# Copyright (C) 2009 Sun Microsystems, Inc
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

# Tests for PERFORMANCE_SCHEMA

--source include/not_embedded.inc
--source include/have_perfschema.inc

show grants;

grant ALL on *.* to 'pfs_user_1'@localhost with GRANT OPTION;

# Test denied privileges on performance_schema.*

--error ER_DBACCESS_DENIED_ERROR
grant ALL on performance_schema.* to 'pfs_user_2'@localhost
  with GRANT OPTION;

# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant CREATE on performance_schema.* to 'pfs_user_2'@localhost;

# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant DROP on performance_schema.* to 'pfs_user_2'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant REFERENCES on performance_schema.* to 'pfs_user_2'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant INDEX on performance_schema.* to 'pfs_user_2'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant ALTER on performance_schema.* to 'pfs_user_2'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant CREATE TEMPORARY TABLES on performance_schema.* to 'pfs_user_2'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant EXECUTE on performance_schema.* to 'pfs_user_2'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant CREATE VIEW on performance_schema.* to 'pfs_user_2'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant SHOW VIEW on performance_schema.* to 'pfs_user_2'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant CREATE ROUTINE on performance_schema.* to 'pfs_user_2'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant ALTER ROUTINE on performance_schema.* to 'pfs_user_2'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant EVENT on performance_schema.* to 'pfs_user_2'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant TRIGGER on performance_schema.* to 'pfs_user_2'@localhost;

# Test allowed privileges on performance_schema.*

grant SELECT on performance_schema.* to 'pfs_user_2'@localhost;
grant INSERT on performance_schema.* to 'pfs_user_2'@localhost;
grant UPDATE on performance_schema.* to 'pfs_user_2'@localhost;
grant DELETE on performance_schema.* to 'pfs_user_2'@localhost;
grant LOCK TABLES on performance_schema.* to 'pfs_user_2'@localhost;

# Test denied privileges on specific performance_schema tables.
# SETUP_INSTRUMENT : example of PFS_updatable_acl
# EVENTS_WAITS_CURRENT : example of PFS_truncatable_acl
# FILE_INSTANCES : example of PFS_readonly_acl

--error ER_DBACCESS_DENIED_ERROR
grant ALL on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost
  with GRANT OPTION;

# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant CREATE on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;

# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant DROP on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant REFERENCES on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant INDEX on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant ALTER on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant CREATE VIEW on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant SHOW VIEW on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant TRIGGER on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;

--replace_result '\'setup_instruments' '\'SETUP_INSTRUMENTS'
--error ER_TABLEACCESS_DENIED_ERROR
grant INSERT on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;

--replace_result '\'setup_instruments' '\'SETUP_INSTRUMENTS'
--error ER_TABLEACCESS_DENIED_ERROR
grant DELETE on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;

grant SELECT on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost
  with GRANT OPTION;

grant UPDATE on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost
  with GRANT OPTION;

--error ER_DBACCESS_DENIED_ERROR
grant ALL on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost
  with GRANT OPTION;

# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant CREATE on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;

# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant DROP on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant REFERENCES on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant INDEX on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant ALTER on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant CREATE VIEW on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant SHOW VIEW on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant TRIGGER on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;

--replace_result '\'events_waits_current' '\'EVENTS_WAITS_CURRENT'
--error ER_TABLEACCESS_DENIED_ERROR
grant INSERT on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;

--replace_result '\'events_waits_current' '\'EVENTS_WAITS_CURRENT'
--error ER_TABLEACCESS_DENIED_ERROR
grant UPDATE on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;

--replace_result '\'events_waits_current' '\'EVENTS_WAITS_CURRENT'
--error ER_TABLEACCESS_DENIED_ERROR
grant DELETE on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;

grant SELECT on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost
  with GRANT OPTION;

--error ER_DBACCESS_DENIED_ERROR
grant ALL on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost
  with GRANT OPTION;

# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant CREATE on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;

# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant DROP on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant REFERENCES on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant INDEX on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant ALTER on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant CREATE VIEW on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant SHOW VIEW on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;

--error ER_DBACCESS_DENIED_ERROR
grant TRIGGER on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;

--replace_result '\'file_instances' '\'FILE_INSTANCES'
--error ER_TABLEACCESS_DENIED_ERROR
grant INSERT on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;

--replace_result '\'file_instances' '\'FILE_INSTANCES'
--error ER_TABLEACCESS_DENIED_ERROR
grant UPDATE on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;

--replace_result '\'file_instances' '\'FILE_INSTANCES'
--error ER_TABLEACCESS_DENIED_ERROR
grant DELETE on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;

grant SELECT on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost
  with GRANT OPTION;

# See bug#45354 LOCK TABLES is not a TABLE privilege
grant LOCK TABLES on performance_schema.* to 'pfs_user_3'@localhost
  with GRANT OPTION;

flush privileges;

--source ../include/privilege.inc

connect (con1, localhost, pfs_user_1, , );

--source ../include/privilege.inc

--disconnect con1

connect (con2, localhost, pfs_user_2, , );

--source ../include/privilege.inc

--disconnect con2

connect (con3, localhost, pfs_user_3, , );

--source ../include/privilege.inc

--disconnect con3

--connection default

revoke all privileges, grant option from 'pfs_user_1'@localhost;
revoke all privileges, grant option from 'pfs_user_2'@localhost;
revoke all privileges, grant option from 'pfs_user_3'@localhost;
drop user 'pfs_user_1'@localhost;
drop user 'pfs_user_2'@localhost;
drop user 'pfs_user_3'@localhost;
flush privileges;

--echo # Test cases from WL#4818
--echo # Setup user

CREATE user pfs_user_4;
--connect (pfs_user_4, localhost, pfs_user_4, , )

--echo #
--echo # WL#4818, NFS4: Normal user does not have access to view data
--echo #                without grants
--echo #

--connection pfs_user_4
--echo # Select as pfs_user_4 should fail without grant

--replace_result '\'events_waits_history' '\'EVENTS_WAITS_HISTORY'
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_id FROM performance_schema.EVENTS_WAITS_HISTORY;

--replace_result '\'events_waits_history_long' '\'EVENTS_WAITS_HISTORY_LONG'
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_id FROM performance_schema.EVENTS_WAITS_HISTORY_LONG;

--replace_result '\'events_waits_current' '\'EVENTS_WAITS_CURRENT'
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_id FROM performance_schema.EVENTS_WAITS_CURRENT;

--replace_result '\'events_waits_summary_by_instance' '\'EVENTS_WAITS_SUMMARY_BY_INSTANCE'
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_name FROM performance_schema.EVENTS_WAITS_SUMMARY_BY_INSTANCE;

--replace_result '\'file_summary_by_instance' '\'FILE_SUMMARY_BY_INSTANCE'
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_name FROM performance_schema.FILE_SUMMARY_BY_INSTANCE;

--echo #
--echo # WL#4818, NFS3: Normal user does not have access to change what is
--echo #                instrumented without grants
--echo #

--connection pfs_user_4
--echo # User pfs_user_4 should not be allowed to tweak instrumentation without
--echo # explicit grant

--replace_result '\'setup_instruments' '\'SETUP_INSTRUMENTS'
--error ER_TABLEACCESS_DENIED_ERROR
UPDATE performance_schema.SETUP_INSTRUMENTS SET enabled = 'NO', timed = 'YES';

--replace_result '\'setup_instruments' '\'SETUP_INSTRUMENTS'
--error ER_TABLEACCESS_DENIED_ERROR
UPDATE performance_schema.SETUP_INSTRUMENTS SET enabled = 'YES'
WHERE name LIKE 'wait/synch/mutex/%'
   OR name LIKE 'wait/synch/rwlock/%';

--replace_result '\'setup_consumers' '\'SETUP_CONSUMERS'
--error ER_TABLEACCESS_DENIED_ERROR
UPDATE performance_schema.SETUP_CONSUMERS SET enabled = 'YES';

--replace_result '\'setup_timers' '\'SETUP_TIMERS'
--error ER_TABLEACCESS_DENIED_ERROR
UPDATE performance_schema.SETUP_TIMERS SET timer_name = 'TICK';

--replace_result '\'events_waits_history_long' '\'EVENTS_WAITS_HISTORY_LONG'
--error ER_TABLEACCESS_DENIED_ERROR
TRUNCATE TABLE performance_schema.EVENTS_WAITS_HISTORY_LONG;

--replace_result '\'events_waits_history' '\'EVENTS_WAITS_HISTORY'
--error ER_TABLEACCESS_DENIED_ERROR
TRUNCATE TABLE performance_schema.EVENTS_WAITS_HISTORY;

--replace_result '\'events_waits_current' '\'EVENTS_WAITS_CURRENT'
--error ER_TABLEACCESS_DENIED_ERROR
TRUNCATE TABLE performance_schema.EVENTS_WAITS_CURRENT;

--echo #
--echo # WL#4814, NFS1: Can use grants to give normal user access
--echo #                to turn on and off instrumentation
--echo #

--connection default
--echo # Grant access to change tables with the root account

GRANT UPDATE ON performance_schema.SETUP_CONSUMERS TO pfs_user_4;
GRANT UPDATE ON performance_schema.SETUP_TIMERS TO pfs_user_4;
GRANT UPDATE, SELECT ON performance_schema.SETUP_INSTRUMENTS TO pfs_user_4;
GRANT DROP ON performance_schema.EVENTS_WAITS_CURRENT TO pfs_user_4;
GRANT DROP ON performance_schema.EVENTS_WAITS_HISTORY TO pfs_user_4;
GRANT DROP ON performance_schema.EVENTS_WAITS_HISTORY_LONG TO pfs_user_4;

--connection pfs_user_4
--echo # User pfs_user_4 should now be allowed to tweak instrumentation

UPDATE performance_schema.SETUP_INSTRUMENTS SET enabled = 'NO', timed = 'YES';

UPDATE performance_schema.SETUP_INSTRUMENTS SET enabled = 'YES'
WHERE name LIKE 'wait/synch/mutex/%'
   OR name LIKE 'wait/synch/rwlock/%';

UPDATE performance_schema.SETUP_CONSUMERS SET enabled = 'YES';

UPDATE performance_schema.SETUP_TIMERS SET timer_name = 'TICK';

TRUNCATE TABLE performance_schema.EVENTS_WAITS_HISTORY_LONG;
TRUNCATE TABLE performance_schema.EVENTS_WAITS_HISTORY;
TRUNCATE TABLE performance_schema.EVENTS_WAITS_CURRENT;

--echo # Clean up

--connection default
--disconnect pfs_user_4
REVOKE ALL PRIVILEGES, GRANT OPTION FROM pfs_user_4;
DROP USER pfs_user_4;
flush privileges;
UPDATE performance_schema.SETUP_INSTRUMENTS SET enabled = 'YES', timed = 'YES';
UPDATE performance_schema.SETUP_CONSUMERS SET enabled = 'YES';
UPDATE performance_schema.SETUP_TIMERS SET timer_name = 'CYCLE';