Yes I realized that, still no idea how to deal with this case. Currently the implementation is to store the tree and check through the nodes, remove those are not authorized… please let me know if you have better idea