(iotdb) branch AuthEnhance updated: fix

[shuwenwei]

This is an automated email from the ASF dual-hosted git repository.

shuwenwei pushed a commit to branch AuthEnhance
in repository https://gitbox.apache.org/repos/asf/iotdb.git


The following commit(s) were added to refs/heads/AuthEnhance by this push:
     new 818d18a20ea fix
818d18a20ea is described below

commit 818d18a20ea42731e26bc8f69364cf94a654060f
Author: shuwenwei <s13979062...@gmail.com>
AuthorDate: Thu Sep 18 15:34:56 2025 +0800

    fix
---
 .../src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java    | 1 -
 .../plan/relational/security/TreeAccessCheckVisitor.java            | 6 +++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index 832dc4f2abd..f15472986d5 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -366,7 +366,6 @@ public class AuthorityChecker {
     return authorityFetcher.get().checkRole(username, roleName);
   }
 
-
   public static Collection<PrivilegeType> checkUserHaveSystemPermissions(
       String userName, Collection<PrivilegeType> permissions) {
     return authorityFetcher.get().checkUserSysPrivileges(userName, 
permissions);
diff --git 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
index b7a6495c8a5..3bb045bb53f 100644
--- 
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
+++ 
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/security/TreeAccessCheckVisitor.java
@@ -1072,9 +1072,6 @@ public class TreeAccessCheckVisitor extends 
StatementVisitor<TSStatus, TreeAcces
   // ======================== TTL related ===========================
   @Override
   public TSStatus visitSetTTL(SetTTLStatement statement, 
TreeAccessCheckContext context) {
-    if (checkHasGlobalAuth(context.userName, PrivilegeType.SYSTEM)) {
-      return SUCCEED;
-    }
     List<PartialPath> checkedPaths = statement.getPaths();
     for (PartialPath checkedPath : checkedPaths) {
       TSStatus status = checkWriteOnReadOnlyPath(checkedPath);
@@ -1082,6 +1079,9 @@ public class TreeAccessCheckVisitor extends 
StatementVisitor<TSStatus, TreeAcces
         return status;
       }
     }
+    if (checkHasGlobalAuth(context.userName, PrivilegeType.SYSTEM)) {
+      return SUCCEED;
+    }
     return AuthorityChecker.getTSStatus(
         AuthorityChecker.checkFullPathOrPatternListPermission(
             context.userName, checkedPaths, PrivilegeType.WRITE_SCHEMA),