X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=bin%2Fmozilla%2Fir.pl;h=1b9a782ad86cb78ef8e32e6438d43287342b5510;hb=86751c7ae29073882765941b5c636a178b2d6d19;hp=cca6d12f1acaad9381f36fd1c63b6e18469f5f3d;hpb=a59c4c737b249602aa34ff33e0c4274b8d50adab;p=kivitendo-erp.git

diff --git a/bin/mozilla/ir.pl b/bin/mozilla/ir.pl
index cca6d12f1..1b9a782ad 100644
--- a/bin/mozilla/ir.pl
+++ b/bin/mozilla/ir.pl
@@ -56,9 +56,10 @@ use strict;
 # end of main
 
 sub _may_view_or_edit_this_invoice {
-  return 1 if  $::auth->assert('ap_transactions', 1); # may edit all invoices
-  return 0 if !$::form->{id};                         # creating new invoices isn't allowed without invoice_edit
-  return 0 if !$::form->{globalproject_id};           # existing records without a project ID are not allowed
+  return 1 if  $::auth->assert('ap_transactions', 1);       # may edit all invoices
+  return 0 if !$::form->{id};                               # creating new invoices isn't allowed without invoice_edit
+  return 1 if  $::auth->assert('purchase_invoice_view', 1); # viewing is allowed with this right
+  return 0 if !$::form->{globalproject_id};                 # existing records without a project ID are not allowed
   return SL::DB::Project->new(id => $::form->{globalproject_id})->load->may_employee_view_project_invoices(SL::DB::Manager::Employee->current);
 }