t.Fatalf("Should find saved record")
	}
}

func TestNestedTransactionWithBlock(t *testing.T) {
	var (
		user  = *GetUser("transaction-nested", Config{})
		user1 = *GetUser("transaction-nested-1", Config{})
		user2 = *GetUser("transaction-nested-2", Config{})
	)

	if err := DB.Transaction(func(tx *gorm.DB) error {
		tx.Create(&user)

	}

	ctx, cancel := context.WithTimeout(context.Background(), 500*time.Millisecond)
	defer cancel()
	txCtx := tx.WithContext(ctx)

	user := *GetUser("prepared_stmt", Config{})

	txCtx.Create(&user)

	var result1 User
	if err := txCtx.Find(&result1, user.ID).Error; err != nil {
		t.Fatalf("no error should happen but got %v", err)
	}

        if (userGroups == null) {
            userGroups = getDefaultGroupsAsArray();
        }
        return userGroups;
    }

    public OpenIdUser getUser() {
        return new OpenIdUser(getUserId(), getUserGroups(), getDefaultRolesAsArray());
    }

    protected static String[] getDefaultGroupsAsArray() {

	case <-sys.configLoaded:
	default:
		err = sys.store.LoadUser(ctx, accessKey)
		loadUserCalled = true
	}

	u, ok = sys.store.GetUser(accessKey)
	if !ok && !loadUserCalled {
		err = sys.store.LoadUser(ctx, accessKey)
		loadUserCalled = true

		u, ok = sys.store.GetUser(accessKey)
	}

	if !ok && loadUserCalled && err != nil {
		iamLogOnceIf(ctx, err, accessKey)

		// return 503 to application

            // check file size
            responseData.setContentLength(file.getSize());
            checkMaxContentLength(responseData);

            if (file.getUser() != null) {
                responseData.addMetaData(FTP_FILE_USER, file.getUser());
            }
            if (file.getGroup() != null) {
                responseData.addMetaData(FTP_FILE_GROUP, file.getGroup());
            }

    }

    @Override
    public void resolveCredential(final LoginCredentialResolver resolver) {
        resolver.resolve(OpenIdConnectCredential.class, credential -> OptionalEntity.of(credential.getUser()));
    }

    @Override
    public ActionResponse getResponse(final SsoResponseType responseType) {
        return null;
    }

    @Override
    public String logout(final FessUserBean user) {

                    appendJson("user-info-id", entity.getUserInfoId(), buf).append(',');
                    appendJson("user-session-id", entity.getUserSessionId(), buf).append(',');
                    appendJson("user", entity.getUser(), buf).append(',');
                    appendJson("search-word", entity.getSearchWord(), buf).append(',');
                    appendJson("hit-count", entity.getHitCount(), buf).append(',');

	if accessKey == globalActiveCred.AccessKey {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL)
		return
	}

	user, exists := globalIAMSys.GetUser(ctx, accessKey)
	if exists && (user.Credentials.IsTemp() || user.Credentials.IsServiceAccount()) {
		// Updating STS credential is not allowed, and this API does not
		// support updating service accounts.

`, bucket, bucket))

	err = s.adm.AddCannedPolicy(ctx, policy, policyBytes)
	if err != nil {
		c.Fatalf("policy add error: %v", err)
	}

	accessKey, secretKey := mustGenerateCredentials(c)
	err = s.adm.SetUser(ctx, accessKey, secretKey, madmin.AccountEnabled)
	if err != nil {
		c.Fatalf("Unable to set user: %v", err)
	}

	_, err = s.adm.AttachPolicy(ctx, madmin.PolicyAssociationReq{
		Policies: []string{policy},

// HasWatcher - returns if the storage system has a watcher.
func (store *IAMStoreSys) HasWatcher() bool {
	_, ok := store.IAMStorageAPI.(iamStorageWatcher)
	return ok
}

// GetUser - fetches credential from memory.
func (store *IAMStoreSys) GetUser(user string) (UserIdentity, bool) {
	cache := store.rlock()
	defer store.runlock()

	u, ok := cache.iamUsersMap[user]
	if !ok {
		// Check the sts map