Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
MDEV-9443: Roles aren't supported in prepared statements
Make role statements work with the PREPARE keyword.
- Loading branch information
Showing
3 changed files
with
117 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
# | ||
# Test user to check if we can grant the created role to it. | ||
# | ||
create user test_user; | ||
# | ||
# First create the role. | ||
# | ||
SET @createRole = 'CREATE ROLE developers'; | ||
PREPARE stmtCreateRole FROM @createRole; | ||
EXECUTE stmtCreateRole; | ||
# | ||
# Test to see if the role is created. | ||
# | ||
SELECT user, host,is_role FROM mysql.user | ||
WHERE user = 'developers'; | ||
user host is_role | ||
developers Y | ||
SHOW GRANTS; | ||
Grants for root@localhost | ||
GRANT developers TO 'root'@'localhost' WITH ADMIN OPTION | ||
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION | ||
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION | ||
# | ||
# Now grant the role to the test user. | ||
# | ||
SET @grantRole = 'GRANT developers to test_user'; | ||
PREPARE stmtGrantRole FROM @grantRole; | ||
EXECUTE stmtGrantRole; | ||
# | ||
# We should see 2 entries in the roles_mapping table. | ||
# | ||
SELECT * FROM mysql.roles_mapping; | ||
Host User Role Admin_option | ||
% test_user developers N | ||
localhost root developers Y | ||
SHOW GRANTS FOR test_user; | ||
Grants for test_user@% | ||
GRANT developers TO 'test_user'@'%' | ||
GRANT USAGE ON *.* TO 'test_user'@'%' | ||
# | ||
# Now drop the role. | ||
# | ||
SET @dropRole = 'DROP ROLE developers'; | ||
PREPARE stmtDropRole FROM @dropRole; | ||
EXECUTE stmtDropRole; | ||
# | ||
# Check both user and roles_mapping table for traces of our role. | ||
# | ||
SELECT user, host,is_role FROM mysql.user | ||
WHERE user = 'developers'; | ||
user host is_role | ||
SELECT * FROM mysql.roles_mapping; | ||
Host User Role Admin_option | ||
SHOW GRANTS; | ||
Grants for root@localhost | ||
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION | ||
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION | ||
SHOW GRANTS FOR test_user; | ||
Grants for test_user@% | ||
GRANT USAGE ON *.* TO 'test_user'@'%' | ||
# Cleanup. | ||
DROP USER test_user; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
--source include/not_embedded.inc | ||
|
||
|
||
--echo # | ||
--echo # Test user to check if we can grant the created role to it. | ||
--echo # | ||
create user test_user; | ||
--echo # | ||
--echo # First create the role. | ||
--echo # | ||
SET @createRole = 'CREATE ROLE developers'; | ||
PREPARE stmtCreateRole FROM @createRole; | ||
EXECUTE stmtCreateRole; | ||
--echo # | ||
--echo # Test to see if the role is created. | ||
--echo # | ||
SELECT user, host,is_role FROM mysql.user | ||
WHERE user = 'developers'; | ||
SHOW GRANTS; | ||
|
||
--echo # | ||
--echo # Now grant the role to the test user. | ||
--echo # | ||
SET @grantRole = 'GRANT developers to test_user'; | ||
PREPARE stmtGrantRole FROM @grantRole; | ||
EXECUTE stmtGrantRole; | ||
|
||
--echo # | ||
--echo # We should see 2 entries in the roles_mapping table. | ||
--echo # | ||
--sorted_result | ||
SELECT * FROM mysql.roles_mapping; | ||
SHOW GRANTS FOR test_user; | ||
|
||
--echo # | ||
--echo # Now drop the role. | ||
--echo # | ||
SET @dropRole = 'DROP ROLE developers'; | ||
PREPARE stmtDropRole FROM @dropRole; | ||
EXECUTE stmtDropRole; | ||
|
||
--echo # | ||
--echo # Check both user and roles_mapping table for traces of our role. | ||
--echo # | ||
SELECT user, host,is_role FROM mysql.user | ||
WHERE user = 'developers'; | ||
SELECT * FROM mysql.roles_mapping; | ||
SHOW GRANTS; | ||
SHOW GRANTS FOR test_user; | ||
|
||
--echo # Cleanup. | ||
DROP USER test_user; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters