| List: | Internals | « Previous MessageNext Message » | |
| From: | sanja | Date: | July 1 2005 11:21am |
| Subject: | bk commit into 5.0 tree (bell:1.1861) BUG#9505 | ||
| View as plain text | |||
Below is the list of changes that have just been committed into a local 5.0 repository of bell. When bell does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet 1.1861 05/07/01 12:21:33 bell@stripped +4 -0 do not check rights if name resolution context require it (inside view) (BUG#9505) sql/sql_view.cc 1.50 05/07/01 12:21:29 bell@stripped +13 -12 set name resolution context for both algorithms sql/item_func.cc 1.227 05/07/01 12:21:29 bell@stripped +13 -9 do not check rights if name resolution context require it (inside view) mysql-test/t/view_grant.test 1.3 05/07/01 12:21:29 bell@stripped +24 -0 checking grants on view with function mysql-test/r/view_grant.result 1.2 05/07/01 12:21:29 bell@stripped +20 -0 checking grants on view with function # This is a BitKeeper patch. What follows are the unified diffs for the # set of deltas contained in the patch. The rest of the patch, the part # that BitKeeper cares about, is below these diffs. # User: bell # Host: sanja.is.com.ua # Root: /home/bell/mysql/bk/work-bug7-5.0 --- 1.226/sql/item_func.cc Fri Jul 1 07:05:35 2005 +++ 1.227/sql/item_func.cc Fri Jul 1 12:21:29 2005 @@ -4827,14 +4827,17 @@ #endif #ifndef NO_EMBEDDED_ACCESS_CHECKS - if (check_routine_access(thd, EXECUTE_ACL, - m_sp->m_db.str, m_sp->m_name.str, 0, 0)) - goto error_check; - sp_change_security_context(thd, m_sp, &save_ctx); - if (save_ctx.changed && - check_routine_access(thd, EXECUTE_ACL, - m_sp->m_db.str, m_sp->m_name.str, 0, 0)) - goto error_check; + if (context->check_privileges) + { + if (check_routine_access(thd, EXECUTE_ACL, + m_sp->m_db.str, m_sp->m_name.str, 0, 0)) + goto error_check; + sp_change_security_context(thd, m_sp, &save_ctx); + if (save_ctx.changed && + check_routine_access(thd, EXECUTE_ACL, + m_sp->m_db.str, m_sp->m_name.str, 0, 0)) + goto error_check; + } #endif /* Like for SPs, we don't binlog the substatements. If the statement which @@ -4859,7 +4862,8 @@ error_check_ctx: #ifndef NO_EMBEDDED_ACCESS_CHECKS - sp_restore_security_context(thd, m_sp, &save_ctx); + if (context->check_privileges) + sp_restore_security_context(thd, m_sp, &save_ctx); #endif thd->client_capabilities|= old_client_capabilites & CLIENT_MULTI_RESULTS; --- 1.49/sql/sql_view.cc Fri Jul 1 07:05:36 2005 +++ 1.50/sql/sql_view.cc Fri Jul 1 12:21:29 2005 @@ -810,6 +810,18 @@ if (view_select->options & OPTION_TO_QUERY_CACHE) old_lex->select_lex.options|= OPTION_TO_QUERY_CACHE; + /* prepare view context */ + lex->select_lex.context.outer_context= 0; + lex->select_lex.context.select_lex= table->select_lex; + /* do not check privileges & hide errors for view underlyings */ + for (SELECT_LEX *sl= lex->all_selects_list; + sl; + sl= sl->next_select_in_list()) + { + sl->context.check_privileges= FALSE; + sl->context.error_processor= &view_error_processor; + sl->context.error_processor_data= (void *)table; + } /* check MERGE algorithm ability - algorithm is not explicit TEMPORARY TABLE @@ -831,20 +843,9 @@ table->effective_with_check= old_lex->get_effective_with_check(table); - /* prepare view context */ + /* merged view resolved only by tables */ lex->select_lex.context.resolve_in_table_list_only(table->ancestor= view_tables); - lex->select_lex.context.outer_context= 0; - lex->select_lex.context.select_lex= table->select_lex; - /* do not check privileges & hide errors for view underlyings */ - for (SELECT_LEX *sl= lex->all_selects_list; - sl; - sl= sl->next_select_in_list()) - { - sl->context.check_privileges= FALSE; - sl->context.error_processor= &view_error_processor; - sl->context.error_processor_data= (void *)table; - } /* Tables of the main select of the view should be marked as belonging to the same select as original view (again we can use LEX::select_lex --- 1.1/mysql-test/r/view_grant.result Mon Apr 4 22:43:55 2005 +++ 1.2/mysql-test/r/view_grant.result Fri Jul 1 12:21:29 2005 @@ -302,3 +302,23 @@ create view v1 as select * from t1; revoke all privileges on mysqltest.* from mysqltest_1@localhost; drop database mysqltest; +create database mysqltest; +use mysqltest; +create table t1 (s1 int); +grant select on t1 to mysqltest_1@localhost; +create function f1 () returns int begin declare v int; select s1 from t1 +into v; return v; end// +create view v1 as select f1(); +grant select on v1 to mysqltest_1@localhost; +use mysqltest; +select * from v1; +f1() +NULL +Warnings: +Warning 1329 No data to FETCH +use test; +drop function f1; +use test; +drop database mysqltest; +REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_1@localhost; +drop user mysqltest_1@localhost; --- 1.2/mysql-test/t/view_grant.test Tue Apr 5 03:08:08 2005 +++ 1.3/mysql-test/t/view_grant.test Fri Jul 1 12:21:29 2005 @@ -401,3 +401,27 @@ revoke all privileges on mysqltest.* from mysqltest_1@localhost; drop database mysqltest; +# +# checking grants on view with function (BUG#9505) +# +connection root; +create database mysqltest; +use mysqltest; +create table t1 (s1 int); +grant select on t1 to mysqltest_1@localhost; +delimiter //; +create function f1 () returns int begin declare v int; select s1 from t1 +into v; return v; end// +delimiter ;// +create view v1 as select f1(); +grant select on v1 to mysqltest_1@localhost; +connection user1; +use mysqltest; +select * from v1; +use test; +connection root; +drop function f1; +use test; +drop database mysqltest; +REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_1@localhost; +drop user mysqltest_1@localhost;
| Thread | ||
|---|---|---|
| • bk commit into 5.0 tree (bell:1.1861) BUG#9505 | sanja | 1 Jul |
© 1995-2008 MySQL AB, 2008-2009 Sun Microsystems, Inc.
Page generated in 0.067 sec. using MySQL 5.1.14-beta-log