Bug#33578113: DROP privilege on performance_schema.* can't be revoked

Description: Just like GRANT on PFS and tables within
             it is allowed, REVOKE should be allowed
             too.

Fix: Updated PFS_internal_schema_access::check() to
     allow privilege checks to proceed as usual for
     SQLCOM_REVOKE when privilege in question is
     DROP_ACL.

RB: 27429

Author: harinvadodaria

mysql-test/r/grant.result

@@ -3021,3 +3021,10 @@ proxy_native_0123456789	user_name_len_32_012345678901234	user_name_len_22_01234@
 DROP USER user_name_len_22_01234@localhost;
 DROP USER user_name_len_32_012345678901234@localhost;
 DROP USER proxy_native_0123456789@localhost;
+#
+# Bug#33578113: DROP privilege on performance_schema.* can't be revoked
+#
+CREATE USER bug33578113;
+GRANT DROP ON performance_schema.* TO bug33578113;
+REVOKE DROP ON performance_schema.* FROM bug33578113;
+DROP USER bug33578113;

mysql-test/t/grant.test

@@ -2743,5 +2743,17 @@ DROP USER user_name_len_22_01234@localhost;
 DROP USER user_name_len_32_012345678901234@localhost;
 DROP USER proxy_native_0123456789@localhost;
 
+--echo #
+--echo # Bug#33578113: DROP privilege on performance_schema.* can't be revoked
+--echo #
+
+connection default;
+CREATE USER bug33578113;
+
+GRANT DROP ON performance_schema.* TO bug33578113;
+REVOKE DROP ON performance_schema.* FROM bug33578113;
+
+DROP USER bug33578113;
+
 # Wait till we reached the initial number of concurrent sessions
 --source include/wait_until_count_sessions.inc

storage/perfschema/pfs_engine_table.cc

@@ -862,7 +862,8 @@ static bool allow_drop_table_privilege() {
 
   assert(thd->lex != NULL);
   if ((thd->lex->sql_command != SQLCOM_TRUNCATE) &&
-      (thd->lex->sql_command != SQLCOM_GRANT)) {
+      (thd->lex->sql_command != SQLCOM_GRANT) &&
+      (thd->lex->sql_command != SQLCOM_REVOKE)) {
     return false;
   }