1b82d4aa20
In the policy_enforcement module if policy.enforce() will raise
PolicyNotAuthorized exception, there is additional check if user is
trying to modify own or someone else resource. In case when user is not
allowed to show resource even, error 404 is raised to "hide" any
information about requested resource.
But that was also the case for POST (create resource) requests and 404
error when user is trying e.g. create network is confusing.
So this patch modifies that logic and in case of "create_" actions it
will return 403 if user was not authorized to do such operation.
Closes-Bug: #1965294
Change-Id: I80b0616c335134a564361137b2a00ff86dcbdf1c
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| controllers | ||
| hooks | ||
| __init__.py | ||
| app.py | ||
| constants.py | ||
| startup.py | ||