diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
index be05141..00d7e6d 100644
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@@ -28,6 +28,7 @@ use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Symfony\Component\Routing\Attribute\Route;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
@@ -72,14 +73,14 @@ class UserController extends AbstractController
         $actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier());
 
         // Vérification des droits d'accès supplémentaires
-        if (!$this->userService->hasAccessTo($actingUser)) {
-            $this->loggerService->logAccessDenied($actingUser->getId());
-            throw $this->createAccessDeniedException(self::ACCESS_DENIED);
-        }
+
 
         // Chargement de l'utilisateur cible à afficher
         $user = $this->userRepository->find($id);
-
+        if (!$this->userService->hasAccessTo($user)) {
+            $this->loggerService->logAccessDenied($actingUser->getId());
+            throw new AccessDeniedHttpException (self::ACCESS_DENIED);
+        }
         try {
             // Paramètre optionnel de contexte organisationnel
             $orgId = $request->query->get('organizationId');