I have added auth to my application using crud. However there are a couple of areas where it does not act as I was expecting.
1) If I have change a permission from create to update then I now have both permissions until I log off. I guess it has cached the old permission somewhere. Is it possible to force any changes to happen immediately? 2) If I have update permission it allows me to delete as well. Is it possible to allow update but not delete? As I am using crud in the application it is the same function for update and delete so it is not possible to use a decorator nor to put a test within the code for permissions.
