Commit 68fb05c3 authored by Sergei Golubchik's avatar Sergei Golubchik

MDEV-29851 Cached role privileges are not invalidated when needed

GRANT ROLE can update db-level privileges -> must invalidate acl_cache
parent 7a2f9956
......@@ -138,5 +138,30 @@ drop role test_role1, test_role2;
create role test_role1;
drop role test_role1;
#
# MDEV-29851 Cached role privileges are not invalidated when needed
#
create role admin;
create role student;
create database crm;
grant create on crm.* to admin;
grant select on crm.* to student;
create user intern@localhost;
grant student to intern@localhost;
set default role student for intern@localhost;
connect con1, localhost, intern;
use crm;
disconnect con1;
connection default;
grant admin to student;
connect con1, localhost, intern;
use crm;
create table t1 (a int);
disconnect con1;
connection default;
drop user intern@localhost;
drop role student;
drop role admin;
drop database crm;
#
# End of 10.3 tests
#
......@@ -166,6 +166,36 @@ drop role test_role1, test_role2;
create role test_role1;
drop role test_role1;
--echo #
--echo # MDEV-29851 Cached role privileges are not invalidated when needed
--echo #
create role admin;
create role student;
create database crm;
grant create on crm.* to admin;
grant select on crm.* to student;
create user intern@localhost;
grant student to intern@localhost;
set default role student for intern@localhost;
connect con1, localhost, intern;
use crm;
disconnect con1;
connection default;
grant admin to student;
connect con1, localhost, intern;
use crm;
create table t1 (a int);
disconnect con1;
connection default;
drop user intern@localhost;
drop role student;
drop role admin;
drop database crm;
--echo #
--echo # End of 10.3 tests
--echo #
......@@ -7152,7 +7152,10 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
a role
*/
if (role_as_user)
{
propagate_role_grants(role_as_user, PRIVS_TO_MERGE::ALL);
acl_cache->clear(1);
}
}
mysql_mutex_unlock(&acl_cache->lock);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment