New syntax:

CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy

New syntax:
CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy
0c303b52 · Sergei Golubchik · 1c7bcdb4 · 0c303b52 · 0c303b52 · 0c303b52
Commit 0c303b52 authored Oct 18, 2013 by Sergei Golubchik
5 changed files
--- a/mysql-test/r/acl_roles_admin.result
+++ b/mysql-test/r/acl_roles_admin.result
+create user foo@localhost;
+create role role1;
+create role role2 with admin current_user;
+create role role3 with admin current_role;
+create role role4 with admin root@localhost;
+create role role5 with admin foo@localhost;
+create role role6 with admin foo@bar;
+create user bar with admin current_user;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'admin current_user' at line 1
+grant role1 to foo@localhost with admin option;
+grant role2 to role1;
+grant role3 to role4 with admin option;
+grant select on *.* to foo@localhost with admin option;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'admin option' at line 1
+revoke role1 from foo@localhost;
+revoke admin option for role3 from role4;
+revoke admin option for role2 from role1;
+drop role role1, role2, role3, role4, role5, role6;
+drop user foo@localhost;
--- a/mysql-test/t/acl_roles_admin.test
+++ b/mysql-test/t/acl_roles_admin.test
+create user foo@localhost;
+
+########################################
+# syntax tests
+########################################
+
+create role role1;
+create role role2 with admin current_user;
+create role role3 with admin current_role;
+create role role4 with admin root@localhost;
+create role role5 with admin foo@localhost;
+create role role6 with admin foo@bar;
+
+--error ER_PARSE_ERROR
+create user bar with admin current_user;
+
+grant role1 to foo@localhost with admin option;
+grant role2 to role1;
+grant role3 to role4 with admin option;
+--error ER_PARSE_ERROR
+grant select on *.* to foo@localhost with admin option;
+
+revoke role1 from foo@localhost;
+revoke admin option for role3 from role4;
+revoke admin option for role2 from role1;
+
+########################################
+# cleanup
+########################################
+drop role role1, role2, role3, role4, role5, role6;
+drop user foo@localhost;
+
--- a/sql/lex.h
+++ b/sql/lex.h
@@ -59,6 +59,7 @@ static SYMBOL symbols[] = {
  { "ACCESSIBLE",	SYM(ACCESSIBLE_SYM)},
  { "ACTION",		SYM(ACTION)},
  { "ADD",		SYM(ADD)},
+  { "ADMIN",            SYM(ADMIN_SYM)},
  { "AFTER",		SYM(AFTER_SYM)},
  { "AGAINST",          SYM(AGAINST)},
  { "AGGREGATE",	SYM(AGGREGATE_SYM)},

--- a/sql/sql_lex.h
+++ b/sql/sql_lex.h
@@ -2580,7 +2580,6 @@ struct LEX: public Query_tables_list
    this command.
  */
  bool parse_vcol_expr;
-  bool with_persistent_for_clause; // uses PERSISTENT FOR clause (in ANALYZE)

  enum SSL_type ssl_type;			/* defined in violite.h */
  enum enum_duplicates duplicates;
@@ -2589,6 +2588,8 @@ struct LEX: public Query_tables_list
  union {
    enum ha_rkey_function ha_rkey_mode;
    enum xa_option_words xa_opt;
+    bool with_admin_option;                     // GRANT role
+    bool with_persistent_for_clause; // uses PERSISTENT FOR clause (in ANALYZE)
  };
  enum enum_var_type option_type;
  enum enum_view_create_mode create_view_mode;

--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -800,7 +800,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
   MYSQL-FUNC : MySQL extention, function
   INTERNAL   : Not a real token, lex optimization
   OPERATOR   : SQL operator
-   FUTURE-USE : Reserved for futur use
+   FUTURE-USE : Reserved for future use

   This makes the code grep-able, and helps maintenance.
 */
@@ -809,6 +809,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
 %token  ACCESSIBLE_SYM
 %token  ACTION                        /* SQL-2003-N */
 %token  ADD                           /* SQL-2003-R */
+%token  ADMIN_SYM                     /* SQL-2003-N */
 %token  ADDDATE_SYM                   /* MYSQL-FUNC */
 %token  AFTER_SYM                     /* SQL-2003-N */
 %token  AGAINST
@@ -1571,6 +1572,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
 %type <symbol> keyword keyword_sp

 %type <lex_user> user grant_user grant_role user_or_role current_role
+                 admin_option_for_role

 %type <charset>
        opt_collate
@@ -1601,7 +1603,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
        show describe load alter optimize keycache preload flush
        reset purge begin commit rollback savepoint release
        slave master_def master_defs master_file_def slave_until_opts
-        repair analyze
+        repair analyze opt_with_admin opt_with_admin_option
        analyze_table_list analyze_table_elem_spec
        opt_persistent_stat_clause persistent_stat_spec
        persistent_column_stat_spec persistent_index_stat_spec
@@ -2218,7 +2220,7 @@ create:
          {
            Lex->sql_command = SQLCOM_CREATE_USER;
          }
-        | CREATE ROLE_SYM clear_privileges role_list
+        | CREATE ROLE_SYM clear_privileges role_list opt_with_admin
          {
            Lex->sql_command = SQLCOM_CREATE_ROLE;
          }
@@ -13297,6 +13299,7 @@ keyword:
 keyword_sp:
          ACTION                   {}
        | ADDDATE_SYM              {}
+        | ADMIN_SYM                {}
        | AFTER_SYM                {}
        | AGAINST                  {}
        | AGGREGATE_SYM            {}
@@ -14257,17 +14260,21 @@ revoke_command:
            lex->sql_command= SQLCOM_REVOKE;
            lex->type= TYPE_ENUM_PROXY;
          }
-        | grant_role FROM user_and_role_list
+        | admin_option_for_role FROM user_and_role_list
          {
-            LEX *lex= Lex;
-            lex->sql_command= SQLCOM_REVOKE_ROLE;
-            /* The first role is the one that is revoked */
+            Lex->sql_command= SQLCOM_REVOKE_ROLE;
            if (Lex->users_list.push_front($1))
              MYSQL_YYABORT;
          }
-
        ;

+admin_option_for_role:
+        ADMIN_SYM OPTION FOR_SYM grant_role
+        { Lex->with_admin_option= true; $$= $4; }
+      | grant_role
+        { Lex->with_admin_option= false; $$= $1; }
+      ;
+
 grant:
          GRANT clear_privileges grant_command
          {}
@@ -14312,7 +14319,7 @@ grant_command:
            lex->sql_command= SQLCOM_GRANT;
            lex->type= TYPE_ENUM_PROXY;
          }
-        | grant_role TO_SYM user_and_role_list
+        | grant_role TO_SYM user_and_role_list opt_with_admin_option
          {
            LEX *lex= Lex;
            lex->sql_command= SQLCOM_GRANT_ROLE;
@@ -14323,6 +14330,14 @@ grant_command:

        ;

+opt_with_admin:
+           /* nothing */               { Lex->definer = 0; }
+         | WITH ADMIN_SYM user_or_role { Lex->definer = $3; }
+
+opt_with_admin_option:
+           /* nothing */               { Lex->with_admin_option= false; }
+         | WITH ADMIN_SYM OPTION       { Lex->with_admin_option= true; }
+
 role_list:
          grant_role
          {