<fix>[securitygroup]: remove strict sequential priority restriction

[MatheMatrix]

Resolves: ZSTAC-79067\n\nRemove overly strict sequential priority validation for security group rules API.

sync from gitlab !9173

[coderabbitai]

Walkthrough

将安全组规则优先级验证从“必须从1开始且连续”简化为仅验证为正整数（>=1），并保留对全局最大值的检查。该变更影响新增、更新和为VM NIC设置安全组的优先级验证逻辑。

Changes

Cohort / File(s)	Summary
安全组 API 验证逻辑简化 plugin/securityGroup/src/main/java/org/zstack/network/securitygroup/SecurityGroupApiInterceptor.java	移除对优先级序列必须从1开始且连续的校验，改为仅检查优先级为正整数（>=1）并保留对全局最大值的边界校验；相应错误信息文本已更新。

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰✨ 优先级不再排长队，
一声正数便可来，
规则轻松跳了档，
小兔欢喜蹦又蹦，
代码清新又自在。

🚥 Pre-merge checks | ✅ 2 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Merge Conflict Detection	⚠️ Warning	⚠️ Unable to check for merge conflicts: Failed to fetch base branch: fatal: unable to access 'https://github.com/MatheMatrix/zstack.git/': Empty reply from server

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title follows the required [scope]: format, is 67 characters (under the 72-character limit), and accurately describes the main change: removing strict sequential priority validation from security group rules.
Description check	✅ Passed	The description is related to the changeset, providing context about the JIRA issue (ZSTAC-79067) and explaining that it removes overly strict sequential priority validation for security group rules API.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch sync/ye.zou/fix/ZSTAC-79067

⚔️ Resolve merge conflicts (beta)

• Auto-commit resolved conflicts to branch sync/ye.zou/fix/ZSTAC-79067
• Create stacked PR with resolved conflicts
• Post resolved changes as copyable diffs in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In
`@plugin/securityGroup/src/main/java/org/zstack/network/securitygroup/SecurityGroupApiInterceptor.java`:
- Around line 491-493: The priority validation in SecurityGroupApiInterceptor
currently only enforces ao.getPriority() > 0 and misses an upper bound; update
the check in the method that validates ao.getPriority() to also ensure
ao.getPriority() <= SECURITY_GROUP_RULES_NUM_LIMIT and throw an
ApiMessageInterceptionException with a new appropriate error code (instead of
ORG_ZSTACK_NETWORK_SECURITYGROUP_10042) when the value exceeds the limit, using
a clear error message that includes the provided priority and the max allowed
(reference SECURITY_GROUP_RULES_NUM_LIMIT and the validation block around
ao.getPriority()).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

⚠️ 更新优先级缺少最大值上限校验。
当前仅校验 > 0，会绕过 SECURITY_GROUP_RULES_NUM_LIMIT 的上限（新增/变更路径已限制）。建议补齐上限检查并使用合适的新错误码。

🔧 建议补充上限校验

             if (ao.getPriority() < 1) {
                 throw new ApiMessageInterceptionException(argerr(ORG_ZSTACK_NETWORK_SECURITYGROUP_10042, "could not update security group rule priority, because priority[%d] must be positive", ao.getPriority()));
             }
+            if (ao.getPriority() > SecurityGroupGlobalConfig.SECURITY_GROUP_RULES_NUM_LIMIT.value(Integer.class)) {
+                throw new ApiMessageInterceptionException(argerr(ORG_ZSTACK_NETWORK_SECURITYGROUP_10042, "could not update security group rule priority, because priority[%d] exceeds the maximum limit[%d]", ao.getPriority(), SecurityGroupGlobalConfig.SECURITY_GROUP_RULES_NUM_LIMIT.value(Integer.class)));
+            }

🤖 Prompt for AI Agents

In
`@plugin/securityGroup/src/main/java/org/zstack/network/securitygroup/SecurityGroupApiInterceptor.java`
around lines 491 - 493, The priority validation in SecurityGroupApiInterceptor
currently only enforces ao.getPriority() > 0 and misses an upper bound; update
the check in the method that validates ao.getPriority() to also ensure
ao.getPriority() <= SECURITY_GROUP_RULES_NUM_LIMIT and throw an
ApiMessageInterceptionException with a new appropriate error code (instead of
ORG_ZSTACK_NETWORK_SECURITYGROUP_10042) when the value exceeds the limit, using
a clear error message that includes the provided priority and the max allowed
(reference SECURITY_GROUP_RULES_NUM_LIMIT and the validation block around
ao.getPriority()).