Merge branch 'dev' into af-1730

david-rocca · web-flow · commit 3b099f6aab2c · 2026-05-27T14:02:46.000-04:00
diff --git a/src/controller/registry-user.controller/registry-user.controller.js b/src/controller/registry-user.controller/registry-user.controller.js
@@ -400,9 +400,10 @@ async function updateUser (req, res, next) {
         }
       }
 
-      // UUID of the user will not change, lets get it before we write to avoid read after write issues.
+      // Move lookups of immutable properties BEFORE the transaction mutation writes to completely bypass read-after-write anomalies
       const requestingUserUUID = await userRepo.getUserUUID(req.ctx.user, req.ctx.org, { session })
-      updatedUserUUID = await userRepo.getUserUUID(req.ctx.user, org.UUID)
+      updatedUserUUID = await userRepo.getUserUUID(req.ctx.user, org.UUID, { session })
+
       updatedUser = await userRepo.updateUserFull(userToEdit.UUID, body, { session }, true, requestingUserUUID)
       await session.commitTransaction()
     } catch (error) {
@@ -469,7 +470,8 @@ async function deleteUser (req, res, next) {
 }
 
 async function grantRole (req, res, next) {
-  const session = await mongoose.startSession()
+  // Explicitly configuring causalConsistency flag for clear DocumentDB context documentation
+  const session = await mongoose.startSession({ causalConsistency: false })
   try {
     const orgShortName = req.ctx.params.shortname
     const username = req.ctx.params.username
@@ -532,7 +534,8 @@ async function grantRole (req, res, next) {
 }
 
 async function revokeRole (req, res, next) {
-  const session = await mongoose.startSession()
+  // Explicitly configuring causalConsistency flag for clear DocumentDB context documentation
+  const session = await mongoose.startSession({ causalConsistency: false })
   try {
     const orgShortName = req.ctx.params.shortname
     const username = req.ctx.params.username
