idviews: Check for the Default Trust View only if applying the view

Currently, the code wrongly validates the idview-unapply command. Move check for the forbidden application of the Default Trust View into the correct logical branch. https://fedorahosted.org/freeipa/ticket/4969 Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-07-21 12:44:37 +02:00 · 2015-07-21 12:44:37 +02:00 · a76c92ccd4
commit a76c92ccd4
parent 1299c60a83
1 changed files with 8 additions and 6 deletions
--- a/ipalib/plugins/idviews.py
+++ b/ipalib/plugins/idviews.py
@ -256,17 +256,19 @@ class baseidview_apply(LDAPQuery):
        if not options.get('clear_view', False):
            view_dn = self.api.Object['idview'].get_dn_if_exists(view)
            assert isinstance(view_dn, DN)
+
+            # Check that we're not applying the Default Trust View
+            if view.lower() == DEFAULT_TRUST_VIEW_NAME:
+                raise errors.ValidationError(
+                    name=_('ID View'),
+                    error=_('Default Trust View cannot be applied on hosts')
+                )
+
        else:
            # In case we are removing assigned view, we modify the host setting
            # the ipaAssignedIDView to None
            view_dn = None

-        if view.lower() == DEFAULT_TRUST_VIEW_NAME:
-            raise errors.ValidationError(
-                name=_('ID View'),
-                error=_('Default Trust View cannot be applied on hosts')
-            )
-
        completed = 0
        succeeded = {'host': []}
        failed = {