from fastapi import APIRouter

router = APIRouter()


@router.get("/users/", tags=["users"])
async def read_users():
    return [{"username": "Rick"}, {"username": "Morty"}]


@router.get("/users/me", tags=["users"])
async def read_user_me():
    return {"username": "fakecurrentuser"}


@router.get("/users/{username}", tags=["users"])
async def read_user(username: str):

        User user1 = createTestUser("user1", "User One");
        User user2 = createTestUser("user2", "User Two");
        User user3 = createTestUser("user3", "User Three");

        chain.update(user1);
        chain.update(user2);
        chain.update(user3);

        assertEquals(3, chain.updateCalls.size());
        assertEquals(user1, chain.updateCalls.get(0));

# Get Current User { #get-current-user }

In the previous chapter the security system (which is based on the dependency injection system) was giving the *path operation function* a `token` as a `str`:

{* ../../docs_src/security/tutorial001_an_py310.py hl[12] *}

But that is still not that useful.

Let's make it give us the current user.

## Create a user model { #create-a-user-model }

First, let's create a Pydantic user model.

## Получить пользователя { #get-the-user }

`get_current_user` будет использовать созданную нами (ненастоящую) служебную функцию, которая принимает токен типа `str` и возвращает нашу Pydantic-модель `User`:

{* ../../docs_src/security/tutorial002_an_py310.py hl[19:22,26:27] *}

## Внедрить текущего пользователя { #inject-the-current-user }

As it's running **locally**, and not in the open internet, you decide to **not have any authentication** set up, just trusting the access to the local network.

Then one of your users could install it and run it locally.

Then they could open a malicious website, e.g. something like

```
https://evilhackers.example.com
```

Esto será especialmente útil cuando lo uses en una **gran code base** donde uses **las mismas dependencias** una y otra vez en **muchas *path operations***.

## Usar `async` o no usar `async` { #to-async-or-not-to-async }

## Récupérer l'utilisateur { #get-the-user }

`get_current_user` utilisera une fonction utilitaire (factice) que nous avons créée, qui prend un token en `str` et retourne notre modèle Pydantic `User` :

{* ../../docs_src/security/tutorial002_an_py310.py hl[19:22,26:27] *}

## Injecter l'utilisateur actuel { #inject-the-current-user }

     * @param userMessage the user's message
     * @param userId the user ID (can be null for anonymous users)
     * @return the chat response including session info and sources
     */
    public ChatResult chat(final String sessionId, final String userMessage, final String userId) {
        return chat(sessionId, userMessage, userId, Collections.emptyMap(), new String[0]);
    }

    /**

		t.Fatalf("no view should be created, got %v", err)
	}

	query := DB.Model(&User{}).
		Select("users.id as users_id, users.name as users_name, pets.id as pets_id, pets.name as pets_name").
		Joins("inner join pets on pets.user_id = users.id")

	if err := DB.Migrator().CreateView("users_pets", gorm.ViewOption{Query: query}); err != nil {

app.include_router(user_router, prefix="/users")
app.include_router(item_router, prefix="/items")

app.include_router(item_router, prefix="/users/{user_id}/items")


client = TestClient(app)


def test_get_users():
    """Check that /users returns expected data"""
    response = client.get("/users")
    assert response.status_code == 200, response.text