From f12e0e81f1cc6af2034c535866c3bfeddce8321d Mon Sep 17 00:00:00 2001

From: Tomas Babej <tbabej@redhat.com>

Date: Tue, 21 Jul 2015 12:44:37 +0200

Subject: [PATCH] idviews: Check for the Default Trust View only if applying

 the view

Currently, the code wrongly validates the idview-unapply command. Move

check for the forbidden application of the Default Trust View into

the correct logical branch.

https://fedorahosted.org/freeipa/ticket/4969

Reviewed-By: Martin Basti <mbasti@redhat.com>

---

 ipalib/plugins/idviews.py | 14 ++++++++------

 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py

index 2e6e84510d3caa3636d3f0c08c56403866ff54f9..ceb277020d1325bfd1607bcd4b05f4069ae9508d 100644

--- a/ipalib/plugins/idviews.py

+++ b/ipalib/plugins/idviews.py

@@ -256,17 +256,19 @@ class baseidview_apply(LDAPQuery):

         if not options.get('clear_view', False):

             view_dn = self.api.Object['idview'].get_dn_if_exists(view)

             assert isinstance(view_dn, DN)

+

+            # Check that we're not applying the Default Trust View

+            if view.lower() == DEFAULT_TRUST_VIEW_NAME:

+                raise errors.ValidationError(

+                    name=_('ID View'),

+                    error=_('Default Trust View cannot be applied on hosts')

+                )

+

         else:

             # In case we are removing assigned view, we modify the host setting

             # the ipaAssignedIDView to None

             view_dn = None

-        if view.lower() == DEFAULT_TRUST_VIEW_NAME:

-            raise errors.ValidationError(

-                name=_('ID View'),

-                error=_('Default Trust View cannot be applied on hosts')

-            )

-

         completed = 0

         succeeded = {'host': []}

         failed = {

-- 

2.4.3