commit.

Contributor License Agreement
-----------------------------

Contributions to any Google project must be accompanied by a Contributor
License Agreement. This is not a copyright _assignment_; it simply gives
Google permission to use and redistribute your contributions as part of the
project.

  - If you are an individual writing original source code and you're sure you
    own the intellectual property, then you'll need to sign an [individual

Casdoor is a UI-first centralized authentication / Single-Sign-On (SSO) platform supporting OAuth 2.0, OIDC and SAML, integrated with Casbin RBAC and ABAC permission management. This document covers configuring Casdoor identity provider support with MinIO.

## Prerequisites

	if s3Err != ErrNone {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL)
		return
	}

	// Now we have all the key names, for each of them, check whether the policy grants permission for
	// the user to list it. Filter in place to leave only allowed keys.
	n := 0
	for _, k := range allKeys {
		if checkKMSActionAllowed(r, owner, cred, policy.KMSListKeysAction, k.Name) {
			allKeys[n] = k
			n++

| Params        | Value                                          |

      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.

   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the

They are normally used to declare specific security permissions, for example:

* `users:read` or `users:write` are common examples.
* `instagram_basic` is used by Facebook / Instagram.
* `https://www.googleapis.com/auth/drive` is used by Google.

/// info

In OAuth2 a "scope" is just a string that declares a specific permission required.

It doesn't matter if it has other characters like `:` or if it is a URL.

    /** Extended security negotiation flag */
    int FLAGS2_EXTENDED_SECURITY_NEGOTIATION = 0x0800;
    /** Resolve paths in DFS flag */
    int FLAGS2_RESOLVE_PATHS_IN_DFS = 0x1000;
    /** Permit read if execute permission flag */
    int FLAGS2_PERMIT_READ_IF_EXECUTE_PERM = 0x2000;
    /** 32-bit status codes flag */
    int FLAGS2_STATUS32 = 0x4000;
    /** Unicode strings flag */
    int FLAGS2_UNICODE = 0x8000;

        copyBeanToBean(entity, body, copyOp -> {
            copyOp.excludeNull();
            copyOp.exclude(Constants.PERMISSIONS, Constants.VIRTUAL_HOSTS);
        });
        final PermissionHelper permissionHelper = ComponentUtil.getPermissionHelper();
        body.permissions = stream(entity.getPermissions()).get(stream -> stream.map(s -> permissionHelper.decode(s))
                .filter(StringUtil::isNotBlank)

This would allow you to have a more fine-grained permission system, following the OAuth2 standard, integrated into your OpenAPI application (and the API docs).

OAuth2 with scopes is the mechanism used by many big authentication providers, like Facebook, Google, GitHub, Microsoft, X (Twitter), etc. They use it to provide specific permissions to users and applications.

      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.

   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the