diff --git a/src/modules/user/user.controller.ts b/src/modules/user/user.controller.ts
index 3903a42..ef5bc29 100644
--- a/src/modules/user/user.controller.ts
+++ b/src/modules/user/user.controller.ts
@@ -1,6 +1,6 @@
 import { User } from '@prisma/client';
 
-import { Body, Controller, Delete, Get, Param, Patch, Put, Req, UseGuards } from '@nestjs/common';
+import { Body, Controller, Delete, Get, Param, Patch, Put, UseGuards } from '@nestjs/common';
 import { AuthGuard } from '@nestjs/passport';
 import { ApiBearerAuth, ApiBody, ApiOkResponse, ApiOperation, ApiTags, ApiUnauthorizedResponse } from '@nestjs/swagger';
 
@@ -23,8 +23,8 @@ export class UserController {
     @ApiOperation({ summary: 'Get user information' })
     @ApiOkResponse({ description: 'User information', type: UserResponseDTO })
     @ApiUnauthorizedResponse({ description: 'Unauthorized' })
-    async getUser(@Req() req: any): Promise<UserResponseDTO> {
-        return await this.userService.findUserById(req.user.id);
+    async getUser(@CurrentUser() user: User): Promise<UserResponseDTO> {
+        return await this.userService.findUserById(user.id);
     }
 
     @Patch('/')
@@ -54,8 +54,8 @@ export class UserController {
     @ApiOperation({ summary: 'Get user information by id' })
     @ApiOkResponse({ description: 'User information', type: UserResponseDTO })
     @ApiUnauthorizedResponse({ description: 'Unauthorized' })
-    async getUserById(@Param('userId') userId: string): Promise<UserResponseDTO> {
-        return await this.userService.findUserById(userId);
+    async getUserById(@CurrentUser() user: User, @Param('userId') userId: string): Promise<UserResponseDTO> {
+        return await this.userService.findUserById(userId, user.id);
     }
 
     @Put('/fcm')
diff --git a/src/modules/user/user.service.ts b/src/modules/user/user.service.ts
index 751febd..cbfa158 100644
--- a/src/modules/user/user.service.ts
+++ b/src/modules/user/user.service.ts
@@ -12,8 +12,21 @@ export class UserService {
         private readonly s3: S3Service,
     ) {}
 
-    async findUserById(id: string) {
-        const user = await this.prisma.user.findUnique({ where: { id } });
+    async findUserById(id: string, userId?: string) {
+        const user = await this.prisma.user.findUnique({
+            where: {
+                id,
+                ...(userId
+                    ? {
+                          plan: {
+                              users: {
+                                  some: { id: userId },
+                              },
+                          },
+                      }
+                    : {}),
+            },
+        });
         if (!user) throw new HttpException('User not found', HttpStatus.NOT_FOUND);
 
         return user;