diff --git a/app/hooks/invoices.php b/app/hooks/invoices.php
index a743fd0..49ef38f 100644
--- a/app/hooks/invoices.php
+++ b/app/hooks/invoices.php
@@ -40,10 +40,10 @@ function load_invoice_templates(){
 	 * an error message to the user and stop displaying any data).
 	*/
 
-	function invoices_init(&$options, $memberInfo, &$args) {
-		/* Inserted by Search Page Maker for AppGini on 2020-11-25 06:38:04 */
-		$options->FilterPage = 'hooks/invoices_filter.php';
-		/* End of Search Page Maker for AppGini code */
+	function invoices_init(&$options, $memberInfo, &$args) {
+		/* Inserted by Search Page Maker for AppGini on 2020-11-25 06:38:04 */
+		$options->FilterPage = 'hooks/invoices_filter.php';
+		/* End of Search Page Maker for AppGini code */
 
 		load_invoice_templates();
 
@@ -174,6 +174,8 @@ function invoices_footer($contentType, $memberInfo, &$args) {
 	*/
 
 	function invoices_before_insert(&$data, $memberInfo, &$args) {
+		// can current user view the client to which this invoice is assigned?
+		if(!check_record_permission('clients', $data['client'])) return false;
 
 		return TRUE;
 	}
@@ -227,6 +229,8 @@ function invoices_after_insert($data, $memberInfo, &$args) {
 	*/
 
 	function invoices_before_update(&$data, $memberInfo, &$args) {
+		// can current user view the client to which this invoice is assigned?
+		if(!check_record_permission('clients', $data['client'])) return false;
 
 		return TRUE;
 	}
@@ -376,58 +380,58 @@ function invoices_csv($query, $memberInfo, &$args) {
 	 *   )
 	*/
 
-	function invoices_batch_actions(&$args) {
-		/* Inserted by Mass Update on 2020-11-25 06:59:16 */
-		
-		/*
-		 * Q: How do I return other custom batch commands not defined in mass_update plugin?
-		 * 
-		 * A: Define your commands ABOVE the 'Inserted by Mass Update' comment above 
-		 * in an array named $custom_actions_top to display them above the commands 
-		 * created by the mass_update plugin.
-		 * 
-		 * You can also define commands in an array named $custom_actions_bottom
-		 * (also ABOVE the 'Inserted by Mass Update' comment block) to display them 
-		 * below the commands created by the mass_update plugin.
-		 * 
-		*/
-
-		if(!isset($custom_actions_top) || !is_array($custom_actions_top))
-			$custom_actions_top = array();
-
-		if(!isset($custom_actions_bottom) || !is_array($custom_actions_bottom))
-			$custom_actions_bottom = array();
-
-		$command = array(
-			'1nvkk0q0ckqc7b8migay' => array(
-				'title' => "Mark as paid",
-				'function' => 'massUpdateCommand_1nvkk0q0ckqc7b8migay',
-				'icon' => 'ok'
-			),
-			'xe0xlisfn56ps9sp3p76' => array(
-				'title' => "Mark as cancelled",
-				'function' => 'massUpdateCommand_xe0xlisfn56ps9sp3p76',
-				'icon' => 'remove'
-			),
-		);
-
-		$mi = getMemberInfo();
-		switch($mi['group']) {
-			default:
-				/* for all other logged users, enable the following commands */
-				if($mi['username'] && $mi['username'] != 'guest')
-					return array_merge(
-						$custom_actions_top,
-						array(
-							$command['1nvkk0q0ckqc7b8migay'],
-							$command['xe0xlisfn56ps9sp3p76']
-						),
-						$custom_actions_bottom
-					);
-		}
-
-
-		/* End of Mass Update code */
+	function invoices_batch_actions(&$args) {
+		/* Inserted by Mass Update on 2020-11-25 06:59:16 */
+		
+		/*
+		 * Q: How do I return other custom batch commands not defined in mass_update plugin?
+		 * 
+		 * A: Define your commands ABOVE the 'Inserted by Mass Update' comment above 
+		 * in an array named $custom_actions_top to display them above the commands 
+		 * created by the mass_update plugin.
+		 * 
+		 * You can also define commands in an array named $custom_actions_bottom
+		 * (also ABOVE the 'Inserted by Mass Update' comment block) to display them 
+		 * below the commands created by the mass_update plugin.
+		 * 
+		*/
+
+		if(!isset($custom_actions_top) || !is_array($custom_actions_top))
+			$custom_actions_top = array();
+
+		if(!isset($custom_actions_bottom) || !is_array($custom_actions_bottom))
+			$custom_actions_bottom = array();
+
+		$command = array(
+			'1nvkk0q0ckqc7b8migay' => array(
+				'title' => "Mark as paid",
+				'function' => 'massUpdateCommand_1nvkk0q0ckqc7b8migay',
+				'icon' => 'ok'
+			),
+			'xe0xlisfn56ps9sp3p76' => array(
+				'title' => "Mark as cancelled",
+				'function' => 'massUpdateCommand_xe0xlisfn56ps9sp3p76',
+				'icon' => 'remove'
+			),
+		);
+
+		$mi = getMemberInfo();
+		switch($mi['group']) {
+			default:
+				/* for all other logged users, enable the following commands */
+				if($mi['username'] && $mi['username'] != 'guest')
+					return array_merge(
+						$custom_actions_top,
+						array(
+							$command['1nvkk0q0ckqc7b8migay'],
+							$command['xe0xlisfn56ps9sp3p76']
+						),
+						$custom_actions_bottom
+					);
+		}
+
+
+		/* End of Mass Update code */
 
 
 		return array();