Added CREATE ROLE support as well as DROP ROLE support.

db850c52 · Vicențiu Ciorbaru · Sergei Golubchik · 81b2856e · db850c52 · db850c52
Commit db850c52 authored Oct 18, 2013 by Vicențiu Ciorbaru Committed by Sergei Golubchik Oct 18, 2013
7 changed files
--- a/mysql-test/r/acl_roles_create_and_drop_role.result
+++ b/mysql-test/r/acl_roles_create_and_drop_role.result
+use mysql;
+create role test_role1;
+create role test_role2, test_role3;
+select user, host, is_role from user where user like 'test';
+user	host	is_role
+drop role test_role1;
+drop role test_role2, test_role3;
+create role test_role1;
+create role test_role1;
+ERROR HY000: Operation CREATE ROLE failed for 'test_role1'
+create role test_role1, test_role2;
+ERROR HY000: Operation CREATE ROLE failed for 'test_role1'
+select user, host, is_role from user where user like 'test';
+user	host	is_role
+drop role test_role1;
+drop role test_role1;
+ERROR HY000: Operation DROP ROLE failed for 'test_role1'
+drop role test_role1, test_role2;
+ERROR HY000: Operation DROP ROLE failed for 'test_role1'
+select user, host, is_role from user where user like 'test';
+user	host	is_role
--- a/mysql-test/t/acl_roles_create_and_drop_role.test
+++ b/mysql-test/t/acl_roles_create_and_drop_role.test
+connect (mysql, localhost, root,,);
+use mysql;
+
+create role test_role1;
+create role test_role2, test_role3;
+
+--sorted_result
+select user, host, is_role from user where user like 'test';
+
+drop role test_role1;
+drop role test_role2, test_role3;
+
+
+create role test_role1;
+--error ER_CANNOT_USER
+create role test_role1;
+--error ER_CANNOT_USER
+create role test_role1, test_role2;
+
+--sorted_result
+select user, host, is_role from user where user like 'test';
+
+drop role test_role1;
+--error ER_CANNOT_USER
+drop role test_role1;
+--error ER_CANNOT_USER
+drop role test_role1, test_role2;
+
+--sorted_result
+select user, host, is_role from user where user like 'test';
+disconnect mysql;
--- a/sql/share/errmsg-utf8.txt
+++ b/sql/share/errmsg-utf8.txt
@@ -6569,3 +6569,8 @@ ER_INVALID_ROLE
 ER_INVALID_CURRENT_USER
 	eng "The current user is invalid."
 	rum "Utilizatorul curent este invalid."
+ER_INVALID_ROLE_COMMAND
+	eng "Unable to execute role related command. The user table is in invalid format."
+	rum "Comanda asupra rolurilor nu poate fi executate. Tabelul "user" este in format invalid."
+ER_ROLE_AS_USER
+	eng "The role '%s' is marked as a user '%s'@''
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
--- a/sql/sql_acl.h
+++ b/sql/sql_acl.h
@@ -234,6 +234,8 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list);
 bool mysql_drop_user(THD *thd, List <LEX_USER> &list);
 bool mysql_rename_user(THD *thd, List <LEX_USER> &list);
 bool mysql_revoke_all(THD *thd, List <LEX_USER> &list);
+bool mysql_create_role(THD *thd, List <LEX_USER> &list);
+bool mysql_drop_role(THD *thd, List <LEX_USER> &list);
 void fill_effective_table_privileges(THD *thd, GRANT_INFO *grant,
                                     const char *db, const char *table);
 bool sp_revoke_privileges(THD *thd, const char *sp_db, const char *sp_name,

--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -3759,14 +3759,22 @@ end_with_restore_list:
  }
  case SQLCOM_CREATE_ROLE:
  {
-    /* TODO */
-    my_ok(thd);
+    if (check_access(thd, INSERT_ACL, "mysql", NULL, NULL, 1, 1) &&
+        check_global_access(thd,CREATE_USER_ACL))
+      break;
+    /* Conditionally writes to binlog */
+    if (!(res= mysql_create_role(thd, lex->users_list)))
+      my_ok(thd);
    break;
  }
  case SQLCOM_DROP_ROLE:
  {
-    /* TODO */
-    my_ok(thd);
+    if (check_access(thd, DELETE_ACL, "mysql", NULL, NULL, 1, 1) &&
+        check_global_access(thd,CREATE_USER_ACL))
+      break;
+    /* Conditionally writes to binlog */
+    if (!(res= mysql_drop_role(thd, lex->users_list)))
+      my_ok(thd);
    break;
  }
  case SQLCOM_REVOKE_ALL:

--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -1459,7 +1459,6 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
        NCHAR_STRING opt_component key_cache_name
        sp_opt_label BIN_NUM label_ident TEXT_STRING_filesystem ident_or_empty
        opt_constraint constraint opt_ident opt_if_not_exists_ident
-        grant_role

 %type <lex_str_ptr>
        opt_table_alias
@@ -1570,7 +1569,7 @@ bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);

 %type <symbol> keyword keyword_sp

-%type <lex_user> user grant_user
+%type <lex_user> user grant_user grant_role

 %type <charset>
        opt_collate
@@ -14251,7 +14250,6 @@ revoke_command:
            LEX *lex= Lex;
            lex->sql_command= SQLCOM_REVOKE_ROLE;
            lex->type= 0;
-            printf("The rolename to be revoked is: %s\n", $1.str);
          }

        ;
@@ -14305,20 +14303,40 @@ grant_command:
            LEX *lex= Lex;
            lex->sql_command= SQLCOM_GRANT_ROLE;
            lex->type= 0;
-            printf("The rolename to be granted is: %s\n", $1.str);
          }

        ;

 role_list:
          grant_role
-          {}
+          {
+            if (Lex->users_list.push_back($1))
+              MYSQL_YYABORT;
+          }
        | role_list ',' grant_role
-          {}
+          {
+            if (Lex->users_list.push_back($3))
+              MYSQL_YYABORT;
+          }
+        ;

 grant_role:
-          IDENT_sys             {$$=$1;}
-        | TEXT_STRING_sys       {$$=$1;}
+          ident_or_text
+          {
+            if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
+              MYSQL_YYABORT;
+            $$->user = $1;
+            $$->host.str= (char *)HOST_NOT_SPECIFIED;
+            $$->host.length= 1;
+            $$->password= null_lex_str; 
+            $$->plugin= empty_lex_str;
+            $$->auth= empty_lex_str;
+
+            if (check_string_char_length(&$$->user, ER(ER_USERNAME),
+                                         username_char_length,
+                                         system_charset_info, 0))
+              MYSQL_YYABORT;
+          }
        ;

 opt_table: