IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

idviews: Check for the Default Trust View only if applying the view

Browse Source 
Currently, the code wrongly validates the idview-unapply command. Move
check for the forbidden application of the Default Trust View into
the correct logical branch.

https://fedorahosted.org/freeipa/ticket/4969

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Tomas Babej 2015-07-21 12:44:37 +02:00
parent 1299c60a83
commit a76c92ccd4
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ipalib/plugins/idviews.py
View File

@ -256,17 +256,19 @@ class baseidview_apply(LDAPQuery):
if not options.get('clear_view', False): if not options.get('clear_view', False):
view_dn = self.api.Object['idview'].get_dn_if_exists(view) view_dn = self.api.Object['idview'].get_dn_if_exists(view)
assert isinstance(view_dn, DN) assert isinstance(view_dn, DN)
# Check that we're not applying the Default Trust View
if view.lower() == DEFAULT_TRUST_VIEW_NAME:
raise errors.ValidationError(
name=_('ID View'),
error=_('Default Trust View cannot be applied on hosts')
)
else: else:
# In case we are removing assigned view, we modify the host setting # In case we are removing assigned view, we modify the host setting
# the ipaAssignedIDView to None # the ipaAssignedIDView to None
view_dn = None view_dn = None
if view.lower() == DEFAULT_TRUST_VIEW_NAME:
raise errors.ValidationError(
name=_('ID View'),
error=_('Default Trust View cannot be applied on hosts')
)
completed = 0 completed = 0
succeeded = {'host': []} succeeded = {'host': []}
failed = { failed = {