Description
revokePermissions, revokeAllPermissions, and related methods / actions of the PermissionController throw if the user is trying to revoke a permission that does not exist (which is either because a particular subject does not exist or because it doesn't have a particular permission). This was done in accordance with the design principle of "don't permit asking the impossible"; as a rule, it's important that an API is predictable and logically consistent, and that's doubly true if the API is sensitive, as is the case with the PermissionController.
Unfortunately, this design choice is causing downstream inconveniences, since callers always have to check if permissions exist before revoking them, even if the caller doesn't care if they ever existed in the first place. Therefore, it might make sense to modify the revocation methods such that the user can signal whether they care if a revoked permission actually exists or not.