Comment 3 for bug 1901210

Arjen:

The code that's sending the 403 response is here: https://opendev.org/openstack/manila/src/commit/346cebcbbb519d07d98ce60cd2d388ff00a0ce25/manila/share/api.py#L1757-L1758

I sort of agree that you can detect whether a resource exists or not just because the API responds with a 403 in this case.

403 is still a valid response imo if, the share belongs to the project that the user belongs to as well; but the user has no access to this action - "share:get"

In your specific case, the correct response should be 404, since the user requesting "share:get" isn't from the same project that owns the share b0758fbd-bb1c-47e7-875e-b72336111709.

Do we agree with this assessment?