From f12e0e81f1cc6af2034c535866c3bfeddce8321d Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Tue, 21 Jul 2015 12:44:37 +0200 Subject: [PATCH] idviews: Check for the Default Trust View only if applying the view Currently, the code wrongly validates the idview-unapply command. Move check for the forbidden application of the Default Trust View into the correct logical branch. https://fedorahosted.org/freeipa/ticket/4969 Reviewed-By: Martin Basti --- ipalib/plugins/idviews.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py index 2e6e84510d3caa3636d3f0c08c56403866ff54f9..ceb277020d1325bfd1607bcd4b05f4069ae9508d 100644 --- a/ipalib/plugins/idviews.py +++ b/ipalib/plugins/idviews.py @@ -256,17 +256,19 @@ class baseidview_apply(LDAPQuery): if not options.get('clear_view', False): view_dn = self.api.Object['idview'].get_dn_if_exists(view) assert isinstance(view_dn, DN) + + # Check that we're not applying the Default Trust View + if view.lower() == DEFAULT_TRUST_VIEW_NAME: + raise errors.ValidationError( + name=_('ID View'), + error=_('Default Trust View cannot be applied on hosts') + ) + else: # In case we are removing assigned view, we modify the host setting # the ipaAssignedIDView to None view_dn = None - if view.lower() == DEFAULT_TRUST_VIEW_NAME: - raise errors.ValidationError( - name=_('ID View'), - error=_('Default Trust View cannot be applied on hosts') - ) - completed = 0 succeeded = {'host': []} failed = { -- 2.4.3