--- a/src/pyams_security/security.py Tue Jun 25 15:02:52 2019 +0200
+++ b/src/pyams_security/security.py Tue Jun 25 16:27:09 2019 +0200
@@ -123,15 +123,17 @@
principal_id = principal_id.id
if principal_id in role_principals:
principal_roles = self._roles_by_principal.get(principal_id) or set()
- role_principals.remove(principal_id)
- principal_roles.remove(role_id)
+ if principal_id in role_principals:
+ role_principals.remove(principal_id)
+ if role_id in principal_roles:
+ principal_roles.remove(role_id)
if principal_roles:
self._roles_by_principal[principal_id] = principal_roles
- else:
+ elif principal_id in self._roles_by_principal:
del self._roles_by_principal[principal_id]
if role_principals:
self._principals_by_role[role_id] = role_principals
- else:
+ elif role_id in self._principals_by_role:
del self._principals_by_role[role_id]
registry.notify(RevokedRoleEvent(self, role_id, principal_id))