Commit a5b89398 authored by Vicențiu Ciorbaru's avatar Vicențiu Ciorbaru Committed by Sergei Golubchik

Added initial_role_grants variable to ACL_USER

parent df16e759
...@@ -231,6 +231,15 @@ class ACL_USER :public ACL_ACCESS ...@@ -231,6 +231,15 @@ class ACL_USER :public ACL_ACCESS
instance of the class represents a role. instance of the class represents a role.
*/ */
DYNAMIC_ARRAY role_grants; DYNAMIC_ARRAY role_grants;
/*
In case of granting a role to a role, the access bits are merged together
via a bit OR operation and placed in the ACL_USER::access field.
When rebuilding role_grants via the rebuild_role_grant function,
the ACL_USER::access field needs to be reset aswell. The field
initial_role_access holds the initial grants present in the table row.
*/
ulong initial_role_access;
ACL_USER *copy(MEM_ROOT *root) ACL_USER *copy(MEM_ROOT *root)
{ {
...@@ -1130,6 +1139,8 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) ...@@ -1130,6 +1139,8 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
DBUG_PRINT("info", ("Found role %s", user.user.str)); DBUG_PRINT("info", ("Found role %s", user.user.str));
ACL_USER *entry= user.copy(&mem); ACL_USER *entry= user.copy(&mem);
entry->role_grants = user.role_grants; entry->role_grants = user.role_grants;
/* set initial role access the same as the table row privileges */
entry->initial_role_access = entry->access;
my_hash_insert(&acl_roles, (uchar *)entry); my_hash_insert(&acl_roles, (uchar *)entry);
HASH_SEARCH_STATE t; HASH_SEARCH_STATE t;
entry= (ACL_USER *) my_hash_first(&acl_roles, entry= (ACL_USER *) my_hash_first(&acl_roles,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment