#4142 Permission to 'all users' ignored by currentUserHasPrivilege()

4.0.8
invalid
Marc Delisle
None
5
2013-11-10
2013-10-21
Mathieu Rochette
No

We have added the TRIGGER privilieges to all user for a database but the trigger tab still don't appear (and going directly to its url redirect back to the default tab)

it appears to be a bug in currentUserHasPrivilege() the function return true only when GRANTEE match CURRENT_USER() but it should return true for ''@domain if CURRENT_USER() is 'user'@domain

Discussion

  • I can take a look at this.

     
  • Marc Delisle
    Marc Delisle
    2013-10-23

    modulo, please do.

     
  • Mathieu,

    How are your permissions set up?

    Firstly let me state that I'm not a specialist on internal database dynamics and might be wrong in the following, but researching (for) this bug has brought me to the following conclusion.

    If you have permissions for "Any" user they will be indeed in the form of ''@'host'. Slightly misleadingly this does not mean they are applied to all users. Instead those permissions will take action only if you log on from the specified host with a username that is not explicitly listed. Then you will get ''@'host' as your CURRENT_USER() and the currentUserHasPrivilege() function works as intended.

    Logging on with any other user (an explicitly listed user) you will be subject to only those permissions set for that user. The user will generally even not be able to see the permissions for ''@'host', only the ones for 'user'@'host'.

    This is a MySQL feature.

    If I'm not mistaken then this is not a bug and also not related to https://sourceforge.net/p/phpmyadmin/bugs/4140/

    Could someone with more experience please either confirm or deny this?

     
  • Marc Delisle
    Marc Delisle
    2013-11-10

    • assigned_to: Marc Delisle
     
  • Marc Delisle
    Marc Delisle
    2013-11-10

    I agree with modulo's analysis. Moreover, I have set up test users, to the best of my knowledge, based on Mathieu's description, and the test user is refused the CREATE TRIGGER command even if the anonymous (blank) user has this privilege on this database.

     
  • Marc Delisle
    Marc Delisle
    2013-11-10

    • status: open --> invalid