diff --git a/finances/templates/finances/_subsidy_card.html b/finances/templates/finances/_subsidy_card.html
index 2f21e32f6823c6b3b46e7243795e73bca4522669..5cf03b69fd1bff098de1ff48d3ba2fbe05da2218 100644
--- a/finances/templates/finances/_subsidy_card.html
+++ b/finances/templates/finances/_subsidy_card.html
@@ -1,6 +1,8 @@
{% load bootstrap %}
{% load user_groups %}
+{% load guardian_tags %}
+{% get_obj_perms request.user for subsidy.organization as "user_org_perms" %}
<div class="card-body">
<div class="row">
@@ -25,7 +27,7 @@
<td>Description:</td><td>{{ subsidy.description }}</td>
</tr>
<tr>
- <td>Amount:</td><td>{% if subsidy.amount_publicly_shown or perms.scipost.can_manage_subsidies %}€{{ subsidy.amount }}{% else %}-{% endif %}</td>
+ <td>Amount:</td><td>{% if subsidy.amount_publicly_shown or perms.scipost.can_manage_subsidies %}€{{ subsidy.amount }}{% else %}-{% endif %}{% if perms.scipost.can_manage_subsidies or "can_view_org_contacts" in user_org_perms %} <span class="text-muted">[publicly {% if subsidy.amount_publicly_shown %}visible{% else %}invisible{% endif %}]</span>{% endif %}</td>
</tr>
<tr>
<td>Date:</td><td>{{ subsidy.date }}</td>
@@ -67,17 +69,23 @@
<table class="table">
<tr>
<th>File name</th>
+ {% if perms.scipost.can_manage_subsidies or "can_view_org_contacts" in user_org_perms %}
<th>Publicly visible?</th>
+ {% endif %}
</tr>
{% for att in subsidy.attachments.all %}
+ {% if att.publicly_visible or perms.scipost.can_manage_subsidies or "can_view_org_contacts" in user_org_perms %}
<tr>
<td><a href="{{ att.get_absolute_url }}" target="_blank">{{ att.name }}</a></td>
+ {% if perms.scipost.can_manage_subsidies or "can_view_org_contacts" in user_org_perms %}
<td>{% if att.publicly_visible %}<i class="fa fa-check-circle text-success"></i>{% else %}<i class="fa fa-times-circle text-danger"></i>{% endif %}</td>
{% if perms.scipost.can_manage_subsidies %}
<td><a href="{% url 'finances:subsidyattachment_update' pk=att.id %}"><span class="text-warning">Update</span></a></td>
<td><a href="{% url 'finances:subsidyattachment_delete' pk=att.id %}"><span class="text-danger">Delete</span></a></td>
{% endif %}
+ {% endif %}
</tr>
+ {% endif %}
{% empty %}
<tr>
<td>No attachment found</td>