User with a role on library access acl loses access to the library if they modify acls

[moskalenko]

How to reproduce:

• Crate a test library
• Add a non-admin user let's say 'manager@example.com' to a 'managers' role
• Give the 'managers' role all permissions on the library
• Give the manager@example.com private role library manage permission, but not access/add permissions.

The manager@example.com user can view/use the library. However, the moment they start managing the library e.g. add any other private role to the access/add acls they completely lose access to the library. Only adding their private role to the access acl prevents that.

Expectation. Since the user is a member of a second role that is in all acls they should not lose access to the library and their private role should not be required to be on the acl.

[jmchilton]

However, the moment they start managing the library e.g. add any other private role to the access/add acls they completely lose access to the library.

Yes.. this is because the roles are AND'd and not OR'd I think right? As counter-intuitive as this behavior is I believe it isn't a bug per se.

But I suppose the bug might be just that the UI isn't making it clear it is going to work this way