From a938f017c45e8cd60a7ff2f89a784a9082242e22 Mon Sep 17 00:00:00 2001
From: Tobie Morgan Hitchcock <tobie@abcum.com>
Date: Fri, 1 Apr 2022 09:20:44 +0100
Subject: [PATCH] Only allow OPTION statements to be run with KV/NS/DB auth
 levels

---
 lib/src/dbs/executor.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/src/dbs/executor.rs b/lib/src/dbs/executor.rs
index 556a9269..f247ded4 100644
--- a/lib/src/dbs/executor.rs
+++ b/lib/src/dbs/executor.rs
@@ -1,6 +1,7 @@
 use crate::ctx::Context;
 use crate::dbs::response::{Response, Responses, Status};
 use crate::dbs::Auth;
+use crate::dbs::Level;
 use crate::dbs::Options;
 use crate::dbs::Runtime;
 use crate::dbs::Transaction;
@@ -142,6 +143,9 @@ impl Executor {
 			let res = match stm {
 				// Specify runtime options
 				Statement::Option(stm) => {
+					// Allowed to run?
+					opt.check(Level::Db)?;
+					// Process the option
 					match &stm.name.name.to_uppercase()[..] {
 						"FIELD_QUERIES" => opt = opt.fields(stm.what),
 						"EVENT_QUERIES" => opt = opt.events(stm.what),
@@ -150,6 +154,7 @@ impl Executor {
 						"DEBUG" => opt = opt.debug(stm.what),
 						_ => break,
 					}
+					// Continue
 					continue;
 				}
 				// Begin a new transaction