Added checks when revoking role before removing internal dictionaries entries
authorThierry Florac <thierry.florac@onf.fr>
Tue, 25 Jun 2019 16:27:09 +0200
changeset 159 9bff468cbfc3
parent 158 0f9c64c65e5f
child 160 738848a8d911
Added checks when revoking role before removing internal dictionaries entries
src/pyams_security/security.py
--- a/src/pyams_security/security.py	Tue Jun 25 15:02:52 2019 +0200
+++ b/src/pyams_security/security.py	Tue Jun 25 16:27:09 2019 +0200
@@ -123,15 +123,17 @@
                 principal_id = principal_id.id
             if principal_id in role_principals:
                 principal_roles = self._roles_by_principal.get(principal_id) or set()
-                role_principals.remove(principal_id)
-                principal_roles.remove(role_id)
+                if principal_id in role_principals:
+                    role_principals.remove(principal_id)
+                if role_id in principal_roles:
+                    principal_roles.remove(role_id)
                 if principal_roles:
                     self._roles_by_principal[principal_id] = principal_roles
-                else:
+                elif principal_id in self._roles_by_principal:
                     del self._roles_by_principal[principal_id]
                 if role_principals:
                     self._principals_by_role[role_id] = role_principals
-                else:
+                elif role_id in self._principals_by_role:
                     del self._principals_by_role[role_id]
                 registry.notify(RevokedRoleEvent(self, role_id, principal_id))