Access Control: hiding annotation edition and deletion without permissions (#46904)

* Access Control: disabling annotation edition without FGAC permissions

public/app/plugins/panel/graph/annotation_tooltip.ts

@@ -59,7 +59,7 @@ export function annotationTooltipDirective(
       `;
 
       // Show edit icon only for users with at least Editor role
-      if (event.id && dashboard?.canAddAnnotations()) {
+      if (event.id && dashboard?.canEditAnnotations(event.dashboardId)) {
         header += `
           <span class="pointer graph-annotation__edit-icon" ng-click="onEdit()">
             <i class="fa fa-pencil-square"></i>

public/app/plugins/panel/graph/event_editor.ts

@@ -4,6 +4,7 @@ import { AnnotationEvent, dateTime } from '@grafana/data';
 import { MetricsPanelCtrl } from 'app/angular/panel/metrics_panel_ctrl';
 import { deleteAnnotation, saveAnnotation, updateAnnotation } from '../../../features/annotations/api';
 import { getDashboardQueryRunner } from '../../../features/query/state/DashboardQueryRunner/DashboardQueryRunner';
+import { contextSrv } from '../../../core/services/context_srv';
 
 export class EventEditorCtrl {
   // @ts-ignore initialized through Angular not constructor
@@ -31,6 +32,16 @@ export class EventEditorCtrl {
     this.timeFormated = this.panelCtrl.dashboard.formatDate(this.event.time!);
   }
 
+  canDelete(): boolean {
+    if (contextSrv.accessControlEnabled()) {
+      if (this.event.source.type === 'dashboard') {
+        return !!this.panelCtrl.dashboard.meta.annotationsPermissions?.dashboard.canDelete;
+      }
+      return !!this.panelCtrl.dashboard.meta.annotationsPermissions?.organization.canDelete;
+    }
+    return true;
+  }
+
   async save(): Promise<void> {
     if (!this.form.$valid) {
       return;