tidb/privilege/privileges: make show databases available with any glo…

…bal privilege (#3666) * tidb/privilege/privileges: make show databases available with any global privilege
pingcap · Jul 8, 2017 · c04bc3d · c04bc3d
1 parent 2480b50
commit c04bc3d
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/executor/show_test.go b/executor/show_test.go
@@ -155,6 +155,24 @@ func (s *testSuite) TestShowVisibility(c *C) {
 	// The user can see t2 but not t1.
 	c.Assert(rows, HasLen, 1)
 
+	// After revoke, show database result should be empty.
+	tk.MustExec(`revoke select on showdatabase.t1 from 'show'@'%'`)
+	tk.MustExec(`flush privileges`)
+	rs, err = se.Execute("show databases")
+	c.Assert(err, IsNil)
+	rows, err = tidb.GetRows(rs[0])
+	c.Assert(err, IsNil)
+	c.Assert(rows, HasLen, 0)
+
+	// Grant any global privilege would make show databases available.
+	tk.MustExec(`grant CREATE on *.* to 'show'@'%'`)
+	tk.MustExec(`flush privileges`)
+	rs, err = se.Execute("show databases")
+	c.Assert(err, IsNil)
+	rows, err = tidb.GetRows(rs[0])
+	c.Assert(err, IsNil)
+	c.Assert(len(rows), GreaterEqual, 1)
+
 	privileges.Enable = save
 	tk.MustExec(`drop user 'show'@'%'`)
 	tk.MustExec("drop database showdatabase")

diff --git a/privilege/privileges/cache.go b/privilege/privileges/cache.go
@@ -430,7 +430,7 @@ func (p *MySQLPrivilege) RequestVerification(user, host, db, table, column strin
 // DBIsVisible checks whether the user can see the db.
 func (p *MySQLPrivilege) DBIsVisible(user, host, db string) bool {
 	if record := p.matchUser(user, host); record != nil {
-		if record.Privileges&mysql.ShowDBPriv > 0 {
+		if record.Privileges != 0 {
 			return true
 		}
 	}