1Panel-dev · zhanweizhang7 · Oct 30, 2025 · Oct 30, 2025 · shaohuzhang1 · Oct 30, 2025
diff --git a/apps/folders/views/folder.py b/apps/folders/views/folder.py
@@ -38,9 +38,9 @@ class FolderView(APIView):
         tags=[_('Folder')]  # type: ignore
     )
     @has_permissions(
-        lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.CREATE,
+        lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,
                                      resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}/{kwargs.get('source')}/{r.data.get('parent_id')}"),
-        lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
+        lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.CREATE,
                                      resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
                                      ),
         lambda r, kwargs: ViewPermission([RoleConstants.USER.get_workspace_role()],
@@ -151,7 +151,7 @@ def get(self, request: Request, workspace_id: str, source: str, folder_id: str):
             tags=[_('Folder')]  # type: ignore
         )
         @has_permissions(
-            lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.EDIT,
+            lambda r, kwargs: Permission(group=Group(kwargs.get('source')), operate=Operate.DELETE,
                                          resource_path=f"/WORKSPACE/{kwargs.get('workspace_id')}:ROLE/WORKSPACE_MANAGE"
                                          ),
             lambda r, kwargs: Permission(group=Group(f"{kwargs.get('source')}_FOLDER"), operate=Operate.EDIT,