diff --git a/app/controllers/spree/admin/invoices_controller.rb b/app/controllers/spree/admin/invoices_controller.rb
index b9dd01cdec..c304a63697 100644
--- a/app/controllers/spree/admin/invoices_controller.rb
+++ b/app/controllers/spree/admin/invoices_controller.rb
@@ -11,6 +11,9 @@ module Spree
       end
 
       def create
+        Spree::Order.where(id: params[:order_ids]).find_each do |order|
+          authorize! :invoice, order
+        end
         invoice_service = BulkInvoiceService.new
         invoice_service.start_pdf_job(params[:order_ids])
 
@@ -19,6 +22,8 @@ module Spree
 
       def generate
         @order = Order.find_by(number: params[:order_id])
+        authorize! :invoice, @order
+
         @comparator = OrderInvoiceComparator.new(@order)
         if @comparator.can_generate_new_invoice?
           @order.invoices.create!(