diff --git a/src/main/kotlin/com/android/trisolarisserver/component/PropertyAccess.kt b/src/main/kotlin/com/android/trisolarisserver/component/PropertyAccess.kt
index fbf5b3e..27165e0 100644
--- a/src/main/kotlin/com/android/trisolarisserver/component/PropertyAccess.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/component/PropertyAccess.kt
@@ -14,15 +14,25 @@ class PropertyAccess(
 ) {
     fun requireMember(propertyId: UUID, userId: UUID) {
         val user = appUserRepo.findById(userId).orElse(null)
-        if (user?.superAdmin == true) return
-        if (!repo.existsByIdPropertyIdAndIdUserId(propertyId, userId))
-            throw AccessDeniedException("No access to property")
+        if (user == null) {
+            throw AccessDeniedException("No access to property (user not found)")
+        }
+        if (user.superAdmin) {
+            return
+        }
+        if (!repo.existsByIdPropertyIdAndIdUserId(propertyId, userId)) {
+            throw AccessDeniedException("No access to property (not a member)")
+        }
     }
 
     fun requireAnyRole(propertyId: UUID, userId: UUID, vararg roles: Role) {
         val user = appUserRepo.findById(userId).orElse(null)
-        if (user?.superAdmin == true) return
-        if (!repo.hasAnyRole(propertyId, userId, roles.toSet()))
-            throw AccessDeniedException("Missing role")
+        if (user == null) {
+            throw AccessDeniedException("Missing role (user not found)")
+        }
+        if (user.superAdmin) return
+        if (!repo.hasAnyRole(propertyId, userId, roles.toSet())) {
+            throw AccessDeniedException("Missing role (no matching roles)")
+        }
     }
 }