return null;
        }
        if (permission.startsWith(fessConfig.getRoleSearchUserPrefix())
                && permission.length() > fessConfig.getRoleSearchUserPrefix().length()) {
            return aclPrefix + userPrefix + permission.substring(fessConfig.getRoleSearchUserPrefix().length());
        }
        if (permission.startsWith(fessConfig.getRoleSearchGroupPrefix())

    // access mask encoding
    /**
     * Permission to read data from the file.
     */
    int FILE_READ_DATA = 0x00000001; // 1
    /**
     * Permission to write data to the file.
     */
    int FILE_WRITE_DATA = 0x00000002; // 2
    /**
     * Permission to append data to the file.
     */
    int FILE_APPEND_DATA = 0x00000004; // 3
    /**
     * Permission to read extended attributes.
     */

		if getRequestAuthType(r) == authTypeAnonymous {
			// As per "Permission" section in
			// https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectGET.html
			// If the object you request does not exist,
			// the error Amazon S3 returns depends on
			// whether you also have the s3:ListBucket
			// permission.
			// * If you have the s3:ListBucket permission
			//   on the bucket, Amazon S3 will return an

under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.

  When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it.  (Additional permissions may be written to require their own
removal in certain cases when you modify the work.)  You may place

        LOGIN_FAILURE,
        /**
         * The update permission action.
         */
        UPDATE_PERMISSION;
    }

    /**
     * Set the logger name.
     * @param loggerName The logger name.
     */
    public void setLoggerName(final String loggerName) {
        this.loggerName = loggerName;
    }

    /**
     * Set the permission separator.

			// In governance mode, users can't overwrite or delete an object
			// version or alter its lock settings unless they have special
			// permissions. With governance mode, you protect objects against
			// being deleted by most users, but you can still grant some users
			// permission to alter the retention settings or delete the object
			// if necessary. You can also use governance mode to test retention-period

     licenses, a licensor grants the public permission to use the
     licensed material under specified terms and conditions. If
     the licensor's permission is not necessary for any reason--for
     example, because of any applicable exception or limitation to
     copyright--then that use is not regulated by the license. Our
     licenses grant only permissions under copyright and certain

    }

    /**
     * Checks if a permission string is a user permission.
     *
     * @param permission The permission string.
     * @return true if it is a user permission, false otherwise.
     */
    public boolean isUserPermission(final String permission) {
        if (StringUtil.isNotBlank(permission)) {
            return permission.startsWith(ComponentUtil.getFessConfig().getRoleSearchUserPrefix());

    <example>${fe:message("labels.foobar", "default value")}</example>
  </function>

  <function>
    <description>Check if user has a permission.</description>
    <name>permission</name>
    <function-class>org.codelibs.fess.taglib.FessFunctions</function-class>
    <function-signature>boolean hasActionRole(java.lang.String)</function-signature>

        // nothing
    }

    /**
     * Checks if the current user has permission to access the given resource.
     * For admin actions, verifies that the user has appropriate admin roles or
     * meets the secured annotation requirements.
     *
     * @param resource the login handling resource to check permission for
     * @throws LoginRequiredException if login is required