committer: Martin Hansson <mhansson@stripped>
branch nick: 6.0bt-bug36086
timestamp: Mon 2008-05-26 20:52:43 +0200
Bug#36086: SELECT * from views don't check column grants
A "SELECT *" against an ALGORITHM=TEMPTABLE wrongfully treated
a view as an anonymous derived table, i.e. access checking
was skipped. Fixed by introducing a predicate to tell the difference
between named and anonymous derived tables.
Bug36086: Test result
Bug36086: Test case
Bug#36086: Updated comment. This function was previously
not called for views.
- changed comment to Doxygen standard and added content.
- The fix. A view is implemented as a named derived table
(or projected onto a temporary table) and it should not
automatically be assumed that the user has fulfilled the
SELECT privileges. However, for anonymous derived tables
no privileges are required.
- Commented the GRANT_INFO structure and members.
- Added predicate to be able to explicitly tell when a
TABLE_LIST represents an anonymous derived table in the
from clause. Currently, this is the only case that
mysql_derived_prepare must handle.
Attachment: [text/text/x-diff] patch-2656.diff
|• bzr commit into mysql-6.0-bugteam tree (mhansson:2656) Bug#36086||Martin Hansson||26 May|