id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc	parents
874	The core__privileges_users table has the foreign key columns reversed	David Thompson		"The `core__privileges_users` table consists of two foreign key columns: `core__user_id` and `core__privilege_id`.  However, `core__user_id` contains privilege ids and `core__privilege_id` contains user ids!  For example, running the query `DELETE FROM core__privileges_users WHERE core__user_id=3;` will delete all uploader privileges for all users.  Bad stuff.

Here is the offending code:

{{{
class PrivilegeUserAssociation(Base):
    '''
    This table holds the many-to-many relationship between User and Privilege
    '''

    __tablename__ = 'core__privileges_users'

    privilege_id = Column(
        'core__privilege_id',
        Integer,
        ForeignKey(User.id),
        primary_key=True)
    user_id = Column(
        'core__user_id',
        Integer,
        ForeignKey(Privilege.id),
        primary_key=True)
}}}
"	defect	closed	critical	0.7.0	programming	fixed	privileges, sql