*: add super privilege check for some admin commands

Author: lcwangchao

pkg/planner/core/planbuilder.go

@@ -1439,30 +1439,29 @@ func (b *PlanBuilder) buildAdmin(ctx context.Context, as *ast.AdminStmt) (Plan,
 		p.setSchemaAndNames(buildShowSlowSchema())
 		ret = p
 	case ast.AdminReloadExprPushdownBlacklist:
-		return &ReloadExprPushdownBlacklist{}, nil
+		ret = &ReloadExprPushdownBlacklist{}
 	case ast.AdminReloadOptRuleBlacklist:
-		return &ReloadOptRuleBlacklist{}, nil
+		ret = &ReloadOptRuleBlacklist{}
 	case ast.AdminPluginEnable:
-		return &AdminPlugins{Action: Enable, Plugins: as.Plugins}, nil
+		ret = &AdminPlugins{Action: Enable, Plugins: as.Plugins}
 	case ast.AdminPluginDisable:
-		return &AdminPlugins{Action: Disable, Plugins: as.Plugins}, nil
+		ret = &AdminPlugins{Action: Disable, Plugins: as.Plugins}
 	case ast.AdminFlushBindings:
-		return &SQLBindPlan{SQLBindOp: OpFlushBindings}, nil
+		ret = &SQLBindPlan{SQLBindOp: OpFlushBindings}
 	case ast.AdminCaptureBindings:
-		return &SQLBindPlan{SQLBindOp: OpCaptureBindings}, nil
+		ret = &SQLBindPlan{SQLBindOp: OpCaptureBindings}
 	case ast.AdminEvolveBindings:
-		var err error
 		// The 'baseline evolution' only work in the test environment before the feature is GA.
 		if !config.CheckTableBeforeDrop {
-			err = errors.Errorf("Cannot enable baseline evolution feature, it is not generally available now")
+			return nil, errors.Errorf("Cannot enable baseline evolution feature, it is not generally available now")
 		}
-		return &SQLBindPlan{SQLBindOp: OpEvolveBindings}, err
+		ret = &SQLBindPlan{SQLBindOp: OpEvolveBindings}
 	case ast.AdminReloadBindings:
-		return &SQLBindPlan{SQLBindOp: OpReloadBindings}, nil
+		ret = &SQLBindPlan{SQLBindOp: OpReloadBindings}
 	case ast.AdminReloadStatistics:
-		return &Simple{Statement: as}, nil
+		ret = &Simple{Statement: as}
 	case ast.AdminFlushPlanCache:
-		return &Simple{Statement: as}, nil
+		ret = &Simple{Statement: as}
 	case ast.AdminSetBDRRole, ast.AdminUnsetBDRRole:
 		ret = &Simple{Statement: as}
 	case ast.AdminShowBDRRole:

tests/integrationtest/r/privilege/privileges.result

@@ -617,3 +617,23 @@ ADMIN SHOW SLOW RECENT 3;
 Error 8121 (HY000): privilege check for 'Super' fail
 ADMIN SHOW SLOW TOP ALL 3;
 Error 8121 (HY000): privilege check for 'Super' fail
+admin reload expr_pushdown_blacklist;
+Error 8121 (HY000): privilege check for 'Super' fail
+admin reload opt_rule_blacklist;
+Error 8121 (HY000): privilege check for 'Super' fail
+admin plugins enable audit;
+Error 8121 (HY000): privilege check for 'Super' fail
+admin plugins disable audit;
+Error 8121 (HY000): privilege check for 'Super' fail
+admin flush bindings;
+Error 8121 (HY000): privilege check for 'Super' fail
+admin capture bindings;
+Error 8121 (HY000): privilege check for 'Super' fail
+admin reload bindings;
+Error 8121 (HY000): privilege check for 'Super' fail
+admin flush session plan_cache;
+Error 8121 (HY000): privilege check for 'Super' fail
+admin flush global plan_cache;
+Error 8121 (HY000): privilege check for 'Super' fail
+admin flush instance plan_cache;
+Error 8121 (HY000): privilege check for 'Super' fail

tests/integrationtest/t/privilege/privileges.test

@@ -841,6 +841,26 @@ ADMIN SHOW privilege__privileges.admin NEXT_ROW_ID;
 ADMIN SHOW SLOW RECENT 3;
 -- error 8121
 ADMIN SHOW SLOW TOP ALL 3;
+-- error 8121
+admin reload expr_pushdown_blacklist;
+-- error 8121
+admin reload opt_rule_blacklist;
+-- error 8121
+admin plugins enable audit;
+-- error 8121
+admin plugins disable audit;
+-- error 8121
+admin flush bindings;
+-- error 8121
+admin capture bindings;
+-- error 8121
+admin reload bindings;
+-- error 8121
+admin flush session plan_cache;
+-- error 8121
+admin flush global plan_cache;
+-- error 8121
+admin flush instance plan_cache;
 
 disconnect without_super;
 connection default;