now we allow to careate VIEW without any privileges on view columns (except create view privilege) (BUG#5152)

mysql-test/r/view.result: now we allow to careate VIEW without any privileges on view columns (except create view privilege) test of blocking try of getting more privileges on colemn with vierw using mysql-test/t/view.test: now we allow to careate VIEW without any privileges on view columns (except create view privilege) test of blocking try of getting more privileges on colemn with vierw using sql/sql_view.cc: now we allow to careate VIEW without any privileges on view columns (except create view privilege)
2025-07-30 16:24:05 +03:00 · 2004-09-17 00:16:57 +03:00
parent 29ec367edd
commit f284ce04c4
3 changed files with 23 additions and 29 deletions
--- a/mysql-test/r/view.result
+++ b/mysql-test/r/view.result
@ -922,13 +922,16 @@ create table mysqltest.v3 (b int);
 grant create view on mysqltest.v3 to mysqltest_1@localhost;
 drop table mysqltest.v3;
 create view mysqltest.v3 as select b from mysqltest.t2;
+grant create view, update on mysqltest.v3 to mysqltest_1@localhost;
+drop view mysqltest.v3;
+create view mysqltest.v3 as select b from mysqltest.t2;
+grant create view, update, insert on mysqltest.v3 to mysqltest_1@localhost;
+drop view mysqltest.v3;
+create view mysqltest.v3 as select b from mysqltest.t2;
 ERROR 42000: create view command denied to user 'mysqltest_1'@'localhost' for column 'b' in table 'v3'
 create table mysqltest.v3 (b int);
-grant create view, update on mysqltest.v3 to mysqltest_1@localhost;
-drop table mysqltest.v3;
-create view mysqltest.v3 as select b from mysqltest.t2;
 grant select(b) on mysqltest.v3 to mysqltest_1@localhost;
-drop view mysqltest.v3;
+drop table mysqltest.v3;
 create view mysqltest.v3 as select b from mysqltest.t2;
 ERROR 42000: create view command denied to user 'mysqltest_1'@'localhost' for table 'v3'
 create view v4 as select b+1 from mysqltest.t2;
--- a/mysql-test/t/view.test
+++ b/mysql-test/t/view.test
@ -804,29 +804,37 @@ create view mysqltest.v1 as select * from mysqltest.t1;
 -- error 1143
 create view v3 as select a from mysqltest.t2;

-# give CRETEA VIEW privileges but without any privileges for result colemn
+# give CRETEA VIEW privileges (without any privileges for result colemn)
 connection root;
 create table mysqltest.v3 (b int);
 grant create view on mysqltest.v3 to mysqltest_1@localhost;
 drop table mysqltest.v3;
 connection user1;
-- error 1143
 create view mysqltest.v3 as select b from mysqltest.t2;

-# give UPDATE privileges -> create works
+# give UPDATE privileges
 connection root;
-create table mysqltest.v3 (b int);
 grant create view, update on mysqltest.v3 to mysqltest_1@localhost;
-drop table mysqltest.v3;
+drop view mysqltest.v3;
 connection user1;
 create view mysqltest.v3 as select b from mysqltest.t2;

+# give UPDATE and INSERT privilege (to get more privileges then anderlying
+# table)
+connection root;
+grant create view, update, insert on mysqltest.v3 to mysqltest_1@localhost;
+drop view mysqltest.v3;
+connection user1;
+-- error 1143
+create view mysqltest.v3 as select b from mysqltest.t2;
+

 # If give other privileges for VIEW then underlaying table have =>
 # creation prohibited
 connection root;
+create table mysqltest.v3 (b int);
 grant select(b) on mysqltest.v3 to mysqltest_1@localhost;
-drop view mysqltest.v3;
+drop table mysqltest.v3;
 connection user1;
 -- error 1142
 create view mysqltest.v3 as select b from mysqltest.t2;
--- a/sql/sql_view.cc
+++ b/sql/sql_view.cc
@ -245,10 +245,9 @@ int mysql_create_view(THD *thd,
      if ((fld= item->filed_for_view_update()))
      {
        /*
-          There are no any privileges on VIEW column or there are
-          some other privileges then we have for underlaying table
+          Do we have more privilegeson view field then underlying table field
        */
-        if (priv == 0 || (~fld->have_privileges & priv))
+        if ((~fld->have_privileges & priv))
        {
          /* VIEW column has more privileges */
          my_printf_error(ER_COLUMNACCESS_DENIED_ERROR,
@ -262,22 +261,6 @@ int mysql_create_view(THD *thd,
          DBUG_RETURN(-1);
        }
      }
-      else
-      {
-        if (!(priv & SELECT_ACL))
-        {
-          /* user have not privilege to SELECT expression */
-          my_printf_error(ER_COLUMNACCESS_DENIED_ERROR,
-                          ER(ER_COLUMNACCESS_DENIED_ERROR),
-                          MYF(0),
-                          "select",
-                          thd->priv_user,
-                          thd->host_or_ip,
-                          item->name,
-                          view->real_name);
-          DBUG_RETURN(-1);
-        }
-      }
    }
  }
 #endif