Added GRANT ROLE TO ROLE | USER functionality.

The command only currenty affects in memory data structures. Writing to the roles_mapping table needs to be implemented.

Added GRANT ROLE TO ROLE | USER functionality.
The command only currenty affects in memory data structures. Writing to the roles_mapping table needs to be implemented.
1ac0b920 · Vicențiu Ciorbaru · Sergei Golubchik · 95ef78e4 · 1ac0b920 · 1ac0b920
Commit 1ac0b920 authored Oct 18, 2013 by Vicențiu Ciorbaru Committed by Sergei Golubchik Oct 18, 2013
5 changed files
--- a/sql/share/errmsg-utf8.txt
+++ b/sql/share/errmsg-utf8.txt
@@ -6569,3 +6569,9 @@ ER_INVALID_ROLE
 ER_INVALID_CURRENT_USER
 	eng "The current user is invalid."
 	rum "Utilizatorul curent este invalid."
+ER_RESERVED_ROLE
+	eng "Role name '%s' is reserved."
+	rum "Numele de rol '%s' este rezervat."
+ER_CANNOT_GRANT_ROLE
+	eng "Cannot grant role '%s' to: %s."
+	rum "Rolul '%s' nu poate fi acordat catre: %s."
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
--- a/sql/sql_acl.h
+++ b/sql/sql_acl.h
@@ -203,6 +203,8 @@ int check_change_password(THD *thd, const char *host, const char *user,
                           char *password, uint password_len);
 bool change_password(THD *thd, const char *host, const char *user,
                     char *password);
+
+bool mysql_grant_role(THD *thd, List<LEX_USER> &user_list);
 bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &user_list,
                 ulong rights, bool revoke, bool is_proxy);
 int mysql_table_grant(THD *thd, TABLE_LIST *table, List <LEX_USER> &user_list,

--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -3866,7 +3866,7 @@ end_with_restore_list:
      else
      {
        /* Conditionally writes to binlog */
-        res = mysql_grant(thd, select_lex->db, lex->users_list, lex->grant,
+        res= mysql_grant(thd, select_lex->db, lex->users_list, lex->grant,
                         lex->sql_command == SQLCOM_REVOKE,
                         lex->type == TYPE_ENUM_PROXY);
      }
@@ -3890,7 +3890,14 @@ end_with_restore_list:
  case SQLCOM_REVOKE_ROLE:
  case SQLCOM_GRANT_ROLE:
  {
-    /* TODO Implement grant */
+    /* TODO access check */
+
+    if (thd->security_ctx->user)              // If not replication
+    {
+      if (!(res= mysql_grant_role(thd, lex->users_list)))
+        my_ok(thd);
+    }
+    else
      my_ok(thd);
    break;
  }

--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -1570,7 +1570,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);

 %type <symbol> keyword keyword_sp

-%type <lex_user> user grant_user grant_role
+%type <lex_user> user grant_user grant_role user_or_role

 %type <charset>
        opt_collate
@@ -1624,7 +1624,8 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
        opt_option opt_place
        opt_attribute opt_attribute_list attribute column_list column_list_id
        opt_column_list grant_privileges grant_ident grant_list grant_option
-        object_privilege object_privilege_list user_list rename_list
+        object_privilege object_privilege_list user_list user_and_role_list
+        rename_list
        clear_privileges flush_options flush_option
        opt_with_read_lock flush_options_list
        equal optional_braces
@@ -13208,6 +13209,16 @@ user:
          }
        ;

+user_or_role:
+          user
+          {
+            $$=$1;
+          }
+        | CURRENT_ROLE optional_braces
+          {
+            $$= &current_role;
+          }
+
 /* Keyword that we allow for identifiers (except SP labels) */
 keyword:
          keyword_sp            {}
@@ -14241,7 +14252,7 @@ revoke_command:
            lex->sql_command= SQLCOM_REVOKE;
            lex->type= TYPE_ENUM_PROXY;
          }
-        | grant_role FROM grant_list
+        | grant_role FROM user_and_role_list
          {
            LEX *lex= Lex;
            lex->sql_command= SQLCOM_REVOKE_ROLE;
@@ -14294,11 +14305,13 @@ grant_command:
            lex->sql_command= SQLCOM_GRANT;
            lex->type= TYPE_ENUM_PROXY;
          }
-        | grant_role TO_SYM grant_list
+        | grant_role TO_SYM user_and_role_list
          {
            LEX *lex= Lex;
            lex->sql_command= SQLCOM_GRANT_ROLE;
-            lex->type= 0;
+            /* The first role is the one that is granted */
+            if (Lex->users_list.push_front($1))
+              MYSQL_YYABORT;
          }

        ;
@@ -14333,6 +14346,10 @@ grant_role:
                                         system_charset_info, 0))
              MYSQL_YYABORT;
          }
+        | CURRENT_ROLE optional_braces
+          {
+            $$=&current_role;
+          }
        ;

 opt_table:
@@ -14522,6 +14539,19 @@ grant_list:
          }
        ;

+user_and_role_list:
+          user_or_role
+          {
+            if (Lex->users_list.push_back($1))
+              MYSQL_YYABORT;
+          }
+        | user_and_role_list ',' user_or_role
+          {
+            if (Lex->users_list.push_back($3))
+              MYSQL_YYABORT;
+          }
+        ;
+
 via_or_with: VIA_SYM | WITH ;
 using_or_as: USING | AS ;