Merge pull request #12 from inuits/refactor/throw-not-found-instead-o…

…f-access-denied

Throw not found instead of access denied for multi tenant policy.

src/elody/policies/authorization/multi_tenant_policy.py

@@ -1,3 +1,4 @@
+from flask_restful import abort
 from inuits_policy_based_auth import BaseAuthorizationPolicy, RequestContext
 from inuits_policy_based_auth.contexts import UserContext, PolicyContext
 from storage.storagemanager import StorageManager
@@ -37,12 +38,17 @@ def authorize(
         request = request_context.http_request
         view_args = request.view_args or {}
         item_id = view_args.get("id")
-        policy_context.access_verdict = True
-        if item_id:
-            storage = StorageManager().get_db_engine()
-            item_relations = storage.get_collection_item_relations(
-                request.path.split("/")[1], item_id
+        storage = StorageManager().get_db_engine()
+        collection = request.path.split("/")[1]
+        item = storage.get_item_from_collection_by_id(collection, item_id)
+        if not item:
+            abort(
+                404,
+                message=f"Item with id {id} doesn't exist in collection {collection}",
             )
+        policy_context.access_verdict = True
+        if item:
+            item_relations = storage.get_collection_item_relations(collection, item_id)
             if not any(
                 x
                 for x in item_relations