Commit 9139be50 authored by unknown's avatar unknown
Browse files

fix of required privileges for altering view VIEW (DELETE->DROP) (BUG#9260) 


mysql-test/r/view.result:
  fix of required privileges for altering view VIEW (DELETE->DROP)
  new test of altering view
mysql-test/t/view.test:
  fix of required privileges for altering view VIEW (DELETE->DROP)
  new test of altering view
sql/sql_view.cc:
  fix of required privileges for altering view VIEW (DELETE->DROP)
parent ba8dc8e9

mysql-test/r/view.result

+6 −2
Original line number Diff line number Diff line
@@ -237,13 +237,17 @@ grant select on mysqltest.t1 to mysqltest_1@localhost; 
grant create view,select on test.* to mysqltest_1@localhost;

create view v1 as select * from mysqltest.t1;

alter view v1 as select * from mysqltest.t1;

ERROR 42000: DELETE command denied to user 'mysqltest_1'@'localhost' for table 'v1'

ERROR 42000: DROP command denied to user 'mysqltest_1'@'localhost' for table 'v1'

create or replace view v1 as select * from mysqltest.t1;

ERROR 42000: DELETE command denied to user 'mysqltest_1'@'localhost' for table 'v1'

ERROR 42000: DROP command denied to user 'mysqltest_1'@'localhost' for table 'v1'

create view mysqltest.v2  as select * from mysqltest.t1;

ERROR 42000: CREATE VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v2'

create view v2 as select * from mysqltest.t2;

ERROR 42000: ANY command denied to user 'mysqltest_1'@'localhost' for table 't2'

grant create view,drop,select on test.* to mysqltest_1@localhost;

use test;

alter view v1 as select * from mysqltest.t1;

create or replace view v1 as select * from mysqltest.t1;

revoke all privileges on mysqltest.t1 from mysqltest_1@localhost;

revoke all privileges on test.* from mysqltest_1@localhost;

drop database mysqltest;

mysql-test/t/view.test

+11 −1
Original line number Diff line number Diff line
@@ -181,7 +181,7 @@ connect (user1,localhost,mysqltest_1,,test); 
connection user1;



create view v1 as select * from mysqltest.t1;

# try to modify view without DELETE privilege on it

# try to modify view without DROP privilege on it

-- error 1142

alter view v1 as select * from mysqltest.t1;

-- error 1142
@@ -193,6 +193,16 @@ create view mysqltest.v2 as select * from mysqltest.t1; 
-- error 1142

create view v2 as select * from mysqltest.t2;



connection root;

grant create view,drop,select on test.* to mysqltest_1@localhost;



connection user1;

# following 'use' command is workaround of bug #9582 and should be removed

# when that bug will be fixed

use test;

alter view v1 as select * from mysqltest.t1;

create or replace view v1 as select * from mysqltest.t1;



connection root;

revoke all privileges on mysqltest.t1 from mysqltest_1@localhost;

revoke all privileges on test.* from mysqltest_1@localhost;

sql/sql_view.cc

+3 −3
Original line number Diff line number Diff line
@@ -89,7 +89,7 @@ bool mysql_create_view(THD *thd, 
  /*

    Privilege check for view creation:

    - user have CREATE VIEW privilege on view table

    - user have DELETE privilege in case of ALTER VIEW or CREATE OR REPLACE

    - user have DROP privilege in case of ALTER VIEW or CREATE OR REPLACE

    VIEW

    - have some (SELECT/UPDATE/INSERT/DELETE) privileges on columns of

    underlying tables used on top of SELECT list (because it can be
@@ -104,9 +104,9 @@ bool mysql_create_view(THD *thd, 
                    0, 0) ||

       grant_option && check_grant(thd, CREATE_VIEW_ACL, view, 0, 1, 0)) ||

      (mode != VIEW_CREATE_NEW &&

       (check_access(thd, DELETE_ACL, view->db, &view->grant.privilege,

       (check_access(thd, DROP_ACL, view->db, &view->grant.privilege,

                     0, 0) ||

        grant_option && check_grant(thd, DELETE_ACL, view, 0, 1, 0))))

        grant_option && check_grant(thd, DROP_ACL, view, 0, 1, 0))))

    DBUG_RETURN(TRUE);

  for (sl= select_lex; sl; sl= sl->next_select())

  {