improve: improve drop system role error message

cnosdb · Nov 21, 2023 · ea2eb15 · ea2eb15
1 parent 9581998
commit ea2eb15
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 0 deletions.
diff --git a/query_server/query/src/sql/planner.rs b/query_server/query/src/sql/planner.rs
@@ -427,6 +427,11 @@ impl<'a, S: ContextProviderExtension + Send + Sync + 'a> SqlPlanner<'a, S> {
             }
             TenantObjectType::Role => {
                 let role_name = normalize_ident(object_name);
+
+                if SystemTenantRole::try_from(role_name.as_str()).is_ok() {
+                    return Err(QueryError::ForbiddenDropSystemRole { role: role_name });
+                }
+
                 (
                     DDLPlan::DropTenantObject(DropTenantObject {
                         tenant_name: tenant_name.to_string(),

diff --git a/query_server/spi/src/lib.rs b/query_server/spi/src/lib.rs
@@ -501,6 +501,12 @@ pub enum QueryError {
     ForbiddenLimitTenant {
         tenant: String,
     },
+
+    #[snafu(display("Couldn't Drop System Role {}", role))]
+    #[error_code(code = 76)]
+    ForbiddenDropSystemRole {
+        role: String,
+    },
 }
 
 impl From<ParserError> for QueryError {

diff --git a/query_server/test/cases/sys_table/information_schema/roles.result b/query_server/test/cases/sys_table/information_schema/roles.result
@@ -70,3 +70,13 @@ role_name,role_type,inherit_role
 member,system,
 owner,system,
 test_rs_role1,custom,member
+
+-- EXECUTE SQL: drop role owner; --
+422 Unprocessable Entity
+{"error_code":"010076","error_message":"Couldn't Drop System Role owner"}
+-- ERROR:  --
+
+-- EXECUTE SQL: drop role member; --
+422 Unprocessable Entity
+{"error_code":"010076","error_message":"Couldn't Drop System Role member"}
+-- ERROR:  --
diff --git a/query_server/test/cases/sys_table/information_schema/roles.sql b/query_server/test/cases/sys_table/information_schema/roles.sql
@@ -38,3 +38,9 @@ alter tenant test_rs_tenant1 remove user test_rs_u2;
 --#SORT=true
 select * from information_schema.ROLES;
 
+--#TENANT=cnosdb
+--#USER_NAME=root
+
+drop role owner;
+
+drop role member;