From c302bbba4606ec3a9fca4649705052834901c183 Mon Sep 17 00:00:00 2001 From: tiancaiamao Date: Mon, 13 May 2019 22:04:00 +0800 Subject: [PATCH] planner/core,session: fix privilege check for update (8376) --- planner/core/logical_plan_builder.go | 2 +- session/session_test.go | 26 +++++++++++++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/planner/core/logical_plan_builder.go b/planner/core/logical_plan_builder.go index 02f0f4bded97e..7f7b02e4503f7 100644 --- a/planner/core/logical_plan_builder.go +++ b/planner/core/logical_plan_builder.go @@ -2149,7 +2149,7 @@ func (b *planBuilder) buildUpdate(update *ast.UpdateStmt) (Plan, error) { if dbName == "" { dbName = b.ctx.GetSessionVars().CurrentDB } - b.visitInfo = appendVisitInfo(b.visitInfo, mysql.UpdatePriv, dbName, t.Name.L, "") + b.visitInfo = appendVisitInfo(b.visitInfo, mysql.SelectPriv, dbName, t.Name.L, "") } if sel.Where != nil { diff --git a/session/session_test.go b/session/session_test.go index 4c1744387a4b9..61a640b80fdd1 100644 --- a/session/session_test.go +++ b/session/session_test.go @@ -15,6 +15,7 @@ package session_test import ( "fmt" + "strings" "sync" "sync/atomic" "time" @@ -2350,6 +2351,29 @@ func (s *testSessionSuite) TestSetGroupConcatMaxLen(c *C) { func (s *testSessionSuite) TestUpdatePrivilege(c *C) { tk := testkit.NewTestKitWithInit(c, s.store) + tk.MustExec("drop table if exists t1, t2;") + tk.MustExec("create table t1 (id int);") + tk.MustExec("create table t2 (id int);") + tk.MustExec("insert into t1 values (1);") + tk.MustExec("insert into t2 values (2);") + tk.MustExec("create user xxx;") + tk.MustExec("grant all on test.t1 to xxx;") + tk.MustExec("grant select on test.t2 to xxx;") + tk.MustExec("flush privileges;") + + tk1 := testkit.NewTestKitWithInit(c, s.store) + c.Assert(tk1.Se.Auth(&auth.UserIdentity{Username: "xxx", Hostname: "localhost"}, + []byte(""), + []byte("")), IsTrue) + + _, err := tk1.Exec("update t2 set id = 666 where id = 1;") + c.Assert(err, NotNil) + c.Assert(strings.Contains(err.Error(), "privilege check fail"), IsTrue) + + // Cover a bug that t1 and t2 both require update privilege. + // In fact, the privlege check for t1 should be update, and for t2 should be select. + _, err = tk1.Exec("update t1,t2 set t1.id = t2.id;") + c.Assert(err, IsNil) // Fix issue 8911 tk.MustExec("create database weperk") @@ -2359,7 +2383,6 @@ func (s *testSessionSuite) TestUpdatePrivilege(c *C) { tk.MustExec("grant all privileges on weperk.* to 'weperk'@'%'") tk.MustExec("flush privileges;") - tk1 := testkit.NewTestKitWithInit(c, s.store) c.Assert(tk1.Se.Auth(&auth.UserIdentity{Username: "weperk", Hostname: "%"}, []byte(""), []byte("")), IsTrue) tk1.MustExec("use weperk") @@ -2387,6 +2410,7 @@ WHERE s.a = t.a and t.c >= 1 and t.c <= 10000 and s.b !='xx';`) + } func (s *testSessionSuite) TestTxnGoString(c *C) {