From fdd395e2b6c3674e72149425864e23d0a783eae7 Mon Sep 17 00:00:00 2001
From: Julien Fontanet <julien.fontanet@isonoe.net>
Date: Tue, 4 Oct 2016 15:49:48 +0200
Subject: [PATCH] fix(vm.create): correctly check resourceSet objects

Related to vatesfr/xo-web#1620
---
 src/api/vm.coffee | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/api/vm.coffee b/src/api/vm.coffee
index 3b542bfa8..bd7473a33 100644
--- a/src/api/vm.coffee
+++ b/src/api/vm.coffee
@@ -61,16 +61,9 @@ extract = (obj, prop) ->
 
 # TODO: Implement ACLs
 create = $coroutine (params) ->
-  checkLimits = limits = null
-
   { user } = this
   resourceSet = extract(params, 'resourceSet')
-  if resourceSet
-    yield this.checkResourceSetConstraints(resourceSet, user.id, objectIds)
-    checkLimits = $coroutine (limits2) =>
-      yield this.allocateLimitsInResourceSet(limits, resourceSet)
-      yield this.allocateLimitsInResourceSet(limits2, resourceSet)
-  else unless user.permission is 'admin'
+  if not resourceSet and user.permission isnt 'admin'
     throw new Unauthorized()
 
   template = extract(params, 'template')
@@ -147,6 +140,13 @@ create = $coroutine (params) ->
   installation = extract(params, 'installation')
   params.installRepository = installation && installation.repository
 
+  checkLimits = null
+  if resourceSet
+    yield this.checkResourceSetConstraints(resourceSet, user.id, objectIds)
+    checkLimits = $coroutine (limits2) =>
+      yield this.allocateLimitsInResourceSet(limits, resourceSet)
+      yield this.allocateLimitsInResourceSet(limits2, resourceSet)
+
   xapiVm = yield xapi.createVm(template._xapiId, params, checkLimits)
   vm = xapi.xo.addObject(xapiVm)
 
@@ -257,7 +257,7 @@ create.params = {
 }
 
 create.resolve = {
-  template: ['template', 'VM-template', 'administrate'],
+  template: ['template', 'VM-template'],
 }
 
 exports.create = create