diff options
| author | Ignacio Galarza <iggy@mysql.com> | 2009-03-17 16:29:24 -0400 |
|---|---|---|
| committer | Ignacio Galarza <iggy@mysql.com> | 2009-03-17 16:29:24 -0400 |
| commit | 0d588edf61c93ab67fb7e26101a0fc00d021bb11 (patch) | |
| tree | 3c313f70fd16653491985d8e8108fb5b99f0d5d0 /sql/sql_view.cc | |
| parent | 5b7347bda31b9d66cd78937e5dc339f553b9a736 (diff) | |
| parent | 7ca1ebd83a1a7d291593be7a94f5a37298dfc863 (diff) | |
| download | mariadb-git-0d588edf61c93ab67fb7e26101a0fc00d021bb11.tar.gz | |
auto-merge
Diffstat (limited to 'sql/sql_view.cc')
| -rw-r--r-- | sql/sql_view.cc | 52 |
1 files changed, 31 insertions, 21 deletions
diff --git a/sql/sql_view.cc b/sql/sql_view.cc index fa71dd860f8..96448f7e5c2 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -564,24 +564,36 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, fill_effective_table_privileges(thd, &view->grant, view->db, view->table_name); + /* + Make sure that the current user does not have more column-level privileges + on the newly created view than he/she does on the underlying + tables. E.g. it must not be so that the user has UPDATE privileges on a + view column of he/she doesn't have it on the underlying table's + corresponding column. In that case, return an error for CREATE VIEW. + */ { Item *report_item= NULL; + /* + This will hold the intersection of the priviliges on all columns in the + view. + */ uint final_priv= VIEW_ANY_ACL; - - for (sl= select_lex; sl; sl= sl->next_select()) - { - DBUG_ASSERT(view->db); /* Must be set in the parser */ - List_iterator_fast<Item> it(sl->item_list); - Item *item; - while ((item= it++)) + + for (sl= select_lex; sl; sl= sl->next_select()) { + DBUG_ASSERT(view->db); /* Must be set in the parser */ + List_iterator_fast<Item> it(sl->item_list); + Item *item; + while ((item= it++)) + { Item_field *fld= item->filed_for_view_update(); - uint priv= (get_column_grant(thd, &view->grant, view->db, - view->table_name, item->name) & - VIEW_ANY_ACL); + uint priv= (get_column_grant(thd, &view->grant, view->db, + view->table_name, item->name) & + VIEW_ANY_ACL); if (fld && !fld->field->table->s->tmp_table) - { + { + final_priv&= fld->have_privileges; if (~fld->have_privileges & priv) @@ -589,17 +601,15 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, } } } - - if (!final_priv) - { - DBUG_ASSERT(report_item); - - my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0), - "create view", thd->security_ctx->priv_user, + + if (!final_priv && report_item) + { + my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0), + "create view", thd->security_ctx->priv_user, thd->security_ctx->priv_host, report_item->name, - view->table_name); - res= TRUE; - goto err; + view->table_name); + res= TRUE; + goto err; } } #endif |