feat: add read permission checks for system management and sharing components

liuruibin · liuruibin · commit 1dcca7fcc75d · 2025-09-29T17:04:38.000+08:00
--bug=1062363 --user=刘瑞斌 【应用】简单应用进入编辑页面会弹工具无权限的提示 https://www.tapd.cn/62980211/s/1781286
diff --git a/ui/src/permission/tool/system-manage.ts b/ui/src/permission/tool/system-manage.ts
@@ -3,6 +3,14 @@ import {ComplexPermission} from '@/utils/permission/type'
 import {EditionConst, PermissionConst, RoleConst} from '@/utils/permission/data'
 
 const systemManage = {
+  read: () =>
+    hasPermission(
+      [
+        RoleConst.ADMIN,
+        PermissionConst.RESOURCE_TOOL_READ,
+      ],
+      'OR',
+    ),
   is_share: () =>
     hasPermission(
       new ComplexPermission(
@@ -57,7 +65,7 @@ const systemManage = {
       'OR',
     ),
 
-  auth: () => 
+  auth: () =>
     hasPermission(
       [
         RoleConst.ADMIN,
diff --git a/ui/src/permission/tool/system-share.ts b/ui/src/permission/tool/system-share.ts
@@ -2,6 +2,14 @@ import { hasPermission } from '@/utils/permission/index'
 import { ComplexPermission } from '@/utils/permission/type'
 import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
 const share = {
+  read: () =>
+    hasPermission(
+     [
+       RoleConst.ADMIN,
+       PermissionConst.SHARED_TOOL_READ,
+     ],
+     'OR',
+    ),
   is_share: () => false,
   create: () =>
     hasPermission(
@@ -67,8 +75,8 @@ const share = {
       ],
       'OR',
     ),
-    
-  auth: () => false,  
+
+  auth: () => false,
   folderCreate: () => false,
   folderEdit: () => false,
   folderDelete: () => false,
diff --git a/ui/src/permission/tool/workspace.ts b/ui/src/permission/tool/workspace.ts
@@ -2,6 +2,11 @@ import { hasPermission } from '@/utils/permission/index'
 import { ComplexPermission } from '@/utils/permission/type'
 import { EditionConst, PermissionConst, RoleConst } from '@/utils/permission/data'
 const workspace = {
+  read: () =>
+    hasPermission(
+      [PermissionConst.TOOL_READ.getWorkspacePermission, PermissionConst.TOOL_READ.getWorkspacePermissionWorkspaceManageRole],
+      'OR'
+    ),
   is_share: () =>
     hasPermission(
       new ComplexPermission(
@@ -29,7 +34,7 @@ const workspace = {
         PermissionConst.TOOL_IMPORT.getWorkspacePermissionWorkspaceManageRole
       ],
       'OR'
-    ),  
+    ),
   folderCreate: () =>
     hasPermission(
       [
@@ -109,7 +114,7 @@ const workspace = {
         PermissionConst.TOOL_EXPORT.getWorkspacePermissionWorkspaceManageRole
       ],
       'OR'
-    ), 
+    ),
   auth: (source_id:string) =>
     hasPermission(
       [
@@ -119,18 +124,18 @@ const workspace = {
         PermissionConst.TOOL_RESOURCE_AUTHORIZATION.getWorkspacePermissionWorkspaceManageRole
       ],
       'OR'
-    ), 
+    ),
   debug: () =>
     hasPermission(
-      [ 
-        RoleConst.USER.getWorkspaceRole,  
+      [
+        RoleConst.USER.getWorkspaceRole,
         RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
         PermissionConst.TOOL_EDIT.getWorkspacePermission,
         PermissionConst.TOOL_EDIT.getWorkspacePermissionWorkspaceManageRole
       ],
       'OR'
-    ), 
-     
+    ),
+
 }
 
 export default workspace
diff --git a/ui/src/views/application/ApplicationSetting.vue b/ui/src/views/application/ApplicationSetting.vue
@@ -304,7 +304,7 @@
                   />
                 </el-form-item>
                 <!-- MCP-->
-                <el-form-item @click.prevent>
+                <el-form-item @click.prevent v-if="toolPermissionPrecise.read()">
                   <template #label>
                     <div class="flex-between">
                       <span>MCP</span>
@@ -326,8 +326,10 @@
                 <div
                   class="w-full mb-16"
                   v-if="
+                  (
                     (applicationForm.mcp_tool_ids && applicationForm.mcp_tool_ids.length > 0) ||
                     (applicationForm.mcp_servers && applicationForm.mcp_servers.length > 0)
+                  ) && toolPermissionPrecise.read()
                   "
                 >
                   <template v-for="(item, index) in applicationForm.mcp_tool_ids" :key="index">
@@ -368,7 +370,7 @@
                   </template>
                 </div>
                 <!-- 工具       -->
-                <el-form-item @click.prevent>
+                <el-form-item @click.prevent v-if="toolPermissionPrecise.read()">
                   <template #label>
                     <div class="flex-between">
                       <span class="mr-4">
@@ -395,7 +397,7 @@
                 </el-form-item>
                 <div
                   class="w-full mb-16"
-                  v-if="applicationForm.tool_ids && applicationForm.tool_ids.length > 0"
+                  v-if="applicationForm.tool_ids && applicationForm.tool_ids.length > 0 && toolPermissionPrecise.read()"
                 >
                   <template v-for="(item, index) in applicationForm.tool_ids" :key="index">
                     <div
@@ -673,6 +675,10 @@ const permissionPrecise = computed(() => {
   return permissionMap['application'][apiType.value]
 })
 
+const toolPermissionPrecise = computed(() => {
+  return permissionMap['tool'][apiType.value]
+})
+
 const defaultPrompt = t('views.application.form.prompt.defaultPrompt', {
   data: '{data}',
   question: '{question}',
@@ -1109,8 +1115,10 @@ onMounted(() => {
   getDetail()
   getSTTModel()
   getTTSModel()
-  getToolSelectOptions()
-  getMcpToolSelectOptions()
+  if (toolPermissionPrecise.value.read()) {
+    getToolSelectOptions();
+    getMcpToolSelectOptions()
+  }
 })
 </script>
 <style lang="scss" scoped>
