Unassigning a user from its userGroup, indeed, puts the UserGroup in that user to NULL. But it turns out that the entity that controls the permissions is a third thing. That "thing" takes some fields of the User class (id, name...) and generates an instance of a third object which is in charge of controlling the permissions. That third entity is what effectively has the permissions to access (or not) the application. Then, when a user is unassigned from a group, I have to take that third entity corresponding to that user and remove its permissions.
If someone is curious, I'm using this: http://grok.zope.org/documentation/how-to/authentication-with-grok I can find workarounds, of course... is just that it'd be nice to have a method executed when one of the users becomes orphan of usergroup 2011/4/9 Mike Conley <[email protected]>: > Not sure I understand the use case example. > > With these tables, doesn't the act of an administrator "unassigning" a user > from its UserGroup set the group id column to NULL? If so, doesn't that > effectively remove all the permissions because there is no longer a > connection between the user and the group. > > -- > Mike Conley > > > -- > You received this message because you are subscribed to the Google Groups > "sqlalchemy" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/sqlalchemy?hl=en. > -- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en.
