diff --git a/VERSION.txt b/VERSION.txt
index 02cc04aa1b..8444e431a7 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-5.5.61
\ No newline at end of file
+5.5.62
\ No newline at end of file
diff --git a/app/Models/User.php b/app/Models/User.php
index 28529ad759..7ece8fd655 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -358,7 +358,7 @@ class User extends Authenticatable implements MustVerifyEmail
     public function hasPermission($permission) : bool
     {
         $parts = explode('_', $permission);
-        $all_permission = false;
+        $all_permission = '____';
 
         if (count($parts) > 1) {
             $all_permission = $parts[0].'_all';
@@ -366,8 +366,8 @@ class User extends Authenticatable implements MustVerifyEmail
 
         return  $this->isOwner() ||
                 $this->isAdmin() ||
-                (stripos($all_permission, $this->token()->cu->permissions) !== false) ||
-                (stripos($permission,  $this->token()->cu->permissions) !== false);
+                (stripos($this->token()->cu->permissions, $all_permission) !== false) ||
+                (stripos($this->token()->cu->permissions, $permission) !== false);
 
         // return  $this->isOwner() ||
         //         $this->isAdmin() ||
diff --git a/config/ninja.php b/config/ninja.php
index d6f71c5cb7..e095532bd1 100644
--- a/config/ninja.php
+++ b/config/ninja.php
@@ -14,8 +14,8 @@ return [
     'require_https' => env('REQUIRE_HTTPS', true),
     'app_url' => rtrim(env('APP_URL', ''), '/'),
     'app_domain' => env('APP_DOMAIN', 'invoicing.co'),
-    'app_version' => '5.5.61',
-    'app_tag' => '5.5.61',
+    'app_version' => '5.5.62',
+    'app_tag' => '5.5.62',
     'minimum_client_version' => '5.0.16',
     'terms_version' => '1.0.1',
     'api_secret' => env('API_SECRET', ''),
diff --git a/tests/Unit/PermissionsTest.php b/tests/Unit/PermissionsTest.php
index d30d944fe3..484a65dc1d 100644
--- a/tests/Unit/PermissionsTest.php
+++ b/tests/Unit/PermissionsTest.php
@@ -79,6 +79,20 @@ class PermissionsTest extends TestCase
 
     }
 
+    public function testViewClientPermission()
+    {
+
+        $low_cu = CompanyUser::where(['company_id' => $this->company->id, 'user_id' => $this->user->id])->first();
+        $low_cu->permissions = '["view_client"]';
+        $low_cu->save();
+
+        $this->assertFalse($this->user->hasPermission("viewclient"));
+
+        // this is aberrant
+        $this->assertFalse($this->user->hasPermission("view____client"));
+
+    }
+
     public function testPermissionResolution()
     {
         $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(Invoice::class)));
@@ -162,7 +176,6 @@ class PermissionsTest extends TestCase
     public function testReturnTypesOfStripos()
     {
 
-
         $this->assertEquals(0, stripos("view_client", ''));
 
         $all_permission = '[]';
@@ -193,17 +206,7 @@ class PermissionsTest extends TestCase
 
     }
 
-    public function testViewClientPermission()
-    {
 
-        $low_cu = CompanyUser::where(['company_id' => $this->company->id, 'user_id' => $this->user->id])->first();
-        $low_cu->permissions = '["view_client"]';
-        $low_cu->save();
-
-        // this is aberrant
-        $this->assertFalse($this->user->hasPermission("view____client"));
-
-    }
 
 }