From f6bcc4f72a46dca358e29c2e2ba865bf95f0bd7d Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Sun, 26 Apr 2026 15:37:50 +0200
Subject: [PATCH] refactor(audit): extract actorId() helper in UserController

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../familienarchiv/controller/UserController.java   | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/backend/src/main/java/org/raddatz/familienarchiv/controller/UserController.java b/backend/src/main/java/org/raddatz/familienarchiv/controller/UserController.java
index b3753546..b52150f2 100644
--- a/backend/src/main/java/org/raddatz/familienarchiv/controller/UserController.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/controller/UserController.java
@@ -80,8 +80,7 @@ public class UserController {
     @RequirePermission(Permission.ADMIN_USER)
     public ResponseEntity<AppUser> createUser(Authentication authentication,
                                               @Valid @RequestBody CreateUserRequest request) {
-        AppUser actor = userService.findByEmail(authentication.getName());
-        return ResponseEntity.ok(userService.createUserOrUpdate(actor.getId(), request));
+        return ResponseEntity.ok(userService.createUserOrUpdate(actorId(authentication), request));
     }
 
     @PutMapping("/users/{id}")
@@ -89,8 +88,7 @@ public class UserController {
     public ResponseEntity<AppUser> adminUpdateUser(Authentication authentication,
                                                     @PathVariable UUID id,
                                                     @RequestBody AdminUpdateUserRequest dto) {
-        AppUser actor = userService.findByEmail(authentication.getName());
-        AppUser updated = userService.adminUpdateUser(actor.getId(), id, dto);
+        AppUser updated = userService.adminUpdateUser(actorId(authentication), id, dto);
         updated.setPassword(null);
         return ResponseEntity.ok(updated);
     }
@@ -99,9 +97,12 @@ public class UserController {
     @RequirePermission(Permission.ADMIN_USER)
     public ResponseEntity<Void> deleteUser(Authentication authentication,
                                            @PathVariable UUID id) {
-        AppUser actor = userService.findByEmail(authentication.getName());
-        userService.deleteUser(actor.getId(), id);
+        userService.deleteUser(actorId(authentication), id);
         return ResponseEntity.ok().build();
     }
 
+    private UUID actorId(Authentication auth) {
+        return userService.findByEmail(auth.getName()).getId();
+    }
+
 }