Describe the bug
The auto-suggest input in the collection access control dialog uses the /roles/_suggest API. To not suggest users that already have access to the collection, the UI passes the IDs of all users and groups that already have access as a query parameter:
Given a collection that is already shared with users 1, 2, and 3, the API URL would look something like this:
Create a large number of groups (250+) and add yourself to these groups. You can also temporarily reduce the Gunicorn request line limit and will experience the issue with a lower number of groups.
Navigate to a collection and open the sharing settings from the settings dropdown.
Click on "Choose a user" and start typing"
Observe the API requests the UI sends in the browser developer tools network tab. You should see requests to /api/2/roles/_suggest with one exclude:id query parameter for every group your user is part of. If the total length of the request URI exceeds the Gunicorn limits, the request will fail.
Expected behavior
The auto-suggest input should work even for users that are members of many groups.
Aleph version
3.15.7, 3.4.0-rc*
Screenshots
Additional context
This error occurs as long as a user is a member of many groups, no matter whether a collection is actually shared with many/all of them.
This error would also occur when sharing an investigation with a large number of users, but this a) is something that users have to do explicitly, and b) I don’t think this was ever an issue before.
Need to double check, but I think /roles/_suggest will only ever return users and never groups, so it isn’t necessary to explicitly exclude group IDs.
Describe the bug The auto-suggest input in the collection access control dialog uses the
/roles/_suggest
API. To not suggest users that already have access to the collection, the UI passes the IDs of all users and groups that already have access as a query parameter:Given a collection that is already shared with users 1, 2, and 3, the API URL would look something like this:
To Reproduce Steps to reproduce the behavior:
/api/2/roles/_suggest
with oneexclude:id
query parameter for every group your user is part of. If the total length of the request URI exceeds the Gunicorn limits, the request will fail.Expected behavior The auto-suggest input should work even for users that are members of many groups.
Aleph version 3.15.7, 3.4.0-rc*
Screenshots
Additional context
/roles/_suggest
will only ever return users and never groups, so it isn’t necessary to explicitly exclude group IDs.