app/controllers/spree/api/payments_controller.rb in spree_api-2.2.6 vs app/controllers/spree/api/payments_controller.rb in spree_api-2.2.7

@@ -65,10 +65,10 @@
 
       private
 
         def find_order
           @order = Spree::Order.find_by(number: order_id)
-          authorize! :read, @order
+          authorize! :read, @order, order_token
         end
 
         def find_payment
           @payment = @order.payments.find(params[:id])
         end