From d7025a919c8a837045ac1f8eb4bd84c951378315 Mon Sep 17 00:00:00 2001
From: anxstj <51952982+anxstj@users.noreply.github.com>
Date: Thu, 26 Jan 2023 21:38:43 +0100
Subject: [PATCH] sso/backends: remove_* must not change the user (#13430)

_update_m2m_from_groups must return None if remove_* is false or empty,
because None indicates that the user permissions will not be changed.

related #13429
---
 awx/sso/backends.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/awx/sso/backends.py b/awx/sso/backends.py
index 618714d025..715cdd3b05 100644
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@@ -354,7 +354,9 @@ def _update_m2m_from_groups(ldap_user, opts, remove=True):
                 continue
             if ldap_user._get_groups().is_member_of(group_dn):
                 return True
-    return False
+    if remove:
+        return False
+    return None
 
 
 @receiver(populate_user, dispatch_uid='populate-ldap-user')