{putObjectActionArgs, true},
		{getObjectActionArgs, true},
		{yourbucketAnonGetObjectActionArgs, false},
		{yourbucketGetObjectActionArgs, true},
	}

	for i, testCase := range testCases {
		result := p.IsAllowed(testCase.args)

		if result != testCase.expectedResult {
			t.Fatalf("case %v: expected: %v, got: %v\n", i+1, testCase.expectedResult, result)
		}
	}
}

		}

		cred := auth.Credentials{
			AccessKey: claims.AccessKey,
			Claims:    claims.Map(),
			Groups:    groups,
		}

		// For authenticated users apply IAM policy.
		if !globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,
			Action:          policy.PrometheusAdminAction,
			ConditionValues: getConditionValues(r, "", cred),
			IsOwner:         owner,

	// Set delimiter value for "s3:delimiter" policy conditionals.
	r.Header.Set("delimiter", SlashSeparator)

	isAllowedAccess := func(bucketName string) (rd, wr bool) {
		if globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,
			Action:          policy.GetObjectAction,
			BucketName:      bucketName,
			ConditionValues: getConditionValues(r, "", cred),

			//   error.
			// * if you don’t have the s3:ListBucket
			//   permission, Amazon S3 will return an HTTP
			//   status code 403 ("access denied") error.`
			if globalPolicySys.IsAllowed(policy.BucketPolicyArgs{
				Action:          policy.ListBucketAction,
				BucketName:      bucket,
				ConditionValues: getConditionValues(r, "", auth.AnonymousCredentials),
				IsOwner:         false,
			}) {

05F5..05FF    ; disallowed                             # NA   <reserved-05F5>..<reserved-05FF>
0600..0603    ; disallowed                             # 4.0  ARABIC NUMBER SIGN..ARABIC SIGN SAFHA
0604          ; disallowed                             # 6.1  ARABIC SIGN SAMVAT
0605          ; disallowed                             # 7.0  ARABIC NUMBER MARK ABOVE

		{ObjectOpts{Name: "c2test", VersionID: "vid", DeleteMarker: true, OpType: DeleteReplicationType}, cfgs[1], false},             // 13. permanent delete of DeleteMarker version, disallowed by DeleteReplication status

 * 80..95 : Offset by a fixed positive offset. The bottom 4 bits of b1 are the top 4 bits of the offset.
 *    119 : Ignored.
 *    120 : Valid.
 *    121 : Disallowed
 *    122 : Mapped inline to the sequence: [b2].
 *    123 : Mapped inline to the sequence: [b2a].
 *    124 : Mapped inline to the sequence: [b2, b3].
 *    125 : Mapped inline to the sequence: [b2a, b3].

 */
class SimpleIdnaMappingTable internal constructor(
  internal val mappings: List<Mapping>,
) {
  /**
   * Returns true if the [codePoint] was applied successfully. Returns false if it was disallowed.
   */
  fun map(
    codePoint: Int,
    sink: BufferedSink,
  ): Boolean {
    val index =
      mappings.binarySearch {
        when {
          it.sourceCodePoint1 < codePoint -> -1

	sseS3 := crypto.S3.IsEncrypted(objInfo.UserDefined)
	if !sseKMS && !sseS3 { // neither sse-s3 nor sse-kms disallowed
		return errInvalidEncryptionParameters
	}
	if sseKMS && r.Encryption.Type == sses3 { // previously encrypted with sse-kms, now sse-s3 disallowed
		return errInvalidEncryptionParameters
	}
	versioned := globalBucketVersioningSys.PrefixEnabled(srcBucket, srcObject)

http://ExAmPlE.CoM http://other.com/ s:http p:/ h:example.com

# Spaces should fail
http://example\sexample.com

# This should fail
http://Goo%20\sgoo%7C|.com

# U+3000 is mapped to U+0020 (space) which is disallowed
http://GOO\u00a0\u3000goo.com

# Other types of space (no-break, zero-width, zero-width-no-break) are
# name-prepped away to nothing.
# U+200B, U+2060, and U+FEFF, are ignored