On retrieve not apply the filter, only check the permissions

taiga/base/api/mixins.py

@@ -20,6 +20,7 @@
 import warnings
 
 from django.core.exceptions import ValidationError
+from django.shortcuts import get_object_or_404
 from django.http import Http404
 from django.db import transaction as tx
 
@@ -120,7 +121,7 @@ class RetrieveModelMixin(object):
     Retrieve a model instance.
     """
     def retrieve(self, request, *args, **kwargs):
-        self.object = self.get_object_or_none()
+        self.object = get_object_or_404(self.get_queryset(), **kwargs)
 
         self.check_permissions(request, 'retrieve', self.object)
 

tests/integration/resources_permissions/test_storage_resources.py

@@ -49,7 +49,7 @@ def test_storage_retrieve(client, data):
     ]
 
     results = helper_test_http_method(client, 'get', url, None, users)
-    assert results == [401, 200, 404]
+    assert results == [404, 200, 404]
 
 
 def test_storage_update(client, data):

tests/integration/test_userstorage_api.py

@@ -66,7 +66,7 @@ def test_view_storage_entries(client):
 
     # Get by anonymous user
     response = client.get(reverse("user-storage-detail", args=[storage11.key]))
-    assert response.status_code == 401
+    assert response.status_code == 404
 
     # Get single entry
     client.login(username=user1.username, password=user1.username)