Depositor can bypass workflow steps by editing admin set after item is active in the system

[vantuyls]

Descriptive summary

Sufia 7.3.0rc3

Expected behavior

If an item is active in the repository and is switched into a new workflow, the new workflow's mediation steps are engaged and the item goes through required workflow steps.

Actual behavior

Depositing user can bypass a mediation workflow by depositing into one admin set (e.g. with a zero step workflow) and then editing their item and switching it to a mediated admin set (e.g. with a one step workflow). This effectively bypasses the review steps in the one-step workflow.

While this may be behaving as specified and intended, this behavior is problematic in, i suspect, a not insignificant number of use cases for a repository with workflow capabilities.

[mjgiarlo]

I believe this is another missing feature, and one that will be worked on in Hyrax (related to what @randalldfloyd has started on in projecthydra-labs/hyrax#172). Inclined not to fix this in Sufia 7.3, @vantuyls.

[jeremyf]

I believe that changing admin sets should not be allowed for most users. @vantuyls @mjgiarlo

[vantuyls]

@jeremyf @mjgiarlo agreed.

[vantuyls]

we should look at this in hyrax to either determine it is not a problem there or fix it there.

@mjgiarlo

[mjgiarlo]

@vantuyls Does https://github.com/projecthydra-labs/hyku/issues/347 (which should be moved to, or worked on in, Hyrax) cover this?

[vantuyls]

i think that issue covers this sufia issue in hyrax. @mjgiarlo

[mjgiarlo]

Thanks, @vantuyls