}

	m := reqMap["input"].(map[string]interface{})
	accountValue := m["account"].(string)
	actionValue := m["action"].(string)

	// Allow user `minio` to perform any action.
	var res Result
	if accountValue == "minio" {
		res.Result = true
	} else {
		// All other users may not perform any `s3:Put*` operations.
		res.Result = true
		if strings.HasPrefix(actionValue, "s3:Put") {
			res.Result = false
		}
	}

//// tab | Windows

```plaintext
C:\Users\user\code\awesome-project\.venv\Scripts;C:\Windows\System32
```

這意味著系統現在會首先在以下目錄中查找程式：

```plaintext
C:\Users\user\code\awesome-project\.venv\Scripts
```

然後再在其他目錄中查找。

因此，當你在終端機中輸入 `python` 時，系統會在以下目錄中找到 Python 程式：

```plaintext
C:\Users\user\code\awesome-project\.venv\Scripts\python
```

並使用這個。

////

//// tab | Windows

```plaintext
C:\Users\user\code\awesome-project\.venv\Scripts;C:\Windows\System32
```

这意味着系统现在会首先在以下目录中查找程序：

```plaintext
C:\Users\user\code\awesome-project\.venv\Scripts
```

然后再在其他目录中查找。

因此，当你在终端中输入 `python` 时，系统会在以下目录中找到 Python 程序：

```plaintext
C:\Users\user\code\awesome-project\.venv\Scripts\python
```

并使用这个。

////

点击小锁图标，注销后，再执行同样的操作，则会得到 HTTP 401 错误：

```JSON
{
  "detail": "Not authenticated"
}
```

### 未激活用户 { #inactive-user }

测试未激活用户，输入以下信息，进行身份验证：

用户名：`alice`

密码：`secret2`

然后，执行 `/users/me` 路径的 `GET` 操作。

显示下列**未激活用户**错误信息：

```JSON
{
  "detail": "Inactive user"
}
```

## 小结 { #recap }

使用本章的工具实现基于 `username` 和 `password` 的完整 API 安全系统。

 *
 * <p>The {@link Predicates} class provides common predicates and related utilities.
 *
 * <p>See the Guava User Guide article on <a
 * href="https://github.com/google/guava/wiki/FunctionalExplained">the use of {@code Predicate}</a>.
 *
 * <h3>For Java 8+ users</h3>
 *
 * <p>This interface is now a legacy type. Use {@code java.util.function.Predicate} (or the

            return userCode;
        }).orElse(null);
    }

    /**
     * Extracts the user code from the user bean stored in the session.
     * This method retrieves the authenticated user information and creates an encrypted user code.
     *
     * @param request the HTTP servlet request
     * @return the user code from the user bean, or null if not found or invalid
     */

    description: "Testing of Elasticsearch pull requests - packaging-tests-windows"
    # We use a hard-coded workspace directory here to avoid hitting windows path length limits
    child-workspace: "C:\\Users\\jenkins\\workspace\\pr-packaging-windows\\${BUILD_NUMBER}"
    project-type: matrix
    node: master
    scm:
      - git:
          refspec: "+refs/pull/${ghprbPullId}/*:refs/remotes/origin/pr/${ghprbPullId}/*"

    * Normally, a token is set to expire after some time.
        * So, the user will have to log in again at some point later.
        * And if the token is stolen, the risk is less. It is not like a permanent key that will work forever (in most of the cases).
* The frontend stores that token temporarily somewhere.

// error returned in IAM subsystem when user doesn't exist.
var errNoSuchUser = errors.New("Specified user does not exist")

// error returned by IAM when a use a builtin IDP command when they could mean
// to use a LDAP command.
var errNoSuchUserLDAPWarn = errors.New("Specified user does not exist. If you meant a user in LDAP please use command under `mc idp ldap`")

active return 0 } # checkUserExists ($username) # Check if the user exists, by using the exit code of `mc admin user info` checkUserExists() { USER=$1 CMD=$(${MC} admin user info myminio $USER > /dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy...