MDEV-19948 `SHOW GRANTS FOR user` return privileges individually

mysql-test/main/grant.result

@@ -2760,3 +2760,34 @@ DROP USER dummy@localhost;
 #
 # End of 10.2 tests
 #
+#
+# Start of 10.3 tests
+#
+#
+# MDEV-19948 'show grants' return privileges individually
+#
+SET @had_user_delete_history_priv := 0;
+SELECT @had_user_delete_history_priv :=1 FROM mysql.user WHERE Delete_history_priv LIKE '%';
+@had_user_delete_history_priv :=1
+1
+1
+1
+1
+ALTER TABLE mysql.user DROP COLUMN Delete_history_priv;
+FLUSH PRIVILEGES;
+CREATE USER ten2;
+GRANT ALL ON *.* TO ten2;
+SHOW GRANTS FOR ten2;
+Grants for ten2@%
+GRANT ALL PRIVILEGES ON *.* TO 'ten2'@'%'
+FLUSH PRIVILEGES;
+SHOW GRANTS FOR ten2;
+Grants for ten2@%
+GRANT ALL PRIVILEGES ON *.* TO 'ten2'@'%'
+DROP USER ten2;
+ALTER TABLE mysql.user ADD Delete_history_priv enum('N','Y') COLLATE utf8_general_ci NOT NULL DEFAULT 'N' after Create_tablespace_priv;
+UPDATE mysql.user SET Delete_history_priv = Super_priv WHERE @had_user_delete_history_priv = 1;
+FLUSH PRIVILEGES;
+#
+# End of 10.3 tests
+#

mysql-test/main/grant.test

@@ -2258,3 +2258,40 @@ DROP USER dummy@localhost;
 --echo #
 --echo # End of 10.2 tests
 --echo #
+
+--echo #
+--echo # Start of 10.3 tests
+--echo #
+
+--echo #
+--echo # MDEV-19948 'show grants' return privileges individually
+--echo #
+
+# Let's cheat server that we are using `10.2` user table
+# which doesn't have `Delete_history_priv` column
+
+SET @had_user_delete_history_priv := 0;
+SELECT @had_user_delete_history_priv :=1 FROM mysql.user WHERE Delete_history_priv LIKE '%';
+
+ALTER TABLE mysql.user DROP COLUMN Delete_history_priv;
+FLUSH PRIVILEGES;
+CREATE USER ten2;
+GRANT ALL ON *.* TO ten2;
+
+# Without any patching, this should show a lot of privileges,
+# but without delete history. With patch it is showing `all privileges`
+SHOW GRANTS FOR ten2;
+FLUSH PRIVILEGES;
+
+# Now should show `all privileges` with/without patch
+SHOW GRANTS FOR ten2;
+DROP USER ten2;
+
+# Restore original table (similar to `mysql_upgrade`)
+ALTER TABLE mysql.user ADD Delete_history_priv enum('N','Y') COLLATE utf8_general_ci NOT NULL DEFAULT 'N' after Create_tablespace_priv;
+UPDATE mysql.user SET Delete_history_priv = Super_priv WHERE @had_user_delete_history_priv = 1;
+FLUSH PRIVILEGES;
+
+--echo #
+--echo # End of 10.3 tests
+--echo #

sql/sql_acl.cc

@@ -907,6 +907,60 @@ class User_table: public Grant_table_base
   }
 
 
+  ulong get_access() const
+  {
+    ulong access= Grant_table_base::get_access();
+    if ((num_fields() <= 13) && (access & CREATE_ACL))
+      access|=REFERENCES_ACL | INDEX_ACL | ALTER_ACL;
+
+    if (num_fields() <= 18)
+    {
+      access|= LOCK_TABLES_ACL | CREATE_TMP_ACL | SHOW_DB_ACL;
+      if (access & FILE_ACL)
+        access|= REPL_CLIENT_ACL | REPL_SLAVE_ACL;
+      if (access & PROCESS_ACL)
+        access|= SUPER_ACL | EXECUTE_ACL;
+    }
+    /*
+      If it is pre 5.0.1 privilege table then map CREATE privilege on
+      CREATE VIEW & SHOW VIEW privileges.
+    */
+    if (num_fields() <= 31 && (access & CREATE_ACL))
+      access|= (CREATE_VIEW_ACL | SHOW_VIEW_ACL);
+    /*
+      If it is pre 5.0.2 privilege table then map CREATE/ALTER privilege on
+      CREATE PROCEDURE & ALTER PROCEDURE privileges.
+    */
+    if (num_fields() <= 33)
+    {
+      if (access & CREATE_ACL)
+        access|= CREATE_PROC_ACL;
+      if (access & ALTER_ACL)
+        access|= ALTER_PROC_ACL;
+    }
+    /*
+      Pre 5.0.3 did not have CREATE_USER_ACL.
+    */
+    if (num_fields() <= 36 && (access & GRANT_ACL))
+      access|= CREATE_USER_ACL;
+    /*
+      If it is pre 5.1.6 privilege table then map CREATE privilege on
+      CREATE|ALTER|DROP|EXECUTE EVENT.
+    */
+    if (num_fields() <= 37 && (access & SUPER_ACL))
+      access|= EVENT_ACL;
+    /*
+      If it is pre 5.1.6 privilege then map TRIGGER privilege on CREATE.
+    */
+    if (num_fields() <= 38 && (access & SUPER_ACL))
+      access|= TRIGGER_ACL;
+
+    if (num_fields() <= 46 && (access & DELETE_ACL))
+      access|= DELETE_HISTORY_ACL;
+
+    return access & GLOBAL_ACLS;
+  }
+
  private:
   friend class Grant_tables;
 
@@ -1870,46 +1924,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
       continue;
 
     {
-      user.access= user_table.get_access() & GLOBAL_ACLS;
-      /*
-        if it is pre 5.0.1 privilege table then map CREATE privilege on
-        CREATE VIEW & SHOW VIEW privileges
-      */
-      if (user_table.num_fields() <= 31 && (user.access & CREATE_ACL))
-        user.access|= (CREATE_VIEW_ACL | SHOW_VIEW_ACL);
-
-      /*
-        if it is pre 5.0.2 privilege table then map CREATE/ALTER privilege on
-        CREATE PROCEDURE & ALTER PROCEDURE privileges
-      */
-      if (user_table.num_fields() <= 33 && (user.access & CREATE_ACL))
-        user.access|= CREATE_PROC_ACL;
-      if (user_table.num_fields() <= 33 && (user.access & ALTER_ACL))
-        user.access|= ALTER_PROC_ACL;
-
-      /*
-        pre 5.0.3 did not have CREATE_USER_ACL
-      */
-      if (user_table.num_fields() <= 36 && (user.access & GRANT_ACL))
-        user.access|= CREATE_USER_ACL;
-
-
-      /*
-        if it is pre 5.1.6 privilege table then map CREATE privilege on
-        CREATE|ALTER|DROP|EXECUTE EVENT
-      */
-      if (user_table.num_fields() <= 37 && (user.access & SUPER_ACL))
-        user.access|= EVENT_ACL;
-
-      /*
-        if it is pre 5.1.6 privilege then map TRIGGER privilege on CREATE.
-      */
-      if (user_table.num_fields() <= 38 && (user.access & SUPER_ACL))
-        user.access|= TRIGGER_ACL;
-
-      if (user_table.num_fields() <= 46 && (user.access & DELETE_ACL))
-        user.access|= DELETE_HISTORY_ACL;
-
+      user.access= user_table.get_access();
       user.sort= get_sort(2, user.host.hostname, user.user.str);
       user.hostname_length= safe_strlen(user.host.hostname);
       user.user_resource.user_conn= 0;