From 818fb5c72a6504d94a6255c06d6a902b78988650 Mon Sep 17 00:00:00 2001
From: Kevin Hahn <hahn.kev@gmail.com>
Date: Fri, 7 Jul 2023 15:07:54 +0700
Subject: [PATCH] change order of permission checks for user mutation

---
 backend/LexBoxApi/GraphQL/UserMutations.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/LexBoxApi/GraphQL/UserMutations.cs b/backend/LexBoxApi/GraphQL/UserMutations.cs
index 101325e8e..4a240ff3f 100644
--- a/backend/LexBoxApi/GraphQL/UserMutations.cs
+++ b/backend/LexBoxApi/GraphQL/UserMutations.cs
@@ -20,9 +20,9 @@ public async Task<User> ChangeUserAccountData(
         ChangeUserAccountDataInput input,
         LexBoxDbContext dbContext)
     {
+        if (loggedInContext.User.Id != input.UserId) throw new UnauthorizedAccessException();
         var user = await dbContext.Users.FindAsync(input.UserId);
         if (user is null) throw new NotFoundException("User not found");
-        if (loggedInContext.User.Id != input.UserId) throw new UnauthorizedAccessException();
         // below works to change email
         // minimum email = a@a.a
         // if (input.Email is not null && input.Email != ""){