flyrain opened a new pull request, #4423:
URL: https://github.com/apache/polaris/pull/4423
Why do we need this change:
1. Validate before authorize. Request validation (well-formedness) is
cheap; authorization is expensive (entity
resolution, role/grant checks). Doing validate first means malformed
requests don't burn auth work. Also gives clearer
errors: a user sending a bad payload now gets "invalid request," not
"forbidden."
2. One validation point per endpoint, regardless of branching. createTable
was the clearest case: validation lived in
both createTableDirect and stageTableCreateHelper because the handler
branches on stageCreate. The adapter doesn't
branch yet, so validating once at the top covers both paths and removes
the duplication. Same shape for the other three
endpoints โ validation now lives at the boundary, not inside util methods
that may be called from multiple places.
3. Layering. Request schema validation is a REST-boundary concern; the
handler should assume requests are well-formed
and focus on auth + catalog logic. The new layout reflects that.
## Checklist
- [ ] ๐ก๏ธ Don't disclose security issues! (contact [email protected])
- [ ] ๐ Clearly explained why the changes are needed, or linked related
issues: Fixes #
- [ ] ๐งช Added/updated tests with good coverage, or manually tested (and
explained how)
- [ ] ๐ก Added comments for complex logic
- [ ] ๐งพ Updated `CHANGELOG.md` (if needed)
- [ ] ๐ Updated documentation in `site/content/in-dev/unreleased` (if needed)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
