diff --git a/app/Http/Controllers/API/v2/FacilityController.php b/app/Http/Controllers/API/v2/FacilityController.php
index d92a1e5..02d8410 100644
--- a/app/Http/Controllers/API/v2/FacilityController.php
+++ b/app/Http/Controllers/API/v2/FacilityController.php
@@ -979,7 +979,7 @@ function deleteRoster(
             return response()->api(
                 generate_error("Missing staff CID (by)"), 400);
         } else {
-            if ($request->has('by') && (!User::find($request->by) || User::find($request->by)->facility != $facility->id)) {
+            if ($request->has('by') && (!User::find($request->by) || !RoleHelper::isSeniorStaff($request->by, $facility->id, false))) {
                 return response()->api(
                     generate_error("Invalid staff CID"), 400);
             }
@@ -1201,7 +1201,7 @@ function putTransfer(
             return response()->api(
                 generate_error("Missing staff CID (by)"), 400);
         } else {
-            if ($request->has('by') && (!User::find($request->by) || User::find($request->by)->facility != $facility->id)) {
+            if ($request->has('by') && (!User::find($request->by) || !RoleHelper::isSeniorStaff($request->by, $facility->id, false))) {
                 return response()->api(
                     generate_error("Invalid staff CID"), 400);
             }