MDEV-19948 `SHOW GRANTS FOR user` return privileges individuallybb-anel-MDEV-19948

3 files changed, 94 insertions, 40 deletions

diff --git a/mysql-test/main/grant.result b/mysql-test/main/grant.result
index 31ea932445d..f245f3eb360 100644
--- a/mysql-test/main/grant.result
+++ b/mysql-test/main/grant.result
@@ -2758,5 +2758,29 @@ root@localhost
 DROP TABLE t1;
 DROP USER dummy@localhost;
 #
+# MDEV-19948 'show grants' return privileges individually
+#
+SET @had_user_delete_history_priv := 0;
+SELECT @had_user_delete_history_priv :=1 FROM mysql.user WHERE Delete_history_priv LIKE '%';
+@had_user_delete_history_priv :=1
+1
+1
+1
+1
+ALTER TABLE mysql.user DROP COLUMN Delete_history_priv;
+FLUSH PRIVILEGES;
+CREATE USER ten2;
+GRANT ALL ON *.* TO ten2;
+SHOW GRANTS FOR ten2;
+Grants for ten2@%
+GRANT ALL PRIVILEGES ON *.* TO 'ten2'@'%'
+FLUSH PRIVILEGES;
+SHOW GRANTS FOR ten2;
+Grants for ten2@%
+GRANT ALL PRIVILEGES ON *.* TO 'ten2'@'%'
+DROP USER ten2;
+ALTER TABLE mysql.user ADD Delete_history_priv enum('N','Y') COLLATE utf8_general_ci NOT NULL DEFAULT 'N' after Create_tablespace_priv;
+UPDATE mysql.user SET Delete_history_priv = Super_priv WHERE @had_user_delete_history_priv = 1;
+#
 # End of 10.2 tests
 #
diff --git a/mysql-test/main/grant.test b/mysql-test/main/grant.test
index f54c4bd981d..9e300d6b8f0 100644
--- a/mysql-test/main/grant.test
+++ b/mysql-test/main/grant.test
@@ -2256,5 +2256,33 @@ DROP TABLE t1;
 DROP USER dummy@localhost;
 
 --echo #
+--echo # MDEV-19948 'show grants' return privileges individually
+--echo #
+
+# Let's cheat server that we are using `10.2` user table
+# which doesn't have `Delete_history_priv` column
+
+SET @had_user_delete_history_priv := 0;
+SELECT @had_user_delete_history_priv :=1 FROM mysql.user WHERE Delete_history_priv LIKE '%';
+
+ALTER TABLE mysql.user DROP COLUMN Delete_history_priv;
+FLUSH PRIVILEGES;
+CREATE USER ten2;
+GRANT ALL ON *.* TO ten2;
+
+# Without any patching, this should show a lot of privileges,
+# but without delete history. With patch it is showing `all privileges`
+SHOW GRANTS FOR ten2;
+FLUSH PRIVILEGES;
+
+# Now should show `all privileges` with/without patch
+SHOW GRANTS FOR ten2;
+DROP USER ten2;
+
+# Restore original table (similar to `mysql_upgrade`)
+ALTER TABLE mysql.user ADD Delete_history_priv enum('N','Y') COLLATE utf8_general_ci NOT NULL DEFAULT 'N' after Create_tablespace_priv;
+UPDATE mysql.user SET Delete_history_priv = Super_priv WHERE @had_user_delete_history_priv = 1;
+
+--echo #
 --echo # End of 10.2 tests
 --echo #
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 50b09e3b675..6aef89ebd6a 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -907,6 +907,47 @@ class User_table: public Grant_table_base
   }
 
 
+  ulong get_access() const
+  {
+    ulong access= Grant_table_base::get_access();
+    if ((num_fields() <= 13) && (access & CREATE_ACL))
+      access|=REFERENCES_ACL | INDEX_ACL | ALTER_ACL;
+
+    if (num_fields() <= 18)
+    {
+      access|= LOCK_TABLES_ACL | CREATE_TMP_ACL | SHOW_DB_ACL;
+      if (access & FILE_ACL)
+        access|= REPL_CLIENT_ACL | REPL_SLAVE_ACL;
+      if (access & PROCESS_ACL)
+        access|= SUPER_ACL | EXECUTE_ACL;
+    }
+
+    if (num_fields() <= 31 && (access & CREATE_ACL))
+      access|= (CREATE_VIEW_ACL | SHOW_VIEW_ACL);
+
+    if (num_fields() <= 33)
+    {
+      if (access & CREATE_ACL)
+        access|= CREATE_PROC_ACL;
+      if (access & ALTER_ACL)
+        access|= ALTER_PROC_ACL;
+    }
+
+    if (num_fields() <= 36 && (access & GRANT_ACL))
+      access|= CREATE_USER_ACL;
+
+    if (num_fields() <= 37 && (access & SUPER_ACL))
+      access|= EVENT_ACL;
+
+    if (num_fields() <= 38 && (access & SUPER_ACL))
+      access|= TRIGGER_ACL;
+
+    if (num_fields() <= 46 && (access & DELETE_ACL))
+      access|= DELETE_HISTORY_ACL;
+
+    return access & GLOBAL_ACLS;
+  }
+
  private:
   friend class Grant_tables;
 
@@ -1870,46 +1911,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
       continue;
 
     {
-      user.access= user_table.get_access() & GLOBAL_ACLS;
-      /*
-        if it is pre 5.0.1 privilege table then map CREATE privilege on
-        CREATE VIEW & SHOW VIEW privileges
-      */
-      if (user_table.num_fields() <= 31 && (user.access & CREATE_ACL))
-        user.access|= (CREATE_VIEW_ACL | SHOW_VIEW_ACL);
-
-      /*
-        if it is pre 5.0.2 privilege table then map CREATE/ALTER privilege on
-        CREATE PROCEDURE & ALTER PROCEDURE privileges
-      */
-      if (user_table.num_fields() <= 33 && (user.access & CREATE_ACL))
-        user.access|= CREATE_PROC_ACL;
-      if (user_table.num_fields() <= 33 && (user.access & ALTER_ACL))
-        user.access|= ALTER_PROC_ACL;
-
-      /*
-        pre 5.0.3 did not have CREATE_USER_ACL
-      */
-      if (user_table.num_fields() <= 36 && (user.access & GRANT_ACL))
-        user.access|= CREATE_USER_ACL;
-
-
-      /*
-        if it is pre 5.1.6 privilege table then map CREATE privilege on
-        CREATE|ALTER|DROP|EXECUTE EVENT
-      */
-      if (user_table.num_fields() <= 37 && (user.access & SUPER_ACL))
-        user.access|= EVENT_ACL;
-
-      /*
-        if it is pre 5.1.6 privilege then map TRIGGER privilege on CREATE.
-      */
-      if (user_table.num_fields() <= 38 && (user.access & SUPER_ACL))
-        user.access|= TRIGGER_ACL;
-
-      if (user_table.num_fields() <= 46 && (user.access & DELETE_ACL))
-        user.access|= DELETE_HISTORY_ACL;
-
+      user.access= user_table.get_access();
       user.sort= get_sort(2, user.host.hostname, user.user.str);
       user.hostname_length= safe_strlen(user.host.hostname);
       user.user_resource.user_conn= 0;