diff --git a/app/Http/Controllers/BaseController.php b/app/Http/Controllers/BaseController.php
index 5124097636a9..a9060e47fdec 100644
--- a/app/Http/Controllers/BaseController.php
+++ b/app/Http/Controllers/BaseController.php
@@ -2,13 +2,14 @@
 
 use App\Http\Middleware\PermissionsRequired;
 use Illuminate\Foundation\Bus\DispatchesJobs;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
 use Auth;
 
 class BaseController extends Controller
 {
-    use DispatchesJobs;
+    use DispatchesJobs, AuthorizesRequests;
     
-    protected $model = 'App\Models\EntityModel';
+    protected $entity;
 
     /**
      * Setup the layout used by the controller.
@@ -22,39 +23,21 @@ class BaseController extends Controller
         }
     }
     
-    protected function checkViewPermission($object, &$response = null){
-        if(!$object->canView()){
-            $response = response('Unauthorized.', 401);
-            return false;
-        }
-        return true;
+    protected function authorizeCreate() {
+        $this->authorize('create', $this->entity);
     }
     
-    protected function checkEditPermission($object, &$response = null){
-        if(!$object->canEdit()){
-            $response = response('Unauthorized.', 401);
-            return false;
-        }
-        return true;
-    }
-    
-    protected function checkCreatePermission(&$response = null){
-        if(!call_user_func(array($this->model, 'canCreate'))){
-            $response = response('Unauthorized.', 401);
-            return false;
-        }
-        return true;
-    }
-    
-    protected function checkUpdatePermission($input, &$response = null){
+    protected function authorizeUpdate($input){
         $creating = empty($input['public_id']) || $input['public_id'] == '-1';
         
         if($creating){
-            return $this->checkCreatePermission($response);
+            $this->authorize('create', $this->entity);
         }
         else{
-            $object = call_user_func(array($this->model, 'scope'), $input['public_id'])->firstOrFail();
-            return $this->checkEditPermission($object, $response);
+            $className = ucwords($this->entity, '_');
+            
+            $object = call_user_func(array("App\\Models\\{$className}", 'scope'), $input['public_id'])->firstOrFail();
+            $this->authorize('edit', $object);
         }
     }
 }
diff --git a/app/Http/Controllers/ClientController.php b/app/Http/Controllers/ClientController.php
index 2992eb9a9550..49988ab78b79 100644
--- a/app/Http/Controllers/ClientController.php
+++ b/app/Http/Controllers/ClientController.php
@@ -35,7 +35,7 @@ class ClientController extends BaseController
 {
     protected $clientService;
     protected $clientRepo;
-    protected $model = 'App\Models\Client';
+    protected $entity = ENTITY_CLIENT;
 
     public function __construct(ClientRepository $clientRepo, ClientService $clientService)
     {
@@ -83,9 +83,7 @@ class ClientController extends BaseController
     {
         $data = $request->input();
         
-        if(!$this->checkUpdatePermission($data, $response)){
-            return $response;
-        }
+        $this->authorizeUpdate($data);
                 
         $client = $this->clientService->save($data);
 
@@ -104,17 +102,16 @@ class ClientController extends BaseController
     {
         $client = Client::withTrashed()->scope($publicId)->with('contacts', 'size', 'industry')->firstOrFail();
         
-        if(!$this->checkViewPermission($client, $response)){
-            return $response;
-        }
+        $this->authorize('view', $client);
         
+        $user = Auth::user();
         Utils::trackViewed($client->getDisplayName(), ENTITY_CLIENT);
 
         $actionLinks = [];
-        if(Task::canCreate()){
+        if($user->can('create', ENTITY_TASK)){
             $actionLinks[] = ['label' => trans('texts.new_task'), 'url' => URL::to('/tasks/create/'.$client->public_id)];
         }
-        if (Utils::hasFeature(FEATURE_QUOTES) && Invoice::canCreate()) {
+        if (Utils::hasFeature(FEATURE_QUOTES) && $user->can('create', ENTITY_INVOICE)) {
             $actionLinks[] = ['label' => trans('texts.new_quote'), 'url' => URL::to('/quotes/create/'.$client->public_id)];
         }
         
@@ -122,15 +119,15 @@ class ClientController extends BaseController
             $actionLinks[] = \DropdownButton::DIVIDER;
         }
         
-        if(Payment::canCreate()){
+        if($user->can('create', ENTITY_PAYMENT)){
             $actionLinks[] = ['label' => trans('texts.enter_payment'), 'url' => URL::to('/payments/create/'.$client->public_id)];
         }
         
-        if(Credit::canCreate()){
+        if($user->can('create', ENTITY_CREDIT)){
             $actionLinks[] = ['label' => trans('texts.enter_credit'), 'url' => URL::to('/credits/create/'.$client->public_id)];
         }
         
-        if(Expense::canCreate()){
+        if($user->can('create', ENTITY_EXPENSE)){
             $actionLinks[] = ['label' => trans('texts.enter_expense'), 'url' => URL::to('/expenses/create/0/'.$client->public_id)];
         }
 
@@ -156,9 +153,7 @@ class ClientController extends BaseController
      */
     public function create()
     {
-        if(!$this->checkCreatePermission($response)){
-            return $response;
-        }
+        $this->authorizeCreate();
         
         if (Client::scope()->withTrashed()->count() > Auth::user()->getMaxNumClients()) {
             return View::make('error', ['hideHeader' => true, 'error' => "Sorry, you've exceeded the limit of ".Auth::user()->getMaxNumClients()." clients"]);
@@ -186,9 +181,7 @@ class ClientController extends BaseController
     {
         $client = Client::scope($publicId)->with('contacts')->firstOrFail();
         
-        if(!$this->checkEditPermission($client, $response)){
-            return $response;
-        }
+        $this->authorize('edit', $client);
         
         $data = [
             'client' => $client,
@@ -234,9 +227,7 @@ class ClientController extends BaseController
     {
         $data = $request->input();
         
-        if(!$this->checkUpdatePermission($data, $response)){
-            return $response;
-        }
+        $this->authorizeUpdate($data);
                 
         $client = $this->clientService->save($data);
 
diff --git a/app/Http/Controllers/CreditController.php b/app/Http/Controllers/CreditController.php
index 26085c3d6b32..23577f951389 100644
--- a/app/Http/Controllers/CreditController.php
+++ b/app/Http/Controllers/CreditController.php
@@ -17,7 +17,7 @@ class CreditController extends BaseController
 {
     protected $creditRepo;
     protected $creditService;
-    protected $model = 'App\Models\Credit';
+    protected $entity = ENTITY_CREDIT;
 
     public function __construct(CreditRepository $creditRepo, CreditService $creditService)
     {
@@ -57,9 +57,7 @@ class CreditController extends BaseController
 
     public function create($clientPublicId = 0)
     {
-        if(!$this->checkCreatePermission($response)){
-            return $response;
-        }
+        $this->authorizeCreate();
         
         $data = array(
             'clientPublicId' => Input::old('client') ? Input::old('client') : $clientPublicId,
@@ -78,9 +76,7 @@ class CreditController extends BaseController
     {
         $credit = Credit::scope($publicId)->firstOrFail();
         
-        if(!$this->checkEditPermission($credit, $response)){
-            return $response;
-        }
+        $this->authorize('edit', $credit);
         
         $credit->credit_date = Utils::fromSqlDate($credit->credit_date);
 
diff --git a/app/Http/Controllers/DocumentController.php b/app/Http/Controllers/DocumentController.php
index 15f3ced57fd2..c0e25e773d11 100644
--- a/app/Http/Controllers/DocumentController.php
+++ b/app/Http/Controllers/DocumentController.php
@@ -15,7 +15,7 @@ use App\Ninja\Repositories\DocumentRepository;
 class DocumentController extends BaseController
 {
     protected $documentRepo;
-    protected $model = 'App\Models\Document';
+    protected $entity = ENTITY_DOCUMENT;
 
     public function __construct(DocumentRepository $documentRepo)
     {
@@ -29,9 +29,7 @@ class DocumentController extends BaseController
         $document = Document::scope($publicId)
                         ->firstOrFail();
         
-        if(!$this->checkViewPermission($document, $response)){
-            return $response;
-        }
+        $this->authorize('view', $document);
         
         return static::getDownloadResponse($document);
     }
@@ -67,9 +65,7 @@ class DocumentController extends BaseController
         $document = Document::scope($publicId)
                         ->firstOrFail();
         
-        if(!$this->checkViewPermission($document, $response)){
-            return $response;
-        }
+        $this->authorize('view', $document);
         
         if(empty($document->preview)){
             return Response::view('error', array('error'=>'Preview does not exist!'), 404);
@@ -95,9 +91,7 @@ class DocumentController extends BaseController
             $name = substr($name, 0, -3);
         }
         
-        if(!$this->checkViewPermission($document, $response)){
-            return $response;
-        }
+        $this->authorize('view', $document);
         
         if(!$document->isPDFEmbeddable()){
             return Response::view('error', array('error'=>'Image does not exist!'), 404);
@@ -118,9 +112,7 @@ class DocumentController extends BaseController
             return;
         }
         
-        if(!$this->checkCreatePermission($response)){
-            return $response;
-        }
+        $this->authorizeCreate();
                 
         $result = $this->documentRepo->upload(Input::all()['file'], $doc_array);
                 
diff --git a/app/Http/Controllers/ExpenseController.php b/app/Http/Controllers/ExpenseController.php
index b8e82cddda48..e53122e46dcb 100644
--- a/app/Http/Controllers/ExpenseController.php
+++ b/app/Http/Controllers/ExpenseController.php
@@ -25,7 +25,7 @@ class ExpenseController extends BaseController
     // Expenses
     protected $expenseRepo;
     protected $expenseService;
-    protected $model = 'App\Models\Expense';
+    protected $entity = ENTITY_EXPENSE;
 
     public function __construct(ExpenseRepository $expenseRepo, ExpenseService $expenseService)
     {
@@ -71,9 +71,7 @@ class ExpenseController extends BaseController
 
     public function create($vendorPublicId = null, $clientPublicId = null)
     {
-        if(!$this->checkCreatePermission($response)){
-            return $response;
-        }
+        $this->authorizeCreate();
         
         if($vendorPublicId != 0) {
             $vendor = Vendor::scope($vendorPublicId)->with('vendorcontacts')->firstOrFail();
@@ -101,9 +99,7 @@ class ExpenseController extends BaseController
     {
         $expense = Expense::scope($publicId)->with('documents')->firstOrFail();
         
-        if(!$this->checkEditPermission($expense, $response)){
-            return $response;
-        }
+        $this->authorize('edit', $expense);
         
         $expense->expense_date = Utils::fromSqlDate($expense->expense_date);
         
@@ -160,9 +156,7 @@ class ExpenseController extends BaseController
         $data = $request->input();
         $data['documents'] = $request->file('documents');
         
-        if(!$this->checkUpdatePermission($data, $response)){
-            return $response;
-        }
+        $this->authorizeUpdate($data);
         
         $expense = $this->expenseService->save($data, true);
 
@@ -181,9 +175,7 @@ class ExpenseController extends BaseController
         $data = $request->input();
         $data['documents'] = $request->file('documents');
         
-        if(!$this->checkUpdatePermission($data, $response)){
-            return $response;
-        }
+        $this->authorizeUpdate($data);
         
         $expense = $this->expenseService->save($data);
 
diff --git a/app/Http/Controllers/InvoiceController.php b/app/Http/Controllers/InvoiceController.php
index 774ed7a7a70c..79ce2aee93b1 100644
--- a/app/Http/Controllers/InvoiceController.php
+++ b/app/Http/Controllers/InvoiceController.php
@@ -37,7 +37,7 @@ class InvoiceController extends BaseController
     protected $documentRepo;
     protected $invoiceService;
     protected $recurringInvoiceService;
-    protected $model = 'App\Models\Invoice';
+    protected $entity = ENTITY_INVOICE;
 
     public function __construct(Mailer $mailer, InvoiceRepository $invoiceRepo, ClientRepository $clientRepo, InvoiceService $invoiceService, DocumentRepository $documentRepo, RecurringInvoiceService $recurringInvoiceService)
     {
@@ -96,9 +96,7 @@ class InvoiceController extends BaseController
                         ->withTrashed()
                         ->firstOrFail();
         
-        if(!$this->checkEditPermission($invoice, $response)){
-            return $response;
-        }
+        $this->authorize('edit', $invoice);
         
         $entityType = $invoice->getEntityType();
 
@@ -233,9 +231,7 @@ class InvoiceController extends BaseController
 
     public function create($clientPublicId = 0, $isRecurring = false)
     {
-        if(!$this->checkCreatePermission($response)){
-            return $response;
-        }
+        $this->authorizeCreate();
         
         $account = Auth::user()->account;
         $entityType = $isRecurring ? ENTITY_RECURRING_INVOICE : ENTITY_INVOICE;
@@ -404,9 +400,7 @@ class InvoiceController extends BaseController
         $data = $request->input();
         $data['documents'] = $request->file('documents');
         
-        if(!$this->checkUpdatePermission($data, $response)){
-            return $response;
-        }
+        $this->authorizeUpdate($data);
                 
         $action = Input::get('action');
         $entityType = Input::get('entityType');
@@ -445,9 +439,7 @@ class InvoiceController extends BaseController
         $data = $request->input();
         $data['documents'] = $request->file('documents');
         
-        if(!$this->checkUpdatePermission($data, $response)){
-            return $response;
-        }
+        $this->authorizeUpdate($data);
         
         $action = Input::get('action');
         $entityType = Input::get('entityType');
diff --git a/app/Http/Controllers/PaymentController.php b/app/Http/Controllers/PaymentController.php
index 1f53b4a0bc54..4654a3e69856 100644
--- a/app/Http/Controllers/PaymentController.php
+++ b/app/Http/Controllers/PaymentController.php
@@ -30,7 +30,7 @@ use App\Http\Requests\UpdatePaymentRequest;
 
 class PaymentController extends BaseController
 {
-    protected $model = 'App\Models\Payment';
+    protected $entity = ENTITY_PAYMENT;
     
     public function __construct(PaymentRepository $paymentRepo, InvoiceRepository $invoiceRepo, AccountRepository $accountRepo, ContactMailer $contactMailer, PaymentService $paymentService)
     {
@@ -69,9 +69,7 @@ class PaymentController extends BaseController
 
     public function create($clientPublicId = 0, $invoicePublicId = 0)
     {
-        if(!$this->checkCreatePermission($response)){
-            return $response;
-        }
+        $this->authorizeCreate();
         
         $invoices = Invoice::scope()
                     ->where('is_recurring', '=', false)
@@ -100,9 +98,7 @@ class PaymentController extends BaseController
     {
         $payment = Payment::scope($publicId)->firstOrFail();
         
-        if(!$this->checkEditPermission($payment, $response)){
-            return $response;
-        }
+        $this->authorize('edit', $payment);
         
         $payment->payment_date = Utils::fromSqlDate($payment->payment_date);
 
@@ -594,9 +590,7 @@ class PaymentController extends BaseController
     {
         $input = $request->input();
         
-        if(!$this->checkUpdatePermission($input, $response)){
-            return $response;
-        }
+        $this->authorizeUpdate($data);
         
         $input['invoice_id'] = Invoice::getPrivateId($input['invoice']);
         $input['client_id'] = Client::getPrivateId($input['client']);
@@ -616,9 +610,7 @@ class PaymentController extends BaseController
     {
         $input = $request->input();
                 
-        if(!$this->checkUpdatePermission($input, $response)){
-            return $response;
-        }
+        $this->authorizeUpdate($data);
         
         $payment = $this->paymentRepo->save($input);
 
diff --git a/app/Http/Controllers/QuoteController.php b/app/Http/Controllers/QuoteController.php
index 4aaa504bfd1b..e2228ab2a0c0 100644
--- a/app/Http/Controllers/QuoteController.php
+++ b/app/Http/Controllers/QuoteController.php
@@ -33,7 +33,7 @@ class QuoteController extends BaseController
     protected $invoiceRepo;
     protected $clientRepo;
     protected $invoiceService;
-    protected $model = 'App\Models\Invoice';
+    protected $entity = ENTITY_INVOICE;
 
     public function __construct(Mailer $mailer, InvoiceRepository $invoiceRepo, ClientRepository $clientRepo, InvoiceService $invoiceService)
     {
@@ -80,9 +80,7 @@ class QuoteController extends BaseController
 
     public function create($clientPublicId = 0)
     {
-        if(!$this->checkCreatePermission($response)){
-            return $response;
-        }
+        $this->authorizeCreate();
         
         if (!Utils::hasFeature(FEATURE_QUOTES)) {
             return Redirect::to('/invoices/create');
diff --git a/app/Http/Controllers/TaskController.php b/app/Http/Controllers/TaskController.php
index 59f49da2514f..7ff19436ead2 100644
--- a/app/Http/Controllers/TaskController.php
+++ b/app/Http/Controllers/TaskController.php
@@ -22,7 +22,7 @@ class TaskController extends BaseController
 {
     protected $taskRepo;
     protected $taskService;
-    protected $model = 'App\Models\Task';
+    protected $entity = ENTITY_TASK;
 
     public function __construct(TaskRepository $taskRepo, InvoiceRepository $invoiceRepo, TaskService $taskService)
     {
@@ -85,9 +85,7 @@ class TaskController extends BaseController
      */
     public function create($clientPublicId = 0)
     {
-        if(!$this->checkCreatePermission($response)){
-            return $response;
-        }
+        $this->authorizeCreate();
         $this->checkTimezone();
 
         $data = [
@@ -117,9 +115,7 @@ class TaskController extends BaseController
 
         $task = Task::scope($publicId)->with('client', 'invoice')->withTrashed()->firstOrFail();
 
-        if(!$this->checkEditPermission($task, $response)){
-            return $response;
-        }
+        $this->authorize('edit', $task);
         
         $actions = [];
         if ($task->invoice) {
@@ -184,9 +180,7 @@ class TaskController extends BaseController
     {
         $action = Input::get('action');
         
-        if(!$this->checkUpdatePermission(array('public_id'=>$publicId)/* Hacky, but works */, $response)){
-            return $response;
-        }
+        $this->authorizeUpdate(array('public_id'=>$publicId)/* Hacky, but works */);
 
         if (in_array($action, ['archive', 'delete', 'restore'])) {
             return self::bulk();
diff --git a/app/Http/Controllers/VendorController.php b/app/Http/Controllers/VendorController.php
index b337c1df29e7..00f5bbe83e4d 100644
--- a/app/Http/Controllers/VendorController.php
+++ b/app/Http/Controllers/VendorController.php
@@ -30,7 +30,7 @@ class VendorController extends BaseController
 {
     protected $vendorService;
     protected $vendorRepo;
-    protected $model = 'App\Models\Vendor';
+    protected $entity = ENTITY_VENDOR;
 
     public function __construct(VendorRepository $vendorRepo, VendorService $vendorService)
     {
@@ -79,9 +79,7 @@ class VendorController extends BaseController
     {
         $data = $request->input();
         
-        if(!$this->checkUpdatePermission($data, $response)){
-            return $response;
-        }
+        $this->authorizeUpdate($data);
                 
         $vendor = $this->vendorService->save($data);
 
@@ -100,9 +98,7 @@ class VendorController extends BaseController
     {
         $vendor = Vendor::withTrashed()->scope($publicId)->with('vendorcontacts', 'size', 'industry')->firstOrFail();
         
-        if(!$this->checkViewPermission($vendor, $response)){
-            return $response;
-        }
+        $this->authorize('view', $vendor);
         
         Utils::trackViewed($vendor->getDisplayName(), 'vendor');
 
@@ -131,9 +127,7 @@ class VendorController extends BaseController
      */
     public function create()
     {
-        if(!$this->checkCreatePermission($response)){
-            return $response;
-        }
+        $this->authorizeCreate();
         
         if (Vendor::scope()->count() > Auth::user()->getMaxNumVendors()) {
             return View::make('error', ['hideHeader' => true, 'error' => "Sorry, you've exceeded the limit of ".Auth::user()->getMaxNumVendors()." vendors"]);
@@ -161,9 +155,7 @@ class VendorController extends BaseController
     {
         $vendor = Vendor::scope($publicId)->with('vendorcontacts')->firstOrFail();
         
-        if(!$this->checkEditPermission($vendor, $response)){
-            return $response;
-        }
+        $this->authorize('edit', $vendor)
         
         $data = [
             'vendor' => $vendor,
@@ -203,9 +195,7 @@ class VendorController extends BaseController
     {
         $data = $request->input();
         
-        if(!$this->checkUpdatePermission($data, $response)){
-            return $response;
-        }
+        $this->authorizeUpdate($data);
                 
         $vendor = $this->vendorService->save($data);
 
diff --git a/app/Models/Document.php b/app/Models/Document.php
index 96051d9db1b2..0d7fc049aac8 100644
--- a/app/Models/Document.php
+++ b/app/Models/Document.php
@@ -222,20 +222,6 @@ class Document extends EntityModel
         
         return $document;
     }
-    
-    public static function canCreate(){
-        return true;
-    }
-    
-    public static function canViewItem($document){
-        if(Auth::user()->hasPermission('view_all'))return true;
-        if($document->expense){
-            if($document->expense->invoice)return $document->expense->invoice->canView();
-            return $document->expense->canView();
-        }
-        if($document->invoice)return $document->invoice->canView();
-        return Auth::user()->id == $item->user_id;
-    }
 }
 
 Document::deleted(function ($document) {
diff --git a/app/Models/EntityModel.php b/app/Models/EntityModel.php
index 53bb1d0d1a48..8d0da39d3fab 100644
--- a/app/Models/EntityModel.php
+++ b/app/Models/EntityModel.php
@@ -118,56 +118,4 @@ class EntityModel extends Eloquent
         $name = $parts[count($parts)-1];
         return strtolower($name) . '_id';
     }
-    
-    public static function canCreate() {
-        return Auth::user()->hasPermission('create_all');
-    }
-    
-    public function canEdit() {
-        return static::canEditItem($this);
-    }
-    
-    public static function canEditItem($item) {
-        return Auth::user()->hasPermission('edit_all') || (isset($item->user_id) && Auth::user()->id == $item->user_id);
-    }
-    
-    public static function canEditItemById($item_id) {
-        if(Auth::user()->hasPermission('edit_all')) {
-            return true;
-        }
-        
-        return static::whereId($item_id)->first()->user_id == Auth::user()->id;
-    }
-    
-    public static function canEditItemByOwner($user_id) {
-        if(Auth::user()->hasPermission('edit_all')) {
-            return true;
-        }
-        
-        return Auth::user()->id == $user_id;
-    }
-    
-    public function canView() {
-        return static::canViewItem($this);
-    }
-    
-    public static function canViewItem($item) {
-        return Auth::user()->hasPermission('view_all') || (isset($item->user_id) && Auth::user()->id == $item->user_id);
-    }
-    
-    public static function canViewItemById($item_id) {
-        if(Auth::user()->hasPermission('view_all')) {
-            return true;
-        }
-        
-        return static::whereId($item_id)->first()->user_id == Auth::user()->id;
-    }
-    
-    public static function canViewItemByOwner($user_id) {
-        if(Auth::user()->hasPermission('view_all')) {
-            return true;
-        }
-        
-        return Auth::user()->id == $user_id;
-    }
 }
diff --git a/app/Models/Product.php b/app/Models/Product.php
index 4098c67063d2..8de7c7ac5b2c 100644
--- a/app/Models/Product.php
+++ b/app/Models/Product.php
@@ -22,8 +22,4 @@ class Product extends EntityModel
     {
         return $this->belongsTo('App\Models\TaxRate');
     }
-    
-    public function canEdit() {
-        return Auth::user()->hasPermission('admin');
-    }
 }
diff --git a/app/Models/TaxRate.php b/app/Models/TaxRate.php
index cf0a576a8f0d..72ad266b07d8 100644
--- a/app/Models/TaxRate.php
+++ b/app/Models/TaxRate.php
@@ -17,8 +17,4 @@ class TaxRate extends EntityModel
     {
         return ENTITY_TAX_RATE;
     }
-    
-    public function canEdit() {
-        return Auth::user()->hasPermission('admin');
-    }
 }
diff --git a/app/Models/User.php b/app/Models/User.php
index 32a4960a8482..71069d25821c 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -7,20 +7,22 @@ use App\Libraries\Utils;
 use App\Events\UserSettingsChanged;
 use App\Events\UserSignedUp;
 use Illuminate\Auth\Authenticatable;
+use Illuminate\Foundation\Auth\Access\Authorizable;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Auth\Passwords\CanResetPassword;
 use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
+use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
 use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
 use Illuminate\Database\Eloquent\SoftDeletes;
 
-class User extends Model implements AuthenticatableContract, CanResetPasswordContract {
+class User extends Model implements AuthenticatableContract, AuthorizableContract, CanResetPasswordContract {
     public static $all_permissions = array(
         'create_all' => 0b0001,
         'view_all' => 0b0010,
         'edit_all' => 0b0100,
     );    
     
-    use Authenticatable, CanResetPassword;
+    use Authenticatable, Authorizable, CanResetPassword;
 
     /**
      * The database table used by the model.
@@ -326,6 +328,10 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
         
         return false;
     }
+    
+    public function owns($entity) {
+        return !empty($entity->user_id) && $entity->user_id == $this->id;
+    }
 }
 
 User::updating(function ($user) {
diff --git a/app/Ninja/Repositories/ExpenseRepository.php b/app/Ninja/Repositories/ExpenseRepository.php
index aae7729c474d..3492740d6a94 100644
--- a/app/Ninja/Repositories/ExpenseRepository.php
+++ b/app/Ninja/Repositories/ExpenseRepository.php
@@ -2,6 +2,7 @@
 
 use DB;
 use Utils;
+use Auth;
 use App\Models\Expense;
 use App\Models\Vendor;
 use App\Models\Document;
@@ -159,14 +160,14 @@ class ExpenseRepository extends BaseRepository
         $document_ids = !empty($input['document_ids'])?array_map('intval', $input['document_ids']):array();;
         foreach ($document_ids as $document_id){
             $document = Document::scope($document_id)->first();
-            if($document && !$checkSubPermissions || $document->canEdit()){
+            if($document && !$checkSubPermissions || Auth::user()->can('edit', $document)){
                 $document->invoice_id = null;
                 $document->expense_id = $expense->id;
                 $document->save();
             }
         }
         
-        if(!empty($input['documents']) && Document::canCreate()){
+        if(!empty($input['documents']) && Auth::user()->can('create', ENTITY_DOCUMENT)){
             // Fallback upload
             $doc_errors = array();
             foreach($input['documents'] as $upload){
diff --git a/app/Ninja/Repositories/InvoiceRepository.php b/app/Ninja/Repositories/InvoiceRepository.php
index 6b41db461a31..b84536e88c9d 100644
--- a/app/Ninja/Repositories/InvoiceRepository.php
+++ b/app/Ninja/Repositories/InvoiceRepository.php
@@ -3,6 +3,7 @@
 use DB;
 use Utils;
 use Session;
+use Auth;
 use App\Models\Invoice;
 use App\Models\InvoiceItem;
 use App\Models\Invitation;
@@ -418,7 +419,7 @@ class InvoiceRepository extends BaseRepository
         $document_ids = !empty($data['document_ids'])?array_map('intval', $data['document_ids']):array();;
         foreach ($document_ids as $document_id){
             $document = Document::scope($document_id)->first();
-            if($document && !$checkSubPermissions || $document->canEdit()){
+            if($document && !$checkSubPermissions || Auth::user()->can('edit', $document)){
                 
                 if($document->invoice_id && $document->invoice_id != $invoice->id){
                     // From a clone
@@ -432,7 +433,7 @@ class InvoiceRepository extends BaseRepository
             }
         }
         
-        if(!empty($data['documents']) && Document::canCreate()){
+        if(!empty($data['documents']) && Auth::user()->can('create', ENTITY_DOCUMENT)){
             // Fallback upload
             $doc_errors = array();
             foreach($data['documents'] as $upload){
@@ -471,7 +472,7 @@ class InvoiceRepository extends BaseRepository
             $task = false;
             if (isset($item['task_public_id']) && $item['task_public_id']) {
                 $task = Task::scope($item['task_public_id'])->where('invoice_id', '=', null)->firstOrFail();
-                if(!$checkSubPermissions || $task->canEdit()){
+                if(!$checkSubPermissions || Auth::user()->can('edit', $task)){
                     $task->invoice_id = $invoice->id;
                     $task->client_id = $invoice->client_id;
                     $task->save();
@@ -481,7 +482,7 @@ class InvoiceRepository extends BaseRepository
             $expense = false;
             if (isset($item['expense_public_id']) && $item['expense_public_id']) {
                 $expense = Expense::scope($item['expense_public_id'])->where('invoice_id', '=', null)->firstOrFail();
-                if(!$checkSubPermissions || $expense->canEdit()){
+                if(!$checkSubPermissions || Auth::user()->can('edit', $expense)){
                     $expense->invoice_id = $invoice->id;
                     $expense->client_id = $invoice->client_id;
                     $expense->save();
@@ -492,7 +493,7 @@ class InvoiceRepository extends BaseRepository
                 if (\Auth::user()->account->update_products && ! strtotime($productKey)) {
                     $product = Product::findProductByKey($productKey);
                     if (!$product) {
-                        if(!$checkSubPermissions || Product::canCreate()){
+                        if(!$checkSubPermissions || Auth::user()->can('create', ENTITY_PRODUCT)){
                             $product = Product::createNew();
                             $product->product_key = trim($item['product_key']);
                         }
@@ -500,7 +501,7 @@ class InvoiceRepository extends BaseRepository
                             $product = null;
                         }
                     }
-                    if($product && (!$checkSubPermissions || $product->canEdit())){
+                    if($product && (!$checkSubPermissions || Auth::user()->can('edit', $product))){
                         $product->notes = ($task || $expense) ? '' : $item['notes'];
                         $product->cost = $expense ? 0 : $item['cost'];
                         $product->save();
diff --git a/app/Ninja/Repositories/PaymentRepository.php b/app/Ninja/Repositories/PaymentRepository.php
index a027cb62aedb..85dfab9964f8 100644
--- a/app/Ninja/Repositories/PaymentRepository.php
+++ b/app/Ninja/Repositories/PaymentRepository.php
@@ -64,7 +64,14 @@ class PaymentRepository extends BaseRepository
 
         if ($filter) {
             $query->where(function ($query) use ($filter) {
-                $query->where('clients.name', 'like', '%'.$filter.'%');
+                $query->where('clients.name', 'like', '%'.$filter.'%')
+                      ->orWhere('invoices.invoice_number', 'like', '%'.$filter.'%')
+                      ->orWhere('payments.transaction_reference', 'like', '%'.$filter.'%')
+                      ->orWhere('gateways.name', 'like', '%'.$filter.'%')
+                      ->orWhere('payment_types.name', 'like', '%'.$filter.'%')
+                      ->orWhere('contacts.first_name', 'like', '%'.$filter.'%')
+                      ->orWhere('contacts.last_name', 'like', '%'.$filter.'%')
+                      ->orWhere('contacts.email', 'like', '%'.$filter.'%');
             });
         }
 
diff --git a/app/Policies/ClientPolicy.php b/app/Policies/ClientPolicy.php
new file mode 100644
index 000000000000..4610c139fbfa
--- /dev/null
+++ b/app/Policies/ClientPolicy.php
@@ -0,0 +1,5 @@
+<?php
+
+namespace App\Policies;
+
+class ClientPolicy extends EntityPolicy {}
\ No newline at end of file
diff --git a/app/Policies/CreditPolicy.php b/app/Policies/CreditPolicy.php
new file mode 100644
index 000000000000..539bc7e51889
--- /dev/null
+++ b/app/Policies/CreditPolicy.php
@@ -0,0 +1,5 @@
+<?php
+
+namespace App\Policies;
+
+class CreditPolicy extends EntityPolicy {}
\ No newline at end of file
diff --git a/app/Policies/DocumentPolicy.php b/app/Policies/DocumentPolicy.php
new file mode 100644
index 000000000000..955801f19498
--- /dev/null
+++ b/app/Policies/DocumentPolicy.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Policies;
+
+class DocumentPolicy extends EntityPolicy {
+	public static function create($user){
+        return !empty($user);
+    }
+	
+	public static function view($user, $document) {
+		if($user->hasPermission('view_all'))return true;
+		if($document->expense){
+			if($document->expense->invoice)return $user->can('view', $document->expense->invoice);
+			return $user->can('view', $document->expense);
+		}
+		if($document->invoice)return $user->can('view', $document->invoice);
+		
+		return $user->owns($item);
+    }
+}
\ No newline at end of file
diff --git a/app/Policies/EntityPolicy.php b/app/Policies/EntityPolicy.php
new file mode 100644
index 000000000000..4c5e8ded9d07
--- /dev/null
+++ b/app/Policies/EntityPolicy.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\User;
+use App\Models\EntityModel;
+
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class EntityPolicy
+{
+    use HandlesAuthorization;
+    
+    public static function create($user) {
+        return $user->hasPermission('create_all');
+    }
+    
+    public static function edit($user, $item) {
+        return $user->hasPermission('edit_all') || $user->owns($item);
+    }
+    
+    public static function view($user, $item) {
+        return $user->hasPermission('view_all') || $user->owns($item);
+    }
+    
+    public static function viewByOwner($user, $ownerUserId) {
+        return $user->hasPermission('view_all') || $user->id == $ownerUserId;
+    }
+    
+    public static function editByOwner($user, $ownerUserId) {
+        return $user->hasPermission('edit_all') || $user->id == $ownerUserId;
+    }
+}
\ No newline at end of file
diff --git a/app/Policies/ExpensePolicy.php b/app/Policies/ExpensePolicy.php
new file mode 100644
index 000000000000..4fdac4d627aa
--- /dev/null
+++ b/app/Policies/ExpensePolicy.php
@@ -0,0 +1,5 @@
+<?php
+
+namespace App\Policies;
+
+class ExpensePolicy extends EntityPolicy {}
\ No newline at end of file
diff --git a/app/Policies/GenericEntityPolicy.php b/app/Policies/GenericEntityPolicy.php
new file mode 100644
index 000000000000..dab0aab1bc93
--- /dev/null
+++ b/app/Policies/GenericEntityPolicy.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\User;
+
+use Illuminate\Auth\Access\HandlesAuthorization;
+
+class GenericEntityPolicy
+{
+    use HandlesAuthorization;
+    
+    public static function editByOwner($user, $itemType, $ownerUserId) {
+        $itemType = ucwords($itemType, '_');
+        if (method_exists("App\\Policies\\{$itemType}Policy", 'editByOwner')) {
+            return call_user_func(array("App\\Policies\\{$itemType}Policy", 'editByOwner'), $user, $ownerUserId);
+        }
+        
+        return false;
+    }
+    
+    public static function viewByOwner($user, $itemType, $ownerUserId) {
+        $itemType = ucwords($itemType, '_');
+        if (method_exists("App\\Policies\\{$itemType}Policy", 'viewByOwner')) {
+            return call_user_func(array("App\\Policies\\{$itemType}Policy", 'viewByOwner'), $user, $ownerUserId);
+        }
+        
+        return false;
+    }
+    
+    public static function create($user, $itemType) {
+        $itemType = ucwords($itemType, '_');        
+        if (method_exists("App\\Policies\\{$itemType}Policy", 'create')) {
+            return call_user_func(array("App\\Policies\\{$itemType}Policy", 'create'), $user);
+        }
+        
+        return false;
+    }
+}
\ No newline at end of file
diff --git a/app/Policies/InvoicePolicy.php b/app/Policies/InvoicePolicy.php
new file mode 100644
index 000000000000..a51a099a6814
--- /dev/null
+++ b/app/Policies/InvoicePolicy.php
@@ -0,0 +1,5 @@
+<?php
+
+namespace App\Policies;
+
+class InvoicePolicy extends EntityPolicy {}
\ No newline at end of file
diff --git a/app/Policies/PaymentPolicy.php b/app/Policies/PaymentPolicy.php
new file mode 100644
index 000000000000..e9c3fc582a3f
--- /dev/null
+++ b/app/Policies/PaymentPolicy.php
@@ -0,0 +1,5 @@
+<?php
+
+namespace App\Policies;
+
+class PaymentPolicy extends EntityPolicy {}
\ No newline at end of file
diff --git a/app/Policies/ProductPolicy.php b/app/Policies/ProductPolicy.php
new file mode 100644
index 000000000000..d9dd62c34e9b
--- /dev/null
+++ b/app/Policies/ProductPolicy.php
@@ -0,0 +1,9 @@
+<?php
+
+namespace App\Policies;
+
+class VendorPolicy extends EntityPolicy {
+	public static function edit($user, $item) {
+        return $user->hasPermission('admin');
+    }
+}
\ No newline at end of file
diff --git a/app/Policies/TaskPolicy.php b/app/Policies/TaskPolicy.php
new file mode 100644
index 000000000000..b1fbe2902974
--- /dev/null
+++ b/app/Policies/TaskPolicy.php
@@ -0,0 +1,5 @@
+<?php
+
+namespace App\Policies;
+
+class TaskPolicy extends EntityPolicy {}
\ No newline at end of file
diff --git a/app/Policies/TaxRatePolicy.php b/app/Policies/TaxRatePolicy.php
new file mode 100644
index 000000000000..eb872e51f850
--- /dev/null
+++ b/app/Policies/TaxRatePolicy.php
@@ -0,0 +1,9 @@
+<?php
+
+namespace App\Policies;
+
+class TaxRatePolicy extends EntityPolicy {
+	public static function edit($user, $item) {
+        return $user->hasPermission('admin');
+    }
+}
\ No newline at end of file
diff --git a/app/Policies/VendorPolicy.php b/app/Policies/VendorPolicy.php
new file mode 100644
index 000000000000..681cdcb50240
--- /dev/null
+++ b/app/Policies/VendorPolicy.php
@@ -0,0 +1,5 @@
+<?php
+
+namespace App\Policies;
+
+class VendorPolicy extends EntityPolicy {}
\ No newline at end of file
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 4a55807e4f0f..e7587e48b11a 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -54,33 +54,32 @@ class AppServiceProvider extends ServiceProvider {
             $Type = ucfirst($type);
             $Types = ucfirst($types);
             $class = ( Request::is($types) || Request::is('*'.$type.'*')) && !Request::is('*settings*') ? ' active' : '';
+            $user = Auth::user();
 
             $str = '<li class="dropdown '.$class.'">
                    <a href="'.URL::to($types).'" class="dropdown-toggle">'.trans("texts.$types").'</a>';
                    
             $items = [];
                        
-            if(Auth::user()->hasPermission('create_all')){
-                   $items[] = '<li><a href="'.URL::to($types.'/create').'">'.trans("texts.new_$type").'</a></li>';
-            }
+            if($user->can('create', $type))$items[] = '<li><a href="'.URL::to($types.'/create').'">'.trans("texts.new_$type").'</a></li>';
                     
             if ($type == ENTITY_INVOICE) {
                 if(!empty($items))$items[] = '<li class="divider"></li>';
                 $items[] = '<li><a href="'.URL::to('recurring_invoices').'">'.trans("texts.recurring_invoices").'</a></li>';
-                if(Invoice::canCreate())$items[] = '<li><a href="'.URL::to('recurring_invoices/create').'">'.trans("texts.new_recurring_invoice").'</a></li>';
-                if (Auth::user()->hasFeature(FEATURE_QUOTES)) {
+                if($user->can('create', ENTITY_INVOICE))$items[] = '<li><a href="'.URL::to('recurring_invoices/create').'">'.trans("texts.new_recurring_invoice").'</a></li>';
+                if ($user->hasFeature(FEATURE_QUOTES)) {
                     $items[] = '<li class="divider"></li>';
                     $items[] = '<li><a href="'.URL::to('quotes').'">'.trans("texts.quotes").'</a></li>';
-                    if(Invoice::canCreate())$items[] = '<li><a href="'.URL::to('quotes/create').'">'.trans("texts.new_quote").'</a></li>';
+                    if($user->can('create', ENTITY_INVOICE))$items[] = '<li><a href="'.URL::to('quotes/create').'">'.trans("texts.new_quote").'</a></li>';
                 }
             } else if ($type == ENTITY_CLIENT) {
                 if(!empty($items))$items[] = '<li class="divider"></li>';
                 $items[] = '<li><a href="'.URL::to('credits').'">'.trans("texts.credits").'</a></li>';
-                if(Credit::canCreate())$items[] = '<li><a href="'.URL::to('credits/create').'">'.trans("texts.new_credit").'</a></li>';
+                if($user->can('create', ENTITY_CREDIT))$items[] = '<li><a href="'.URL::to('credits/create').'">'.trans("texts.new_credit").'</a></li>';
             } else if ($type == ENTITY_EXPENSE) {
 				if(!empty($items))$items[] = '<li class="divider"></li>';
                 $items[] = '<li><a href="'.URL::to('vendors').'">'.trans("texts.vendors").'</a></li>';
-                if(Vendor::canCreate())$items[] = '<li><a href="'.URL::to('vendors/create').'">'.trans("texts.new_vendor").'</a></li>';
+                if($user->can('create', ENTITY_VENDOR))$items[] = '<li><a href="'.URL::to('vendors/create').'">'.trans("texts.new_vendor").'</a></li>';
 			}
             
             if(!empty($items)){
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
new file mode 100644
index 000000000000..884c2587503d
--- /dev/null
+++ b/app/Providers/AuthServiceProvider.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace App\Providers;
+
+use Illuminate\Contracts\Auth\Access\Gate as GateContract;
+use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
+
+class AuthServiceProvider extends ServiceProvider
+{
+    /**
+     * The policy mappings for the application.
+     *
+     * @var array
+     */
+    protected $policies = [
+        \App\Models\Client::class => \App\Policies\ClientPolicy::class,
+        \App\Models\Credit::class => \App\Policies\CreditPolicy::class,
+        \App\Models\Document::class => \App\Policies\DocumentPolicy::class,
+        \App\Models\Expense::class => \App\Policies\ExpensePolicy::class,
+        \App\Models\Invoice::class => \App\Policies\InvoicePolicy::class,
+        \App\Models\Payment::class => \App\Policies\PaymentPolicy::class,
+        \App\Models\Task::class => \App\Policies\TaskPolicy::class,
+        \App\Models\Vendor::class => \App\Policies\VendorPolicy::class,
+    ];
+    
+    /**
+     * Register any application authentication / authorization services.
+     *
+     * @param  \Illuminate\Contracts\Auth\Access\Gate  $gate
+     * @return void
+     */
+    public function boot(GateContract $gate)
+    {
+        foreach (get_class_methods(new \App\Policies\GenericEntityPolicy) as $method) {
+            $gate->define($method, "App\Policies\GenericEntityPolicy@{$method}");
+        }
+        
+        $this->registerPolicies($gate);
+    }
+}
\ No newline at end of file
diff --git a/app/Services/BaseService.php b/app/Services/BaseService.php
index b68b06482a04..90a7359910c2 100644
--- a/app/Services/BaseService.php
+++ b/app/Services/BaseService.php
@@ -21,7 +21,7 @@ class BaseService
         $entities = $this->getRepo()->findByPublicIdsWithTrashed($ids);
 
         foreach ($entities as $entity) {
-            if($entity->canEdit()){
+            if(Auth::user()->can('edit', $entity)){
                 $this->getRepo()->$action($entity);
             }
         }
diff --git a/app/Services/ClientService.php b/app/Services/ClientService.php
index f7a7dac57edb..6f7383b0fced 100644
--- a/app/Services/ClientService.php
+++ b/app/Services/ClientService.php
@@ -101,13 +101,14 @@ class ClientService extends BaseService
                     return URL::to("clients/{$model->public_id}/edit");
                 },
                 function ($model) {
-                    return Client::canEditItem($model);
+                    return Auth::user()->can('editByOwner', [ENTITY_CLIENT, $model->user_id]);
                 }
             ],
             [
                 '--divider--', function(){return false;},
                 function ($model) {
-                    return Client::canEditItem($model) && (Task::canCreate() || Invoice::canCreate());
+                    $user = Auth::user();
+                    return $user->can('editByOwner', [ENTITY_CLIENT, $model->user_id]) && ($user->can('create', ENTITY_TASK) || $user->can('create', ENTITY_INVOICE));
                 }
             ],
             [
@@ -116,7 +117,7 @@ class ClientService extends BaseService
                     return URL::to("tasks/create/{$model->public_id}");
                 },
                 function ($model) {
-                    return Task::canCreate();
+                    return Auth::user()->can('create', ENTITY_TASK);
                 }
             ],
             [
@@ -125,7 +126,7 @@ class ClientService extends BaseService
                     return URL::to("invoices/create/{$model->public_id}");
                 },
                 function ($model) {
-                    return Invoice::canCreate();
+                    return Auth::user()->can('create', ENTITY_INVOICE);
                 }
             ],
             [
@@ -134,13 +135,14 @@ class ClientService extends BaseService
                     return URL::to("quotes/create/{$model->public_id}");
                 },
                 function ($model) {
-                    return Auth::user()->hasFeature(FEATURE_QUOTES) && Invoice::canCreate();
+                    return Auth::user()->hasFeature(FEATURE_QUOTES) && Auth::user()->can('create', ENTITY_INVOICE);
                 }
             ],
             [
                 '--divider--', function(){return false;},
                 function ($model) {
-                    return (Task::canCreate() || Invoice::canCreate()) && (Payment::canCreate() || Credit::canCreate() || Expense::canCreate());
+                    $user = Auth::user();
+                    return ($user->can('create', ENTITY_TASK) || $user->can('create', ENTITY_INVOICE)) && ($user->can('create', ENTITY_PAYMENT) || $user->can('create', ENTITY_CREDIT) || $user->can('create', ENTITY_EXPENSE));
                 }
             ],
             [
@@ -149,7 +151,7 @@ class ClientService extends BaseService
                     return URL::to("payments/create/{$model->public_id}");
                 },
                 function ($model) {
-                    return Payment::canCreate();
+                    return Auth::user()->can('create', ENTITY_PAYMENT);
                 }
             ],
             [
@@ -158,7 +160,7 @@ class ClientService extends BaseService
                     return URL::to("credits/create/{$model->public_id}");
                 },
                 function ($model) {
-                    return Credit::canCreate();
+                    return Auth::user()->can('create', ENTITY_CREDIT);
                 }
             ],
             [
@@ -167,7 +169,7 @@ class ClientService extends BaseService
                     return URL::to("expenses/create/0/{$model->public_id}");
                 },
                 function ($model) {
-                    return Expense::canCreate();
+                    return Auth::user()->can('create', ENTITY_EXPENSE);
                 }
             ]
         ];
diff --git a/app/Services/CreditService.php b/app/Services/CreditService.php
index 2e9220ad0544..54ef659f05f9 100644
--- a/app/Services/CreditService.php
+++ b/app/Services/CreditService.php
@@ -47,7 +47,7 @@ class CreditService extends BaseService
             [
                 'client_name',
                 function ($model) {
-                    if(!Client::canViewItemByOwner($model->client_user_id)){
+                    if(!Auth::user()->can('viewByOwner', [ENTITY_CLIENT, $model->client_user_id])){
                         return Utils::getClientDisplayName($model);
                     }
                     
@@ -91,7 +91,7 @@ class CreditService extends BaseService
                     return URL::to("payments/create/{$model->client_public_id}") . '?paymentTypeId=1';
                 },
                 function ($model) {
-                    return Payment::canCreate();
+                    return Auth::user()->can('create', ENTITY_PAYMENT);
                 }
             ]
         ];
diff --git a/app/Services/ExpenseService.php b/app/Services/ExpenseService.php
index b574aa9983b8..afec1e4f9950 100644
--- a/app/Services/ExpenseService.php
+++ b/app/Services/ExpenseService.php
@@ -70,7 +70,7 @@ class ExpenseService extends BaseService
                 function ($model)
                 {
                     if ($model->vendor_public_id) {
-                        if(!Vendor::canViewItemByOwner($model->vendor_user_id)){
+                        if(!Auth::user()->can('viewByOwner', [ENTITY_VENDOR, $model->vendor_user_id])){
                             return $model->vendor_name;
                         }
                         
@@ -85,7 +85,7 @@ class ExpenseService extends BaseService
                 function ($model)
                 {
                     if ($model->client_public_id) {
-                        if(!Client::canViewItemByOwner($model->client_user_id)){
+                        if(!Auth::user()->can('viewByOwner', [ENTITY_CLIENT, $model->client_user_id])){
                             return Utils::getClientDisplayName($model);
                         }
                         
@@ -98,7 +98,7 @@ class ExpenseService extends BaseService
             [
                 'expense_date',
                 function ($model) {
-                    if(!Expense::canEditItemByOwner($model->user_id)){
+                    if(!Auth::user()->can('editByOwner', [ENTITY_EXPENSE, $model->user_id])){
                         return Utils::fromSqlDate($model->expense_date);
                     }
                     
@@ -172,7 +172,7 @@ class ExpenseService extends BaseService
                     return URL::to("expenses/{$model->public_id}/edit") ;
                 },
                 function ($model) {
-                    return Expense::canEditItem($model);
+                    return Auth::user()->can('editByOwner', [ENTITY_EXPENSE, $model->user_id]);
                 }
             ],
             [
@@ -181,7 +181,7 @@ class ExpenseService extends BaseService
                     return URL::to("/invoices/{$model->invoice_public_id}/edit");
                 },
                 function ($model) {
-                    return $model->invoice_public_id && Invoice::canEditItemByOwner($model->invoice_user_id);
+                    return $model->invoice_public_id && Auth::user()->can('editByOwner', [ENTITY_INVOICE, $model->invoice_user_id]);
                 }
             ],
             [
@@ -190,7 +190,7 @@ class ExpenseService extends BaseService
                     return "javascript:invoiceEntity({$model->public_id})";
                 },
                 function ($model) {
-                    return ! $model->invoice_id && (!$model->deleted_at || $model->deleted_at == '0000-00-00') && Invoice::canCreate();
+                    return ! $model->invoice_id && (!$model->deleted_at || $model->deleted_at == '0000-00-00') && Auth::user()->can('create', ENTITY_INVOICE);
                 }
             ],
         ];
diff --git a/app/Services/InvoiceService.php b/app/Services/InvoiceService.php
index 9222e794dc17..66442ac0a31b 100644
--- a/app/Services/InvoiceService.php
+++ b/app/Services/InvoiceService.php
@@ -37,9 +37,9 @@ class InvoiceService extends BaseService
             if( ! $canSaveClient){
                 $clientPublicId = array_get($data, 'client.public_id') ?: array_get($data, 'client.id'); 
                 if (empty($clientPublicId) || $clientPublicId == '-1') {
-                    $canSaveClient = Client::canCreate();
+                    $canSaveClient = Auth::user()->can('create', ENTITY_CLIENT);
                 } else {
-                    $canSaveClient = Client::scope($clientPublicId)->first()->canEdit();
+                    $canSaveClient = Auth::user()->can('edit', Client::scope($clientPublicId)->first());
                 }
             }
             
@@ -137,7 +137,7 @@ class InvoiceService extends BaseService
             [
                 'invoice_number',
                 function ($model) use ($entityType) {
-                    if(!Invoice::canEditItem($model)){
+                    if(!Auth::user()->can('editByOwner', [ENTITY_INVOICE, $model->user_id])){
                         return $model->invoice_number;
                     }
                     
@@ -147,7 +147,7 @@ class InvoiceService extends BaseService
             [
                 'client_name',
                 function ($model) {
-                    if(!Client::canViewItemByOwner($model->client_user_id)){
+                    if(!Auth::user()->can('viewByOwner', [ENTITY_CLIENT, $model->client_user_id])){
                         return Utils::getClientDisplayName($model);
                     }
                     return link_to("clients/{$model->client_public_id}", Utils::getClientDisplayName($model))->toHtml();
@@ -202,7 +202,7 @@ class InvoiceService extends BaseService
                     return URL::to("{$entityType}s/{$model->public_id}/edit");
                 },
                 function ($model) {
-                    return Invoice::canEditItem($model);
+                    return Auth::user()->can('editByOwner', [ENTITY_INVOICE, $model->user_id]);
                 }
             ],
             [
@@ -211,7 +211,7 @@ class InvoiceService extends BaseService
                     return URL::to("{$entityType}s/{$model->public_id}/clone");
                 },
                 function ($model) {
-                    return Invoice::canCreate();
+                    return Auth::user()->can('create', ENTITY_INVOICE);
                 }
             ],
             [
@@ -223,7 +223,7 @@ class InvoiceService extends BaseService
             [
                 '--divider--', function(){return false;},
                 function ($model) {
-                    return Invoice::canEditItem($model) || Payment::canCreate();
+                    return Auth::user()->can('editByOwner', [ENTITY_INVOICE, $model->user_id]) || Auth::user()->can('create', ENTITY_PAYMENT);
                 }
             ],
             [
@@ -232,7 +232,7 @@ class InvoiceService extends BaseService
                     return "javascript:markEntity({$model->public_id})";
                 },
                 function ($model) {
-                    return $model->invoice_status_id < INVOICE_STATUS_SENT && Invoice::canEditItem($model);
+                    return $model->invoice_status_id < INVOICE_STATUS_SENT && Auth::user()->can('editByOwner', [ENTITY_INVOICE, $model->user_id]);
                 }
             ],
             [
@@ -241,7 +241,7 @@ class InvoiceService extends BaseService
                     return URL::to("payments/create/{$model->client_public_id}/{$model->public_id}");
                 },
                 function ($model) use ($entityType) {
-                    return $entityType == ENTITY_INVOICE && $model->balance > 0 && Payment::canCreate();
+                    return $entityType == ENTITY_INVOICE && $model->balance > 0 && Auth::user()->can('create', ENTITY_PAYMENT);
                 }
             ],
             [
@@ -250,7 +250,7 @@ class InvoiceService extends BaseService
                     return URL::to("quotes/{$model->quote_id}/edit");
                 },
                 function ($model) use ($entityType) {
-                    return $entityType == ENTITY_INVOICE && $model->quote_id && Invoice::canEditItem($model);
+                    return $entityType == ENTITY_INVOICE && $model->quote_id && Auth::user()->can('editByOwner', [ENTITY_INVOICE, $model->user_id]);
                 }
             ],
             [
@@ -259,7 +259,7 @@ class InvoiceService extends BaseService
                     return URL::to("invoices/{$model->quote_invoice_id}/edit");
                 },
                 function ($model) use ($entityType) {
-                    return $entityType == ENTITY_QUOTE && $model->quote_invoice_id && Invoice::canEditItem($model);
+                    return $entityType == ENTITY_QUOTE && $model->quote_invoice_id && Auth::user()->can('editByOwner', [ENTITY_INVOICE, $model->user_id]);
                 }
             ],
             [
@@ -268,7 +268,7 @@ class InvoiceService extends BaseService
                     return "javascript:convertEntity({$model->public_id})";
                 },
                 function ($model) use ($entityType) {
-                    return $entityType == ENTITY_QUOTE && ! $model->quote_invoice_id && Invoice::canEditItem($model);
+                    return $entityType == ENTITY_QUOTE && ! $model->quote_invoice_id && Auth::user()->can('editByOwner', [ENTITY_INVOICE, $model->user_id]);
                 }
             ]
         ];
diff --git a/app/Services/PaymentService.php b/app/Services/PaymentService.php
index 858a175f8954..9b325bd4e447 100644
--- a/app/Services/PaymentService.php
+++ b/app/Services/PaymentService.php
@@ -338,7 +338,7 @@ class PaymentService extends BaseService
             [
                 'invoice_number',
                 function ($model) {
-                    if(!Invoice::canEditItemByOwner($model->invoice_user_id)){
+                    if(!Auth::user()->can('editByOwner', [ENTITY_INVOICE, $model->invoice_user_id])){
                         return $model->invoice_number;
                     }
                     
@@ -348,7 +348,7 @@ class PaymentService extends BaseService
             [
                 'client_name',
                 function ($model) {
-                    if(!Client::canViewItemByOwner($model->client_user_id)){
+                    if(!Auth::user()->can('viewByOwner', [ENTITY_CLIENT, $model->client_user_id])){
                         return Utils::getClientDisplayName($model);
                     }
                     
@@ -392,7 +392,7 @@ class PaymentService extends BaseService
                     return URL::to("payments/{$model->public_id}/edit");
                 },
                 function ($model) {
-                    return Payment::canEditItem($model);
+                    return Auth::user()->can('editByOwner', [ENTITY_PAYMENT, $model->user_id]);
                 }
             ]
         ];
diff --git a/app/Services/RecurringInvoiceService.php b/app/Services/RecurringInvoiceService.php
index 2786ccfc6869..b003455abd6a 100644
--- a/app/Services/RecurringInvoiceService.php
+++ b/app/Services/RecurringInvoiceService.php
@@ -74,7 +74,7 @@ class RecurringInvoiceService extends BaseService
                     return URL::to("invoices/{$model->public_id}/edit");
                 },
                 function ($model) {
-                    return Invoice::canEditItem($model);
+                    return Auth::user()->can('editByOwner', [ENTITY_INVOICE, $model->user_id]);
                 }
             ]
         ];
diff --git a/app/Services/TaskService.php b/app/Services/TaskService.php
index 70e7e22c7c88..e07793b2f85c 100644
--- a/app/Services/TaskService.php
+++ b/app/Services/TaskService.php
@@ -49,7 +49,7 @@ class TaskService extends BaseService
             [
                 'client_name',
                 function ($model) {
-                    if(!Client::canViewItemByOwner($model->client_user_id)){
+                    if(!Auth::user()->can('viewByOwner', [ENTITY_CLIENT, $model->client_user_id])){
                         return Utils::getClientDisplayName($model);
                     }
                     
@@ -93,7 +93,7 @@ class TaskService extends BaseService
                     return URL::to('tasks/'.$model->public_id.'/edit');
                 },
                 function ($model) {
-                    return (!$model->deleted_at || $model->deleted_at == '0000-00-00') && Task::canEditItem($model);
+                    return (!$model->deleted_at || $model->deleted_at == '0000-00-00') && Auth::user()->can('editByOwner', [ENTITY_TASK, $model->user_id]);
                 }
             ],
             [
@@ -102,7 +102,7 @@ class TaskService extends BaseService
                     return URL::to("/invoices/{$model->invoice_public_id}/edit");
                 },
                 function ($model) {
-                    return $model->invoice_number && Invoice::canEditItemByOwner($model->invoice_user_id);
+                    return $model->invoice_number && Auth::user()->can('editByOwner', [ENTITY_INVOICE, $model->invoice_user_id]);
                 }
             ],
             [
@@ -111,7 +111,7 @@ class TaskService extends BaseService
                     return "javascript:stopTask({$model->public_id})";
                 },
                 function ($model) {
-                    return $model->is_running && Task::canEditItem($model);
+                    return $model->is_running && Auth::user()->can('editByOwner', [ENTITY_TASK, $model->user_id]);
                 }
             ],
             [
@@ -120,7 +120,7 @@ class TaskService extends BaseService
                     return "javascript:invoiceEntity({$model->public_id})";
                 },
                 function ($model) {
-                    return ! $model->invoice_number && (!$model->deleted_at || $model->deleted_at == '0000-00-00') && Invoice::canCreate();
+                    return ! $model->invoice_number && (!$model->deleted_at || $model->deleted_at == '0000-00-00') && Auth::user()->can('create', ENTITY_INVOICE);
                 }
             ]
         ];
diff --git a/app/Services/VendorService.php b/app/Services/VendorService.php
index 1118f23c5356..6022507b452e 100644
--- a/app/Services/VendorService.php
+++ b/app/Services/VendorService.php
@@ -91,13 +91,13 @@ class VendorService extends BaseService
                     return URL::to("vendors/{$model->public_id}/edit");
                 },
                 function ($model) {
-                    return Vendor::canEditItem($model);
+                    return Auth::user()->can('editByOwner', [ENTITY_VENDOR, $model->user_id]);
                 }
             ],
             [
                 '--divider--', function(){return false;},
                 function ($model) {
-                    return Vendor::canEditItem($model) && Expense::canCreate();
+                    return Auth::user()->can('editByOwner', [ENTITY_VENDOR, $model->user_id]) && Auth::user()->can('create', ENTITY_EXPENSE);
                 }
                 
             ],
@@ -107,7 +107,7 @@ class VendorService extends BaseService
                     return URL::to("expenses/create/{$model->public_id}");
                 },
                 function ($model) {
-                    return Expense::canCreate();
+                    return Auth::user()->can('create', ENTITY_EXPENSE);
                 }
             ]
         ];
diff --git a/config/app.php b/config/app.php
index c86362a9afea..4a75f65f9e5f 100644
--- a/config/app.php
+++ b/config/app.php
@@ -157,6 +157,7 @@ return [
         /*
          * Application Service Providers...
          */
+        'App\Providers\AuthServiceProvider',
         'App\Providers\AppServiceProvider',
         //'App\Providers\BusServiceProvider',
         'App\Providers\ConfigServiceProvider',
@@ -194,6 +195,7 @@ return [
         'Eloquent'        => 'Illuminate\Database\Eloquent\Model',
         'Event'           => 'Illuminate\Support\Facades\Event',
         'File'            => 'Illuminate\Support\Facades\File',
+        'Gate'            => 'Illuminate\Support\Facades\Gate',
         'Hash'            => 'Illuminate\Support\Facades\Hash',
         'Input'           => 'Illuminate\Support\Facades\Input',
         'Lang'            => 'Illuminate\Support\Facades\Lang',
diff --git a/resources/lang/da/texts.php b/resources/lang/da/texts.php
index ffc74871cde0..2b9e21c2415a 100644
--- a/resources/lang/da/texts.php
+++ b/resources/lang/da/texts.php
@@ -493,7 +493,7 @@ return array(
     'invoice_history' => 'Faktura historik',
     'quote_history' => 'Tilbuds historik',
     'current_version' => 'Nuværende version',
-    'select_versiony' => 'Vælg version',
+    'select_version' => 'Vælg version',
     'view_history' => 'Vis historik',
 
     'edit_payment' => 'Redigér betaling',
diff --git a/resources/lang/de/texts.php b/resources/lang/de/texts.php
index 08ffaf7b8a0b..c41dae9d08e2 100644
--- a/resources/lang/de/texts.php
+++ b/resources/lang/de/texts.php
@@ -493,7 +493,7 @@ return array(
     'invoice_history' => 'Rechnungshistorie',
     'quote_history' => 'Angebotshistorie',
     'current_version' => 'Aktuelle Version',
-    'select_versiony' => 'Version auswählen',
+    'select_version' => 'Version auswählen',
     'view_history' => 'Historie anzeigen',
 
     'edit_payment' => 'Zahlung bearbeiten',
diff --git a/resources/lang/en/texts.php b/resources/lang/en/texts.php
index 37478c5d73e3..f101c79564e7 100644
--- a/resources/lang/en/texts.php
+++ b/resources/lang/en/texts.php
@@ -423,7 +423,7 @@ $LANG = array(
     'invoice_history' => 'Invoice History',
     'quote_history' => 'Quote History',
     'current_version' => 'Current version',
-    'select_versiony' => 'Select version',
+    'select_version' => 'Select version',
     'view_history' => 'View History',
     'edit_payment' => 'Edit Payment',
     'updated_payment' => 'Successfully updated payment',
diff --git a/resources/lang/es/texts.php b/resources/lang/es/texts.php
index 75bd1a75dae6..f5f68bc527f8 100644
--- a/resources/lang/es/texts.php
+++ b/resources/lang/es/texts.php
@@ -466,7 +466,7 @@ return array(
     'invoice_history' => 'Facturar Historial',
     'quote_history' => 'Cotizar Historial',
     'current_version' => 'Versión actual',
-    'select_versiony' => 'Seleccionar versión',
+    'select_version' => 'Seleccionar versión',
     'view_history' => 'Ver Historial',
 
     'edit_payment' => 'Editar Pago',
diff --git a/resources/lang/es_ES/texts.php b/resources/lang/es_ES/texts.php
index 25054072dac5..55c38f712352 100644
--- a/resources/lang/es_ES/texts.php
+++ b/resources/lang/es_ES/texts.php
@@ -486,7 +486,7 @@ return array(
     'invoice_history' => 'Historial de Facturas',
     'quote_history' => 'Historial de Presupuestos',
     'current_version' => 'Versión Actual',
-    'select_versiony' => 'Seleccione la Versión',
+    'select_version' => 'Seleccione la Versión',
     'view_history' => 'Ver Historial',
 
     'edit_payment' => 'Editar Pago',
diff --git a/resources/lang/fr/texts.php b/resources/lang/fr/texts.php
index 6cd75a9f0efa..215235a32413 100644
--- a/resources/lang/fr/texts.php
+++ b/resources/lang/fr/texts.php
@@ -486,7 +486,7 @@ return array(
     'invoice_history' => 'Historique des factures',
     'quote_history' => 'Historique des devis',
     'current_version' => 'Version courante',
-    'select_versiony' => 'Choix de la verison',
+    'select_version' => 'Choix de la verison',
     'view_history' => 'Consulter l\'historique',
 
     'edit_payment' => 'Editer le paiement',
diff --git a/resources/lang/fr_CA/texts.php b/resources/lang/fr_CA/texts.php
index c62227e45050..e6e4c79f0fe2 100644
--- a/resources/lang/fr_CA/texts.php
+++ b/resources/lang/fr_CA/texts.php
@@ -487,7 +487,7 @@ return array(
     'invoice_history' => 'Historique des factures',
     'quote_history' => 'Historique des soumissions',
     'current_version' => 'Version courante',
-    'select_versiony' => 'Choix de la verison',
+    'select_version' => 'Choix de la verison',
     'view_history' => 'Consulter l\'historique',
 
     'edit_payment' => 'Éditer le paiement',
diff --git a/resources/lang/it/texts.php b/resources/lang/it/texts.php
index 154b9f3e5d21..17d77d5d4881 100644
--- a/resources/lang/it/texts.php
+++ b/resources/lang/it/texts.php
@@ -489,7 +489,7 @@ return array(
     'invoice_history' => 'Invoice History',
     'quote_history' => 'Quote History',
     'current_version' => 'Current version',
-    'select_versiony' => 'Select version',
+    'select_version' => 'Select version',
     'view_history' => 'View History',
 
     'edit_payment' => 'Edit Payment',
diff --git a/resources/lang/ja/texts.php b/resources/lang/ja/texts.php
index 7e673ac11d33..1bfa46e4749a 100644
--- a/resources/lang/ja/texts.php
+++ b/resources/lang/ja/texts.php
@@ -424,7 +424,7 @@ $LANG = array(
     'invoice_history' => '請求履歴',
     'quote_history' => '見積履歴',
     'current_version' => '現在のバージョン',
-    'select_versiony' => 'バージョンを選択',
+    'select_version' => 'バージョンを選択',
     'view_history' => '履歴を閲覧',
     'edit_payment' => '支払いを編集',
     'updated_payment' => '支払いを更新しました',
diff --git a/resources/lang/lt/texts.php b/resources/lang/lt/texts.php
index 252a7f03bd9c..dc6c18154c6c 100644
--- a/resources/lang/lt/texts.php
+++ b/resources/lang/lt/texts.php
@@ -497,7 +497,7 @@ return array(
     'invoice_history' => 'Invoice History',
     'quote_history' => 'Quote History',
     'current_version' => 'Current version',
-    'select_versiony' => 'Select version',
+    'select_version' => 'Select version',
     'view_history' => 'View History',
 
     'edit_payment' => 'Edit Payment',
diff --git a/resources/lang/nb_NO/texts.php b/resources/lang/nb_NO/texts.php
index df06d7a32547..d9b2158ac3a9 100644
--- a/resources/lang/nb_NO/texts.php
+++ b/resources/lang/nb_NO/texts.php
@@ -493,7 +493,7 @@ return array(
     'invoice_history' => 'Faktura Historikk',
     'quote_history' => 'Tilbuds Historikk',
     'current_version' => 'Nåværende versjon',
-    'select_versiony' => 'Velg versjon',
+    'select_version' => 'Velg versjon',
     'view_history' => 'Vis Historikk',
 
     'edit_payment' => 'Rediger Betaling',
diff --git a/resources/lang/nl/texts.php b/resources/lang/nl/texts.php
index 26c639245bb9..d3b0b045dfe3 100644
--- a/resources/lang/nl/texts.php
+++ b/resources/lang/nl/texts.php
@@ -489,7 +489,7 @@ return array(
     'invoice_history' => 'Factuurgeschiedenis',
     'quote_history' => 'Offertegeschiedenis',
     'current_version' => 'Huidige versie',
-    'select_versiony' => 'Selecteer versie',
+    'select_version' => 'Selecteer versie',
     'view_history' => 'Bekijk geschiedenis',
 
     'edit_payment' => 'Bewerk betaling',
diff --git a/resources/lang/pt_BR/texts.php b/resources/lang/pt_BR/texts.php
index 3b180e93d6ad..4db4e84b9fee 100644
--- a/resources/lang/pt_BR/texts.php
+++ b/resources/lang/pt_BR/texts.php
@@ -487,7 +487,7 @@ return array(
     'invoice_history' => 'Histórico de Faturas',
     'quote_history' => 'Histórico de Orçamentos',
     'current_version' => 'Versão Atual',
-    'select_versiony' => 'Selecionar versão',
+    'select_version' => 'Selecionar versão',
     'view_history' => 'Visualizar Histórico',
 
     'edit_payment' => 'Editar Pagamento',
diff --git a/resources/lang/sv/texts.php b/resources/lang/sv/texts.php
index 050076bd6e3e..745313fd14fd 100644
--- a/resources/lang/sv/texts.php
+++ b/resources/lang/sv/texts.php
@@ -492,7 +492,7 @@ return array(
     'invoice_history' => 'Fakturahistorik',
     'quote_history' => 'Offerthistorik',
     'current_version' => 'Nuvarande version',
-    'select_versiony' => 'Välj version',
+    'select_version' => 'Välj version',
     'view_history' => 'Visa historik',
 
     'edit_payment' => 'Ändra betalning',
diff --git a/resources/views/accounts/api_tokens.blade.php b/resources/views/accounts/api_tokens.blade.php
index 9c328e6b2643..49029bf8d2b3 100644
--- a/resources/views/accounts/api_tokens.blade.php
+++ b/resources/views/accounts/api_tokens.blade.php
@@ -6,7 +6,7 @@
 
   <div class="pull-right">
   {!! Button::normal(trans('texts.documentation'))->asLinkTo(NINJA_WEB_URL.'/api-documentation/')->withAttributes(['target' => '_blank'])->appendIcon(Icon::create('info-sign')) !!}
-  @if (Utils::isNinja())  
+  @if (Utils::isNinja() && !Utils::isReseller())  
     {!! Button::normal(trans('texts.zapier'))->asLinkTo(ZAPIER_URL)->withAttributes(['target' => '_blank']) !!}
   @endif
   @if (Utils::hasFeature(FEATURE_API))
diff --git a/resources/views/clients/show.blade.php b/resources/views/clients/show.blade.php
index 0e434b3d07d4..3b1a0c09d52b 100644
--- a/resources/views/clients/show.blade.php
+++ b/resources/views/clients/show.blade.php
@@ -43,11 +43,11 @@
                 @endif
 
                 @if ($client->trashed())
-                    @if ($client->canEdit())
+                    @can('edit', $client)
                         {!! Button::primary(trans('texts.restore_client'))->withAttributes(['onclick' => 'onRestoreClick()']) !!}
-                    @endif
+                    @endcan
                 @else
-                    @if ($client->canEdit())
+                    @can('edit', $client)
                     {!! DropdownButton::normal(trans('texts.edit_client'))
                         ->withAttributes(['class'=>'normalDropDown'])
                         ->withContents([
@@ -55,12 +55,12 @@
                           ['label' => trans('texts.delete_client'), 'url' => "javascript:onDeleteClick()"],
                         ]
                       )->split() !!}
-                    @endif
-                    @if (\App\Models\Invoice::canCreate())
+                    @endcan
+                    @can('create', ENTITY_INVOICE)
                         {!! DropdownButton::primary(trans('texts.new_invoice'))
                                 ->withAttributes(['class'=>'primaryDropDown'])
                                 ->withContents($actionLinks)->split() !!}
-                    @endif
+                    @endcan
                 @endif
               {!! Former::close() !!}
 
diff --git a/resources/views/dashboard.blade.php b/resources/views/dashboard.blade.php
index d65b8290a597..bc1d2bb6e862 100644
--- a/resources/views/dashboard.blade.php
+++ b/resources/views/dashboard.blade.php
@@ -116,11 +116,11 @@
                         @foreach ($payments as $payment)
                         <tr>
                             <td>{!! \App\Models\Invoice::calcLink($payment) !!}</td>
-                            @if (\App\Models\Client::canViewItemByOwner($payment->client_user_id))
+                            @can('viewByOwner', [ENTITY_CLIENT, $payment->client_user_id])
                                 <td>{!! link_to('/clients/'.$payment->client_public_id, trim($payment->client_name) ?: (trim($payment->first_name . ' ' . $payment->last_name) ?: $payment->email)) !!}</td>
                             @else
                                 <td>{{ trim($payment->client_name) ?: (trim($payment->first_name . ' ' . $payment->last_name) ?: $payment->email) }}</td>
-                            @endif
+                            @endcan
                             <td>{{ Utils::fromSqlDate($payment->payment_date) }}</td>
                             <td>{{ Utils::formatMoney($payment->amount, $payment->currency_id ?: ($account->currency_id ?: DEFAULT_CURRENCY)) }}</td>
                         </tr>
@@ -153,11 +153,11 @@
                             @if (!$invoice->is_quote)
                                 <tr>
                                     <td>{!! \App\Models\Invoice::calcLink($invoice) !!}</td>
-                                    @if (\App\Models\Client::canViewItemByOwner($invoice->client_user_id))
+                                    @can('viewByOwner', [ENTITY_CLIENT, $invoice->client_user_id])
                                         <td>{!! link_to('/clients/'.$invoice->client_public_id, trim($invoice->client_name) ?: (trim($invoice->first_name . ' ' . $invoice->last_name) ?: $invoice->email)) !!}</td>
                                     @else
                                         <td>{{ trim($invoice->client_name) ?: (trim($invoice->first_name . ' ' . $invoice->last_name) ?: $invoice->email) }}</td>
-                                    @endif
+                                    @endcan
                                     <td>{{ Utils::fromSqlDate($invoice->due_date) }}</td>
                                     <td>{{ Utils::formatMoney($invoice->balance, $invoice->currency_id ?: ($account->currency_id ?: DEFAULT_CURRENCY)) }}</td>
                                 </tr>
@@ -188,11 +188,11 @@
                             @if (!$invoice->is_quote)
                                 <tr>
                                     <td>{!! \App\Models\Invoice::calcLink($invoice) !!}</td>
-                                    @if (\App\Models\Client::canViewItemByOwner($invoice->client_user_id))
+                                    @can('viewByOwner', [ENTITY_CLIENT, $invoice->client_user_id])
                                         <td>{!! link_to('/clients/'.$invoice->client_public_id, trim($invoice->client_name) ?: (trim($invoice->first_name . ' ' . $invoice->last_name) ?: $invoice->email)) !!}</td>
                                     @else
                                         <td>{{ trim($invoice->client_name) ?: (trim($invoice->first_name . ' ' . $invoice->last_name) ?: $invoice->email) }}</td>
-                                    @endif
+                                    @endcan
                                     <td>{{ Utils::fromSqlDate($invoice->due_date) }}</td>
                                     <td>{{ Utils::formatMoney($invoice->balance, $invoice->currency_id ?: ($account->currency_id ?: DEFAULT_CURRENCY)) }}</td>
                                 </tr>
diff --git a/resources/views/invoices/edit.blade.php b/resources/views/invoices/edit.blade.php
index 823e9765f09d..0889f16ee11e 100644
--- a/resources/views/invoices/edit.blade.php
+++ b/resources/views/invoices/edit.blade.php
@@ -75,12 +75,12 @@
 					<div class="col-lg-8 col-sm-8">
                         <h4><div data-bind="text: getClientDisplayName(ko.toJS(client()))"></div></h4>
                         
-                        @if($invoice->client->canView())
-                            @if ($invoice->client->canEdit())
+                        @can('view', $invoice->client)
+                            @can('edit', $invoice->client)
                                 <a id="editClientLink" class="pointer" data-bind="click: $root.showClientForm">{{ trans('texts.edit_client') }}</a> |
-                            @endif
+                            @endcan
                             {!! link_to('/clients/'.$invoice->client->public_id, trans('texts.view_client'), ['target' => '_blank']) !!}
-                        @endif
+                        @endcan
 					</div>
 				</div>
 				<div style="display:none">
diff --git a/resources/views/invoices/knockout.blade.php b/resources/views/invoices/knockout.blade.php
index 8fe4bcbcce80..cd4ad5f73d2b 100644
--- a/resources/views/invoices/knockout.blade.php
+++ b/resources/views/invoices/knockout.blade.php
@@ -460,7 +460,7 @@ function InvoiceModel(data) {
     });
 
     self.totals.rawPaidToDate = ko.computed(function() {
-        return accounting.toFixed(self.amount(),2) - accounting.toFixed(self.balance(),2);
+        return roundToTwo(accounting.toFixed(self.amount(),2) - accounting.toFixed(self.balance(),2));
     });
 
     self.totals.paidToDate = ko.computed(function() {
diff --git a/resources/views/list.blade.php b/resources/views/list.blade.php
index 8e8ba97116d7..2a267f0dae98 100644
--- a/resources/views/list.blade.php
+++ b/resources/views/list.blade.php
@@ -9,14 +9,14 @@
         {!! Former::text('public_id') !!}
 	</div>
 
-	@if (\App\Models\Invoice::canCreate())
+	@can('create', 'invoice')
 		@if ($entityType == ENTITY_TASK)
 			{!! Button::primary(trans('texts.invoice'))->withAttributes(['class'=>'invoice', 'onclick' =>'submitForm("invoice")'])->appendIcon(Icon::create('check')) !!}
 		@endif
 		@if ($entityType == ENTITY_EXPENSE)
 			{!! Button::primary(trans('texts.invoice'))->withAttributes(['class'=>'invoice', 'onclick' =>'submitForm("invoice")'])->appendIcon(Icon::create('check')) !!}
 		@endif
-	@endif
+	@endcan
 
 	{!! DropdownButton::normal(trans('texts.archive'))->withContents([
 		      ['label' => trans('texts.archive_'.$entityType), 'url' => 'javascript:submitForm("archive")'],