Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
69ac1642
Commit
69ac1642
authored
Feb 25, 2009
by
Georgi Kodinov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
backport the fix for bug #37191 to 5.1-bugteam
parent
d5783112
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
90 additions
and
21 deletions
+90
-21
mysql-test/r/view_grant.result
mysql-test/r/view_grant.result
+21
-0
mysql-test/t/view_grant.test
mysql-test/t/view_grant.test
+38
-0
sql/sql_view.cc
sql/sql_view.cc
+31
-21
No files found.
mysql-test/r/view_grant.result
View file @
69ac1642
...
...
@@ -956,6 +956,27 @@ Warnings:
Warning 1356 View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
DROP VIEW v1;
DROP TABLE t1;
CREATE USER mysqluser1@localhost;
CREATE DATABASE mysqltest1;
USE mysqltest1;
CREATE TABLE t1 ( a INT );
CREATE TABLE t2 ( b INT );
INSERT INTO t1 VALUES (1), (2);
INSERT INTO t2 VALUES (1), (2);
GRANT CREATE VIEW ON mysqltest1.* TO mysqluser1@localhost;
GRANT SELECT ON t1 TO mysqluser1@localhost;
GRANT INSERT ON t2 TO mysqluser1@localhost;
This would lead to failed assertion.
CREATE VIEW v1 AS SELECT a, b FROM t1, t2;
SELECT * FROM v1;
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 'v1'
SELECT b FROM v1;
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 'v1'
DROP TABLE t1, t2;
DROP VIEW v1;
DROP DATABASE mysqltest1;
DROP USER mysqluser1@localhost;
USE test;
End of 5.1 tests.
CREATE USER mysqluser1@localhost;
CREATE DATABASE mysqltest1;
...
...
mysql-test/t/view_grant.test
View file @
69ac1642
...
...
@@ -1218,6 +1218,44 @@ SHOW CREATE VIEW v1;
DROP
VIEW
v1
;
DROP
TABLE
t1
;
#
# Bug#37191: Failed assertion in CREATE VIEW
#
CREATE
USER
mysqluser1
@
localhost
;
CREATE
DATABASE
mysqltest1
;
USE
mysqltest1
;
CREATE
TABLE
t1
(
a
INT
);
CREATE
TABLE
t2
(
b
INT
);
INSERT
INTO
t1
VALUES
(
1
),
(
2
);
INSERT
INTO
t2
VALUES
(
1
),
(
2
);
GRANT
CREATE
VIEW
ON
mysqltest1
.*
TO
mysqluser1
@
localhost
;
GRANT
SELECT
ON
t1
TO
mysqluser1
@
localhost
;
GRANT
INSERT
ON
t2
TO
mysqluser1
@
localhost
;
--
connect
(
connection1
,
localhost
,
mysqluser1
,
,
mysqltest1
)
--
echo
This
would
lead
to
failed
assertion
.
CREATE
VIEW
v1
AS
SELECT
a
,
b
FROM
t1
,
t2
;
--
error
ER_TABLEACCESS_DENIED_ERROR
SELECT
*
FROM
v1
;
--
error
ER_TABLEACCESS_DENIED_ERROR
SELECT
b
FROM
v1
;
--
disconnect
connection1
--
connection
default
DROP
TABLE
t1
,
t2
;
DROP
VIEW
v1
;
DROP
DATABASE
mysqltest1
;
DROP
USER
mysqluser1
@
localhost
;
USE
test
;
--
echo
End
of
5.1
tests
.
#
...
...
sql/sql_view.cc
View file @
69ac1642
...
...
@@ -564,24 +564,36 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views,
fill_effective_table_privileges
(
thd
,
&
view
->
grant
,
view
->
db
,
view
->
table_name
);
/*
Make sure that the current user does not have more column-level privileges
on the newly created view than he/she does on the underlying
tables. E.g. it must not be so that the user has UPDATE privileges on a
view column of he/she doesn't have it on the underlying table's
corresponding column. In that case, return an error for CREATE VIEW.
*/
{
Item
*
report_item
=
NULL
;
/*
This will hold the intersection of the priviliges on all columns in the
view.
*/
uint
final_priv
=
VIEW_ANY_ACL
;
for
(
sl
=
select_lex
;
sl
;
sl
=
sl
->
next_select
())
{
DBUG_ASSERT
(
view
->
db
);
/* Must be set in the parser */
List_iterator_fast
<
Item
>
it
(
sl
->
item_list
);
Item
*
item
;
while
((
item
=
it
++
))
for
(
sl
=
select_lex
;
sl
;
sl
=
sl
->
next_select
())
{
DBUG_ASSERT
(
view
->
db
);
/* Must be set in the parser */
List_iterator_fast
<
Item
>
it
(
sl
->
item_list
);
Item
*
item
;
while
((
item
=
it
++
))
{
Item_field
*
fld
=
item
->
filed_for_view_update
();
uint
priv
=
(
get_column_grant
(
thd
,
&
view
->
grant
,
view
->
db
,
view
->
table_name
,
item
->
name
)
&
VIEW_ANY_ACL
);
uint
priv
=
(
get_column_grant
(
thd
,
&
view
->
grant
,
view
->
db
,
view
->
table_name
,
item
->
name
)
&
VIEW_ANY_ACL
);
if
(
fld
&&
!
fld
->
field
->
table
->
s
->
tmp_table
)
{
{
final_priv
&=
fld
->
have_privileges
;
if
(
~
fld
->
have_privileges
&
priv
)
...
...
@@ -589,17 +601,15 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views,
}
}
}
if
(
!
final_priv
)
{
DBUG_ASSERT
(
report_item
);
my_error
(
ER_COLUMNACCESS_DENIED_ERROR
,
MYF
(
0
),
"create view"
,
thd
->
security_ctx
->
priv_user
,
if
(
!
final_priv
&&
report_item
)
{
my_error
(
ER_COLUMNACCESS_DENIED_ERROR
,
MYF
(
0
),
"create view"
,
thd
->
security_ctx
->
priv_user
,
thd
->
security_ctx
->
priv_host
,
report_item
->
name
,
view
->
table_name
);
res
=
TRUE
;
goto
err
;
view
->
table_name
);
res
=
TRUE
;
goto
err
;
}
}
#endif
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment