Check permissions on CREATE VIEW statements

Signed-off-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com>

Author: agarciamontoro

engine.go

@@ -120,7 +120,7 @@ func (e *Engine) Query(
 	case *plan.CreateIndex:
 		typ = sql.CreateIndexProcess
 		perm = auth.ReadPerm | auth.WritePerm
-	case *plan.InsertInto, *plan.DeleteFrom, *plan.Update, *plan.DropIndex, *plan.UnlockTables, *plan.LockTables:
+	case *plan.InsertInto, *plan.DeleteFrom, *plan.Update, *plan.DropIndex, *plan.UnlockTables, *plan.LockTables, *plan.CreateView:
 		perm = auth.ReadPerm | auth.WritePerm
 	}
 

engine_test.go

@@ -3144,17 +3144,18 @@ func TestReadOnly(t *testing.T) {
 	_, _, err := e.Query(newCtx(), `SELECT i FROM mytable`)
 	require.NoError(err)
 
-	_, _, err = e.Query(newCtx(), `CREATE INDEX foo ON mytable USING pilosa (i, s)`)
-	require.Error(err)
-	require.True(auth.ErrNotAuthorized.Is(err))
-
-	_, _, err = e.Query(newCtx(), `DROP INDEX foo ON mytable`)
-	require.Error(err)
-	require.True(auth.ErrNotAuthorized.Is(err))
+	writingQueries := []string{
+		`CREATE INDEX foo ON mytable USING pilosa (i, s)`,
+		`DROP INDEX foo ON mytable`,
+		`INSERT INTO mytable (i, s) VALUES(42, 'yolo')`,
+		`CREATE VIEW myview AS SELECT i FROM mytable`,
+	}
 
-	_, _, err = e.Query(newCtx(), `INSERT INTO mytable (i, s) VALUES(42, 'yolo')`)
-	require.Error(err)
-	require.True(auth.ErrNotAuthorized.Is(err))
+	for _, query := range writingQueries {
+		_, _, err = e.Query(newCtx(), query)
+		require.Error(err)
+		require.True(auth.ErrNotAuthorized.Is(err))
+	}
 }
 
 func TestSessionVariables(t *testing.T) {