Add missing authorization for InvoicesController

app/controllers/concerns/auth.rb

@@ -62,6 +62,7 @@ module Concerns::Auth
       when 'pickups'             then current_user.role_pickups?
       when 'suppliers'           then current_user.role_suppliers?
       when 'orders'              then current_user.role_orders?
+      when 'finance_or_invoices' then (current_user.role_finance? || current_user.role_invoices?)
       when 'finance_or_orders'   then (current_user.role_finance? || current_user.role_orders?)
       when 'pickups_or_orders'   then (current_user.role_pickups? || current_user.role_orders?)
       when 'any'                 then true  # no role required
@@ -99,6 +100,10 @@ module Concerns::Auth
     authenticate('orders')
   end
 
+  def authenticate_finance_or_invoices
+    authenticate('finance_or_invoices')
+  end
+
   def authenticate_finance_or_orders
     authenticate('finance_or_orders')
   end

app/controllers/finance/invoices_controller.rb

@@ -1,4 +1,5 @@
 class Finance::InvoicesController < ApplicationController
+  before_action :authenticate_finance_or_invoices
 
   before_action :find_invoice, only: [:show, :edit, :update, :destroy]
   before_action :ensure_can_edit, only: [:edit, :update, :destroy]