rolesToRemove.includes('ADMIN') has no .save

[ElectricNroff]

cve-services/src/repositories/baseUserRepository.js

Lines 433 to 444 in 69b2859

	const rolesToAdd = _.flattenDeep(_.compact(_.get(incomingParameters, 'active_roles.add')))
	const rolesToRemove = _.flattenDeep(_.compact(_.get(incomingParameters, 'active_roles.remove')))
	if (rolesToRemove.includes('ADMIN')) {
	const filteredUuids = registryOrg.admins.filter(uuid => uuid !== registryUser.UUID)
	registryOrg.admins = filteredUuids
	}
	if (rolesToAdd.includes('ADMIN') && !incomingParameters?.org_short_name) {
	const orgUpdates = await baseOrgRepository.getOrgObject(orgShortname)
	orgUpdates.admins = [..._.get(orgUpdates, 'admins', []), registryUser.UUID]
	await orgUpdates.save({ options })
	}

If rolesToRemove.includes('ADMIN') is true and incomingParameters?.org_short_name is false, line 437 executes, but there is no further operation on registryOrg for the rest of the function. For example, there is no await registryOrg.save({ options })

By contrast, there is a .save in the rolesToAdd.includes('ADMIN') case.