From 63dc6c51dbff8a0e95b419b7a3798cc337dd200d Mon Sep 17 00:00:00 2001
From: Lin Wang <wonglam@amazon.com>
Date: Tue, 11 Jul 2023 10:09:53 +0800
Subject: [PATCH 1/2] feat: add workspace permission control interface

Signed-off-by: Lin Wang <wonglam@amazon.com>
---
 src/core/server/workspaces/index.ts           |  2 ++
 .../workspace_permission_control.ts           | 20 +++++++++++++++++++
 .../server/workspaces/workspaces_service.ts   | 11 ++++++++++
 3 files changed, 33 insertions(+)
 create mode 100644 src/core/server/workspaces/workspace_permission_control.ts

diff --git a/src/core/server/workspaces/index.ts b/src/core/server/workspaces/index.ts
index b9f765e4bba3..5441216c7314 100644
--- a/src/core/server/workspaces/index.ts
+++ b/src/core/server/workspaces/index.ts
@@ -11,3 +11,5 @@ export {
 } from './workspaces_service';
 
 export { WorkspaceAttribute, WorkspaceFindOptions } from './types';
+
+export { WorkspacePermissionControl } from './workspace_permission_control';
diff --git a/src/core/server/workspaces/workspace_permission_control.ts b/src/core/server/workspaces/workspace_permission_control.ts
new file mode 100644
index 000000000000..815ec373e66b
--- /dev/null
+++ b/src/core/server/workspaces/workspace_permission_control.ts
@@ -0,0 +1,20 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+export enum WorkspacePermissionMode {
+  Read,
+  Admin,
+}
+
+export class WorkspacePermissionControl {
+  public async validate(
+    workspaceId: string,
+    permissionModeOrModes: WorkspacePermissionMode | WorkspacePermissionMode[]
+  ) {
+    return true;
+  }
+
+  public async setup() {}
+}
diff --git a/src/core/server/workspaces/workspaces_service.ts b/src/core/server/workspaces/workspaces_service.ts
index 7aa01db34beb..887cf46af86a 100644
--- a/src/core/server/workspaces/workspaces_service.ts
+++ b/src/core/server/workspaces/workspaces_service.ts
@@ -14,13 +14,16 @@ import {
 } from '../saved_objects';
 import { IWorkspaceDBImpl } from './types';
 import { WorkspacesClientWithSavedObject } from './workspaces_client';
+import { WorkspacePermissionControl } from './workspace_permission_control';
 
 export interface WorkspacesServiceSetup {
   client: IWorkspaceDBImpl;
+  permissionControl: WorkspacePermissionControl;
 }
 
 export interface WorkspacesServiceStart {
   client: IWorkspaceDBImpl;
+  permissionControl: WorkspacePermissionControl;
 }
 
 export interface WorkspacesSetupDeps {
@@ -40,6 +43,8 @@ export class WorkspacesService
   implements CoreService<WorkspacesServiceSetup, WorkspacesServiceStart> {
   private logger: Logger;
   private client?: IWorkspaceDBImpl;
+  private permissionControl?: WorkspacePermissionControl;
+
   constructor(coreContext: CoreContext) {
     this.logger = coreContext.logger.get('workspaces-service');
   }
@@ -65,7 +70,11 @@ export class WorkspacesService
     this.logger.debug('Setting up Workspaces service');
 
     this.client = new WorkspacesClientWithSavedObject(setupDeps);
+    this.permissionControl = new WorkspacePermissionControl();
+
     await this.client.setup(setupDeps);
+    await this.permissionControl.setup();
+
     this.proxyWorkspaceTrafficToRealHandler(setupDeps);
 
     registerRoutes({
@@ -76,6 +85,7 @@ export class WorkspacesService
 
     return {
       client: this.client,
+      permissionControl: this.permissionControl,
     };
   }
 
@@ -84,6 +94,7 @@ export class WorkspacesService
 
     return {
       client: this.client as IWorkspaceDBImpl,
+      permissionControl: this.permissionControl as WorkspacePermissionControl,
     };
   }
 

From 6d8f907378dce21b9b582719e4d31301b393fb71 Mon Sep 17 00:00:00 2001
From: Lin Wang <wonglam@amazon.com>
Date: Tue, 11 Jul 2023 13:21:27 +0800
Subject: [PATCH 2/2] feat: add request parameter for workspace permission
 control

Signed-off-by: Lin Wang <wonglam@amazon.com>
---
 src/core/server/workspaces/workspace_permission_control.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/core/server/workspaces/workspace_permission_control.ts b/src/core/server/workspaces/workspace_permission_control.ts
index 815ec373e66b..bf85562c4669 100644
--- a/src/core/server/workspaces/workspace_permission_control.ts
+++ b/src/core/server/workspaces/workspace_permission_control.ts
@@ -3,6 +3,8 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
+import { OpenSearchDashboardsRequest } from '../http';
+
 export enum WorkspacePermissionMode {
   Read,
   Admin,
@@ -11,7 +13,8 @@ export enum WorkspacePermissionMode {
 export class WorkspacePermissionControl {
   public async validate(
     workspaceId: string,
-    permissionModeOrModes: WorkspacePermissionMode | WorkspacePermissionMode[]
+    permissionModeOrModes: WorkspacePermissionMode | WorkspacePermissionMode[],
+    request: OpenSearchDashboardsRequest
   ) {
     return true;
   }