("/items?q=foo&skip=5", 200, {"q": "foo", "skip": 5, "limit": 100}),
        ("/items?q=foo&skip=5&limit=30", 200, {"q": "foo", "skip": 5, "limit": 30}),
        ("/users", 200, {"q": None, "skip": 0, "limit": 100}),
    ],
)
def test_get(path, expected_status, expected_response, client: TestClient):
    response = client.get(path)
    assert response.status_code == expected_status

In another terminal, create a policy that allows root user all access and for all other users denies `PutObject`:

```sh
cat > example.rego <<EOF
package httpapi.authz

import input

default allow = false

# Allow the root user to perform any action.
allow {
 input.owner == true
}

# All other users may do anything other than call PutObject
allow {
 input.action != "s3:PutObject"

		Result  string
		Vars    []interface{}
	}{
		{
			[]clause.Interface{clause.Delete{}, clause.From{}},
			"DELETE FROM `users`", nil,
		},
		{
			[]clause.Interface{clause.Delete{Modifier: "LOW_PRIORITY"}, clause.From{}},
			"DELETE LOW_PRIORITY FROM `users`", nil,
		},
	}

	for idx, result := range results {
		t.Run(fmt.Sprintf("case #%v", idx), func(t *testing.T) {

    [
        ("me", {"user_id": "the current user"}),
        ("alice", {"user_id": "alice"}),
    ],
)
def test_get_users(user_id: str, expected_response: dict):
    response = client.get(f"/users/{user_id}")
    assert response.status_code == 200, response.text
    assert response.json() == expected_response


def test_openapi_schema():
    response = client.get("/openapi.json")

	results := []struct {
		Clauses []clause.Interface
		Result  string
		Vars    []interface{}
	}{
		{
			[]clause.Interface{clause.Update{}},
			"UPDATE `users`", nil,
		},
		{
			[]clause.Interface{clause.Update{Modifier: "LOW_PRIORITY"}},
			"UPDATE LOW_PRIORITY `users`", nil,
		},
		{
			[]clause.Interface{clause.Update{Table: clause.Table{Name: "products"}, Modifier: "LOW_PRIORITY"}},
			"UPDATE LOW_PRIORITY `products`", nil,

async def get_items():
    return [
        {"name": "Plumbus", "price": 3},
        {"name": "Portal Gun", "price": 9001},
    ]


@app.post("/users/", response_model=ResponseMessage, tags=["users"])
async def create_user(user: User):

		Clauses []clause.Interface
		Result  string
		Vars    []interface{}
	}{
		{
			[]clause.Interface{clause.Insert{}},
			"INSERT INTO `users`", nil,
		},
		{
			[]clause.Interface{clause.Insert{Modifier: "LOW_PRIORITY"}},
			"INSERT LOW_PRIORITY INTO `users`", nil,
		},
		{
			[]clause.Interface{clause.Insert{Table: clause.Table{Name: "products"}, Modifier: "LOW_PRIORITY"}},

}

// LookupUser lookup userid for the provider
func (r Config) LookupUser(roleArn, userid string) (provider.User, error) {
	// Can safely ignore error here as empty or invalid ARNs will not be
	// mapped.
	arnVal, _ := arn.Parse(roleArn)
	pCfg, ok := r.arnProviderCfgsMap[arnVal]
	if ok {
		user, err := pCfg.provider.LookupUser(userid)
		if err != nil && err != provider.ErrAccessTokenExpired {

## FastAPI Experts

These are the users that have been [helping others the most with questions in GitHub](help-fastapi.md#help-others-with-questions-in-github){.internal-link target=_blank}. 🙇

They have proven to be **FastAPI Experts** by helping many others. ✨

}`)

	err := s.adm.AddCannedPolicy(ctx, policy, policyBytes)
	if err != nil {
		c.Fatalf("policy add error: %v", err)
	}

	{
		userDN := "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
		userReq := madmin.PolicyAssociationReq{
			Policies: []string{policy},
			User:     userDN,
		}
		if _, err := s.adm.AttachPolicyLDAP(ctx, userReq); err != nil {
			c.Fatalf("Unable to attach policy: %v", err)
		}