ACLs for Hyrax::AdministrativeSets do not fully persist

[elrayle]

Descriptive summary

For an AccessControlList for a Hyrax::AdministrativeSet, which is a Valkyrie::Resource, that has grants and is persisted, when you try to retrieve the permissions, the permissions set is empty.

Expected behavior

When creating an ACL with grants and saving, ...

• the ACL should have the grants in the permissions set prior to saving
• the ACL should have the grants in the permissions set after saving
• have the same permissions when a new ACL for the AdministrativeSet is created

Actual behavior

When creating an ACL with grants and saving, ...

• the ACL DOES have the grants in the permissions set prior to saving
• the ACL DOES NOT have the grants in the permissions set after saving
• DOES NOT have the same permissions when a new ACL for the AdministrativeSet is created

Steps to reproduce the behavior

In rails console...

user  = ::User.create(email: 'me@example.com', password: 'password')
group = Hyrax::Group.new('my_group')

as = Hyrax::AdministrativeSet.new(title: "My AdminSet")
as = Hyrax.persister.save(resource: as)

as.permission_manager.edit_users = [user.user_key]
as.permission_manager.edit_groups = [group]
as.permission_manager.acl.permissions
=> #<Set: {#<Hyrax::Permission access_to=#<Valkyrie::ID:..@id="m039k4882"> agent="me@example.com" mode=:edit>, #<Hyrax::Permission access_to=#<Valkyrie::ID:...@id="m039k4882"> agent="group/#<Hyrax::Group:0x00007fa2100ac788>" mode=:edit>}

as.permission_manager.acl.save
as.permission_manager.acl.permissions #<Set: {}>

as = Hyrax.persister.save(resource: as)
as.permission_manager.acl.permissions #<Set: {}>

NOTE: Using this same process with collections maintains the permissions after the final persisting of the collection.

Related work

Blocker for PR #5083

[elrayle]

I believe that something is not working in the ActiveFedoraConverter process. I can confirm that…
the admin set is created in Fedora and Solr

• the ACL is created in Fedora and Solr
• the ACL in Fedora correctly assigns accessTo
• the admin set object in Fedora does NOT have accessControl assigned
• the Solr doc for the ACL looks the same as the Solr doc for a collection ACL
• the Solr doc for the admin set does NOT include accessControl_ssim (which is included in collection solr docs)

As a result, admin_set.permission_manager.edit_users.to_set is always empty. I can confirm that before the call to persister.save(resource: change_set.resource) in Hyrax::AccessControlList #save that the permissions are correctly assigned in the change_set.

[elrayle]

It looks like the admin set doesn't have access_control_id assigned at any point in the process. For collections, access_control_id is assigned after the first persister.save call.

For Collections

ct = Hyrax::CollectionType.find_or_create_default_collection_type
col = Hyrax::PcdmCollection.new(title: ['My Collection'], collection_type_gid: ct.to_global_id.to_s)

col.access_control_id #  NoMethodError (undefined method `access_control_id'

col = Hyrax.persister.save(resource: col)
col.access_control_id #  <Valkyrie::ID:...@id="3b43...a568">

For Admin Sets

as = Hyrax::AdministrativeSet.new(title: "My AdminSet")

as.access_control_id #  NoMethodError (undefined method `access_control_id'
as = Hyrax.persister.save(resource: as)
as.access_control_id # nil

[elrayle]

In wings persister, before calling af_object.save! access_control_id is nil for both collections and admin sets. After calling af_object.save!, collections have an id assigned for access_control_id, but admin sets have nil.