Because you’re already in the endpoint controller you can update the entity with no permission check. The normal /update endpoint still performs the check.
Because you’re already in the endpoint controller you can update the entity with no permission check. The normal /update endpoint still performs the check.