Description
===========
This is a RBAC issue where as any authenticated user, I can retrieve a replica and its export locations even if it is in a project I'm not part of. I will however need to know the ID of the replica to do this. No manila API currently discloses this ID, and it would have to be guessed by users that have only the API to work with. Guessing UUIDs is considered impractical.
Steps to reproduce
==================
A chronological list of steps which will help reproduce the issue you hit:
* As user X in project Y, create a share and a replica and note replica ID
* As user A in project B, attempt to retrieve replica information and export location information:
GET share-replicas/${share_replica_id}/export-locations
GET share-replicas/${share_replica_id}/export-locations/${export_location_id}
GET share-replicas/${share_replica_id}
Expected result
===============
HTTP 404 if replica is inaccessible to me
Actual result
=============
HTTP 200 with replica details
Environment
===========
1. Manila main (Wallaby)
Fix proposed to branch: master /review. opendev. org/c/openstack /manila/ +/820468
Review: https:/