Skip to content

Commit

Permalink
parser/mysql, privilege/privileges: fix trigger privilege (#32893)
Browse files Browse the repository at this point in the history 
close #32891
  • Loading branch information
@morgo
morgo authored Mar 23, 2022
1 parent 23d79d4 commit 3ddd959
Show file tree
Hide file tree
Showing 5 changed files with 24 additions and 4 deletions.
2 changes: 1 addition & 1 deletion executor/revoke_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ func TestRevokeTableScope(t *testing.T) {

// Make sure all the table privs for new user is Y.
res := tk.MustQuery(`SELECT Table_priv FROM mysql.tables_priv WHERE User="testTblRevoke" and host="localhost" and db="test" and Table_name="test1"`)
res.Check(testkit.Rows("Select,Insert,Update,Delete,Create,Drop,Index,Alter,Create View,Show View,References"))
res.Check(testkit.Rows("Select,Insert,Update,Delete,Create,Drop,Index,Alter,Create View,Show View,Trigger,References"))

// Revoke each priv from the user.
for _, v := range mysql.AllTablePrivs {
Expand Down
6 changes: 4 additions & 2 deletions parser/mysql/privs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ var Priv2SetStr = map[PrivilegeType]string{
CreateRolePriv: "Create Role",
DropRolePriv: "Drop Role",
ShutdownPriv: "Shutdown Role",
TriggerPriv: "Trigger",
}

// SetStr2Priv is the map for privilege set string to privilege type.
Expand All @@ -99,6 +100,7 @@ var SetStr2Priv = map[string]PrivilegeType{
"Index": IndexPriv,
"Create View": CreateViewPriv,
"Show View": ShowViewPriv,
"Trigger": TriggerPriv,
}

// Priv2UserCol is the privilege to mysql.user table column name.
Expand Down Expand Up @@ -309,10 +311,10 @@ func (privs Privileges) Has(p PrivilegeType) bool {
var AllGlobalPrivs = Privileges{SelectPriv, InsertPriv, UpdatePriv, DeletePriv, CreatePriv, DropPriv, ProcessPriv, ReferencesPriv, AlterPriv, ShowDBPriv, SuperPriv, ExecutePriv, IndexPriv, CreateUserPriv, CreateTablespacePriv, TriggerPriv, CreateViewPriv, ShowViewPriv, CreateRolePriv, DropRolePriv, CreateTMPTablePriv, LockTablesPriv, CreateRoutinePriv, AlterRoutinePriv, EventPriv, ShutdownPriv, ReloadPriv, FilePriv, ConfigPriv, ReplicationClientPriv, ReplicationSlavePriv}

// AllDBPrivs is all the privileges in database scope.
var AllDBPrivs = Privileges{SelectPriv, InsertPriv, UpdatePriv, DeletePriv, CreatePriv, DropPriv, ReferencesPriv, LockTablesPriv, CreateTMPTablePriv, EventPriv, CreateRoutinePriv, AlterRoutinePriv, AlterPriv, ExecutePriv, IndexPriv, CreateViewPriv, ShowViewPriv}
var AllDBPrivs = Privileges{SelectPriv, InsertPriv, UpdatePriv, DeletePriv, CreatePriv, DropPriv, ReferencesPriv, LockTablesPriv, CreateTMPTablePriv, EventPriv, CreateRoutinePriv, AlterRoutinePriv, AlterPriv, ExecutePriv, IndexPriv, CreateViewPriv, ShowViewPriv, TriggerPriv}

// AllTablePrivs is all the privileges in table scope.
var AllTablePrivs = Privileges{SelectPriv, InsertPriv, UpdatePriv, DeletePriv, CreatePriv, DropPriv, IndexPriv, ReferencesPriv, AlterPriv, CreateViewPriv, ShowViewPriv}
var AllTablePrivs = Privileges{SelectPriv, InsertPriv, UpdatePriv, DeletePriv, CreatePriv, DropPriv, IndexPriv, ReferencesPriv, AlterPriv, CreateViewPriv, ShowViewPriv, TriggerPriv}

// AllColumnPrivs is all the privileges in column scope.
var AllColumnPrivs = Privileges{SelectPriv, InsertPriv, UpdatePriv, ReferencesPriv}
Expand Down
2 changes: 2 additions & 0 deletions planner/core/logical_plan_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1151,6 +1151,7 @@ func TestVisitInfo(t *testing.T) {
{mysql.IndexPriv, "test", "", "", nil, false, "", false},
{mysql.CreateViewPriv, "test", "", "", nil, false, "", false},
{mysql.ShowViewPriv, "test", "", "", nil, false, "", false},
{mysql.TriggerPriv, "test", "", "", nil, false, "", false},
},
},
{
Expand Down Expand Up @@ -1225,6 +1226,7 @@ func TestVisitInfo(t *testing.T) {
{mysql.IndexPriv, "test", "", "", nil, false, "", false},
{mysql.CreateViewPriv, "test", "", "", nil, false, "", false},
{mysql.ShowViewPriv, "test", "", "", nil, false, "", false},
{mysql.TriggerPriv, "test", "", "", nil, false, "", false},
},
},
{
Expand Down
2 changes: 1 addition & 1 deletion privilege/privileges/cache.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ const globalDBVisible = mysql.CreatePriv | mysql.SelectPriv | mysql.InsertPriv |
const (
sqlLoadRoleGraph = "SELECT HIGH_PRIORITY FROM_USER, FROM_HOST, TO_USER, TO_HOST FROM mysql.role_edges"
sqlLoadGlobalPrivTable = "SELECT HIGH_PRIORITY Host,User,Priv FROM mysql.global_priv"
sqlLoadDBTable = "SELECT HIGH_PRIORITY Host,DB,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,Index_priv,References_priv,Lock_tables_priv,Create_tmp_table_priv,Event_priv,Create_routine_priv,Alter_routine_priv,Alter_priv,Execute_priv,Create_view_priv,Show_view_priv FROM mysql.db ORDER BY host, db, user"
sqlLoadDBTable = "SELECT HIGH_PRIORITY Host,DB,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,Index_priv,References_priv,Lock_tables_priv,Create_tmp_table_priv,Event_priv,Create_routine_priv,Alter_routine_priv,Alter_priv,Execute_priv,Create_view_priv,Show_view_priv,Trigger_priv FROM mysql.db ORDER BY host, db, user"
sqlLoadTablePrivTable = "SELECT HIGH_PRIORITY Host,DB,User,Table_name,Grantor,Timestamp,Table_priv,Column_priv FROM mysql.tables_priv"
sqlLoadColumnsPrivTable = "SELECT HIGH_PRIORITY Host,DB,User,Table_name,Column_name,Timestamp,Column_priv FROM mysql.columns_priv"
sqlLoadDefaultRoles = "SELECT HIGH_PRIORITY HOST, USER, DEFAULT_ROLE_HOST, DEFAULT_ROLE_USER FROM mysql.default_roles"
Expand Down
16 changes: 16 additions & 0 deletions privilege/privileges/privileges_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2888,6 +2888,22 @@ func TestSkipGrantTable(t *testing.T) {
tk.MustExec(`GRANT RESTRICTED_USER_ADMIN ON *.* TO 'test2'@'%';`)
}

// https://github.com/pingcap/tidb/issues/32891
func TestIncorrectUsageDBGrant(t *testing.T) {
store, clean := createStoreAndPrepareDB(t)
defer clean()

tk := testkit.NewTestKit(t, store)
tk.MustExec(`CREATE USER ucorrect1, ucorrect2;`)
tk.MustExec(`CREATE TABLE test.trigger_table (a int)`)
tk.MustExec(`GRANT CREATE TEMPORARY TABLES,DELETE,EXECUTE,INSERT,SELECT,SHOW VIEW,TRIGGER,UPDATE ON test.* TO ucorrect1;`)
tk.MustExec(`GRANT TRIGGER ON test.trigger_table TO ucorrect2;`)
tk.MustExec(`DROP TABLE test.trigger_table`)

err := tk.ExecToErr(`GRANT CREATE TEMPORARY TABLES,DELETE,EXECUTE,INSERT,SELECT,SHOW VIEW,TRIGGER,UPDATE ON test.* TO uincorrect;`)
require.EqualError(t, err, "[executor:1410]You are not allowed to create a user with GRANT")
}

func TestIssue29823(t *testing.T) {
store, clean := createStoreAndPrepareDB(t)
defer clean()
Expand Down

0 comments on commit 3ddd959

Please sign in to comment.