Change default policy to view quota details

Default policy for quota details was an admin only privilege
but it was able to get used and reserved resource data via
nova limits call even for non admin owners.

Horizon worked around the issue by using the limits API instead of the
os-quota-sets API. And this removes the need to workaround it and just
use the single os-quota-sets API.

This patch sets the quotas detail default policy to RULE_ADMIN_OR_OWNER.

Change-Id: I65b9de24a1310079a67e033606eaf2dde796cd48
Closes-Bug: #1618513

nova/policies/quota_sets.py

@@ -62,7 +62,7 @@ quota_sets_policies = [
         ]),
     base.create_rule_default(
         POLICY_ROOT % 'detail',
-        base.RULE_ADMIN_API,
+        base.RULE_ADMIN_OR_OWNER,
         "Show the detail of quota",
         [
             {

nova/tests/unit/test_policy.py

@@ -356,7 +356,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
 "os_compute_api:os-networks-associate",
 "os_compute_api:os-quota-sets:update",
 "os_compute_api:os-quota-sets:delete",
-"os_compute_api:os-quota-sets:detail",
 "os_compute_api:os-security-group-default-rules",
 "os_compute_api:os-server-diagnostics",
 "os_compute_api:os-services",
@@ -391,6 +390,7 @@ class RealRolePolicyTestCase(test.NoDBTestCase):
 "os_compute_api:os-pause-server:pause",
 "os_compute_api:os-pause-server:unpause",
 "os_compute_api:os-quota-sets:show",
+"os_compute_api:os-quota-sets:detail",
 "os_compute_api:server-metadata:index",
 "os_compute_api:server-metadata:show",
 "os_compute_api:server-metadata:delete",

releasenotes/notes/quota-show-detail-access-d6f37282d288fa33.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - The default policy for os_compute_api:os-quota-sets:detail has
+    been changed to permit listing of quotas with details to project
+    users, not only to admins.