[GitHub] rhtyd closed pull request #2042: CLOUDSTACK-9875: Unable to re-apply Explicit dedication to VM

[GitBox]

rhtyd closed pull request #2042: CLOUDSTACK-9875: Unable to re-apply Explicit 
dedication to VM
URL: https://github.com/apache/cloudstack/pull/2042
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git 
a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java 
b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
index f2502442c18..9e3f3c14b80 100644
--- a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
+++ b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
@@ -432,12 +432,23 @@ public UserVm updateVMAffinityGroups(Long vmId, 
List<Long> affinityGroupIds) {
                 throw new InvalidParameterValueException("Unable to find 
affinity group by id " + affinityGroupId);
             } else {
                 // verify permissions
-                _accountMgr.checkAccess(caller, null, true, owner, ag);
-                // Root admin has access to both VM and AG by default, but 
make sure the
-                // owner of these entities is same
-                if (caller.getId() == Account.ACCOUNT_ID_SYSTEM || 
_accountMgr.isRootAdmin(caller.getId())) {
-                    if (ag.getAccountId() != owner.getAccountId()) {
-                        throw new PermissionDeniedException("Affinity Group " 
+ ag + " does not belong to the VM's account");
+                if (ag.getAclType() == ACLType.Domain) {
+                    _accountMgr.checkAccess(caller, null, false, owner, ag);
+                    // make sure the affinity group is available in that domain
+                    if (caller.getId() == Account.ACCOUNT_ID_SYSTEM || 
_accountMgr.isRootAdmin(caller.getId())) {
+                        if (!isAffinityGroupAvailableInDomain(ag.getId(), 
owner.getDomainId())) {
+                            throw new PermissionDeniedException("Affinity 
Group " + ag + " does not belong to the VM's domain");
+                        }
+                    }
+                } else {
+                    _accountMgr.checkAccess(caller, null, true, owner, ag);
+                    // Root admin has access to both VM and AG by default,
+                    // but
+                    // make sure the owner of these entities is same
+                    if (caller.getId() == Account.ACCOUNT_ID_SYSTEM || 
_accountMgr.isRootAdmin(caller.getId())) {
+                        if (ag.getAccountId() != owner.getAccountId()) {
+                            throw new PermissionDeniedException("Affinity 
Group " + ag + " does not belong to the VM's account");
+                        }
                     }
                 }
             }


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services