diff --git a/src/allmende_payment_system/api/shop.py b/src/allmende_payment_system/api/shop.py index 7c84f41..6b43012 100644 --- a/src/allmende_payment_system/api/shop.py +++ b/src/allmende_payment_system/api/shop.py @@ -139,7 +139,7 @@ async def get_order_details( query = select(Order).where(Order.id == order_id) order = session.scalars(query).one() - if user.id != order.user_id: + if order.transaction.account not in user.accounts: raise HTTPException( status_code=403, detail=f"User not authorized to view this order." )