webui: disable ipapermbindruletype if permission in a privilege

User is not able to change Bind Rule Type if permission is already
member of a privilege. Let's disable it and don't confuse user.

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>

1 files changed, 10 insertions, 1 deletions

diff --git a/install/ui/src/freeipa/aci.js b/install/ui/src/freeipa/aci.js
index f7628097a..9a19dd7b4 100644
--- a/install/ui/src/freeipa/aci.js
+++ b/install/ui/src/freeipa/aci.js
@@ -1041,7 +1041,9 @@ aci.permission_managed_policy = function (spec) {
     var that = IPA.facet_policy();
 
     that.post_load = function(data) {
-        var permtype = data.result.result.ipapermissiontype;
+
+        var result = data.result.result;
+        var permtype = result.ipapermissiontype;
         var managed = permtype && permtype.indexOf("MANAGED") > -1;
         var system = permtype && permtype.indexOf("SYSTEM") > -1 && permtype.length === 1;
         var m_section = that.container.widgets.get_widget("managed");
@@ -1054,6 +1056,13 @@ aci.permission_managed_policy = function (spec) {
             var managed_f = aci.managed_fields.indexOf(field.name) > -1;
             field.set_writable(!system && !(managed_f && managed) && field.writable);
         }
+
+        // Bind rule type cannot be changed if permission is in a privilege
+        var privileges = result.member_privilege;
+        if (privileges && privileges.length > 0) {
+            var f = that.container.fields.get_field('ipapermbindruletype');
+            f.set_writable(false);
+        }
     };
 
     return that;