diff --git a/mysql-test/r/view.result b/mysql-test/r/view.result index 62f0e849cbf..00ad31d546f 100644 --- a/mysql-test/r/view.result +++ b/mysql-test/r/view.result @@ -922,13 +922,16 @@ create table mysqltest.v3 (b int); grant create view on mysqltest.v3 to mysqltest_1@localhost; drop table mysqltest.v3; create view mysqltest.v3 as select b from mysqltest.t2; +grant create view, update on mysqltest.v3 to mysqltest_1@localhost; +drop view mysqltest.v3; +create view mysqltest.v3 as select b from mysqltest.t2; +grant create view, update, insert on mysqltest.v3 to mysqltest_1@localhost; +drop view mysqltest.v3; +create view mysqltest.v3 as select b from mysqltest.t2; ERROR 42000: create view command denied to user 'mysqltest_1'@'localhost' for column 'b' in table 'v3' create table mysqltest.v3 (b int); -grant create view, update on mysqltest.v3 to mysqltest_1@localhost; -drop table mysqltest.v3; -create view mysqltest.v3 as select b from mysqltest.t2; grant select(b) on mysqltest.v3 to mysqltest_1@localhost; -drop view mysqltest.v3; +drop table mysqltest.v3; create view mysqltest.v3 as select b from mysqltest.t2; ERROR 42000: create view command denied to user 'mysqltest_1'@'localhost' for table 'v3' create view v4 as select b+1 from mysqltest.t2; diff --git a/mysql-test/t/view.test b/mysql-test/t/view.test index ac582c71c51..4c348e0b9d8 100644 --- a/mysql-test/t/view.test +++ b/mysql-test/t/view.test @@ -804,29 +804,37 @@ create view mysqltest.v1 as select * from mysqltest.t1; -- error 1143 create view v3 as select a from mysqltest.t2; -# give CRETEA VIEW privileges but without any privileges for result colemn +# give CRETEA VIEW privileges (without any privileges for result colemn) connection root; create table mysqltest.v3 (b int); grant create view on mysqltest.v3 to mysqltest_1@localhost; drop table mysqltest.v3; connection user1; --- error 1143 create view mysqltest.v3 as select b from mysqltest.t2; -# give UPDATE privileges -> create works +# give UPDATE privileges connection root; -create table mysqltest.v3 (b int); grant create view, update on mysqltest.v3 to mysqltest_1@localhost; -drop table mysqltest.v3; +drop view mysqltest.v3; connection user1; create view mysqltest.v3 as select b from mysqltest.t2; +# give UPDATE and INSERT privilege (to get more privileges then anderlying +# table) +connection root; +grant create view, update, insert on mysqltest.v3 to mysqltest_1@localhost; +drop view mysqltest.v3; +connection user1; +-- error 1143 +create view mysqltest.v3 as select b from mysqltest.t2; + # If give other privileges for VIEW then underlaying table have => # creation prohibited connection root; +create table mysqltest.v3 (b int); grant select(b) on mysqltest.v3 to mysqltest_1@localhost; -drop view mysqltest.v3; +drop table mysqltest.v3; connection user1; -- error 1142 create view mysqltest.v3 as select b from mysqltest.t2; diff --git a/sql/sql_view.cc b/sql/sql_view.cc index 8238d3d4849..178c01687b0 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -245,10 +245,9 @@ int mysql_create_view(THD *thd, if ((fld= item->filed_for_view_update())) { /* - There are no any privileges on VIEW column or there are - some other privileges then we have for underlaying table + Do we have more privilegeson view field then underlying table field */ - if (priv == 0 || (~fld->have_privileges & priv)) + if ((~fld->have_privileges & priv)) { /* VIEW column has more privileges */ my_printf_error(ER_COLUMNACCESS_DENIED_ERROR, @@ -262,22 +261,6 @@ int mysql_create_view(THD *thd, DBUG_RETURN(-1); } } - else - { - if (!(priv & SELECT_ACL)) - { - /* user have not privilege to SELECT expression */ - my_printf_error(ER_COLUMNACCESS_DENIED_ERROR, - ER(ER_COLUMNACCESS_DENIED_ERROR), - MYF(0), - "select", - thd->priv_user, - thd->host_or_ip, - item->name, - view->real_name); - DBUG_RETURN(-1); - } - } } } #endif