From e86f08d054e4de694071e0eef92ca4ca2b27cf2b Mon Sep 17 00:00:00 2001 From: Martin Hansson Date: Mon, 28 Sep 2009 13:25:47 +0200 Subject: Bug#35996: SELECT + SHOW VIEW should be enough to display view definition During SHOW CREATE VIEW there is no reason to 'anonymize' errors that name objects that a user does not have access to. Moreover it was inconsistently implemented. For example base tables being referenced from a view appear to be ok, but not views. The manual on the other hand is clear: If a user has the privileges SELECT and SHOW VIEW, the view definition is available to that user, period. The fix changes the behavior to support the manual. mysql-test/r/information_schema_db.result: Bug#35996: Changed warnings. mysql-test/r/view_grant.result: Bug#35996: Changed warnings, test result. mysql-test/t/information_schema_db.test: Bug#35996: Changed test case to reflect new behavior. mysql-test/t/view_grant.test: Bug#35996: Test case. sql/sql_acl.cc: Bug#35996: Code no longer necessary, we may as well exempt SHOW CREATE VIEW from this check. sql/sql_show.cc: Bug#35996: The fix: An Internal_error_handler that hides most errors raised by access checking as they are not relevant to SHOW CREATE VIEW. sql/table.cc: Bug#35996: Restricting this hack to act only when there is no Internal_error_handler. --- sql/sql_acl.cc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'sql/sql_acl.cc') diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index ab18a2d1d04..d7d662f912d 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -4072,8 +4072,7 @@ bool check_column_grant_in_table_ref(THD *thd, TABLE_LIST * table_ref, db_name= table_ref->view_db.str; table_name= table_ref->view_name.str; if (table_ref->belong_to_view && - (thd->lex->sql_command == SQLCOM_SHOW_FIELDS || - thd->lex->sql_command == SQLCOM_SHOW_CREATE)) + thd->lex->sql_command == SQLCOM_SHOW_FIELDS) { view_privs= get_column_grant(thd, grant, db_name, table_name, name); if (view_privs & VIEW_ANY_ACL) -- cgit v1.2.1