Commit 5dc804c3 authored by Sergei Golubchik's avatar Sergei Golubchik

MDEV-29752 SHOW GRANTS for PUBLIC should work for all users

parent 00c56e1c
...@@ -319,3 +319,26 @@ drop database testdb1; ...@@ -319,3 +319,26 @@ drop database testdb1;
# clean up # clean up
delete from mysql.global_priv where user="PUBLIC"; delete from mysql.global_priv where user="PUBLIC";
flush privileges; flush privileges;
#
# MDEV-29752 SHOW GRANTS FOR PUBLIC should work for all users
#
create database dbtest;
create user `testuser`@`%`;
GRANT USAGE ON *.* TO `testuser`@`%`;
GRANT ALL PRIVILEGES ON `dbtest`.* TO `PUBLIC`;
connect testuser,localhost,testuser,,;
show grants for public;
Grants for PUBLIC
GRANT ALL PRIVILEGES ON `dbtest`.* TO PUBLIC
show grants for testuser;
Grants for testuser@%
GRANT USAGE ON *.* TO `testuser`@`%`
connection default;
disconnect testuser;
REVOKE ALL PRIVILEGES ON `dbtest`.* FROM `PUBLIC`;
REVOKE USAGE ON *.* FROM `testuser`@`%`;
drop user `testuser`@`%`;
drop database dbtest;
# clean up
delete from mysql.global_priv where user="PUBLIC";
flush privileges;
...@@ -380,3 +380,30 @@ drop database testdb1; ...@@ -380,3 +380,30 @@ drop database testdb1;
-- echo # clean up -- echo # clean up
delete from mysql.global_priv where user="PUBLIC"; delete from mysql.global_priv where user="PUBLIC";
flush privileges; flush privileges;
--echo #
--echo # MDEV-29752 SHOW GRANTS FOR PUBLIC should work for all users
--echo #
create database dbtest;
create user `testuser`@`%`;
GRANT USAGE ON *.* TO `testuser`@`%`;
GRANT ALL PRIVILEGES ON `dbtest`.* TO `PUBLIC`;
connect (testuser,localhost,testuser,,);
show grants for public;
show grants for testuser;
connection default;
disconnect testuser;
REVOKE ALL PRIVILEGES ON `dbtest`.* FROM `PUBLIC`;
REVOKE USAGE ON *.* FROM `testuser`@`%`;
drop user `testuser`@`%`;
drop database dbtest;
-- echo # clean up
delete from mysql.global_priv where user="PUBLIC";
flush privileges;
...@@ -7726,7 +7726,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke) ...@@ -7726,7 +7726,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
if (has_auth(user, thd->lex)) if (has_auth(user, thd->lex))
DBUG_ASSERT(!grantee); DBUG_ASSERT(!grantee);
else if (!grantee) else if (!grantee && !user->is_public)
grantee= find_user_exact(hostname.str, username.str); grantee= find_user_exact(hostname.str, username.str);
if (!grantee && !revoke) if (!grantee && !revoke)
...@@ -9464,7 +9464,7 @@ bool get_show_user(THD *thd, LEX_USER *lex_user, const char **username, ...@@ -9464,7 +9464,7 @@ bool get_show_user(THD *thd, LEX_USER *lex_user, const char **username,
if (lex_user->is_role()) if (lex_user->is_role())
{ {
*rolename= lex_user->user.str; *rolename= lex_user->user.str;
do_check_access= strcmp(*rolename, sctx->priv_role); do_check_access= !lex_user->is_public && strcmp(*rolename, sctx->priv_role);
} }
else else
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment