feat: add management permission for workspace create user (opensearch…

…-project#92) Signed-off-by: Lin Wang <wonglam@amazon.com>
SuZhou-Joe · Aug 31, 2023 · ec6bbf7 · ec6bbf7
1 parent 14a393d
commit ec6bbf7
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 1 deletion.
diff --git a/src/core/server/http/index.ts b/src/core/server/http/index.ts
@@ -74,6 +74,7 @@ export {
  RouteValidationResultFactory,
  DestructiveRouteMethod,
  SafeRouteMethod,
+ ensureRawRequest,
 } from './router';
 export { BasePathProxyServer } from './base_path_proxy_server';
 export { OnPreRoutingHandler, OnPreRoutingToolkit } from './lifecycle/on_pre_routing';

diff --git a/src/core/server/index.ts b/src/core/server/index.ts
@@ -218,6 +218,7 @@ export {
  SessionStorageFactory,
  DestructiveRouteMethod,
  SafeRouteMethod,
+ ensureRawRequest,
 } from './http';
 
 export {

diff --git a/src/plugins/workspace/server/routes/index.ts b/src/plugins/workspace/server/routes/index.ts
@@ -3,6 +3,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 import { schema } from '@osd/config-schema';
+import { ensureRawRequest } from '../../../../core/server';
 
 import {
  ACL,
@@ -172,6 +173,19 @@ export function registerRoutes({
  },
  router.handleLegacyErrors(async (context, req, res) => {
  const { attributes } = req.body;
+ const rawRequest = ensureRawRequest(req);
+ const authInfo = rawRequest?.auth?.credentials?.authInfo as { user_name?: string } | null;
+ const permissions = Array.isArray(attributes.permissions)
+ ? attributes.permissions
+ : [attributes.permissions];
+
+ if (!!authInfo?.user_name) {
+ permissions.push({
+ type: 'user',
+ userId: authInfo.user_name,
+ modes: [WorkspacePermissionMode.Management],
+ });
+ }
 
  const result = await client.create(
  {
@@ -181,7 +195,7 @@ export function registerRoutes({
  },
  {
  ...attributes,
- permissions: convertToACL(attributes.permissions),
+ permissions: convertToACL(permissions),
  }
  );
  return res.ok({ body: result });