(iotdb) branch authRefactor updated: delete previous method

jackietien Sun, 14 Sep 2025 19:32:35 -0700

This is an automated email from the ASF dual-hosted git repository.

jackietien pushed a commit to branch authRefactor
in repository https://gitbox.apache.org/repos/asf/iotdb.git



The following commit(s) were added to refs/heads/authRefactor by this push:
     new 80c50e004c2 delete previous method
     new 3ff45a8f3d8 Merge branch 'authRefactor' of 
https://github.com/apache/iotdb into authRefactor
80c50e004c2 is described below

commit 80c50e004c24d7134ef65d7ccbbca051fcb42126
Author: JackieTien97 <[email protected]>
AuthorDate: Mon Sep 15 10:32:02 2025 +0800

    delete previous method
---
 .../org/apache/iotdb/db/auth/AuthorityChecker.java |  18 +++-
 .../iotdb/db/queryengine/plan/Coordinator.java     |   7 +-
 .../security/TreeAccessCheckVisitor.java           | 101 +++++++++++++++++++--
 .../statement/AuthorityInformationStatement.java   |   4 +
 .../db/queryengine/plan/statement/Statement.java   |   6 --
 .../statement/metadata/CountDevicesStatement.java  |  23 +----
 .../metadata/CountTimeSeriesStatement.java         |  23 +----
 .../statement/metadata/ShowDevicesStatement.java   |  23 +----
 .../metadata/ShowTimeSeriesStatement.java          |  23 +----
 .../statement/sys/ExplainAnalyzeStatement.java     |   4 +-
 10 files changed, 121 insertions(+), 111 deletions(-)

diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index 71f064008df..eac1511dd9e 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -38,6 +38,9 @@ import 
org.apache.iotdb.db.pipe.source.dataregion.realtime.listener.PipeInsertio
 import org.apache.iotdb.db.protocol.session.IClientSession;
 import org.apache.iotdb.db.queryengine.common.header.DatasetHeader;
 import org.apache.iotdb.db.queryengine.plan.execution.config.ConfigTaskResult;
+import 
org.apache.iotdb.db.queryengine.plan.relational.security.AccessControlImpl;
+import 
org.apache.iotdb.db.queryengine.plan.relational.security.ITableAuthCheckerImpl;
+import 
org.apache.iotdb.db.queryengine.plan.relational.security.TreeAccessCheckVisitor;
 import 
org.apache.iotdb.db.queryengine.plan.relational.sql.ast.RelationalAuthorStatement;
 import org.apache.iotdb.db.queryengine.plan.statement.Statement;
 import org.apache.iotdb.db.queryengine.plan.statement.sys.AuthorStatement;
@@ -82,10 +85,21 @@ public class AuthorityChecker {
   private static final PerformanceOverviewMetrics PERFORMANCE_OVERVIEW_METRICS 
=
       PerformanceOverviewMetrics.getInstance();
 
+  private static AccessControlImpl accessControl =
+      new AccessControlImpl(new ITableAuthCheckerImpl(), new 
TreeAccessCheckVisitor());
+
   private AuthorityChecker() {
     // empty constructor
   }
 
+  public static AccessControlImpl getAccessControl() {
+    return accessControl;
+  }
+
+  public static void setAccessControl(AccessControlImpl accessControl) {
+    AuthorityChecker.accessControl = accessControl;
+  }
+
   public static IAuthorityFetcher getAuthorityFetcher() {
     return authorityFetcher.get();
   }
@@ -122,7 +136,7 @@ public class AuthorityChecker {
   public static TSStatus checkAuthority(Statement statement, IClientSession 
session) {
     long startTime = System.nanoTime();
     try {
-      return statement.checkPermissionBeforeProcess(session.getUsername());
+      return accessControl.checkPermissionBeforeProcess(statement, 
session.getUsername());
     } finally {
       PERFORMANCE_OVERVIEW_METRICS.recordAuthCost(System.nanoTime() - 
startTime);
     }
@@ -131,7 +145,7 @@ public class AuthorityChecker {
   public static TSStatus checkAuthority(Statement statement, String userName) {
     long startTime = System.nanoTime();
     try {
-      return statement.checkPermissionBeforeProcess(userName);
+      return accessControl.checkPermissionBeforeProcess(statement, userName);
     } finally {
       PERFORMANCE_OVERVIEW_METRICS.recordAuthCost(System.nanoTime() - 
startTime);
     }
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/Coordinator.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/Coordinator.java
index f307d9d9d75..e179157ff4d 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/Coordinator.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/Coordinator.java
@@ -29,6 +29,7 @@ import org.apache.iotdb.commons.concurrent.ThreadName;
 import org.apache.iotdb.commons.conf.CommonConfig;
 import org.apache.iotdb.commons.conf.CommonDescriptor;
 import org.apache.iotdb.commons.conf.IoTDBConstant;
+import org.apache.iotdb.db.auth.AuthorityChecker;
 import org.apache.iotdb.db.conf.IoTDBConfig;
 import org.apache.iotdb.db.conf.IoTDBDescriptor;
 import org.apache.iotdb.db.protocol.session.IClientSession;
@@ -56,9 +57,6 @@ import 
org.apache.iotdb.db.queryengine.plan.relational.planner.optimizations.Dis
 import 
org.apache.iotdb.db.queryengine.plan.relational.planner.optimizations.LogicalOptimizeFactory;
 import 
org.apache.iotdb.db.queryengine.plan.relational.planner.optimizations.PlanOptimizer;
 import org.apache.iotdb.db.queryengine.plan.relational.security.AccessControl;
-import 
org.apache.iotdb.db.queryengine.plan.relational.security.AccessControlImpl;
-import 
org.apache.iotdb.db.queryengine.plan.relational.security.ITableAuthCheckerImpl;
-import 
org.apache.iotdb.db.queryengine.plan.relational.security.TreeAccessCheckVisitor;
 import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.AddColumn;
 import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.AlterDB;
 import org.apache.iotdb.db.queryengine.plan.relational.sql.ast.ClearCache;
@@ -205,8 +203,7 @@ public class Coordinator {
             dispatchThreadNum,
             dispatchThreadNum,
             new ThreadPoolExecutor.CallerRunsPolicy());
-    this.accessControl =
-        new AccessControlImpl(new ITableAuthCheckerImpl(), new 
TreeAccessCheckVisitor());
+    this.accessControl = AuthorityChecker.getAccessControl();
     this.statementRewrite = new 
StatementRewriteFactory().getStatementRewrite();
     this.logicalPlanOptimizers =
         new LogicalOptimizeFactory(
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
index 0f6e6d33b74..9f3e0aea186 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
@@ -20,6 +20,9 @@
 package org.apache.iotdb.db.queryengine.plan.relational.security;
 
 import org.apache.iotdb.common.rpc.thrift.TSStatus;
+import org.apache.iotdb.commons.auth.AuthException;
+import org.apache.iotdb.commons.auth.entity.PrivilegeType;
+import org.apache.iotdb.commons.path.PathPatternTreeUtils;
 import org.apache.iotdb.db.auth.AuthorityChecker;
 import 
org.apache.iotdb.db.queryengine.plan.statement.AuthorityInformationStatement;
 import org.apache.iotdb.db.queryengine.plan.statement.StatementNode;
@@ -107,6 +110,7 @@ import 
org.apache.iotdb.db.queryengine.plan.statement.sys.ShowCurrentUserStateme
 import org.apache.iotdb.db.queryengine.plan.statement.sys.ShowQueriesStatement;
 import org.apache.iotdb.db.queryengine.plan.statement.sys.ShowVersionStatement;
 import 
org.apache.iotdb.db.queryengine.plan.statement.sys.TestConnectionStatement;
+import org.apache.iotdb.rpc.TSStatusCode;
 
 public class TreeAccessCheckVisitor extends StatementVisitor<TSStatus, 
TreeAccessCheckContext> {
 
@@ -137,7 +141,17 @@ public class TreeAccessCheckVisitor extends 
StatementVisitor<TSStatus, TreeAcces
 
   @Override
   public TSStatus visitAuthorityInformation(
-      AuthorityInformationStatement statement, TreeAccessCheckContext context) 
{}
+      AuthorityInformationStatement statement, TreeAccessCheckContext context) 
{
+    try {
+      if (!AuthorityChecker.SUPER_USER.equals(context.userName)) {
+        statement.setAuthorityScope(
+            AuthorityChecker.getAuthorizedPathTree(context.userName, 
PrivilegeType.READ_SCHEMA));
+      }
+    } catch (AuthException e) {
+      return new TSStatus(e.getCode().getStatusCode());
+    }
+    return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
+  }
 
   @Override
   public TSStatus visitBatchActivateTemplate(
@@ -145,11 +159,47 @@ public class TreeAccessCheckVisitor extends 
StatementVisitor<TSStatus, TreeAcces
 
   @Override
   public TSStatus visitCountDevices(
-      CountDevicesStatement statement, TreeAccessCheckContext context) {}
+      CountDevicesStatement statement, TreeAccessCheckContext context) {
+    if (statement.hasTimeCondition()) {
+      try {
+        if (!AuthorityChecker.SUPER_USER.equals(context.userName)) {
+          statement.setAuthorityScope(
+              PathPatternTreeUtils.intersectWithFullPathPrefixTree(
+                  AuthorityChecker.getAuthorizedPathTree(
+                      context.userName, PrivilegeType.READ_SCHEMA),
+                  AuthorityChecker.getAuthorizedPathTree(
+                      context.userName, PrivilegeType.READ_DATA)));
+        }
+      } catch (AuthException e) {
+        return new TSStatus(e.getCode().getStatusCode());
+      }
+      return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
+    } else {
+      return visitAuthorityInformation(statement, context);
+    }
+  }
 
   @Override
   public TSStatus visitCountTimeSeries(
-      CountTimeSeriesStatement statement, TreeAccessCheckContext context) {}
+      CountTimeSeriesStatement statement, TreeAccessCheckContext context) {
+    if (statement.hasTimeCondition()) {
+      try {
+        if (!AuthorityChecker.SUPER_USER.equals(context.userName)) {
+          statement.setAuthorityScope(
+              PathPatternTreeUtils.intersectWithFullPathPrefixTree(
+                  AuthorityChecker.getAuthorizedPathTree(
+                      context.userName, PrivilegeType.READ_SCHEMA),
+                  AuthorityChecker.getAuthorizedPathTree(
+                      context.userName, PrivilegeType.READ_DATA)));
+        }
+      } catch (AuthException e) {
+        return new TSStatus(e.getCode().getStatusCode());
+      }
+      return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
+    } else {
+      return visitAuthorityInformation(statement, context);
+    }
+  }
 
   @Override
   public TSStatus visitCountTimeSlotList(
@@ -252,7 +302,9 @@ public class TreeAccessCheckVisitor extends 
StatementVisitor<TSStatus, TreeAcces
 
   @Override
   public TSStatus visitExplainAnalyze(
-      ExplainAnalyzeStatement statement, TreeAccessCheckContext context) {}
+      ExplainAnalyzeStatement statement, TreeAccessCheckContext context) {
+    statement.getQueryStatement().accept(this, context);
+  }
 
   @Override
   public TSStatus visitExtendRegion(
@@ -366,8 +418,25 @@ public class TreeAccessCheckVisitor extends 
StatementVisitor<TSStatus, TreeAcces
       ShowDataNodesStatement statement, TreeAccessCheckContext context) {}
 
   @Override
-  public TSStatus visitShowDevices(
-      ShowDevicesStatement statement, TreeAccessCheckContext context) {}
+  public TSStatus visitShowDevices(ShowDevicesStatement statement, 
TreeAccessCheckContext context) {
+    if (statement.hasTimeCondition()) {
+      try {
+        if (!AuthorityChecker.SUPER_USER.equals(context.userName)) {
+          statement.setAuthorityScope(
+              PathPatternTreeUtils.intersectWithFullPathPrefixTree(
+                  AuthorityChecker.getAuthorizedPathTree(
+                      context.userName, PrivilegeType.READ_SCHEMA),
+                  AuthorityChecker.getAuthorizedPathTree(
+                      context.userName, PrivilegeType.READ_DATA)));
+        }
+      } catch (AuthException e) {
+        return new TSStatus(e.getCode().getStatusCode());
+      }
+      return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
+    } else {
+      return visitAuthorityInformation(statement, context);
+    }
+  }
 
   @Override
   public TSStatus visitShowFunctions(
@@ -408,7 +477,25 @@ public class TreeAccessCheckVisitor extends 
StatementVisitor<TSStatus, TreeAcces
 
   @Override
   public TSStatus visitShowTimeSeries(
-      ShowTimeSeriesStatement statement, TreeAccessCheckContext context) {}
+      ShowTimeSeriesStatement statement, TreeAccessCheckContext context) {
+    if (statement.hasTimeCondition()) {
+      try {
+        if (!AuthorityChecker.SUPER_USER.equals(context.userName)) {
+          statement.setAuthorityScope(
+              PathPatternTreeUtils.intersectWithFullPathPrefixTree(
+                  AuthorityChecker.getAuthorizedPathTree(
+                      context.userName, PrivilegeType.READ_SCHEMA),
+                  AuthorityChecker.getAuthorizedPathTree(
+                      context.userName, PrivilegeType.READ_DATA)));
+        }
+      } catch (AuthException e) {
+        return new TSStatus(e.getCode().getStatusCode());
+      }
+      return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
+    } else {
+      return visitAuthorityInformation(statement, context);
+    }
+  }
 
   @Override
   public TSStatus visitShowTopics(ShowTopicsStatement statement, 
TreeAccessCheckContext context) {}
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java
index 0db49e6600c..d5793d5d657 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/AuthorityInformationStatement.java
@@ -50,4 +50,8 @@ public abstract class AuthorityInformationStatement extends 
Statement {
   public <R, C> R accept(StatementVisitor<R, C> visitor, C context) {
     return visitor.visitAuthorityInformation(this, context);
   }
+
+  public void setAuthorityScope(PathPatternTree authorityScope) {
+    this.authorityScope = authorityScope;
+  }
 }
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/Statement.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/Statement.java
index fc9aa1486a9..8dc08d88b73 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/Statement.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/Statement.java
@@ -62,12 +62,6 @@ public abstract class Statement extends StatementNode {
 
   public abstract List<? extends PartialPath> getPaths();
 
-  public TSStatus checkPermissionBeforeProcess(final String userName) {
-    return AuthorityChecker.getTSStatus(
-        AuthorityChecker.SUPER_USER.equals(userName),
-        "Only the admin user can perform this operation");
-  }
-
   public org.apache.iotdb.db.queryengine.plan.relational.sql.ast.Statement 
toRelationalStatement(
       final MPPQueryContext context) {
     throw new UnsupportedOperationException("Method not implemented yet");
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountDevicesStatement.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountDevicesStatement.java
index 05d4c6384a2..c8652926b74 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountDevicesStatement.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountDevicesStatement.java
@@ -20,14 +20,9 @@
 package org.apache.iotdb.db.queryengine.plan.statement.metadata;
 
 import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
 import org.apache.iotdb.commons.path.PartialPath;
-import org.apache.iotdb.commons.path.PathPatternTreeUtils;
-import org.apache.iotdb.db.auth.AuthorityChecker;
 import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
 import org.apache.iotdb.db.queryengine.plan.statement.component.WhereCondition;
-import org.apache.iotdb.rpc.TSStatusCode;
 
 public class CountDevicesStatement extends CountStatement {
 
@@ -50,23 +45,7 @@ public class CountDevicesStatement extends CountStatement {
   }
 
   @Override
-  public TSStatus checkPermissionBeforeProcess(String userName) {
-    if (hasTimeCondition()) {
-      try {
-        if (!AuthorityChecker.SUPER_USER.equals(userName)) {
-          this.authorityScope =
-              PathPatternTreeUtils.intersectWithFullPathPrefixTree(
-                  AuthorityChecker.getAuthorizedPathTree(userName, 
PrivilegeType.READ_SCHEMA),
-                  AuthorityChecker.getAuthorizedPathTree(userName, 
PrivilegeType.READ_DATA));
-        }
-      } catch (AuthException e) {
-        return new TSStatus(e.getCode().getStatusCode());
-      }
-      return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
-    } else {
-      return super.checkPermissionBeforeProcess(userName);
-    }
-  }
+  public TSStatus checkPermissionBeforeProcess(String userName) {}
 
   @Override
   public <R, C> R accept(StatementVisitor<R, C> visitor, C context) {
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSeriesStatement.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSeriesStatement.java
index f116e190092..a7a7afe3b13 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSeriesStatement.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/CountTimeSeriesStatement.java
@@ -20,15 +20,10 @@
 package org.apache.iotdb.db.queryengine.plan.statement.metadata;
 
 import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
 import org.apache.iotdb.commons.path.PartialPath;
-import org.apache.iotdb.commons.path.PathPatternTreeUtils;
 import org.apache.iotdb.commons.schema.filter.SchemaFilter;
-import org.apache.iotdb.db.auth.AuthorityChecker;
 import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
 import org.apache.iotdb.db.queryengine.plan.statement.component.WhereCondition;
-import org.apache.iotdb.rpc.TSStatusCode;
 
 public class CountTimeSeriesStatement extends CountStatement {
 
@@ -61,23 +56,7 @@ public class CountTimeSeriesStatement extends CountStatement 
{
   }
 
   @Override
-  public TSStatus checkPermissionBeforeProcess(String userName) {
-    if (hasTimeCondition()) {
-      try {
-        if (!AuthorityChecker.SUPER_USER.equals(userName)) {
-          this.authorityScope =
-              PathPatternTreeUtils.intersectWithFullPathPrefixTree(
-                  AuthorityChecker.getAuthorizedPathTree(userName, 
PrivilegeType.READ_SCHEMA),
-                  AuthorityChecker.getAuthorizedPathTree(userName, 
PrivilegeType.READ_DATA));
-        }
-      } catch (AuthException e) {
-        return new TSStatus(e.getCode().getStatusCode());
-      }
-      return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
-    } else {
-      return super.checkPermissionBeforeProcess(userName);
-    }
-  }
+  public TSStatus checkPermissionBeforeProcess(String userName) {}
 
   @Override
   public <R, C> R accept(StatementVisitor<R, C> visitor, C context) {
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowDevicesStatement.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowDevicesStatement.java
index fe9c57fd920..9781ad1643c 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowDevicesStatement.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowDevicesStatement.java
@@ -20,15 +20,10 @@
 package org.apache.iotdb.db.queryengine.plan.statement.metadata;
 
 import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
 import org.apache.iotdb.commons.path.PartialPath;
-import org.apache.iotdb.commons.path.PathPatternTreeUtils;
 import org.apache.iotdb.commons.schema.filter.SchemaFilter;
-import org.apache.iotdb.db.auth.AuthorityChecker;
 import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
 import org.apache.iotdb.db.queryengine.plan.statement.component.WhereCondition;
-import org.apache.iotdb.rpc.TSStatusCode;
 
 import java.util.Collections;
 import java.util.List;
@@ -85,23 +80,7 @@ public class ShowDevicesStatement extends ShowStatement {
   }
 
   @Override
-  public TSStatus checkPermissionBeforeProcess(String userName) {
-    if (hasTimeCondition()) {
-      try {
-        if (!AuthorityChecker.SUPER_USER.equals(userName)) {
-          this.authorityScope =
-              PathPatternTreeUtils.intersectWithFullPathPrefixTree(
-                  AuthorityChecker.getAuthorizedPathTree(userName, 
PrivilegeType.READ_SCHEMA),
-                  AuthorityChecker.getAuthorizedPathTree(userName, 
PrivilegeType.READ_DATA));
-        }
-      } catch (AuthException e) {
-        return new TSStatus(e.getCode().getStatusCode());
-      }
-      return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
-    } else {
-      return super.checkPermissionBeforeProcess(userName);
-    }
-  }
+  public TSStatus checkPermissionBeforeProcess(String userName) {}
 
   @Override
   public <R, C> R accept(StatementVisitor<R, C> visitor, C context) {
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowTimeSeriesStatement.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowTimeSeriesStatement.java
index 49e478860f5..155e0acad39 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowTimeSeriesStatement.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/metadata/ShowTimeSeriesStatement.java
@@ -20,15 +20,10 @@
 package org.apache.iotdb.db.queryengine.plan.statement.metadata;
 
 import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
 import org.apache.iotdb.commons.path.PartialPath;
-import org.apache.iotdb.commons.path.PathPatternTreeUtils;
 import org.apache.iotdb.commons.schema.filter.SchemaFilter;
-import org.apache.iotdb.db.auth.AuthorityChecker;
 import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
 import org.apache.iotdb.db.queryengine.plan.statement.component.WhereCondition;
-import org.apache.iotdb.rpc.TSStatusCode;
 
 import java.util.Collections;
 import java.util.List;
@@ -84,23 +79,7 @@ public class ShowTimeSeriesStatement extends ShowStatement {
   }
 
   @Override
-  public TSStatus checkPermissionBeforeProcess(String userName) {
-    if (hasTimeCondition()) {
-      try {
-        if (!AuthorityChecker.SUPER_USER.equals(userName)) {
-          this.authorityScope =
-              PathPatternTreeUtils.intersectWithFullPathPrefixTree(
-                  AuthorityChecker.getAuthorizedPathTree(userName, 
PrivilegeType.READ_SCHEMA),
-                  AuthorityChecker.getAuthorizedPathTree(userName, 
PrivilegeType.READ_DATA));
-        }
-      } catch (AuthException e) {
-        return new TSStatus(e.getCode().getStatusCode());
-      }
-      return new TSStatus(TSStatusCode.SUCCESS_STATUS.getStatusCode());
-    } else {
-      return super.checkPermissionBeforeProcess(userName);
-    }
-  }
+  public TSStatus checkPermissionBeforeProcess(String userName) {}
 
   @Override
   public List<PartialPath> getPaths() {
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/ExplainAnalyzeStatement.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/ExplainAnalyzeStatement.java
index 34eec9f2a0e..e7874c4e3e2 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/ExplainAnalyzeStatement.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/ExplainAnalyzeStatement.java
@@ -40,9 +40,7 @@ public class ExplainAnalyzeStatement extends Statement {
   }
 
   @Override
-  public TSStatus checkPermissionBeforeProcess(String userName) {
-    return queryStatement.checkPermissionBeforeProcess(userName);
-  }
+  public TSStatus checkPermissionBeforeProcess(String userName) {}
 
   public QueryStatement getQueryStatement() {
     return queryStatement;

(iotdb) branch authRefactor updated: delete previous method

Reply via email to