diff options
| author | unknown <monty@mysql.com> | 2004-11-03 13:01:38 +0200 |
|---|---|---|
| committer | unknown <monty@mysql.com> | 2004-11-03 13:01:38 +0200 |
| commit | 614cda698a2c07ae158cbaf9a0a102a04866e28c (patch) | |
| tree | 39f6697332c041cfd44f3c685d341ba5024ca0f5 /mysql-test/t/grant2.test | |
| parent | 09e0503538cbf882cdb1c215a45becfd3826d67a (diff) | |
| parent | f5a47f156b6778a0f6751556e56a0afe25d6be13 (diff) | |
| download | mariadb-git-614cda698a2c07ae158cbaf9a0a102a04866e28c.tar.gz | |
Merge on pull
BitKeeper/etc/ignore:
auto-union
mysql-test/r/grant2.result:
Auto merged
mysql-test/r/sql_mode.result:
Auto merged
mysql-test/t/grant2.test:
Auto merged
sql/handler.cc:
Auto merged
sql/handler.h:
Auto merged
sql/mysql_priv.h:
Auto merged
sql/mysqld.cc:
Auto merged
sql/opt_range.cc:
Auto merged
sql/set_var.cc:
Auto merged
sql/sql_acl.cc:
Auto merged
sql/sql_lex.h:
Auto merged
sql/sql_parse.cc:
Auto merged
sql/sql_yacc.yy:
Auto merged
Diffstat (limited to 'mysql-test/t/grant2.test')
| -rw-r--r-- | mysql-test/t/grant2.test | 44 |
1 files changed, 41 insertions, 3 deletions
diff --git a/mysql-test/t/grant2.test b/mysql-test/t/grant2.test index 6aa47a01753..fe4a5b55b82 100644 --- a/mysql-test/t/grant2.test +++ b/mysql-test/t/grant2.test @@ -6,13 +6,21 @@ SET NAMES binary; # +# prepare playground before tests +--disable_warnings +drop database if exists mysqltest; +--enable_warnings +delete from mysql.user where user like 'mysqltest\_%'; +delete from mysql.db where user like 'mysqltest\_%'; +delete from mysql.tables_priv where user like 'mysqltest\_%'; +delete from mysql.columns_priv where user like 'mysqltest\_%'; +flush privileges; + + # # wild_compare fun # -delete from mysql.user where user like 'mysqltest\_%'; -delete from mysql.db where user like 'mysqltest\_%'; -flush privileges; grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option; connect (user1,localhost,mysqltest_1,,); connection user1; @@ -40,3 +48,33 @@ delete from mysql.user where user like 'mysqltest\_%'; delete from mysql.db where user like 'mysqltest\_%'; flush privileges; + +# +# Bug #6173: One can circumvent missing UPDATE privilege if he has SELECT +# and INSERT privilege for table with primary key +# +create database mysqltest; +grant INSERT, SELECT on mysqltest.* to mysqltest_1@localhost; +flush privileges; +use mysqltest; +create table t1 (id int primary key, data varchar(255)); + +connect (mrbad, localhost, mysqltest_1,,); +connection mrbad; +show grants for current_user(); +use mysqltest; +insert into t1 values (1, 'I can''t change it!'); +--error 1044 +update t1 set data='I can change it!' where id = 1; +# This should not be allowed since it too require UPDATE privilege. +--error 1044 +insert into t1 values (1, 'XXX') on duplicate key update data= 'I can change it!'; +select * from t1; + +connection default; +drop table t1; +drop database mysqltest; +use test; +delete from mysql.user where user like 'mysqltest\_%'; +delete from mysql.db where user like 'mysqltest\_%'; +flush privileges; |