Authorization: Fix/provisioned permission display (#106179)

* add isProvisioned flag to permission DTO

* handle provisioned permissions explicitly

* lint

* swagger

* simplify logic to always show non-managed permissions first; remove unnecessary isProvisioned

* fix docs

* oops

* actually just generate the docs

pkg/services/accesscontrol/resourcepermissions/store.go

@@ -496,6 +496,7 @@ func flatPermissionsToResourcePermissions(scope string, permissions []flatResour
 		} else if p.IsInherited(scope) {
 			inherited = append(inherited, p)
 		} else {
+			// Permissions which are neither managed nor inherited must have been provisioned
 			provisioned = append(provisioned, p)
 		}
 	}

public/app/core/components/AccessControl/PermissionList.tsx

@@ -30,11 +30,15 @@ export const PermissionList = ({ title, items, compareKey, permissionLevels, can
         continue;
       }
 
-      // If the same permission has been inherited and applied directly, keep the one that is applied directly
-      if (item.actions.length === keep[key].actions.length && !item.isInherited) {
+      // Determine which permission to keep for display
+      // If the same permission has been applied more than once (i.e. one copy is ready kept)
+      if (item.actions.length === keep[key].actions.length) {
+        // replace the kept permission if it is managed and this item is not (i.e. it is inherited or provisioned)
+        if (keep[key].isManaged && !item.isManaged) {
           keep[key] = item;
         }
       }
+    }
     return Object.keys(keep).map((k) => keep[k]);
   }, [items, compareKey]);