diff --git a/tailbone/auth.py b/tailbone/auth.py
index 9db292ad..338fac55 100644
--- a/tailbone/auth.py
+++ b/tailbone/auth.py
@@ -2,7 +2,7 @@
 ################################################################################
 #
 #  Rattail -- Retail Software Framework
-#  Copyright © 2010-2017 Lance Edgar
+#  Copyright © 2010-2020 Lance Edgar
 #
 #  This file is part of Rattail.
 #
@@ -101,7 +101,10 @@ class TailboneAuthorizationPolicy(object):
                 if context.request.user and context.request.user.uuid == userid:
                     return context.request.has_perm(permission)
                 else:
-                    assert False # should no longer happen..right?
+                    # this is pretty rare, but can happen in dev after
+                    # re-creating the database, which means new user uuids.
+                    # TODO: the odds of this query returning a user in that
+                    # case, are probably nil, and we should just skip this bit?
                     user = Session.query(model.User).get(userid)
                     if user:
                         if has_permission(Session(), user, permission):