Disabling user groups is only a problem if you use crud which checks for auth.accessible() records based on permissions. If There are no user groups you do not know how to make an object accessible to the user who created. Honestly I envisioned a bigger role in web2py for auth permissions. Turns out most users (including me) do not use them and prefer to set simpler ad hoc permission rules. In case there is no problem in disabling user groups.
On Friday, 1 February 2013 15:42:49 UTC-6, Yarin wrote: > > The > documentation<http://web2py.com/books/default/chapter/29/09#Authorization>states: > > "The creation of the group can be disabled with > > auth.settings.create_user_groups = None > > although we do not suggest doing so." > > Massimo also says > here<https://groups.google.com/d/msg/web2py/gN2LH6pX_IA/kcCBMWeDD8YJ>that "If > you do not have those groups membership causes a nightmare." > > Yet I've never found any use for the individual user groups. Can someone > explain their utility, and why the warnings against dropping them? > > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
