BUG: UI constructs excessively long URLs

[tillprochaska]

Describe the bug The auto-suggest input in the collection access control dialog uses the /roles/_suggest API. To not suggest users that already have access to the collection, the UI passes the IDs of all users and groups that already have access as a query parameter:

Given a collection that is already shared with users 1, 2, and 3, the API URL would look something like this:

/roles/_suggest?prefix=jane.doe&exclude:id=1&exclude_id=2&exclude:id=3

To Reproduce Steps to reproduce the behavior:

1. Create a large number of groups (250+) and add yourself to these groups. You can also temporarily reduce the Gunicorn request line limit and will experience the issue with a lower number of groups.
2. Navigate to a collection and open the sharing settings from the settings dropdown.
3. Click on "Choose a user" and start typing"
4. Observe the API requests the UI sends in the browser developer tools network tab. You should see requests to /api/2/roles/_suggest with one exclude:id query parameter for every group your user is part of. If the total length of the request URI exceeds the Gunicorn limits, the request will fail.

Expected behavior The auto-suggest input should work even for users that are members of many groups.

Aleph version 3.15.7, 3.4.0-rc*

Screenshots

Additional context

• This error occurs as long as a user is a member of many groups, no matter whether a collection is actually shared with many/all of them.
• This error would also occur when sharing an investigation with a large number of users, but this a) is something that users have to do explicitly, and b) I don’t think this was ever an issue before.
• Need to double check, but I think /roles/_suggest will only ever return users and never groups, so it isn’t necessary to explicitly exclude group IDs.