Bug #20482: failure on Create join view with sources views/tables in different

schemas The function check_one_table_access() called to check access to tables in SELECT/INSERT/UPDATE was doing additional checks/modifications that don't hold in the context of setup_tables_and_check_access(). That's why the check_one_table() was split into two : the functionality needed by setup_tables_and_check_access() into check_single_table_access() and the rest of the functionality stays in check_one_table_access() that is made to call the new check_single_table_access() function.
2025-07-29 05:21:33 +03:00 · 2006-06-21 12:12:46 +03:00
parent ee2e2d0c6d
commit 75ca055493
5 changed files with 67 additions and 10 deletions
--- a/mysql-test/r/view_grant.result
+++ b/mysql-test/r/view_grant.result
@ -618,3 +618,15 @@ ERROR HY000: There is no 'no-such-user'@'localhost' registered
 DROP VIEW v;
 DROP TABLE t1;
 USE test;
+CREATE DATABASE test1;
+CREATE DATABASE test2;
+CREATE TABLE test1.t0 (a VARCHAR(20));
+CREATE TABLE test2.t1 (a VARCHAR(20));
+CREATE VIEW  test2.t3 AS SELECT * FROM test1.t0;
+CREATE OR REPLACE VIEW test.v1 AS 
+SELECT ta.a AS col1, tb.a AS col2 FROM test2.t3 ta, test2.t1 tb;
+DROP VIEW test.v1;
+DROP VIEW test2.t3;
+DROP TABLE test2.t1, test1.t0;
+DROP DATABASE test2;
+DROP DATABASE test1;
--- a/mysql-test/t/view_grant.test
+++ b/mysql-test/t/view_grant.test
@ -807,3 +807,24 @@ SELECT * FROM v;
 DROP VIEW v;
 DROP TABLE t1;
 USE test;
+
+#
+# BUG#20482: failure on Create join view with sources views/tables 
+#             in different schemas
+#
+--disable_warnings
+CREATE DATABASE test1;
+CREATE DATABASE test2;
+--enable_warnings
+
+CREATE TABLE test1.t0 (a VARCHAR(20));
+CREATE TABLE test2.t1 (a VARCHAR(20));
+CREATE VIEW  test2.t3 AS SELECT * FROM test1.t0;
+CREATE OR REPLACE VIEW test.v1 AS 
+  SELECT ta.a AS col1, tb.a AS col2 FROM test2.t3 ta, test2.t1 tb;
+
+DROP VIEW test.v1;
+DROP VIEW test2.t3;
+DROP TABLE test2.t1, test1.t0;
+DROP DATABASE test2;
+DROP DATABASE test1;
--- a/sql/mysql_priv.h
+++ b/sql/mysql_priv.h
@ -513,6 +513,8 @@ class THD;
 void close_thread_tables(THD *thd, bool locked=0, bool skip_derived=0);
 bool check_one_table_access(THD *thd, ulong privilege,
 			   TABLE_LIST *tables);
+bool check_single_table_access(THD *thd, ulong privilege,
+			   TABLE_LIST *tables);
 bool check_routine_access(THD *thd,ulong want_access,char *db,char *name,
 			  bool is_proc, bool no_errors);
 bool check_some_access(THD *thd, ulong want_access, TABLE_LIST *table);
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@ -4545,7 +4545,7 @@ bool setup_tables_and_check_access(THD *thd,

  for (; leaves_tmp; leaves_tmp= leaves_tmp->next_leaf)
    if (leaves_tmp->belong_to_view && 
-        check_one_table_access(thd, want_access,  leaves_tmp))
+        check_single_table_access(thd, want_access,  leaves_tmp))
    {
      tables->hide_view_error(thd);
      return TRUE;
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@ -4978,11 +4978,10 @@ error:


 /*
-  Check grants for commands which work only with one table and all other
-  tables belonging to subselects or implicitly opened tables.
+  Check grants for commands which work only with one table.

  SYNOPSIS
-    check_one_table_access()
+    check_single_table_access()
    thd			Thread handler
    privilege		requested privilege
    all_tables		global table list of query
@ -4992,7 +4991,8 @@ error:
    1 - access denied, error is sent to client
 */

-bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
+bool check_single_table_access(THD *thd, ulong privilege, 
+                               TABLE_LIST *all_tables)
 {
  Security_context * backup_ctx= thd->security_ctx;

@ -5010,19 +5010,41 @@ bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
    goto deny;

  thd->security_ctx= backup_ctx;
+  return 0;
+
+deny:
+  thd->security_ctx= backup_ctx;
+  return 1;
+}
+
+/*
+  Check grants for commands which work only with one table and all other
+  tables belonging to subselects or implicitly opened tables.
+
+  SYNOPSIS
+    check_one_table_access()
+    thd			Thread handler
+    privilege		requested privilege
+    all_tables		global table list of query
+
+  RETURN
+    0 - OK
+    1 - access denied, error is sent to client
+*/
+
+bool check_one_table_access(THD *thd, ulong privilege, TABLE_LIST *all_tables)
+{
+  if (check_single_table_access (thd,privilege,all_tables))
+    return 1;

  /* Check rights on tables of subselects and implictly opened tables */
  TABLE_LIST *subselects_tables;
  if ((subselects_tables= all_tables->next_global))
  {
    if ((check_table_access(thd, SELECT_ACL, subselects_tables, 0)))
-      goto deny;
+      return 1;
  }
  return 0;
-
-deny:
-  thd->security_ctx= backup_ctx;
-  return 1;
 }