return null;
        }
        if (permission.startsWith(fessConfig.getRoleSearchUserPrefix())
                && permission.length() > fessConfig.getRoleSearchUserPrefix().length()) {
            return aclPrefix + userPrefix + permission.substring(fessConfig.getRoleSearchUserPrefix().length());
        }
        if (permission.startsWith(fessConfig.getRoleSearchGroupPrefix())

    // access mask encoding
    /**
     * Permission to read data from the file.
     */
    int FILE_READ_DATA = 0x00000001; // 1
    /**
     * Permission to write data to the file.
     */
    int FILE_WRITE_DATA = 0x00000002; // 2
    /**
     * Permission to append data to the file.
     */
    int FILE_APPEND_DATA = 0x00000004; // 3
    /**
     * Permission to read extended attributes.
     */

		if getRequestAuthType(r) == authTypeAnonymous {
			// As per "Permission" section in
			// https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectGET.html
			// If the object you request does not exist,
			// the error Amazon S3 returns depends on
			// whether you also have the s3:ListBucket
			// permission.
			// * If you have the s3:ListBucket permission
			//   on the bucket, Amazon S3 will return an

     * @param loggerName The logger name.
     */
    public void setLoggerName(final String loggerName) {
        this.loggerName = loggerName;
    }

    /**
     * Set the permission separator.
     * @param permissionSeparator The permission separator.
     */
    public void setPermissionSeparator(final String permissionSeparator) {
        this.permissionSeparator = permissionSeparator;
    }

    /**

                    + "    derived from this software without specific prior written permission\\.|\n"
                    + "  (3\\.)? Neither the name of .+ nor the names of its\n"
                    + "     contributors may be used to endorse or promote products derived from\n"
                    + "     this software without specific prior written permission\\.)\n"
                    + "\n"

        // nothing
    }

    /**
     * Checks if the current user has permission to access the given resource.
     * For admin actions, verifies that the user has appropriate admin roles or
     * meets the secured annotation requirements.
     *
     * @param resource the login handling resource to check permission for
     * @throws LoginRequiredException if login is required

under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.

  When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it.  (Additional permissions may be written to require their own
removal in certain cases when you modify the work.)  You may place

     licenses, a licensor grants the public permission to use the
     licensed material under specified terms and conditions. If
     the licensor's permission is not necessary for any reason--for
     example, because of any applicable exception or limitation to
     copyright--then that use is not regulated by the license. Our
     licenses grant only permissions under copyright and certain

			// In governance mode, users can't overwrite or delete an object
			// version or alter its lock settings unless they have special
			// permissions. With governance mode, you protect objects against
			// being deleted by most users, but you can still grant some users
			// permission to alter the retention settings or delete the object
			// if necessary. You can also use governance mode to test retention-period

		}) {
			// Request is allowed return the appropriate access key.
			return ErrNone
		}

		if action == policy.ListBucketVersionsAction {
			// In AWS S3 s3:ListBucket permission is same as s3:ListBucketVersions permission
			// verify as a fallback.
			if globalPolicySys.IsAllowed(policy.BucketPolicyArgs{
				AccountName:     cred.AccessKey,
				Groups:          cred.Groups,