diff --git a/server/test/update_user_test.go b/server/test/update_user_test.go
index d072a27..d1f55de 100644
--- a/server/test/update_user_test.go
+++ b/server/test/update_user_test.go
@@ -24,6 +24,12 @@ func updateUserTest(t *testing.T, s TestSetup) {
 		})
 
 		user := *signupRes.User
+		//! - Found out by testing 
+		//! that the 'supplier' role was being accepted by the server
+		//! even though that it doesn't exist in the database.
+		//! (checked it by doing fmt.Println() on role envs)
+		//! But I'm not removing it as there is maybe a reason for it to be be here...
+		//! - Appart from that, by removing it test returns 'unauthorized' successfully
 		adminRole := "supplier"
 		userRole := "user"
 		newRoles := []*string{&adminRole, &userRole}
diff --git a/server/utils/validator.go b/server/utils/validator.go
index f3ac062..280d611 100644
--- a/server/utils/validator.go
+++ b/server/utils/validator.go
@@ -54,8 +54,8 @@ func IsValidOrigin(url string) bool {
 // IsValidRoles validates roles
 func IsValidRoles(userRoles []string, roles []string) bool {
 	valid := true
-	for _, role := range roles {
-		if !StringSliceContains(userRoles, role) {
+	for _, userRole := range userRoles {
+		if !StringSliceContains(roles, userRole) {
 			valid = false
 			break
 		}