Added testcase to check that granting a role to a role works.

mysql-test/r/acl_roles_set_role-recursive.result

+create user 'test_user'@'localhost';
+create user 'test_role1'@'';
+update mysql.user set is_role='Y' where user='test_role1';
+insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
+'test_user',
+'test_role1');
+create user 'test_role2'@'';
+update mysql.user set is_role='Y' where user='test_role2';
+insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
+'test_role1',
+'test_role2');
+select user, host from mysql.user;
+user	host
+test_role1	
+test_role2	
+root	127.0.0.1
+root	::1
+root	Arrakis
+root	localhost
+test_user	localhost
+select * from mysql.roles_mapping;
+HostFk	UserFk	RoleFk
+localhost	test_user	test_role1
+	test_role1	test_role2
+grant select on *.* to 'test_role2'@'';
+select * from mysql.user where user like 'test_role%';
+Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	is_role
+	test_role1		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0			Y
+	test_role2		Y	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0			Y
+flush privileges;
+select * from mysql.roles_mapping;
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
+show grants;
+Grants for test_user@localhost
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+set role test_role1;
+show grants;
+Grants for test_user@localhost
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+select * from mysql.roles_mapping;
+HostFk	UserFk	RoleFk
+localhost	test_user	test_role1
+	test_role1	test_role2
+show grants;
+Grants for test_user@localhost
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+set role none;
+show grants;
+Grants for test_user@localhost
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+select * from mysql.roles_mapping;
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
+show grants;
+Grants for test_user@localhost
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+set role test_role2;
+ERROR HY000: The role 'test_role2' has not been granted or is invalid.
+show grants;
+Grants for test_user@localhost
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+select * from mysql.roles_mapping;
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
+show grants;
+Grants for test_user@localhost
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+set role test_role1;
+show grants;
+Grants for test_user@localhost
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+select * from mysql.roles_mapping;
+HostFk	UserFk	RoleFk
+localhost	test_user	test_role1
+	test_role1	test_role2
+show grants;
+Grants for test_user@localhost
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+set role none;
+show grants;
+Grants for test_user@localhost
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+select * from mysql.roles_mapping;
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
+delete from mysql.user where user='test_role1';
+delete from mysql.roles_mapping where UserFk like 'test_role1';
+delete from mysql.user where user='test_role2';
+delete from mysql.roles_mapping where UserFk like 'test_role2';
+drop user 'test_user'@'localhost';
+flush privileges;

mysql-test/t/acl_roles_set_role-recursive.test

+
+#create a user with no privileges
+create user 'test_user'@'localhost';
+create user 'test_role1'@'';
+#manualy create role
+update mysql.user set is_role='Y' where user='test_role1';
+insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost',
+                                                                 'test_user',
+                                                                 'test_role1');
+create user 'test_role2'@'';
+#manualy create role
+update mysql.user set is_role='Y' where user='test_role2';
+insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('',
+                                                                 'test_role1',
+                                                                 'test_role2');
+select user, host from mysql.user;
+select * from mysql.roles_mapping;
+grant select on *.* to 'test_role2'@'';
+select * from mysql.user where user like 'test_role%';
+flush privileges;
+
+change_user 'test_user';
+
+--error ER_TABLEACCESS_DENIED_ERROR
+select * from mysql.roles_mapping;
+
+show grants;
+set role test_role1;
+show grants;
+select * from mysql.roles_mapping;
+
+show grants;
+set role none;
+show grants;
+--error ER_TABLEACCESS_DENIED_ERROR
+select * from mysql.roles_mapping;
+
+show grants;
+--error ER_INVALID_ROLE
+set role test_role2;
+show grants;
+--error ER_TABLEACCESS_DENIED_ERROR
+select * from mysql.roles_mapping;
+
+#Make sure that this still works after an ER_INVALID_ROLE error
+show grants;
+set role test_role1;
+show grants;
+select * from mysql.roles_mapping;
+
+show grants;
+set role none;
+show grants;
+--error ER_TABLEACCESS_DENIED_ERROR
+select * from mysql.roles_mapping;
+
+change_user 'root';
+delete from mysql.user where user='test_role1';
+delete from mysql.roles_mapping where UserFk like 'test_role1';
+delete from mysql.user where user='test_role2';
+delete from mysql.roles_mapping where UserFk like 'test_role2';
+drop user 'test_user'@'localhost';
+flush privileges;