diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result index 5dbbfbd9ab8..f6864ce7b94 100644 --- a/mysql-test/r/grant.result +++ b/mysql-test/r/grant.result @@ -972,4 +972,24 @@ REVOKE EXECUTE ON PROCEDURE p1 FROM 1234567890abcdefGHIKL@localhost; ERROR HY000: String '1234567890abcdefGHIKL' is too long for user name (should be no longer than 16) REVOKE EXECUTE ON PROCEDURE t1 FROM some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY; ERROR HY000: String '1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY' is too long for host name (should be no longer than 60) +CREATE USER bug23556@localhost; +CREATE DATABASE bug23556; +GRANT SELECT ON bug23556.* TO bug23556@localhost; +USE bug23556; +CREATE TABLE t1 (a INT PRIMARY KEY); +INSERT INTO t1 VALUES (1),(2),(3),(4),(5); +GRANT DELETE ON t1 TO bug23556@localhost; +USE bug23556; +TRUNCATE t1; +ERROR 42000: DROP command denied to user 'bug23556'@'localhost' for table 't1' +USE bug23556; +REVOKE DELETE ON t1 FROM bug23556@localhost; +GRANT DROP ON t1 TO bug23556@localhost; +USE bug23556; +TRUNCATE t1; +USE bug23556; +DROP TABLE t1; +USE test; +DROP DATABASE bug23556; +DROP USER bug23556@localhost; End of 5.0 tests diff --git a/mysql-test/r/trigger-grant.result b/mysql-test/r/trigger-grant.result index eb211be0270..49c36513fbc 100644 --- a/mysql-test/r/trigger-grant.result +++ b/mysql-test/r/trigger-grant.result @@ -14,8 +14,8 @@ CREATE TABLE t1(num_value INT); CREATE TABLE t2(user_str TEXT); ---> connection: default -GRANT INSERT, DELETE ON mysqltest_db1.t1 TO mysqltest_dfn@localhost; -GRANT INSERT, DELETE ON mysqltest_db1.t2 TO mysqltest_dfn@localhost; +GRANT INSERT, DROP ON mysqltest_db1.t1 TO mysqltest_dfn@localhost; +GRANT INSERT, DROP ON mysqltest_db1.t2 TO mysqltest_dfn@localhost; ---> connection: default GRANT SUPER ON *.* TO mysqltest_dfn@localhost; diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test index d3781d58780..91d8b248bcc 100644 --- a/mysql-test/t/grant.test +++ b/mysql-test/t/grant.test @@ -863,4 +863,39 @@ REVOKE EXECUTE ON PROCEDURE p1 FROM 1234567890abcdefGHIKL@localhost; --error ER_WRONG_STRING_LENGTH REVOKE EXECUTE ON PROCEDURE t1 FROM some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY; + + +# +# BUG#23556: TRUNCATE TABLE still maps to DELETE +# +CREATE USER bug23556@localhost; +CREATE DATABASE bug23556; +GRANT SELECT ON bug23556.* TO bug23556@localhost; +connect (bug23556,localhost,bug23556,,bug23556); + +connection default; +USE bug23556; +CREATE TABLE t1 (a INT PRIMARY KEY); INSERT INTO t1 VALUES (1),(2),(3),(4),(5); +GRANT DELETE ON t1 TO bug23556@localhost; + +connection bug23556; +USE bug23556; +--error ER_TABLEACCESS_DENIED_ERROR +TRUNCATE t1; + +connection default; +USE bug23556; +REVOKE DELETE ON t1 FROM bug23556@localhost; +GRANT DROP ON t1 TO bug23556@localhost; + +connection bug23556; +USE bug23556; +TRUNCATE t1; + +connection default; +USE bug23556; +DROP TABLE t1; +USE test; +DROP DATABASE bug23556; +DROP USER bug23556@localhost; --echo End of 5.0 tests diff --git a/mysql-test/t/trigger-grant.test b/mysql-test/t/trigger-grant.test index 6dd0c83dc92..2a0cf829bae 100644 --- a/mysql-test/t/trigger-grant.test +++ b/mysql-test/t/trigger-grant.test @@ -60,8 +60,8 @@ CREATE TABLE t2(user_str TEXT); --echo --echo ---> connection: default -GRANT INSERT, DELETE ON mysqltest_db1.t1 TO mysqltest_dfn@localhost; -GRANT INSERT, DELETE ON mysqltest_db1.t2 TO mysqltest_dfn@localhost; +GRANT INSERT, DROP ON mysqltest_db1.t1 TO mysqltest_dfn@localhost; +GRANT INSERT, DROP ON mysqltest_db1.t2 TO mysqltest_dfn@localhost; # # Check that the user must have TRIGGER privilege to create a trigger. diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 9f295b2c247..a49afe5e188 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3508,7 +3508,7 @@ end_with_restore_list: break; } DBUG_ASSERT(first_table == all_tables && first_table != 0); - if (check_one_table_access(thd, DELETE_ACL, all_tables)) + if (check_one_table_access(thd, DROP_ACL, all_tables)) goto error; /* Don't allow this within a transaction because we want to use