update

backend/src/controllers/member.controller.ts

@@ -16,7 +16,9 @@ import {
 type AppRole = 'admin' | 'kommandant' | 'mitglied';
 
 function getRole(req: Request): AppRole {
-  return (req.user as any)?.role ?? 'mitglied';
+  // req.userRole is set by requirePermission() for non-owner paths.
+  // Fall back to req.user.role (JWT claim) and finally to 'mitglied'.
+  return (req as any).userRole ?? (req.user as any)?.role ?? 'mitglied';
 }
 
 function canWrite(req: Request): boolean {
@@ -209,14 +211,16 @@ class MemberController {
         return;
       }
 
-      const profile = await memberService.updateMemberProfile(
+      await memberService.updateMemberProfile(
         userId,
         parseResult.data as any,
         updaterId
       );
 
+      // Return full MemberWithProfile so the frontend state stays consistent
+      const fullMember = await memberService.getMemberById(userId);
       logger.info('updateMember', { userId, updatedBy: updaterId });
-      res.status(200).json({ success: true, data: profile });
+      res.status(200).json({ success: true, data: fullMember });
     } catch (error: any) {
       if (error?.message === 'Mitgliedsprofil nicht gefunden.') {
         res.status(404).json({ success: false, message: error.message });