Merge branch 'dev' into dr-1409-argon-calls

david-rocca · web-flow · commit 1728ff4807f4 · 2025-07-14T14:43:02.000-04:00
diff --git a/src/controller/org.controller/org.controller.js b/src/controller/org.controller/org.controller.js
@@ -363,6 +363,7 @@ async function createOrg (req, res, next) {
 
       if (legResult && regResult) {
         logger.info({ uuid: req.ctx.uuid, message: legResult.short_name + ' organization was not created because it already exists.' })
+        await session.abortTransaction()
         return res.status(400).json(error.orgExists(legOrg.short_name))
       }
 
@@ -432,7 +433,7 @@ async function createOrg (req, res, next) {
       await session.abortTransaction()
       throw error
     } finally {
-      session.endSession()
+      await session.endSession()
     }
 
     logger.info(JSON.stringify(payload))
@@ -470,7 +471,6 @@ async function updateOrg (req, res, next) {
     if (!orgToUpdate) {
       logger.info({ uuid: req.ctx.uuid, message: `Organization ${shortNameParam} not found.` })
       await session.abortTransaction()
-      session.endSession()
       return res.status(404).json(error.orgDnePathParam(shortNameParam))
     }
 
@@ -480,7 +480,6 @@ async function updateOrg (req, res, next) {
       // This indicates an inconsistent state, as an Org should have a corresponding RegistryOrg if created by the system
       logger.error({ uuid: req.ctx.uuid, message: `Registry org counterpart for ${orgToUpdate.short_name} (UUID: ${orgToUpdate.UUID}) not found. Data inconsistency.` })
       await session.abortTransaction()
-      session.endSession()
       return res.status(500).json(error.serverError('Inconsistent organization data: Registry counterpart missing.'))
     }
 
@@ -613,12 +612,12 @@ async function updateOrg (req, res, next) {
     if (newOrgUpdates.short_name && newOrgUpdates.short_name !== orgToUpdate.short_name) {
       const existingLegOrg = await orgRepo.findOneByShortName(newOrgUpdates.short_name, { session })
       if (existingLegOrg && existingLegOrg.UUID !== orgToUpdate.UUID) {
-        await session.abortTransaction(); session.endSession()
+        await session.abortTransaction()
         return res.status(403).json(error.duplicateShortname(newOrgUpdates.short_name))
       }
       const existingRegOrg = await regOrgRepo.findOneByShortName(newRegOrgUpdates.short_name, { session })
       if (existingRegOrg && existingRegOrg.UUID !== regOrgToUpdate.UUID) {
-        await session.abortTransaction(); session.endSession()
+        await session.abortTransaction()
         return res.status(403).json(error.duplicateShortname(newRegOrgUpdates.short_name))
       }
     }
@@ -672,7 +671,7 @@ async function updateOrg (req, res, next) {
     }
     next(err)
   } finally {
-    session.endSession()
+    await session.endSession()
   }
 }
 
@@ -712,12 +711,12 @@ async function createUser (req, res, next) {
     const regUsers = await userRegistryRepo.findUsersByOrgUUID(orgUUID, { session })
 
     if (users && regUsers && users !== regUsers) {
-      await session.abortTransaction(); session.endSession()
+      await session.abortTransaction()
       return res.status(500).json({ message: 'Data inconsistency' })
     }
 
     if (users >= 100) {
-      await session.abortTransaction(); session.endSession()
+      await session.abortTransaction()
       return res.status(400).json(error.userLimitReached())
     }
 
@@ -734,12 +733,12 @@ async function createUser (req, res, next) {
       const key = keyRaw.toLowerCase()
 
       if (key === 'uuid') {
-        await session.abortTransaction(); session.endSession()
+        await session.abortTransaction()
         return res.status(400).json(error.uuidProvided('user'))
       }
 
       if (key === 'org_uuid') {
-        await session.abortTransaction(); session.endSession()
+        await session.abortTransaction()
         return res.status(400).json(error.uuidProvided('org'))
       }
 
@@ -793,7 +792,7 @@ async function createUser (req, res, next) {
     // check if user is only an Admin (not Secretatiat) and the user does not belong to the same organization as the new user
     if (!isSecretariat && isAdmin) {
       if (requesterOrgUUID !== orgUUID) {
-        await session.abortTransaction(); session.endSession()
+        await session.abortTransaction()
         return res.status(403).json(error.notOrgAdminOrSecretariat()) // The Admin user must belong to the new user's organization
       }
     }
@@ -812,7 +811,7 @@ async function createUser (req, res, next) {
     const resultReg = await userRegistryRepo.findOneByUserNameAndOrgUUID(newRegistryUser.user_id, orgUUID, null, { session })
     if (resultLeg || resultReg) {
       logger.info({ uuid: req.ctx.uuid, message: newUser.username + ' was not created because it already exists.' })
-      await session.abortTransaction(); session.endSession()
+      await session.abortTransaction()
       return res.status(400).json(error.userExists(newUser.username))
     }
 
@@ -849,6 +848,8 @@ async function createUser (req, res, next) {
     return res.status(200).json(responseMessage)
   } catch (err) {
     next(err)
+  } finally {
+    await session.endSession()
   }
 }
 
@@ -889,12 +890,12 @@ async function updateUser (req, res, next) {
 
     if (!targetOrgLegUUID || !targetOrgRegUUID) {
       logger.error({ uuid: req.ctx.uuid, message: `Target organization ${shortNameParams} not found in one or both collections.` })
-      await session.abortTransaction(); await session.endSession()
+      await session.abortTransaction()
       return res.status(404).json(error.orgDnePathParam(shortNameParams))
     }
     if (targetOrgLegUUID !== targetOrgRegUUID) {
       logger.error({ uuid: req.ctx.uuid, message: 'Registry and Legacy Org UUIDs do not match for target org. Data inconsistency.' })
-      await session.abortTransaction(); await session.endSession()
+      await session.abortTransaction()
       return res.status(500).json(error.serverError('Inconsistent organization data.'))
     }
 
@@ -905,18 +906,18 @@ async function updateUser (req, res, next) {
       if (targetUserUUID !== requesterUUID) {
         if (!targetUserUUID) {
           logger.info({ uuid: req.ctx.uuid, message: 'User DNE' })
-          await session.abortTransaction(); await session.endSession()
+          await session.abortTransaction()
           return res.status(404).json(error.userDne(usernameParams))
         }
         logger.info({ uuid: req.ctx.uuid, message: 'Not same user or secretariat' })
-        await session.abortTransaction(); await session.endSession()
+        await session.abortTransaction()
         return res.status(403).json(error.notSameUserOrSecretariat())
       }
     }
 
     if (shortNameParams !== requesterShortName && !isRequesterSecretariat) {
       logger.info({ uuid: req.ctx.uuid, message: `${shortNameParams} organization data can only be modified by users of the same organization or the Secretariat.` })
-      await session.abortTransaction(); await session.endSession()
+      await session.abortTransaction()
       return res.status(403).json(error.notSameOrgOrSecretariat())
     }
 
@@ -925,7 +926,7 @@ async function updateUser (req, res, next) {
 
     if (!userLeg && !userReg) { // If user doesn't exist in EITHER system.
       logger.info({ uuid: req.ctx.uuid, message: `User ${usernameParams} does not exist for ${shortNameParams} organization.` })
-      await session.abortTransaction(); await session.endSession()
+      await session.abortTransaction()
       return res.status(404).json(error.userDne(usernameParams))
     }
 
@@ -943,15 +944,15 @@ async function updateUser (req, res, next) {
     // Specific check for org_short_name (Secretariat only)
     if (queryParameters.org_short_name && !isRequesterSecretariat) {
       logger.info({ uuid: req.ctx.uuid, message: 'Only Secretariat can reassign user organization.' })
-      await session.abortTransaction(); await session.endSession()
+      await session.abortTransaction()
       return res.status(403).json(error.notAllowedToChangeOrganization())
     }
 
     // General permission check for fields requiring admin/secretariat
     if ((queryParameters.new_username || queryParameters['active_roles.remove'] || queryParameters['active_roles.add'])) {
       if (!isRequesterSecretariat && !isAdmin) {
         logger.info({ uuid: req.ctx.uuid, message: `User ${requesterUsername} (not Admin/Secretariat) trying to modify admin-only fields.` })
-        await session.abortTransaction(); await session.endSession()
+        await session.abortTransaction()
         return res.status(403).json(error.notOrgAdminOrSecretariatUpdate())
       }
     }
@@ -961,7 +962,7 @@ async function updateUser (req, res, next) {
       const unameToCheck = await userLegRepo.findOneByUserNameAndOrgUUID(queryParameters.new_username, targetOrgRegUUID, null, { session })
       if (unameToCheck) {
         logger.info({ uuid: req.ctx.uuid, message: queryParameters.new_username + ' was not created because it already exists.' })
-        await session.abortTransaction(); session.endSession()
+        await session.abortTransaction()
         return res.status(403).json(error.duplicateUsername(queryParameters.new_username, shortNameParams))
       }
     }
@@ -1024,23 +1025,23 @@ async function updateUser (req, res, next) {
           handlers[key]()
         } catch (handlerError) {
           logger.info({ uuid: req.ctx.uuid, message: handlerError.message || `Auth error in handler for ${key}` })
-          await session.abortTransaction(); await session.endSession()
+          await session.abortTransaction()
           return res.status(403).json(handlerError instanceof Error ? { name: handlerError.name, error: handlerError.message } : handlerError)
         }
       }
     }
 
     if (queryParameters.active) {
       if (requesterUUID === targetUserUUID) {
-        await session.abortTransaction; await session.endSession()
+        await session.abortTransaction()
         return res.status(403).json(error.notOrgAdminOrSecretariatUpdate())
       }
     }
 
     // Check to make sure we are NOT self demoting
     if (removeRolesCollector.includes('ADMIN')) {
       if (requesterUUID === targetUserUUID) {
-        await session.abortTransaction; await session.endSession()
+        await session.abortTransaction()
         return res.status(403).json(error.notAllowedToSelfDemote())
       }
     }
@@ -1054,20 +1055,20 @@ async function updateUser (req, res, next) {
     if (newOrgShortNameToMoveTo) {
       if (newOrgShortNameToMoveTo === shortNameParams) {
         logger.info({ uuid: req.ctx.uuid, message: `User ${usernameParams} is already in organization ${newOrgShortNameToMoveTo}.` })
-        await session.abortTransaction(); await session.endSession()
+        await session.abortTransaction()
         return res.status(403).json(error.alreadyInOrg(newOrgShortNameToMoveTo, usernameParams))
       }
       newTargetLegacyOrgUUID = await orgLegRepo.getOrgUUID(newOrgShortNameToMoveTo, { session })
       newTargetRegistryOrgUUID = await orgRegRepo.getOrgUUID(newOrgShortNameToMoveTo, { session })
 
       if (!newTargetLegacyOrgUUID || !newTargetRegistryOrgUUID) {
         logger.info({ uuid: req.ctx.uuid, message: `New target organization ${newOrgShortNameToMoveTo} does not exist.` })
-        await session.abortTransaction(); await session.endSession()
+        await session.abortTransaction()
         return res.status(404).json(error.orgDne(newOrgShortNameToMoveTo, 'org_short_name', 'query'))
       }
       if (newTargetLegacyOrgUUID !== newTargetRegistryOrgUUID) {
         logger.error({ uuid: req.ctx.uuid, message: `New target organization ${newOrgShortNameToMoveTo} has mismatched legacy/registry UUIDs.` })
-        await session.abortTransaction(); await session.endSession()
+        await session.abortTransaction()
         return res.status(500).json(error.serverError('Inconsistent new target organization data.'))
       }
 
@@ -1166,7 +1167,7 @@ async function updateUser (req, res, next) {
       const legUpdateResult = await userLegRepo.updateByUUID(userLeg.UUID, legacyUserUpdatePayload, { session })
       if (!legUpdateResult || legUpdateResult.modifiedCount === 0) {
         if (legUpdateResult && legUpdateResult.matchedCount === 0) {
-          await session.abortTransaction(); await session.endSession()
+          await session.abortTransaction()
           return res.status(404).json(error.userDne(userLeg.username))
         }
       } else {
@@ -1178,7 +1179,7 @@ async function updateUser (req, res, next) {
       const regUpdateResult = await userRegRepo.updateByUUID(userReg.UUID, registryUserUpdatePayload, { session })
       if (!regUpdateResult || regUpdateResult.modifiedCount === 0) {
         if (regUpdateResult && regUpdateResult.matchedCount === 0) {
-          await session.abortTransaction(); await session.endSession()
+          await session.abortTransaction()
           return res.status(404).json(error.userDne(userReg.user_id))
         }
       } else {
@@ -1286,7 +1287,7 @@ async function resetSecret (req, res, next) {
 
       if (!targetOrgUUID) {
         logger.info({ uuid: req.ctx.uuid, message: 'User DNE' })
-        await session.abortTransaction(); await session.endSession()
+        await session.abortTransaction()
         return res.status(404).json(error.orgDnePathParam(orgShortName))
       }
 
@@ -1295,16 +1296,19 @@ async function resetSecret (req, res, next) {
       // check if orgUUID and orgRegUUID are the same
       if (orgUUID.toString() !== orgRegUUID.toString()) {
         logger.info({ uuid: req.ctx.uuid, message: 'The organization UUID and the organization registry UUID are not the same.' })
+        await session.abortTransaction()
         return res.status(500).json(error.internalServerError())
       }
 
       if (!orgUUID && !orgRegUUID) {
         logger.info({ uuid: req.ctx.uuid, message: orgShortName + ' organization does not exist.' })
+        await session.abortTransaction()
         return res.status(404).json(error.orgDnePathParam(orgShortName))
       }
 
       if (orgShortName !== requesterShortName && !isSecretariat) {
         logger.info({ uuid: req.ctx.uuid, message: orgShortName + ' organization can only be viewed by the users of the same organization or the Secretariat.' })
+        await session.abortTransaction()
         return res.status(403).json(error.notSameOrgOrSecretariat())
       }
 
@@ -1313,6 +1317,7 @@ async function resetSecret (req, res, next) {
 
       if (!oldUser && !oldUserRegistry) {
         logger.info({ uuid: req.ctx.uuid, message: username + ' user does not exist.' })
+        await session.abortTransaction()
         return res.status(404).json(error.userDne(username))
       }
 
@@ -1324,7 +1329,7 @@ async function resetSecret (req, res, next) {
         if (targetUserUUID !== requesterUUID) {
           if (!targetUserUUID) {
             logger.info({ uuid: req.ctx.uuid, message: 'User DNE' })
-            await session.abortTransaction(); await session.endSession()
+            await session.abortTransaction()
             return res.status(404).json(error.userDne(username))
           }
         }
@@ -1335,6 +1340,7 @@ async function resetSecret (req, res, next) {
       // check if the requester is not and admin; if admin, the requester must be from the same org as the user
         if (!isAdmin || (isAdmin && orgShortName !== requesterShortName)) {
           logger.info({ uuid: req.ctx.uuid, message: 'The api secret can only be reset by the Secretariat, an Org admin or if the requester is the user.' })
+          await session.abortTransaction()
           return res.status(403).json(error.notSameUserOrSecretariat())
         }
       }
@@ -1349,14 +1355,15 @@ async function resetSecret (req, res, next) {
 
       if (user.matchedCount === 0 || userReg.matchedCount === 0) {
         logger.info({ uuid: req.ctx.uuid, message: 'The user could not be updated because ' + username + ' does not exist for ' + orgShortName + ' organization.' })
+        await session.abortTransaction()
         return res.status(404).json(error.userDne(username))
       }
       await session.commitTransaction()
     } catch (error) {
       await session.abortTransaction()
       throw error
     } finally {
-      session.endSession()
+      await session.endSession()
     }
 
     logger.info({ uuid: req.ctx.uuid, message: `The API secret was successfully reset and sent to ${username}` })
diff --git a/src/controller/registry-org.controller/registry-org.controller.js b/src/controller/registry-org.controller/registry-org.controller.js
@@ -51,19 +51,20 @@ async function getAllOrgs (req, res, next) {
 async function getOrg (req, res, next) {
   try {
     const repo = req.ctx.repositories.getRegistryOrgRepository()
+    // User passed in parameter to filter for
     const identifier = req.ctx.params.identifier
     const orgShortName = req.ctx.org
     const isSecretariat = await repo.isSecretariat(orgShortName)
     const org = await repo.findOneByShortName(orgShortName)
-    let orgIdentifer = orgShortName
-    let agt = setAggregateOrgObj({ UUID: identifier })
+    let requestingUserOrgIdentifier = orgShortName
+    let agt = setAggregateOrgObj({ short_name: identifier })
 
     if (validateUUID(identifier)) {
-      orgIdentifer = org.UUID
+      requestingUserOrgIdentifier = org.UUID
       agt = setAggregateOrgObj({ UUID: identifier })
     }
 
-    if (orgIdentifer !== identifier && !isSecretariat) {
+    if (requestingUserOrgIdentifier !== identifier && !isSecretariat) {
       logger.info({ uuid: req.ctx.uuid, message: identifier + ' organization can only be viewed by the users of the same organization or the Secretariat.' })
       return res.status(403).json(error.notSameOrgOrSecretariat())
     }

Original file line number	Diff line number	Diff line change
`@@ -363,6 +363,7 @@ async function createOrg (req, res, next) {`
`363`	`363`
`364`	`364`	`if (legResult && regResult) {`
`365`	`365`	`logger.info({ uuid: req.ctx.uuid, message: legResult.short_name + ' organization was not created because it already exists.' })`
	`366`	`+ await session.abortTransaction()`
`366`	`367`	`return res.status(400).json(error.orgExists(legOrg.short_name))`
`367`	`368`	`}`
`368`	`369`
`@@ -432,7 +433,7 @@ async function createOrg (req, res, next) {`
`432`	`433`	`await session.abortTransaction()`
`433`	`434`	`throw error`
`434`	`435`	`} finally {`
`435`		`- session.endSession()`
	`436`	`+ await session.endSession()`
`436`	`437`	`}`
`437`	`438`
`438`	`439`	`logger.info(JSON.stringify(payload))`
`@@ -470,7 +471,6 @@ async function updateOrg (req, res, next) {`
`470`	`471`	`if (!orgToUpdate) {`
`471`	`472`	logger.info({ uuid: req.ctx.uuid, message: `Organization ${shortNameParam} not found.` })
`472`	`473`	`await session.abortTransaction()`
`473`		`- session.endSession()`
`474`	`474`	`return res.status(404).json(error.orgDnePathParam(shortNameParam))`
`475`	`475`	`}`
`476`	`476`
`@@ -480,7 +480,6 @@ async function updateOrg (req, res, next) {`
`480`	`480`	`// This indicates an inconsistent state, as an Org should have a corresponding RegistryOrg if created by the system`
`481`	`481`	logger.error({ uuid: req.ctx.uuid, message: `Registry org counterpart for ${orgToUpdate.short_name} (UUID: ${orgToUpdate.UUID}) not found. Data inconsistency.` })
`482`	`482`	`await session.abortTransaction()`
`483`		`- session.endSession()`
`484`	`483`	`return res.status(500).json(error.serverError('Inconsistent organization data: Registry counterpart missing.'))`
`485`	`484`	`}`
`486`	`485`
`@@ -613,12 +612,12 @@ async function updateOrg (req, res, next) {`
`613`	`612`	`if (newOrgUpdates.short_name && newOrgUpdates.short_name !== orgToUpdate.short_name) {`
`614`	`613`	`const existingLegOrg = await orgRepo.findOneByShortName(newOrgUpdates.short_name, { session })`
`615`	`614`	`if (existingLegOrg && existingLegOrg.UUID !== orgToUpdate.UUID) {`
`616`		`- await session.abortTransaction(); session.endSession()`
	`615`	`+ await session.abortTransaction()`
`617`	`616`	`return res.status(403).json(error.duplicateShortname(newOrgUpdates.short_name))`
`618`	`617`	`}`
`619`	`618`	`const existingRegOrg = await regOrgRepo.findOneByShortName(newRegOrgUpdates.short_name, { session })`
`620`	`619`	`if (existingRegOrg && existingRegOrg.UUID !== regOrgToUpdate.UUID) {`
`621`		`- await session.abortTransaction(); session.endSession()`
	`620`	`+ await session.abortTransaction()`
`622`	`621`	`return res.status(403).json(error.duplicateShortname(newRegOrgUpdates.short_name))`
`623`	`622`	`}`
`624`	`623`	`}`
`@@ -672,7 +671,7 @@ async function updateOrg (req, res, next) {`
`672`	`671`	`}`
`673`	`672`	`next(err)`
`674`	`673`	`} finally {`
`675`		`- session.endSession()`
	`674`	`+ await session.endSession()`
`676`	`675`	`}`
`677`	`676`	`}`
`678`	`677`
`@@ -712,12 +711,12 @@ async function createUser (req, res, next) {`
`712`	`711`	`const regUsers = await userRegistryRepo.findUsersByOrgUUID(orgUUID, { session })`
`713`	`712`
`714`	`713`	`if (users && regUsers && users !== regUsers) {`
`715`		`- await session.abortTransaction(); session.endSession()`
	`714`	`+ await session.abortTransaction()`
`716`	`715`	`return res.status(500).json({ message: 'Data inconsistency' })`
`717`	`716`	`}`
`718`	`717`
`719`	`718`	`if (users >= 100) {`
`720`		`- await session.abortTransaction(); session.endSession()`
	`719`	`+ await session.abortTransaction()`
`721`	`720`	`return res.status(400).json(error.userLimitReached())`
`722`	`721`	`}`
`723`	`722`
`@@ -734,12 +733,12 @@ async function createUser (req, res, next) {`
`734`	`733`	`const key = keyRaw.toLowerCase()`
`735`	`734`
`736`	`735`	`if (key === 'uuid') {`
`737`		`- await session.abortTransaction(); session.endSession()`
	`736`	`+ await session.abortTransaction()`
`738`	`737`	`return res.status(400).json(error.uuidProvided('user'))`
`739`	`738`	`}`
`740`	`739`
`741`	`740`	`if (key === 'org_uuid') {`
`742`		`- await session.abortTransaction(); session.endSession()`
	`741`	`+ await session.abortTransaction()`
`743`	`742`	`return res.status(400).json(error.uuidProvided('org'))`
`744`	`743`	`}`
`745`	`744`
`@@ -793,7 +792,7 @@ async function createUser (req, res, next) {`
`793`	`792`	`// check if user is only an Admin (not Secretatiat) and the user does not belong to the same organization as the new user`
`794`	`793`	`if (!isSecretariat && isAdmin) {`
`795`	`794`	`if (requesterOrgUUID !== orgUUID) {`
`796`		`- await session.abortTransaction(); session.endSession()`
	`795`	`+ await session.abortTransaction()`
`797`	`796`	`return res.status(403).json(error.notOrgAdminOrSecretariat()) // The Admin user must belong to the new user's organization`
`798`	`797`	`}`
`799`	`798`	`}`
`@@ -812,7 +811,7 @@ async function createUser (req, res, next) {`
`812`	`811`	`const resultReg = await userRegistryRepo.findOneByUserNameAndOrgUUID(newRegistryUser.user_id, orgUUID, null, { session })`
`813`	`812`	`if (resultLeg \|\| resultReg) {`
`814`	`813`	`logger.info({ uuid: req.ctx.uuid, message: newUser.username + ' was not created because it already exists.' })`
`815`		`- await session.abortTransaction(); session.endSession()`
	`814`	`+ await session.abortTransaction()`
`816`	`815`	`return res.status(400).json(error.userExists(newUser.username))`
`817`	`816`	`}`
`818`	`817`
`@@ -849,6 +848,8 @@ async function createUser (req, res, next) {`
`849`	`848`	`return res.status(200).json(responseMessage)`
`850`	`849`	`} catch (err) {`
`851`	`850`	`next(err)`
	`851`	`+ } finally {`
	`852`	`+ await session.endSession()`
`852`	`853`	`}`
`853`	`854`	`}`
`854`	`855`
`@@ -889,12 +890,12 @@ async function updateUser (req, res, next) {`
`889`	`890`
`890`	`891`	`if (!targetOrgLegUUID \|\| !targetOrgRegUUID) {`
`891`	`892`	logger.error({ uuid: req.ctx.uuid, message: `Target organization ${shortNameParams} not found in one or both collections.` })
`892`		`- await session.abortTransaction(); await session.endSession()`
	`893`	`+ await session.abortTransaction()`
`893`	`894`	`return res.status(404).json(error.orgDnePathParam(shortNameParams))`
`894`	`895`	`}`
`895`	`896`	`if (targetOrgLegUUID !== targetOrgRegUUID) {`
`896`	`897`	`logger.error({ uuid: req.ctx.uuid, message: 'Registry and Legacy Org UUIDs do not match for target org. Data inconsistency.' })`
`897`		`- await session.abortTransaction(); await session.endSession()`
	`898`	`+ await session.abortTransaction()`
`898`	`899`	`return res.status(500).json(error.serverError('Inconsistent organization data.'))`
`899`	`900`	`}`
`900`	`901`
`@@ -905,18 +906,18 @@ async function updateUser (req, res, next) {`
`905`	`906`	`if (targetUserUUID !== requesterUUID) {`
`906`	`907`	`if (!targetUserUUID) {`
`907`	`908`	`logger.info({ uuid: req.ctx.uuid, message: 'User DNE' })`
`908`		`- await session.abortTransaction(); await session.endSession()`
	`909`	`+ await session.abortTransaction()`
`909`	`910`	`return res.status(404).json(error.userDne(usernameParams))`
`910`	`911`	`}`
`911`	`912`	`logger.info({ uuid: req.ctx.uuid, message: 'Not same user or secretariat' })`
`912`		`- await session.abortTransaction(); await session.endSession()`
	`913`	`+ await session.abortTransaction()`
`913`	`914`	`return res.status(403).json(error.notSameUserOrSecretariat())`
`914`	`915`	`}`
`915`	`916`	`}`
`916`	`917`
`917`	`918`	`if (shortNameParams !== requesterShortName && !isRequesterSecretariat) {`
`918`	`919`	logger.info({ uuid: req.ctx.uuid, message: `${shortNameParams} organization data can only be modified by users of the same organization or the Secretariat.` })
`919`		`- await session.abortTransaction(); await session.endSession()`
	`920`	`+ await session.abortTransaction()`
`920`	`921`	`return res.status(403).json(error.notSameOrgOrSecretariat())`
`921`	`922`	`}`
`922`	`923`
`@@ -925,7 +926,7 @@ async function updateUser (req, res, next) {`
`925`	`926`
`926`	`927`	`if (!userLeg && !userReg) { // If user doesn't exist in EITHER system.`
`927`	`928`	logger.info({ uuid: req.ctx.uuid, message: `User ${usernameParams} does not exist for ${shortNameParams} organization.` })
`928`		`- await session.abortTransaction(); await session.endSession()`
	`929`	`+ await session.abortTransaction()`
`929`	`930`	`return res.status(404).json(error.userDne(usernameParams))`
`930`	`931`	`}`
`931`	`932`
`@@ -943,15 +944,15 @@ async function updateUser (req, res, next) {`
`943`	`944`	`// Specific check for org_short_name (Secretariat only)`
`944`	`945`	`if (queryParameters.org_short_name && !isRequesterSecretariat) {`
`945`	`946`	`logger.info({ uuid: req.ctx.uuid, message: 'Only Secretariat can reassign user organization.' })`
`946`		`- await session.abortTransaction(); await session.endSession()`
	`947`	`+ await session.abortTransaction()`
`947`	`948`	`return res.status(403).json(error.notAllowedToChangeOrganization())`
`948`	`949`	`}`
`949`	`950`
`950`	`951`	`// General permission check for fields requiring admin/secretariat`
`951`	`952`	`if ((queryParameters.new_username \|\| queryParameters['active_roles.remove'] \|\| queryParameters['active_roles.add'])) {`
`952`	`953`	`if (!isRequesterSecretariat && !isAdmin) {`
`953`	`954`	logger.info({ uuid: req.ctx.uuid, message: `User ${requesterUsername} (not Admin/Secretariat) trying to modify admin-only fields.` })
`954`		`- await session.abortTransaction(); await session.endSession()`
	`955`	`+ await session.abortTransaction()`
`955`	`956`	`return res.status(403).json(error.notOrgAdminOrSecretariatUpdate())`
`956`	`957`	`}`
`957`	`958`	`}`
`@@ -961,7 +962,7 @@ async function updateUser (req, res, next) {`
`961`	`962`	`const unameToCheck = await userLegRepo.findOneByUserNameAndOrgUUID(queryParameters.new_username, targetOrgRegUUID, null, { session })`
`962`	`963`	`if (unameToCheck) {`
`963`	`964`	`logger.info({ uuid: req.ctx.uuid, message: queryParameters.new_username + ' was not created because it already exists.' })`
`964`		`- await session.abortTransaction(); session.endSession()`
	`965`	`+ await session.abortTransaction()`
`965`	`966`	`return res.status(403).json(error.duplicateUsername(queryParameters.new_username, shortNameParams))`
`966`	`967`	`}`
`967`	`968`	`}`
`@@ -1024,23 +1025,23 @@ async function updateUser (req, res, next) {`
`1024`	`1025`	`handlers[key]()`
`1025`	`1026`	`} catch (handlerError) {`
`1026`	`1027`	logger.info({ uuid: req.ctx.uuid, message: handlerError.message \|\| `Auth error in handler for ${key}` })
`1027`		`- await session.abortTransaction(); await session.endSession()`
	`1028`	`+ await session.abortTransaction()`
`1028`	`1029`	`return res.status(403).json(handlerError instanceof Error ? { name: handlerError.name, error: handlerError.message } : handlerError)`
`1029`	`1030`	`}`
`1030`	`1031`	`}`
`1031`	`1032`	`}`
`1032`	`1033`
`1033`	`1034`	`if (queryParameters.active) {`
`1034`	`1035`	`if (requesterUUID === targetUserUUID) {`
`1035`		`- await session.abortTransaction; await session.endSession()`
	`1036`	`+ await session.abortTransaction()`
`1036`	`1037`	`return res.status(403).json(error.notOrgAdminOrSecretariatUpdate())`
`1037`	`1038`	`}`
`1038`	`1039`	`}`
`1039`	`1040`
`1040`	`1041`	`// Check to make sure we are NOT self demoting`
`1041`	`1042`	`if (removeRolesCollector.includes('ADMIN')) {`
`1042`	`1043`	`if (requesterUUID === targetUserUUID) {`
`1043`		`- await session.abortTransaction; await session.endSession()`
	`1044`	`+ await session.abortTransaction()`
`1044`	`1045`	`return res.status(403).json(error.notAllowedToSelfDemote())`
`1045`	`1046`	`}`
`1046`	`1047`	`}`
`@@ -1054,20 +1055,20 @@ async function updateUser (req, res, next) {`
`1054`	`1055`	`if (newOrgShortNameToMoveTo) {`
`1055`	`1056`	`if (newOrgShortNameToMoveTo === shortNameParams) {`
`1056`	`1057`	logger.info({ uuid: req.ctx.uuid, message: `User ${usernameParams} is already in organization ${newOrgShortNameToMoveTo}.` })
`1057`		`- await session.abortTransaction(); await session.endSession()`
	`1058`	`+ await session.abortTransaction()`
`1058`	`1059`	`return res.status(403).json(error.alreadyInOrg(newOrgShortNameToMoveTo, usernameParams))`
`1059`	`1060`	`}`
`1060`	`1061`	`newTargetLegacyOrgUUID = await orgLegRepo.getOrgUUID(newOrgShortNameToMoveTo, { session })`
`1061`	`1062`	`newTargetRegistryOrgUUID = await orgRegRepo.getOrgUUID(newOrgShortNameToMoveTo, { session })`
`1062`	`1063`
`1063`	`1064`	`if (!newTargetLegacyOrgUUID \|\| !newTargetRegistryOrgUUID) {`
`1064`	`1065`	logger.info({ uuid: req.ctx.uuid, message: `New target organization ${newOrgShortNameToMoveTo} does not exist.` })
`1065`		`- await session.abortTransaction(); await session.endSession()`
	`1066`	`+ await session.abortTransaction()`
`1066`	`1067`	`return res.status(404).json(error.orgDne(newOrgShortNameToMoveTo, 'org_short_name', 'query'))`
`1067`	`1068`	`}`
`1068`	`1069`	`if (newTargetLegacyOrgUUID !== newTargetRegistryOrgUUID) {`
`1069`	`1070`	logger.error({ uuid: req.ctx.uuid, message: `New target organization ${newOrgShortNameToMoveTo} has mismatched legacy/registry UUIDs.` })
`1070`		`- await session.abortTransaction(); await session.endSession()`
	`1071`	`+ await session.abortTransaction()`
`1071`	`1072`	`return res.status(500).json(error.serverError('Inconsistent new target organization data.'))`
`1072`	`1073`	`}`
`1073`	`1074`
`@@ -1166,7 +1167,7 @@ async function updateUser (req, res, next) {`
`1166`	`1167`	`const legUpdateResult = await userLegRepo.updateByUUID(userLeg.UUID, legacyUserUpdatePayload, { session })`
`1167`	`1168`	`if (!legUpdateResult \|\| legUpdateResult.modifiedCount === 0) {`
`1168`	`1169`	`if (legUpdateResult && legUpdateResult.matchedCount === 0) {`
`1169`		`- await session.abortTransaction(); await session.endSession()`
	`1170`	`+ await session.abortTransaction()`
`1170`	`1171`	`return res.status(404).json(error.userDne(userLeg.username))`
`1171`	`1172`	`}`
`1172`	`1173`	`} else {`
`@@ -1178,7 +1179,7 @@ async function updateUser (req, res, next) {`
`1178`	`1179`	`const regUpdateResult = await userRegRepo.updateByUUID(userReg.UUID, registryUserUpdatePayload, { session })`
`1179`	`1180`	`if (!regUpdateResult \|\| regUpdateResult.modifiedCount === 0) {`
`1180`	`1181`	`if (regUpdateResult && regUpdateResult.matchedCount === 0) {`
`1181`		`- await session.abortTransaction(); await session.endSession()`
	`1182`	`+ await session.abortTransaction()`
`1182`	`1183`	`return res.status(404).json(error.userDne(userReg.user_id))`
`1183`	`1184`	`}`
`1184`	`1185`	`} else {`
`@@ -1286,7 +1287,7 @@ async function resetSecret (req, res, next) {`
`1286`	`1287`
`1287`	`1288`	`if (!targetOrgUUID) {`
`1288`	`1289`	`logger.info({ uuid: req.ctx.uuid, message: 'User DNE' })`
`1289`		`- await session.abortTransaction(); await session.endSession()`
	`1290`	`+ await session.abortTransaction()`
`1290`	`1291`	`return res.status(404).json(error.orgDnePathParam(orgShortName))`
`1291`	`1292`	`}`
`1292`	`1293`
`@@ -1295,16 +1296,19 @@ async function resetSecret (req, res, next) {`
`1295`	`1296`	`// check if orgUUID and orgRegUUID are the same`
`1296`	`1297`	`if (orgUUID.toString() !== orgRegUUID.toString()) {`
`1297`	`1298`	`logger.info({ uuid: req.ctx.uuid, message: 'The organization UUID and the organization registry UUID are not the same.' })`
	`1299`	`+ await session.abortTransaction()`
`1298`	`1300`	`return res.status(500).json(error.internalServerError())`
`1299`	`1301`	`}`
`1300`	`1302`
`1301`	`1303`	`if (!orgUUID && !orgRegUUID) {`
`1302`	`1304`	`logger.info({ uuid: req.ctx.uuid, message: orgShortName + ' organization does not exist.' })`
	`1305`	`+ await session.abortTransaction()`
`1303`	`1306`	`return res.status(404).json(error.orgDnePathParam(orgShortName))`
`1304`	`1307`	`}`
`1305`	`1308`
`1306`	`1309`	`if (orgShortName !== requesterShortName && !isSecretariat) {`
`1307`	`1310`	`logger.info({ uuid: req.ctx.uuid, message: orgShortName + ' organization can only be viewed by the users of the same organization or the Secretariat.' })`
	`1311`	`+ await session.abortTransaction()`
`1308`	`1312`	`return res.status(403).json(error.notSameOrgOrSecretariat())`
`1309`	`1313`	`}`
`1310`	`1314`
`@@ -1313,6 +1317,7 @@ async function resetSecret (req, res, next) {`
`1313`	`1317`
`1314`	`1318`	`if (!oldUser && !oldUserRegistry) {`
`1315`	`1319`	`logger.info({ uuid: req.ctx.uuid, message: username + ' user does not exist.' })`
	`1320`	`+ await session.abortTransaction()`
`1316`	`1321`	`return res.status(404).json(error.userDne(username))`
`1317`	`1322`	`}`
`1318`	`1323`
`@@ -1324,7 +1329,7 @@ async function resetSecret (req, res, next) {`
`1324`	`1329`	`if (targetUserUUID !== requesterUUID) {`
`1325`	`1330`	`if (!targetUserUUID) {`
`1326`	`1331`	`logger.info({ uuid: req.ctx.uuid, message: 'User DNE' })`
`1327`		`- await session.abortTransaction(); await session.endSession()`
	`1332`	`+ await session.abortTransaction()`
`1328`	`1333`	`return res.status(404).json(error.userDne(username))`
`1329`	`1334`	`}`
`1330`	`1335`	`}`
`@@ -1335,6 +1340,7 @@ async function resetSecret (req, res, next) {`
`1335`	`1340`	`// check if the requester is not and admin; if admin, the requester must be from the same org as the user`
`1336`	`1341`	`if (!isAdmin \|\| (isAdmin && orgShortName !== requesterShortName)) {`
`1337`	`1342`	`logger.info({ uuid: req.ctx.uuid, message: 'The api secret can only be reset by the Secretariat, an Org admin or if the requester is the user.' })`
	`1343`	`+ await session.abortTransaction()`
`1338`	`1344`	`return res.status(403).json(error.notSameUserOrSecretariat())`
`1339`	`1345`	`}`
`1340`	`1346`	`}`
`@@ -1349,14 +1355,15 @@ async function resetSecret (req, res, next) {`
`1349`	`1355`
`1350`	`1356`	`if (user.matchedCount === 0 \|\| userReg.matchedCount === 0) {`
`1351`	`1357`	`logger.info({ uuid: req.ctx.uuid, message: 'The user could not be updated because ' + username + ' does not exist for ' + orgShortName + ' organization.' })`
	`1358`	`+ await session.abortTransaction()`
`1352`	`1359`	`return res.status(404).json(error.userDne(username))`
`1353`	`1360`	`}`
`1354`	`1361`	`await session.commitTransaction()`
`1355`	`1362`	`} catch (error) {`
`1356`	`1363`	`await session.abortTransaction()`
`1357`	`1364`	`throw error`
`1358`	`1365`	`} finally {`
`1359`		`- session.endSession()`
	`1366`	`+ await session.endSession()`
`1360`	`1367`	`}`
`1361`	`1368`
`1362`	`1369`	logger.info({ uuid: req.ctx.uuid, message: `The API secret was successfully reset and sent to ${username}` })