@@ -4,6 +4,7 @@ import 'package:core/core.dart';
44import 'package:dart_frog/dart_frog.dart' ;
55import 'package:data_repository/data_repository.dart' ;
66import 'package:flutter_news_app_api_server_full_source_code/src/helpers/response_helper.dart' ;
7+ import 'package:flutter_news_app_api_server_full_source_code/src/middlewares/ownership_check_middleware.dart' ;
78import 'package:flutter_news_app_api_server_full_source_code/src/rbac/permission_service.dart' ;
89import 'package:flutter_news_app_api_server_full_source_code/src/registry/model_registry.dart' ;
910import 'package:flutter_news_app_api_server_full_source_code/src/services/dashboard_summary_service.dart' ;
@@ -330,13 +331,11 @@ Future<Response> _handlePut(
330331 // simply save the entire request body. Instead, we perform a safe,
331332 // partial update.
332333
333- // 1. Fetch the existing, trusted user object from the database.
334+ // 1. The existing, trusted user object is already fetched by the
335+ // `ownershipCheckMiddleware` to prevent duplicate database calls.
334336 // This ensures we have the current, authoritative state of the user,
335- // including their correct roles and ID.
336- final existingUser = await repo.read (
337- id: id,
338- userId: userIdForRepoCall,
339- );
337+ // including their correct roles and ID, without hitting the DB again.
338+ final existingUser = context.read <FetchedItem <dynamic >>().data as User ;
340339
341340 // 2. Create a new User object by merging only the allowed, safe-to-update
342341 // fields from the incoming request (`itemToUpdate`) into the
0 commit comments