You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
99 lines
3.3 KiB
99 lines
3.3 KiB
#
|
|
# Bug #24843257: CURRENT_ROLE(), ROLES_GRAPHML() RETURN VALUE
|
|
# HAS INCORRECT CHARACTER SET
|
|
# Expect system charset for empty
|
|
SELECT CHARSET(CURRENT_ROLE()) = @@character_set_system;
|
|
CHARSET(CURRENT_ROLE()) = @@character_set_system
|
|
1
|
|
SELECT CHARSET(ROLES_GRAPHML()) = @@character_set_system;
|
|
CHARSET(ROLES_GRAPHML()) = @@character_set_system
|
|
1
|
|
# Expect blobs
|
|
CREATE TABLE t1 AS
|
|
SELECT CURRENT_ROLE() AS CURRENT_ROLE, ROLES_GRAPHML() AS ROLES_GRAPHML;
|
|
SHOW CREATE TABLE t1;
|
|
Table Create Table
|
|
t1 CREATE TABLE `t1` (
|
|
`CURRENT_ROLE` longtext CHARACTER SET utf8,
|
|
`ROLES_GRAPHML` longtext CHARACTER SET utf8
|
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
|
|
DROP TABLE t1;
|
|
# create some roles
|
|
CREATE ROLE r1;
|
|
GRANT r1 TO root@localhost;
|
|
SET ROLE r1;
|
|
# Expect system charset for actual content
|
|
SELECT CHARSET(CURRENT_ROLE()) = @@character_set_system;
|
|
CHARSET(CURRENT_ROLE()) = @@character_set_system
|
|
1
|
|
SELECT CHARSET(ROLES_GRAPHML()) = @@character_set_system;
|
|
CHARSET(ROLES_GRAPHML()) = @@character_set_system
|
|
1
|
|
# cleanup
|
|
SET ROLE DEFAULT;
|
|
REVOKE r1 FROM root@localhost;
|
|
DROP ROLE r1;
|
|
#
|
|
# Bug #28953158: DROP ROLE USERNAME SHOULD BE REJECTED
|
|
#
|
|
CREATE USER uu@localhost, u1@localhost;
|
|
CREATE ROLE r1;
|
|
GRANT CREATE ROLE, DROP ROLE ON *.* TO uu@localhost;
|
|
SHOW GRANTS;
|
|
Grants for uu@localhost
|
|
GRANT CREATE ROLE, DROP ROLE ON *.* TO `uu`@`localhost`
|
|
# connected as uu
|
|
# test result: must fail
|
|
DROP USER u1@localhost;
|
|
ERROR 42000: Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation
|
|
# test result: must fail
|
|
DROP ROLE u1@localhost;
|
|
ERROR 42000: Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation
|
|
# test result: must pass
|
|
DROP ROLE r1;
|
|
# Cleanup
|
|
DROP USER uu@localhost, u1@localhost;
|
|
#
|
|
# Bug#28395115: permission denied if grants are given through role
|
|
#
|
|
CREATE DATABASE my_db;
|
|
CREATE table my_db.t1 (id int primary key);
|
|
CREATE ROLE my_role;
|
|
CREATE USER my_user, foo@localhost, baz@localhost;
|
|
GRANT ALL ON *.* to my_role, foo@localhost;
|
|
GRANT EXECUTE ON *.* TO my_user, baz@localhost;
|
|
GRANT my_role TO my_user, baz@localhost;
|
|
SET DEFAULT ROLE my_role TO my_user;
|
|
CREATE DEFINER=foo@localhost PROCEDURE my_db.foo_proc()
|
|
BEGIN
|
|
INSERT into my_db.t1 values(2) on duplicate key UPDATE id = values(id) + 200;
|
|
END $$
|
|
CREATE DEFINER=baz@localhost PROCEDURE my_db.baz_proc()
|
|
BEGIN
|
|
set ROLE all;
|
|
INSERT into my_db.t1 values(4) on duplicate key UPDATE id = values(id) + 400;
|
|
END $$
|
|
INSERT into my_db.t1 values(5);
|
|
# Inserts are now allowed if grants are given through role
|
|
INSERT into my_db.t1 values(8) on duplicate key UPDATE id = values(id) + 800;
|
|
CALL my_db.foo_proc();
|
|
CALL my_db.baz_proc();
|
|
# Now revoke all privileges from the roles and user
|
|
REVOKE ALL ON *.* FROM my_role;
|
|
REVOKE ALL ON *.* FROM foo@localhost;
|
|
GRANT EXECUTE ON *.* TO foo@localhost;
|
|
# The SQL opperations must fail with existing connection.
|
|
INSERT into my_db.t1 values(10);
|
|
ERROR 42000: INSERT command denied to user 'my_user'@'localhost' for table 't1'
|
|
CALL my_db.baz_proc();
|
|
ERROR 42000: INSERT, UPDATE command denied to user 'baz'@'localhost' for table 't1'
|
|
CALL my_db.foo_proc();
|
|
ERROR 42000: INSERT, UPDATE command denied to user 'foo'@'localhost' for table 't1'
|
|
# Cleanup
|
|
DROP DATABASE my_db;
|
|
DROP USER my_user;
|
|
DROP USER foo@localhost, baz@localhost;
|
|
DROP ROLE my_role;
|
|
|
|
# End of 8.0 tests
|
|
|
|
|