@RequestMapping(value = "/user", method = RequestMethod.PUT)
  @Transactional
  public ResponseEntity<Client> doIt(@RequestBody Client client, Authentication authentication) {

    List<String> errors = DomainValidator.checkForErrors(client);
    if (!errors.isEmpty()) {
      return new ResponseEntity<Client>(new Client(client, errors), HttpStatus.BAD_REQUEST);
    }
    HttpStatus status = null;

    List<GrantedAuthority> authorities = new ArrayList<>();
    authorities.add(new SimpleGrantedAuthority("USER"));

    if (ApplicationSecurity.isRoot(authentication)) {
      if (ApplicationSecurity.isRoot(client.getUsername())) {
        return new ResponseEntity<Client>(
            new Client(client, cannotChangeRootPassword), HttpStatus.BAD_REQUEST);
      }
      status = upsert(client, authorities);

    } else if (StringUtils.equals(client.getUsername(), authentication.getName())) {
      if (!userDetailsManager.userExists(client.getUsername())) {
        return new ResponseEntity<Client>(new Client(client, mustBeRoot), HttpStatus.BAD_REQUEST);
      }
      User user = new User(client.getUsername(), client.getPassword(), authorities);
      userDetailsManager.updateUser(user);
      status = HttpStatus.OK;

    } else {
      return new ResponseEntity<Client>(HttpStatus.FORBIDDEN);
    }

    return new ResponseEntity<Client>(new Client(client), status);
  }
  private HttpStatus upsert(Client client, List<GrantedAuthority> authorities) {
    HttpStatus status;

    User user = new User(client.getUsername(), client.getPassword(), authorities);
    if (userDetailsManager.userExists(client.getUsername())) {
      userDetailsManager.updateUser(user);
      status = HttpStatus.OK;
    } else {
      userDetailsManager.createUser(user);
      status = HttpStatus.CREATED;
    }
    return status;
  }