Restoration of old admin UI behavior: Changes to the ACL template should not remove user roles.

[snoesberger]

Actually, when I change the ACL template of an existing series, all the user ACLs are removed and only the editor's user ACL is added. This is not the same behavior as in the old admin UI. There, a template change only affected non-user roles; user roles remained unchanged.

In our case, we use the templates to regulate the access authorizations for Tobira. We use templates that contain roles which grant permissions based on users' organizational affiliations. For example, this means that we can only allow members of our institution to access certain series/events in Tobira.
Directly authorized users are owners of the corresponding series/events for us. Accordingly, we only want group authorizations to change when the template changes, not the owners. We have series with over 100 directly authorized users. If someone wants to change the template, for example, to make the series publicly available on Tobira instead of only to members of our institution, the 100+ users would lose their write access to the series.

This problem was found during the tests of PR #1360

[Arnei]

I think your problem should be solvable by configuring keep_on_template_switch_role_prefixes in etc/listproviders/acl.default.create.properties with your user role prefix, e.g. ROLE_USER_. Please report if that is not the case.

[snoesberger]

I think your problem should be solvable by configuring keep_on_template_switch_role_prefixes in etc/listproviders/acl.default.create.properties with your user role prefix, e.g. ROLE_USER_. Please report if that is not the case.

You are right, it works as intended with the current admin UI version in the development branch. However, PR #1360 breaks this behavior. I will close this issue and leave a comment in PR #1360.