X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=bin%2Fmozilla%2Fis.pl;h=57a79af0d813bee1414ea650183d92eef3fad3bd;hb=b4ddf2d433ca367128cdab950d2fcc391657de38;hp=838498033ad1a89cc2098972a1f440bdfd8a81aa;hpb=ab0103527f959128c88217c9b1c96dd873e597eb;p=kivitendo-erp.git

diff --git a/bin/mozilla/is.pl b/bin/mozilla/is.pl
index 838498033..57a79af0d 100644
--- a/bin/mozilla/is.pl
+++ b/bin/mozilla/is.pl
@@ -62,9 +62,10 @@ use strict;
 # end of main
 
 sub _may_view_or_edit_this_invoice {
-  return 1 if  $::auth->assert('invoice_edit', 1); # may edit all invoices
-  return 0 if !$::form->{id};                      # creating new invoices isn't allowed without invoice_edit
-  return 0 if !$::form->{globalproject_id};        # existing records without a project ID are not allowed
+  return 1 if  $::auth->assert('invoice_edit', 1);       # may edit all invoices
+  return 0 if !$::form->{id};                            # creating new invoices isn't allowed without invoice_edit
+  return 1 if  $::auth->assert('sales_invoice_view', 1); # viewing is allowed with this right
+  return 0 if !$::form->{globalproject_id};              # existing records without a project ID are not allowed
   return SL::DB::Project->new(id => $::form->{globalproject_id})->load->may_employee_view_project_invoices(SL::DB::Manager::Employee->current);
 }