Forum OpenACS Development: Re: Cannot delete groups with segments and rels

Posted by tammy m on
Hi again Randy,

Well I wouldn't want "a great deal of... !" I got a bit of that already in a posting on named parameters. Not going there again if I can help it;)

I'm just calling the acs_group__delete pl/sql function that you posted here directly in psql. I'm trying to delete an app group that I created with

 # Create an application group (group associated with a package instance).
  set app_grp [application_group::new -group_type application_group \
                  -package_id $package_id  \
                  -group_name "$pkg_name AppGroup" ]

Then I added subgroup and permissions like so

        set pm_seg [rel_segments_new $app_grp membership_rel "$pkg_name Members"]
        permission::grant -party_id $pm_seg \
                -object_id $package_id -privilege create

I put some debugs in acs_group__delete and it is getting the constraint violation on the group delete itself.

NOTICE:  BEGIN Deleting relation composition_rel, id 7420
NOTICE:  END Deleting relation composition_rel(7420)
NOTICE:  BEGIN Deleting segment 7422
NOTICE:  END Deleting segment 7422
NOTICE:  BEGIN Deleting segment 7425
NOTICE:  END Deleting segment 7425
NOTICE:  BEGIN Deleting group 7417
NOTICE:  END Deleting group 7417
ERROR:  acs_permissions_grantee_id_fk referential integrity violation - key in parties still referenced from acs_permissions

I'll look more into this after lunch... are you able to use acs_group__delete (your modified form) successfully even with permissions granted on your group? I granted permissions directly to my group... thinking that permissions the group has directly would be inherited by all subgroups (relational segments of the group). Is that true?! And maybe that's my problem, I need to drop the permissions directly on my group as well as on the rel_segs.

  # Grant privileges: application group.
  # Grants privileges to all rel_segs of application group.
  permission::grant -party_id $app_grp \
                -object_id $package_id -privilege read

Duh. More on this after lunch...

thanks again

Posted by Randy O'Meara on
Hi Tammy,

Uh, yeah. I saw the exchange you mention...

I have not been dealing with app groups directly unless I have to. I use the subsite as a container, along with its application group that gets created when a subsite is instantiated. I use the apm to do the instantiation. I then supplement the subsite app group with additional segments to create more roles, assign rights to the segments, and then add rels in a particular role. See the "howto" thread ( for details.

When I located the bug mentioned in this thread, I was using the apm to destroy a subsite after destruction of all child site nodes. If you really want to do the app group stuff yourself, do it with the apm first and look at the log to see how/when the permissions are deallocated. I use the toolkit's magic whenever I can.