change order of permission checks for user mutation

sillsdev · Jul 7, 2023 · 818fb5c · 818fb5c
1 parent e24d1fa
commit 818fb5c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/backend/LexBoxApi/GraphQL/UserMutations.cs b/backend/LexBoxApi/GraphQL/UserMutations.cs
@@ -20,9 +20,9 @@ public async Task<User> ChangeUserAccountData(
         ChangeUserAccountDataInput input,
         LexBoxDbContext dbContext)
     {
+        if (loggedInContext.User.Id != input.UserId) throw new UnauthorizedAccessException();
         var user = await dbContext.Users.FindAsync(input.UserId);
         if (user is null) throw new NotFoundException("User not found");
-        if (loggedInContext.User.Id != input.UserId) throw new UnauthorizedAccessException();
         // below works to change email
         // minimum email = [email protected]
         // if (input.Email is not null && input.Email != ""){