Implemented REVOKE ALL FROM for Roles and role grants.

mysql-test/suite/roles/drop_routines.result

@@ -0,0 +1,104 @@
+create role r1;
+create role r2;
+create role r3;
+create role r4;
+create user u1;
+grant r2 to r1;
+grant r3 to r2;
+grant r4 to r3;
+grant r1 to u1;
+grant r4 to r1;
+show grants for u1;
+Grants for u1@%
+GRANT USAGE ON *.* TO 'u1'@'%'
+GRANT r1 TO 'u1'@'%'
+show grants for r1;
+Grants for r1
+GRANT USAGE ON *.* TO 'r1'
+GRANT USAGE ON *.* TO 'r2'
+GRANT USAGE ON *.* TO 'r3'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r2 TO 'r1'
+GRANT r3 TO 'r2'
+GRANT r4 TO 'r1'
+GRANT r4 TO 'r3'
+grant SELECT on *.* to u1;
+grant INSERT on mysql.* to r1;
+grant DELETE on mysql.roles_mapping to r2;
+grant UPDATE on mysql.user to r3;
+create function mysql.test_func (s CHAR(20))
+returns CHAR(50) DETERMINISTIC
+return concat('Test string: ',s);
+create procedure mysql.test_proc (OUT param1 INT)
+begin
+select COUNT(*) into param1 from mysql.roles_mapping;
+end|
+grant execute on function mysql.test_func to r2;
+grant execute on procedure mysql.test_proc to r3;
+grant execute on mysql.* to r4;
+show grants for r1;
+Grants for r1
+GRANT DELETE ON `mysql`.`roles_mapping` TO 'r2'
+GRANT EXECUTE ON FUNCTION `mysql`.`test_func` TO 'r2'
+GRANT EXECUTE ON PROCEDURE `mysql`.`test_proc` TO 'r3'
+GRANT EXECUTE ON `mysql`.* TO 'r4'
+GRANT INSERT ON `mysql`.* TO 'r1'
+GRANT UPDATE ON `mysql`.`user` TO 'r3'
+GRANT USAGE ON *.* TO 'r1'
+GRANT USAGE ON *.* TO 'r2'
+GRANT USAGE ON *.* TO 'r3'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r2 TO 'r1'
+GRANT r3 TO 'r2'
+GRANT r4 TO 'r1'
+GRANT r4 TO 'r3'
+show grants for r2;
+Grants for r2
+GRANT DELETE ON `mysql`.`roles_mapping` TO 'r2'
+GRANT EXECUTE ON FUNCTION `mysql`.`test_func` TO 'r2'
+GRANT EXECUTE ON PROCEDURE `mysql`.`test_proc` TO 'r3'
+GRANT EXECUTE ON `mysql`.* TO 'r4'
+GRANT UPDATE ON `mysql`.`user` TO 'r3'
+GRANT USAGE ON *.* TO 'r2'
+GRANT USAGE ON *.* TO 'r3'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r3 TO 'r2'
+GRANT r4 TO 'r3'
+show grants for r3;
+Grants for r3
+GRANT EXECUTE ON PROCEDURE `mysql`.`test_proc` TO 'r3'
+GRANT EXECUTE ON `mysql`.* TO 'r4'
+GRANT UPDATE ON `mysql`.`user` TO 'r3'
+GRANT USAGE ON *.* TO 'r3'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r4 TO 'r3'
+show grants for r4;
+Grants for r4
+GRANT EXECUTE ON `mysql`.* TO 'r4'
+GRANT USAGE ON *.* TO 'r4'
+drop function mysql.test_func;
+Warnings:
+Warning	1403	There is no such grant defined for user 'r1' on host '' on routine 'test_func'
+Warning	1403	There is no such grant defined for user 'r1' on host '' on routine 'test_func'
+drop procedure mysql.test_proc;
+Warnings:
+Warning	1403	There is no such grant defined for user 'r2' on host '' on routine 'test_proc'
+Warning	1403	There is no such grant defined for user 'r1' on host '' on routine 'test_proc'
+Warning	1403	There is no such grant defined for user 'r2' on host '' on routine 'test_proc'
+Warning	1403	There is no such grant defined for user 'r1' on host '' on routine 'test_proc'
+show grants for r1;
+Grants for r1
+GRANT DELETE ON `mysql`.`roles_mapping` TO 'r2'
+GRANT EXECUTE ON `mysql`.* TO 'r4'
+GRANT INSERT ON `mysql`.* TO 'r1'
+GRANT UPDATE ON `mysql`.`user` TO 'r3'
+GRANT USAGE ON *.* TO 'r1'
+GRANT USAGE ON *.* TO 'r2'
+GRANT USAGE ON *.* TO 'r3'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r2 TO 'r1'
+GRANT r3 TO 'r2'
+GRANT r4 TO 'r1'
+GRANT r4 TO 'r3'
+drop role r1, r2, r3, r4;
+drop user u1;

mysql-test/suite/roles/drop_routines.test

@@ -0,0 +1,61 @@
+source include/not_embedded.inc;
+
+create role r1;
+create role r2;
+create role r3;
+create role r4;
+create user u1;
+
+#CREATE A CHAIN OF ROLES
+grant r2 to r1;
+grant r3 to r2;
+grant r4 to r3;
+grant r1 to u1;
+grant r4 to r1;
+
+--sorted_result
+show grants for u1;
+--sorted_result
+show grants for r1;
+
+grant SELECT on *.* to u1;
+grant INSERT on mysql.* to r1;
+grant DELETE on mysql.roles_mapping to r2;
+grant UPDATE on mysql.user to r3;
+
+create function mysql.test_func (s CHAR(20))
+returns CHAR(50) DETERMINISTIC
+return concat('Test string: ',s);
+
+
+delimiter |;
+create procedure mysql.test_proc (OUT param1 INT)
+begin
+  select COUNT(*) into param1 from mysql.roles_mapping;
+end|
+delimiter ;|
+
+grant execute on function mysql.test_func to r2;
+grant execute on procedure mysql.test_proc to r3;
+grant execute on mysql.* to r4;
+
+--sorted_result
+show grants for r1;
+--sorted_result
+show grants for r2;
+--sorted_result
+show grants for r3;
+--sorted_result
+show grants for r4;
+
+drop function mysql.test_func;
+drop procedure mysql.test_proc;
+
+# HERE there are func_priv_hash and proc_priv hash entries inherited from other roles that are not
+# deleted. These remain and could affect privilege checks
+
+--sorted_result
+show grants for r1;
+
+drop role r1, r2, r3, r4;
+drop user u1;

mysql-test/suite/roles/revoke_all.result

@@ -0,0 +1,183 @@
+create role r1;
+create role r2;
+create role r3;
+create role r4;
+create user u1;
+grant r2 to r1;
+grant r3 to r2;
+grant r4 to r3;
+grant r1 to u1;
+grant r4 to r1;
+show grants for u1;
+Grants for u1@%
+GRANT USAGE ON *.* TO 'u1'@'%'
+GRANT r1 TO 'u1'@'%'
+show grants for r1;
+Grants for r1
+GRANT USAGE ON *.* TO 'r1'
+GRANT USAGE ON *.* TO 'r2'
+GRANT USAGE ON *.* TO 'r3'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r2 TO 'r1'
+GRANT r3 TO 'r2'
+GRANT r4 TO 'r1'
+GRANT r4 TO 'r3'
+grant SELECT on *.* to u1;
+grant INSERT on mysql.* to r1;
+grant DELETE on mysql.roles_mapping to r2;
+grant UPDATE on mysql.user to r3;
+create function mysql.test_func (s CHAR(20))
+returns CHAR(50) DETERMINISTIC
+return concat('Test string: ',s);
+create procedure mysql.test_proc (OUT param1 INT)
+begin
+select COUNT(*) into param1 from mysql.roles_mapping;
+end|
+grant execute on function mysql.test_func to r2;
+grant execute on procedure mysql.test_proc to r3;
+grant execute on mysql.* to r4;
+show grants for r1;
+Grants for r1
+GRANT DELETE ON `mysql`.`roles_mapping` TO 'r2'
+GRANT EXECUTE ON FUNCTION `mysql`.`test_func` TO 'r2'
+GRANT EXECUTE ON PROCEDURE `mysql`.`test_proc` TO 'r3'
+GRANT EXECUTE ON `mysql`.* TO 'r4'
+GRANT INSERT ON `mysql`.* TO 'r1'
+GRANT UPDATE ON `mysql`.`user` TO 'r3'
+GRANT USAGE ON *.* TO 'r1'
+GRANT USAGE ON *.* TO 'r2'
+GRANT USAGE ON *.* TO 'r3'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r2 TO 'r1'
+GRANT r3 TO 'r2'
+GRANT r4 TO 'r1'
+GRANT r4 TO 'r3'
+show grants for r2;
+Grants for r2
+GRANT DELETE ON `mysql`.`roles_mapping` TO 'r2'
+GRANT EXECUTE ON FUNCTION `mysql`.`test_func` TO 'r2'
+GRANT EXECUTE ON PROCEDURE `mysql`.`test_proc` TO 'r3'
+GRANT EXECUTE ON `mysql`.* TO 'r4'
+GRANT UPDATE ON `mysql`.`user` TO 'r3'
+GRANT USAGE ON *.* TO 'r2'
+GRANT USAGE ON *.* TO 'r3'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r3 TO 'r2'
+GRANT r4 TO 'r3'
+show grants for r3;
+Grants for r3
+GRANT EXECUTE ON PROCEDURE `mysql`.`test_proc` TO 'r3'
+GRANT EXECUTE ON `mysql`.* TO 'r4'
+GRANT UPDATE ON `mysql`.`user` TO 'r3'
+GRANT USAGE ON *.* TO 'r3'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r4 TO 'r3'
+show grants for r4;
+Grants for r4
+GRANT EXECUTE ON `mysql`.* TO 'r4'
+GRANT USAGE ON *.* TO 'r4'
+revoke all privileges, grant option from r4;
+show grants for r1;
+Grants for r1
+GRANT DELETE ON `mysql`.`roles_mapping` TO 'r2'
+GRANT EXECUTE ON FUNCTION `mysql`.`test_func` TO 'r2'
+GRANT EXECUTE ON PROCEDURE `mysql`.`test_proc` TO 'r3'
+GRANT INSERT ON `mysql`.* TO 'r1'
+GRANT UPDATE ON `mysql`.`user` TO 'r3'
+GRANT USAGE ON *.* TO 'r1'
+GRANT USAGE ON *.* TO 'r2'
+GRANT USAGE ON *.* TO 'r3'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r2 TO 'r1'
+GRANT r3 TO 'r2'
+GRANT r4 TO 'r1'
+GRANT r4 TO 'r3'
+show grants for r2;
+Grants for r2
+GRANT DELETE ON `mysql`.`roles_mapping` TO 'r2'
+GRANT EXECUTE ON FUNCTION `mysql`.`test_func` TO 'r2'
+GRANT EXECUTE ON PROCEDURE `mysql`.`test_proc` TO 'r3'
+GRANT UPDATE ON `mysql`.`user` TO 'r3'
+GRANT USAGE ON *.* TO 'r2'
+GRANT USAGE ON *.* TO 'r3'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r3 TO 'r2'
+GRANT r4 TO 'r3'
+show grants for r3;
+Grants for r3
+GRANT EXECUTE ON PROCEDURE `mysql`.`test_proc` TO 'r3'
+GRANT UPDATE ON `mysql`.`user` TO 'r3'
+GRANT USAGE ON *.* TO 'r3'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r4 TO 'r3'
+show grants for r4;
+Grants for r4
+GRANT USAGE ON *.* TO 'r4'
+revoke all privileges, grant option from r3;
+show grants for r1;
+Grants for r1
+GRANT DELETE ON `mysql`.`roles_mapping` TO 'r2'
+GRANT EXECUTE ON FUNCTION `mysql`.`test_func` TO 'r2'
+GRANT INSERT ON `mysql`.* TO 'r1'
+GRANT USAGE ON *.* TO 'r1'
+GRANT USAGE ON *.* TO 'r2'
+GRANT USAGE ON *.* TO 'r3'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r2 TO 'r1'
+GRANT r3 TO 'r2'
+GRANT r4 TO 'r1'
+show grants for r2;
+Grants for r2
+GRANT DELETE ON `mysql`.`roles_mapping` TO 'r2'
+GRANT EXECUTE ON FUNCTION `mysql`.`test_func` TO 'r2'
+GRANT USAGE ON *.* TO 'r2'
+GRANT USAGE ON *.* TO 'r3'
+GRANT r3 TO 'r2'
+show grants for r3;
+Grants for r3
+GRANT USAGE ON *.* TO 'r3'
+show grants for r4;
+Grants for r4
+GRANT USAGE ON *.* TO 'r4'
+revoke all privileges, grant option from r2;
+show grants for r1;
+Grants for r1
+GRANT INSERT ON `mysql`.* TO 'r1'
+GRANT USAGE ON *.* TO 'r1'
+GRANT USAGE ON *.* TO 'r2'
+GRANT USAGE ON *.* TO 'r4'
+GRANT r2 TO 'r1'
+GRANT r4 TO 'r1'
+show grants for r2;
+Grants for r2
+GRANT USAGE ON *.* TO 'r2'
+show grants for r3;
+Grants for r3
+GRANT USAGE ON *.* TO 'r3'
+show grants for r4;
+Grants for r4
+GRANT USAGE ON *.* TO 'r4'
+revoke all privileges, grant option from r1;
+show grants for r1;
+Grants for r1
+GRANT USAGE ON *.* TO 'r1'
+show grants for r2;
+Grants for r2
+GRANT USAGE ON *.* TO 'r2'
+show grants for r3;
+Grants for r3
+GRANT USAGE ON *.* TO 'r3'
+show grants for r4;
+Grants for r4
+GRANT USAGE ON *.* TO 'r4'
+revoke all privileges, grant option from u1;
+show grants for u1;
+Grants for u1@%
+GRANT USAGE ON *.* TO 'u1'@'%'
+drop function mysql.test_func;
+drop procedure mysql.test_proc;
+show grants for r1;
+Grants for r1
+GRANT USAGE ON *.* TO 'r1'
+drop role r1, r2, r3, r4;
+drop user u1;

mysql-test/suite/roles/revoke_all.test

@@ -0,0 +1,103 @@
+source include/not_embedded.inc;
+
+create role r1;
+create role r2;
+create role r3;
+create role r4;
+create user u1;
+
+#CREATE A CHAIN OF ROLES
+grant r2 to r1;
+grant r3 to r2;
+grant r4 to r3;
+grant r1 to u1;
+grant r4 to r1;
+
+--sorted_result
+show grants for u1;
+--sorted_result
+show grants for r1;
+
+grant SELECT on *.* to u1;
+grant INSERT on mysql.* to r1;
+grant DELETE on mysql.roles_mapping to r2;
+grant UPDATE on mysql.user to r3;
+
+create function mysql.test_func (s CHAR(20))
+returns CHAR(50) DETERMINISTIC
+return concat('Test string: ',s);
+
+
+delimiter |;
+create procedure mysql.test_proc (OUT param1 INT)
+begin
+  select COUNT(*) into param1 from mysql.roles_mapping;
+end|
+delimiter ;|
+
+grant execute on function mysql.test_func to r2;
+grant execute on procedure mysql.test_proc to r3;
+grant execute on mysql.* to r4;
+
+--sorted_result
+show grants for r1;
+--sorted_result
+show grants for r2;
+--sorted_result
+show grants for r3;
+--sorted_result
+show grants for r4;
+
+revoke all privileges, grant option from r4;
+
+--sorted_result
+show grants for r1;
+--sorted_result
+show grants for r2;
+--sorted_result
+show grants for r3;
+--sorted_result
+show grants for r4;
+
+revoke all privileges, grant option from r3;
+--sorted_result
+show grants for r1;
+--sorted_result
+show grants for r2;
+--sorted_result
+show grants for r3;
+--sorted_result
+show grants for r4;
+
+revoke all privileges, grant option from r2;
+--sorted_result
+show grants for r1;
+--sorted_result
+show grants for r2;
+--sorted_result
+show grants for r3;
+--sorted_result
+show grants for r4;
+
+revoke all privileges, grant option from r1;
+--sorted_result
+show grants for r1;
+--sorted_result
+show grants for r2;
+--sorted_result
+show grants for r3;
+--sorted_result
+show grants for r4;
+
+revoke all privileges, grant option from u1;
+
+show grants for u1;
+
+drop function mysql.test_func;
+drop procedure mysql.test_proc;
+
+--sorted_result
+show grants for r1;
+
+drop role r1, r2, r3, r4;
+drop user u1;