diff --git a/aleksis/apps/tezor/rules.py b/aleksis/apps/tezor/rules.py
index edc7eded51b8151a25b9d34eb8730eb33f87696e..dd255e16f7e0466da73d52d386f9cc11459baa0c 100644
--- a/aleksis/apps/tezor/rules.py
+++ b/aleksis/apps/tezor/rules.py
@@ -11,7 +11,12 @@ from aleksis.core.util.predicates import (
 
 from .models.base import Client
 from .models.invoice import InvoiceGroup
-from .predicates import has_no_payment_variant, has_payment_variant, is_in_payment_status, is_own_invoice
+from .predicates import (
+    has_no_payment_variant,
+    has_payment_variant,
+    is_in_payment_status,
+    is_own_invoice,
+)
 
 # View clients
 view_clients_predicate = has_person & (
diff --git a/aleksis/apps/tezor/templates/tezor/invoice/full.html b/aleksis/apps/tezor/templates/tezor/invoice/full.html
index 1c506f48a5fb95efa4113640c5d4247786758b78..db740ebf844945c800dcad005a9ebebf1d595f6b 100644
--- a/aleksis/apps/tezor/templates/tezor/invoice/full.html
+++ b/aleksis/apps/tezor/templates/tezor/invoice/full.html
@@ -75,7 +75,7 @@
                   <td>
                     <select name="variant" {% if not can_change_variant %}disabled{% endif %}>
                       {% for choice in object.get_variant_choices %}
-                        <option value="{{ choice.0 }}" {% if object.get_variant_name == choice.0 %}selected{% endif %}>{{ choice.1 }}</option>
+                        <option value="{{ choice.0 }}" {% if object.variant == choice.0 %}selected{% endif %}>{{ choice.1 }}</option>
                       {% endfor %}
                     </select>
                   </td>
diff --git a/aleksis/apps/tezor/views.py b/aleksis/apps/tezor/views.py
index 1870c2b996b4705284aa08e4a266d392ad196c92..fc5cbb143284972bd9a69f3d541bf785407f71dc 100644
--- a/aleksis/apps/tezor/views.py
+++ b/aleksis/apps/tezor/views.py
@@ -1,4 +1,5 @@
 from django.conf import settings
+from django.core.exceptions import PermissionDenied, SuspiciousOperation
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse_lazy
 from django.utils.decorators import method_decorator
@@ -45,14 +46,14 @@ class DoPaymentView(PermissionRequiredMixin, View):
 
         new_variant = request.GET.get("variant", None)
         if new_variant:
-            if xxx_has_perm("tezor.change_payment_variant", self.object):  # FIXME
-                if variant in settings.PAYMENT_VARIANTS:
-                    object.variant = variant
-                    object.save()
+            if request.user.has_perm("tezor.change_payment_variant", self.object):
+                if new_variant in settings.PAYMENT_VARIANTS:
+                    self.object.variant = new_variant
+                    self.object.save()
                 else:
-                    raise xxxbadrequest  # FIXME
+                    raise SuspiciousOperation()
             else:
-                raise permissiondenied  # FIXME
+                raise PermissionDenied()
 
         if self.object.status not in [
             PaymentStatus.WAITING,