@@ -295,6 +295,19 @@ async function updateUser (req, res, next) {
295295 }
296296 }
297297
298+ // Allow existing UUIDs to be passed, but block any attempts to mutate them
299+ if ( userToEdit ) {
300+ if ( body ?. UUID || body ?. uuid ) {
301+ if ( body . UUID ) body . UUID = userToEdit . UUID
302+ if ( body . uuid ) body . uuid = userToEdit . UUID
303+ }
304+
305+ if ( body ?. org_UUID || body ?. org_uuid ) {
306+ if ( body . org_UUID ) body . org_UUID = userToEdit . org_UUID
307+ if ( body . org_uuid ) body . org_uuid = userToEdit . org_UUID
308+ }
309+ }
310+
298311 if ( body . org_short_name && ! isSecretariat ) {
299312 logger . info ( { uuid : req . ctx . uuid , message : 'Only Secretariat can reassign user organization.' } )
300313 return res . status ( 403 ) . json ( error . notAllowedToChangeOrganization ( ) )
@@ -387,9 +400,10 @@ async function updateUser (req, res, next) {
387400 }
388401 }
389402
390- // UUID of the user will not change, lets get it before we write to avoid read after write issues.
403+ // Move lookups of immutable properties BEFORE the transaction mutation writes to completely bypass read- after- write anomalies
391404 const requestingUserUUID = await userRepo . getUserUUID ( req . ctx . user , req . ctx . org , { session } )
392- updatedUserUUID = await userRepo . getUserUUID ( req . ctx . user , org . UUID )
405+ updatedUserUUID = await userRepo . getUserUUID ( req . ctx . user , org . UUID , { session } )
406+
393407 updatedUser = await userRepo . updateUserFull ( userToEdit . UUID , body , { session } , true , requestingUserUUID )
394408 await session . commitTransaction ( )
395409 } catch ( error ) {
@@ -456,7 +470,8 @@ async function deleteUser (req, res, next) {
456470}
457471
458472async function grantRole ( req , res , next ) {
459- const session = await mongoose . startSession ( )
473+ // Explicitly configuring causalConsistency flag for clear DocumentDB context documentation
474+ const session = await mongoose . startSession ( { causalConsistency : false } )
460475 try {
461476 const orgShortName = req . ctx . params . shortname
462477 const username = req . ctx . params . username
@@ -519,7 +534,8 @@ async function grantRole (req, res, next) {
519534}
520535
521536async function revokeRole ( req , res , next ) {
522- const session = await mongoose . startSession ( )
537+ // Explicitly configuring causalConsistency flag for clear DocumentDB context documentation
538+ const session = await mongoose . startSession ( { causalConsistency : false } )
523539 try {
524540 const orgShortName = req . ctx . params . shortname
525541 const username = req . ctx . params . username
0 commit comments