diff --git a/atst/domain/authz/decorator.py b/atst/domain/authz/decorator.py
index 0c1f0952..29d12feb 100644
--- a/atst/domain/authz/decorator.py
+++ b/atst/domain/authz/decorator.py
@@ -13,23 +13,23 @@ from atst.domain.exceptions import UnauthorizedError
 def check_access(permission, message, exception, *args, **kwargs):
     access_args = {"message": message}
 
-    if "portfolio_id" in kwargs:
-        access_args["portfolio"] = Portfolios.get(
-            g.current_user, kwargs["portfolio_id"]
-        )
-
     if "application_id" in kwargs:
         application = Applications.get(kwargs["application_id"])
         access_args["portfolio"] = application.portfolio
 
-    if "task_order_id" in kwargs:
+    elif "task_order_id" in kwargs:
         task_order = TaskOrders.get(kwargs["task_order_id"])
         access_args["portfolio"] = task_order.portfolio
 
-    if "token" in kwargs:
+    elif "token" in kwargs:
         invite = Invitations._get(kwargs["token"])
         access_args["portfolio"] = invite.portfolio_role.portfolio
 
+    elif "portfolio_id" in kwargs:
+        access_args["portfolio"] = Portfolios.get(
+            g.current_user, kwargs["portfolio_id"]
+        )
+
     if exception is not None and exception(g.current_user, **access_args, **kwargs):
         return True