From ffbeaa1af58a4741079db66d4c105c33c62048d0 Mon Sep 17 00:00:00 2001
From: tygao <tygao@amazon.com>
Date: Fri, 28 Jul 2023 16:44:53 +0800
Subject: [PATCH 1/2] feat: Apply workspace permission check when bulk creating
 object

Signed-off-by: tygao <tygao@amazon.com>
---
 .../workspace_saved_objects_client_wrapper.ts          | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts b/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts
index 0e4452dc23e3..59b9811e92f5 100644
--- a/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts
+++ b/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts
@@ -122,6 +122,16 @@ export class WorkspaceSavedObjectsClientWrapper {
       objects: Array<SavedObjectsBulkCreateObject<T>>,
       options: SavedObjectsCreateOptions = {}
     ): Promise<SavedObjectsBulkResponse<T>> => {
+      if (options.workspaces) {
+        options.workspaces = options.workspaces.filter(
+          async (workspaceId) =>
+            await this.permissionControl.validate(
+              workspaceId,
+              WorkspacePermissionMode.Admin,
+              wrapperOptions.request
+            )
+        );
+      }
       return await wrapperOptions.client.bulkCreate(objects, options);
     };
 

From b4a004f77098ba2ea019e3e1f91da8bf31052aac Mon Sep 17 00:00:00 2001
From: tygao <tygao@amazon.com>
Date: Wed, 2 Aug 2023 13:11:02 +0800
Subject: [PATCH 2/2] chore: update bulk create function

Signed-off-by: tygao <tygao@amazon.com>
---
 .../workspace_saved_objects_client_wrapper.ts        | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts b/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts
index 59b9811e92f5..941ea8824020 100644
--- a/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts
+++ b/src/core/server/workspaces/saved_objects/workspace_saved_objects_client_wrapper.ts
@@ -123,14 +123,10 @@ export class WorkspaceSavedObjectsClientWrapper {
       options: SavedObjectsCreateOptions = {}
     ): Promise<SavedObjectsBulkResponse<T>> => {
       if (options.workspaces) {
-        options.workspaces = options.workspaces.filter(
-          async (workspaceId) =>
-            await this.permissionControl.validate(
-              workspaceId,
-              WorkspacePermissionMode.Admin,
-              wrapperOptions.request
-            )
-        );
+        await this.validateMultiWorkspacesPermissions(options.workspaces, wrapperOptions.request, [
+          PermissionMode.Write,
+          PermissionMode.Management,
+        ]);
       }
       return await wrapperOptions.client.bulkCreate(objects, options);
     };