t.Fatalf("Should find saved record")
	}
}

func TestNestedTransactionWithBlock(t *testing.T) {
	var (
		user  = *GetUser("transaction-nested", Config{})
		user1 = *GetUser("transaction-nested-1", Config{})
		user2 = *GetUser("transaction-nested-2", Config{})
	)

	if err := DB.Transaction(func(tx *gorm.DB) error {
		tx.Create(&user)

        if (userGroups == null) {
            userGroups = getDefaultGroupsAsArray();
        }
        return userGroups;
    }

    public OpenIdUser getUser() {
        return new OpenIdUser(getUserId(), getUserGroups(), getDefaultRolesAsArray());
    }

    protected static String[] getDefaultGroupsAsArray() {

	case <-sys.configLoaded:
	default:
		err = sys.store.LoadUser(ctx, accessKey)
		loadUserCalled = true
	}

	u, ok = sys.store.GetUser(accessKey)
	if !ok && !loadUserCalled {
		err = sys.store.LoadUser(ctx, accessKey)
		loadUserCalled = true

		u, ok = sys.store.GetUser(accessKey)
	}

	if !ok && loadUserCalled && err != nil {
		iamLogOnceIf(ctx, err, accessKey)

		// return 503 to application

            // check file size
            responseData.setContentLength(file.getSize());
            checkMaxContentLength(responseData);

            if (file.getUser() != null) {
                responseData.addMetaData(FTP_FILE_USER, file.getUser());
            }
            if (file.getGroup() != null) {
                responseData.addMetaData(FTP_FILE_GROUP, file.getGroup());
            }

    }

    @Override
    public void resolveCredential(final LoginCredentialResolver resolver) {
        resolver.resolve(OpenIdConnectCredential.class, credential -> OptionalEntity.of(credential.getUser()));
    }

    @Override
    public ActionResponse getResponse(final SsoResponseType responseType) {
        return null;
    }

    @Override
    public String logout(final FessUserBean user) {

                    appendJson("user-info-id", entity.getUserInfoId(), buf).append(',');
                    appendJson("user-session-id", entity.getUserSessionId(), buf).append(',');
                    appendJson("user", entity.getUser(), buf).append(',');
                    appendJson("search-word", entity.getSearchWord(), buf).append(',');
                    appendJson("hit-count", entity.getHitCount(), buf).append(',');

	if accessKey == globalActiveCred.AccessKey {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL)
		return
	}

	user, exists := globalIAMSys.GetUser(ctx, accessKey)
	if exists && (user.Credentials.IsTemp() || user.Credentials.IsServiceAccount()) {
		// Updating STS credential is not allowed, and this API does not
		// support updating service accounts.

		value, err := ldapID.Retrieve()
		if err != nil {
			c.Fatalf("Expected to generate STS creds, got err: %#v", err)
		}

		// Retrieve the STS account's credential object.
		u, ok := globalIAMSys.GetUser(ctx, value.AccessKeyID)
		if !ok {
			c.Fatalf("Expected to find user %s", value.AccessKeyID)
		}

		if u.Credentials.AccessKey != value.AccessKeyID {

// HasWatcher - returns if the storage system has a watcher.
func (store *IAMStoreSys) HasWatcher() bool {
	_, ok := store.IAMStorageAPI.(iamStorageWatcher)
	return ok
}

// GetUser - fetches credential from memory.
func (store *IAMStoreSys) GetUser(user string) (UserIdentity, bool) {
	cache := store.rlock()
	defer store.runlock()

	u, ok := cache.iamUsersMap[user]
	if !ok {
		// Check the sts map

	bucketName := r.Form.Get(peerRESTBucket)
	enableSha256 := r.Form.Get(peerRESTEnableSha256) == "true"
	enableMultipart := r.Form.Get(peerRESTEnableMultipart) == "true"

	u, ok := globalIAMSys.GetUser(r.Context(), r.Form.Get(peerRESTAccessKey))
	if !ok {
		s.writeErrorResponse(w, errAuthentication)
		return
	}

	size, err := strconv.Atoi(sizeStr)
	if err != nil {
		size = 64 * humanize.MiByte