CheckUser(t, user, users2[idx])
	}
}

func TestJoinConds(t *testing.T) {
	user := *GetUser("joins-conds", Config{Account: true, Pets: 3})
	DB.Save(&user)

	var users1 []User
	DB.Joins("inner join pets on pets.user_id = users.id").Where("users.name = ?", user.Name).Find(&users1)
	if len(users1) != 3 {
		t.Errorf("should find two users using left join, but got %v", len(users1))
	}

	var users2 []User

	k.accessToken = accessToken
	k.Unlock()
	return nil
}

// LookupUser lookup user by their userid.
func (k *KeycloakProvider) LookupUser(userid string) (User, error) {
	req, err := http.NewRequest(http.MethodGet, k.adminURL, nil)
	if err != nil {
		return User{}, err
	}
	req.URL.Path = path.Join(req.URL.Path, "realms", k.realm, "users", userid)

	k.Lock()
	accessToken := k.accessToken
	k.Unlock()

			}},
			References: []Reference{{"ID", "User", "UserID", "UserSpeak", "", true}, {"Code", "Language", "LanguageCode", "UserSpeak", "", false}},
		},
		{
			Name: "Friends", Type: schema.Many2Many, Schema: "User", FieldSchema: "User",
			JoinTable: JoinTable{Name: "user_friends", Table: "user_friends", Fields: []schema.Field{
				{
					Name: "UserID", DBName: "user_id", BindNames: []string{"UserID"}, DataType: schema.Uint,

	type User struct {
		ID        int32 `gorm:"primaryKey"`
		Name      string
		CreatorID *int32
		Creator   *User
	}

	checkStructRelation(t, &User{}, Relation{
		Name: "Creator", Type: schema.BelongsTo, Schema: "User", FieldSchema: "User",
		References: []Reference{{"ID", "User", "CreatorID", "User", "", false}},
	})
}

func TestSelfReferentialBelongsToOverrideReferences(t *testing.T) {
	type User struct {

The following example shows how to get the details of the user with `{userid}` from `{realm}` realm:

```
curl \
  -H "Authorization: Bearer eyJhbGciOiJSUz..." \
  "http://localhost:8080/auth/admin/realms/{realm}/users/{userid}"
```

### Configure MinIO

```
export MINIO_ROOT_USER=minio
export MINIO_ROOT_PASSWORD=minio123
minio server /mnt/export

		}
		if err == provider.ErrAccessTokenExpired {
			if err = pCfg.provider.LoginWithClientID(pCfg.ClientID, pCfg.ClientSecret); err != nil {
				return user, err
			}
			user, err = pCfg.provider.LookupUser(userid)
		}
		return user, err
	}
	// Without any specific logic for a provider, all accounts
	// are always enabled.
	return provider.User{ID: userid, Enabled: true}, nil
}

// getUserWithProvider - returns the appropriate internal username based on the user provider.
// if validate is true, an error is returned if the user does not exist.
func getUserWithProvider(ctx context.Context, userProvider, user string, validate bool) (string, error) {
	switch userProvider {
	case madmin.BuiltinProvider:
		if validate {
			if _, ok := globalIAMSys.GetUser(ctx, user); !ok {
				return "", errNoSuchUser
			}
		}
		return user, nil

		claims   = cred.Claims
		groups   = cred.Groups
	)

	if cred.IsTemp() || cred.IsServiceAccount() {
		// For derived credentials, check the parent user's permissions.
		username = cred.ParentUser
	}

	principalType := "Anonymous"
	if username != "" {
		principalType = "User"
		if len(claims) > 0 {
			principalType = "AssumedRole"
		}
		if username == globalActiveCred.AccessKey {
			principalType = "Account"
		}
	}

	DB.Omit(clause.Associations).Create(&user2)

	var result2 User
	DB.Preload(clause.Associations).First(&result2, user2.ID)

	user2.Account = Account{}
	user2.Toys = nil
	user2.Manager = nil
	user2.Company = Company{}
	user2.Pets = nil
	user2.Team = nil
	user2.Languages = nil
	user2.Friends = nil

	CheckUser(t, result2, user2)
}

func TestFirstOrCreateNotExistsTable(t *testing.T) {

	if users[1].Name != "update_column_02_newname" || users[1].Age != 100 {
		t.Errorf("user 2 should be updated with update column")
	}
	AssertEqual(t, lastUpdatedAt.UnixNano(), users[1].UpdatedAt.UnixNano())

	// user2 should not be updated
	var user1, user2 User
	DB.First(&user1, users[0].ID)
	DB.First(&user2, users[1].ID)
	CheckUser(t, user1, *users[0])
	CheckUser(t, user2, *users[1])