Comment 7 for bug 1965294

Reviewed: https://review.opendev.org/c/openstack/neutron/+/837489
Committed: https://opendev.org/openstack/neutron/commit/1b82d4aa20a01426fc9e543a64b343c81a486584
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 1b82d4aa20a01426fc9e543a64b343c81a486584
Author: Slawek Kaplonski <email address hidden>
Date: Thu Mar 17 14:33:41 2022 +0100

    [API] Return 403 for POST requests when user is not authorized

    In the policy_enforcement module if policy.enforce() will raise
    PolicyNotAuthorized exception, there is additional check if user is
    trying to modify own or someone else resource. In case when user is not
    allowed to show resource even, error 404 is raised to "hide" any
    information about requested resource.
    But that was also the case for POST (create resource) requests and 404
    error when user is trying e.g. create network is confusing.
    So this patch modifies that logic and in case of "create_" actions it
    will return 403 if user was not authorized to do such operation.

    Closes-Bug: #1965294
    Change-Id: I80b0616c335134a564361137b2a00ff86dcbdf1c
    (cherry picked from commit 60bc6c7a992383cecaf7dcf425668a6ea92b151b)