neutron

  1. Bug #1965294
  2. Comment #2

Comment 2 for bug 1965294

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/834171
Committed: https://opendev.org/openstack/neutron/commit/60bc6c7a992383cecaf7dcf425668a6ea92b151b
Submitter: "Zuul (22348)"
Branch: master

commit 60bc6c7a992383cecaf7dcf425668a6ea92b151b
Author: Slawek Kaplonski <email address hidden>
Date: Thu Mar 17 14:33:41 2022 +0100

    [API] Return 403 for POST requests when user is not authorized

    In the policy_enforcement module if policy.enforce() will raise
    PolicyNotAuthorized exception, there is additional check if user is
    trying to modify own or someone else resource. In case when user is not
    allowed to show resource even, error 404 is raised to "hide" any
    information about requested resource.
    But that was also the case for POST (create resource) requests and 404
    error when user is trying e.g. create network is confusing.
    So this patch modifies that logic and in case of "create_" actions it
    will return 403 if user was not authorized to do such operation.

    Closes-Bug: #1965294
    Change-Id: I80b0616c335134a564361137b2a00ff86dcbdf1c