From ec6bbf749587db9ae1b57ea66df972db6764b4e2 Mon Sep 17 00:00:00 2001
From: Lin Wang <wonglam@amazon.com>
Date: Fri, 18 Aug 2023 15:55:59 +0800
Subject: [PATCH] feat: add management permission for workspace create user
 (#92)

Signed-off-by: Lin Wang <wonglam@amazon.com>
---
 src/core/server/http/index.ts                |  1 +
 src/core/server/index.ts                     |  1 +
 src/plugins/workspace/server/routes/index.ts | 16 +++++++++++++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/core/server/http/index.ts b/src/core/server/http/index.ts
index 14397456afd..bf89d14ddc5 100644
--- a/src/core/server/http/index.ts
+++ b/src/core/server/http/index.ts
@@ -74,6 +74,7 @@ export {
   RouteValidationResultFactory,
   DestructiveRouteMethod,
   SafeRouteMethod,
+  ensureRawRequest,
 } from './router';
 export { BasePathProxyServer } from './base_path_proxy_server';
 export { OnPreRoutingHandler, OnPreRoutingToolkit } from './lifecycle/on_pre_routing';
diff --git a/src/core/server/index.ts b/src/core/server/index.ts
index 53c229caccb..b5c1f457337 100644
--- a/src/core/server/index.ts
+++ b/src/core/server/index.ts
@@ -218,6 +218,7 @@ export {
   SessionStorageFactory,
   DestructiveRouteMethod,
   SafeRouteMethod,
+  ensureRawRequest,
 } from './http';
 
 export {
diff --git a/src/plugins/workspace/server/routes/index.ts b/src/plugins/workspace/server/routes/index.ts
index 2ae62079322..0f37f14173d 100644
--- a/src/plugins/workspace/server/routes/index.ts
+++ b/src/plugins/workspace/server/routes/index.ts
@@ -3,6 +3,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 import { schema } from '@osd/config-schema';
+import { ensureRawRequest } from '../../../../core/server';
 
 import {
   ACL,
@@ -172,6 +173,19 @@ export function registerRoutes({
     },
     router.handleLegacyErrors(async (context, req, res) => {
       const { attributes } = req.body;
+      const rawRequest = ensureRawRequest(req);
+      const authInfo = rawRequest?.auth?.credentials?.authInfo as { user_name?: string } | null;
+      const permissions = Array.isArray(attributes.permissions)
+        ? attributes.permissions
+        : [attributes.permissions];
+
+      if (!!authInfo?.user_name) {
+        permissions.push({
+          type: 'user',
+          userId: authInfo.user_name,
+          modes: [WorkspacePermissionMode.Management],
+        });
+      }
 
       const result = await client.create(
         {
@@ -181,7 +195,7 @@ export function registerRoutes({
         },
         {
           ...attributes,
-          permissions: convertToACL(attributes.permissions),
+          permissions: convertToACL(permissions),
         }
       );
       return res.ok({ body: result });