Mark dolt procedures as AdminOnly to force tighter permission checks

2026-03-11 01:55:08 -05:00 · 2023-10-27 08:41:52 -07:00
parent 13e346c0fd
commit 547dbd8b95
1 changed files with 13 additions and 13 deletions
--- a/go/libraries/doltcore/sqle/dprocedures/init.go
+++ b/go/libraries/doltcore/sqle/dprocedures/init.go
@@ -21,27 +21,27 @@ import (

 var DoltProcedures = []sql.ExternalStoredProcedureDetails{
 	{Name: "dolt_add", Schema: int64Schema("status"), Function: doltAdd},
-	{Name: "dolt_backup", Schema: int64Schema("status"), Function: doltBackup, ReadOnly: true},
+	{Name: "dolt_backup", Schema: int64Schema("status"), Function: doltBackup, ReadOnly: true, AdminOnly: true},
 	{Name: "dolt_branch", Schema: int64Schema("status"), Function: doltBranch},
 	{Name: "dolt_checkout", Schema: doltCheckoutSchema, Function: doltCheckout, ReadOnly: true},
 	{Name: "dolt_cherry_pick", Schema: cherryPickSchema, Function: doltCherryPick},
 	{Name: "dolt_clean", Schema: int64Schema("status"), Function: doltClean},
-	{Name: "dolt_clone", Schema: int64Schema("status"), Function: doltClone},
+	{Name: "dolt_clone", Schema: int64Schema("status"), Function: doltClone, AdminOnly: true},
 	{Name: "dolt_commit", Schema: stringSchema("hash"), Function: doltCommit},
 	{Name: "dolt_commit_hash_out", Schema: stringSchema("hash"), Function: doltCommitHashOut},
 	{Name: "dolt_conflicts_resolve", Schema: int64Schema("status"), Function: doltConflictsResolve},
 	{Name: "dolt_count_commits", Schema: int64Schema("ahead", "behind"), Function: doltCountCommits, ReadOnly: true},
-	{Name: "dolt_fetch", Schema: int64Schema("status"), Function: doltFetch},
-	{Name: "dolt_undrop", Schema: int64Schema("status"), Function: doltUndrop},
-	{Name: "dolt_purge_dropped_databases", Schema: int64Schema("status"), Function: doltPurgeDroppedDatabases},
+	{Name: "dolt_fetch", Schema: int64Schema("status"), Function: doltFetch, AdminOnly: true},
+	{Name: "dolt_undrop", Schema: int64Schema("status"), Function: doltUndrop, AdminOnly: true},
+	{Name: "dolt_purge_dropped_databases", Schema: int64Schema("status"), Function: doltPurgeDroppedDatabases, AdminOnly: true},

 	// dolt_gc is enabled behind a feature flag for now, see dolt_gc.go
-	{Name: "dolt_gc", Schema: int64Schema("status"), Function: doltGC, ReadOnly: true},
+	{Name: "dolt_gc", Schema: int64Schema("status"), Function: doltGC, ReadOnly: true, AdminOnly: true},

 	{Name: "dolt_merge", Schema: doltMergeSchema, Function: doltMerge},
-	{Name: "dolt_pull", Schema: int64Schema("fast_forward", "conflicts"), Function: doltPull},
-	{Name: "dolt_push", Schema: doltPushSchema, Function: doltPush},
-	{Name: "dolt_remote", Schema: int64Schema("status"), Function: doltRemote},
+	{Name: "dolt_pull", Schema: int64Schema("fast_forward", "conflicts"), Function: doltPull, AdminOnly: true},
+	{Name: "dolt_push", Schema: doltPushSchema, Function: doltPush, AdminOnly: true},
+	{Name: "dolt_remote", Schema: int64Schema("status"), Function: doltRemote, AdminOnly: true},
 	{Name: "dolt_reset", Schema: int64Schema("status"), Function: doltReset},
 	{Name: "dolt_revert", Schema: int64Schema("status"), Function: doltRevert},
 	{Name: "dolt_tag", Schema: int64Schema("status"), Function: doltTag},
@@ -56,14 +56,14 @@ var DoltProcedures = []sql.ExternalStoredProcedureDetails{
 	{Name: "dclean", Schema: int64Schema("status"), Function: doltClean},
 	{Name: "dclone", Schema: int64Schema("status"), Function: doltClone},
 	{Name: "dcommit", Schema: stringSchema("hash"), Function: doltCommit},
-	{Name: "dfetch", Schema: int64Schema("status"), Function: doltFetch},
+	{Name: "dfetch", Schema: int64Schema("status"), Function: doltFetch, AdminOnly: true},

 	//	{Name: "dgc", Schema: int64Schema("status"), Function: doltGC},

 	{Name: "dmerge", Schema: doltMergeSchema, Function: doltMerge},
-	{Name: "dpull", Schema: int64Schema("fast_forward", "conflicts"), Function: doltPull},
-	{Name: "dpush", Schema: doltPushSchema, Function: doltPush},
-	{Name: "dremote", Schema: int64Schema("status"), Function: doltRemote},
+	{Name: "dpull", Schema: int64Schema("fast_forward", "conflicts"), Function: doltPull, AdminOnly: true},
+	{Name: "dpush", Schema: doltPushSchema, Function: doltPush, AdminOnly: true},
+	{Name: "dremote", Schema: int64Schema("status"), Function: doltRemote, AdminOnly: true},
 	{Name: "dreset", Schema: int64Schema("status"), Function: doltReset},
 	{Name: "drevert", Schema: int64Schema("status"), Function: doltRevert},
 	{Name: "dtag", Schema: int64Schema("status"), Function: doltTag},