diff --git a/src/grpc.rs b/src/grpc.rs
index b57bea7..ca75494 100644
--- a/src/grpc.rs
+++ b/src/grpc.rs
@@ -15,7 +15,7 @@ use tonic::{Request, Response, Status};
 /// in user does not have the permission to access this character.
 async fn load_character(
     conn: &sqlx::SqlitePool,
-    logged_in_user: Option<&User>,
+    logged_in_user: Option<User>,
     owner: &str,
     character_id: i32,
 ) -> Result<Character, Error> {
@@ -73,6 +73,18 @@ impl CofdApi for CofdApiService {
         &self,
         request: Request<UpdateSkillValueRequest>, // Accept request of type HelloRequest
     ) -> Result<Response<Skill>, Status> {
+        let user_id: &str = request
+            .metadata()
+            .get("user_id")
+            .and_then(|user_id| user_id.to_str().ok())
+            .ok_or(Error::NotLoggedIn)?;
+
+        let logged_in_user = self
+            .db
+            .load_user(user_id)
+            .await
+            .map_err(|e| Error::from(e))?;
+
         //Can use metadata map to add user id inside interceptor for auth.
         let request = request.into_inner();
         let mut character = load_character(
@@ -96,7 +108,7 @@ impl CofdApi for CofdApiService {
         self.db
             .update_character_sheet(&character)
             .await
-            .map_err(|e| e.into())?; //TODO maybe use crate Error for db
+            .map_err(|e| Error::from(e))?; //TODO maybe use crate Error for db
 
         let reply = Skill::default();