- return 1 if $::auth->assert('invoice_edit', 1); # may edit all invoices
- return 0 if !$::form->{id}; # creating new invoices isn't allowed without invoice_edit
- return 0 if !$::form->{globalproject_id}; # existing records without a project ID are not allowed
+ return 1 if $::auth->assert('invoice_edit', 1); # may edit all invoices
+ return 0 if !$::form->{id}; # creating new invoices isn't allowed without invoice_edit
+ return 1 if $::auth->assert('sales_invoice_view', 1); # viewing is allowed with this right
+ return 0 if !$::form->{globalproject_id}; # existing records without a project ID are not allowed