Make sure you enabled status is considered when creating a user

Closes #16

Author: adamretter

src/main/xar-resources/modules/security.xqm

@@ -152,19 +152,21 @@ function sec:create-user($username as xs:string, $user-data as map(xs:string, it
          :)
         let $_ := sm:create-account($username, util:uuid(), $primary-group, ($primary-group, array:flatten($user-data?groups)))
         let $_ := sm:passwd-hash($username, $user-data?password)
-        return
+        let $_ :=
             if (not(empty($user-data?metadata)))
             then
-                (
-                    let $_ := array:for-each($user-data?metadata, function($attribute as map(xs:string, xs:string)) {
-                        sm:set-account-metadata($username, $attribute?key, $attribute?value)
-                    })
-                    return ()
-                    ,
-                    true()
-                )
-            else
-                true()
+                let $_ := array:for-each($user-data?metadata, function($attribute as map(xs:string, xs:string)) {
+                    sm:set-account-metadata($username, $attribute?key, $attribute?value)
+                })
+                return ()
+            else()
+        let $_ :=
+            if (not(empty($user-data?enabled)))
+            then
+                sm:set-account-enabled($username, $user-data?enabled)
+            else()
+        return
+            true()
     else
         false()
 };

src/test/java/com/fusiondb/studio/api/UserIT.java

@@ -29,18 +29,40 @@
 import static io.restassured.http.ContentType.JSON;
 import static org.apache.http.HttpStatus.*;
 import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
 public class UserIT {
 
     @Test
     public void createUser() {
-        createUser("123");
+        final String userId = "123";
+
+        createUser(userId);
+
+        // get user
+        final ExtractableResponse<Response> userResponse = getUser(userId);
+
+        // check they are enabled
+        assertTrue(userResponse.jsonPath().getBoolean("enabled"));
     }
 
     @Test
-    public void disableUser() {
+    public void createUserDisabled() {
         final String userId = "456";
 
+        createUser(userId, true);
+
+        // get user
+        final ExtractableResponse<Response> userResponse = getUser(userId);
+
+        // check they are disabled
+        assertFalse(userResponse.jsonPath().getBoolean("enabled"));
+    }
+
+    @Test
+    public void disableUser() {
+        final String userId = "789";
+
         // 1. create the user
         createUser(userId);
 
@@ -78,6 +100,10 @@ private ExtractableResponse<Response> getUser(final String userId) {
     }
 
     private void createUser(final String userId) {
+        createUser(userId,false);
+    }
+
+    private void createUser(final String userId, final boolean disabled) {
         final Map<String, Object> requestBody = mapOf(
                 Tuple("userName", "user" + userId),
                 Tuple("password", "user" + userId),
@@ -93,6 +119,10 @@ private void createUser(final String userId) {
                 ))
         );
 
+        if (disabled) {
+            requestBody.put("enabled", false);
+        }
+
         given().
                 auth().preemptive().basic(DEFAULT_ADMIN_USERNAME, DEFAULT_ADMIN_PASSWORD).
                 contentType(JSON).