diff --git a/app/initializers/custom-session.js b/app/initializers/custom-session.js
index a4b66b9..08d48b8 100644
--- a/app/initializers/custom-session.js
+++ b/app/initializers/custom-session.js
@@ -1,25 +1,11 @@
-import Session from 'simple-auth/session';
-import parseBase64 from '../utils/parse-base64';
 import Ember from 'ember';
 
-var CustomSession = Session.extend({
-  currentUser: function() {
-    let token = this.get('secure.token');
-    if (!Ember.isEmpty(token)) {
-      let t = parseBase64(token);
-      return this.container.lookup('service:store').find('user', t['sub']);
-    }
-    return null;
-  }.property('secure.token'),
-
-});
-
 export function initialize(container, application) {
-  application.register('session:custom', CustomSession);
+  application.inject('session:custom', '_store', 'service:store');
 }
 
 export default {
   name: 'custom-session',
-  before: 'simple-auth',
+  after: 'ember-data',
   initialize: initialize
 };
diff --git a/app/pods/protected/users/changepassword/controller.js b/app/pods/protected/users/changepassword/controller.js
index a157605..94ce219 100644
--- a/app/pods/protected/users/changepassword/controller.js
+++ b/app/pods/protected/users/changepassword/controller.js
@@ -16,6 +16,7 @@ export default Ember.Controller.extend({
       let options = {
         method: 'POST',
         data: {
+          id: this.get('session.currentUser.id'),
           password: this.get('password'),
         },
       };
diff --git a/app/pods/protected/users/show/route.js b/app/pods/protected/users/show/route.js
index bc22dc0..e812128 100644
--- a/app/pods/protected/users/show/route.js
+++ b/app/pods/protected/users/show/route.js
@@ -1,6 +1,17 @@
 import Ember from 'ember';
 
 export default Ember.Route.extend({
+  beforeModel: function(transition) {
+    this._super(transition);
+
+    this.get('session.currentUser').then((currentUser) => {
+      let user_id = transition.params['protected.users.show'].user_id;
+      if (!currentUser.get('isAdmin') && currentUser.get('id') !== user_id) {
+        this.transitionTo('protected.users.index');
+      }
+    })
+  },
+
   model: function(params) {
     return this.store.findRecord('user', params.user_id, { reload: true });
   },
diff --git a/app/sessions/custom.js b/app/sessions/custom.js
new file mode 100644
index 0000000..e5a8385
--- /dev/null
+++ b/app/sessions/custom.js
@@ -0,0 +1,12 @@
+import Session from 'simple-auth/session';
+import parseBase64 from '../utils/parse-base64';
+
+export default Session.extend({
+  currentUser: function() {
+    let token = this.get('secure.token');
+    if (token && this.get('isAuthenticated')) {
+      let t = parseBase64(token);
+      return this._store.findRecord('user', t['sub']);
+    }
+  }.property('secure.token', 'isAuthenticated')
+});