BrowseAcls initially generates a list of acls with an owner browse permission,
meaning that if a user is the owner of an OSD and the acl allows owners to browse the object, he should be able to see the object.
The existing implementation only uses acls where the user already is a member in one or more of the acl's groups, meaning we could have the situation where an OSD has Acl("browse-for-owners-with-no-connection-to-groups-other-than-owner") with permission "_browse" - and no one except the administrator would be able to view the object.
BrowseAcls initially generates a list of acls with an owner browse permission, meaning that if a user is the owner of an OSD and the acl allows owners to browse the object, he should be able to see the object.
The existing implementation only uses acls where the user already is a member in one or more of the acl's groups, meaning we could have the situation where an OSD has Acl("browse-for-owners-with-no-connection-to-groups-other-than-owner") with permission "_browse" - and no one except the administrator would be able to view the object.