server/AyaNova/Controllers/UserController.cs

@@ -80,7 +80,7 @@ namespace AyaNova.Api.Controllers
             {
                 return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
             }
-           
+
             return Ok(new ApiOkResponse(o));
         }
 
@@ -297,6 +297,9 @@ namespace AyaNova.Api.Controllers
                 return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
             }
 
+            //Instantiate the business object handler
+            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
+
             //If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
             if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, UserBiz.BizType))
             {
@@ -308,8 +311,7 @@ namespace AyaNova.Api.Controllers
                 return BadRequest(new ApiErrorResponse(ModelState));
             }
 
-            //Instantiate the business object handler
-            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
+
 
             //Create and validate
             User o = await biz.CreateAsync(inObj);
@@ -354,6 +356,9 @@ namespace AyaNova.Api.Controllers
                 return BadRequest(new ApiErrorResponse(ModelState));
             }
 
+            //Instantiate the business object handler
+            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
+
             var dbObj = await ct.User.SingleOrDefaultAsync(m => m.Id == id);
             if (dbObj == null)
             {
@@ -365,8 +370,7 @@ namespace AyaNova.Api.Controllers
                 return StatusCode(401, new ApiNotAuthorizedResponse());
             }
 
-            //Instantiate the business object handler
-            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
+
             if (!biz.Delete(dbObj))
             {
                 return BadRequest(new ApiErrorResponse(biz.Errors));