diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 858ce25..d56ac92 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -42,6 +42,6 @@ class UsersController < ApplicationController
     end
 
     def init
-      @user = User.find_by_id(params[:id]) || current_user
+      @user ||= current_user
     end
 end
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 17d3ced..9f9d7f3 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -25,7 +25,9 @@ class Ability
   def initialize_user(user)
     can :read, :all
     can :manage, User, id: user.id
-    can :create, Order, user: user
+    can :create, Order do |order|
+      order.user == user
+    end
     can :destroy, Order do |order|
       order.try(:user) == user && order.deletable
     end