[Project Sharing] Error 404 when non-owners сall for owner's storage

[eviltwinhans]

Description:

After all the objects in the project template have become related to the owner (/$[[ project.owner ]]/ added to all urls), the other users with whom the project is shared cannot access the storage getting 404 error even when the try running train job:

testshare5 % nf run train --dry-run
neuro mkdir --parents storage:/0kctest4nf/testshare5
neuro cp --recursive --update --no-target-directory /Users/kchap/Work/testshare5/modules storage:/0kctest4nf/testshare5/modules
neuro run --description=live.train --name=testshare5-train --env=EXPOSE_SSH=yes --env=PYTHONPATH=/project/modules --volume=storage:/0kctest4nf/testshare5/data:/project/data:ro --volume=storage:/0kctest4nf/testshare5/modules:/project/modules:ro --volume=storage:/0kctest4nf/testshare5/config:/project/config:ro --volume=storage:/0kctest4nf/testshare5/results:/project/results:rw --tag=job:train --tag=flow:live --tag=project:testshare5 --life-span=864000s --share=0kctest4nf/projects/testshare5 image:/0kctest4nf/testshare5:v1 -- bash -euo pipefail -c 'cd /project
python -u /project/modules/train.py --data /project/data
'
testshare5 % nf run train
ERROR: cannot create directory storage://default/0kctest4nf/testshare5: 404: Not Found

(current user - 0kctest5nf, owner - 0kctest4nf)

[eviltwinhans]

Awaiting results of the discussion on new Projects/Organizations structure.

[romasku]

The real cause is that permissions were not shared because the project owner did not touch this volume.

But it shows another issue here: currently, if users have no access to some path on storage, they will get a 404 error (instead of 403). Here is the code with this logic:

https://github.com/neuro-inc/platform-storage-api/blob/52aed9027fcccfd2104fbfe9be6cfee6a05111b6/platform_storage_api/security.py#L67-L68

@asvetlov is it expected (404 instead of 403)? Should we change it (it has worked this way since 2019)?