diff --git a/src/User/Command/EditUserHandler.php b/src/User/Command/EditUserHandler.php
index 3554038b5..5e9c48d38 100644
--- a/src/User/Command/EditUserHandler.php
+++ b/src/User/Command/EditUserHandler.php
@@ -147,6 +147,8 @@ class EditUserHandler
         }
 
         if ($avatarUrl = array_get($attributes, 'avatarUrl')) {
+            $this->assertPermission($canEdit);
+
             $validation = $this->validatorFactory->make(compact('avatarUrl'), ['avatarUrl' => 'url']);
 
             if ($validation->fails()) {
@@ -161,6 +163,8 @@ class EditUserHandler
                 //
             }
         } elseif (array_key_exists('avatarUrl', $attributes)) {
+            $this->assertPermission($canEdit);
+
             $this->avatarUploader->remove($user);
         }