Comment 6 for bug 1965294

Reviewed: https://review.opendev.org/c/openstack/neutron/+/837488
Committed: https://opendev.org/openstack/neutron/commit/909f3bd3c5585e68da62b511af24f862c7863d6b
Submitter: "Zuul (22348)"
Branch: stable/xena

commit 909f3bd3c5585e68da62b511af24f862c7863d6b
Author: Slawek Kaplonski <email address hidden>
Date: Thu Mar 17 14:33:41 2022 +0100

    [API] Return 403 for POST requests when user is not authorized

    In the policy_enforcement module if policy.enforce() will raise
    PolicyNotAuthorized exception, there is additional check if user is
    trying to modify own or someone else resource. In case when user is not
    allowed to show resource even, error 404 is raised to "hide" any
    information about requested resource.
    But that was also the case for POST (create resource) requests and 404
    error when user is trying e.g. create network is confusing.
    So this patch modifies that logic and in case of "create_" actions it
    will return 403 if user was not authorized to do such operation.

    Closes-Bug: #1965294
    Change-Id: I80b0616c335134a564361137b2a00ff86dcbdf1c
    (cherry picked from commit 60bc6c7a992383cecaf7dcf425668a6ea92b151b)