Fix authorisation for resellers to only see their own accounts

app/Models/Policies/InvoicePolicy.php

@@ -11,7 +11,7 @@ class InvoicePolicy
 	use HandlesAuthorization;
 
 	/**
-	 * Determine whether the user can view the service.
+	 * Determine whether the user can view the invoice.
 	 *
 	 * @param User    $uo
 	 * @param Invoice $io
@@ -25,8 +25,8 @@ class InvoicePolicy
 			// The user is the wholesaler
 			OR $uo->isWholesaler()
 
-			// The user is the reseller
-			OR  $uo->isReseller();
+			// The user has this as one of their accounts
+			OR $uo->accounts->pluck('id')->contains($io->account_id);
 	}
 
 	/**