From 1321b8c7d42fab46ec532b13de9fdb72ea31f2db Mon Sep 17 00:00:00 2001
From: "R. Sicart" <roger.sicart@gmail.com>
Date: Wed, 31 Aug 2022 10:53:24 +0200
Subject: [PATCH] Only revoke grant option if it exists and absence is
 requested

---
 plugins/module_utils/user.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/plugins/module_utils/user.py b/plugins/module_utils/user.py
index df105e3..3c4863a 100644
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@@ -363,13 +363,12 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
                     grant_privs = list(set(new_priv[db_table]) - set(curr_priv[db_table]))
                     revoke_privs = list(set(curr_priv[db_table]) - set(new_priv[db_table]))
 
-                    # ... but do not revoke GRANT option when it's already allowed
-                    # and already in privs.
+                    # ... but only revoke grant option if it exists and absence is requested
                     #
                     # For more details
                     # https://github.com/ansible-collections/community.mysql/issues/77#issuecomment-1209693807
-                    if 'GRANT' in new_priv[db_table] and 'GRANT' in curr_priv[db_table]:
-                        grant_privs.append('GRANT')
+                    if 'GRANT' in grant_privs:
+                        grant_option = 'GRANT' in revoke_privs and 'GRANT' not in grant_privs
 
                 if grant_privs == ['GRANT']:
                     # USAGE grants no privileges, it is only needed because 'WITH GRANT OPTION' cannot stand alone