@@ -54,25 +54,6 @@ pub(crate) async fn handle(
5454 flight_svc : & Service ,
5555 request : Request < Streaming < FlightData > > ,
5656) -> Result < Response < <Service as FlightService >:: DoPutStream > , Status > {
57- match RequestContext :: current ( crate :: request:: AsyncMarker :: new ( ) . await ) . auth_principal ( ) {
58- Some ( principal) => {
59- if !principal
60- . groups ( )
61- . iter ( )
62- . any ( |group| * group == "write" || * group == "read_write" )
63- {
64- return Err ( Status :: permission_denied (
65- "Write access denied. Verify that authentication key used has write access and try again." ,
66- ) ) ;
67- }
68- }
69- None => {
70- return Err ( Status :: unauthenticated (
71- "Flight DoPut requires authentication.\n For auth details, visit https://spiceai.org/docs/api/auth" ,
72- ) ) ;
73- }
74- }
75-
7657 let mut streaming_flight = request. into_inner ( ) . peekable ( ) ;
7758
7859 // We need to peek at the stream in case we branch below to prepared statements
@@ -94,6 +75,25 @@ pub(crate) async fn handle(
9475 }
9576 }
9677
78+ match RequestContext :: current ( crate :: request:: AsyncMarker :: new ( ) . await ) . auth_principal ( ) {
79+ Some ( principal) => {
80+ if !principal
81+ . groups ( )
82+ . iter ( )
83+ . any ( |group| * group == "write" || * group == "read_write" )
84+ {
85+ return Err ( Status :: permission_denied (
86+ "Write access denied. Verify that authentication key used has write access and try again." ,
87+ ) ) ;
88+ }
89+ }
90+ None => {
91+ return Err ( Status :: unauthenticated (
92+ "Flight DoPut requires authentication.\n For auth details, visit https://spiceai.org/docs/api/auth" ,
93+ ) ) ;
94+ }
95+ }
96+
9797 // Since it is not a prepared statement we can take from the stream
9898 let Some ( Ok ( first_message) ) = streaming_flight. next ( ) . await else {
9999 let _start = metrics:: track_flight_request ( "do_put" , None ) ;
0 commit comments