}},
			"SELECT * FROM `users` ORDER BY `users`.`id` DESC", nil,
		},
		{
			[]clause.Interface{
				clause.Select{}, clause.From{}, clause.OrderBy{
					Columns: []clause.OrderByColumn{{Column: clause.PrimaryColumn, Desc: true}},
				}, clause.OrderBy{
					Columns: []clause.OrderByColumn{{Column: clause.Column{Name: "name"}}},
				},
			},
			"SELECT * FROM `users` ORDER BY `users`.`id` DESC,`name`", nil,
		},

def test_security_http_basic(client: TestClient):
    response = client.get("/users/me", auth=("stanleyjobson", "swordfish"))
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "stanleyjobson"}


def test_security_http_basic_no_credentials(client: TestClient):
    response = client.get("/users/me")
    assert response.json() == {"detail": "Not authenticated"}

        "paths": {
            "/users/{user_id}/items/{item_id}": {
                "get": {
                    "summary": "Read User Item",
                    "operationId": "read_user_item_users__user_id__items__item_id__get",
                    "parameters": [
                        {
                            "required": True,
                            "schema": {"title": "User Id", "type": "integer"},

# OpenAPI Webhooks { #openapi-webhooks }

There are cases where you want to tell your API **users** that your app could call *their* app (sending a request) with some data, normally to **notify** of some type of **event**.

This means that instead of the normal process of your users sending requests to your API, it's **your API** (or your app) that could **send requests to their system** (to their API, their app).

This is normally called a **webhook**.

	}

	var user4 User
	DB.Preload("Account").Find(&user4, "id = ?", user.ID)

	if lastUpdatedAt.Format(time.RFC3339) == user4.Account.UpdatedAt.Format(time.RFC3339) {
		t.Fatalf("updated at should be updated, but not, old: %v, new %v", lastUpdatedAt.Format(time.RFC3339), user3.Account.UpdatedAt.Format(time.RFC3339))
	} else {
		user.Account.UpdatedAt = user4.Account.UpdatedAt
		CheckUser(t, user4, user)
	}

			"SELECT * FROM `users` FOR UPDATE", nil,
		},
		{
			[]clause.Interface{clause.Select{}, clause.From{}, clause.Locking{Strength: clause.LockingStrengthShare, Table: clause.Table{Name: clause.CurrentTable}}},
			"SELECT * FROM `users` FOR SHARE OF `users`", nil,
		},
		{

    response = client.get("/users/me")
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_token(mod: ModuleType):
    client = TestClient(mod.app)
    access_token = get_access_token(scope="me", client=client)
    response = client.get(

				},
			},
			sql: "INNER JOIN `user` USING (`id`)",
		},
	}
	for _, result := range results {
		t.Run(result.name, func(t *testing.T) {
			user, _ := schema.Parse(&tests.User{}, &sync.Map{}, db.NamingStrategy)
			stmt := &gorm.Statement{DB: db, Table: user.Table, Schema: user, Clauses: map[string]clause.Clause{}}
			result.join.Build(stmt)
			if result.sql != stmt.SQL.String() {

		// Remove user IAM
		adminRouter.Methods(http.MethodDelete).Path(adminVersion+"/remove-user").HandlerFunc(adminMiddleware(adminAPI.RemoveUser)).Queries("accessKey", "{accessKey:.*}")

		// List users
		adminRouter.Methods(http.MethodGet).Path(adminVersion+"/list-users").HandlerFunc(adminMiddleware(adminAPI.ListBucketUsers)).Queries("bucket", "{bucket:.*}")

	type User struct {
		ID        int32 `gorm:"primaryKey"`
		Name      string
		CreatorID *int32
		Creator   *User
	}

	checkStructRelation(t, &User{}, Relation{
		Name: "Creator", Type: schema.BelongsTo, Schema: "User", FieldSchema: "User",
		References: []Reference{{"ID", "User", "CreatorID", "User", "", false}},
	})
}

func TestSelfReferentialBelongsToOverrideReferences(t *testing.T) {
	type User struct {