database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-07 06:01:31 +03:00
Code Activity

MDEV-13439: Database permissions are not enough to run a subquery with GROUP BY within a view

Browse Source 
The bug is result adding ability to have derived tables inside views.
Fixed checks should be a switch between view/derived or select derived and information schema.
This commit is contained in:
Oleksandr Byelkin
2017-08-07 13:42:35 +02:00
parent bdab49d389
commit cb2a57c203
4 changed files with 52 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
mysql-test/r/view.result
View File

@ -6559,5 +6559,24 @@ Warnings:
Warning 1356 View 'test.v' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them Warning 1356 View 'test.v' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
DROP VIEW v; DROP VIEW v;
# #
# MDEV-13439: Database permissions are not enough to run a subquery
# with GROUP BY within a view
#
create database test_db;
use test_db;
create table t (i int);
create user foo@localhost;
grant all on test_db.* to foo@localhost;
connect con1,localhost,foo,,;
use test_db;
create view v as select * from (select i from t group by i) sq;
select * from v;
i
disconnect con1;
connection default;
use test;
drop database test_db;
drop user foo@localhost;
#
# End of 10.2 tests # End of 10.2 tests
# #

25
mysql-test/t/view.test
View File

@ -6268,6 +6268,31 @@ DROP TABLE IF EXISTS t;
SHOW CREATE VIEW v; SHOW CREATE VIEW v;
DROP VIEW v; DROP VIEW v;
--echo #
--echo # MDEV-13439: Database permissions are not enough to run a subquery
--echo # with GROUP BY within a view
--echo #
create database test_db;
use test_db;
create table t (i int);
create user foo@localhost;
grant all on test_db.* to foo@localhost;
--connect (con1,localhost,foo,,)
use test_db;
create view v as select * from (select i from t group by i) sq;
select * from v;
# Cleanup
--disconnect con1
--connection default
use test;
drop database test_db;
drop user foo@localhost;
--echo # --echo #
--echo # End of 10.2 tests --echo # End of 10.2 tests
--echo # --echo #

5
sql/sql_acl.cc
View File

@ -7594,8 +7594,11 @@ bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
/* /*
It is subquery in the FROM clause. VIEW set t_ref->derived after It is subquery in the FROM clause. VIEW set t_ref->derived after
table opening, but this function always called before table opening. table opening, but this function always called before table opening.
NOTE: is_derived() can't be used here because subquery in this case
the FROM clase (derived tables) can be not be marked yet.
*/ */
if (!t_ref->referencing_view) if (t_ref->is_anonymous_derived_table() || t_ref->schema_table)
{ {
/* /*
If it's a temporary table created for a subquery in the FROM If it's a temporary table created for a subquery in the FROM

7
sql/sql_derived.cc
View File

@ -822,13 +822,14 @@ exit:
table->derived_select_number= first_select->select_number; table->derived_select_number= first_select->select_number;
table->s->tmp_table= INTERNAL_TMP_TABLE; table->s->tmp_table= INTERNAL_TMP_TABLE;
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
if (derived->referencing_view) if (derived->is_view())
table->grant= derived->grant; table->grant= derived->grant;
else else
{ {
DBUG_ASSERT(derived->is_derived());
DBUG_ASSERT(derived->is_anonymous_derived_table());
table->grant.privilege= SELECT_ACL; table->grant.privilege= SELECT_ACL;
if (derived->is_derived()) derived->grant.privilege= SELECT_ACL;
derived->grant.privilege= SELECT_ACL;
} }
#endif #endif
/* Add new temporary table to list of open derived tables */ /* Add new temporary table to list of open derived tables */