source include/not_embedded.inc;

#create a user with no privileges
create user test_user@localhost;
create role test_role1;
grant test_role1 to test_user@localhost;
create role test_role2;
grant test_role2 to test_role1;

--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result
select * from mysql.roles_mapping where User like 'test_user';
--sorted_result
select * from mysql.roles_mapping where User like 'test_role1';
grant select on *.* to test_role2;
--sorted_result
select * from mysql.user where user like 'test_role1';
--sorted_result
select * from mysql.user where user like 'test_role2';

change_user 'test_user';

--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;

--sorted_result
show grants;
select current_user(), current_role();
set role test_role1;
select current_user(), current_role();
--sorted_result
show grants;
select * from mysql.roles_mapping where Host='';

--sorted_result
show grants;
set role none;
select current_user(), current_role();
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;

--sorted_result
show grants;
--error ER_INVALID_ROLE
set role test_role2;
select current_user(), current_role();
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;

#Make sure that this still works after an ER_INVALID_ROLE error
--sorted_result
show grants;
set role test_role1;
select current_user(), current_role();
--sorted_result
show grants;
--sorted_result
select * from mysql.roles_mapping where Host='';

--sorted_result
show grants;
set role none;
select current_user(), current_role();
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;

change_user 'root';
delete from mysql.user where user='test_role1';
delete from mysql.user where user='test_role2';
delete from mysql.roles_mapping;
flush privileges;
drop user 'test_user'@'localhost';