Shinsuke Sugaya <******@****.***> 1638450896 +0900

openapi: 3.0.3
info:
  title: Fess - User API
  description: |-
    This is a Fess Server based on the OpenAPI 3.0 specification.  
  license:
    name: Apache 2.0
    url: http://www.apache.org/licenses/LICENSE-2.0.html
  version: 14.8.0
externalDocs:
  description: API Documentation
  url: https://fess.codelibs.org/14.8/api/
servers:
  - url: http://localhost:8080/api/v1
tags:
  - name: search
    description: Search operations

//	// assign an email if the record is not found
//	db.Where(User{Name: "non_existing"}).Attrs(User{Email: "******@****.***"}).FirstOrInit(&user)
//	// user -> User{Name: "non_existing", Email: "******@****.***"}
//
//	// assign an email if the record is not found, otherwise ignore provided email
//	db.Where(User{Name: "jinzhu"}).Attrs(User{Email: "******@****.***"}).FirstOrInit(&user)
//	// user -> User{Name: "jinzhu", Age: 20}
//

Shinsuke Sugaya <******@****.***> 1638450896 +0900

)

func TestDistinct(t *testing.T) {
	users := []User{
		*GetUser("distinct", Config{}),
		*GetUser("distinct", Config{}),
		*GetUser("distinct", Config{}),
		*GetUser("distinct-2", Config{}),
		*GetUser("distinct-3", Config{}),
	}
	users[0].Age = 20

	if err := DB.Create(&users).Error; err != nil {
		t.Fatalf("errors happened when create users: %v", err)
	}

	var names []string

	type User struct {
		ID        int32 `gorm:"primaryKey"`
		Name      string
		CreatorID *int32
		Creator   *User
	}

	checkStructRelation(t, &User{}, Relation{
		Name: "Creator", Type: schema.BelongsTo, Schema: "User", FieldSchema: "User",
		References: []Reference{{"ID", "User", "CreatorID", "User", "", false}},
	})
}

func TestSelfReferentialBelongsToOverrideReferences(t *testing.T) {
	type User struct {

				},
			},
			sql: "INNER JOIN `user` USING (`id`)",
		},
	}
	for _, result := range results {
		t.Run(result.name, func(t *testing.T) {
			user, _ := schema.Parse(&tests.User{}, &sync.Map{}, db.NamingStrategy)
			stmt := &gorm.Statement{DB: db, Table: user.Table, Schema: user, Clauses: map[string]clause.Clause{}}
			result.join.Build(stmt)
			if result.sql != stmt.SQL.String() {

	var u User
	b.ResetTimer()
	for x := 0; x < b.N; x++ {
		DB.Raw("select * from users where id = ?", user.ID).Scan(&u)
	}
}

func BenchmarkScanSlice(b *testing.B) {
	DB.Exec("delete from users")
	for i := 0; i < 10_000; i++ {
		user := *GetUser(fmt.Sprintf("scan-%d", i), Config{})
		DB.Create(&user)
	}

	var u []User
	b.ResetTimer()
	for x := 0; x < b.N; x++ {
		DB.Raw("select * from users").Scan(&u)
	}
}

```JSON
{
  "detail": "Not authenticated"
}
```

### Inactive user { #inactive-user }

Now try with an inactive user, authenticate with:

User: `alice`

Password: `secret2`

And try to use the operation `GET` with the path `/users/me`.

You will get an "Inactive user" error, like:

```JSON
{
  "detail": "Inactive user"
}
```

## Recap { #recap }

### 2. Create a sample OPA Policy

In another terminal, create a policy that allows root user all access and for all other users denies `PutObject`:

```sh
cat > example.rego <<EOF
package httpapi.authz

import input

default allow = false

# Allow the root user to perform any action.
allow {
 input.owner == true
}

# All other users may do anything other than call PutObject
allow {
 input.action != "s3:PutObject"