60bc6c7a99
In the policy_enforcement module if policy.enforce() will raise PolicyNotAuthorized exception, there is additional check if user is trying to modify own or someone else resource. In case when user is not allowed to show resource even, error 404 is raised to "hide" any information about requested resource. But that was also the case for POST (create resource) requests and 404 error when user is trying e.g. create network is confusing. So this patch modifies that logic and in case of "create_" actions it will return 403 if user was not authorized to do such operation. Closes-Bug: #1965294 Change-Id: I80b0616c335134a564361137b2a00ff86dcbdf1c |
||
---|---|---|
.. | ||
__init__.py | ||
config.py | ||
test_controllers.py | ||
test_functional.py | ||
test_hooks.py | ||
utils.py |