diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 9f07353..37ffbca 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -99,7 +99,6 @@ public function update(Request $request, User $user) {
         $user->name = $request->name ?? $user->name;
         $user->email = $request->email ?? $user->email;
         $user->password = $request->password ? Hash::make($request->password) : $user->password;
-        $user->email_verified_at = $request->email_verified_at ?? $user->email_verified_at;
 
         //check if the logged in user is updating it's own record
 
@@ -107,6 +106,7 @@ public function update(Request $request, User $user) {
         if ($loggedInUser->id == $user->id) {
             $user->update();
         } elseif ($loggedInUser->tokenCan('admin') || $loggedInUser->tokenCan('super-admin')) {
+            $user->email_verified_at = $request->email_verified_at ?? $user->email_verified_at;
             $user->update();
         } else {
             throw new MissingAbilityException('Not Authorized');