Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

reindexing a record will clear acls and permission groups #6324

Merged
merged 5 commits into from
Feb 1, 2024
Merged

reindexing a record will clear acls and permission groups #6324

merged 5 commits into from
Feb 1, 2024

Conversation

orangewolf
Copy link
Member

Summary

When writing specs I noticed my records would be correct in the index but then they would get updated and suddenly they would loose their read_groups / edit_groups / edit_users / read_users. Also if you save an ACL list and then index the record again at any point it will loose the visibility setting.

Guidance for testing, such as acceptance criteria or new user interface behaviors:

  • create a record in the console
  • index it
  • view the visibility and permisisons
  • save the acl
  • view the visibility and permissions
  • index it again
  • view the visibility and permisisons

@samvera/hyrax-code-reviewers

@orangewolf orangewolf added the notes-valkyrie Release Notes: Valkyrie specific label Sep 18, 2023
no-reply
no-reply reviewed Sep 19, 2023
View reviewed changes
app/indexers/hyrax/permission_indexer.rb Outdated
@@ -13,7 +13,7 @@ module PermissionIndexer
def to_solr
super.tap do |index_document|
config = Hydra.config.permissions
permissions = Hyrax::PermissionManager.new(resource: resource)
permissions = resource.permission_manager || Hyrax::PermissionManager.new(resource: resource)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think if this is right, just resource.permission_manager should do the trick (it builds one exactly like the || path if it's not present, and the second branch should be unreachable as is).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@dlpierce
Copy link
Contributor

dlpierce commented Dec 1, 2023

The change to PermissionIndexer is good, but the ACL#save change results in problems.

Currently, reindexing an unpersisted resource is going to result in blank fields for those supplied by AccessControl objects. This is because AccessControl.for (used in AccessControlList#access_control_model) always builds the object using custom_queries.find_access_control_for or makes a blank one if the query fails. That query will always fail with an unsaved resource (even if the AccessControl is persisted) due to find_inverse_references_by calling ensure_persisted.

@orangewolf
Copy link
Member Author

The change to PermissionIndexer is good, but the ACL#save change results in problems.

Currently, reindexing an unpersisted resource is going to result in blank fields for those supplied by AccessControl objects. This is because AccessControl.for (used in AccessControlList#access_control_model) always builds the object using custom_queries.find_access_control_for or makes a blank one if the query fails. That query will always fail with an unsaved resource (even if the AccessControl is persisted) due to find_inverse_references_by calling ensure_persisted.

@dlpierce I'm not following you. Are you saying that previous to this change calling index on an unsaved model "works" but leaves the acl fields blank, but removing @change_set = nil would cause it to fali instead? It's been too long, but I'm pretty sure that both changes were required to keep from ending up with acls missing on every reindex. indexing shouldn't (in my opinion) mutate the objects and repeated indexing should be idempotent. Is there a whole new case we need to cover?

@jeremyf
Copy link
Contributor

jeremyf commented Jan 23, 2024

The change to PermissionIndexer is good, but the ACL#save change results in problems.
Currently, reindexing an unpersisted resource is going to result in blank fields for those supplied by AccessControl objects. This is because AccessControl.for (used in AccessControlList#access_control_model) always builds the object using custom_queries.find_access_control_for or makes a blank one if the query fails. That query will always fail with an unsaved resource (even if the AccessControl is persisted) due to find_inverse_references_by calling ensure_persisted.

@dlpierce I'm not following you. Are you saying that previous to this change calling index on an unsaved model "works" but leaves the acl fields blank, but removing @change_set = nil would cause it to fali instead? It's been too long, but I'm pretty sure that both changes were required to keep from ending up with acls missing on every reindex. indexing shouldn't (in my opinion) mutate the objects and repeated indexing should be idempotent. Is there a whole new case we need to cover?

I think my findings here: https://gist.github.com/jeremyf/90f6c6ae81f9c4596b666237d5da2931?permalink_comment_id=4846614#gistcomment-4846614 are likely what @dlpierce is referring to.

@orangewolf
Copy link
Member Author

@dlpierce you were 100% right here. Jeremy and I fixed it a different way that I think gets us both wins.

@dlpierce dlpierce merged commit 1fe4a2f into main Feb 1, 2024
6 checks passed
@dlpierce dlpierce deleted the the_case_of_the_missing_acls branch February 1, 2024 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@no-reply no-reply no-reply left review comments

@dlpierce dlpierce dlpierce approved these changes

Assignees
No one assigned
Labels
notes-valkyrie Release Notes: Valkyrie specific
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@orangewolf @dlpierce @jeremyf @no-reply