diff --git a/src/_staart/helpers/authorization.ts b/src/_staart/helpers/authorization.ts
index be663920d..a74f5454f 100644
--- a/src/_staart/helpers/authorization.ts
+++ b/src/_staart/helpers/authorization.ts
@@ -98,8 +98,8 @@ model.loadModelFromText(readFileSync(join(".", "casbin-model.conf"), "utf-8"));
 
 export const can = async (
   subject: number | ApiKeyResponse | AccessTokenResponse,
-  object: string,
-  action: string
+  action: string,
+  object: string
 ) => {
   if (typeof subject === "number") {
     console.log("Subject is", subject);
diff --git a/src/_staart/rest/user.ts b/src/_staart/rest/user.ts
index 0afe61199..71f876913 100644
--- a/src/_staart/rest/user.ts
+++ b/src/_staart/rest/user.ts
@@ -148,7 +148,7 @@ export const deleteUserForUser = async (
   updateUserId: number,
   locals: Locals | any
 ) => {
-  if (!(await can(tokenUserId, `${Acts.DELETE}`, `user-${updateUserId}`)))
+  if (!(await can(tokenUserId, Acts.DELETE, `user-${updateUserId}`)))
     throw new Error(INSUFFICIENT_PERMISSION);
 
   const groupsToDelete = await prisma.groups.findMany({