SET ROLE now works recursively for table and column level privileges

mysql-test/r/acl_roles_set_role-table-column-priv.result

@@ -0,0 +1,61 @@
+create user 'test_user'@'localhost';
+create role test_role1;
+create role test_role2;
+insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
+'test_user',
+'test_role1');
+insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
+'test_role1',
+'test_role2');
+select user, host from mysql.user where user not like 'root';
+user	host
+test_role1	
+test_role2	
+test_user	localhost
+select * from mysql.roles_mapping;
+HostFk	UserFk	RoleFk
+	test_role1	test_role2
+localhost	test_user	test_role1
+grant select (RoleFk) on mysql.roles_mapping to test_role2@'';
+flush privileges;
+select * from mysql.roles_mapping;
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
+show grants;
+Grants for test_user@localhost
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+GRANT test_role1 TO 'test_user'@'localhost'
+set role test_role1;
+show grants;
+Grants for test_user@localhost
+GRANT SELECT (RoleFk) ON `mysql`.`roles_mapping` TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_role1'
+GRANT USAGE ON *.* TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+GRANT test_role1 TO 'test_user'@'localhost'
+GRANT test_role2 TO 'test_role1'
+select * from mysql.roles_mapping;
+ERROR 42000:  command denied to user 'test_user'@'localhost' for table 'roles_mapping'
+select RoleFk from mysql.roles_mapping;
+RoleFk
+test_role1
+test_role2
+show grants;
+Grants for test_user@localhost
+GRANT SELECT (RoleFk) ON `mysql`.`roles_mapping` TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_role1'
+GRANT USAGE ON *.* TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+GRANT test_role1 TO 'test_user'@'localhost'
+GRANT test_role2 TO 'test_role1'
+use mysql;
+set role none;
+select RoleFk from mysql.roles_mapping;
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
+drop user 'test_user'@'localhost';
+select * from mysql.tables_priv;
+Host	Db	User	Table_name	Grantor	Timestamp	Table_priv	Column_priv
+	mysql	test_role2	roles_mapping	root@localhost	0000-00-00 00:00:00		Select
+revoke select on mysql.roles_mapping from test_role2@'';
+delete from mysql.user where user like'test_%';
+delete from mysql.roles_mapping where RoleFk like 'test%';
+flush privileges;

mysql-test/r/acl_roles_set_role-table-simple.result

@@ -0,0 +1,59 @@
+create user 'test_user'@'localhost';
+create role test_role1;
+create role test_role2;
+insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
+'test_user',
+'test_role1');
+insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
+'test_role1',
+'test_role2');
+select user, host from mysql.user where user not like 'root';
+user	host
+test_role1	
+test_role2	
+test_user	localhost
+select * from mysql.roles_mapping;
+HostFk	UserFk	RoleFk
+	test_role1	test_role2
+localhost	test_user	test_role1
+grant select on mysql.roles_mapping to test_role2@'';
+flush privileges;
+select * from mysql.roles_mapping;
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
+show grants;
+Grants for test_user@localhost
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+GRANT test_role1 TO 'test_user'@'localhost'
+set role test_role1;
+show grants;
+Grants for test_user@localhost
+GRANT SELECT ON `mysql`.`roles_mapping` TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_role1'
+GRANT USAGE ON *.* TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+GRANT test_role1 TO 'test_user'@'localhost'
+GRANT test_role2 TO 'test_role1'
+select * from mysql.roles_mapping;
+HostFk	UserFk	RoleFk
+	test_role1	test_role2
+localhost	test_user	test_role1
+show grants;
+Grants for test_user@localhost
+GRANT SELECT ON `mysql`.`roles_mapping` TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_role1'
+GRANT USAGE ON *.* TO 'test_role2'
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+GRANT test_role1 TO 'test_user'@'localhost'
+GRANT test_role2 TO 'test_role1'
+use mysql;
+set role none;
+select * from mysql.roles_mapping;
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
+drop user 'test_user'@'localhost';
+select * from mysql.tables_priv;
+Host	Db	User	Table_name	Grantor	Timestamp	Table_priv	Column_priv
+	mysql	test_role2	roles_mapping	root@localhost	0000-00-00 00:00:00	Select	
+revoke select on mysql.roles_mapping from test_role2@'';
+delete from mysql.user where user like'test_%';
+delete from mysql.roles_mapping where RoleFk like 'test%';
+flush privileges;

mysql-test/t/acl_roles_set_role-table-column-priv.test

@@ -0,0 +1,57 @@
+create user 'test_user'@'localhost';
+create role test_role1;
+create role test_role2;
+
+insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
+                                                                 'test_user',
+                                                                 'test_role1');
+insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
+                                                                 'test_role1',
+                                                                 'test_role2');
+--sorted_result
+select user, host from mysql.user where user not like 'root';
+--sorted_result
+select * from mysql.roles_mapping;
+
+grant select (RoleFk) on mysql.roles_mapping to test_role2@'';
+
+flush privileges;
+
+change_user 'test_user';
+
+--error ER_TABLEACCESS_DENIED_ERROR
+select * from mysql.roles_mapping;
+
+--sorted_result
+show grants;
+
+set role test_role1;
+
+--sorted_result
+show grants;
+
+--error ER_TABLEACCESS_DENIED_ERROR
+select * from mysql.roles_mapping;
+
+--sorted_result
+select RoleFk from mysql.roles_mapping;
+
+--sorted_result
+show grants;
+
+use mysql;
+
+set role none;
+
+--sorted_result
+--error ER_TABLEACCESS_DENIED_ERROR
+select RoleFk from mysql.roles_mapping;
+
+change_user 'root';
+drop user 'test_user'@'localhost';
+select * from mysql.tables_priv;
+revoke select on mysql.roles_mapping from test_role2@'';
+delete from mysql.user where user like'test_%';
+delete from mysql.roles_mapping where RoleFk like 'test%';
+
+flush privileges;

mysql-test/t/acl_roles_set_role-table-simple.test

@@ -0,0 +1,54 @@
+create user 'test_user'@'localhost';
+create role test_role1;
+create role test_role2;
+
+insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
+                                                                 'test_user',
+                                                                 'test_role1');
+insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
+                                                                 'test_role1',
+                                                                 'test_role2');
+--sorted_result
+select user, host from mysql.user where user not like 'root';
+--sorted_result
+select * from mysql.roles_mapping;
+
+grant select on mysql.roles_mapping to test_role2@'';
+
+flush privileges;
+
+change_user 'test_user';
+
+--error ER_TABLEACCESS_DENIED_ERROR
+select * from mysql.roles_mapping;
+
+--sorted_result
+show grants;
+
+set role test_role1;
+
+--sorted_result
+show grants;
+
+--sorted_result
+select * from mysql.roles_mapping;
+
+--sorted_result
+show grants;
+
+use mysql;
+
+set role none;
+
+--sorted_result
+--error ER_TABLEACCESS_DENIED_ERROR
+select * from mysql.roles_mapping;
+
+change_user 'root';
+drop user 'test_user'@'localhost';
+select * from mysql.tables_priv;
+revoke select on mysql.roles_mapping from test_role2@'';
+delete from mysql.user where user like'test_%';
+delete from mysql.roles_mapping where RoleFk like 'test%';
+
+flush privileges;