Merge branch 'master' into enable_more_flasky_test

pingcap · Jun 8, 2022 · d8dfba5 · d8dfba5
2 parents ac1d3f8 + b6129af
commit d8dfba5
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 0 deletions.
diff --git a/executor/simple.go b/executor/simple.go
@@ -1293,6 +1293,14 @@ func (e *SimpleExec) executeDropUser(ctx context.Context, s *ast.DropUserStmt) e
 			break
 		}
 
+		// delete privileges from mysql.columns_priv
+		sql.Reset()
+		sqlexec.MustFormatSQL(sql, `DELETE FROM %n.%n WHERE Host = %? and User = %?;`, mysql.SystemDB, mysql.ColumnPrivTable, user.Hostname, user.Username)
+		if _, err = sqlExecutor.ExecuteInternal(context.TODO(), sql.String()); err != nil {
+			failedUsers = append(failedUsers, user.String())
+			break
+		}
+
 		// delete relationship from mysql.role_edges
 		sql.Reset()
 		sqlexec.MustFormatSQL(sql, `DELETE FROM %n.%n WHERE TO_HOST = %? and TO_USER = %?;`, mysql.SystemDB, mysql.RoleEdgeTable, user.Hostname, user.Username)

diff --git a/executor/simple_test.go b/executor/simple_test.go
@@ -988,6 +988,44 @@ func TestShowGrantsAfterDropRole(t *testing.T) {
 	tk.MustQuery("SHOW GRANTS").Check(testkit.Rows("GRANT CREATE USER ON *.* TO 'u29473'@'%'"))
 }
 
+func TestPrivilegesAfterDropUser(t *testing.T) {
+	store, clean := testkit.CreateMockStore(t)
+	defer clean()
+	tk := testkit.NewTestKit(t, store)
+	tk.MustExec("use test")
+	tk.MustExec("create table t1(id int, v int)")
+	defer tk.MustExec("drop table t1")
+
+	tk.MustExec("CREATE USER u1 require ssl")
+	defer tk.MustExec("DROP USER IF EXISTS u1")
+
+	tk.MustExec("GRANT CREATE ON test.* TO u1")
+	tk.MustExec("GRANT UPDATE ON test.t1 TO u1")
+	tk.MustExec("GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO u1")
+	tk.MustExec("GRANT SELECT(v), UPDATE(v) on test.t1 TO u1")
+
+	tk.MustQuery("SELECT COUNT(1) FROM mysql.global_grants WHERE USER='u1' AND HOST='%'").Check(testkit.Rows("1"))
+	tk.MustQuery("SELECT COUNT(1) FROM mysql.global_priv WHERE USER='u1' AND HOST='%'").Check(testkit.Rows("1"))
+	tk.MustQuery("SELECT COUNT(1) FROM mysql.tables_priv WHERE USER='u1' AND HOST='%'").Check(testkit.Rows("1"))
+	tk.MustQuery("SELECT COUNT(1) FROM mysql.columns_priv WHERE USER='u1' AND HOST='%'").Check(testkit.Rows("1"))
+	tk.Session().Auth(&auth.UserIdentity{Username: "root", Hostname: "%"}, nil, nil)
+	tk.MustQuery("SHOW GRANTS FOR u1").Check(testkit.Rows(
+		"GRANT USAGE ON *.* TO 'u1'@'%'",
+		"GRANT CREATE ON test.* TO 'u1'@'%'",
+		"GRANT UPDATE ON test.t1 TO 'u1'@'%'",
+		"GRANT SELECT(v), UPDATE(v) ON test.t1 TO 'u1'@'%'",
+		"GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO 'u1'@'%'",
+	))
+
+	tk.MustExec("DROP USER u1")
+	err := tk.QueryToErr("SHOW GRANTS FOR u1")
+	require.Equal(t, "[privilege:1141]There is no such grant defined for user 'u1' on host '%'", err.Error())
+	tk.MustQuery("SELECT * FROM mysql.global_grants WHERE USER='u1' AND HOST='%'").Check(testkit.Rows())
+	tk.MustQuery("SELECT * FROM mysql.global_priv WHERE USER='u1' AND HOST='%'").Check(testkit.Rows())
+	tk.MustQuery("SELECT * FROM mysql.tables_priv WHERE USER='u1' AND HOST='%'").Check(testkit.Rows())
+	tk.MustQuery("SELECT * FROM mysql.columns_priv WHERE USER='u1' AND HOST='%'").Check(testkit.Rows())
+}
+
 func TestDropRoleAfterRevoke(t *testing.T) {
 	store, clean := testkit.CreateMockStore(t)
 	defer clean()