We're about to send out an email to all legacy users and we're opening this topic specifically for control panel usability enhancements.
Not really a usability enhancement as such, but any user can view anyone elses invoice in the control panel once they're logged in.
Just changing the invoice number when viewing one of you own allows you to see invoices for other random users. Clicking on the transaction reference id in the invoice gives you an error, saying that it does not belong to you, so you cannot see payment details, but I was expecting to get that error when just trying to view the invoice itself.
Can this check be added to the invoice page as well as the payment reference page?