noth/surrealpatch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Only allow OPTION statements to be run with KV/NS/DB auth levels

Browse source
This commit is contained in:
Tobie Morgan Hitchcock 2022-04-01 09:20:44 +01:00
parent 7e51401ebb
commit a938f017c4
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/src/dbs/executor.rs
View file

@ -1,6 +1,7 @@
use crate::ctx::Context; use crate::ctx::Context;
use crate::dbs::response::{Response, Responses, Status}; use crate::dbs::response::{Response, Responses, Status};
use crate::dbs::Auth; use crate::dbs::Auth;
use crate::dbs::Level;
use crate::dbs::Options; use crate::dbs::Options;
use crate::dbs::Runtime; use crate::dbs::Runtime;
use crate::dbs::Transaction; use crate::dbs::Transaction;
@ -142,6 +143,9 @@ impl Executor {
let res = match stm { let res = match stm {
// Specify runtime options // Specify runtime options
Statement::Option(stm) => { Statement::Option(stm) => {
// Allowed to run?
opt.check(Level::Db)?;
// Process the option
match &stm.name.name.to_uppercase()[..] { match &stm.name.name.to_uppercase()[..] {
"FIELD_QUERIES" => opt = opt.fields(stm.what), "FIELD_QUERIES" => opt = opt.fields(stm.what),
"EVENT_QUERIES" => opt = opt.events(stm.what), "EVENT_QUERIES" => opt = opt.events(stm.what),
@ -150,6 +154,7 @@ impl Executor {
"DEBUG" => opt = opt.debug(stm.what), "DEBUG" => opt = opt.debug(stm.what),
_ => break, _ => break,
} }
// Continue
continue; continue;
} }
// Begin a new transaction // Begin a new transaction