diff --git a/app/Http/Controllers/Common/Uploads.php b/app/Http/Controllers/Common/Uploads.php
index 06c1213f0..98274b149 100644
--- a/app/Http/Controllers/Common/Uploads.php
+++ b/app/Http/Controllers/Common/Uploads.php
@@ -28,6 +28,55 @@ class Uploads extends Controller
         return response()->file($path);
     }
 
+    /**
+     * Get the specified resource.
+     *
+     * @param  $id
+     * @return mixed
+     */
+    public function show($id, Request $request)
+    {
+        $file = false;
+        $options = false;
+        $column_name = 'attachment';
+
+        if ($request->has('column_name')) {
+            $column_name = $request->get('column_name');
+        }
+
+        if ($request->has('page')) {
+            $options = [
+                'page' => $request->get('page'),
+                'key' => $request->get('key'),
+            ];
+        }
+
+        $media = Media::find($id);
+
+        // Get file path
+        if (!$path = $this->getPath($media)) {
+            return response()->json([
+                'success' => false,
+                'error'   => true,
+                'data'    => [],
+                'message' => 'null',
+                'html'    => '',
+            ]);
+        }
+
+        $file = $media;
+
+        $html = view('partials.media.file', compact('file', 'column_name', 'options'))->render();
+
+        return response()->json([
+            'success' => true,
+            'error'   => false,
+            'data'    => [],
+            'message' => 'null',
+            'html'    => $html,
+        ]);
+    }
+
     /**
      * Download the specified resource.
      *
diff --git a/app/Listeners/Updates/V13/Version1311.php b/app/Listeners/Updates/V13/Version1311.php
new file mode 100644
index 000000000..114165eb8
--- /dev/null
+++ b/app/Listeners/Updates/V13/Version1311.php
@@ -0,0 +1,62 @@
+<?php
+
+namespace App\Listeners\Updates\V13;
+
+use App\Events\UpdateFinished;
+use App\Listeners\Updates\Listener;
+use App\Models\Auth\Role;
+use App\Models\Auth\Permission;
+use Artisan;
+
+class Version1311 extends Listener
+{
+    const ALIAS = 'core';
+
+    const VERSION = '1.3.11';
+
+    /**
+     * Handle the event.
+     *
+     * @param  $event
+     * @return void
+     */
+    public function handle(UpdateFinished $event)
+    {
+        // Check if should listen
+        if (!$this->check($event)) {
+            return;
+        }
+
+        $this->updatePermissions();
+
+        // Update database
+        Artisan::call('migrate', ['--force' => true]);
+    }
+
+    protected function updatePermissions()
+    {
+        $permissions = [];
+
+        // Common Uploads
+        $permissions[] = Permission::firstOrCreate([
+            'name' => 'read-common-uploads',
+            'display_name' => 'Read Common Uploads',
+            'description' => 'Read Common Uploads',
+        ]);
+
+        // Attach permission to roles
+        $roles = Role::all();
+
+        foreach ($roles as $role) {
+            $allowed = ['admin', 'manager'];
+
+            if (!in_array($role->name, $allowed)) {
+                continue;
+            }
+
+            foreach ($permissions as $permission) {
+                $role->attachPermission($permission);
+            }
+        }
+    }
+}
diff --git a/app/Providers/EventServiceProvider.php b/app/Providers/EventServiceProvider.php
index 86267942b..b5732a2fa 100644
--- a/app/Providers/EventServiceProvider.php
+++ b/app/Providers/EventServiceProvider.php
@@ -33,6 +33,7 @@ class EventServiceProvider extends ServiceProvider
             'App\Listeners\Updates\V13\Version135',
             'App\Listeners\Updates\V13\Version138',
             'App\Listeners\Updates\V13\Version139',
+            'App\Listeners\Updates\V13\Version1311',
         ],
         'Illuminate\Auth\Events\Login' => [
             'App\Listeners\Auth\Login',
diff --git a/database/seeds/Roles.php b/database/seeds/Roles.php
index 088d369ac..3c7a0b8be 100644
--- a/database/seeds/Roles.php
+++ b/database/seeds/Roles.php
@@ -36,7 +36,7 @@ class Roles extends Seeder
                 'common-companies' => 'c,r,u,d',
                 'common-import' => 'c',
                 'common-items' => 'c,r,u,d',
-                'common-uploads' => 'd',
+                'common-uploads' => 'r,d',
                 'common-notifications' => 'c,r,u,d',
                 'incomes-invoices' => 'c,r,u,d',
                 'incomes-revenues' => 'c,r,u,d',
@@ -76,6 +76,7 @@ class Roles extends Seeder
                 'common-companies' => 'c,r,u,d',
                 'common-import' => 'c',
                 'common-items' => 'c,r,u,d',
+                'common-uploads' => 'r',
                 'common-notifications' => 'c,r,u,d',
                 'incomes-invoices' => 'c,r,u,d',
                 'incomes-revenues' => 'c,r,u,d',
diff --git a/public/css/app.css b/public/css/app.css
index df8840fd0..ea1fb1398 100644
--- a/public/css/app.css
+++ b/public/css/app.css
@@ -933,3 +933,14 @@ input[type="number"] {
 .table-report {
     overflow-x: auto !important;
 }
+
+.mailbox-attachment-file-name {
+    white-space: nowrap;
+    width: 100%;
+    overflow: hidden;
+    text-overflow: ellipsis;
+}
+
+.mailbox-attachment-download {
+    margin-right: 5px;
+}
diff --git a/resources/views/auth/users/edit.blade.php b/resources/views/auth/users/edit.blade.php
index 0b8bd9b5f..d2e081b6f 100644
--- a/resources/views/auth/users/edit.blade.php
+++ b/resources/views/auth/users/edit.blade.php
@@ -86,31 +86,30 @@
                 text  : '{{ trans('general.form.select.file') }}',
                 style : 'btn-default',
                 @if($user->picture)
-                placeholder : '<?php echo $user->picture->basename; ?>'
+                placeholder : '{{ $user->picture->basename }}'
                 @else
                 placeholder : '{{ trans('general.form.no_file_selected') }}'
                 @endif
             });
 
             @if($user->picture)
-                picture_html  = '<span class="picture">';
-                picture_html += '    <a href="{{ url('uploads/' . $user->picture->id . '/download') }}">';
-                picture_html += '        <span id="download-picture" class="text-primary">';
-                picture_html += '            <i class="fa fa-file-{{ $user->picture->aggregate_type }}-o"></i> {{ $user->picture->basename }}';
-                picture_html += '        </span>';
-                picture_html += '    </a>';
-                picture_html += '    {!! Form::open(['id' => 'picture-' . $user->picture->id, 'method' => 'DELETE', 'url' => [url('uploads/' . $user->picture->id)], 'style' => 'display:inline']) !!}';
-                picture_html += '    <a id="remove-picture" href="javascript:void();">';
-                picture_html += '        <span class="text-danger"><i class="fa fa fa-times"></i></span>';
-                picture_html += '    </a>';
-                picture_html += '    {!! Form::close() !!}';
-                picture_html += '</span>';
-    
-                $('.fancy-file .fake-file').append(picture_html);
-    
-                $(document).on('click', '#remove-picture', function (e) {
-                    confirmDelete("#picture-{!! $user->picture->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $user->picture->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
-                });
+            $.ajax({
+                url: '{{ url('uploads/' . $user->picture->id . '/show') }}',
+                type: 'GET',
+                data: {column_name: 'picture'},
+                dataType: 'JSON',
+                success: function(json) {
+                    if (json['success']) {
+                        $('.fancy-file').after(json['html']);
+                    }
+                }
+            });
+
+            @permission('delete-common-uploads')
+            $(document).on('click', '#remove-picture', function (e) {
+                confirmDelete("#picture-{!! $user->picture->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $user->picture->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
+            });
+            @endpermission
             @endif
             @endif
 
diff --git a/resources/views/common/companies/edit.blade.php b/resources/views/common/companies/edit.blade.php
index 29defd177..54d424874 100644
--- a/resources/views/common/companies/edit.blade.php
+++ b/resources/views/common/companies/edit.blade.php
@@ -63,31 +63,30 @@
                 text  : '{{ trans('general.form.select.file') }}',
                 style : 'btn-default',
                 @if($company->company_logo)
-                placeholder : '<?php echo $company->company_logo->basename; ?>'
+                placeholder : '{{ $company->company_logo->basename }}'
                 @else
                 placeholder : '{{ trans('general.form.no_file_selected') }}'
                 @endif
             });
 
             @if($company->company_logo)
-                attachment_html  = '<span class="attachment">';
-                attachment_html += '    <a href="{{ url('uploads/' . $company->company_logo->id . '/download') }}">';
-                attachment_html += '        <span id="download-attachment" class="text-primary">';
-                attachment_html += '            <i class="fa fa-file-{{ $company->company_logo->aggregate_type }}-o"></i> {{ $company->company_logo->basename }}';
-                attachment_html += '        </span>';
-                attachment_html += '    </a>';
-                attachment_html += '    {!! Form::open(['id' => 'attachment-' . $company->company_logo->id, 'method' => 'DELETE', 'url' => [url('uploads/' . $company->company_logo->id)], 'style' => 'display:inline']) !!}';
-                attachment_html += '    <a id="remove-attachment" href="javascript:void();">';
-                attachment_html += '        <span class="text-danger"><i class="fa fa fa-times"></i></span>';
-                attachment_html += '    </a>';
-                attachment_html += '    {!! Form::close() !!}';
-                attachment_html += '</span>';
+            $.ajax({
+                url: '{{ url('uploads/' . $company->company_logo->id . '/show') }}',
+                type: 'GET',
+                data: {column_name: 'attachment'},
+                dataType: 'JSON',
+                success: function(json) {
+                    if (json['success']) {
+                        $('.fancy-file').after(json['html']);
+                    }
+                }
+            });
 
-                $('.fancy-file .fake-file').append(attachment_html);
-
-                $(document).on('click', '#remove-attachment', function (e) {
-                    confirmDelete("#attachment-{!! $company->company_logo->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $company->company_logo->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
-                });
+            @permission('delete-common-uploads')
+            $(document).on('click', '#remove-attachment', function (e) {
+                confirmDelete("#attachment-{!! $company->company_logo->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $company->company_logo->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
+            });
+            @endpermission
             @endif
         });
     </script>
diff --git a/resources/views/common/items/edit.blade.php b/resources/views/common/items/edit.blade.php
index 3ecf81db1..2403c6b27 100644
--- a/resources/views/common/items/edit.blade.php
+++ b/resources/views/common/items/edit.blade.php
@@ -110,31 +110,30 @@
                 text  : '{{ trans('general.form.select.file') }}',
                 style : 'btn-default',
                 @if($item->picture)
-                placeholder : '<?php echo $item->picture->basename; ?>'
+                placeholder : '{{ $item->picture->basename }}'
                 @else
                 placeholder : '{{ trans('general.form.no_file_selected') }}'
                 @endif
             });
 
             @if($item->picture)
-                picture_html  = '<span class="picture">';
-                picture_html += '    <a href="{{ url('uploads/' . $item->picture->id . '/download') }}">';
-                picture_html += '        <span id="download-picture" class="text-primary">';
-                picture_html += '            <i class="fa fa-file-{{ $item->picture->aggregate_type }}-o"></i> {{ $item->picture->basename }}';
-                picture_html += '        </span>';
-                picture_html += '    </a>';
-                picture_html += '    {!! Form::open(['id' => 'picture-' . $item->picture->id, 'method' => 'DELETE', 'url' => [url('uploads/' . $item->picture->id)], 'style' => 'display:inline']) !!}';
-                picture_html += '    <a id="remove-picture" href="javascript:void();">';
-                picture_html += '        <span class="text-danger"><i class="fa fa fa-times"></i></span>';
-                picture_html += '    </a>';
-                picture_html += '    {!! Form::close() !!}';
-                picture_html += '</span>';
-    
-                $('.fancy-file .fake-file').append(picture_html);
-    
-                $(document).on('click', '#remove-picture', function (e) {
-                    confirmDelete("#picture-{!! $item->picture->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $item->picture->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
-                });
+            $.ajax({
+                url: '{{ url('uploads/' . $item->picture->id . '/show') }}',
+                type: 'GET',
+                data: {column_name: 'picture'},
+                dataType: 'JSON',
+                success: function(json) {
+                    if (json['success']) {
+                        $('.fancy-file').after(json['html']);
+                    }
+                }
+            });
+
+            @permission('delete-common-uploads')
+            $(document).on('click', '#remove-picture', function (e) {
+                confirmDelete("#picture-{!! $item->picture->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $item->picture->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
+            });
+            @endpermission
             @endif
         });
 
diff --git a/resources/views/customers/profile/edit.blade.php b/resources/views/customers/profile/edit.blade.php
index ba5464bcf..1df388a87 100644
--- a/resources/views/customers/profile/edit.blade.php
+++ b/resources/views/customers/profile/edit.blade.php
@@ -64,31 +64,30 @@
                 text  : '{{ trans('general.form.select.file') }}',
                 style : 'btn-default',
                 @if($user->picture)
-                placeholder : '<?php echo $user->picture->basename; ?>'
+                placeholder : '{{ $user->picture->basename }}'
                 @else
                 placeholder : '{{ trans('general.form.no_file_selected') }}'
                 @endif
             });
 
             @if($user->picture)
-                picture_html  = '<span class="picture">';
-                picture_html += '    <a href="{{ url('uploads/' . $user->picture->id . '/download') }}">';
-                picture_html += '        <span id="download-picture" class="text-primary">';
-                picture_html += '            <i class="fa fa-file-{{ $user->picture->aggregate_type }}-o"></i> {{ $user->picture->basename }}';
-                picture_html += '        </span>';
-                picture_html += '    </a>';
-                picture_html += '    {!! Form::open(['id' => 'picture-' . $user->picture->id, 'method' => 'DELETE', 'url' => [url('uploads/' . $user->picture->id)], 'style' => 'display:inline']) !!}';
-                picture_html += '    <a id="remove-picture" href="javascript:void();">';
-                picture_html += '        <span class="text-danger"><i class="fa fa fa-times"></i></span>';
-                picture_html += '    </a>';
-                picture_html += '    {!! Form::close() !!}';
-                picture_html += '</span>';
+            $.ajax({
+                url: '{{ url('uploads/' . $user->picture->id . '/show') }}',
+                type: 'GET',
+                data: {column_name: 'picture'},
+                dataType: 'JSON',
+                success: function(json) {
+                    if (json['success']) {
+                        $('.fancy-file').after(json['html']);
+                    }
+                }
+            });
 
-                $('.fancy-file .fake-file').append(picture_html);
-
-                $(document).on('click', '#remove-picture', function (e) {
-                    confirmDelete("#picture-{!! $user->picture->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $user->picture->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
-                });
+            @permission('delete-common-uploads')
+            $(document).on('click', '#remove-picture', function (e) {
+                confirmDelete("#picture-{!! $user->picture->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $user->picture->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
+            });
+            @endpermission
             @endif
         });
     </script>
diff --git a/resources/views/expenses/bills/edit.blade.php b/resources/views/expenses/bills/edit.blade.php
index 736cdf228..c90eaa2a8 100644
--- a/resources/views/expenses/bills/edit.blade.php
+++ b/resources/views/expenses/bills/edit.blade.php
@@ -257,27 +257,24 @@
                 text  : '{{ trans('general.form.select.file') }}',
                 style : 'btn-default',
                 @if($bill->attachment)
-                placeholder : '<?php echo $bill->attachment->basename; ?>'
+                placeholder : '{{ $bill->attachment->basename }}'
                 @else
                 placeholder : '{{ trans('general.form.no_file_selected') }}'
                 @endif
             });
 
             @if($bill->attachment)
-            attachment_html  = '<span class="attachment">';
-            attachment_html += '    <a href="{{ url('uploads/' . $bill->attachment->id . '/download') }}">';
-            attachment_html += '        <span id="download-attachment" class="text-primary">';
-            attachment_html += '            <i class="fa fa-file-{{ $bill->attachment->aggregate_type }}-o"></i> {{ $bill->attachment->basename }}';
-            attachment_html += '        </span>';
-            attachment_html += '    </a>';
-            attachment_html += '    {!! Form::open(['id' => 'attachment-' . $bill->attachment->id, 'method' => 'DELETE', 'url' => [url('uploads/' . $bill->attachment->id)], 'style' => 'display:inline']) !!}';
-            attachment_html += '    <a id="remove-attachment" href="javascript:void();">';
-            attachment_html += '        <span class="text-danger"><i class="fa fa fa-times"></i></span>';
-            attachment_html += '    </a>';
-            attachment_html += '    {!! Form::close() !!}';
-            attachment_html += '</span>';
-
-            $('.fancy-file .fake-file').append(attachment_html);
+            $.ajax({
+                url: '{{ url('uploads/' . $bill->attachment->id . '/show') }}',
+                type: 'GET',
+                data: {column_name: 'attachment'},
+                dataType: 'JSON',
+                success: function(json) {
+                    if (json['success']) {
+                        $('.fancy-file').after(json['html']);
+                    }
+                }
+            });
             @endif
 
             @if(old('item'))
@@ -285,11 +282,13 @@
             @endif
         });
 
+        @permission('delete-common-uploads')
         @if($bill->attachment)
         $(document).on('click', '#remove-attachment', function (e) {
             confirmDelete("#attachment-{!! $bill->attachment->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $bill->attachment->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
         });
         @endif
+        @endpermission
 
         $(document).on('click', '#button-add-item', function (e) {
             $.ajax({
diff --git a/resources/views/expenses/bills/show.blade.php b/resources/views/expenses/bills/show.blade.php
index 489feb93f..7d9cb3cdc 100644
--- a/resources/views/expenses/bills/show.blade.php
+++ b/resources/views/expenses/bills/show.blade.php
@@ -311,23 +311,8 @@
                     </div>
 
                     @if($bill->attachment)
-                        <span class="attachment">
-                            <a href="{{ url('uploads/' . $bill->attachment->id . '/download') }}">
-                                <span id="download-attachment" class="text-primary">
-                                    <i class="fa fa-file-{{ $bill->attachment->aggregate_type }}-o"></i> {{ $bill->attachment->basename }}
-                                </span>
-                            </a>
-                            {!! Form::open([
-                                'id' => 'attachment-' . $bill->attachment->id,
-                                'method' => 'DELETE',
-                                'url' => [url('uploads/' . $bill->attachment->id)],
-                                'style' => 'display:inline'
-                            ]) !!}
-                            <a id="remove-attachment" href="javascript:void();">
-                                <span class="text-danger"><i class="fa fa fa-times"></i></span>
-                            </a>
-                            {!! Form::close() !!}
-                        </span>
+                    @php $file = $bill->attachment; @endphp
+                    @include('partials.media.file')
                     @endif
                 </div>
             </div>
@@ -446,11 +431,13 @@
 
 @push('scripts')
     <script type="text/javascript">
+        @permission('delete-common-uploads')
         @if($bill->attachment)
         $(document).on('click', '#remove-attachment', function (e) {
             confirmDelete("#attachment-{!! $bill->attachment->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $bill->attachment->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
         });
         @endif
+        @endpermission
 
         $(document).on('click', '#button-payment', function (e) {
             $('#modal-add-payment').remove();
diff --git a/resources/views/expenses/payments/edit.blade.php b/resources/views/expenses/payments/edit.blade.php
index 2f7885ee3..700cb023d 100644
--- a/resources/views/expenses/payments/edit.blade.php
+++ b/resources/views/expenses/payments/edit.blade.php
@@ -137,31 +137,30 @@
                 text  : '{{ trans('general.form.select.file') }}',
                 style : 'btn-default',
                 @if($payment->attachment)
-                placeholder : '<?php echo $payment->attachment->basename; ?>'
+                placeholder : '{{ $payment->attachment->basename }}'
                 @else
                 placeholder : '{{ trans('general.form.no_file_selected') }}'
                 @endif
             });
 
             @if($payment->attachment)
-                attachment_html  = '<span class="attachment">';
-                attachment_html += '    <a href="{{ url('uploads/' . $payment->attachment->id . '/download') }}">';
-                attachment_html += '        <span id="download-attachment" class="text-primary">';
-                attachment_html += '            <i class="fa fa-file-{{ $payment->attachment->aggregate_type }}-o"></i> {{ $payment->attachment->basename }}';
-                attachment_html += '        </span>';
-                attachment_html += '    </a>';
-                attachment_html += '    {!! Form::open(['id' => 'attachment-' . $payment->attachment->id, 'method' => 'DELETE', 'url' => [url('uploads/' . $payment->attachment->id)], 'style' => 'display:inline']) !!}';
-                attachment_html += '    <a id="remove-attachment" href="javascript:void();">';
-                attachment_html += '        <span class="text-danger"><i class="fa fa fa-times"></i></span>';
-                attachment_html += '    </a>';
-                attachment_html += '    {!! Form::close() !!}';
-                attachment_html += '</span>';
+            $.ajax({
+                url: '{{ url('uploads/' . $payment->attachment->id . '/show') }}',
+                type: 'GET',
+                data: {column_name: 'attachment'},
+                dataType: 'JSON',
+                success: function(json) {
+                    if (json['success']) {
+                        $('.fancy-file').after(json['html']);
+                    }
+                }
+            });
 
-                $('.fancy-file .fake-file').append(attachment_html);
-
-                $(document).on('click', '#remove-attachment', function (e) {
-                    confirmDelete("#attachment-{!! $payment->attachment->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $payment->attachment->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
-                });
+            @permission('delete-common-uploads')
+            $(document).on('click', '#remove-attachment', function (e) {
+                confirmDelete("#attachment-{!! $payment->attachment->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $payment->attachment->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
+            });
+            @endpermission
             @endif
         });
 
diff --git a/resources/views/expenses/vendors/edit.blade.php b/resources/views/expenses/vendors/edit.blade.php
index ca9560eea..4993bdd41 100644
--- a/resources/views/expenses/vendors/edit.blade.php
+++ b/resources/views/expenses/vendors/edit.blade.php
@@ -69,31 +69,30 @@
                 text  : '{{ trans('general.form.select.file') }}',
                 style : 'btn-default',
                 @if($vendor->logo)
-                placeholder : '<?php echo $vendor->logo->basename; ?>'
+                placeholder : '{{ $vendor->logo->basename }}'
                 @else
                 placeholder : '{{ trans('general.form.no_file_selected') }}'
                 @endif
             });
 
             @if($vendor->logo)
-            logo_html  = '<span class="logo">';
-            logo_html += '    <a href="{{ url('uploads/' . $vendor->logo->id . '/download') }}">';
-            logo_html += '        <span id="download-logo" class="text-primary">';
-            logo_html += '            <i class="fa fa-file-{{ $vendor->logo->aggregate_type }}-o"></i> {{ $vendor->logo->basename }}';
-            logo_html += '        </span>';
-            logo_html += '    </a>';
-            logo_html += '    {!! Form::open(['id' => 'logo-' . $vendor->logo->id, 'method' => 'DELETE', 'url' => [url('uploads/' . $vendor->logo->id)], 'style' => 'display:inline']) !!}';
-            logo_html += '    <a id="remove-logo" href="javascript:void();">';
-            logo_html += '        <span class="text-danger"><i class="fa fa fa-times"></i></span>';
-            logo_html += '    </a>';
-            logo_html += '    {!! Form::close() !!}';
-            logo_html += '</span>';
-
-            $('.fancy-file .fake-file').append(logo_html);
+            $.ajax({
+                url: '{{ url('uploads/' . $vendor->logo->id . '/show') }}',
+                type: 'GET',
+                data: {column_name: 'logo'},
+                dataType: 'JSON',
+                success: function(json) {
+                    if (json['success']) {
+                        $('.fancy-file').after(json['html']);
+                    }
+                }
+            });
 
+            @permission('delete-common-uploads')
             $(document).on('click', '#remove-logo', function (e) {
                 confirmDelete("#logo-{!! $vendor->logo->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $vendor->logo->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
             });
+            @endpermission
             @endif
         });
     </script>
diff --git a/resources/views/incomes/invoices/edit.blade.php b/resources/views/incomes/invoices/edit.blade.php
index c62194d9d..2805c057a 100644
--- a/resources/views/incomes/invoices/edit.blade.php
+++ b/resources/views/incomes/invoices/edit.blade.php
@@ -257,27 +257,24 @@
                 text  : '{{ trans('general.form.select.file') }}',
                 style : 'btn-default',
                 @if($invoice->attachment)
-                placeholder : '<?php echo $invoice->attachment->basename; ?>'
+                placeholder : '{{ $invoice->attachment->basename }}'
                 @else
                 placeholder : '{{ trans('general.form.no_file_selected') }}'
                 @endif
             });
 
             @if($invoice->attachment)
-            attachment_html  = '<span class="attachment">';
-            attachment_html += '    <a href="{{ url('uploads/' . $invoice->attachment->id . '/download') }}">';
-            attachment_html += '        <span id="download-attachment" class="text-primary">';
-            attachment_html += '            <i class="fa fa-file-{{ $invoice->attachment->aggregate_type }}-o"></i> {{ $invoice->attachment->basename }}';
-            attachment_html += '        </span>';
-            attachment_html += '    </a>';
-            attachment_html += '    {!! Form::open(['id' => 'attachment-' . $invoice->attachment->id, 'method' => 'DELETE', 'url' => [url('uploads/' . $invoice->attachment->id)], 'style' => 'display:inline']) !!}';
-            attachment_html += '    <a id="remove-attachment" href="javascript:void();">';
-            attachment_html += '        <span class="text-danger"><i class="fa fa fa-times"></i></span>';
-            attachment_html += '    </a>';
-            attachment_html += '    {!! Form::close() !!}';
-            attachment_html += '</span>';
-
-            $('.fancy-file .fake-file').append(attachment_html);
+            $.ajax({
+                url: '{{ url('uploads/' . $invoice->attachment->id . '/show') }}',
+                type: 'GET',
+                data: {column_name: 'attachment'},
+                dataType: 'JSON',
+                success: function(json) {
+                    if (json['success']) {
+                        $('.fancy-file').after(json['html']);
+                    }
+                }
+            });
             @endif
 
             @if(old('item'))
@@ -285,11 +282,13 @@
             @endif
         });
 
+        @permission('delete-common-uploads')
         @if($invoice->attachment)
         $(document).on('click', '#remove-attachment', function (e) {
             confirmDelete("#attachment-{!! $invoice->attachment->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $invoice->attachment->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
         });
         @endif
+        @endpermission
 
         $(document).on('click', '#button-add-item', function (e) {
             $.ajax({
diff --git a/resources/views/incomes/invoices/show.blade.php b/resources/views/incomes/invoices/show.blade.php
index ca230a31f..368941448 100644
--- a/resources/views/incomes/invoices/show.blade.php
+++ b/resources/views/incomes/invoices/show.blade.php
@@ -339,23 +339,8 @@
                     </div>
 
                     @if($invoice->attachment)
-                        <span class="attachment">
-                            <a href="{{ url('uploads/' . $invoice->attachment->id . '/download') }}">
-                                <span id="download-attachment" class="text-primary">
-                                    <i class="fa fa-file-{{ $invoice->attachment->aggregate_type }}-o"></i> {{ $invoice->attachment->basename }}
-                                </span>
-                            </a>
-                            {!! Form::open([
-                                'id' => 'attachment-' . $invoice->attachment->id,
-                                'method' => 'DELETE',
-                                'url' => [url('uploads/' . $invoice->attachment->id)],
-                                'style' => 'display:inline'
-                            ]) !!}
-                            <a id="remove-attachment" href="javascript:void();">
-                                <span class="text-danger"><i class="fa fa fa-times"></i></span>
-                            </a>
-                            {!! Form::close() !!}
-                        </span>
+                    @php $file = $invoice->attachment; @endphp
+                    @include('partials.media.file')
                     @endif
                 </div>
             </div>
@@ -474,11 +459,13 @@
 
 @push('scripts')
     <script type="text/javascript">
+        @permission('delete-common-uploads')
         @if($invoice->attachment)
         $(document).on('click', '#remove-attachment', function (e) {
             confirmDelete("#attachment-{!! $invoice->attachment->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $invoice->attachment->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
         });
         @endif
+        @endpermission
 
         $(document).on('click', '#button-payment', function (e) {
             $('#modal-add-payment').remove();
diff --git a/resources/views/incomes/revenues/edit.blade.php b/resources/views/incomes/revenues/edit.blade.php
index 197407cc4..f5464d828 100644
--- a/resources/views/incomes/revenues/edit.blade.php
+++ b/resources/views/incomes/revenues/edit.blade.php
@@ -137,32 +137,31 @@
                 text  : '{{ trans('general.form.select.file') }}',
                 style : 'btn-default',
                 @if($revenue->attachment)
-                placeholder : '<?php echo $revenue->attachment->basename; ?>'
+                placeholder : '{{ $revenue->attachment->basename }}'
                 @else
                 placeholder : '{{ trans('general.form.no_file_selected') }}'
                 @endif
             });
 
             @if($revenue->attachment)
-                attachment_html  = '<span class="attachment">';
-                attachment_html += '    <a href="{{ url('uploads/' . $revenue->attachment->id . '/download') }}">';
-                attachment_html += '        <span id="download-attachment" class="text-primary">';
-                attachment_html += '            <i class="fa fa-file-{{ $revenue->attachment->aggregate_type }}-o"></i> {{ $revenue->attachment->basename }}';
-                attachment_html += '        </span>';
-                attachment_html += '    </a>';
-                attachment_html += '    {!! Form::open(['id' => 'attachment-' . $revenue->attachment->id, 'method' => 'DELETE', 'url' => [url('uploads/' . $revenue->attachment->id)], 'style' => 'display:inline']) !!}';
-                attachment_html += '    <a id="remove-attachment" href="javascript:void();">';
-                attachment_html += '        <span class="text-danger"><i class="fa fa fa-times"></i></span>';
-                attachment_html += '    </a>';
-                attachment_html += '    {!! Form::close() !!}';
-                attachment_html += '</span>';
+            $.ajax({
+                url: '{{ url('uploads/' . $revenue->attachment->id . '/show') }}',
+                type: 'GET',
+                data: {column_name: 'attachment'},
+                dataType: 'JSON',
+                success: function(json) {
+                    if (json['success']) {
+                        $('.fancy-file').after(json['html']);
+                    }
+                }
+            });
 
-                $('.fancy-file .fake-file').append(attachment_html);
-
-                $(document).on('click', '#remove-attachment', function (e) {
-                    confirmDelete("#attachment-{!! $revenue->attachment->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $revenue->attachment->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
-                });
+            @permission('delete-common-uploads')
+            $(document).on('click', '#remove-attachment', function (e) {
+                confirmDelete("#attachment-{!! $revenue->attachment->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $revenue->attachment->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
+            });
             @endif
+            @endpermission
         });
 
         $(document).on('change', '#account_id', function (e) {
diff --git a/resources/views/partials/media/file.blade.php b/resources/views/partials/media/file.blade.php
new file mode 100644
index 000000000..fe7f720ad
--- /dev/null
+++ b/resources/views/partials/media/file.blade.php
@@ -0,0 +1,53 @@
+@php
+$column_name = !empty($column_name) ? $column_name : 'attachment';
+$options = !empty($options) ? $options : false;
+@endphp
+
+<ul class="mailbox-attachments clearfix margin-top">
+    <li>
+        @if ($file->aggregate_type != 'image')
+        <span class="mailbox-attachment-icon">
+            <i class="fa fa-file-{{ $file->aggregate_type }}-o"></i>
+        </span>
+        @else
+        <span class="mailbox-attachment-icon has-img">
+            <img src="{{ url('uploads/' . $file->id) }}" alt="{{ $file->basename }}">
+        </span>
+        @endif
+
+        <div class="mailbox-attachment-info">
+            <a href="javascript:void();" class="mailbox-attachment-name">
+                <p class="mailbox-attachment-file-name">
+                    <i class="fa fa-paperclip"></i> {{ $file->basename }}
+                </p>
+            </a>
+
+            <span class="mailbox-attachment-size">
+              {{ $file->readableSize() }}
+
+                @permission('delete-common-uploads')
+                {!! Form::open([
+                'id' => $column_name. '-' . $file->id,
+                'method' => 'DELETE',
+                'url' => [url('uploads/' . $file->id)],
+                'style' => 'display:inline'
+            ]) !!}
+                <a href="javascript:void();" id="remove-{{ $column_name }}" class="btn btn-danger btn-xs pull-right mailbox-attachment-remove">
+                    <i class="fa fa fa-times"></i>
+                </a>
+
+                @if ($options)
+                <input type="hidden" name="page" value="{{ $options['page'] }}" />
+                <input type="hidden" name="key" value="{{ $options['key'] }}" />
+                <input type="hidden" name="value" value="{{ $file->id }}" />
+                @endif
+                {!! Form::close() !!}
+                @endpermission
+
+                <a href="{{ url('uploads/' . $file->id . '/download') }}" class="btn btn-info btn-xs pull-right mailbox-attachment-download">
+                    <i class="fa fa-cloud-download"></i>
+                </a>
+            </span>
+        </div>
+    </li>
+</ul>
diff --git a/resources/views/partials/media/files.blade.php b/resources/views/partials/media/files.blade.php
new file mode 100644
index 000000000..13d60a69e
--- /dev/null
+++ b/resources/views/partials/media/files.blade.php
@@ -0,0 +1,55 @@
+@php
+$column_name = !empty($column_name) ? $column_name : 'attachment';
+$options = !empty($options) ? $options : false;
+@endphp
+
+<ul class="mailbox-attachments clearfix margin-top">
+    @foreach ($files as $file)
+    <li>
+        @if ($file->aggregate_type != 'image')
+        <span class="mailbox-attachment-icon">
+            <i class="fa fa-file-{{ $file->aggregate_type }}-o"></i>
+        </span>
+        @else
+        <span class="mailbox-attachment-icon has-img">
+            <img src="{{ url('uploads/' . $file->id) }}" alt="{{ $file->basename }}">
+        </span>
+        @endif
+
+        <div class="mailbox-attachment-info">
+            <a href="javascript:void();" class="mailbox-attachment-name">
+                <p class="mailbox-attachment-file-name">
+                    <i class="fa fa-paperclip"></i> {{ $file->basename }}
+                </p>
+            </a>
+
+            <span class="mailbox-attachment-size">
+              {{ $file->readableSize() }}
+
+              @permission('delete-common-uploads')
+                {!! Form::open([
+                'id' => 'attachment-' . $file->id,
+                'method' => 'DELETE',
+                'url' => [url('uploads/' . $file->id)],
+                'style' => 'display:inline'
+            ]) !!}
+                <a href="javascript:void();" id="remove-attachment" class="btn btn-danger btn-xs pull-right mailbox-attachment-remove">
+                    <i class="fa fa fa-times"></i>
+                </a>
+
+                @if ($options)
+                <input type="hidden" name="page" value="{{ $options['page'] }}" />
+                <input type="hidden" name="key" value="{{ $options['key'] }}" />
+                <input type="hidden" name="value" value="{{ $file->id }}" />
+                @endif
+                {!! Form::close() !!}
+                @endpermission
+
+                <a href="{{ url('uploads/' . $file->id . '/download') }}" class="btn btn-info btn-xs pull-right mailbox-attachment-download">
+                    <i class="fa fa-cloud-download"></i>
+                </a>
+            </span>
+        </div>
+    </li>
+    @endforeach
+</ul>
diff --git a/resources/views/settings/settings/edit.blade.php b/resources/views/settings/settings/edit.blade.php
index 1b9757f3a..aa41e2fa9 100644
--- a/resources/views/settings/settings/edit.blade.php
+++ b/resources/views/settings/settings/edit.blade.php
@@ -246,27 +246,23 @@
             });
 
             @if($setting['company_logo'])
-                company_logo_html  = '<span class="company_logo">';
-                company_logo_html += '    <a href="{{ url('uploads/' . $setting['company_logo']->id . '/download') }}">';
-                company_logo_html += '        <span id="download-company_logo" class="text-primary">';
-                company_logo_html += '            <i class="fa fa-file-{{ $setting['company_logo']->aggregate_type }}-o"></i> {{ $setting['company_logo']->basename }}';
-                company_logo_html += '        </span>';
-                company_logo_html += '    </a>';
-                company_logo_html += '    {!! Form::open(['id' => 'company_logo-' . $setting['company_logo']->id, 'method' => 'DELETE', 'url' => [url('uploads/' . $setting['company_logo']->id)], 'style' => 'display:inline']) !!}';
-                company_logo_html += '    <a id="remove-company_logo" href="javascript:void();">';
-                company_logo_html += '        <span class="text-danger"><i class="fa fa fa-times"></i></span>';
-                company_logo_html += '    </a>';
-                company_logo_html += '    <input type="hidden" name="page" value="setting" />';
-                company_logo_html += '    <input type="hidden" name="key" value="general.company_logo" />';
-                company_logo_html += '    <input type="hidden" name="value" value="{{ $setting['company_logo']->id }}" />';
-                company_logo_html += '    {!! Form::close() !!}';
-                company_logo_html += '</span>';
-    
-                $('#company .fancy-file .fake-file').append(company_logo_html);
-    
-                $(document).on('click', '#remove-company_logo', function (e) {
-                    confirmDelete("#company_logo-{!! $setting['company_logo']->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $setting['company_logo']->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
-                });
+            $.ajax({
+                url: '{{ url('uploads/' . $setting['company_logo']->id . '/show') }}',
+                type: 'GET',
+                data: {column_name: 'company_logo', page: 'setting', key: 'general.company_logo'},
+                dataType: 'JSON',
+                success: function(json) {
+                    if (json['success']) {
+                        $('#company .fancy-file').after(json['html']);
+                    }
+                }
+            });
+
+            @permission('delete-common-uploads')
+            $(document).on('click', '#remove-company_logo', function (e) {
+                confirmDelete("#company_logo-{!! $setting['company_logo']->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $setting['company_logo']->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
+            });
+            @endpermission
             @endif
 
             var invoice_file = false;
@@ -286,27 +282,23 @@
                     });
 
                     @if($setting['invoice_logo'])
-                    invoice_logo_html  = '<span class="invoice_logo">';
-                    invoice_logo_html += '    <a href="{{ url('uploads/' . $setting['invoice_logo']->id . '/download') }}">';
-                    invoice_logo_html += '        <span id="download-invoice_logo" class="text-primary">';
-                    invoice_logo_html += '            <i class="fa fa-file-{{ $setting['invoice_logo']->aggregate_type }}-o"></i> {{ $setting['invoice_logo']->basename }}';
-                    invoice_logo_html += '        </span>';
-                    invoice_logo_html += '    </a>';
-                    invoice_logo_html += '    {!! Form::open(['id' => 'invoice_logo-' . $setting['invoice_logo']->id, 'method' => 'DELETE', 'url' => [url('uploads/' . $setting['invoice_logo']->id)], 'style' => 'display:inline']) !!}';
-                    invoice_logo_html += '    <a id="remove-invoice_logo" href="javascript:void();">';
-                    invoice_logo_html += '        <span class="text-danger"><i class="fa fa fa-times"></i></span>';
-                    invoice_logo_html += '    </a>';
-                    invoice_logo_html += '    <input type="hidden" name="page" value="setting" />';
-                    invoice_logo_html += '    <input type="hidden" name="key" value="general.invoice_logo" />';
-                    invoice_logo_html += '    <input type="hidden" name="value" value="{{ $setting['invoice_logo']->id }}" />';
-                    invoice_logo_html += '    {!! Form::close() !!}';
-                    invoice_logo_html += '</span>';
-
-                    $(target + ' .fancy-file .fake-file').append(invoice_logo_html);
+                    $.ajax({
+                        url: '{{ url('uploads/' . $setting['invoice_logo']->id . '/show') }}',
+                        type: 'GET',
+                        data: {column_name: 'invoice_logo', page: 'setting', key: 'general.invoice_logo'},
+                        dataType: 'JSON',
+                        success: function(json) {
+                            if (json['success']) {
+                                $(target + ' .fancy-file').after(json['html']);
+                            }
+                        }
+                    });
 
+                    @permission('delete-common-uploads')
                     $(document).on('click', '#remove-invoice_logo', function (e) {
                         confirmDelete("#invoice_logo-{!! $setting['invoice_logo']->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $setting['invoice_logo']->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
                     });
+                    @endpermission
                     @endif
 
                     invoice_file = true;
diff --git a/resources/views/wizard/companies/edit.blade.php b/resources/views/wizard/companies/edit.blade.php
index 8322cfcac..ca73fade6 100644
--- a/resources/views/wizard/companies/edit.blade.php
+++ b/resources/views/wizard/companies/edit.blade.php
@@ -116,27 +116,23 @@
         });
 
         @if($company->company_logo)
-        company_logo_html  = '<span class="company_logo">';
-        company_logo_html += '    <a href="{{ url('uploads/' . $company->company_logo->id . '/download') }}">';
-        company_logo_html += '        <span id="download-company_logo" class="text-primary">';
-        company_logo_html += '            <i class="fa fa-file-{{ $company->company_logo->aggregate_type }}-o"></i> {{ $company->company_logo->basename }}';
-        company_logo_html += '        </span>';
-        company_logo_html += '    </a>';
-        company_logo_html += '    {!! Form::open(['id' => 'company_logo-' . $company->company_logo->id, 'method' => 'DELETE', 'url' => [url('uploads/' . $company->company_logo->id)], 'style' => 'display:inline']) !!}';
-        company_logo_html += '    <a id="remove-company_logo" href="javascript:void();">';
-        company_logo_html += '        <span class="text-danger"><i class="fa fa fa-times"></i></span>';
-        company_logo_html += '    </a>';
-        company_logo_html += '    <input type="hidden" name="page" value="setting" />';
-        company_logo_html += '    <input type="hidden" name="key" value="general.company_logo" />';
-        company_logo_html += '    <input type="hidden" name="value" value="{{ $company->company_logo->id }}" />';
-        company_logo_html += '    {!! Form::close() !!}';
-        company_logo_html += '</span>';
-
-        $('.form-group.col-md-6 .fancy-file .fake-file').append(company_logo_html);
+        $.ajax({
+            url: '{{ url('uploads/' . $company->company_logo->id . '/show') }}',
+            type: 'GET',
+            data: {column_name: 'company_logo', page: 'setting', key: 'general.company_logo'},
+            dataType: 'JSON',
+            success: function(json) {
+                if (json['success']) {
+                    $('.form-group.col-md-6 .fancy-file').after(json['html']);
+                }
+            }
+        });
 
+        @permission('delete-common-uploads')
         $(document).on('click', '#remove-company_logo', function (e) {
             confirmDelete("#company_logo-{!! $company->company_logo->id !!}", "{!! trans('general.attachment') !!}", "{!! trans('general.delete_confirm', ['name' => '<strong>' . $company->company_logo->basename . '</strong>', 'type' => strtolower(trans('general.attachment'))]) !!}", "{!! trans('general.cancel') !!}", "{!! trans('general.delete')  !!}");
         });
+        @endpermission
         @endif
     });
 </script>
diff --git a/routes/web.php b/routes/web.php
index 7874cb64f..eaa8031c4 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -4,6 +4,7 @@ Route::group(['middleware' => 'language'], function () {
     Route::group(['middleware' => 'auth'], function () {
         Route::group(['prefix' => 'uploads'], function () {
             Route::get('{id}', 'Common\Uploads@get');
+            Route::get('{id}/show', 'Common\Uploads@show');
             Route::get('{id}/download', 'Common\Uploads@download');
         });