summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomas Babej <tbabej@redhat.com>2015-07-21 12:44:37 +0200
committerTomas Babej <tbabej@redhat.com>2015-07-22 11:06:41 +0200
commita76c92ccd44ff0a28b789fdbfed5cf45d164eb80 (patch)
tree99edd8b14b61611ea7845fddc1a550ac8204b9dc
parent1299c60a83ccaf669abd74d35845f8c321e4ed5e (diff)
downloadfreeipa-a76c92ccd44ff0a28b789fdbfed5cf45d164eb80.zip
freeipa-a76c92ccd44ff0a28b789fdbfed5cf45d164eb80.tar.gz
freeipa-a76c92ccd44ff0a28b789fdbfed5cf45d164eb80.tar.xz
idviews: Check for the Default Trust View only if applying the view
Currently, the code wrongly validates the idview-unapply command. Move check for the forbidden application of the Default Trust View into the correct logical branch. https://fedorahosted.org/freeipa/ticket/4969 Reviewed-By: Martin Basti <mbasti@redhat.com>
-rw-r--r--ipalib/plugins/idviews.py14
1 files changed, 8 insertions, 6 deletions
diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py
index 4a14162..48f646b 100644
--- a/ipalib/plugins/idviews.py
+++ b/ipalib/plugins/idviews.py
@@ -256,17 +256,19 @@ class baseidview_apply(LDAPQuery):
if not options.get('clear_view', False):
view_dn = self.api.Object['idview'].get_dn_if_exists(view)
assert isinstance(view_dn, DN)
+
+ # Check that we're not applying the Default Trust View
+ if view.lower() == DEFAULT_TRUST_VIEW_NAME:
+ raise errors.ValidationError(
+ name=_('ID View'),
+ error=_('Default Trust View cannot be applied on hosts')
+ )
+
else:
# In case we are removing assigned view, we modify the host setting
# the ipaAssignedIDView to None
view_dn = None
- if view.lower() == DEFAULT_TRUST_VIEW_NAME:
- raise errors.ValidationError(
- name=_('ID View'),
- error=_('Default Trust View cannot be applied on hosts')
- )
-
completed = 0
succeeded = {'host': []}
failed = {