Doing a query with an AND SQL statement needs to be done with multiple "filter" callswith SQLAlchemy.
Here, we want to be sure that the username is not used AND that the project is the same than the eventual users that would match. The previous version of the code returned an user with the same name, even if the user wasn't in the right group.
(Fred, is there a reason why you're using form.id.validate()? Doesn't seem to be defined in here.
Also properly deletes the session using session.clear rather than session = None.
As session is an observable object, if it is updated to None, the session will *not* be invalided at the end of the request. Instead, you have to call clear() which will clear its members so the cookie will be updated accordingly at the end of the request.
* web.py contains the controllers (also called views) + url definitions
* models.py contains the models
* forms.py contains the forms
* utils.py contains a set of utility fonctions to ease the dev. process
This commit adds:
* support for projects (creation not yet finished)
* an authentication mechanism
* bugs (basically all the features are not working anymore)
