1Panel-dev · zhanweizhang7 · Dec 3, 2025 · Dec 3, 2025 · shaohuzhang1 · Dec 3, 2025
diff --git a/apps/knowledge/views/knowledge_workflow.py b/apps/knowledge/views/knowledge_workflow.py
@@ -73,8 +73,8 @@ class KnowledgeWorkflowActionView(APIView):
         tags=[_('Knowledge Base')]  # type: ignore
     )
     @has_permissions(
-        PermissionConstants.KNOWLEDGE_READ.get_workspace_knowledge_permission(),
-        PermissionConstants.KNOWLEDGE_READ.get_workspace_permission_workspace_manage_role(),
+        PermissionConstants.KNOWLEDGE_DOCUMENT_CREATE.get_workspace_knowledge_permission(),
+        PermissionConstants.KNOWLEDGE_DOCUMENT_CREATE.get_workspace_permission_workspace_manage_role(),
         RoleConstants.WORKSPACE_MANAGE.get_workspace_role(),
         ViewPermission(
             [RoleConstants.USER.get_workspace_role()],
@@ -148,8 +148,8 @@ class Publish(APIView):
             responses=DefaultResultSerializer,
             tags=[_('Knowledge')]  # type: ignore
         )
-        @has_permissions(PermissionConstants.KNOWLEDGE_EDIT.get_workspace_knowledge_permission(),
-                         PermissionConstants.KNOWLEDGE_EDIT.get_workspace_permission_workspace_manage_role(),
+        @has_permissions(PermissionConstants.KNOWLEDGE_WORKFLOW_EDIT.get_workspace_knowledge_permission(),
+                         PermissionConstants.KNOWLEDGE_WORKFLOW_EDIT.get_workspace_permission_workspace_manage_role(),
                          ViewPermission([RoleConstants.USER.get_workspace_role()],
                                         [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()],
                                         CompareConstants.AND),

diff --git a/ui/src/locales/lang/en-US/views/application.ts b/ui/src/locales/lang/en-US/views/application.ts
@@ -26,6 +26,7 @@ export default {
       'The Community Edition supports up to 5 APP. If you need more APP, please upgrade to the Professional Edition.',
     saveErrorMessage: 'Saving failed, please check your input or try again later',
     loadingErrorMessage: 'Failed to load configuration, please check your input or try again later',
+    noDocPermission: 'No permission to create documents',
   },
 
   form: {

diff --git a/ui/src/locales/lang/zh-CN/views/application.ts b/ui/src/locales/lang/zh-CN/views/application.ts
@@ -26,6 +26,7 @@ export default {
     professionalMessage: '社区版最多支持 5 个应用，如需拥有更多应用，请升级为专业版。',
     saveErrorMessage: '保存失败，请检查输入或稍后再试',
     loadingErrorMessage: '加载配置失败，请检查输入或稍后再试',
+    noDocPermission: '无文档创建权限',
   },
   form: {
     appName: {

diff --git a/ui/src/locales/lang/zh-Hant/views/application.ts b/ui/src/locales/lang/zh-Hant/views/application.ts
@@ -23,6 +23,7 @@ export default {
     professionalMessage: '社群版最多支援 5 個應用，如需擁有更多應用，請升級為專業版。',
     saveErrorMessage: '儲存失敗，請檢查輸入或稍後再試',
     loadingErrorMessage: '載入配置失敗，請檢查輸入或稍後再試',
+    noDocPermission: '無文檔創建權限',
   },
   form: {
     appName: {

diff --git a/ui/src/permission/knowledge/system-manage.ts b/ui/src/permission/knowledge/system-manage.ts
@@ -191,6 +191,12 @@ const systemManage = {
       PermissionConst.RESOURCE_KNOWLEDGE_WORKFLOW_READ
     ],'OR'
     ),  
+  workflow_edit: () => 
+    hasPermission([
+      RoleConst.ADMIN,
+      PermissionConst.RESOURCE_KNOWLEDGE_WORKFLOW_EDIT
+    ],'OR'
+    ), 
   chat_user_edit: () =>false,
 
 

diff --git a/ui/src/permission/knowledge/system-share.ts b/ui/src/permission/knowledge/system-share.ts
@@ -58,6 +58,9 @@ const share = {
     hasPermission([RoleConst.ADMIN, PermissionConst.SHARED_KNOWLEDGE_TAG_DELETE], 'OR'),
   debug: () =>
     hasPermission([RoleConst.ADMIN, PermissionConst.SHARED_KNOWLEDGE_WORKFLOW_READ], 'OR'),
+  workflow_edit: () =>
+    hasPermission([RoleConst.ADMIN, PermissionConst.SHARED_KNOWLEDGE_WORKFLOW_EDIT], 'OR'),
+
   chat_user_edit: () => false,
 
   auth: () => false,

diff --git a/ui/src/permission/knowledge/workspace-share.ts b/ui/src/permission/knowledge/workspace-share.ts
@@ -48,6 +48,7 @@ const workspaceShare = {
   folderDelete: () => false,
   hit_test: () => false,
   debug: () => true,
+  workflow_edit: () => true,
 }
 
 export default workspaceShare
diff --git a/ui/src/permission/knowledge/workspace.ts b/ui/src/permission/knowledge/workspace.ts
@@ -572,6 +572,21 @@ const workspace = {
       ],
       'OR',
     ),
+  workflow_edit: (source_id: string) =>
+    hasPermission(
+      [
+        new ComplexPermission(
+          [RoleConst.USER],
+          [PermissionConst.KNOWLEDGE.getKnowledgeWorkspaceResourcePermission(source_id)],
+          [],
+          'AND',
+        ),
+        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+        PermissionConst.KNOWLEDGE_WORKFLOW_EDIT.getKnowledgeWorkspaceResourcePermission(source_id),
+        PermissionConst.KNOWLEDGE_WORKFLOW_EDIT.getWorkspacePermissionWorkspaceManageRole,
+      ],
+      'OR',
+    ),
   hit_test: () => false,
 }
 

diff --git a/ui/src/views/knowledge-workflow/component/DebugDrawer.vue b/ui/src/views/knowledge-workflow/component/DebugDrawer.vue
@@ -67,6 +67,10 @@ import applicationApi from '@/api/application/application'
 import KnowledgeBase from '@/views/knowledge-workflow/component/action/KnowledgeBase.vue'
 import { WorkflowType } from '@/enums/application'
 import { loadSharedApi } from '@/utils/dynamics-api/shared-api.ts'
+import permissionMap from '@/permission'
+import { MsgError } from '@/utils/message'
+import { t } from '@/locales'
+
 import { useRoute, useRouter } from 'vue-router'
 provide('upload', (file: any, loading?: Ref<boolean>) => {
   return applicationApi.postUploadFile(file, id, 'KNOWLEDGE', loading)
@@ -128,8 +132,14 @@ const up = () => {
     active.value = 'data_source'
   })
 }
+
+const permissionPrecise = computed(() => {
+  return permissionMap['knowledge'][apiType.value]
+})
+
 const upload = () => {
-  ActionRef.value.validate().then(() => {
+  if (permissionPrecise.value.doc_create(id)) {
+    ActionRef.value.validate().then(() => {
     form_data.value[active.value] = ActionRef.value.get_data()
     loadSharedApi({ type: 'knowledge', systemType: apiType.value })
       .workflowAction(id, form_data.value, loading)
@@ -138,6 +148,9 @@ const upload = () => {
         active.value = 'result'
       })
   })
+  } else {
+    MsgError(t('views.application.tip.noDocPermission'))
+  }
 }
 const continueImporting = () => {
   action_id.value = undefined

diff --git a/ui/src/views/knowledge-workflow/index.vue b/ui/src/views/knowledge-workflow/index.vue
@@ -34,11 +34,12 @@
           <AppIcon iconName="app-debug-outlined" class="mr-4"></AppIcon>
           {{ $t('common.debug') }}
         </el-button>
-        <el-button @click="saveknowledge(true)">
+        <el-button v-if="permissionPrecise.workflow_edit(id)"
+          @click="saveknowledge(true)">
           <AppIcon iconName="app-save-outlined" class="mr-4"></AppIcon>
           {{ $t('common.save') }}
         </el-button>
-        <el-button type="primary" @click="publish">
+        <el-button type="primary" v-if="permissionPrecise.workflow_edit(id)" @click="publish">
           {{ $t('common.publish') }}
         </el-button>
 
@@ -57,7 +58,7 @@
                 <AppIcon iconName="app-history-outlined" class="color-secondary"></AppIcon>
                 {{ $t('views.workflow.setting.releaseHistory') }}
               </el-dropdown-item>
-              <el-dropdown-item>
+              <el-dropdown-item v-if="permissionPrecise.workflow_edit(id)">
                 <AppIcon iconName="app-save-outlined" class="color-secondary"></AppIcon>
                 {{ $t('views.workflow.setting.autoSave') }}
                 <div class="ml-4">