MySQL 5.6.14 Source Code Document
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Groups Pages
triggers_03e_db_level.inc
1 #======================================================================
2 #
3 # Trigger Tests
4 # test cases for TRIGGER privilege on db, table and column level
5 #======================================================================
6 
7 --disable_abort_on_error
8 
9 ############################################
10 ################ Section 3.5.3 #############
11 # basic tests for the db level of Triggers #
12 ############################################
13 
14 # General setup to be used in all testcases
15 let $message= Testcase for db level:;
16 --source include/show_msg.inc
17 
18  --disable_warnings
19  drop database if exists priv_db;
20  drop database if exists no_priv_db;
21  --enable_warnings
22  create database priv_db;
23  create database no_priv_db;
24  use priv_db;
25  eval create table t1 (f1 char(20)) engine= $engine_type;
26 
27  create User test_yesprivs@localhost;
28  set password for test_yesprivs@localhost = password('PWD');
29  revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
30  grant select on priv_db.* to test_yesprivs@localhost;
31  show grants for test_yesprivs@localhost;
32 
33  create User test_noprivs@localhost;
34  set password for test_noprivs@localhost = password('PWD');
35  revoke ALL PRIVILEGES, GRANT OPTION FROM test_noprivs@localhost;
36  grant select,insert on priv_db.* to test_noprivs@localhost;
37  show grants for test_noprivs@localhost;
38 
39 # no trigger privilege->create trigger must fail:
40  connect (yes_privs,localhost,test_yesprivs,PWD,test,$MASTER_MYPORT,$MASTER_MYSOCK);
41 let $message= no trigger privilege on db level for create:;
42 --source include/show_msg.inc
43  use priv_db;
44  --error ER_TABLEACCESS_DENIED_ERROR
45  create trigger trg1_1 before INSERT on t1 for each row
46  set new.f1 = 'trig 1_1-no';
47 
48 # user with minimum privs on t1->no trigger executed;
49  connect (no_privs,localhost,test_noprivs,PWD,test,$MASTER_MYPORT,$MASTER_MYSOCK);
50  use priv_db;
51  insert into t1 (f1) values ('insert-yes');
52  select f1 from t1 order by f1;
53 
54  connection default;
55  select current_user;
56  grant TRIGGER on priv_db.* to test_yesprivs@localhost;
57  show grants for test_yesprivs@localhost;
58 
59 # user got trigger privilege->create successful:
60 let $message= trigger privilege on db level for create:;
61 --source include/show_msg.inc
62  connection yes_privs;
63  select current_user;
64  use priv_db;
65  create trigger trg1_2 before INSERT on t1 for each row
66  set new.f1 = 'trig 1_2-yes';
67 
68 # user with minimum privs on t1->fail,as trigger definer no update priv:;
69  connection no_privs;
70  select current_user;
71  use priv_db;
72  insert into t1 (f1) values ('insert-yes');
73  select f1 from t1 order by f1;
74 
75  connection default;
76  select current_user;
77  grant UPDATE on priv_db.* to test_yesprivs@localhost;
78 # succeed,as trigger definer has update privilege:
79 # new privilege take effect after 'use db':
80  use priv_db;
81  insert into t1 (f1) values ('insert-no');
82  select f1 from t1 order by f1;
83 
84 # succeed:
85  connection no_privs;
86  select current_user;
87  use priv_db;
88  insert into t1 (f1) values ('insert-yes');
89  select f1 from t1 order by f1;
90 
91  connection default;
92  select current_user;
93  revoke TRIGGER on priv_db.* from test_yesprivs@localhost;
94  show grants for test_yesprivs@localhost;
95 
96 # drop must fail, as no trigger privilege:
97 let $message= no trigger privilege on db level for drop:;
98 --source include/show_msg.inc
99  connection yes_privs;
100  select current_user;
101  use priv_db;
102  --error ER_TABLEACCESS_DENIED_ERROR
103  drop trigger trg1_2;
104 
105  connection no_privs;
106  select current_user;
107  use priv_db;
108 # no trigger privilege at activation time:
109 let $message= no trigger privilege at activation time:;
110 --source include/show_msg.inc
111  --error ER_TABLEACCESS_DENIED_ERROR
112  insert into t1 (f1) values ('insert-yes');
113  select f1 from t1 order by f1;
114 
115 let $message= trigger privilege at activation time:;
116 --source include/show_msg.inc
117  connection default;
118  select current_user;
119  grant TRIGGER on priv_db.* to test_yesprivs@localhost;
120 
121 # succeed, as trigger privilege at activation time:
122  connection no_privs;
123  select current_user;
124  use priv_db;
125  insert into t1 (f1) values ('insert-no');
126  select f1 from t1 order by f1;
127 # drop must fail, as no 'use db' executed:
128 let $message= trigger privilege on db level for drop:;
129 --source include/show_msg.inc
130  connection yes_privs;
131  select current_user;
132  show grants for test_yesprivs@localhost;
133  --error ER_TABLEACCESS_DENIED_ERROR
134  drop trigger trg1_2;
135 
136 # succeed
137 let $message= takes effect after use priv_db:;
138 --source include/show_msg.inc
139  use priv_db;
140  drop trigger trg1_2;
141 
142  connection default;
143  select current_user;
144  use priv_db;
145  insert into t1 (f1) values ('insert-yes');
146  select f1 from t1 order by f1;
147 
148 let $message= switch to db without having trigger priv for it:;
149 --source include/show_msg.inc
150  use no_priv_db;
151  eval create table t1 (f1 char(20)) engine= $engine_type;
152 # Adding the minimal priv to be able to set to the db
153  grant SELECT,UPDATE on no_priv_db.* to test_yesprivs@localhost;
154  show grants for test_yesprivs@localhost;
155 
156 # trigger privilege is hold over changes between priv and no priv db:
157 let $message= use db with trigger privilege on db level and without...:;
158 --source include/show_msg.inc
159  connection yes_privs;
160  select current_user;
161  use no_priv_db;
162  --error ER_TABLEACCESS_DENIED_ERROR
163  create trigger trg1_3 before INSERT on t1 for each row
164  set new.f1 = 'trig 1_3-no';
165  use priv_db;
166  create trigger trg1_3 before INSERT on t1 for each row
167  set new.f1 = 'trig 1_3-yes';
168  use no_priv_db;
169  --error ER_TABLEACCESS_DENIED_ERROR
170  create trigger trg1_4 before UPDATE on t1 for each row
171  set new.f1 = 'trig 1_4-no';
172  use priv_db;
173  create trigger trg1_4 before UPDATE on t1 for each row
174  set new.f1 = 'trig 1_4-yes';
175 
176  connection no_privs;
177  select current_user;
178  use no_priv_db;
179  insert into t1 (f1) values ('insert-yes');
180  select f1 from t1 order by f1;
181  use priv_db;
182  insert into t1 (f1) values ('insert-no');
183  select f1 from t1 order by f1;
184  --disable_warnings
185  disconnect no_privs;
186  --enable_warnings
187 
188  connection yes_privs;
189  select current_user;
190  use no_priv_db;
191  --error ER_TRG_DOES_NOT_EXIST
192  drop trigger trg1_3;
193  use priv_db;
194  drop trigger trg1_3;
195  use no_priv_db;
196  --error ER_TRG_DOES_NOT_EXIST
197  drop trigger trg1_4;
198  use priv_db;
199  drop trigger trg1_4;
200 
201 
202 # Cleanup db level
203  --disable_warnings
204  disconnect yes_privs;
205 
206  connection default;
207  select current_user;
208  drop table priv_db.t1;
209  drop table no_priv_db.t1;
210  --enable_warnings
211 
212 # general Cleanup
213  --disable_warnings
214  drop database if exists priv_db;
215  drop database if exists no_priv_db;
216  drop user test_yesprivs@localhost;
217  drop user test_noprivs@localhost;
218  --enable_warnings
219