private final Range<C> restriction;

    SubRangeSet(Range<C> restriction) {
      super(
          new SubRangeSetRangesByLowerBound<C>(
              Range.<Cut<C>>all(), restriction, TreeRangeSet.this.rangesByLowerBound));
      this.restriction = restriction;
    }

    @Override
    public boolean encloses(Range<C> range) {
      if (!restriction.isEmpty() && restriction.encloses(range)) {

    /** Logon failure: unknown user name or bad password */
    int NT_STATUS_LOGON_FAILURE = 0xC000006d;
    /** Logon failure: user account restriction */
    int NT_STATUS_ACCOUNT_RESTRICTION = 0xC000006e;
    /** Logon failure: account logon time restriction violation */
    int NT_STATUS_INVALID_LOGON_HOURS = 0xC000006f;
    /** Logon failure: user not allowed to log on to this computer */

    /** Logon failure: unknown user name or bad password */
    int NT_STATUS_LOGON_FAILURE = 0xC000006d;
    /** Logon failure: user account restriction */
    int NT_STATUS_ACCOUNT_RESTRICTION = 0xC000006e;
    /** Logon failure: account logon time restriction violation */
    int NT_STATUS_INVALID_LOGON_HOURS = 0xC000006f;
    /** Logon failure: user not allowed to log on to this computer */

- Allowed dynamic configuration of the service account name and audience that the kubelet could request a token for, as part of the node audience restriction feature. ([#130485](https://github.com/kubernetes/kubernetes/pull/130485), [@aramase](https://github.com/aramase)) [SIG Auth and Testing]

	if srcInfo.Legacy {
		srcInfo.metadataOnly = false
	}

	// Check if x-amz-metadata-directive or x-amz-tagging-directive was not set to REPLACE and source,
	// destination are same objects. Apply this restriction also when
	// metadataOnly is true indicating that we are not overwriting the object.
	// if encryption is enabled we do not need explicit "REPLACE" metadata to
	// be enabled as well - this is to allow for key-rotation.

- ObjectACL (Use [bucket policies](https://docs.min.io/community/minio-object-store/administration/identity-access-management/policy-based-access-control.html) instead)

## Object name restrictions on MinIO

    private DfFinalTimeZoneProvider getDBFluteSystemTimeZoneProvider() {
        try {
            // Try to access the field, handling potential security restrictions
            Field field = DBFluteSystem.class.getDeclaredField("finalTimeZoneProvider");
            field.setAccessible(true);
            return (DfFinalTimeZoneProvider) field.get(null);

/// note

`PATCH` is less commonly used and known than `PUT`.

And many teams use only `PUT`, even for partial updates.

You are **free** to use them however you want, **FastAPI** doesn't impose any restrictions.

But this guide shows you, more or less, how they are intended to be used.

///

### Using Pydantic's `exclude_unset` parameter { #using-pydantics-exclude-unset-parameter }

    }

    // Test annotation on constructor (should not compile, but test for completeness)
    static class ConstructorClass {
        // Note: @Secured cannot be applied to constructors due to @Target restrictions
        public ConstructorClass() {
        }
    }

    public void test_constructorCannotBeAnnotated() throws NoSuchMethodException {

OAuth2 has the notion of "scopes".

You can use them to add a specific set of permissions to a JWT token.

Then you can give this token to a user directly or a third party, to interact with your API with a set of restrictions.

You can learn how to use them and how they are integrated into **FastAPI** later in the **Advanced User Guide**.

## Recap { #recap }