Commit 74e7df0d authored by bell@sanja.is.com.ua's avatar bell@sanja.is.com.ua

SHOW CREATE VIEW (TABLE) privilege now reqiere show create privilege

(BUG#4777)
parent 26589ba8
......@@ -287,41 +287,39 @@ d bigint(20) YES NULL
explain select c from mysqltest.v1;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
show create table mysqltest.v1;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
ERROR 42000: show create view command denied to user 'mysqltest_1'@'localhost' for table 'v1'
explain select c from mysqltest.v2;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
show create table mysqltest.v2;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
ERROR 42000: show create view command denied to user 'mysqltest_1'@'localhost' for table 'v2'
explain select c from mysqltest.v3;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
show create table mysqltest.v3;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
ERROR 42000: show create view command denied to user 'mysqltest_1'@'localhost' for table 'v3'
explain select c from mysqltest.v4;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
show create table mysqltest.v4;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
ERROR 42000: show create view command denied to user 'mysqltest_1'@'localhost' for table 'v4'
grant select on mysqltest.t1 to mysqltest_1@localhost;
explain select c from mysqltest.v1;
id select_type table type possible_keys key key_len ref rows Extra
1 PRIMARY t1 system NULL NULL NULL NULL 0 const row not found
show create table mysqltest.v1;
Table Create Table
v1 CREATE VIEW `mysqltest`.`v1` AS select (`mysqltest`.`t1`.`a` + 1) AS `c`,(`mysqltest`.`t1`.`b` + 1) AS `d` from `mysqltest`.`t1`
ERROR 42000: show create view command denied to user 'mysqltest_1'@'localhost' for table 'v1'
explain select c from mysqltest.v2;
id select_type table type possible_keys key key_len ref rows Extra
1 PRIMARY <derived2> system NULL NULL NULL NULL 0 const row not found
2 DERIVED NULL NULL NULL NULL NULL NULL NULL no matching row in const table
show create table mysqltest.v2;
Table Create Table
v2 CREATE ALGORITHM=TEMPTABLE VIEW `mysqltest`.`v2` AS select (`mysqltest`.`t1`.`a` + 1) AS `c`,(`mysqltest`.`t1`.`b` + 1) AS `d` from `mysqltest`.`t1`
ERROR 42000: show create view command denied to user 'mysqltest_1'@'localhost' for table 'v2'
explain select c from mysqltest.v3;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
show create table mysqltest.v3;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
ERROR 42000: show create view command denied to user 'mysqltest_1'@'localhost' for table 'v3'
explain select c from mysqltest.v4;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
show create table mysqltest.v4;
ERROR HY000: EXPLAIN/SHOW can not be issued; lacking privileges for underlying table
ERROR 42000: show create view command denied to user 'mysqltest_1'@'localhost' for table 'v4'
grant show view on mysqltest.* to mysqltest_1@localhost;
explain select c from mysqltest.v1;
id select_type table type possible_keys key key_len ref rows Extra
......
......@@ -267,19 +267,19 @@ show columns from mysqltest.v2;
# but explain/show do not
-- error 1345
explain select c from mysqltest.v1;
-- error 1345
-- error 1142
show create table mysqltest.v1;
-- error 1345
explain select c from mysqltest.v2;
-- error 1345
-- error 1142
show create table mysqltest.v2;
-- error 1345
explain select c from mysqltest.v3;
-- error 1345
-- error 1142
show create table mysqltest.v3;
-- error 1345
explain select c from mysqltest.v4;
-- error 1345
-- error 1142
show create table mysqltest.v4;
# allow to see one of underlaing table
......@@ -288,17 +288,19 @@ grant select on mysqltest.t1 to mysqltest_1@localhost;
connection user1;
# EXPLAIN of view on above table works
explain select c from mysqltest.v1;
-- error 1142
show create table mysqltest.v1;
explain select c from mysqltest.v2;
-- error 1142
show create table mysqltest.v2;
# but other EXPLAINs do not
-- error 1345
explain select c from mysqltest.v3;
-- error 1345
-- error 1142
show create table mysqltest.v3;
-- error 1345
explain select c from mysqltest.v4;
-- error 1345
-- error 1142
show create table mysqltest.v4;
# allow to see any view in mysqltest database
......
......@@ -2873,7 +2873,7 @@ err:
else if (want_access & CREATE_VIEW_ACL)
command= "create view";
else if (want_access & SHOW_VIEW_ACL)
command= "show view";
command= "show create view";
net_printf(thd,ER_TABLEACCESS_DENIED_ERROR,
command,
thd->priv_user,
......
......@@ -624,16 +624,20 @@ mysql_make_view(File_parser *parser, TABLE_LIST *table)
check rights to run commands (EXPLAIN SELECT & SHOW CREATE) which show
underlaying tables
*/
if ((old_lex->sql_command == SQLCOM_SELECT && old_lex->describe) ||
old_lex->sql_command == SQLCOM_SHOW_CREATE)
if ((old_lex->sql_command == SQLCOM_SELECT && old_lex->describe))
{
if (check_table_access(thd, SELECT_ACL, view_tables, 1) &&
check_table_access(thd, SHOW_VIEW_ACL, view_tables, 1))
check_table_access(thd, SHOW_VIEW_ACL, table, 1))
{
my_error(ER_VIEW_NO_EXPLAIN, MYF(0));
goto err;
}
}
else if (old_lex->sql_command == SQLCOM_SHOW_CREATE)
{
if (check_table_access(thd, SHOW_VIEW_ACL, table, 0))
goto err;
}
/* move SQL_NO_CACHE & Co to whole query */
old_lex->safe_to_cache_query= (old_lex->safe_to_cache_query &&
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment