From 0e5ac29763541f4eca791a3d0f9d447db223ff6d Mon Sep 17 00:00:00 2001
From: Emil Tullstedt <emil.tullstedt@grafana.com>
Date: Mon, 21 Mar 2022 17:16:05 +0100
Subject: [PATCH] Data sources: Grant creator edit permissions to data source
 by default (#46168)

* Data sources: Sent user ID when creating data source

* Data sources: Grant a data source creator edit permissions

* Use edit permisison and only append if user id is in command

Co-authored-by: Karl Persson <kalle.persson@grafana.com>
---
 pkg/api/datasources.go                        |  1 +
 pkg/models/datasource.go                      |  1 +
 .../datasources/service/datasource_service.go | 20 ++++++++++++-------
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/pkg/api/datasources.go b/pkg/api/datasources.go
index 0476e9172e3..31efaf43192 100644
--- a/pkg/api/datasources.go
+++ b/pkg/api/datasources.go
@@ -250,6 +250,7 @@ func (hs *HTTPServer) AddDataSource(c *models.ReqContext) response.Response {
 
 	datasourcesLogger.Debug("Received command to add data source", "url", cmd.Url)
 	cmd.OrgId = c.OrgId
+	cmd.UserId = c.UserId
 	if cmd.Url != "" {
 		if resp := validateURL(cmd.Type, cmd.Url); resp != nil {
 			return resp
diff --git a/pkg/models/datasource.go b/pkg/models/datasource.go
index 30f63fde5ab..377a07fe14f 100644
--- a/pkg/models/datasource.go
+++ b/pkg/models/datasource.go
@@ -89,6 +89,7 @@ type AddDataSourceCommand struct {
 	Uid               string            `json:"uid"`
 
 	OrgId                   int64             `json:"-"`
+	UserId                  int64             `json:"-"`
 	ReadOnly                bool              `json:"-"`
 	EncryptedSecureJsonData map[string][]byte `json:"-"`
 
diff --git a/pkg/services/datasources/service/datasource_service.go b/pkg/services/datasources/service/datasource_service.go
index e7f32b068f1..4b98fd64209 100644
--- a/pkg/services/datasources/service/datasource_service.go
+++ b/pkg/services/datasources/service/datasource_service.go
@@ -168,13 +168,19 @@ func (s *Service) AddDataSource(ctx context.Context, cmd *models.AddDataSourceCo
 	}
 
 	if s.features.IsEnabled(featuremgmt.FlagAccesscontrol) {
-		if _, err := s.permissionsService.SetPermissions(ctx, cmd.OrgId, strconv.FormatInt(cmd.Result.Id, 10), accesscontrol.SetResourcePermissionCommand{
-			BuiltinRole: "Viewer",
-			Permission:  "Query",
-		}, accesscontrol.SetResourcePermissionCommand{
-			BuiltinRole: "Editor",
-			Permission:  "Query",
-		}); err != nil {
+		// This belongs in Data source permissions, and we probably want
+		// to do this with a hook in the store and rollback on fail.
+		// We can't use events, because there's no way to communicate
+		// failure, and we want "not being able to set default perms"
+		// to fail the creation.
+		permissions := []accesscontrol.SetResourcePermissionCommand{
+			{BuiltinRole: "Viewer", Permission: "Query"},
+			{BuiltinRole: "Editor", Permission: "Query"},
+		}
+		if cmd.UserId != 0 {
+			permissions = append(permissions, accesscontrol.SetResourcePermissionCommand{UserID: cmd.UserId, Permission: "Edit"})
+		}
+		if _, err := s.permissionsService.SetPermissions(ctx, cmd.OrgId, strconv.FormatInt(cmd.Result.Id, 10), permissions...); err != nil {
 			return err
 		}
 	}