#4303 "New" link in navi panel is shown even if no privileges

4.1.9
out-of-date
None
1
2014-10-01
2014-03-01
No

A user having no privileges to create a database should not see "New" at the database level.

Discussion

  • Marc Delisle

    Marc Delisle - 2014-03-01
    • summary: "New" link in navi panel is shown even if no privileges --> (ok 4.1.9) "New" link in navi panel is shown even if no privileges
    • status: open --> resolved
    • Priority: 5 --> 1
     
  • Marc Delisle

    Marc Delisle - 2014-03-06
    • Status: resolved --> fixed
     
  • azurIt

    azurIt - 2014-03-08

    This is still a problem in 4.1.9. Link 'New' points to /server_databases.php?server=2&token=...

     
  • Marc Delisle

    Marc Delisle - 2014-03-08

    azurit,
    please describe what kind of privileges your user has.

    When I test with a user that does not have the privilege to create a database, there is no New link to create a database in the navigation panel.

     
  • azurIt

    azurIt - 2014-03-08

    Ok, i debbuged it a little and found out that link 'New' appears when a user has a local 'CREATE' privilege inside any database (but you cannot have ALL PRIVILEGES on that database).

     
  • Marc Delisle

    Marc Delisle - 2014-03-09
    • summary: (ok 4.1.9) "New" link in navi panel is shown even if no privileges --> "New" link in navi panel is shown even if no privileges
    • status: fixed --> open
    • assigned_to: Marc Delisle --> nobody
    • Group: 4.1.8 --> 4.1.9
    • Priority: 1 --> 5
     
  • Aayush

    Aayush - 2014-04-13

    i was trying to reproduce this.
    but what i observed is that even though new link is shown, user without having privileges can not use this link to create new database. error is shown in the later steps.
    So, expected result is only to remove that new link if such privilege is not present.??
    if i am getting it correct?

     
  • Marc Delisle

    Marc Delisle - 2014-04-15

    Aayush: yes.

     
  • Aayush

    Aayush - 2014-04-15

    thnx marc..
    m working on it..

     
  • Aayush

    Aayush - 2014-04-17

    hi marc..
    in an attempt to resolve this. I observed an other issue associated with display of "New" at the database level in localhost with config file.
    steps to produce this bug:
    1. Open pma with user that has the privilege to create a database. Let the browser window be open.
    2. Go to config file and change user to user that does not have the privilege to create a database.
    3. Now refresh the browser window. Now user is changed, privileges are updated but still "new" button is displayed.
    Similarly,
    1. Open pma with user that does not have the privilege to create a database. Let the browser window be open.
    2. Go to config file and change user to user that has the privilege to create a database.
    3. Now refresh the browser window. Now user is changed, privileges are updated but still "new" button is not displayed.
    i worked on this, and found that may be this is happening coz the session variable in which info is saved about the privileges whether create db is allowed or not, is not updated.
    plz see to this if this is not a local error.
    and comment over this accordingly.

     
  • Marc Delisle

    Marc Delisle - 2014-04-18

    Aayush,
    indeed you have found another issue.

     
  • Aayush

    Aayush - 2014-04-18

    since you can confirmed it, now i would like to ask another thing.
    marc first time when i tried to produce this bug (reported by azrut), i was able to reproduce it, and started the work. But in code i didn't find anything to support the steps to reproduce it (as reported by azrut).
    later i find that i was able to reproduce the bug not because of steps reported by azrut but because of steps i reported. I misunderstood the situation earlier.
    so please can you confirm this. if any bug reported by azrut exist or he also misunderstood the situation like me?
    asking coz i am now not able to reproduce this bug by the steps reported by azrut.

     
  • azurIt

    azurIt - 2014-04-18

    i'm still albe to reproduce this bug in version 4.1.12 - just add 'CREATE' priviledge alone to the user to any single database.

     
  • Madhura Jayaratne

    • assigned_to: Madhura Jayaratne
     
  • Madhura Jayaratne

    I can no longer recreate the bug with version 4.2.9
    My user has the following privileges.

    mysql> show grants for aaaa@localhost;
    +--------------------------------------------------+
    | Grants for aaaa@localhost |
    +--------------------------------------------------+
    | GRANT USAGE ON *.* TO 'aaaa'@'localhost' |
    | GRANT CREATE ON bbbb.* TO 'aaaa'@'localhost' |
    +--------------------------------------------------+
    2 rows in set (0.00 sec)

     
    Last edit: Madhura Jayaratne 2014-10-01
  • Madhura Jayaratne

    • status: open --> out-of-date
    • Priority: 5 --> 1