hyrax icon indicating copy to clipboard operation
hyrax copied to clipboard
verified publisher icon samvera

When re-submitting a work page that was invalid, this raises an exception

Open jeremyf opened this issue 3 years ago • 0 comments

Hyrax version 2.9.6 working with Hyku; however in looking at later (and early) versions this may be a problem that is not limited to version 2.9.6.

When submitting a new work that is invalid (e.g. fails server-side field validation), when we re-render the create HTML form we have new input fields on the page. Then when we go to re-submit the page, those new fields are creating a condition in which we raise an exception in Hydra::AccessControls.

Conjecture

  1. During the initial page submission the actor stack is adding "default/additional non-submitted" permissions_attributes to the curation_concern before the validation.
  2. The validation then fails and those permission attributes remain on the curation_concern object.
  3. Because the validation fails, we now render the new HTML page and the HTML form includes a new set of input elements. When we now submit the page, with these newly added input elements, we encounter a HydraAccess Controls exception because these new input elements are invalid.

Breadcrumbs

The HTML form renders the partial: app/views/hyrax/base/_form_share.html.erb. On the initial render, the f.fields_for :permissions is empty. On the second render (e.g. after the validation failed), the f.field_for :permissions is populated.

By the time we get to the ImageActor, we already have what we believe to be an incorrect permissions data structure. Our current conjecture is that this is one of the following:

  • Hyrax::Actors::CollectionsMembershipActor
  • Hyrax::Actors::InterpretVisibilityActor
  • Hyrax::Actors::ApplyPermissionTemplateActor

It appears, after debugging, that this was the ApplyPermissionTemplateActor. The fundamental issue is that the rendered form is not passing in the correct "type" to the template actor.

Work Around

In the app/views/hyrax/base/_form_share.html.erb we added a guard clause to say "don't render these permissions when we have a new record".

It's also confusing why the fields_for :permissions does not render the hidden type for the permission, because the lack of that type is raising the exception in https://github.com/samvera/hydra-head/blob/6fc0e369a3f652cf06656a20354c4c4b972f9b09/hydra-access-controls/app/models/hydra/access_controls/permission.rb#L70-L80

`

jeremyf avatar Aug 25 '22 17:08 jeremyf