diff --git a/Controllers/UsersController.cs b/Controllers/UsersController.cs
index 2b8ee7b..1b22e1a 100644
--- a/Controllers/UsersController.cs
+++ b/Controllers/UsersController.cs
@@ -41,18 +41,17 @@ public IActionResult GetAll()
         [HttpGet("{id}")]
         public IActionResult GetById(int id)
         {
-            var user =  _userService.GetById(id);
-
-            if (user == null) {
-                return NotFound();
-            }
-
             // only allow admins to access other user records
             var currentUserId = int.Parse(User.Identity.Name);
             if (id != currentUserId && !User.IsInRole(Role.Admin)) {
                 return Forbid();
             }
 
+            var user =  _userService.GetById(id);
+
+            if (user == null) {
+                return NotFound();
+            }
             return Ok(user);
         }
     }