diff --git a/app/Models/Document.php b/app/Models/Document.php
index 0d822ea4d1..96051d9db1 100644
--- a/app/Models/Document.php
+++ b/app/Models/Document.php
@@ -2,6 +2,7 @@
 
 use Illuminate\Support\Facades\Storage;
 use DB;
+use Auth;
 
 class Document extends EntityModel
 {
@@ -221,6 +222,20 @@ class Document extends EntityModel
         
         return $document;
     }
+    
+    public static function canCreate(){
+        return true;
+    }
+    
+    public static function canViewItem($document){
+        if(Auth::user()->hasPermission('view_all'))return true;
+        if($document->expense){
+            if($document->expense->invoice)return $document->expense->invoice->canView();
+            return $document->expense->canView();
+        }
+        if($document->invoice)return $document->invoice->canView();
+        return Auth::user()->id == $item->user_id;
+    }
 }
 
 Document::deleted(function ($document) {
diff --git a/app/Ninja/Repositories/ExpenseRepository.php b/app/Ninja/Repositories/ExpenseRepository.php
index db39857bcf..046b4a1cb9 100644
--- a/app/Ninja/Repositories/ExpenseRepository.php
+++ b/app/Ninja/Repositories/ExpenseRepository.php
@@ -185,10 +185,8 @@ class ExpenseRepository extends BaseRepository
         
         foreach ($expense->documents as $document){
             if(!in_array($document->public_id, $document_ids)){
-                // Removed
-                if(!$checkSubPermissions || $document->canEdit()){
-                    $document->delete();
-                }
+                // Not checking permissions; deleting a document is just editing the invoice
+                $document->delete();
             }
         }
         
diff --git a/app/Ninja/Repositories/InvoiceRepository.php b/app/Ninja/Repositories/InvoiceRepository.php
index 686f9573d1..f78815c27e 100644
--- a/app/Ninja/Repositories/InvoiceRepository.php
+++ b/app/Ninja/Repositories/InvoiceRepository.php
@@ -442,11 +442,10 @@ class InvoiceRepository extends BaseRepository
         foreach ($invoice->documents as $document){
             if(!in_array($document->public_id, $document_ids)){
                 // Removed
-                if(!$checkSubPermissions || $document->canEdit()){
-                    if($document->invoice_id == $invoice->id){
-                        // Make sure the document isn't on a clone
-                        $document->delete();
-                    }
+                // Not checking permissions; deleting a document is just editing the invoice
+                if($document->invoice_id == $invoice->id){
+                    // Make sure the document isn't on a clone
+                    $document->delete();
                 }
             }
         }