE.getWorkspacePermissionWorkspaceManageRole,  
+            ],
+            'OR'
+    ),
+    edit: (source_id:string) => 
+        hasPermission(
+            [
+              RoleConst.ADMIN,
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,
+              PermissionConst.APPLICATION_EDIT.getApplicationWorkspaceResourcePermission(source_id)  
+            ],
+            'OR'
+    ),
+    export: (source_id:string) => 
+        hasPermission(
+            [
+              RoleConst.ADMIN,
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_EXPORT.getWorkspacePermissionWorkspaceManageRole,
+              PermissionConst.APPLICATION_EXPORT.getApplicationWorkspaceResourcePermission(source_id)  
+            ],
+            'OR'
+    ),
+    delete: (source_id:string) => 
+        hasPermission(
+            [
+              RoleConst.ADMIN,
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_DELETE.getWorkspacePermissionWorkspaceManageRole,
+              PermissionConst.APPLICATION_DELETE.getApplicationWorkspaceResourcePermission(source_id)  
+            ],
+            'OR'
+    ),
+    overview_embed: (source_id:string) => 
+        hasPermission(
+            [
+              RoleConst.ADMIN,
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_OVERVIEW_EMBEDDED.getWorkspacePermissionWorkspaceManageRole,
+              PermissionConst.APPLICATION_OVERVIEW_EMBEDDED.getApplicationWorkspaceResourcePermission(source_id)  
+            ],
+            'OR'
+    ),
+    overview_access: (source_id:string) => 
+      hasPermission(
+            [
+              RoleConst.ADMIN,
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_OVERVIEW_ACCESS.getWorkspacePermissionWorkspaceManageRole,
+              PermissionConst.APPLICATION_OVERVIEW_ACCESS.getApplicationWorkspaceResourcePermission(source_id)  
+            ],
+            'OR'
+    )
+
+        ,
+    overview_display: (source_id:string) => 
+        hasPermission(
+            [
+              RoleConst.ADMIN,
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_OVERVIEW_DISPLAY.getWorkspacePermissionWorkspaceManageRole,
+              PermissionConst.APPLICATION_OVERVIEW_DISPLAY.getApplicationWorkspaceResourcePermission(source_id)  
+            ],
+            'OR'
+    ),
+    overview_api_key: (source_id:string) => 
+        hasPermission(
+            [
+              RoleConst.ADMIN,
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_OVERVIEW_API_KEY.getWorkspacePermissionWorkspaceManageRole,
+              PermissionConst.APPLICATION_OVERVIEW_API_KEY.getApplicationWorkspaceResourcePermission(source_id)  
+            ],
+            'OR'
+    ),
+    access_edit: (source_id:string) => 
+        hasPermission(
+            [
+              RoleConst.ADMIN,
+              RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+              PermissionConst.APPLICATION_ACCESS_EDIT.getWorkspacePermissionWorkspaceManageRole,
+              PermissionConst.APPLICATION_ACCESS_EDIT.getApplicationWorkspaceResourcePermission(source_id)  
+            ],
+            'OR'
+    ),
+}
+
+
+export default workspace
\ No newline at end of file
diff --git a/ui/src/permission/index.ts b/ui/src/permission/index.ts
index a4bce21a6..3985ee393 100644
--- a/ui/src/permission/index.ts
+++ b/ui/src/permission/index.ts
@@ -1,9 +1,11 @@
 import tool from '@/permission/tool'
 import model from '@/permission/model'
 import knowledge from '@/permission/knowledge'
+import application from '@/permission/application'
 const permission = {
   tool,
   model,
   knowledge,
+  application,
 }
 export default permission
diff --git a/ui/src/permission/knowledge/workspace.ts b/ui/src/permission/knowledge/workspace.ts
index 7d997f927..fd2c5d195 100644
--- a/ui/src/permission/knowledge/workspace.ts
+++ b/ui/src/permission/knowledge/workspace.ts
@@ -32,7 +32,7 @@ const workspace = {
         PermissionConst.KNOWLEDGE_DOCUMENT_SYNC.getWorkspacePermissionWorkspaceManageRole,
       ],
       'OR',
-    ), 
+    ),
   vector: (source_id:string) =>
     hasPermission(
       [
@@ -122,7 +122,7 @@ const workspace = {
         PermissionConst.KNOWLEDGE_DOCUMENT_MIGRATE.getWorkspacePermissionWorkspaceManageRole,
       ],
       'OR',
-    ), 
+    ),
   doc_edit: (source_id:string) =>
     hasPermission(
       [
@@ -142,7 +142,7 @@ const workspace = {
         PermissionConst.KNOWLEDGE_DOCUMENT_SYNC.getWorkspacePermissionWorkspaceManageRole,
       ],
       'OR',
-    ),      
+    ),
   doc_delete: (source_id:string) =>
     hasPermission(
       [
@@ -152,7 +152,7 @@ const workspace = {
         PermissionConst.KNOWLEDGE_DOCUMENT_DELETE.getWorkspacePermissionWorkspaceManageRole,
       ],
       'OR',
-    ), 
+    ),
   doc_export: (source_id:string) =>
     hasPermission(
       [
@@ -162,7 +162,7 @@ const workspace = {
         PermissionConst.KNOWLEDGE_DOCUMENT_EXPORT.getWorkspacePermissionWorkspaceManageRole,
       ],
       'OR',
-    ),       
+    ),
   problem_create: (source_id:string) =>
     hasPermission(
       [
@@ -192,7 +192,7 @@ const workspace = {
         PermissionConst.KNOWLEDGE_PROBLEM_DELETE.getWorkspacePermissionWorkspaceManageRole,
       ],
       'OR',
-    ),                  
+    ),
 }
 
 export default workspace
diff --git a/ui/src/router/modules/application-detail.ts b/ui/src/router/modules/application-detail.ts
index 16b876134..5d5c4098d 100644
--- a/ui/src/router/modules/application-detail.ts
+++ b/ui/src/router/modules/application-detail.ts
@@ -19,10 +19,6 @@ const ApplicationDetailRouter = {
         active: 'overview',
         parentPath: '/application/:id/:type',
         parentName: 'ApplicationDetail',
-        permission: [
-          PermissionConst.APPLICATION_OVERVIEW_READ.getWorkspacePermission,
-          RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-        ],
       },
       component: () => import('@/views/application-overview/index.vue'),
     },
@@ -53,18 +49,6 @@ const ApplicationDetailRouter = {
       },
       component: () => import('@/views/application/ApplicationAccess.vue'),
     },
-    {
-      path: 'hit-test',
-      name: 'AppHitTest',
-      meta: {
-        icon: 'app-hit-test',
-        title: 'views.application.hitTest.title',
-        active: 'hit-test',
-        parentPath: '/application/:id/:type',
-        parentName: 'ApplicationDetail',
-      },
-      component: () => import('@/views/hit-test/index.vue'),
-    },
     {
       path: 'chat-user',
       name: 'applicationChatUser',
diff --git a/ui/src/router/modules/application.ts b/ui/src/router/modules/application.ts
index 8f3a766b0..75a91c3fe 100644
--- a/ui/src/router/modules/application.ts
+++ b/ui/src/router/modules/application.ts
@@ -7,6 +7,7 @@ const applicationRouter = {
     menu: true,
     permission: [
       RoleConst.ADMIN,
+      RoleConst.USER,
       RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
       PermissionConst.APPLICATION_READ.getWorkspacePermissionWorkspaceManageRole,
       PermissionConst.APPLICATION_READ.getWorkspacePermission,
diff --git a/ui/src/router/modules/knowledge.ts b/ui/src/router/modules/knowledge.ts
index d3d71c35b..43ea7fa46 100644
--- a/ui/src/router/modules/knowledge.ts
+++ b/ui/src/router/modules/knowledge.ts
@@ -7,6 +7,7 @@ const ModelRouter = {
     menu: true,
     permission: [
       RoleConst.ADMIN,
+      RoleConst.USER,
       RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
       PermissionConst.KNOWLEDGE_READ.getWorkspacePermission,
       PermissionConst.KNOWLEDGE_READ.getWorkspacePermissionWorkspaceManageRole,
diff --git a/ui/src/router/modules/model.ts b/ui/src/router/modules/model.ts
index 72c7461b7..a683842ce 100644
--- a/ui/src/router/modules/model.ts
+++ b/ui/src/router/modules/model.ts
@@ -7,6 +7,7 @@ const ModelRouter = {
     menu: true,
     permission: [
       RoleConst.ADMIN,
+      RoleConst.USER,
       RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
       PermissionConst.MODEL_READ.getWorkspacePermission,
       PermissionConst.MODEL_READ.getWorkspacePermissionWorkspaceManageRole,
diff --git a/ui/src/router/modules/system.ts b/ui/src/router/modules/system.ts
index 6d5a04440..7ecda5350 100644
--- a/ui/src/router/modules/system.ts
+++ b/ui/src/router/modules/system.ts
@@ -18,7 +18,14 @@ const systemRouter = {
         activeMenu: '/system',
         parentPath: '/system',
         parentName: 'system',
-        permission: [RoleConst.ADMIN, EditionConst.IS_EE],
+        permission: [
+          new ComplexPermission(
+            [RoleConst.ADMIN,],
+            [PermissionConst.USER_READ],
+            [EditionConst.IS_EE],
+            'OR',
+          ),
+        ],
       },
       component: () => import('@/views/system/user-manage/index.vue'),
     },
@@ -55,8 +62,8 @@ const systemRouter = {
         parentName: 'system',
         permission: [
           new ComplexPermission(
-            [RoleConst.WORKSPACE_MANAGE.getWorkspaceRole, RoleConst.ADMIN],
-            [PermissionConst.WORKSPACE_WORKSPACE_READ],
+            [RoleConst.WORKSPACE_MANAGE, RoleConst.ADMIN],
+            [PermissionConst.WORKSPACE_WORKSPACE_READ.getWorkspacePermissionWorkspaceManageRole],
             [EditionConst.IS_EE],
             'OR',
           ),
diff --git a/ui/src/router/modules/tool.ts b/ui/src/router/modules/tool.ts
index 5d838991b..7623a0c8b 100644
--- a/ui/src/router/modules/tool.ts
+++ b/ui/src/router/modules/tool.ts
@@ -7,6 +7,7 @@ const ModelRouter = {
     menu: true,
     permission: [
       RoleConst.ADMIN,
+      RoleConst.USER,
       RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
       PermissionConst.TOOL_READ.getWorkspacePermission,
       PermissionConst.TOOL_READ.getWorkspacePermissionWorkspaceManageRole,
diff --git a/ui/src/utils/permission/data.ts b/ui/src/utils/permission/data.ts
index 41450b476..774031104 100644
--- a/ui/src/utils/permission/data.ts
+++ b/ui/src/utils/permission/data.ts
@@ -123,20 +123,20 @@ const PermissionConst = {
   APPLICATION_TO_CHAT:new Permission('APPLICATION:READ+TO_CHAT'),
 
 
-  APPLICATION_OVERVIEW_READ:new Permission('OVERVIEW:READ'),
-  APPLICATION_OVERVIEW_EMBEDDED:new Permission('OVERVIEW:READ'),
-  APPLICATION_OVERVIEW_ACCESS:new Permission('OVERVIEW:READ'),
-  APPLICATION_OVERVIEW_DISPLAY:new Permission('OVERVIEW:READ'),
-  APPLICATION_OVERVIEW_API_KEY:new Permission('OVERVIEW:READ'),
-  APPLICATION_OVERVIEW_PUBLIC:new Permission('OVERVIEW:READ'),
+  APPLICATION_OVERVIEW_READ:new Permission('APPLICATION_OVERVIEW:READ'),
+  APPLICATION_OVERVIEW_EMBEDDED:new Permission('APPLICATION_OVERVIEW:READ+EMBED'),
+  APPLICATION_OVERVIEW_ACCESS:new Permission('APPLICATION_OVERVIEW:READ+ACCESS'),
+  APPLICATION_OVERVIEW_DISPLAY:new Permission('APPLICATION_OVERVIEW:READ+DISPLAY'),
+  APPLICATION_OVERVIEW_API_KEY:new Permission('APPLICATION_OVERVIEW:READ+API_KEY'),
+  APPLICATION_OVERVIEW_PUBLIC:new Permission('APPLICATION_OVERVIEW:READ+PUBLIC_ACCESS'),
 
   APPLICATION_CHAT_LOG:new Permission('APPLICATION_CHAT_LOG:READ'),
   APPLICATION_CHAT_LOG_ANNOTATION:new Permission('APPLICATION_CHAT_LOG:READ+ANNOTATION'),
   APPLICATION_CHAT_LOG_EXPORT:new Permission('APPLICATION_CHAT_LOG:READ+EXPORT'),
   APPLICATION_CHAT_LOG_POLICY:new Permission('APPLICATION_CHAT_LOG:READ+CLEAR_POLICY'),
 
-  APPLICATION_ACCESS_READ:new Permission('APPLICATION_CHAT_LOG:READ'),
-  APPLICATION_ACCESS_EDIT:new Permission('APPLICATION_CHAT_LOG:READ+EDIT'),
+  APPLICATION_ACCESS_READ:new Permission('APPLICATION_ACCESS:READ'),
+  APPLICATION_ACCESS_EDIT:new Permission('APPLICATION_ACCESS:READ+EDIT'),
 
   SHARED_TOOL_READ:new Permission('SYSTEM_TOOL:READ'),
   SHARED_TOOL_CREATE:new Permission('SYSTEM_TOOL:READ+CREATE'),
diff --git a/ui/src/views/application-overview/index.vue b/ui/src/views/application-overview/index.vue
index ee3589deb..9da132443 100644
--- a/ui/src/views/application-overview/index.vue
+++ b/ui/src/views/application-overview/index.vue
@@ -52,11 +52,6 @@
                     :active-text="$t('views.applicationOverview.appInfo.openText')"
                     :inactive-text="$t('views.applicationOverview.appInfo.closeText')"
                     :before-change="() => changeState(accessToken.is_active)"
-                    v-hasPermission="[
-                      RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                      RoleConst.USER.getWorkspaceRole,
-                      PermissionConst.APPLICATION_EDIT.getWorkspacePermission,
-                    ]"
                   />
                 </div>
 
@@ -98,11 +93,7 @@
                   <el-button
                     :disabled="!accessToken?.is_active"
                     @click="openDialog"
-                    v-hasPermission="[
-                      RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                      RoleConst.USER.getWorkspaceRole,
-                      PermissionConst.APPLICATION_OVERVIEW_EMBEDDED.getWorkspacePermission,
-                    ]"
+                    v-if="permissionPrecise.overview_embed(id)"
                   >
                     <AppIcon iconName="app-export" class="mr-4"></AppIcon>
                     {{ $t('views.applicationOverview.appInfo.embedInWebsite') }}
@@ -110,11 +101,7 @@
                   <!-- 访问限制 -->
                   <el-button
                     @click="openLimitDialog"
-                    v-hasPermission="[
-                      RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                      RoleConst.USER.getWorkspaceRole,
-                      PermissionConst.APPLICATION_OVERVIEW_ACCESS.getWorkspacePermission,
-                    ]"
+                    v-if="permissionPrecise.overview_access(id)"
                   >
                     <el-icon class="mr-4"><Lock /></el-icon>
                     {{ $t('views.applicationOverview.appInfo.accessControl') }}
@@ -122,11 +109,7 @@
                   <!-- 显示设置 -->
                   <el-button
                     @click="openDisplaySettingDialog"
-                    v-hasPermission="[
-                      RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                      RoleConst.USER.getWorkspaceRole,
-                      PermissionConst.APPLICATION_OVERVIEW_DISPLAY.getWorkspacePermission,
-                    ]"
+                    v-if="permissionPrecise.overview_display(id)"
                   >
                     <el-icon class="mr-4"><Setting /></el-icon>
                     {{ $t('views.applicationOverview.appInfo.displaySetting') }}
@@ -169,11 +152,7 @@
                 <div>
                   <el-button
                     @click="openAPIKeyDialog"
-                    v-hasPermission="[
-                      RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                      RoleConst.USER.getWorkspaceRole,
-                      PermissionConst.APPLICATION_OVERVIEW_API_KEY.getWorkspacePermission,
-                    ]"
+                    v-if="permissionPrecise.overview_api_key(id)"
                   >
                     <el-icon class="mr-4"><Key /></el-icon>
                     {{ $t('views.applicationOverview.appInfo.apiKey') }}</el-button
@@ -251,10 +230,20 @@ import { copyClick } from '@/utils/clipboard'
 import { isAppIcon } from '@/utils/common'
 import useStore from '@/stores'
 import { t } from '@/locales'
-import { PermissionConst, RoleConst, EditionConst } from '@/utils/permission/data'
+import { EditionConst } from '@/utils/permission/data'
 import { hasPermission } from '@/utils/permission/index'
-const { user, application } = useStore()
+import permissionMap from '@/permission'
+
 const route = useRoute()
+
+const apiType = computed<'workspace'>(() => {
+    return 'workspace'
+})
+const permissionPrecise = computed(() => {
+  return permissionMap['application'][apiType.value]
+})
+
+const { user, application } = useStore()
 const {
   params: { id },
 } = route as any
diff --git a/ui/src/views/application/ApplicationAccess.vue b/ui/src/views/application/ApplicationAccess.vue
index 612d6dfc8..67967dca1 100644
--- a/ui/src/views/application/ApplicationAccess.vue
+++ b/ui/src/views/application/ApplicationAccess.vue
@@ -28,15 +28,11 @@
                 v-model="item.isActive"
                 @change="changeStatus(item.key, item.isActive)"
                 :disabled="!item.exists"
-                v-hasPermission="[RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                RoleConst.USER.getWorkspaceRole,
-                PermissionConst.APPLICATION_ACCESS_EDIT.getWorkspacePermission]"
+                v-if="permissionPrecise.access_edit(id)"
               />
               <el-divider direction="vertical" />
               <el-button class="mr-4" @click="openDrawer(item.key)"
-                v-hasPermission="[RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                RoleConst.USER.getWorkspaceRole,
-                PermissionConst.APPLICATION_ACCESS_EDIT.getWorkspacePermission]"
+                v-if="permissionPrecise.access_edit(id)"
               >{{
                 $t('views.application.applicationAccess.setting')
               }}</el-button>
@@ -50,14 +46,22 @@
 </template>
 
 <script setup lang="ts">
-import { reactive, ref, onMounted } from 'vue'
+import { reactive, ref, onMounted, computed } from 'vue'
 import AccessSettingDrawer from './component/AccessSettingDrawer.vue'
 import applicationApi from '@/api/application/application'
 import { MsgSuccess } from '@/utils/message'
 import { useRoute } from 'vue-router'
 import { t } from '@/locales'
-import { PermissionConst, RoleConst } from '@/utils/permission/data'
-import { hasPermission } from '@/utils/permission/index'
+import permissionMap from '@/permission'
+
+const route = useRoute()
+
+const apiType = computed<'workspace'>(() => {
+    return 'workspace'
+})
+const permissionPrecise = computed(() => {
+  return permissionMap['application'][apiType.value]
+})
 
 // 平台数据
 const platforms = reactive([
@@ -105,7 +109,6 @@ const platforms = reactive([
 
 const AccessSettingDrawerRef = ref()
 const loading = ref(false)
-const route = useRoute()
 const {
   params: { id },
 } = route as any
diff --git a/ui/src/views/application/ApplicationSetting.vue b/ui/src/views/application/ApplicationSetting.vue
index 6dd75f5a0..0f77a1049 100644
--- a/ui/src/views/application/ApplicationSetting.vue
+++ b/ui/src/views/application/ApplicationSetting.vue
@@ -8,11 +8,7 @@
         type="primary"
         @click="submit(applicationFormRef)"
         :disabled="loading"
-        v-hasPermission="[
-          RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-          RoleConst.USER.getWorkspaceRole,
-          PermissionConst.APPLICATION_OVERVIEW_PUBLIC.getWorkspacePermission,
-        ]"
+        v-if="permissionPrecise.edit(id)"
       >
         {{ $t('views.application.buttons.publish') }}
       </el-button>
@@ -432,7 +428,7 @@
   </div>
 </template>
 <script setup lang="ts">
-import { reactive, ref, onMounted } from 'vue'
+import { reactive, ref, onMounted, computed } from 'vue'
 import { useRoute } from 'vue-router'
 import { groupBy } from 'lodash'
 import AIModeParamSettingDialog from './component/AIModeParamSettingDialog.vue'
@@ -450,10 +446,19 @@ import TTSModeParamSettingDialog from './component/TTSModeParamSettingDialog.vue
 import ReasoningParamSettingDialog from './component/ReasoningParamSettingDialog.vue'
 import { PermissionConst, RoleConst } from '@/utils/permission/data'
 import { hasPermission } from '@/utils/permission/index'
+import permissionMap from '@/permission'
+
+const route = useRoute()
+
+const apiType = computed<'workspace'>(() => {
+    return 'workspace'
+})
+const permissionPrecise = computed(() => {
+  return permissionMap['application'][apiType.value]
+})
 
 const { knowledge, model, application } = useStore()
 
-const route = useRoute()
 const {
   params: { id },
 } = route as any
diff --git a/ui/src/views/application/index.vue b/ui/src/views/application/index.vue
index 5d2351d9e..8b8dfaaf2 100644
--- a/ui/src/views/application/index.vue
+++ b/ui/src/views/application/index.vue
@@ -43,16 +43,12 @@
               <el-option v-for="u in user_options" :key="u.id" :value="u.id" :label="u.username" />
             </el-select>
           </div>
-          <el-dropdown trigger="click">
+          <el-dropdown trigger="click"
+            v-if="permissionPrecise.create()"
+          >
             <el-button
               type="primary"
               class="ml-8"
-              v-hasPermission="[
-                RoleConst.ADMIN,
-                RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                PermissionConst.APPLICATION_EDIT.getWorkspacePermissionWorkspaceManageRole,
-                PermissionConst.APPLICATION_EDIT.getWorkspacePermission,
-              ]"
             >
               {{ $t('common.create') }}
               <el-icon class="el-icon--right">
@@ -234,16 +230,7 @@
                             </el-dropdown-item>
                             <el-dropdown-item
                               @click.stop="settingApplication(item)"
-                              v-if="
-                                hasPermission(
-                                  [
-                                    RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                                    RoleConst.USER.getWorkspaceRole,
-                                    PermissionConst.APPLICATION_EDIT.getWorkspacePermission,
-                                  ],
-                                  'OR',
-                                )
-                              "
+                              v-if="permissionPrecise.edit(item.id)"
                             >
                               <el-icon><Setting /></el-icon>
                               {{ $t('common.setting') }}
@@ -252,14 +239,7 @@
                               divided
                               @click.stop="exportApplication(item)"
                               v-if="
-                                hasPermission(
-                                  [
-                                    RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                                    RoleConst.USER.getWorkspaceRole,
-                                    PermissionConst.APPLICATION_EXPORT.getWorkspacePermission,
-                                  ],
-                                  'OR',
-                                )
+                                permissionPrecise.export(item.id)
                               "
                             >
                               <AppIcon iconName="app-export"></AppIcon>
@@ -270,14 +250,7 @@
                               icon="Delete"
                               @click.stop="deleteApplication(item)"
                               v-if="
-                                hasPermission(
-                                  [
-                                    RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                                    RoleConst.USER.getWorkspaceRole,
-                                    PermissionConst.APPLICATION_DELETE.getWorkspacePermission,
-                                  ],
-                                  'OR',
-                                )
+                                permissionPrecise.delete(item.id)
                               "
                               >{{ $t('common.delete') }}</el-dropdown-item
                             >
@@ -309,14 +282,22 @@ import ApplicaitonApi from '@/api/application/application'
 import { MsgSuccess, MsgConfirm, MsgError } from '@/utils/message'
 import useStore from '@/stores'
 import { t } from '@/locales'
-import { useRouter } from 'vue-router'
+import { useRouter, useRoute } from 'vue-router'
 import { isWorkFlow } from '@/utils/application'
 import { dateFormat } from '@/utils/time'
-import { PermissionConst, RoleConst } from '@/utils/permission/data'
-import { hasPermission } from '@/utils/permission/index'
 import { FolderSource } from '@/enums/common'
+import permissionMap from '@/permission'
 
 const router = useRouter()
+const route = useRoute()
+
+const apiType = computed<'workspace'>(() => {
+    return 'workspace'
+})
+const permissionPrecise = computed(() => {
+  return permissionMap['application'][apiType.value]
+})
+
 const { folder, application, user } = useStore()
 
 const loading = ref(false)