@RequestMapping(value = "/user", method = RequestMethod.PUT)
  @Transactional
  public ResponseEntity<Client> doIt(@RequestBody Client client, Authentication authentication) {

    List<String> errors = DomainValidator.checkForErrors(client);
    if (!errors.isEmpty()) {
      return new ResponseEntity<Client>(new Client(client, errors), HttpStatus.BAD_REQUEST);
    }
    HttpStatus status = null;

    List<GrantedAuthority> authorities = new ArrayList<>();
    authorities.add(new SimpleGrantedAuthority("USER"));

    if (ApplicationSecurity.isRoot(authentication)) {
      if (ApplicationSecurity.isRoot(client.getUsername())) {
        return new ResponseEntity<Client>(
            new Client(client, cannotChangeRootPassword), HttpStatus.BAD_REQUEST);
      }
      status = upsert(client, authorities);

    } else if (StringUtils.equals(client.getUsername(), authentication.getName())) {
      if (!userDetailsManager.userExists(client.getUsername())) {
        return new ResponseEntity<Client>(new Client(client, mustBeRoot), HttpStatus.BAD_REQUEST);
      }
      User user = new User(client.getUsername(), client.getPassword(), authorities);
      userDetailsManager.updateUser(user);
      status = HttpStatus.OK;

    } else {
      return new ResponseEntity<Client>(HttpStatus.FORBIDDEN);
    }

    return new ResponseEntity<Client>(new Client(client), status);
  }
  @RequestMapping(value = "/product/{prod}", method = RequestMethod.DELETE)
  @Transactional
  public ResponseEntity<ProductResult> doIt(
      @PathVariable("prod") String product, Authentication auth) {

    if (!ApplicationSecurity.isRoot(auth)) {
      return new ResponseEntity<ProductResult>(HttpStatus.FORBIDDEN);
    }

    Product reqProduct = new Product(product, null);
    List<String> errors = DomainValidator.checkForErrors(reqProduct);

    if (!errors.isEmpty()) {
      return new ResponseEntity<ProductResult>(
          new ProductResult(reqProduct, errors), HttpStatus.BAD_REQUEST);
    }

    if (!products.exists(reqProduct.getName())) {
      return new ResponseEntity<ProductResult>(
          new ProductResult(reqProduct, Product.NOT_FOUND), HttpStatus.NOT_FOUND);
    }

    products.delete(reqProduct.getName());
    components.deleteByKeyProduct(reqProduct.getName());
    properties.deleteByKeyProduct(reqProduct.getName());
    userProducts.deleteByKeyProduct(reqProduct.getName());
    return new ResponseEntity<ProductResult>(HttpStatus.OK);
  }