Fix authorization policy bug.

This was really an edge case, but in any event the problem would occur when a
user was logged in, and then that user account was deleted.

tailbone/auth.py

@@ -42,7 +42,7 @@ class TailboneAuthorizationPolicy(object):
         for userid in principals:
             if userid not in (Everyone, Authenticated):
                 user = Session.query(User).get(userid)
-                assert user
+                if user:
                     return has_permission(Session(), user, permission)
         if Everyone in principals:
             return has_permission(Session(), None, permission)