config/spree_permissions.yml in spree-0.8.5 vs config/spree_permissions.yml in spree-0.9.0

@@ -50,18 +50,19 @@
 'UsersController':
   permission1:
     roles : [admin]
     options :
       except : [new, create]   
-      unless : "current_user.id == object.id"
+      unless : "current_user and current_user.id == object.id"
 'OrdersController':
   permission1:
-    roles : [user]
-    options :
-      for : [checkout]   
-      unless : "Spree::Config[:allow_guest_checkout]"
-  permission2:
     # Users can only see their own orders
     roles : [admin]
     options :
       except : [new, create, cvv]   
-      unless : can_access?  #orders_controller may grant access based on presence of token, etc.
\ No newline at end of file
+      unless : can_access?  #orders_controller may grant access based on presence of token, etc.
+'CheckoutsController':
+  permission1:
+    roles : [user]
+    options :
+      for : [update]   
+      unless : "Spree::Config[:allow_guest_checkout]"