// Test fix to http://issues.appfuse.org/browse/APF-96
  @Test
  public void testAddUserRoleWhenHasAdminRole() throws Exception {
    SecurityContext securityContext = new SecurityContextImpl();
    User user1 = new User("user");
    user1.setId(1L);
    user1.setPassword("password");
    user1.addRole(new Role(Constants.ADMIN_ROLE));
    UsernamePasswordAuthenticationToken token =
        new UsernamePasswordAuthenticationToken(
            user1.getUsername(), user1.getPassword(), user1.getAuthorities());
    token.setDetails(user1);
    securityContext.setAuthentication(token);
    SecurityContextHolder.setContext(securityContext);

    UserManager userManager = makeInterceptedTarget();
    final User user = new User("user");
    user.setId(1L);
    user.getRoles().add(new Role(Constants.ADMIN_ROLE));
    user.getRoles().add(new Role(Constants.USER_ROLE));

    context.checking(
        new Expectations() {
          {
            one(userDao).saveUser(with(same(user)));
          }
        });

    userManager.saveUser(user);
  }
  // Test fix to http://issues.appfuse.org/browse/APF-96
  @Test
  public void testChangeToAdminRoleFromUserRole() throws Exception {
    UserManager userManager = makeInterceptedTarget();
    User user = new User("user");
    user.setId(1L);
    user.getRoles().add(new Role(Constants.ADMIN_ROLE));

    try {
      userManager.saveUser(user);
      fail("AccessDeniedException not thrown");
    } catch (AccessDeniedException expected) {
      assertNotNull(expected);
      assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED);
    }
  }
  // Test fix to http://issues.appfuse.org/browse/APF-96
  @Test
  public void testUpdateUserWithUserRole() throws Exception {
    UserManager userManager = makeInterceptedTarget();
    final User user = new User("user");
    user.setId(1L);
    user.getRoles().add(new Role(Constants.USER_ROLE));

    context.checking(
        new Expectations() {
          {
            one(userDao).saveUser(with(same(user)));
          }
        });

    userManager.saveUser(user);
  }