From 12b05cfbc32ba5708cddbf5528a79c8a51cc9bdd Mon Sep 17 00:00:00 2001
From: Prachi Damle <prachi@cloud.com>
Date: Mon, 12 Aug 2013 11:46:29 -0700
Subject: [PATCH] CLOUDSTACK-4259 Dedicated Resources: createAffinityGroup API
 should not allow admin to create the group of this type through API

Changes:
- Block API from creating this type of group
---
 .../affinity/AffinityGroupService.java        |  3 ++
 .../DedicatedResourceManagerImpl.java         |  2 +-
 .../ConfigurationManagerImpl.java             |  2 +-
 .../affinity/AffinityGroupServiceImpl.java    | 28 +++++++++++++++++++
 4 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java b/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java
index 43a4994ec91..0c4374c6877 100644
--- a/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java
+++ b/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java
@@ -79,4 +79,7 @@ public interface AffinityGroupService {
 
     boolean isAffinityGroupAvailableInDomain(long affinityGroupId, long domainId);
 
+    AffinityGroup createAffinityGroupInternal(String account, Long domainId, String affinityGroupName,
+            String affinityGroupType, String description);
+
 }
diff --git a/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java b/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java
index 6afbbad06bc..9092a1a4427 100755
--- a/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java
+++ b/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java
@@ -608,7 +608,7 @@ public class DedicatedResourceManagerImpl implements DedicatedService {
         }
 
 
-        group = _affinityGroupService.createAffinityGroup(accountName, domainId, affinityGroupName,
+        group = _affinityGroupService.createAffinityGroupInternal(accountName, domainId, affinityGroupName,
                     "ExplicitDedication", "dedicated resources group");
         
         return group;
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index 7f3ff10973c..570edca5f0b 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -2021,7 +2021,7 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
             }
         }
 
-        group = _affinityGroupService.createAffinityGroup(accountName, domainId, affinityGroupName,
+        group = _affinityGroupService.createAffinityGroupInternal(accountName, domainId, affinityGroupName,
                 "ExplicitDedication", "dedicated resources group");
 
         return group;
diff --git a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
index 6989e393e2f..cfed7e65671 100644
--- a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
+++ b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
@@ -131,6 +131,34 @@ public class AffinityGroupServiceImpl extends ManagerBase implements AffinityGro
 
         AffinityGroupProcessor processor = typeProcessorMap.get(affinityGroupType);
 
+        if (processor.isAdminControlledGroup()) {
+            throw new PermissionDeniedException("Cannot create the affinity group");
+        }
+
+        return createAffinityGroupInternal(account, domainId, affinityGroupName, affinityGroupType, description);
+    }
+
+    @DB
+    @Override
+    public AffinityGroup createAffinityGroupInternal(String account, Long domainId, String affinityGroupName,
+            String affinityGroupType, String description) {
+
+        Account caller = UserContext.current().getCaller();
+
+        // validate the affinityGroupType
+        Map<String, AffinityGroupProcessor> typeProcessorMap = getAffinityTypeToProcessorMap();
+        if (typeProcessorMap != null && !typeProcessorMap.isEmpty()) {
+            if (!typeProcessorMap.containsKey(affinityGroupType)) {
+                throw new InvalidParameterValueException("Unable to create affinity group, invalid affinity group type"
+                        + affinityGroupType);
+            }
+        } else {
+            throw new InvalidParameterValueException(
+                    "Unable to create affinity group, no Affinity Group Types configured");
+        }
+
+        AffinityGroupProcessor processor = typeProcessorMap.get(affinityGroupType);
+
         if (processor.isAdminControlledGroup() && !_accountMgr.isRootAdmin(caller.getType())) {
             throw new PermissionDeniedException("Cannot create the affinity group");
         }