Commit 200f03fd authored by unknown's avatar unknown
Browse files

added processing of view grants to table grants (BUG#9795) 


mysql-test/r/grant.result:
  test of new table privileges
mysql-test/r/system_mysql_db.result:
  added new table priveleges
mysql-test/r/view_grant.result:
  error changed
mysql-test/t/grant.test:
  test of new table privileges
mysql-test/t/view_grant.test:
  error changed
scripts/mysql_create_system_tables.sh:
  add new table privileges
scripts/mysql_fix_privilege_tables.sql:
  fixed system tables fix script
sql/sql_acl.h:
  fixed coding/decoding new tables grants
parent bf851ae2

mysql-test/r/grant.result

+113 −0
Original line number Diff line number Diff line 
drop table if exists t1;

drop database if exists mysqltest;

SET NAMES binary;

delete from mysql.user where user='mysqltest_1';

delete from mysql.db where user='mysqltest_1';
@@ -473,3 +474,115 @@ ERROR 42000: INSERT,CREATE command denied to user 'mysqltest_1'@'localhost' for 
revoke all privileges on mysqltest.t1 from mysqltest_1@localhost;

delete from mysql.user where user=_binary'mysqltest_1';

drop database mysqltest;

CREATE USER dummy@localhost;

CREATE DATABASE mysqltest;

CREATE TABLE mysqltest.dummytable (dummyfield INT);

CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;

GRANT ALL PRIVILEGES ON mysqltest.dummytable TO dummy@localhost;

GRANT ALL PRIVILEGES ON mysqltest.dummyview TO dummy@localhost;

SHOW GRANTS FOR dummy@localhost;

Grants for dummy@localhost

GRANT USAGE ON *.* TO 'dummy'@'localhost'

GRANT ALL PRIVILEGES ON `mysqltest`.`dummyview` TO 'dummy'@'localhost'

GRANT ALL PRIVILEGES ON `mysqltest`.`dummytable` TO 'dummy'@'localhost'

use INFORMATION_SCHEMA;

SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY

PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE

= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;

TABLE_SCHEMA	TABLE_NAME	PRIVILEGES

mysqltest	dummytable	ALTER, CREATE, CREATE VIEW, DELETE, DROP, INDEX, INSERT, REFERENCES, SELECT, SHOW VIEW, UPDATE

mysqltest	dummyview	ALTER, CREATE, CREATE VIEW, DELETE, DROP, INDEX, INSERT, REFERENCES, SELECT, SHOW VIEW, UPDATE

FLUSH PRIVILEGES;

SHOW GRANTS FOR dummy@localhost;

Grants for dummy@localhost

GRANT USAGE ON *.* TO 'dummy'@'localhost'

GRANT ALL PRIVILEGES ON `mysqltest`.`dummyview` TO 'dummy'@'localhost'

GRANT ALL PRIVILEGES ON `mysqltest`.`dummytable` TO 'dummy'@'localhost'

SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY

PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE

= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;

TABLE_SCHEMA	TABLE_NAME	PRIVILEGES

mysqltest	dummytable	ALTER, CREATE, CREATE VIEW, DELETE, DROP, INDEX, INSERT, REFERENCES, SELECT, SHOW VIEW, UPDATE

mysqltest	dummyview	ALTER, CREATE, CREATE VIEW, DELETE, DROP, INDEX, INSERT, REFERENCES, SELECT, SHOW VIEW, UPDATE

SHOW FIELDS FROM mysql.tables_priv;

Field	Type	Null	Key	Default	Extra

Host	char(60)	NO	PRI		

Db	char(64)	NO	PRI		

User	char(16)	NO	PRI		

Table_name	char(64)	NO	PRI		

Grantor	char(77)	NO	MUL		

Timestamp	timestamp	YES		CURRENT_TIMESTAMP	

Table_priv	set('Select','Insert','Update','Delete','Create','Drop','Grant','References','Index','Alter','Create View','Show view')	NO			

Column_priv	set('Select','Insert','Update','References')	NO			

use test;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;

DROP USER dummy@localhost;

DROP DATABASE mysqltest;

CREATE USER dummy@localhost;

CREATE DATABASE mysqltest;

CREATE TABLE mysqltest.dummytable (dummyfield INT);

CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;

GRANT CREATE VIEW ON mysqltest.dummytable TO dummy@localhost;

GRANT CREATE VIEW ON mysqltest.dummyview TO dummy@localhost;

SHOW GRANTS FOR dummy@localhost;

Grants for dummy@localhost

GRANT USAGE ON *.* TO 'dummy'@'localhost'

GRANT CREATE VIEW ON `mysqltest`.`dummyview` TO 'dummy'@'localhost'

GRANT CREATE VIEW ON `mysqltest`.`dummytable` TO 'dummy'@'localhost'

use INFORMATION_SCHEMA;

SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY

PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE

= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;

TABLE_SCHEMA	TABLE_NAME	PRIVILEGES

mysqltest	dummytable	CREATE VIEW

mysqltest	dummyview	CREATE VIEW

FLUSH PRIVILEGES;

SHOW GRANTS FOR dummy@localhost;

Grants for dummy@localhost

GRANT USAGE ON *.* TO 'dummy'@'localhost'

GRANT CREATE VIEW ON `mysqltest`.`dummyview` TO 'dummy'@'localhost'

GRANT CREATE VIEW ON `mysqltest`.`dummytable` TO 'dummy'@'localhost'

SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY

PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE

= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;

TABLE_SCHEMA	TABLE_NAME	PRIVILEGES

mysqltest	dummytable	CREATE VIEW

mysqltest	dummyview	CREATE VIEW

use test;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;

DROP USER dummy@localhost;

DROP DATABASE mysqltest;

CREATE USER dummy@localhost;

CREATE DATABASE mysqltest;

CREATE TABLE mysqltest.dummytable (dummyfield INT);

CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;

GRANT SHOW VIEW ON mysqltest.dummytable TO dummy@localhost;

GRANT SHOW VIEW ON mysqltest.dummyview TO dummy@localhost;

SHOW GRANTS FOR dummy@localhost;

Grants for dummy@localhost

GRANT USAGE ON *.* TO 'dummy'@'localhost'

GRANT SHOW VIEW ON `mysqltest`.`dummyview` TO 'dummy'@'localhost'

GRANT SHOW VIEW ON `mysqltest`.`dummytable` TO 'dummy'@'localhost'

use INFORMATION_SCHEMA;

SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY

PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE

= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;

TABLE_SCHEMA	TABLE_NAME	PRIVILEGES

mysqltest	dummytable	SHOW VIEW

mysqltest	dummyview	SHOW VIEW

FLUSH PRIVILEGES;

SHOW GRANTS FOR dummy@localhost;

Grants for dummy@localhost

GRANT USAGE ON *.* TO 'dummy'@'localhost'

GRANT SHOW VIEW ON `mysqltest`.`dummyview` TO 'dummy'@'localhost'

GRANT SHOW VIEW ON `mysqltest`.`dummytable` TO 'dummy'@'localhost'

SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY

PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE

= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;

TABLE_SCHEMA	TABLE_NAME	PRIVILEGES

mysqltest	dummytable	SHOW VIEW

mysqltest	dummyview	SHOW VIEW

use test;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;

DROP USER dummy@localhost;

DROP DATABASE mysqltest;

mysql-test/r/system_mysql_db.result

+1 −1
Original line number Diff line number Diff line
@@ -128,7 +128,7 @@ tables_priv CREATE TABLE `tables_priv` ( 
  `Table_name` char(64) collate utf8_bin NOT NULL default '',

  `Grantor` char(77) collate utf8_bin NOT NULL default '',

  `Timestamp` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,

  `Table_priv` set('Select','Insert','Update','Delete','Create','Drop','Grant','References','Index','Alter') character set utf8 NOT NULL default '',

  `Table_priv` set('Select','Insert','Update','Delete','Create','Drop','Grant','References','Index','Alter','Create View','Show view') character set utf8 NOT NULL default '',

  `Column_priv` set('Select','Insert','Update','References') character set utf8 NOT NULL default '',

  PRIMARY KEY  (`Host`,`Db`,`User`,`Table_name`),

  KEY `Grantor` (`Grantor`)

mysql-test/r/view_grant.result

+1 −1
Original line number Diff line number Diff line
@@ -284,7 +284,7 @@ create table mysqltest.v3 (b int); 
grant select(b) on mysqltest.v3 to mysqltest_1@localhost;

drop table mysqltest.v3;

create view mysqltest.v3 as select b from mysqltest.t2;

ERROR 42000: CREATE VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v3'

ERROR 42000: create view command denied to user 'mysqltest_1'@'localhost' for column 'b' in table 'v3'

create view v4 as select b+1 from mysqltest.t2;

ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for column 'b' in table 't2'

grant create view,update,select on test.* to mysqltest_1@localhost;

mysql-test/t/grant.test

+67 −0
Original line number Diff line number Diff line
@@ -6,6 +6,7 @@ 
# Cleanup

--disable_warnings

drop table if exists t1;

drop database if exists mysqltest;

--enable_warnings



connect (master,localhost,root,,);
@@ -403,3 +404,69 @@ connection root; 
revoke all privileges on mysqltest.t1 from mysqltest_1@localhost;

delete from mysql.user where user=_binary'mysqltest_1';

drop database mysqltest;



#

# check all new table priveleges

#

CREATE USER dummy@localhost;

CREATE DATABASE mysqltest;

CREATE TABLE mysqltest.dummytable (dummyfield INT);

CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;

GRANT ALL PRIVILEGES ON mysqltest.dummytable TO dummy@localhost;

GRANT ALL PRIVILEGES ON mysqltest.dummyview TO dummy@localhost;

SHOW GRANTS FOR dummy@localhost;

use INFORMATION_SCHEMA;

SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY

PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE

= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;

FLUSH PRIVILEGES;

SHOW GRANTS FOR dummy@localhost;

SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY

PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE

= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;

SHOW FIELDS FROM mysql.tables_priv;

use test;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;

DROP USER dummy@localhost;

DROP DATABASE mysqltest;

# check view only privileges

CREATE USER dummy@localhost;

CREATE DATABASE mysqltest;

CREATE TABLE mysqltest.dummytable (dummyfield INT);

CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;

GRANT CREATE VIEW ON mysqltest.dummytable TO dummy@localhost;

GRANT CREATE VIEW ON mysqltest.dummyview TO dummy@localhost;

SHOW GRANTS FOR dummy@localhost;

use INFORMATION_SCHEMA;

SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY

PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE

= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;

FLUSH PRIVILEGES;

SHOW GRANTS FOR dummy@localhost;

SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY

PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE

= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;

use test;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;

DROP USER dummy@localhost;

DROP DATABASE mysqltest;

CREATE USER dummy@localhost;

CREATE DATABASE mysqltest;

CREATE TABLE mysqltest.dummytable (dummyfield INT);

CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;

GRANT SHOW VIEW ON mysqltest.dummytable TO dummy@localhost;

GRANT SHOW VIEW ON mysqltest.dummyview TO dummy@localhost;

SHOW GRANTS FOR dummy@localhost;

use INFORMATION_SCHEMA;

SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY

PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE

= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;

FLUSH PRIVILEGES;

SHOW GRANTS FOR dummy@localhost;

SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY

PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE

= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;

use test;

REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;

DROP USER dummy@localhost;

DROP DATABASE mysqltest;

mysql-test/t/view_grant.test

+1 −1
Original line number Diff line number Diff line
@@ -360,7 +360,7 @@ create table mysqltest.v3 (b int); 
grant select(b) on mysqltest.v3 to mysqltest_1@localhost;

drop table mysqltest.v3;

connection user1;

-- error 1142

-- error 1143

create view mysqltest.v3 as select b from mysqltest.t2;



# Expression need select privileges