type User struct {
	gorm.Model
	Name      string
	Age       uint
	Birthday  *time.Time
	Account   Account
	Pets      []*Pet
	NamedPet  *Pet
	Toys      []Toy   `gorm:"polymorphic:Owner"`
	Tools     []Tools `gorm:"polymorphicType:Type;polymorphicId:CustomID"`
	CompanyID *int
	Company   Company
	ManagerID *uint
	Manager   *User
	Team      []User     `gorm:"foreignkey:ManagerID"`

	Objects      []ObjectVersion  `json:",omitempty"` // Only set during MultiObject delete handler.
	Cred         auth.Credentials `json:"-"`
	Region       string           `json:"-"`
	Owner        bool             `json:"-"`
	AuthType     string           `json:"-"`
	tags         []KeyVal         // Any additional info not accommodated by above fields
	sync.RWMutex
}

// NewReqInfo :

	if _, ok := err.(BucketPolicyNotFound); !ok {
		internalLogIf(GlobalContext, err, logger.WarningKind)
	}

	// As policy is not available for given bucket name, returns IsOwner i.e.
	// operation is allowed only for owner.
	return args.IsOwner
}

// NewPolicySys - creates new policy system.
func NewPolicySys() *PolicySys {
	return &PolicySys{}
}

	// Source contains the line number, function and file name of the code
	// on the client node that requested the lock.
	Source string

	// Owner represents unique ID for this instance, an owner who originally requested
	// the locked resource, useful primarily in figuring out stale locks.
	Owner string

	// Quorum represents the expected quorum for this lock type.
	Quorum int
}

		return cred, false, s3Err
	}
	cred.Claims = claims

	owner := cred.AccessKey == globalActiveCred.AccessKey || (cred.ParentUser == globalActiveCred.AccessKey && cred.AccessKey != siteReplicatorSvcAcc)
	if owner && !globalAPIConfig.permitRootAccess() {
		// We disable root access and its service accounts if asked for.
		return cred, owner, ErrAccessKeyDisabled
	}

	if _, ok := claims[policy.SessionPolicyName]; ok {

}

type grant struct {
	Grantee    grantee `xml:"Grantee"`
	Permission string  `xml:"Permission"`
}

type accessControlPolicy struct {
	XMLName           xml.Name `xml:"AccessControlPolicy"`
	Owner             Owner    `xml:"Owner"`
	AccessControlList struct {
		Grants []grant `xml:"Grant"`
	} `xml:"AccessControlList"`
}

// PutBucketACLHandler - PUT Bucket ACL
// -----------------
// This operation uses the ACL subresource

	defer os.RemoveAll(testPath)

	lockRequesterInfo1 := lockRequesterInfo{
		Owner:           "owner",
		Writer:          true,
		UID:             "0123-4567",
		Timestamp:       UTCNow(),
		TimeLastRefresh: UTCNow(),
	}
	lockRequesterInfo2 := lockRequesterInfo{
		Owner:           "owner",
		Writer:          true,
		UID:             "89ab-cdef",
		Timestamp:       UTCNow(),

					return
				}
			}
		case "Source":
			z.Source, err = dc.ReadString()
			if err != nil {
				err = msgp.WrapError(err, "Source")
				return
			}
		case "Owner":
			z.Owner, err = dc.ReadString()
			if err != nil {
				err = msgp.WrapError(err, "Owner")
				return
			}
		case "Quorum":
			z.Quorum, err = dc.ReadInt()
			if err != nil {
				err = msgp.WrapError(err, "Quorum")
				return
			}
		default:

			return
		}
	} else {
		maxkeys = maxObjectList
	}

	prefix = values.Get("prefix")
	startAfter = values.Get("start-after")
	delimiter = values.Get("delimiter")
	fetchOwner = values.Get("fetch-owner") == "true"
	encodingType = values.Get("encoding-type")

	if token = values.Get("continuation-token"); token != "" {
		decodedToken, err := base64.StdEncoding.DecodeString(token)
		if err != nil {

		`Use 'sudo setcap cap_net_bind_service=+ep /path/to/minio' to provide sufficient permissions`,
	)

	ErrTLSReadError = newErrFn(
		"Cannot read the TLS certificate",
		"Please check if the certificate has the proper owner and read permissions",
		"",
	)

	ErrTLSUnexpectedData = newErrFn(
		"Invalid TLS certificate",
		"Please check your certificate",
		"",
	)

	ErrTLSNoPassword = newErrFn(