diff --git a/app/Http/Controllers/Settings/Settings.php b/app/Http/Controllers/Settings/Settings.php
index 6f16c45e9..75b4e6c5e 100644
--- a/app/Http/Controllers/Settings/Settings.php
+++ b/app/Http/Controllers/Settings/Settings.php
@@ -54,7 +54,9 @@ class Settings extends Controller
         $settings = [];
 
         foreach ($modules->settings as $alias => $setting) {
-            if (!user()->can('read-' . $alias . '-settings')) {
+            $permission = !empty($setting['permission']) ? $setting['permission'] : 'read-' . $alias . '-settings';
+
+            if (!user()->can($permission)) {
                 continue;
             }
 
diff --git a/app/Http/Requests/Portal/InvoiceShow.php b/app/Http/Requests/Portal/InvoiceShow.php
index 063821d83..73c528181 100644
--- a/app/Http/Requests/Portal/InvoiceShow.php
+++ b/app/Http/Requests/Portal/InvoiceShow.php
@@ -13,6 +13,10 @@ class InvoiceShow extends FormRequest
      */
     public function authorize()
     {
+        if (auth()->guest()) {
+            return true;
+        }
+
         return $this->invoice->contact_id == user()->contact->id;
     }