From ec6664061608f3879c19edae1c3ab56146b2b066 Mon Sep 17 00:00:00 2001
From: shaohuzhang1 <80892890+shaohuzhang1@users.noreply.github.com>
Date: Thu, 19 Jun 2025 20:07:40 +0800
Subject: [PATCH] feat: Button Permission by workspace role (#3317)

Co-authored-by: zhangzhanwei <zhanwei.zhang@fit2cloud.com>
---
 ui/src/router/modules/3tool.ts                |  2 +-
 ui/src/router/modules/system.ts               | 12 +++-
 ui/src/utils/permission/data.ts               | 71 ++++++++++++++++---
 ui/src/utils/permission/index.ts              |  3 +-
 ui/src/views/document/index.vue               | 31 +++++---
 ui/src/views/knowledge/index.vue              | 12 +---
 ui/src/views/role/component/Member.vue        | 13 +++-
 ui/src/views/role/index.vue                   |  7 +-
 ui/src/views/system-chat-user/group/index.vue | 34 +++++++--
 .../system-chat-user/user-manage/index.vue    | 32 +++++++--
 ui/src/views/tool/ToolFormDrawer.vue          | 18 +++--
 ui/src/views/workspace/component/Member.vue   |  9 ++-
 ui/src/views/workspace/index.vue              |  6 +-
 13 files changed, 192 insertions(+), 58 deletions(-)

diff --git a/ui/src/router/modules/3tool.ts b/ui/src/router/modules/3tool.ts
index e9e050811..f275f0c48 100644
--- a/ui/src/router/modules/3tool.ts
+++ b/ui/src/router/modules/3tool.ts
@@ -1,7 +1,7 @@
 const ModelRouter = {
   path: '/tool',
   name: 'tool',
-  meta: { title: 'views.tool.title', permission: 'TOOL:READ' },
+  meta: { title: 'views.tool.title' },
   redirect: '/tool',
   component: () => import('@/layout/layout-template/SimpleLayout.vue'),
   children: [
diff --git a/ui/src/router/modules/system.ts b/ui/src/router/modules/system.ts
index a2f29892f..e96a4ff67 100644
--- a/ui/src/router/modules/system.ts
+++ b/ui/src/router/modules/system.ts
@@ -1,4 +1,5 @@
 import { PermissionConst, EditionConst, RoleConst } from '@/utils/permission/data'
+import { ComplexPermission } from '@/utils/permission/type'
 const systemRouter = {
   path: '/system',
   name: 'system',
@@ -16,6 +17,7 @@ const systemRouter = {
         activeMenu: '/system',
         parentPath: '/system',
         parentName: 'system',
+        permission: [RoleConst.ADMIN,EditionConst.IS_EE],
       },
       component: () => import('@/views/user-manage/index.vue'),
     },
@@ -78,7 +80,7 @@ const systemRouter = {
         activeMenu: '/system',
         parentPath: '/system',
         parentName: 'system',
-        permission: [EditionConst.IS_EE],
+        permission:[new ComplexPermission([RoleConst.ADMIN,RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],[PermissionConst.ROLE_READ],[EditionConst.IS_EE],'OR'),],
       },
       component: () => import('@/views/role/index.vue'),
     },
@@ -92,7 +94,7 @@ const systemRouter = {
         activeMenu: '/system',
         parentPath: '/system',
         parentName: 'system',
-        permission: [EditionConst.IS_EE],
+        permission:[new ComplexPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,RoleConst.ADMIN],[PermissionConst.WORKSPACE_WORKSPACE_READ],[EditionConst.IS_EE],'OR'),],
       },
       component: () => import('@/views/workspace/index.vue'),
     },
@@ -154,7 +156,7 @@ const systemRouter = {
         activeMenu: '/system',
         parentPath: '/system',
         parentName: 'system',
-        permission: [EditionConst.IS_PE, EditionConst.IS_EE],
+        permission:[new ComplexPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,RoleConst.ADMIN],[PermissionConst.WORKSPACE_USER_GROUP_READ],[EditionConst.IS_EE,EditionConst.IS_PE],'OR'),],
       },
       children: [
         {
@@ -165,6 +167,7 @@ const systemRouter = {
             activeMenu: '/system',
             parentPath: '/system',
             parentName: 'system',
+            permission:[new ComplexPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,RoleConst.ADMIN],[PermissionConst.WORKSPACE_CHAT_USER_READ],[EditionConst.IS_EE,EditionConst.IS_PE],'OR'),],
           },
           component: () => import('@/views/system-chat-user/user-manage/index.vue'),
         },
@@ -176,6 +179,7 @@ const systemRouter = {
             activeMenu: '/system',
             parentPath: '/system',
             parentName: 'system',
+            permission:[new ComplexPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,RoleConst.ADMIN],[PermissionConst.WORKSPACE_USER_GROUP_READ],[EditionConst.IS_EE,EditionConst.IS_PE],'OR'),],
           },
           component: () => import('@/views/system-chat-user/group/index.vue'),
         },
@@ -187,6 +191,8 @@ const systemRouter = {
             activeMenu: '/system',
             parentPath: '/system',
             parentName: 'system',
+            permission:[new ComplexPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,RoleConst.ADMIN],
+              [PermissionConst.CHAT_USER_AUTH_READ],[EditionConst.IS_EE,EditionConst.IS_PE],'OR'),],
           },
           component: () => import('@/views/system-chat-user/authentication/index.vue'),
         },
diff --git a/ui/src/utils/permission/data.ts b/ui/src/utils/permission/data.ts
index 3040ba8c5..8b26e1a29 100644
--- a/ui/src/utils/permission/data.ts
+++ b/ui/src/utils/permission/data.ts
@@ -26,7 +26,61 @@ import { Permission, Role, Edition } from '@/utils/permission/type'
 //     CLEAR_POLICY = "READ+CLEAR_POLICY"
 const PermissionConst = {
   USER_READ: new Permission('USER:READ'),
-  USER_CREATE: new Permission('USER:CREATE'),
+  USER_CREATE: new Permission('USER:READ+CREATE'),
+  USER_EDIT: new Permission('USER:READ+EDIT'),
+  USER_DELETE: new Permission('USER:READ+DELETE'),
+
+  WORKSPACE_USER_RESOURCE_PERMISSION_READ: new Permission('WORKSPACE_USER_RESOURCE_PERMISSION:READ'),
+  WORKSPACE_USER_RESOURCE_PERMISSION_EDIT: new Permission('WORKSPACE_USER_RESOURCE_PERMISSION:READ+EDIT'),
+
+  WORKSPACE_ROLE_READ: new Permission('WORKSPACE_ROLE:READ'),
+  WORKSPACE_ROLE_ADD_MEMBER: new Permission('WORKSPACE_ROLE:READ+ADD_MEMBER'),
+  WORKSPACE_ROLE_REMOVE_MEMBER: new Permission('WORKSPACE_ROLE:READ+REMOVE_MEMBER'),
+
+  WORKSPACE_READ: new Permission('WORKSPACE:READ'),
+  WORKSPACE_CREATE: new Permission('WORKSPACE:READ+CREATE'),
+  WORKSPACE_EDIT: new Permission('WORKSPACE:READ+EDIT'),
+  WORKSPACE_DELETE: new Permission('WORKSPACE:READ+DELETE'),
+  WORKSPACE_ADD_MEMBER: new Permission('WORKSPACE:READ+ADD_MEMBER'),
+  WORKSPACE_REMOVE_MEMBER: new Permission('WORKSPACE:READ+REMOVE_MEMBER'),
+
+  WORKSPACE_WORKSPACE_READ: new Permission('WORKSPACE_WORKSPACE:READ'),
+  WORKSPACE_WORKSPACE_ADD_MEMBER: new Permission('WORKSPACE:READ+ADD_MEMBER'),
+  WORKSPACE_WORKSPACE_REMOVE_MEMBER: new Permission('WORKSPACE:READ+REMOVE_MEMBER'),
+
+  WORKSPACE_CHAT_USER_READ: new Permission('WORKSPACE_CHAT_USER:READ'),
+  WORKSPACE_CHAT_USER_CREATE: new Permission('WORKSPACE_CHAT_USER:READ+CREATE'),
+  WORKSPACE_CHAT_USER_EDIT: new Permission('WORKSPACE_CHAT_USER:READ+EDIT'),
+  WORKSPACE_CHAT_USER_DELETE: new Permission('WORKSPACE_CHAT_USER:READ+DELETE'),
+  WORKSPACE_CHAT_USER_GROUP: new Permission('WORKSPACE_CHAT_USER:READ+USER_GROUP'),
+
+  WORKSPACE_USER_GROUP_READ: new Permission('WORKSPACE_USER_GROUP:READ'),
+  WORKSPACE_USER_GROUP_CREATE: new Permission('WORKSPACE_USER_GROUP:READ+CREATE'),
+  WORKSPACE_USER_GROUP_EDIT: new Permission('WORKSPACE_USER_GROUP:READ+EDIT'),
+  WORKSPACE_USER_GROUP_DELETE: new Permission('WORKSPACE_USER_GROUP:READ+DELETE'),
+  WORKSPACE_USER_GROUP_ADD_MEMBER: new Permission('WORKSPACE_USER_GROUP:READ+ADD_MEMBER'),
+  WORKSPACE_USER_GROUP_REMOVE_MEMBER: new Permission('WORKSPACE_USER_GROUP:READ+REMOVE_MEMBER'),
+
+  CHAT_USER_AUTH_READ:new Permission('CHAT_USER_AUTH:READ'),
+  CHAT_USER_AUTH_EDIT:new Permission('CHAT_USER_AUTH:READ+EDIT'),
+
+  CHAT_USER_READ: new Permission('CHAT_USER:READ'),
+  CHAT_USER_CREATE: new Permission('CHAT_USER:READ+CREATE'),
+  CHAT_USER_SYNC: new Permission('CHAT_USER:READ+SYNC'),
+  CHAT_USER_EDIT: new Permission('CHAT_USER:READ+EDIT'),
+  CHAT_USER_DELETE: new Permission('CHAT_USER:READ+DELETE'),
+  CHAT_USER_GROUP: new Permission('CHAT_USER:READ+USER_GROUP'),
+
+  USER_GROUP_READ: new Permission('USER_GROUP:READ'),
+
+
+  ROLE_READ: new Permission('ROLE:READ'),
+  ROLE_CREATE: new Permission('ROLE:READ'),
+  ROLE_EDIT: new Permission('ROLE:READ'),
+  ROLE_DELETE: new Permission('ROLE:READ'),
+  ROLE_ADD_MEMBER: new Permission('ROLE:READ'),
+  ROLE_REMOVE_MEMBER: new Permission('ROLE:READ'),
+
 
   KNOWLEDGE_READ: new Permission('KNOWLEDGE:READ'),
   KNOWLEDGE_CREATE: new Permission('KNOWLEDGE:READ+CREATE'),
@@ -38,6 +92,7 @@ const PermissionConst = {
 
   KNOWLEDGE_DOCUMENT_READ:new Permission('KNOWLEDGE_DOCUMENT:READ'),
   KNOWLEDGE_DOCUMENT_CREATE:new Permission('KNOWLEDGE_DOCUMENT:READ+CREATE'),
+  KNOWLEDGE_DOCUMENT_DELETE:new Permission('KNOWLEDGE_DOCUMENT:READ+DELETE'),
   KNOWLEDGE_DOCUMENT_EDIT:new Permission('KNOWLEDGE_DOCUMENT:READ+EDIT'),
   KNOWLEDGE_DOCUMENT_SYNC:new Permission('KNOWLEDGE_DOCUMENT:READ+SYNC'),
   KNOWLEDGE_DOCUMENT_MIGRATE:new Permission('KNOWLEDGE_DOCUMENT:READ+MIGRATE'),
@@ -60,7 +115,7 @@ const PermissionConst = {
   APPLICATION_EXPORT:new Permission('APPLICATION:READ+EXPORT'),
   APPLICATION_DELETE:new Permission('APPLICATION:READ+DELETE'),
   APPLICATION_EDIT:new Permission('APPLICATION:READ+EDIT'),
-  
+
   APPLICATION_OVERVIEW_READ:new Permission('OVERVIEW:READ'),
   APPLICATION_OVERVIEW_EMBEDDED:new Permission('OVERVIEW:READ'),
   APPLICATION_OVERVIEW_ACCESS:new Permission('OVERVIEW:READ'),
@@ -68,11 +123,11 @@ const PermissionConst = {
   APPLICATION_OVERVIEW_API_KEY:new Permission('OVERVIEW:READ'),
   APPLICATION_OVERVIEW_PUBLIC:new Permission('OVERVIEW:READ'),
 
-  APPLICATION_CHAT_LOG:new Permission('APPLICATION_CHAT_LOG:READ'), 
-  APPLICATION_CHAT_LOG_ANNOTATION:new Permission('APPLICATION_CHAT_LOG:READ+ANNOTATION'), 
+  APPLICATION_CHAT_LOG:new Permission('APPLICATION_CHAT_LOG:READ'),
+  APPLICATION_CHAT_LOG_ANNOTATION:new Permission('APPLICATION_CHAT_LOG:READ+ANNOTATION'),
   APPLICATION_CHAT_LOG_EXPORT:new Permission('APPLICATION_CHAT_LOG:READ+EXPORT'),
   APPLICATION_CHAT_LOG_POLICY:new Permission('APPLICATION_CHAT_LOG:READ+CLEAR_POLICY'),
-  
+
   APPLICATION_ACCESS_READ:new Permission('APPLICATION_CHAT_LOG:READ'),
   APPLICATION_ACCESS_EDIT:new Permission('APPLICATION_CHAT_LOG:READ+EDIT'),
 
@@ -100,10 +155,8 @@ const PermissionConst = {
   RESOURCE_TOOL_IMPORT:new Permission('SYSTEM_RES_TOOL:READ+IMPORT'),
   RESOURCE_TOOL_EXPORT:new Permission('SYSTEM_RES_TOOL:READ+EXPORT'),
 
-  WORKSPACE_ROLE_READ:new Permission('WORKSAPCE_ROLE:READ'),
-  WORKSPACE_ROLE_ADD_MEMBER:new Permission('WORKSAPCE_ROLE:READ+ADD_MEMBER'),
-  WORKSPACE_ROLE_REMOVE_MEMBER:new Permission('WORKSAPCE_ROLE:READ+REMOVE_MEMBER'),
- 
+
+
 
 
 
diff --git a/ui/src/utils/permission/index.ts b/ui/src/utils/permission/index.ts
index d6a56b049..2a72684b3 100644
--- a/ui/src/utils/permission/index.ts
+++ b/ui/src/utils/permission/index.ts
@@ -45,7 +45,8 @@ const hasPermissionChild = (
     const roleOk = roleList.some((r) =>
       role.includes(isFunction(r) ? (r as CRF)().toString() : r.toString()),
     )
-    const editionOK = permission.editionList.includes(edition.toString())
+    const  editionList= permission.editionList
+    const editionOK = permission.editionList.length>0?editionList.some(e=>edition.toString()==e.toString()):true
 
     return permission.compare === 'AND'
       ? permissionOk && roleOk && editionOK
diff --git a/ui/src/views/document/index.vue b/ui/src/views/document/index.vue
index aac66d5c0..a10cf1330 100644
--- a/ui/src/views/document/index.vue
+++ b/ui/src/views/document/index.vue
@@ -69,10 +69,6 @@
               <el-dropdown>
                 <el-button
                   class="ml-12 mr-12"
-                  v-hasPermission="[
-                    RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                    PermissionConst.KNOWLEDGE_DOCUMENT_EDIT.getWorkspacePermission,
-                  ]"
                 >
                   <el-icon><MoreFilled /></el-icon>
                 </el-button>
@@ -81,6 +77,7 @@
                     <el-dropdown-item
                       @click="openBatchEditDocument"
                       :disabled="multipleSelection.length === 0"
+                      v-if="hasPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,PermissionConst.KNOWLEDGE_DOCUMENT_EDIT.getWorkspacePermission],'OR')"
                     >
                       {{ $t('common.setting') }}
                     </el-dropdown-item>
@@ -88,7 +85,8 @@
                       divided
                       @click="syncMulDocument"
                       :disabled="multipleSelection.length === 0"
-                      v-if="knowledgeDetail.type === 1"
+                      v-if="knowledgeDetail.type === 1 &&
+                      hasPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,PermissionConst.KNOWLEDGE_DOCUMENT_SYNC.getWorkspacePermission],'OR')"
                       >{{ $t('views.document.syncDocument') }}
                     </el-dropdown-item>
                     <el-dropdown-item
@@ -439,30 +437,41 @@
                             v-if="
                               ([State.STARTED, State.PENDING] as Array<string>).includes(
                                 getTaskState(row.status, TaskType.GENERATE_PROBLEM),
-                              )
+                              )&&
+                              hasPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,PermissionConst.KNOWLEDGE_PROBLEM_CREATE.getWorkspacePermission],'OR')
                             "
                             @click="cancelTask(row, TaskType.GENERATE_PROBLEM)"
                           >
                             <el-icon><Connection /></el-icon>
                             {{ $t('views.document.setting.cancelGenerateQuestion') }}
                           </el-dropdown-item>
-                          <el-dropdown-item v-else @click="openGenerateDialog(row)">
+                          <el-dropdown-item v-else @click="openGenerateDialog(row)"
+                            v-if="hasPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,PermissionConst.KNOWLEDGE_PROBLEM_CREATE.getWorkspacePermission],'OR')"
+                          >
                             <el-icon><Connection /></el-icon>
                             {{ $t('views.document.generateQuestion.title') }}
                           </el-dropdown-item>
-                          <el-dropdown-item @click="openknowledgeDialog(row)">
+                          <el-dropdown-item @click="openknowledgeDialog(row)"
+                            v-if="hasPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,PermissionConst.KNOWLEDGE_DOCUMENT_MIGRATE.getWorkspacePermission],'OR')"
+                          >
                             <AppIcon iconName="app-migrate"></AppIcon>
                             {{ $t('views.document.setting.migration') }}
                           </el-dropdown-item>
-                          <el-dropdown-item @click="exportDocument(row)">
+                          <el-dropdown-item @click="exportDocument(row)"
+                            v-if="hasPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,PermissionConst.KNOWLEDGE_DOCUMENT_EXPORT.getWorkspacePermission],'OR')"
+                          >
                             <AppIcon iconName="app-export"></AppIcon>
                             {{ $t('views.document.setting.export') }} Excel
                           </el-dropdown-item>
-                          <el-dropdown-item @click="exportDocumentZip(row)">
+                          <el-dropdown-item @click="exportDocumentZip(row)"
+                            v-if="hasPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,PermissionConst.KNOWLEDGE_DOCUMENT_EXPORT.getWorkspacePermission],'OR')"
+                          >
                             <AppIcon iconName="app-export"></AppIcon>
                             {{ $t('views.document.setting.export') }} Zip
                           </el-dropdown-item>
-                          <el-dropdown-item icon="Delete" @click.stop="deleteDocument(row)">
+                          <el-dropdown-item icon="Delete" @click.stop="deleteDocument(row)"
+                            v-if="hasPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,PermissionConst.KNOWLEDGE_DOCUMENT_DELETE.getWorkspacePermission],'OR')"
+                          >
                             {{ $t('common.delete') }}</el-dropdown-item
                           >
                         </el-dropdown-menu>
diff --git a/ui/src/views/knowledge/index.vue b/ui/src/views/knowledge/index.vue
index aa5aab016..0c485d29f 100644
--- a/ui/src/views/knowledge/index.vue
+++ b/ui/src/views/knowledge/index.vue
@@ -238,16 +238,8 @@
                             <el-dropdown-item
                               icon="Refresh"
                               @click.stop="syncKnowledge(item)"
-                              v-if="
-                                item.type === 1 ||
-                                hasPermission(
-                                  [
-                                    RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
-                                    PermissionConst.KNOWLEDGE_SYNC.getWorkspacePermission,
-                                  ],
-                                  'OR',
-                                )
-                              "
+                              v-if="item.type === 1 &&
+                              hasPermission([RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,PermissionConst.KNOWLEDGE_SYNC.getWorkspacePermission],'OR')"
                               >{{ $t('views.knowledge.setting.sync') }}
                             </el-dropdown-item>
                             <el-dropdown-item
diff --git a/ui/src/views/role/component/Member.vue b/ui/src/views/role/component/Member.vue
index d8d449b6a..5a5122bcb 100644
--- a/ui/src/views/role/component/Member.vue
+++ b/ui/src/views/role/component/Member.vue
@@ -1,7 +1,10 @@
 <template>
   <div class="p-24 pt-0">
     <div class="flex-between mb-16">
-      <el-button type="primary" @click="handleAdd">
+      <el-button type="primary" @click="handleAdd"
+        v-hasPermission="new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+        [PermissionConst.ROLE_ADD_MEMBER.getWorkspacePermission],[], 'OR')"
+      >
         {{ $t('views.role.member.add') }}
       </el-button>
       <div class="flex complex-search">
@@ -40,7 +43,10 @@
             :content="`${$t('views.role.member.delete.button')}`"
             placement="top"
           >
-            <el-button type="primary" text @click.stop="handleDelete(row)">
+            <el-button type="primary" text @click.stop="handleDelete(row)"
+              v-hasPermission="new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+              [PermissionConst.ROLE_REMOVE_MEMBER.getWorkspacePermission],[], 'OR')"
+            >
               <el-icon>
                 <Delete />
               </el-icon>
@@ -62,7 +68,8 @@ import { t } from '@/locales'
 import AddMemberDrawer from './AddMemberDrawer.vue'
 import { RoleTypeEnum } from '@/enums/system'
 import { loadPermissionApi } from '@/utils/permission-api'
-
+import { PermissionConst, RoleConst } from '@/utils/permission/data'
+import { ComplexPermission } from '@/utils/permission/type'
 const props = defineProps<{
   currentRole?: RoleItem
 }>()
diff --git a/ui/src/views/role/index.vue b/ui/src/views/role/index.vue
index 3baf93a1d..831e4f3c6 100644
--- a/ui/src/views/role/index.vue
+++ b/ui/src/views/role/index.vue
@@ -60,7 +60,10 @@
                   :content="`${$t('common.create')}${$t('views.role.customRole')}`"
                   placement="top"
                 >
-                  <el-button type="primary" text @click="createOrUpdateRole()">
+                  <el-button type="primary" text @click="createOrUpdateRole()"
+                    v-hasPermission="new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+                    [PermissionConst.ROLE_CREATE.getWorkspacePermission],[], 'OR')"
+                  >
                     <AppIcon iconName="app-copy"></AppIcon>
                   </el-button>
                 </el-tooltip>
@@ -160,6 +163,8 @@ import { RoleTypeEnum } from '@/enums/system'
 import { roleTypeMap } from './index'
 import { MsgSuccess, MsgConfirm } from '@/utils/message'
 import { loadPermissionApi } from '@/utils/permission-api'
+import { PermissionConst, RoleConst } from '@/utils/permission/data'
+import { ComplexPermission } from '@/utils/permission/type'
 
 const filterText = ref('')
 const loading = ref(false)
diff --git a/ui/src/views/system-chat-user/group/index.vue b/ui/src/views/system-chat-user/group/index.vue
index be21211dd..0ffd9e6e6 100644
--- a/ui/src/views/system-chat-user/group/index.vue
+++ b/ui/src/views/system-chat-user/group/index.vue
@@ -17,7 +17,9 @@
               <h4 class="medium">{{ $t('views.chatUser.group.title') }}</h4>
               <el-tooltip effect="dark" :content="`${$t('common.create')}${$t('views.chatUser.group.title')}`"
                 placement="top">
-                <el-button type="primary" text @click="createOrUpdate()">
+                <el-button type="primary" text @click="createOrUpdate()"
+                  v-hasPermission="new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+                  [PermissionConst.WORKSPACE_USER_GROUP_CREATE.getWorkspacePermission], [], 'OR')">
                   <AppIcon iconName="app-copy"></AppIcon>
                 </el-button>
               </el-tooltip>
@@ -40,13 +42,21 @@
                         </el-button>
                         <template #dropdown>
                           <el-dropdown-menu style="min-width: 80px">
-                            <el-dropdown-item @click.stop="createOrUpdate(row)" class="p-8">
+                            <el-dropdown-item @click.stop="createOrUpdate(row)" class="p-8"
+                              v-if="hasPermission(new ComplexPermission(
+                              [RoleConst.ADMIN,RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+                              [PermissionConst.WORKSPACE_USER_GROUP_EDIT.getWorkspacePermission], [], 'OR'), 'OR')">
                               <AppIcon iconName="app-copy"></AppIcon>
                               {{
                                 $t('common.rename')
                               }}
                             </el-dropdown-item>
-                            <el-dropdown-item @click.stop="deleteGroup(row)" class="border-t p-8" v-if="row.id !== 'default'">
+                            <el-dropdown-item @click.stop="deleteGroup(row)" class="border-t p-8"
+                              v-if="row.id !== 'default'&&
+                              hasPermission(new ComplexPermission(
+                              [RoleConst.ADMIN,RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+                              [PermissionConst.WORKSPACE_USER_GROUP_DELETE.getWorkspacePermission], [], 'OR'), 'OR')"
+                            >
                               <AppIcon iconName="app-copy"></AppIcon>
                               {{
                                 $t('common.delete')
@@ -78,10 +88,16 @@
 
             <div class="flex-between mb-16" style="margin-top: 20px;">
               <div>
-                <el-button type="primary" @click="createUser()">
+                <el-button type="primary" @click="createUser()"
+                  v-hasPermission="new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+                  [PermissionConst.WORKSPACE_USER_GROUP_ADD_MEMBER.getWorkspacePermission], [], 'OR')"
+                >
                   {{ t('views.role.member.add') }}
                 </el-button>
-                <el-button :disabled="multipleSelection.length === 0" @click="handleDeleteUser()">
+                <el-button :disabled="multipleSelection.length === 0" @click="handleDeleteUser()"
+                  v-hasPermission="new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+                  [PermissionConst.WORKSPACE_USER_GROUP_DELETE.getWorkspacePermission], [], 'OR')"
+                >
                   {{ $t('common.delete') }}
                 </el-button>
               </div>
@@ -119,7 +135,10 @@
               <el-table-column :label="$t('common.operation')" width="100" fixed="right">
                 <template #default="{ row }">
                   <el-tooltip effect="dark" :content="`${$t('views.role.member.delete.button')}`" placement="top">
-                    <el-button type="primary" text @click.stop="handleDeleteUser(row)">
+                    <el-button type="primary" text @click.stop="handleDeleteUser(row)"
+                      v-hasPermission="new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+                      [PermissionConst.WORKSPACE_USER_GROUP_REMOVE_MEMBER.getWorkspacePermission], [], 'OR')"
+                    >
                       <el-icon>
                         <EditPen />
                       </el-icon>
@@ -147,6 +166,9 @@ import CreateOrUpdateGroupDialog from './component/CreateOrUpdateGroupDialog.vue
 import CreateGroupUserDialog from './component/CreateGroupUserDialog.vue'
 import type { ListItem } from '@/api/type/common'
 import { MsgSuccess, MsgConfirm } from '@/utils/message'
+import { PermissionConst, RoleConst } from '@/utils/permission/data'
+import { ComplexPermission } from '@/utils/permission/type'
+import { hasPermission } from '@/utils/permission/index'
 
 const filterText = ref('')
 const loading = ref(false)
diff --git a/ui/src/views/system-chat-user/user-manage/index.vue b/ui/src/views/system-chat-user/user-manage/index.vue
index 4a75640c2..b2fa3761c 100644
--- a/ui/src/views/system-chat-user/user-manage/index.vue
+++ b/ui/src/views/system-chat-user/user-manage/index.vue
@@ -13,16 +13,25 @@
       <el-card class="h-full">
         <div class="flex-between mb-16">
           <div>
-            <el-button type="primary" @click="createUser()">
+            <el-button type="primary" @click="createUser()"
+              v-hasPermission="new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+              [PermissionConst.WORKSPACE_CHAT_USER_CREATE.getWorkspacePermission],[],'OR')"
+            >
               {{ t('views.userManage.createUser') }}
             </el-button>
             <el-button @click="syncUsers">
               {{ $t('views.chatUser.syncUsers') }}
             </el-button>
-            <el-button :disabled="multipleSelection.length === 0" @click="setUserGroups">
+            <el-button :disabled="multipleSelection.length === 0" @click="setUserGroups"
+              v-hasPermission="new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+                [PermissionConst.WORKSPACE_CHAT_USER_GROUP.getWorkspacePermission],[],'OR')"
+            >
               {{ $t('views.chatUser.setUserGroups') }}
             </el-button>
-            <el-button :disabled="multipleSelection.length === 0" @click="handleBatchDelete">
+            <el-button :disabled="multipleSelection.length === 0" @click="handleBatchDelete"
+              v-hasPermission="new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+                [PermissionConst.WORKSPACE_CHAT_USER_DELETE.getWorkspacePermission],[],'OR')"
+            >
               {{ $t('common.delete') }}
             </el-button>
           </div>
@@ -106,7 +115,10 @@
               </span>
               <el-divider direction="vertical" />
               <span class="mr-8">
-                <el-button type="primary" text @click.stop="editUser(row)" :title="$t('common.edit')">
+                <el-button type="primary" text @click.stop="editUser(row)" :title="$t('common.edit')"
+                  v-hasPermission="new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+                    [PermissionConst.WORKSPACE_CHAT_USER_EDIT.getWorkspacePermission],[],'OR')"
+                >
                   <el-icon>
                     <EditPen />
                   </el-icon>
@@ -115,7 +127,10 @@
 
               <span class="mr-8">
                 <el-button type="primary" text @click.stop="editPwdUser(row)"
-                  :title="$t('views.userManage.setting.updatePwd')">
+                  :title="$t('views.userManage.setting.updatePwd')"
+                  v-hasPermission="new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+                [PermissionConst.WORKSPACE_CHAT_USER_EDIT.getWorkspacePermission],[],'OR')"
+                  >
                   <el-icon>
                     <Lock />
                   </el-icon>
@@ -123,7 +138,10 @@
               </span>
               <span>
                 <el-button :disabled="row.role === 'ADMIN'" type="primary" text @click.stop="deleteUserManage(row)"
-                  :title="$t('common.delete')">
+                  :title="$t('common.delete')"
+                  v-hasPermission="new ComplexPermission([RoleConst.ADMIN, RoleConst.WORKSPACE_MANAGE.getWorkspaceRole],
+                [PermissionConst.WORKSPACE_CHAT_USER_DELETE.getWorkspacePermission],[],'OR')"
+                  >
                   <el-icon>
                     <Delete />
                   </el-icon>
@@ -159,6 +177,8 @@ import iconMap from '@/components/app-icon/icons/common'
 import type { ChatUserItem } from '@/api/type/systemChatUser'
 import SystemGroupApi from '@/api/system/user-group'
 import type { ListItem } from '@/api/type/common'
+import { PermissionConst, RoleConst } from '@/utils/permission/data'
+import { ComplexPermission } from '@/utils/permission/type'
 
 const rightOutlined = iconMap['right-outlined'].iconReader()
 
diff --git a/ui/src/views/tool/ToolFormDrawer.vue b/ui/src/views/tool/ToolFormDrawer.vue
index 9583200d5..76be01704 100644
--- a/ui/src/views/tool/ToolFormDrawer.vue
+++ b/ui/src/views/tool/ToolFormDrawer.vue
@@ -79,7 +79,9 @@
         <h4 class="title-decoration-1 mb-16">
           {{ $t('common.param.initParam') }}
         </h4>
-        <el-button link type="primary" @click="openAddInitDialog()">
+        <el-button link type="primary" @click="openAddInitDialog()"
+          v-hasPermission="[RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,PermissionConst.TOOL_EDIT.getWorkspacePermission]"
+        >
           <el-icon class="mr-4">
             <Plus/>
           </el-icon>
@@ -161,7 +163,9 @@
             {{ $t('views.tool.form.param.paramInfo1') }}
           </el-text>
         </h4>
-        <el-button link type="primary" @click="openAddDialog()">
+        <el-button link type="primary" @click="openAddDialog()"
+          v-hasPermission="[RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,PermissionConst.TOOL_EDIT.getWorkspacePermission]"
+        >
           <el-icon class="mr-4">
             <Plus/>
           </el-icon>
@@ -240,8 +244,12 @@
     <template #footer>
       <div>
         <el-button :loading="loading" @click="visible = false">{{ $t('common.cancel') }}</el-button>
-        <el-button :loading="loading" @click="openDebug">{{ $t('common.debug') }}</el-button>
-        <el-button type="primary" @click="submit(FormRef)" :loading="loading">
+        <el-button :loading="loading" @click="openDebug"
+          v-hasPermission="[RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,PermissionConst.TOOL_DEBUG.getWorkspacePermission]"  
+        >{{ $t('common.debug') }}</el-button>
+        <el-button type="primary" @click="submit(FormRef)" :loading="loading"
+          v-hasPermission="[RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,PermissionConst.TOOL_EDIT.getWorkspacePermission]"
+        >
           {{ isEdit ? $t('common.save') : $t('common.create') }}
         </el-button
         >
@@ -269,6 +277,8 @@ import {cloneDeep} from 'lodash'
 import {PermissionType, PermissionDesc} from '@/enums/model'
 import {t} from '@/locales'
 import {isAppIcon} from '@/utils/common'
+import { PermissionConst, RoleConst } from '@/utils/permission/data'
+import { hasPermission } from '@/utils/permission/index'
 
 const props = defineProps({
   title: String,
diff --git a/ui/src/views/workspace/component/Member.vue b/ui/src/views/workspace/component/Member.vue
index f0f712385..b84e85c56 100644
--- a/ui/src/views/workspace/component/Member.vue
+++ b/ui/src/views/workspace/component/Member.vue
@@ -1,6 +1,8 @@
 <template>
   <div class="flex-between mb-16">
-    <el-button type="primary" @click="handleAdd">
+    <el-button type="primary" @click="handleAdd"
+      v-hasPermission="RoleConst.ADMIN,PermissionConst.WORKSPACE_ADD_MEMBER"
+    >
       {{ $t('views.role.member.add') }}
     </el-button>
     <div class="flex complex-search">
@@ -19,7 +21,9 @@
     <el-table-column :label="$t('common.operation')" width="100" fixed="right">
       <template #default="{ row }">
         <el-tooltip effect="dark" :content="`${$t('views.role.member.delete.button')}`" placement="top">
-          <el-button type="primary" text @click.stop="handleDelete(row)">
+          <el-button type="primary" text @click.stop="handleDelete(row)"
+            v-hasPermission="RoleConst.ADMIN,PermissionConst.WORKSPACE_REMOVE_MEMBER"
+          >
             <el-icon>
               <EditPen />
             </el-icon>
@@ -38,6 +42,7 @@ import { t } from '@/locales'
 import AddMemberDrawer from './AddMemberDrawer.vue'
 import WorkspaceApi from '@/api/workspace/workspace'
 import type { WorkspaceMemberItem, WorkspaceItem } from '@/api/type/workspace'
+import { PermissionConst, RoleConst } from '@/utils/permission/data'
 
 const props = defineProps<{
   currentWorkspace?: WorkspaceItem
diff --git a/ui/src/views/workspace/index.vue b/ui/src/views/workspace/index.vue
index 79353cf03..0bca552c6 100644
--- a/ui/src/views/workspace/index.vue
+++ b/ui/src/views/workspace/index.vue
@@ -7,7 +7,9 @@
           <div class="workspace-left_title">
             <h4 class="medium">{{ $t('views.workspace.list') }}</h4>
             <el-tooltip effect="dark" :content="`${$t('common.create')}${$t('views.workspace.title')}`" placement="top">
-              <el-button type="primary" text @click="createOrUpdateWorkspace()">
+              <el-button type="primary" text @click="createOrUpdateWorkspace()"
+                v-hasPermission="[RoleConst.ADMIN, PermissionConst.WORKSPACE_CREATE]"
+              >
                 <AppIcon iconName="app-copy"></AppIcon>
               </el-button>
             </el-tooltip>
@@ -81,6 +83,8 @@ import Member from './component/Member.vue'
 import CreateOrUpdateWorkspaceDialog from './component/CreateOrUpdateWorkspaceDialog.vue'
 import type { WorkspaceItem } from '@/api/type/workspace'
 import { MsgSuccess, MsgConfirm } from '@/utils/message'
+import { PermissionConst, RoleConst } from '@/utils/permission/data'
+import { hasPermission } from '@/utils/permission/index'
 
 const filterText = ref('')
 const loading = ref(false)