Pass the actual target in networks policy

Currently if target is not passed in context.can(),
it use defauls target which is context.user_id, context.project_id.
These defaults target are not useful as it pass the
context's user_id and project_id only which means we tell
oslo policy to verify the context data with context data.

This commit pass the actual target for networks policies
which is context.project_id itself as nova cannot verify the owner of
network. Neutron will return the authorise error is requester is not
owner of network.

Partial implement blueprint policy-defaults-refresh-deprecated-apis

Change-Id: I76bbb570996612c1366b6b6c52772f04a9953080

nova/api/openstack/compute/networks.py

@@ -70,7 +70,8 @@ class NetworkController(wsgi.Controller):
     @wsgi.expected_errors(())
     def index(self, req):
         context = req.environ['nova.context']
-        context.can(net_policies.POLICY_ROOT % 'list')
+        context.can(net_policies.POLICY_ROOT % 'list',
+                    target={'project_id': context.project_id})
         networks = self.network_api.get_all(context)
         result = [network_dict(context, net_ref) for net_ref in networks]
         return {'networks': result}
@@ -79,7 +80,8 @@ class NetworkController(wsgi.Controller):
     @wsgi.expected_errors(404)
     def show(self, req, id):
         context = req.environ['nova.context']
-        context.can(net_policies.POLICY_ROOT % 'show')
+        context.can(net_policies.POLICY_ROOT % 'show',
+                    target={'project_id': context.project_id})
 
         try:
             network = self.network_api.get(context, id)