test-example-projects/c++_projects/280w-mysql-8.0.18/mysql-test/t/roles_bugs.test

# Save the initial number of concurrent sessions
--source include/count_sessions.inc

--echo #
--echo # Bug #24843257: CURRENT_ROLE(), ROLES_GRAPHML() RETURN VALUE
--echo #   HAS INCORRECT CHARACTER SET

--echo # Expect system charset for empty
SELECT CHARSET(CURRENT_ROLE()) = @@character_set_system;
SELECT CHARSET(ROLES_GRAPHML()) = @@character_set_system;

--echo # Expect blobs
CREATE TABLE t1 AS
  SELECT CURRENT_ROLE() AS CURRENT_ROLE, ROLES_GRAPHML() AS ROLES_GRAPHML;
SHOW CREATE TABLE t1;
DROP TABLE t1;

--echo # create some roles
CREATE ROLE r1;
GRANT r1 TO root@localhost;
SET ROLE r1;

--echo # Expect system charset for actual content
SELECT CHARSET(CURRENT_ROLE()) = @@character_set_system;
SELECT CHARSET(ROLES_GRAPHML()) = @@character_set_system;

--echo # cleanup
SET ROLE DEFAULT;
REVOKE r1 FROM root@localhost;
DROP ROLE r1;


--echo #
--echo # Bug #28953158: DROP ROLE USERNAME SHOULD BE REJECTED
--echo #

CREATE USER uu@localhost, u1@localhost;
CREATE ROLE r1;
GRANT CREATE ROLE, DROP ROLE ON *.* TO uu@localhost;
connect(con1,localhost,uu,,);
SHOW GRANTS;
--echo # connected as uu
--echo # test result: must fail
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
DROP USER u1@localhost;
--echo # test result: must fail
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
DROP ROLE u1@localhost;
--echo # test result: must pass
DROP ROLE r1;
--echo # Cleanup
connection default;
DROP USER uu@localhost, u1@localhost;
disconnect con1;

--echo #
--echo # Bug#28395115: permission denied if grants are given through role
--echo #

# Setup
CREATE DATABASE my_db;
CREATE table my_db.t1 (id int primary key);
CREATE ROLE my_role;
CREATE USER my_user, foo@localhost, baz@localhost;
# Grant all privileges to a user and a role
GRANT ALL ON *.* to my_role, foo@localhost;
GRANT EXECUTE ON *.* TO my_user, baz@localhost;
GRANT my_role TO my_user, baz@localhost;
SET DEFAULT ROLE my_role TO my_user;

# Stored procedure with the definer who has ALL of global privilege granted
# directly.
DELIMITER $$;
CREATE DEFINER=foo@localhost PROCEDURE my_db.foo_proc()
BEGIN
INSERT into my_db.t1 values(2) on duplicate key UPDATE id = values(id) + 200;
END $$
DELIMITER ;$$

# Stored procedure with the definer who is granted a role to which all global
# privileges are granted.
DELIMITER $$;
CREATE DEFINER=baz@localhost PROCEDURE my_db.baz_proc()
BEGIN
set ROLE all;
INSERT into my_db.t1 values(4) on duplicate key UPDATE id = values(id) + 400;
END $$
DELIMITER ;$$

--connect(my_user_con, localhost, my_user,,,)
INSERT into my_db.t1 values(5);
--echo # Inserts are now allowed if grants are given through role
INSERT into my_db.t1 values(8) on duplicate key UPDATE id = values(id) + 800;
CALL my_db.foo_proc();
CALL my_db.baz_proc();

connection default;
--echo # Now revoke all privileges from the roles and user
REVOKE ALL ON *.* FROM my_role;
REVOKE ALL ON *.* FROM foo@localhost;
GRANT EXECUTE ON *.* TO foo@localhost;

--echo # The SQL opperations must fail with existing connection.
connection my_user_con;
--error ER_TABLEACCESS_DENIED_ERROR
INSERT into my_db.t1 values(10);
--error ER_TABLEACCESS_DENIED_ERROR
CALL my_db.baz_proc();
--error ER_TABLEACCESS_DENIED_ERROR
CALL my_db.foo_proc();
--echo # Cleanup
connection default;
disconnect my_user_con;
DROP DATABASE my_db;
DROP USER my_user;
DROP USER foo@localhost, baz@localhost;
DROP ROLE my_role;

--echo
--echo # End of 8.0 tests
--echo

# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc
first commit 3 months ago			`# Save the initial number of concurrent sessions`
			`--source include/count_sessions.inc`

			`--echo #`
			`--echo # Bug #24843257: CURRENT_ROLE(), ROLES_GRAPHML() RETURN VALUE`
			`--echo # HAS INCORRECT CHARACTER SET`

			`--echo # Expect system charset for empty`
			`SELECT CHARSET(CURRENT_ROLE()) = @@character_set_system;`
			`SELECT CHARSET(ROLES_GRAPHML()) = @@character_set_system;`

			`--echo # Expect blobs`
			`CREATE TABLE t1 AS`
			`SELECT CURRENT_ROLE() AS CURRENT_ROLE, ROLES_GRAPHML() AS ROLES_GRAPHML;`
			`SHOW CREATE TABLE t1;`
			`DROP TABLE t1;`

			`--echo # create some roles`
			`CREATE ROLE r1;`
			`GRANT r1 TO root@localhost;`
			`SET ROLE r1;`

			`--echo # Expect system charset for actual content`
			`SELECT CHARSET(CURRENT_ROLE()) = @@character_set_system;`
			`SELECT CHARSET(ROLES_GRAPHML()) = @@character_set_system;`

			`--echo # cleanup`
			`SET ROLE DEFAULT;`
			`REVOKE r1 FROM root@localhost;`
			`DROP ROLE r1;`


			`--echo #`
			`--echo # Bug #28953158: DROP ROLE USERNAME SHOULD BE REJECTED`
			`--echo #`

			`CREATE USER uu@localhost, u1@localhost;`
			`CREATE ROLE r1;`
			`GRANT CREATE ROLE, DROP ROLE ON . TO uu@localhost;`
			`connect(con1,localhost,uu,,);`
			`SHOW GRANTS;`
			`--echo # connected as uu`
			`--echo # test result: must fail`
			`--error ER_SPECIFIC_ACCESS_DENIED_ERROR`
			`DROP USER u1@localhost;`
			`--echo # test result: must fail`
			`--error ER_SPECIFIC_ACCESS_DENIED_ERROR`
			`DROP ROLE u1@localhost;`
			`--echo # test result: must pass`
			`DROP ROLE r1;`
			`--echo # Cleanup`
			`connection default;`
			`DROP USER uu@localhost, u1@localhost;`
			`disconnect con1;`

			`--echo #`
			`--echo # Bug#28395115: permission denied if grants are given through role`
			`--echo #`

			`# Setup`
			`CREATE DATABASE my_db;`
			`CREATE table my_db.t1 (id int primary key);`
			`CREATE ROLE my_role;`
			`CREATE USER my_user, foo@localhost, baz@localhost;`
			`# Grant all privileges to a user and a role`
			`GRANT ALL ON . to my_role, foo@localhost;`
			`GRANT EXECUTE ON . TO my_user, baz@localhost;`
			`GRANT my_role TO my_user, baz@localhost;`
			`SET DEFAULT ROLE my_role TO my_user;`

			`# Stored procedure with the definer who has ALL of global privilege granted`
			`# directly.`
			`DELIMITER $$;`
			`CREATE DEFINER=foo@localhost PROCEDURE my_db.foo_proc()`
			`BEGIN`
			`INSERT into my_db.t1 values(2) on duplicate key UPDATE id = values(id) + 200;`
			`END $$`
			`DELIMITER ;$$`

			`# Stored procedure with the definer who is granted a role to which all global`
			`# privileges are granted.`
			`DELIMITER $$;`
			`CREATE DEFINER=baz@localhost PROCEDURE my_db.baz_proc()`
			`BEGIN`
			`set ROLE all;`
			`INSERT into my_db.t1 values(4) on duplicate key UPDATE id = values(id) + 400;`
			`END $$`
			`DELIMITER ;$$`

			`--connect(my_user_con, localhost, my_user,,,)`
			`INSERT into my_db.t1 values(5);`
			`--echo # Inserts are now allowed if grants are given through role`
			`INSERT into my_db.t1 values(8) on duplicate key UPDATE id = values(id) + 800;`
			`CALL my_db.foo_proc();`
			`CALL my_db.baz_proc();`

			`connection default;`
			`--echo # Now revoke all privileges from the roles and user`
			`REVOKE ALL ON . FROM my_role;`
			`REVOKE ALL ON . FROM foo@localhost;`
			`GRANT EXECUTE ON . TO foo@localhost;`

			`--echo # The SQL opperations must fail with existing connection.`
			`connection my_user_con;`
			`--error ER_TABLEACCESS_DENIED_ERROR`
			`INSERT into my_db.t1 values(10);`
			`--error ER_TABLEACCESS_DENIED_ERROR`
			`CALL my_db.baz_proc();`
			`--error ER_TABLEACCESS_DENIED_ERROR`
			`CALL my_db.foo_proc();`
			`--echo # Cleanup`
			`connection default;`
			`disconnect my_user_con;`
			`DROP DATABASE my_db;`
			`DROP USER my_user;`
			`DROP USER foo@localhost, baz@localhost;`
			`DROP ROLE my_role;`

			`--echo`
			`--echo # End of 8.0 tests`
			`--echo`

			`# Wait till we reached the initial number of concurrent sessions`
			`--source include/wait_until_count_sessions.inc`