{* ../../docs_src/security/tutorial002_an_py310.py hl[25] *}

## Obtener el usuario

`get_current_user` usará una función de utilidad (falsa) que creamos, que toma un token como un `str` y devuelve nuestro modelo de Pydantic `User`:

{* ../../docs_src/security/tutorial002_an_py310.py hl[19:22,26:27] *}

## Inyectar al usuario actual

Entonces ahora podemos usar el mismo `Depends` con nuestro `get_current_user` en la *path operation*:

## 🤚 👩‍💻

`get_current_user` 🔜 ⚙️ (❌) 🚙 🔢 👥 ✍, 👈 ✊ 🤝 `str` & 📨 👆 Pydantic `User` 🏷:

{* ../../docs_src/security/tutorial002.py hl[19:22,26:27] *}

## 💉 ⏮️ 👩‍💻

🔜 👥 💪 ⚙️ 🎏 `Depends` ⏮️ 👆 `get_current_user` *➡ 🛠️*:

{* ../../docs_src/security/tutorial002.py hl[31] *}

👀 👈 👥 📣 🆎 `current_user` Pydantic 🏷 `User`.

👉 🔜 ℹ 🇺🇲 🔘 🔢 ⏮️ 🌐 🛠️ & 🆎 ✅.

/// tip

 * }
 * }
 *
 * @author Ben Yu
 * @since 12.0
 */
/*
 * A nullable bound would let users create a TypeParameter instance for a parameter with a nullable
 * bound. However, it would also let them create `new TypeParameter<@Nullable T>() {}`, which
 * wouldn't behave as users might expect. Additionally, it's not clear how the TypeToken API could

    without any of its other classes -- but is also available in a second
    "version" that omits the class to avoid conflicts with the copy in Guava
    itself. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...

Etwa `/users/me`, um Daten über den aktuellen Benutzer zu erhalten.

Und Sie haben auch einen Pfad `/users/{user_id}`, um Daten über einen spezifischen Benutzer zu erhalten, mittels einer Benutzer-ID.

Weil *Pfadoperationen* in ihrer Reihenfolge ausgewertet werden, müssen Sie sicherstellen, dass der Pfad `/users/me` vor `/users/{user_id}` deklariert wurde:

func TestAssociationError(t *testing.T) {
	user := *GetUser("TestAssociationError", Config{Pets: 2, Company: true, Account: true, Languages: 2})
	DB.Create(&user)

	var user1 User
	DB.Preload("Company").Preload("Pets").Preload("Account").Preload("Languages").First(&user1)

	var emptyUser User
	var err error
	// belongs to
	err = DB.Model(&emptyUser).Association("Company").Delete(&user1.Company)

Algo como `/users/me` por exemplo, digamos que essa rota seja utilizada para pegar dados sobre o usuário atual.

E então você pode ter também uma rota `/users/{user_id}` para pegar dados sobre um usuário específico associado a um ID de usuário.

Porque as operações de rota são avaliadas em ordem, você precisa ter certeza que a rota para `/users/me` está sendo declarado antes da rota `/users/{user_id}`:

Latency sensitive applications may notice an increased latency due to a request to the external plugin upon every authenticated request to MinIO. User are advised to provision their infrastructure such that latency and performance is acceptable.

## Quickstart

### 2. Create a sample OPA Policy

In another terminal, create a policy that allows root user all access and for all other users denies `PutObject`:

```sh
cat > example.rego <<EOF
package httpapi.authz

import input

default allow = false

# Allow the root user to perform any action.
allow {
 input.owner == true
}

# All other users may do anything other than call PutObject
allow {
 input.action != "s3:PutObject"

         * System properties are initialized before the build starts and are available throughout the entire Maven
         * execution. They are used for core Maven functionality that needs to be established at startup.
         */
        SYSTEM_PROPERTIES,
        /**