diff --git a/src/components/UserCard.tsx b/src/components/UserCard.tsx
index fa145db3..977af621 100644
--- a/src/components/UserCard.tsx
+++ b/src/components/UserCard.tsx
@@ -143,7 +143,11 @@ const UserCard = ({
 	}, [users, referralAgent]);
 
 	const updateUser = () => {
-		if ((user.type === "corporate" || user.type === "mastercorporate") && (!paymentValue || paymentValue < 0))
+		if (
+			(user.type === "corporate" || user.type === "mastercorporate") &&
+			(!paymentValue || paymentValue < 0) &&
+			["admin", "developer"].includes(loggedInUser.type)
+		)
 			return toast.error("Please set a price for the user's package before updating!");
 
 		if (!confirm(`Are you sure you want to update ${user.name}'s account?`)) return;
diff --git a/src/pages/api/make_user.ts b/src/pages/api/make_user.ts
index ddc483a3..02efef10 100644
--- a/src/pages/api/make_user.ts
+++ b/src/pages/api/make_user.ts
@@ -126,7 +126,7 @@ async function post(req: NextApiRequest, res: NextApiResponse) {
 				const corporateSnapshot = await getDocs(corporateQ);
 
 				if (!corporateSnapshot.empty) {
-					const corporateUser = corporateSnapshot.docs[0].data() as CorporateUser;
+					const corporateUser = {...corporateSnapshot.docs[0].data(), id: corporateSnapshot.docs[0].id} as CorporateUser;
 					await setDoc(doc(db, "codes", code), {creator: corporateUser.id}, {merge: true});
 
 					const q = query(
diff --git a/src/pages/api/user.ts b/src/pages/api/user.ts
index 6240aa18..a6dc627a 100644
--- a/src/pages/api/user.ts
+++ b/src/pages/api/user.ts
@@ -45,8 +45,6 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
 	const targetUser = {...docTargetUser.data(), id: docTargetUser.id} as User;
 
 	if (user.type === "corporate" && (targetUser.type === "student" || targetUser.type === "teacher")) {
-		res.json({ok: true});
-
 		const userParticipantGroup = await getDocs(query(collection(db, "groups"), where("participants", "array-contains", id)));
 		await Promise.all([
 			...userParticipantGroup.docs
@@ -66,14 +64,6 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
 		return;
 	}
 
-	const permission = PERMISSIONS.deleteUser[targetUser.type];
-	if (!permission.list.includes(user.type)) {
-		res.status(403).json({ok: false});
-		return;
-	}
-
-	res.json({ok: true});
-
 	await auth.deleteUser(id);
 	await deleteDoc(doc(db, "users", id));
 	const userCodeDocs = await getDocs(query(collection(db, "codes"), where("userId", "==", id)));
@@ -96,6 +86,8 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
 				),
 		),
 	]);
+
+	res.json({ok: true});
 }
 
 async function get(req: NextApiRequest, res: NextApiResponse) {