Bug #23556: TRUNCATE TABLE still maps to DELETE

 - TRUNCATE requires DROP privilege, not DELETE
parent 98911707
...@@ -972,4 +972,24 @@ REVOKE EXECUTE ON PROCEDURE p1 FROM 1234567890abcdefGHIKL@localhost; ...@@ -972,4 +972,24 @@ REVOKE EXECUTE ON PROCEDURE p1 FROM 1234567890abcdefGHIKL@localhost;
ERROR HY000: String '1234567890abcdefGHIKL' is too long for user name (should be no longer than 16) ERROR HY000: String '1234567890abcdefGHIKL' is too long for user name (should be no longer than 16)
REVOKE EXECUTE ON PROCEDURE t1 FROM some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY; REVOKE EXECUTE ON PROCEDURE t1 FROM some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY;
ERROR HY000: String '1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY' is too long for host name (should be no longer than 60) ERROR HY000: String '1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY' is too long for host name (should be no longer than 60)
CREATE USER bug23556@localhost;
CREATE DATABASE bug23556;
GRANT SELECT ON bug23556.* TO bug23556@localhost;
USE bug23556;
CREATE TABLE t1 (a INT PRIMARY KEY);
INSERT INTO t1 VALUES (1),(2),(3),(4),(5);
GRANT DELETE ON t1 TO bug23556@localhost;
USE bug23556;
TRUNCATE t1;
ERROR 42000: DROP command denied to user 'bug23556'@'localhost' for table 't1'
USE bug23556;
REVOKE DELETE ON t1 FROM bug23556@localhost;
GRANT DROP ON t1 TO bug23556@localhost;
USE bug23556;
TRUNCATE t1;
USE bug23556;
DROP TABLE t1;
USE test;
DROP DATABASE bug23556;
DROP USER bug23556@localhost;
End of 5.0 tests End of 5.0 tests
...@@ -14,8 +14,8 @@ CREATE TABLE t1(num_value INT); ...@@ -14,8 +14,8 @@ CREATE TABLE t1(num_value INT);
CREATE TABLE t2(user_str TEXT); CREATE TABLE t2(user_str TEXT);
---> connection: default ---> connection: default
GRANT INSERT, DELETE ON mysqltest_db1.t1 TO mysqltest_dfn@localhost; GRANT INSERT, DROP ON mysqltest_db1.t1 TO mysqltest_dfn@localhost;
GRANT INSERT, DELETE ON mysqltest_db1.t2 TO mysqltest_dfn@localhost; GRANT INSERT, DROP ON mysqltest_db1.t2 TO mysqltest_dfn@localhost;
---> connection: default ---> connection: default
GRANT SUPER ON *.* TO mysqltest_dfn@localhost; GRANT SUPER ON *.* TO mysqltest_dfn@localhost;
......
...@@ -863,4 +863,39 @@ REVOKE EXECUTE ON PROCEDURE p1 FROM 1234567890abcdefGHIKL@localhost; ...@@ -863,4 +863,39 @@ REVOKE EXECUTE ON PROCEDURE p1 FROM 1234567890abcdefGHIKL@localhost;
--error ER_WRONG_STRING_LENGTH --error ER_WRONG_STRING_LENGTH
REVOKE EXECUTE ON PROCEDURE t1 FROM some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY; REVOKE EXECUTE ON PROCEDURE t1 FROM some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY;
#
# BUG#23556: TRUNCATE TABLE still maps to DELETE
#
CREATE USER bug23556@localhost;
CREATE DATABASE bug23556;
GRANT SELECT ON bug23556.* TO bug23556@localhost;
connect (bug23556,localhost,bug23556,,bug23556);
connection default;
USE bug23556;
CREATE TABLE t1 (a INT PRIMARY KEY); INSERT INTO t1 VALUES (1),(2),(3),(4),(5);
GRANT DELETE ON t1 TO bug23556@localhost;
connection bug23556;
USE bug23556;
--error ER_TABLEACCESS_DENIED_ERROR
TRUNCATE t1;
connection default;
USE bug23556;
REVOKE DELETE ON t1 FROM bug23556@localhost;
GRANT DROP ON t1 TO bug23556@localhost;
connection bug23556;
USE bug23556;
TRUNCATE t1;
connection default;
USE bug23556;
DROP TABLE t1;
USE test;
DROP DATABASE bug23556;
DROP USER bug23556@localhost;
--echo End of 5.0 tests --echo End of 5.0 tests
...@@ -60,8 +60,8 @@ CREATE TABLE t2(user_str TEXT); ...@@ -60,8 +60,8 @@ CREATE TABLE t2(user_str TEXT);
--echo --echo
--echo ---> connection: default --echo ---> connection: default
GRANT INSERT, DELETE ON mysqltest_db1.t1 TO mysqltest_dfn@localhost; GRANT INSERT, DROP ON mysqltest_db1.t1 TO mysqltest_dfn@localhost;
GRANT INSERT, DELETE ON mysqltest_db1.t2 TO mysqltest_dfn@localhost; GRANT INSERT, DROP ON mysqltest_db1.t2 TO mysqltest_dfn@localhost;
# #
# Check that the user must have TRIGGER privilege to create a trigger. # Check that the user must have TRIGGER privilege to create a trigger.
......
...@@ -3508,7 +3508,7 @@ end_with_restore_list: ...@@ -3508,7 +3508,7 @@ end_with_restore_list:
break; break;
} }
DBUG_ASSERT(first_table == all_tables && first_table != 0); DBUG_ASSERT(first_table == all_tables && first_table != 0);
if (check_one_table_access(thd, DELETE_ACL, all_tables)) if (check_one_table_access(thd, DROP_ACL, all_tables))
goto error; goto error;
/* /*
Don't allow this within a transaction because we want to use Don't allow this within a transaction because we want to use
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment