basic authorization based on the request principal

Author: duhizjame

server/app/src/main/java/io/whitefox/api/deltasharing/server/DeltaSharesApiImpl.java

@@ -45,10 +45,11 @@ public Response getShare(String share) {
     return wrapExceptions(
         () ->
             optionalToNotFound(shareService.getShare(share),
-                    s -> {
+                    foundShare ->
+                    shareToForbidden(foundShare, s -> {
                         var resultShare = new Share().name(s.name()).id(s.id());
                         return Response.ok(resultShare).build();
-                    }),
+                    })),
         exceptionToResponse);
   }
 
@@ -73,24 +74,25 @@ public Response getTableMetadata(
       String startingTimestampStr,
       String deltaSharingCapabilities) {
     return wrapExceptions(
-        () -> {
-          var startingTimestamp = parseTimestamp(startingTimestampStr);
-          return optionalToNotFound(
-              deltaSharesService.getTableMetadata(share, schema, table, startingTimestamp),
-              m -> optionalToNotFound(
-                  deltaSharesService.getTableVersion(share, schema, table, startingTimestamp),
-                  v -> Response.ok(
-                          tableResponseSerializer.serialize(
-                              DeltaMappers.toTableResponseMetadata(m)),
-                          ndjsonMediaType)
-                      .status(Response.Status.OK.getStatusCode())
-                      .header(DELTA_TABLE_VERSION_HEADER, String.valueOf(v))
-                      .header(
-                          DELTA_SHARE_CAPABILITIES_HEADER,
-                          getResponseFormatHeader(
-                              DeltaMappers.toHeaderCapabilitiesMap(deltaSharingCapabilities)))
-                      .build()));
-        },
+        () ->
+        optionalToNotFound(shareService.getShare(share), foundShare -> shareToForbidden(foundShare, s -> {
+            var startingTimestamp = parseTimestamp(startingTimestampStr);
+            return optionalToNotFound(
+                    deltaSharesService.getTableMetadata(share, schema, table, startingTimestamp),
+                    m -> optionalToNotFound(
+                            deltaSharesService.getTableVersion(share, schema, table, startingTimestamp),
+                            v -> Response.ok(
+                                            tableResponseSerializer.serialize(
+                                                    DeltaMappers.toTableResponseMetadata(m)),
+                                            ndjsonMediaType)
+                                    .status(Response.Status.OK.getStatusCode())
+                                    .header(DELTA_TABLE_VERSION_HEADER, String.valueOf(v))
+                                    .header(
+                                            DELTA_SHARE_CAPABILITIES_HEADER,
+                                            getResponseFormatHeader(
+                                                    DeltaMappers.toHeaderCapabilitiesMap(deltaSharingCapabilities)))
+                                    .build()));
+        })),
         exceptionToResponse);
   }
 
@@ -99,28 +101,31 @@ public Response getTableVersion(
       String share, String schema, String table, String startingTimestampStr) {
 
     return wrapExceptions(
-        () -> {
+        () ->
+        optionalToNotFound(shareService.getShare(share), foundShare -> shareToForbidden(foundShare, s -> {
           var startingTimestamp = parseTimestamp(startingTimestampStr);
           return optionalToNotFound(
               deltaSharesService.getTableVersion(share, schema, table, startingTimestamp),
               t -> Response.ok().header(DELTA_TABLE_VERSION_HEADER, t).build());
-        },
+        })),
         exceptionToResponse);
   }
 
   @Override
   public Response listALLTables(String share, Integer maxResults, String pageToken) {
     return wrapExceptions(
-        () -> optionalToNotFound(
-            deltaSharesService.listTablesOfShare(
-                share, parseToken(pageToken), Optional.ofNullable(maxResults)),
-            c -> Response.ok(c.getToken()
-                    .map(t -> new ListTablesResponse()
-                        .items(mapList(c.getContent(), DeltaMappers::table2api))
-                        .nextPageToken(tokenEncoder.encodePageToken(t)))
-                    .orElse(new ListTablesResponse()
-                        .items(mapList(c.getContent(), DeltaMappers::table2api))))
-                .build()),
+        () ->
+        optionalToNotFound(shareService.getShare(share), foundShare -> shareToForbidden(foundShare, s ->
+            optionalToNotFound(
+                            deltaSharesService.listTablesOfShare(
+                                    share, parseToken(pageToken), Optional.ofNullable(maxResults)),
+                            c -> Response.ok(c.getToken()
+                                            .map(t -> new ListTablesResponse()
+                                                    .items(mapList(c.getContent(), DeltaMappers::table2api))
+                                                    .nextPageToken(tokenEncoder.encodePageToken(t)))
+                                            .orElse(new ListTablesResponse()
+                                                    .items(mapList(c.getContent(), DeltaMappers::table2api))))
+                                    .build()))),
         exceptionToResponse);
   }
 

server/app/src/main/java/io/whitefox/api/server/ApiUtils.java

@@ -3,6 +3,7 @@
 import io.quarkus.runtime.util.ExceptionUtil;
 import io.whitefox.api.deltasharing.model.v1.generated.CommonErrorResponse;
 import io.whitefox.core.Principal;
+import io.whitefox.core.Share;
 import io.whitefox.core.services.DeltaSharedTable;
 import io.whitefox.core.services.exceptions.AlreadyExists;
 import io.whitefox.core.services.exceptions.NotFound;
@@ -70,6 +71,13 @@ default <T> Response optionalToNotFound(Optional<T> opt, Function<T, Response> f
     return opt.map(fn).orElse(notFoundResponse());
   }
 
+  default Response shareToForbidden(Share value, Function<Share, Response> fn) {
+    if (value.recipients().contains(getRequestPrincipal()))
+      return fn.apply(value);
+    else
+      return Response.status(Response.Status.FORBIDDEN).build();
+  }
+
   default String getResponseFormatHeader(Map<String, String> deltaSharingCapabilities) {
     return String.format(
         "%s=%s",