Bug#20989: View '(null).(null)' references invalid table(s)... on SQL SECURITY INVOKER

REPLACE ... SELECT would require INSERT privileges on certain tables
when SELECT really suffices. Require INSERT only on target table.


mysql-test/r/insert_select.result:
  Bug#20989: View '(null).(null)' references invalid table(s)... on SQL SECURITY INVOKER
  
  Show that REPLACE ... SELECT requires INSERT privileges only on target table.
  (revised test with more view-fu)
mysql-test/t/insert_select.test:
  Bug#20989: View '(null).(null)' references invalid table(s)... on SQL SECURITY INVOKER
  
  Show that REPLACE ... SELECT requires INSERT privileges only on target table.
  (revised test with more view-fu)
sql/sql_insert.cc:
  Bug#20989: View '(null).(null)' references invalid table(s)... on SQL SECURITY INVOKER
  
  require SELECT rather than INSERT privs on tables that constitute the views we'll read

1 files changed, 8 insertions, 1 deletions

diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc
index ba0d2d00f2c..438375d2dff 100644
--- a/sql/sql_insert.cc
+++ b/sql/sql_insert.cc
@@ -742,11 +742,18 @@ static bool mysql_prepare_insert_check_table(THD *thd, TABLE_LIST *table_list,
   bool insert_into_view= (table_list->view != 0);
   DBUG_ENTER("mysql_prepare_insert_check_table");
 
+  /*
+     first table in list is the one we'll INSERT into, requires INSERT_ACL.
+     all others require SELECT_ACL only. the ACL requirement below is for
+     new leaves only anyway (view-constituents), so check for SELECT rather
+     than INSERT.
+  */
+
   if (setup_tables_and_check_access(thd, &thd->lex->select_lex.context,
                                     &thd->lex->select_lex.top_join_list,
                                     table_list, where, 
                                     &thd->lex->select_lex.leaf_tables,
-                                    select_insert, INSERT_ACL))
+                                    select_insert, SELECT_ACL))
     DBUG_RETURN(TRUE);
 
   if (insert_into_view && !fields.elements)