source include/not_embedded.inc;

create user 'test_user'@'localhost';
create role test_role1;
create role test_role2;
create role test_role3;

grant test_role1 to test_user@localhost;
grant test_role3 to test_user@localhost;
grant test_role2 to test_role1;

--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result
select * from mysql.roles_mapping;

create function mysql.test_func (s CHAR(20))
returns CHAR(50) DETERMINISTIC
return concat('Test string: ',s);


delimiter |;
create procedure mysql.test_proc (OUT param1 INT)
begin
  select COUNT(*) into param1 from mysql.roles_mapping;
end|
delimiter ;|

grant execute on function mysql.test_func to test_role2;
grant execute on procedure mysql.test_proc to test_role2;

grant execute on mysql.* to test_role3;

change_user 'test_user';
--sorted_result
show grants;

--error ER_DBACCESS_DENIED_ERROR
use mysql;
select current_user(), current_role();
set role test_role1;
select current_user(), current_role();
use mysql;

call test_proc(@a);
SELECT @a;

SELECT test_func('AABBCCDD');

--sorted_result
show grants;
set role none;
select current_user(), current_role();
--sorted_result
show grants;

--error ER_PROCACCESS_DENIED_ERROR
call test_proc(@a);

--error ER_PROCACCESS_DENIED_ERROR
SELECT test_func('AABBCCDD');

set role test_role3;
select current_user(), current_role();
--sorted_result
show grants;
call test_proc(@a);
SELECT @a;

SELECT test_func('AABBCCDD');

change_user 'root';
drop user 'test_user'@'localhost';
revoke execute on function mysql.test_func from test_role2;
revoke execute on procedure mysql.test_proc from test_role2;
revoke execute on mysql.* from test_role3;
delete from mysql.user where user like'test_%';
delete from mysql.roles_mapping where Role like 'test%';
drop function mysql.test_func;
drop procedure mysql.test_proc;
flush privileges;