From 1f876deb5d97a64c135a91322fa2a15e9db0baf3 Mon Sep 17 00:00:00 2001
From: wupenghao <wupenghao@cmss.chinamobile.com>
Date: Tue, 16 Apr 2024 15:41:17 +0800
Subject: [PATCH] Add permission control

Added a new parameter to fdbcli that allows modifying writemode only when starting fdbcli with the --admin flag, enhancing security and preventing accidental deletion operations.

Signed-off-by: wupenghao<wupenghao_yewu@cmss.chinamobile.com>
---
 fdbcli/fdbcli.actor.cpp | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/fdbcli/fdbcli.actor.cpp b/fdbcli/fdbcli.actor.cpp
index 305330872db..3997d0c6123 100644
--- a/fdbcli/fdbcli.actor.cpp
+++ b/fdbcli/fdbcli.actor.cpp
@@ -101,6 +101,7 @@ enum {
 	OPT_DEBUG_TLS,
 	OPT_API_VERSION,
 	OPT_MEMORY,
+	OPT_ADMIN,
 };
 
 CSimpleOpt::SOption g_rgOptions[] = { { OPT_CONNFILE, "-C", SO_REQ_SEP },
@@ -125,6 +126,7 @@ CSimpleOpt::SOption g_rgOptions[] = { { OPT_CONNFILE, "-C", SO_REQ_SEP },
 	                                  { OPT_DEBUG_TLS, "--debug-tls", SO_NONE },
 	                                  { OPT_API_VERSION, "--api-version", SO_REQ_SEP },
 	                                  { OPT_MEMORY, "--memory", SO_REQ_SEP },
+									  { OPT_ADMIN, "--admin", SO_NONE },
 
 #ifndef TLS_DISABLED
 	                                  TLS_OPTION_FLAGS
@@ -991,6 +993,7 @@ struct CLIOptions {
 	int exit_timeout = 0;
 	Optional<std::string> exec;
 	bool initialStatusCheck = true;
+	bool adminControl = false;
 	bool cliHints = true;
 	bool debugTLS = false;
 	std::string tlsCertPath;
@@ -1144,6 +1147,9 @@ struct CLIOptions {
 		case OPT_BUILD_FLAGS:
 			printBuildInformation();
 			return FDB_EXIT_SUCCESS;
+		case OPT_ADMIN:
+			adminControl = true;
+			break;
 		}
 		return -1;
 	}
@@ -1850,12 +1856,17 @@ ACTOR Future<int> cli(CLIOptions opt, LineNoise* plinenoise) {
 						printUsage(tokens[0]);
 						is_error = true;
 					} else {
-						if (tokencmp(tokens[1], "on")) {
-							writeMode = true;
-						} else if (tokencmp(tokens[1], "off")) {
-							writeMode = false;
+						if (opt.adminControl){
+							if (tokencmp(tokens[1], "on")) {
+								writeMode = true;
+							} else if (tokencmp(tokens[1], "off")) {
+								writeMode = false;
+							} else {
+								printUsage(tokens[0]);
+								is_error = true;
+							}
 						} else {
-							printUsage(tokens[0]);
+							fprintf(stderr, "ERROR: You do not have the required permissions to access the write mode.\n");
 							is_error = true;
 						}
 					}