now we allow to careate VIEW without any privileges on view columns (except create view privilege) (BUG#5152)

mysql-test/r/view.result

@@ -922,13 +922,16 @@ create table mysqltest.v3 (b int);
 grant create view on mysqltest.v3 to mysqltest_1@localhost;
 drop table mysqltest.v3;
 create view mysqltest.v3 as select b from mysqltest.t2;
+grant create view, update on mysqltest.v3 to mysqltest_1@localhost;
+drop view mysqltest.v3;
+create view mysqltest.v3 as select b from mysqltest.t2;
+grant create view, update, insert on mysqltest.v3 to mysqltest_1@localhost;
+drop view mysqltest.v3;
+create view mysqltest.v3 as select b from mysqltest.t2;
 ERROR 42000: create view command denied to user 'mysqltest_1'@'localhost' for column 'b' in table 'v3'
 create table mysqltest.v3 (b int);
-grant create view, update on mysqltest.v3 to mysqltest_1@localhost;
-drop table mysqltest.v3;
-create view mysqltest.v3 as select b from mysqltest.t2;
 grant select(b) on mysqltest.v3 to mysqltest_1@localhost;
-drop view mysqltest.v3;
+drop table mysqltest.v3;
 create view mysqltest.v3 as select b from mysqltest.t2;
 ERROR 42000: create view command denied to user 'mysqltest_1'@'localhost' for table 'v3'
 create view v4 as select b+1 from mysqltest.t2;

mysql-test/t/view.test

@@ -804,29 +804,37 @@ create view mysqltest.v1 as select * from mysqltest.t1;
 -- error 1143
 create view v3 as select a from mysqltest.t2;
 
-# give CRETEA VIEW privileges but without any privileges for result colemn
+# give CRETEA VIEW privileges (without any privileges for result colemn)
 connection root;
 create table mysqltest.v3 (b int);
 grant create view on mysqltest.v3 to mysqltest_1@localhost;
 drop table mysqltest.v3;
 connection user1;
--- error 1143
 create view mysqltest.v3 as select b from mysqltest.t2;
 
-# give UPDATE privileges -> create works
+# give UPDATE privileges
 connection root;
-create table mysqltest.v3 (b int);
 grant create view, update on mysqltest.v3 to mysqltest_1@localhost;
-drop table mysqltest.v3;
+drop view mysqltest.v3;
 connection user1;
 create view mysqltest.v3 as select b from mysqltest.t2;
 
+# give UPDATE and INSERT privilege (to get more privileges then anderlying
+# table)
+connection root;
+grant create view, update, insert on mysqltest.v3 to mysqltest_1@localhost;
+drop view mysqltest.v3;
+connection user1;
+-- error 1143
+create view mysqltest.v3 as select b from mysqltest.t2;
+
 
 # If give other privileges for VIEW then underlaying table have =>
 # creation prohibited
 connection root;
+create table mysqltest.v3 (b int);
 grant select(b) on mysqltest.v3 to mysqltest_1@localhost;
-drop view mysqltest.v3;
+drop table mysqltest.v3;
 connection user1;
 -- error 1142
 create view mysqltest.v3 as select b from mysqltest.t2;

sql/sql_view.cc

@@ -245,10 +245,9 @@ int mysql_create_view(THD *thd,
       if ((fld= item->filed_for_view_update()))
       {
         /*
-          There are no any privileges on VIEW column or there are
+          Do we have more privilegeson view field then underlying table field
-          some other privileges then we have for underlaying table
         */
-        if (priv == 0 || (~fld->have_privileges & priv))
+        if ((~fld->have_privileges & priv))
         {
           /* VIEW column has more privileges */
           my_printf_error(ER_COLUMNACCESS_DENIED_ERROR,
@@ -262,22 +261,6 @@ int mysql_create_view(THD *thd,
           DBUG_RETURN(-1);
         }
       }
-      else
-      {
-        if (!(priv & SELECT_ACL))
-        {
-          /* user have not privilege to SELECT expression */
-          my_printf_error(ER_COLUMNACCESS_DENIED_ERROR,
-                          ER(ER_COLUMNACCESS_DENIED_ERROR),
-                          MYF(0),
-                          "select",
-                          thd->priv_user,
-                          thd->host_or_ip,
-                          item->name,
-                          view->real_name);
-          DBUG_RETURN(-1);
-        }
-      }
     }
   }
 #endif