feat: add management permission for workspace create user

src/core/server/http/index.ts

@@ -74,6 +74,7 @@ export {
   RouteValidationResultFactory,
   DestructiveRouteMethod,
   SafeRouteMethod,
+  ensureRawRequest,
 } from './router';
 export { BasePathProxyServer } from './base_path_proxy_server';
 export { OnPreRoutingHandler, OnPreRoutingToolkit } from './lifecycle/on_pre_routing';

src/core/server/index.ts

@@ -218,6 +218,7 @@ export {
   SessionStorageFactory,
   DestructiveRouteMethod,
   SafeRouteMethod,
+  ensureRawRequest,
 } from './http';
 
 export {

src/plugins/workspace/server/routes/index.ts

@@ -3,6 +3,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 import { schema } from '@osd/config-schema';
+import { ensureRawRequest } from '../../../../core/server';
 
 import {
   ACL,
@@ -172,6 +173,19 @@ export function registerRoutes({
     },
     router.handleLegacyErrors(async (context, req, res) => {
       const { attributes } = req.body;
+      const rawRequest = ensureRawRequest(req);
+      const authInfo = rawRequest?.auth?.credentials?.authInfo as { user_name?: string } | null;
+      const permissions = Array.isArray(attributes.permissions)
+        ? attributes.permissions
+        : [attributes.permissions];
+
+      if (!!authInfo?.user_name) {
+        permissions.push({
+          type: 'user',
+          userId: authInfo.user_name,
+          modes: [WorkspacePermissionMode.Management],
+        });
+      }
 
       const result = await client.create(
         {
@@ -181,7 +195,7 @@ export function registerRoutes({
         },
         {
           ...attributes,
-          permissions: convertToACL(attributes.permissions),
+          permissions: convertToACL(permissions),
         }
       );
       return res.ok({ body: result });