diff options
| author | unknown <anozdrin/alik@booka.opbmk> | 2007-03-22 00:34:15 +0300 |
|---|---|---|
| committer | unknown <anozdrin/alik@booka.opbmk> | 2007-03-22 00:34:15 +0300 |
| commit | b444f808828e42b64cdd4fa8bc9e901b1ae6e119 (patch) | |
| tree | 5b8dd076d5648161098ab2fe40c6296a1913e7af /sql | |
| parent | 3798a7d5008f8f569f779f096b7fc1e1cfac1031 (diff) | |
| download | mariadb-git-b444f808828e42b64cdd4fa8bc9e901b1ae6e119.tar.gz | |
Fix for BUG#24040: Create View don't succed with "all privileges"
on a database.
The problem was that we required not less privileges on the base tables
than we have on the view.
The fix is to be more flexible and allow to create such a view (necessary
privileges will be checked at the runtime).
mysql-test/r/view_grant.result:
Updated result file.
mysql-test/t/view_grant.test:
Added test case for BUG#24040 (Create View don't succed with
"all privileges" on a database).
sql/sql_view.cc:
Implement flexible privilege check for CREATE VIEW.
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/sql_view.cc | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/sql/sql_view.cc b/sql/sql_view.cc index 7143df8474a..cb3570105a7 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -492,35 +492,46 @@ bool mysql_create_view(THD *thd, TABLE_LIST *views, /* Compare/check grants on view with grants of underlying tables */ + + fill_effective_table_privileges(thd, &view->grant, view->db, + view->table_name); + + { + Item *report_item= NULL; + uint final_priv= VIEW_ANY_ACL; + for (sl= select_lex; sl; sl= sl->next_select()) { DBUG_ASSERT(view->db); /* Must be set in the parser */ List_iterator_fast<Item> it(sl->item_list); Item *item; - fill_effective_table_privileges(thd, &view->grant, view->db, - view->table_name); while ((item= it++)) { - Item_field *fld; + Item_field *fld= item->filed_for_view_update(); uint priv= (get_column_grant(thd, &view->grant, view->db, view->table_name, item->name) & VIEW_ANY_ACL); - if ((fld= item->filed_for_view_update())) + + if (fld && !fld->field->table->s->tmp_table) { - /* - Do we have more privileges on view field then underlying table field? - */ - if (!fld->field->table->s->tmp_table && (~fld->have_privileges & priv)) + final_priv&= fld->have_privileges; + + if (~fld->have_privileges & priv) + report_item= item; + } + } + } + + if (!final_priv) { - /* VIEW column has more privileges */ + DBUG_ASSERT(report_item); + my_error(ER_COLUMNACCESS_DENIED_ERROR, MYF(0), "create view", thd->security_ctx->priv_user, - thd->security_ctx->priv_host, item->name, + thd->security_ctx->priv_host, report_item->name, view->table_name); res= TRUE; goto err; - } - } } } #endif |