Tested on evrk2 - works as expected

Capabilities associated with assigned capability sets are properly shown in role detailed view and edit view. See example:

New details:

• The UI should not make the third request identified above; capabilities assigned via capability-sets MUST NOT be directly assigned to roles. This is a bug in the current implementation; see

• The UI can retrieve all capabilities assigned to a role, including those assigned via capability-sets, with a query like /roles/{roleId}/capabilities?expand=true (likewise for users, /users/{userId}/capabilities?expand=true). The fact that the UI does not do this is the bug that must be addressed here.

Special thanks to for describing both the data-model and the available APIs. Note to UI devs and : we should look through ui-users for analogous bugs.

Please take a look on this bug

, I think this is an artifact of how the APIs work, not a bug in the UI. If you update a role via the UI by adding a single capability set, you’ll see three PUT requests:

1. one to /roles/ROLE_ID with values like name and description

2. one to /roles/ROLE_ID/capability-sets with a body that is an array of capability set IDs

3. one to /roles/ROLE_ID/capabilities with a body that is an array of the capability IDs derived from the capability-sets in the previous PUT request.

IOW, from the UI’s point of view, three requests are required to save all the data that corresponds to a fully-populated role. The “Steps to reproduce” here only execute two of these steps. There’s nothing the UI can do about that; it displays incomplete data because it received incomplete data.

In Community FOLIO, there is an analogous situation with permissions where the /bl-users/_self endpoint only returns the permissions that are directly assigned to a user (analogous to retrieving capabilities-sets without their underlying capabilities). Calling /bl-users/_self?expandPermissions=true causes the hierarchy to be expanded and flattened. Perhaps we need something similar here?

CC:

- it does reproduce with or without reloading the browser or refreshing the page. Logging in a separate incognito tab also does not help. Moreover, while capabilities are checked in edit view, they will only be shown in detailed view if you update something in edit view and then save. Simply opening edit view and closing it does not help.
Also, GET /roles/:roleId/capabilities returns nothing if you only assigned capability set(s) via API. It was always like that when assigning via API but capability set is working - when such role is assigned to a user, corresponding actions/data available in UI. So this in itself does not seem like a bug.
I think that UI needs to somehow extact capability information from the capability set, similarly to how it does in edit view.