I have been trying to figure out why the user-group associations were disappearing in my app and it turns out that when you call DetachUserFromGroup, it detaches all the users in that group.
The query generated is: exec sp_executesql N'DELETE FROM security.UsersToUsersGroups WHERE GroupId = @p0',N'@p0 uniqueidentifier',@p0='15430BE5-E373-4ECE-905E-9D5000C6079A'

As you can see in the Where clause it is missing part where it checks for the UserId.

Looking at the AuthorizationRepository, it does remove the IUser from the list of users for the group, but somehow it is not being translated to the SQL query.

Executing GetAssociatedUsersGroupFor directly after executing AssociateUserWith returns the cached associations. AssociateUserWith doesn't seem to be invalidating the cache for the UserToUsersGroups table.

I am using SysCache2 from Nhibernate.Contrib.

Is there any way you could convert this code base to utilize integers rather than guids for the primary keys? Guids have the worst performance out of all of the database types and take the most space to store. The use of guids in this project also dictates that users of this framework must also utilize guid types whenever they have a table that needs a foreign key to the user's id column. Perhaps there is a compromise where the data type can be controlled via a setting?

I'd like to map which operations are associated with a specific entity type. For example I have a security dialog that follows the general Microsoft conventions. (see the security dialog in windows explorer for editing folder/files settings) The dialog consists of two lists. The first is a list of groups/users who have access to whatever it is I’m trying to secure. In my domain it’s an entity that represents a folder within my database. There are buttons that allow me to add or remove groups or users from this list. The second list is a static set of permissions (in your domain these would be called operations) that are applicable for the type of entity being edited. I would like to see the ability assign a list of operations to a specific entity type. This would allow me during load up of my security dialog to retrieve this static list of operations specific to the entity (the folder) being edited and list them with checkboxes. I can then utilize the existing methods in your PermissionService for retrieving the currently selected user’s or group’s permissions and check the appropriate operations specific to them.

Perhaps I didn’t understand your model and this is already possible.
Thanks,
Joey

Apparently Rhino.Security/Properties/assemblyinfo.cs is missing in the latest version. I do not know whether it is required or not, but building this in vs2008 fails.