diff --git a/src/core/server/http/index.ts b/src/core/server/http/index.ts index 14397456afd6..bf89d14ddc5e 100644 --- a/src/core/server/http/index.ts +++ b/src/core/server/http/index.ts @@ -74,6 +74,7 @@ export { RouteValidationResultFactory, DestructiveRouteMethod, SafeRouteMethod, + ensureRawRequest, } from './router'; export { BasePathProxyServer } from './base_path_proxy_server'; export { OnPreRoutingHandler, OnPreRoutingToolkit } from './lifecycle/on_pre_routing'; diff --git a/src/core/server/index.ts b/src/core/server/index.ts index 53c229caccbc..b5c1f457337a 100644 --- a/src/core/server/index.ts +++ b/src/core/server/index.ts @@ -218,6 +218,7 @@ export { SessionStorageFactory, DestructiveRouteMethod, SafeRouteMethod, + ensureRawRequest, } from './http'; export { diff --git a/src/plugins/workspace/server/routes/index.ts b/src/plugins/workspace/server/routes/index.ts index 2ae62079322b..0f37f14173d1 100644 --- a/src/plugins/workspace/server/routes/index.ts +++ b/src/plugins/workspace/server/routes/index.ts @@ -3,6 +3,7 @@ * SPDX-License-Identifier: Apache-2.0 */ import { schema } from '@osd/config-schema'; +import { ensureRawRequest } from '../../../../core/server'; import { ACL, @@ -172,6 +173,19 @@ export function registerRoutes({ }, router.handleLegacyErrors(async (context, req, res) => { const { attributes } = req.body; + const rawRequest = ensureRawRequest(req); + const authInfo = rawRequest?.auth?.credentials?.authInfo as { user_name?: string } | null; + const permissions = Array.isArray(attributes.permissions) + ? attributes.permissions + : [attributes.permissions]; + + if (!!authInfo?.user_name) { + permissions.push({ + type: 'user', + userId: authInfo.user_name, + modes: [WorkspacePermissionMode.Management], + }); + } const result = await client.create( { @@ -181,7 +195,7 @@ export function registerRoutes({ }, { ...attributes, - permissions: convertToACL(attributes.permissions), + permissions: convertToACL(permissions), } ); return res.ok({ body: result });