Commit 1ac0b920 authored by Vicențiu Ciorbaru's avatar Vicențiu Ciorbaru Committed by Sergei Golubchik

Added GRANT ROLE TO ROLE | USER functionality.

The command only currenty affects in memory data structures. Writing to
the roles_mapping table needs to be implemented.
parent 95ef78e4
...@@ -6569,3 +6569,9 @@ ER_INVALID_ROLE ...@@ -6569,3 +6569,9 @@ ER_INVALID_ROLE
ER_INVALID_CURRENT_USER ER_INVALID_CURRENT_USER
eng "The current user is invalid." eng "The current user is invalid."
rum "Utilizatorul curent este invalid." rum "Utilizatorul curent este invalid."
ER_RESERVED_ROLE
eng "Role name '%s' is reserved."
rum "Numele de rol '%s' este rezervat."
ER_CANNOT_GRANT_ROLE
eng "Cannot grant role '%s' to: %s."
rum "Rolul '%s' nu poate fi acordat catre: %s."
This diff is collapsed.
...@@ -203,6 +203,8 @@ int check_change_password(THD *thd, const char *host, const char *user, ...@@ -203,6 +203,8 @@ int check_change_password(THD *thd, const char *host, const char *user,
char *password, uint password_len); char *password, uint password_len);
bool change_password(THD *thd, const char *host, const char *user, bool change_password(THD *thd, const char *host, const char *user,
char *password); char *password);
bool mysql_grant_role(THD *thd, List<LEX_USER> &user_list);
bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &user_list, bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &user_list,
ulong rights, bool revoke, bool is_proxy); ulong rights, bool revoke, bool is_proxy);
int mysql_table_grant(THD *thd, TABLE_LIST *table, List <LEX_USER> &user_list, int mysql_table_grant(THD *thd, TABLE_LIST *table, List <LEX_USER> &user_list,
......
...@@ -3866,9 +3866,9 @@ case SQLCOM_PREPARE: ...@@ -3866,9 +3866,9 @@ case SQLCOM_PREPARE:
else else
{ {
/* Conditionally writes to binlog */ /* Conditionally writes to binlog */
res = mysql_grant(thd, select_lex->db, lex->users_list, lex->grant, res= mysql_grant(thd, select_lex->db, lex->users_list, lex->grant,
lex->sql_command == SQLCOM_REVOKE, lex->sql_command == SQLCOM_REVOKE,
lex->type == TYPE_ENUM_PROXY); lex->type == TYPE_ENUM_PROXY);
} }
if (!res) if (!res)
{ {
...@@ -3890,8 +3890,15 @@ case SQLCOM_PREPARE: ...@@ -3890,8 +3890,15 @@ case SQLCOM_PREPARE:
case SQLCOM_REVOKE_ROLE: case SQLCOM_REVOKE_ROLE:
case SQLCOM_GRANT_ROLE: case SQLCOM_GRANT_ROLE:
{ {
/* TODO Implement grant */ /* TODO access check */
my_ok(thd);
if (thd->security_ctx->user) // If not replication
{
if (!(res= mysql_grant_role(thd, lex->users_list)))
my_ok(thd);
}
else
my_ok(thd);
break; break;
} }
#endif /*!NO_EMBEDDED_ACCESS_CHECKS*/ #endif /*!NO_EMBEDDED_ACCESS_CHECKS*/
......
...@@ -1570,7 +1570,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize); ...@@ -1570,7 +1570,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
%type <symbol> keyword keyword_sp %type <symbol> keyword keyword_sp
%type <lex_user> user grant_user grant_role %type <lex_user> user grant_user grant_role user_or_role
%type <charset> %type <charset>
opt_collate opt_collate
...@@ -1624,7 +1624,8 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize); ...@@ -1624,7 +1624,8 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
opt_option opt_place opt_option opt_place
opt_attribute opt_attribute_list attribute column_list column_list_id opt_attribute opt_attribute_list attribute column_list column_list_id
opt_column_list grant_privileges grant_ident grant_list grant_option opt_column_list grant_privileges grant_ident grant_list grant_option
object_privilege object_privilege_list user_list rename_list object_privilege object_privilege_list user_list user_and_role_list
rename_list
clear_privileges flush_options flush_option clear_privileges flush_options flush_option
opt_with_read_lock flush_options_list opt_with_read_lock flush_options_list
equal optional_braces equal optional_braces
...@@ -13208,6 +13209,16 @@ user: ...@@ -13208,6 +13209,16 @@ user:
} }
; ;
user_or_role:
user
{
$$=$1;
}
| CURRENT_ROLE optional_braces
{
$$= &current_role;
}
/* Keyword that we allow for identifiers (except SP labels) */ /* Keyword that we allow for identifiers (except SP labels) */
keyword: keyword:
keyword_sp {} keyword_sp {}
...@@ -14240,8 +14251,8 @@ revoke_command: ...@@ -14240,8 +14251,8 @@ revoke_command:
lex->users_list.push_front ($3); lex->users_list.push_front ($3);
lex->sql_command= SQLCOM_REVOKE; lex->sql_command= SQLCOM_REVOKE;
lex->type= TYPE_ENUM_PROXY; lex->type= TYPE_ENUM_PROXY;
} }
| grant_role FROM grant_list | grant_role FROM user_and_role_list
{ {
LEX *lex= Lex; LEX *lex= Lex;
lex->sql_command= SQLCOM_REVOKE_ROLE; lex->sql_command= SQLCOM_REVOKE_ROLE;
...@@ -14294,11 +14305,13 @@ grant_command: ...@@ -14294,11 +14305,13 @@ grant_command:
lex->sql_command= SQLCOM_GRANT; lex->sql_command= SQLCOM_GRANT;
lex->type= TYPE_ENUM_PROXY; lex->type= TYPE_ENUM_PROXY;
} }
| grant_role TO_SYM grant_list | grant_role TO_SYM user_and_role_list
{ {
LEX *lex= Lex; LEX *lex= Lex;
lex->sql_command= SQLCOM_GRANT_ROLE; lex->sql_command= SQLCOM_GRANT_ROLE;
lex->type= 0; /* The first role is the one that is granted */
if (Lex->users_list.push_front($1))
MYSQL_YYABORT;
} }
; ;
...@@ -14333,6 +14346,10 @@ grant_role: ...@@ -14333,6 +14346,10 @@ grant_role:
system_charset_info, 0)) system_charset_info, 0))
MYSQL_YYABORT; MYSQL_YYABORT;
} }
| CURRENT_ROLE optional_braces
{
$$=&current_role;
}
; ;
opt_table: opt_table:
...@@ -14522,6 +14539,19 @@ grant_list: ...@@ -14522,6 +14539,19 @@ grant_list:
} }
; ;
user_and_role_list:
user_or_role
{
if (Lex->users_list.push_back($1))
MYSQL_YYABORT;
}
| user_and_role_list ',' user_or_role
{
if (Lex->users_list.push_back($3))
MYSQL_YYABORT;
}
;
via_or_with: VIA_SYM | WITH ; via_or_with: VIA_SYM | WITH ;
using_or_as: USING | AS ; using_or_as: USING | AS ;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment