for i := range *locks {
		(*locks)[i] = ""
	}

	restClnts, owner := ds.GetLockers()

	// Create buffered channel of size equal to total number of nodes.
	ch := make(chan Granted, len(restClnts))
	var wg sync.WaitGroup

	args := LockArgs{
		Owner:     owner,
		UID:       id,
		Resources: names,
		Source:    source,
		Quorum:    &quorum,
	}

	UID string

	// Resources contains single or multiple entries to be locked/unlocked.
	Resources []string

	// Owner represents unique ID for this instance, an owner who originally requested
	// the locked resource, useful primarily in figuring out stale locks.
	Owner string

	// Source contains the line number, function and file name of the code
	// on the client node that requested the lock.

		}

		// Now check if we have a sessionPolicy.
		if _, ok = eclaims[policy.SessionPolicyName]; ok {
			owner = false
		} else {
			owner = globalActiveCred.AccessKey == ucred.ParentUser
		}

		groups = ucred.Groups
	}

	return claims, groups, owner, nil
}

// newCachedAuthToken returns the cached token.
func newCachedAuthToken() func() string {
	return func() string {

		return cred, false, s3Err
	}
	cred.Claims = claims

	owner := cred.AccessKey == globalActiveCred.AccessKey || (cred.ParentUser == globalActiveCred.AccessKey && cred.AccessKey != siteReplicatorSvcAcc)
	if owner && !globalAPIConfig.permitRootAccess() {
		// We disable root access and its service accounts if asked for.
		return cred, owner, ErrAccessKeyDisabled
	}

	if _, ok := claims[policy.SessionPolicyName]; ok {

    assert response.status_code == 400, response.text
    assert response.json() == {"detail": "Owner error: Rick"}


def test_get_item(client: TestClient):
    response = client.get("/items/portal-gun")
    assert response.status_code == 200, response.text

      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.

      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.

      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common

     */
    int READ_CONTROL = 0x00020000; // 17
    /**
     * Permission to write the discretionary access control list.
     */
    int WRITE_DAC = 0x00040000; // 18
    /**
     * Permission to change the owner.
     */
    int WRITE_OWNER = 0x00080000; // 19
    /**
     * Permission to synchronize.
     */
    int SYNCHRONIZE = 0x00100000; // 20
    /**
     * All generic permissions.
     */

        final_repos.append(
            Repo(
                name=repo.name,
                html_url=repo.html_url,
                stars=repo.stargazers_count,
                owner_login=repo.owner.login,
                owner_html_url=repo.owner.html_url,
            )
        )
    data = [repo.model_dump() for repo in final_repos]

    # Local development
    # repos_path = Path("../docs/en/data/topic_repos.yml")

				objRetention.Mode, byPassSet, r, cred,
				owner)
			if apiErr == ErrAccessDenied {
				return errAuthentication
			}
			return nil
		}

		switch ret.Mode {
		case objectlock.RetGovernance:
			govPerm := isPutRetentionAllowed(oi.Bucket, oi.Name, days,
				objRetention.RetainUntilDate.Time, objRetention.Mode,
				byPassSet, r, cred, owner)

package httpapi.authz

import input

default allow = false

# Allow the root user to perform any action.
allow {
 input.owner == true
}

# All other users may do anything other than call PutObject
allow {
 input.action != "s3:PutObject"
 input.owner == false
}
EOF
```

Then load the policy via OPA's REST API.

```
curl -X PUT --data-binary @example.rego \