1Panel-dev
diff --git a/‎apps/application/views/application.py‎
Lines changed: 2 additions & 2 deletions b/‎apps/application/views/application.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎apps/common/constants/permission_constants.py‎
Lines changed: 40 additions & 0 deletions b/‎apps/common/constants/permission_constants.py‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎apps/knowledge/views/knowledge_workflow.py‎
Lines changed: 2 additions & 2 deletions b/‎apps/knowledge/views/knowledge_workflow.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎apps/tools/views/tool_workflow.py‎
Lines changed: 2 additions & 2 deletions b/‎apps/tools/views/tool_workflow.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎ui/src/permission/application/system-manage.ts‎
Lines changed: 2 additions & 0 deletions b/‎ui/src/permission/application/system-manage.ts‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎ui/src/permission/application/workspace.ts‎
Lines changed: 15 additions & 0 deletions b/‎ui/src/permission/application/workspace.ts‎
Lines changed: 15 additions & 0 deletions
@@ -277,8 +277,8 @@ class Publish(APIView):
             responses=result.DefaultResultSerializer,
             tags=[_('Application')]  # type: ignore
         )
-        @has_permissions(PermissionConstants.APPLICATION_EDIT.get_workspace_application_permission(),
-                         PermissionConstants.APPLICATION_EDIT.get_workspace_permission_workspace_manage_role(),
+        @has_permissions(PermissionConstants.APPLICATION_PUBLISH.get_workspace_application_permission(),
+                         PermissionConstants.APPLICATION_PUBLISH.get_workspace_permission_workspace_manage_role(),
                          ViewPermission([RoleConstants.USER.get_workspace_role()],
                                         [PermissionConstants.APPLICATION.get_workspace_application_permission()],
                                         CompareConstants.AND),
 
@@ -157,6 +157,7 @@ class Operate(Enum):
     USE = "USE"
     IMPORT = "READ+IMPORT"
     EXPORT = "READ+EXPORT"  # 导入导出
+    PUBLISH = "READ+PUBLISH"  # 发布
     SYNC = "READ+SYNC"  # 同步
     GENERATE = "READ+GENERATE"  # 生成
     ADD_MEMBER = "READ+ADD_MEMBER"  # 添加成员
@@ -616,6 +617,11 @@ class PermissionConstants(Enum):
         parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
         resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
     )
+    TOOL_PUBLISH = Permission(
+        group=Group.TOOL, operate=Operate.PUBLISH, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+        parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
+        resource_permission_group_list=[ResourcePermissionConst.TOOL_MANGE]
+    )
     TOOL_EXECUTE_RECORD = Permission(
         group=Group.TOOL, operate=Operate.RECORD, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
         parent_group=[WorkspaceGroup.TOOL, UserGroup.TOOL],
@@ -767,6 +773,11 @@ class PermissionConstants(Enum):
         resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
         parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
     )
+    KNOWLEDGE_WORKFLOW_PUBLISH = Permission(
+        group=Group.KNOWLEDGE_WORKFLOW, operate=Operate.PUBLISH, role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+        resource_permission_group_list=[ResourcePermissionConst.KNOWLEDGE_MANGE],
+        parent_group=[WorkspaceGroup.KNOWLEDGE, UserGroup.KNOWLEDGE]
+    )
     KNOWLEDGE_DOCUMENT_READ = Permission(
         group=Group.KNOWLEDGE_DOCUMENT, operate=Operate.READ,
         role_list=[RoleConstants.ADMIN, RoleConstants.USER],
@@ -1054,6 +1065,11 @@ class PermissionConstants(Enum):
                                     resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
                                     parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
                                     )
+    APPLICATION_PUBLISH = Permission(group=Group.APPLICATION, operate=Operate.PUBLISH,
+                                    role_list=[RoleConstants.ADMIN, RoleConstants.USER],
+                                    resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
+                                    parent_group=[WorkspaceGroup.APPLICATION, UserGroup.APPLICATION],
+                                    )
     APPLICATION_BATCH_DELETE = Permission(group=Group.APPLICATION, operate=Operate.BATCH_DELETE,
                                           role_list=[RoleConstants.ADMIN, RoleConstants.USER],
                                           resource_permission_group_list=[ResourcePermissionConst.APPLICATION_MANGE],
@@ -1388,6 +1404,10 @@ class PermissionConstants(Enum):
         group=Group.SYSTEM_TOOL, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.SHARED_TOOL], is_ee=settings.edition == "EE"
     )
+    SHARED_TOOL_PUBLISH = Permission(
+        group=Group.SYSTEM_TOOL, operate=Operate.PUBLISH, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.SHARED_TOOL], is_ee=settings.edition == "EE"
+    )
     SHARED_TOOL_RELATE_RESOURCE_VIEW = Permission(
         group=Group.SYSTEM_TOOL, operate=Operate.RELATE_VIEW, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.SHARED_TOOL], is_ee=settings.edition == "EE"
@@ -1444,6 +1464,10 @@ class PermissionConstants(Enum):
         group=Group.SYSTEM_KNOWLEDGE_WORKFLOW, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.SHARED_KNOWLEDGE], is_ee=settings.edition == "EE"
     )
+    SHARED_KNOWLEDGE_WORKFLOW_PUBLISH = Permission(
+        group=Group.SYSTEM_KNOWLEDGE_WORKFLOW, operate=Operate.PUBLISH, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.SHARED_KNOWLEDGE], is_ee=settings.edition == "EE"
+    )
     SHARED_KNOWLEDGE_DOCUMENT_READ = Permission(
         group=Group.SYSTEM_KNOWLEDGE_DOCUMENT, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.SHARED_KNOWLEDGE], is_ee=settings.edition == "EE"
@@ -1581,6 +1605,10 @@ class PermissionConstants(Enum):
         group=Group.SYSTEM_RES_APPLICATION, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.RESOURCE_APPLICATION], is_ee=settings.edition == "EE"
     )
+    RESOURCE_APPLICATION_PUBLISH = Permission(
+        group=Group.SYSTEM_RES_APPLICATION, operate=Operate.PUBLISH, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.RESOURCE_APPLICATION], is_ee=settings.edition == "EE"
+    )
     RESOURCE_APPLICATION_TRIGGER_READ = Permission(
         group=Group.SYSTEM_RES_APPLICATION, operate=Operate.TRIGGER_READ, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.RESOURCE_APPLICATION], is_ee=settings.edition == "EE"
@@ -1683,6 +1711,10 @@ class PermissionConstants(Enum):
         group=Group.SYSTEM_RES_KNOWLEDGE, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE"
     )
+    RESOURCE_KNOWLEDGE_PUBLISH = Permission(
+        group=Group.SYSTEM_RES_KNOWLEDGE, operate=Operate.PUBLISH, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE"
+    )
     RESOURCE_KNOWLEDGE_VECTOR = Permission(
         group=Group.SYSTEM_RES_KNOWLEDGE, operate=Operate.VECTOR, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE"
@@ -1712,6 +1744,10 @@ class PermissionConstants(Enum):
         group=Group.SYSTEM_RES_KNOWLEDGE_WORKFLOW, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE"
     )
+    RESOURCE_KNOWLEDGE_WORKFLOW_PUBLISH = Permission(
+        group=Group.SYSTEM_RES_KNOWLEDGE_WORKFLOW, operate=Operate.PUBLISH, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE"
+    )
     RESOURCE_KNOWLEDGE_DOCUMENT_READ = Permission(
         group=Group.SYSTEM_RES_KNOWLEDGE_DOCUMENT, operate=Operate.READ, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.RESOURCE_KNOWLEDGE], is_ee=settings.edition == "EE"
@@ -1824,6 +1860,10 @@ class PermissionConstants(Enum):
         group=Group.SYSTEM_RES_TOOL, operate=Operate.EXPORT, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.RESOURCE_TOOL], is_ee=settings.edition == "EE"
     )
+    RESOURCE_TOOL_PUBLISH = Permission(
+        group=Group.SYSTEM_RES_TOOL, operate=Operate.PUBLISH, role_list=[RoleConstants.ADMIN],
+        parent_group=[SystemGroup.RESOURCE_TOOL], is_ee=settings.edition == "EE"
+    )
     RESOURCE_TOOL_AUTH = Permission(
         group=Group.SYSTEM_RES_TOOL, operate=Operate.AUTH, role_list=[RoleConstants.ADMIN],
         parent_group=[SystemGroup.RESOURCE_TOOL], is_ee=settings.edition == "EE"
 
@@ -230,8 +230,8 @@ class Publish(APIView):
             responses=DefaultResultSerializer,
             tags=[_('Knowledge')]  # type: ignore
         )
-        @has_permissions(PermissionConstants.KNOWLEDGE_WORKFLOW_EDIT.get_workspace_knowledge_permission(),
-                         PermissionConstants.KNOWLEDGE_WORKFLOW_EDIT.get_workspace_permission_workspace_manage_role(),
+        @has_permissions(PermissionConstants.KNOWLEDGE_WORKFLOW_PUBLISH.get_workspace_knowledge_permission(),
+                         PermissionConstants.KNOWLEDGE_WORKFLOW_PUBLISH.get_workspace_permission_workspace_manage_role(),
                          ViewPermission([RoleConstants.USER.get_workspace_role()],
                                         [PermissionConstants.KNOWLEDGE.get_workspace_knowledge_permission()],
                                         CompareConstants.AND),
 
@@ -34,8 +34,8 @@ class Publish(APIView):
             responses=DefaultResultSerializer,
             tags=[_('Tool')]  # type: ignore
         )
-        @has_permissions(PermissionConstants.TOOL_EDIT.get_workspace_tool_permission(),
-                         PermissionConstants.TOOL_EDIT.get_workspace_permission_workspace_manage_role(),
+        @has_permissions(PermissionConstants.TOOL_PUBLISH.get_workspace_tool_permission(),
+                         PermissionConstants.TOOL_PUBLISH.get_workspace_permission_workspace_manage_role(),
                          ViewPermission([RoleConstants.USER.get_workspace_role()],
                                         [PermissionConstants.TOOL.get_workspace_tool_permission()],
                                         CompareConstants.AND),
 
@@ -7,6 +7,8 @@ const systemManage = {
   batchMove: () => false,
   folderCreate: () => false,
   edit: () => hasPermission([RoleConst.ADMIN, PermissionConst.RESOURCE_APPLICATION_EDIT], 'OR'),
+  publish: () =>
+    hasPermission([RoleConst.ADMIN, PermissionConst.RESOURCE_APPLICATION_PUBLISH], 'OR'),
   folderEdit: () => false,
   folderRead: () => false,
   folderManage: () => false,
 
@@ -50,6 +50,21 @@ const workspace = {
       ],
       'OR',
     ),
+  publish: (source_id: string) =>
+    hasPermission(
+      [
+        new ComplexPermission(
+          [RoleConst.USER],
+          [PermissionConst.APPLICATION.getKnowledgeWorkspaceResourcePermission(source_id)],
+          [],
+          'AND',
+        ),
+        RoleConst.WORKSPACE_MANAGE.getWorkspaceRole,
+        PermissionConst.APPLICATION_PUBLISH.getKnowledgeWorkspaceResourcePermission(source_id),
+        PermissionConst.APPLICATION_PUBLISH.getWorkspacePermissionWorkspaceManageRole,
+      ],
+      'OR',
+    ),
   folderCreate: (folder_id: string) =>
     hasPermission(
       [