Skip to content

Commit 5dc804c

Browse files
committed
MDEV-29752 SHOW GRANTS for PUBLIC should work for all users
1 parent 00c56e1 commit 5dc804c

File tree

3 files changed

+52
-2
lines changed

3 files changed

+52
-2
lines changed

mysql-test/main/public_privileges.result

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -319,3 +319,26 @@ drop database testdb1;
319319
# clean up
320320
delete from mysql.global_priv where user="PUBLIC";
321321
flush privileges;
322+
#
323+
# MDEV-29752 SHOW GRANTS FOR PUBLIC should work for all users
324+
#
325+
create database dbtest;
326+
create user `testuser`@`%`;
327+
GRANT USAGE ON *.* TO `testuser`@`%`;
328+
GRANT ALL PRIVILEGES ON `dbtest`.* TO `PUBLIC`;
329+
connect testuser,localhost,testuser,,;
330+
show grants for public;
331+
Grants for PUBLIC
332+
GRANT ALL PRIVILEGES ON `dbtest`.* TO PUBLIC
333+
show grants for testuser;
334+
Grants for testuser@%
335+
GRANT USAGE ON *.* TO `testuser`@`%`
336+
connection default;
337+
disconnect testuser;
338+
REVOKE ALL PRIVILEGES ON `dbtest`.* FROM `PUBLIC`;
339+
REVOKE USAGE ON *.* FROM `testuser`@`%`;
340+
drop user `testuser`@`%`;
341+
drop database dbtest;
342+
# clean up
343+
delete from mysql.global_priv where user="PUBLIC";
344+
flush privileges;

mysql-test/main/public_privileges.test

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -380,3 +380,30 @@ drop database testdb1;
380380
-- echo # clean up
381381
delete from mysql.global_priv where user="PUBLIC";
382382
flush privileges;
383+
384+
--echo #
385+
--echo # MDEV-29752 SHOW GRANTS FOR PUBLIC should work for all users
386+
--echo #
387+
388+
create database dbtest;
389+
create user `testuser`@`%`;
390+
391+
GRANT USAGE ON *.* TO `testuser`@`%`;
392+
GRANT ALL PRIVILEGES ON `dbtest`.* TO `PUBLIC`;
393+
394+
connect (testuser,localhost,testuser,,);
395+
396+
show grants for public;
397+
show grants for testuser;
398+
399+
connection default;
400+
disconnect testuser;
401+
402+
REVOKE ALL PRIVILEGES ON `dbtest`.* FROM `PUBLIC`;
403+
REVOKE USAGE ON *.* FROM `testuser`@`%`;
404+
drop user `testuser`@`%`;
405+
drop database dbtest;
406+
407+
-- echo # clean up
408+
delete from mysql.global_priv where user="PUBLIC";
409+
flush privileges;

sql/sql_acl.cc

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7726,7 +7726,7 @@ bool mysql_grant_role(THD *thd, List <LEX_USER> &list, bool revoke)
77267726

77277727
if (has_auth(user, thd->lex))
77287728
DBUG_ASSERT(!grantee);
7729-
else if (!grantee)
7729+
else if (!grantee && !user->is_public)
77307730
grantee= find_user_exact(hostname.str, username.str);
77317731

77327732
if (!grantee && !revoke)
@@ -9464,7 +9464,7 @@ bool get_show_user(THD *thd, LEX_USER *lex_user, const char **username,
94649464
if (lex_user->is_role())
94659465
{
94669466
*rolename= lex_user->user.str;
9467-
do_check_access= strcmp(*rolename, sctx->priv_role);
9467+
do_check_access= !lex_user->is_public && strcmp(*rolename, sctx->priv_role);
94689468
}
94699469
else
94709470
{

0 commit comments

Comments
 (0)