import jakarta.validation.constraints.Size;

/**
 * Form class for editing user roles in the admin interface.
 * This form extends CreateForm to include fields necessary for updating existing role entries,
 * including tracking information for optimistic locking and audit trails.
 * Roles define permissions and access levels for users within the system.
 *
 */
public class EditForm extends CreateForm {

    /**

import jakarta.validation.constraints.Size;

/**
 * Form class for editing user groups in the admin interface.
 * This form extends CreateForm to include fields necessary for updating existing group entries,
 * including tracking information for optimistic locking and audit trails.
 * Groups are used to organize users and define access permissions.
 *
 */
public class EditForm extends CreateForm {

    /**

        TestRefreshableFessUser user = new TestRefreshableFessUser("testuser", true);
        assertTrue(user.refresh());
        assertEquals(1, user.getRefreshCount());

        // Test multiple refreshes
        user.refresh();
        user.refresh();
        assertEquals(3, user.getRefreshCount());

        // Test custom implementation that returns false
        user = new TestRefreshableFessUser("testuser", false);

Ahora prueba con un usuario inactivo, autentícate con:

Usuario: `alice`

Contraseña: `secret2`

Y trata de usar la operación `GET` con la path `/users/me`.

Obtendrás un error de "Usuario inactivo", como:

```JSON
{
  "detail": "Inactive user"
}
```

## Recapitulación

Ahora tienes las herramientas para implementar un sistema de seguridad completo basado en `username` y `password` para tu API.

active return 0 } # checkUserExists ($username) # Check if the user exists, by using the exit code of `mc admin user info` checkUserExists() { USER=$1 CMD=$(${MC} admin user info myminio $USER > /dev/null 2>&1) return $? } # createUser ($username, $password, $policy) createUser() { USER=$1 PASS=$2 POLICY=$3 # Create the user if it does not exist if ! checkUserExists $USER ; then echo "Creating user '$USER'" ${MC} admin user add myminio $USER $PASS else echo "User '$USER' already exists." fi # set policy...

            assertEquals("", domain.getAccountName());

            // User in regular domain
            SID user = new SID(buildSidT((byte) 1, ident, 10, 20, 99), jcifs.SID.SID_TYPE_USER, "MYDOM", "alice", false);
            assertEquals("MYDOM", user.getDomainName());
            assertEquals("alice", user.getAccountName());
            assertEquals("MYDOM\\alice", user.toDisplayString());
        }

        @Test

}
```

### Using MinIO Console

- Open MinIO URL on the browser, lets say <http://localhost:9000/>
- Click on `Login with SSO`
- User will be redirected to the Casdoor user login page, upon successful login the user will be redirected to MinIO page and logged in automatically,
  the user should see now the buckets and objects they have access to.

## Explore Further

	}

	m := reqMap["input"].(map[string]interface{})
	accountValue := m["account"].(string)
	actionValue := m["action"].(string)

	// Allow user `minio` to perform any action.
	var res Result
	if accountValue == "minio" {
		res.Result = true
	} else {
		// All other users may not perform any `s3:Put*` operations.
		res.Result = true
		if strings.HasPrefix(actionValue, "s3:Put") {
			res.Result = false
		}
	}

    * Normally, a token is set to expire after some time.
        * So, the user will have to log in again at some point later.
        * And if the token is stolen, the risk is less. It is not like a permanent key that will work forever (in most of the cases).
* The frontend stores that token temporarily somewhere.

```

### Include the `APIRouter`s for `users` and `items` { #include-the-apirouters-for-users-and-items }

Now, let's include the `router`s from the submodules `users` and `items`:

```Python hl_lines="10-11" title="app/main.py"
{!../../docs_src/bigger_applications/app/main.py!}
```

/// info

`users.router` contains the `APIRouter` inside of the file `app/routers/users.py`.