From 3e83202b97bb978a80b0d7435ae276ec6f187fc7 Mon Sep 17 00:00:00 2001
From: Shlomi Noach <shlomi-noach@github.com>
Date: Thu, 16 Jun 2016 16:06:26 +0200
Subject: [PATCH] more elaborate check that user has privileges

---
 go/logic/inspect.go | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/go/logic/inspect.go b/go/logic/inspect.go
index 2258bc9..c460b90 100644
--- a/go/logic/inspect.go
+++ b/go/logic/inspect.go
@@ -145,6 +145,21 @@ func (this *Inspector) validateConnection() error {
 // validateGrants verifies the user by which we're executing has necessary grants
 // to do its thang.
 func (this *Inspector) validateGrants() error {
+	stringContainsAll := func(s string, substrings ...string) bool {
+		nonEmptyStringsFound := false
+		for _, substring := range substrings {
+			if s == "" {
+				continue
+			}
+			if strings.Contains(s, substring) {
+				nonEmptyStringsFound = true
+			} else {
+				// Immediate failure
+				return false
+			}
+		}
+		return nonEmptyStringsFound
+	}
 	query := `show /* gh-ost */ grants for current_user()`
 	foundAll := false
 	foundSuper := false
@@ -166,6 +181,12 @@ func (this *Inspector) validateGrants() error {
 			if strings.Contains(grant, fmt.Sprintf("GRANT ALL PRIVILEGES ON `%s`.*", this.migrationContext.DatabaseName)) {
 				foundDBAll = true
 			}
+			if stringContainsAll(grant, `ALTER`, `CREATE`, `DELETE`, `DROP`, `INDEX`, `INSERT`, `LOCK TABLES`, `SELECT`, `TRIGGER`, `UPDATE`, ` ON *.*`) {
+				foundDBAll = true
+			}
+			if stringContainsAll(grant, `ALTER`, `CREATE`, `DELETE`, `DROP`, `INDEX`, `INSERT`, `LOCK TABLES`, `SELECT`, `TRIGGER`, `UPDATE`, fmt.Sprintf(" ON `%s`.*", this.migrationContext.DatabaseName)) {
+				foundDBAll = true
+			}
 		}
 		return nil
 	})