CREATE ROLE r1;
CREATE USER u1@localhost IDENTIFIED BY 'foo';
GRANT r1 TO u1@localhost;
CREATE DATABASE db1;
CREATE DATABASE db2;

CREATE TABLE db1.t1 (c1 int);
CREATE TABLE db1.t2 (c1 int);
CREATE TABLE db2.t1 (c1 int);
CREATE TABLE db2.t2 (c1 int);

DELIMITER //;
CREATE PROCEDURE db1.sp1()
SQL SECURITY DEFINER
BEGIN
  SELECT * FROM db1.t1;
END//
CREATE PROCEDURE db2.sp1()
SQL SECURITY DEFINER
BEGIN
  SELECT * FROM db2.t1;
END//
CREATE PROCEDURE test.sp1()
SQL SECURITY DEFINER
BEGIN
  SELECT * FROM db1.t1;
END//
CREATE PROCEDURE db1.sp2()
SQL SECURITY DEFINER
BEGIN
  SELECT * FROM db1.t2;
END//
CREATE PROCEDURE db1.sp3()
SQL SECURITY INVOKER
BEGIN
  SELECT * FROM db1.t2;
END//
DELIMITER ;//


--echo ++ Test global level privileges
GRANT EXECUTE ON *.* TO r1;
SHOW GRANTS FOR u1@localhost USING r1;

connect(con1, localhost, u1, foo, test);
SET ROLE r1;
--echo ++ Positive test
CALL db1.sp1();

--echo ++ Negative test
--error ER_TABLEACCESS_DENIED_ERROR
CALL db1.sp3();

--echo ++ Test revoke
connection default;
REVOKE EXECUTE ON *.* FROM r1;
SHOW GRANTS FOR u1@localhost USING r1;
connection con1;
SET ROLE r1;
--error ER_PROCACCESS_DENIED_ERROR
CALL db1.sp1();

--echo ++ Test schema level privileges
connection default;
GRANT EXECUTE ON db1.* TO r1;
SHOW GRANTS FOR u1@localhost USING r1;
connection con1;

--echo ++ Positive test
CALL db1.sp1();
CALL db1.sp2();

--echo ++ Negative test
--error ER_PROCACCESS_DENIED_ERROR
CALL db2.sp1();
--error ER_TABLEACCESS_DENIED_ERROR
CALL db1.sp3();

connection default;
REVOKE EXECUTE ON db1.* FROM r1;

--echo ++ Test routine level privileges
GRANT EXECUTE ON PROCEDURE db1.sp1 TO r1;
connection con1;

--echo ++ Positive test
CALL db1.sp1();

--echo ++ Negative test
--error ER_PROCACCESS_DENIED_ERROR
CALL db1.sp2();
--error ER_PROCACCESS_DENIED_ERROR
CALL db2.sp1();
--error ER_PROCACCESS_DENIED_ERROR
CALL db1.sp3();

--echo ++ Test Security invoker model
connection default;
GRANT EXECUTE, SELECT ON db1.* TO r1;
connection con1;

--echo ++ Positive test
CALL db1.sp3();

--echo ++ Clean up
connection default;
DROP DATABASE db1;
DROP DATABASE db2;
DROP USER u1@localhost;
DROP ROLE r1;
DROP PROCEDURE test.sp1;
disconnect con1;


--source suite/xengine/include/check_xengine_log_error.inc