diff --git a/app/Helper/Subtask.php b/app/Helper/Subtask.php
index 4bb26e777..7d474de02 100644
--- a/app/Helper/Subtask.php
+++ b/app/Helper/Subtask.php
@@ -14,12 +14,17 @@ class Subtask extends \Kanboard\Core\Base
      * Get the link to toggle subtask status
      *
      * @access public
-     * @param  array   $subtask
-     * @param  string  $redirect
+     * @param  array    $subtask
+     * @param  string   $redirect
+     * @param  integer  $project_id
      * @return string
      */
-    public function toggleStatus(array $subtask, $redirect)
+    public function toggleStatus(array $subtask, $redirect, $project_id = 0)
     {
+        if ($project_id > 0 && ! $this->helper->user->hasProjectAccess('subtask', 'edit', $project_id)) {
+            return trim($this->template->render('subtask/icons', array('subtask' => $subtask))) . $this->helper->e($subtask['title']);
+        }
+
         if ($subtask['status'] == 0 && isset($this->sessionStorage->hasSubtaskInProgress) && $this->sessionStorage->hasSubtaskInProgress === true) {
             return $this->helper->url->link(
                 trim($this->template->render('subtask/icons', array('subtask' => $subtask))) . $this->helper->e($subtask['title']),
diff --git a/app/ServiceProvider/AuthenticationProvider.php b/app/ServiceProvider/AuthenticationProvider.php
index 8600d96e8..b9cdeb757 100644
--- a/app/ServiceProvider/AuthenticationProvider.php
+++ b/app/ServiceProvider/AuthenticationProvider.php
@@ -134,7 +134,7 @@ class AuthenticationProvider implements ServiceProviderInterface
 
         $acl->add('Config', '*', Role::APP_ADMIN);
         $acl->add('Currency', '*', Role::APP_ADMIN);
-        $acl->add('Gantt', '*', Role::APP_MANAGER);
+        $acl->add('Gantt', array('projects', 'saveProjectDate'), Role::APP_MANAGER);
         $acl->add('Group', '*', Role::APP_ADMIN);
         $acl->add('Link', '*', Role::APP_ADMIN);
         $acl->add('Project', array('users', 'allowEverybody', 'allow', 'role', 'revoke', 'create'), Role::APP_MANAGER);
diff --git a/app/Template/board/task_private.php b/app/Template/board/task_private.php
index a5d05e497..ad09546eb 100644
--- a/app/Template/board/task_private.php
+++ b/app/Template/board/task_private.php
@@ -41,15 +41,19 @@
 
             <?php if (! empty($task['owner_id'])): ?>
             <span class="task-board-user <?= $this->user->isCurrentUser($task['owner_id']) ? 'task-board-current-user' : '' ?>">
-                <?= $this->url->link(
-                    $task['assignee_name'] ?: $task['assignee_username'],
-                    'board',
-                    'changeAssignee',
-                    array('task_id' => $task['id'], 'project_id' => $task['project_id']),
-                    false,
-                    'popover',
-                    t('Change assignee')
-                ) ?>
+                <?php if ($this->user->hasProjectAccess('taskmodification', 'edit', $task['project_id'])): ?>
+                    <?= $this->url->link(
+                        $task['assignee_name'] ?: $task['assignee_username'],
+                        'BoardPopover',
+                        'changeAssignee',
+                        array('task_id' => $task['id'], 'project_id' => $task['project_id']),
+                        false,
+                        'popover',
+                        t('Change assignee')
+                    ) ?>
+                <?php else: ?>
+                    <?= $this->e($task['assignee_name'] ?: $task['assignee_username']) ?>
+                <?php endif ?>
             </span>
             <?php endif ?>
 
diff --git a/app/Template/board/tooltip_subtasks.php b/app/Template/board/tooltip_subtasks.php
index 950da9256..5c273e080 100644
--- a/app/Template/board/tooltip_subtasks.php
+++ b/app/Template/board/tooltip_subtasks.php
@@ -1,6 +1,6 @@
 <section id="tooltip-subtasks">
 <?php foreach ($subtasks as $subtask): ?>
-    <?= $this->subtask->toggleStatus($subtask, 'board') ?>
+    <?= $this->subtask->toggleStatus($subtask, 'board', $task['project_id']) ?>
     <?= $this->e(empty($subtask['username']) ? '' : ' ['.$this->user->getFullname($subtask).']') ?>
     <br/>
 <?php endforeach ?>
diff --git a/app/Template/comment/show.php b/app/Template/comment/show.php
index 840776682..444576535 100644
--- a/app/Template/comment/show.php
+++ b/app/Template/comment/show.php
@@ -16,7 +16,7 @@
         <?php if (! isset($preview)): ?>
         <ul class="comment-actions">
             <li><a href="#comment-<?= $comment['id'] ?>"><?= t('link') ?></a></li>
-            <?php if ((! isset($not_editable) || ! $not_editable) && ($this->user->isAdmin() || $this->user->isCurrentUser($comment['user_id']))): ?>
+            <?php if ($editable && ($this->user->isAdmin() || $this->user->isCurrentUser($comment['user_id']))): ?>
                 <li>
                     <?= $this->url->link(t('remove'), 'comment', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'comment_id' => $comment['id'])) ?>
                 </li>
diff --git a/app/Template/file/show.php b/app/Template/file/show.php
index a390c9fb3..b87739a88 100644
--- a/app/Template/file/show.php
+++ b/app/Template/file/show.php
@@ -9,11 +9,9 @@
         <ul class="task-show-images">
             <?php foreach ($images as $file): ?>
                 <li>
-                    <?php if (function_exists('imagecreatetruecolor')): ?>
                     <div class="img_container">
                         <img src="<?= $this->url->href('file', 'thumbnail', array('file_id' => $file['id'], 'project_id' => $task['project_id'], 'task_id' => $file['task_id'])) ?>" alt="<?= $this->e($file['name']) ?>"/>
                     </div>
-                    <?php endif ?>
                     <p>
                         <?= $this->e($file['name']) ?>
                         <span class="tooltip" title='<?= t('uploaded by: %s', $file['user_name'] ?: $file['username']).'<br>'.t('uploaded on: %s', dt('%B %e, %Y at %k:%M %p', $file['date'])).'<br>'.t('size: %s', $this->text->bytes($file['size'])) ?>'>
@@ -22,7 +20,9 @@
                     </p>
                     <span class="task-show-file-actions task-show-image-actions">
                         <i class="fa fa-eye"></i> <?= $this->url->link(t('open file'), 'file', 'open', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id']), false, 'popover') ?>
-                        <i class="fa fa-trash"></i> <?= $this->url->link(t('remove'), 'file', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?>
+                        <?php if ($this->user->hasProjectAccess('file', 'remove', $task['project_id'])): ?>
+                            <i class="fa fa-trash"></i> <?= $this->url->link(t('remove'), 'file', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?>
+                        <?php endif ?>
                         <i class="fa fa-download"></i> <?= $this->url->link(t('download'), 'file', 'download', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?>
                     </span>
                 </li>
@@ -44,7 +44,9 @@
                     </td>
                     <td>
                         <span class="task-show-file-actions">
-                            <i class="fa fa-trash"></i> <?= $this->url->link(t('remove'), 'file', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?>
+                            <?php if ($this->user->hasProjectAccess('file', 'remove', $task['project_id'])): ?>
+                                <i class="fa fa-trash"></i> <?= $this->url->link(t('remove'), 'file', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?>
+                            <?php endif ?>
                             <i class="fa fa-download"></i> <?= $this->url->link(t('download'), 'file', 'download', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?>
                         </span>
                     </td>
diff --git a/app/Template/project/sidebar.php b/app/Template/project/sidebar.php
index b436c9e8d..2cc5ff2fc 100644
--- a/app/Template/project/sidebar.php
+++ b/app/Template/project/sidebar.php
@@ -4,9 +4,11 @@
         <li <?= $this->app->getRouterAction() === 'show' ? 'class="active"' : '' ?>>
             <?= $this->url->link(t('Summary'), 'project', 'show', array('project_id' => $project['id'])) ?>
         </li>
+        <?php if ($this->user->hasProjectAccess('customfilter', 'index', $project['id'])): ?>
         <li <?= $this->app->getRouterController() === 'customfilter' && $this->app->getRouterAction() === 'index' ? 'class="active"' : '' ?>>
             <?= $this->url->link(t('Custom filters'), 'customfilter', 'index', array('project_id' => $project['id'])) ?>
         </li>
+        <?php endif ?>
 
         <?php if ($this->user->hasProjectAccess('project', 'edit', $project['id'])): ?>
             <li <?= $this->app->getRouterController() === 'project' && $this->app->getRouterAction() === 'share' ? 'class="active"' : '' ?>>
diff --git a/app/Template/subtask/show.php b/app/Template/subtask/show.php
index f48484cc5..283057f48 100644
--- a/app/Template/subtask/show.php
+++ b/app/Template/subtask/show.php
@@ -1,4 +1,3 @@
-
 <div id="subtasks" class="task-show-section">
 
     <?php if (! empty($subtasks)): ?>
@@ -13,14 +12,14 @@
                 <th class="column-40"><?= t('Title') ?></th>
                 <th><?= t('Assignee') ?></th>
                 <th><?= t('Time tracking') ?></th>
-                <?php if (! isset($not_editable)): ?>
+                <?php if ($editable): ?>
                     <th><?= t('Actions') ?></th>
                 <?php endif ?>
             </tr>
             <?php foreach ($subtasks as $subtask): ?>
             <tr>
                 <td>
-                    <?php if (! isset($not_editable)): ?>
+                    <?php if ($editable): ?>
                         <?= $this->subtask->toggleStatus($subtask, 'task') ?>
                     <?php else: ?>
                         <?= $this->render('subtask/icons', array('subtask' => $subtask)) . $this->e($subtask['title']) ?>
@@ -28,7 +27,7 @@
                 </td>
                 <td>
                     <?php if (! empty($subtask['username'])): ?>
-                        <?php if (! isset($not_editable)): ?>
+                        <?php if ($editable): ?>
                             <?= $this->url->link($this->e($subtask['name'] ?: $subtask['username']), 'user', 'show', array('user_id' => $subtask['user_id'])) ?>
                         <?php else: ?>
                             <?= $this->e($subtask['name'] ?: $subtask['username']) ?>
@@ -46,7 +45,7 @@
                                 <strong><?= $this->e($subtask['time_estimated']).'h' ?></strong> <?= t('estimated') ?>
                             <?php endif ?>
                         </li>
-                        <?php if (! isset($not_editable) && $subtask['user_id'] == $this->user->getId()): ?>
+                        <?php if ($editable && $subtask['user_id'] == $this->user->getId()): ?>
                         <li>
                             <?php if ($subtask['is_timer_started']): ?>
                                 <i class="fa fa-pause"></i>
@@ -60,7 +59,7 @@
                         <?php endif ?>
                     </ul>
                 </td>
-                <?php if (! isset($not_editable)): ?>
+                <?php if ($editable): ?>
                     <td>
                         <ul>
                             <?php if ($subtask['position'] != $first_position): ?>
@@ -87,7 +86,7 @@
         </table>
     <?php endif ?>
 
-    <?php if (! isset($not_editable) && $this->user->hasProjectAccess('subtask', 'save', $task['project_id'])): ?>
+    <?php if ($editable && $this->user->hasProjectAccess('subtask', 'save', $task['project_id'])): ?>
 
         <?php if (empty($subtasks)): ?>
             <div class="page-header">
diff --git a/app/Template/task/comments.php b/app/Template/task/comments.php
index 070de3209..57fb305f2 100644
--- a/app/Template/task/comments.php
+++ b/app/Template/task/comments.php
@@ -15,12 +15,12 @@
             'comment' => $comment,
             'task' => $task,
             'project' => $project,
-            'not_editable' => isset($not_editable) && $not_editable,
+            'editable' => $editable,
             'is_public' => isset($is_public) && $is_public,
         )) ?>
     <?php endforeach ?>
 
-    <?php if (! isset($not_editable)): ?>
+    <?php if ($editable): ?>
         <?= $this->render('comment/create', array(
             'skip_cancel' => true,
             'values' => array(
diff --git a/app/Template/task/details.php b/app/Template/task/details.php
index 9cd10dda4..74799b15e 100644
--- a/app/Template/task/details.php
+++ b/app/Template/task/details.php
@@ -86,7 +86,7 @@
         </li>
         <?php endif ?>
 
-        <?php if (! isset($not_editable) && $task['recurrence_status'] != \Kanboard\Model\Task::RECURRING_STATUS_NONE): ?>
+        <?php if ($editable && $task['recurrence_status'] != \Kanboard\Model\Task::RECURRING_STATUS_NONE): ?>
         <li>
             <strong><?= t('Recurring information') ?></strong>
             <?= $this->render('task/recurring_info', array(
diff --git a/app/Template/task/public.php b/app/Template/task/public.php
index e31054884..7edf097cc 100644
--- a/app/Template/task/public.php
+++ b/app/Template/task/public.php
@@ -1,33 +1,34 @@
 <section id="main" class="public-task">
 
-    <?= $this->render('task/details', array('task' => $task, 'project' => $project, 'not_editable' => true)) ?>
+    <?= $this->render('task/details', array('task' => $task, 'project' => $project, 'editable' => false)) ?>
 
     <p class="pull-right"><?= $this->url->link(t('Back to the board'), 'board', 'readonly', array('token' => $project['token'])) ?></p>
 
     <?= $this->render('task/description', array(
         'task' => $task,
         'project' => $project,
-        'is_public' => true
+        'is_public' => true,
     )) ?>
 
     <?= $this->render('tasklink/show', array(
         'task' => $task,
         'links' => $links,
         'project' => $project,
-        'not_editable' => true
+        'editable' => false,
+        'is_public' => true,
     )) ?>
 
     <?= $this->render('subtask/show', array(
         'task' => $task,
         'subtasks' => $subtasks,
-        'not_editable' => true
+        'editable' => false
     )) ?>
 
     <?= $this->render('task/comments', array(
         'task' => $task,
         'comments' => $comments,
         'project' => $project,
-        'not_editable' => true,
+        'editable' => false,
         'is_public' => true,
     )) ?>
 
diff --git a/app/Template/task/show.php b/app/Template/task/show.php
index 713c2b3a2..f6d47e53e 100644
--- a/app/Template/task/show.php
+++ b/app/Template/task/show.php
@@ -4,6 +4,7 @@
     'recurrence_trigger_list' => $this->task->recurrenceTriggers(),
     'recurrence_timeframe_list' => $this->task->recurrenceTimeframes(),
     'recurrence_basedate_list' => $this->task->recurrenceBasedates(),
+    'editable' => $this->user->hasProjectAccess('taskmodification', 'edit', $project['id']),
 )) ?>
 
 <?php if ($this->user->hasProjectAccess('taskmodification', 'edit', $project['id'])): ?>
@@ -11,8 +12,34 @@
 <?php endif ?>
 
 <?= $this->render('task/description', array('task' => $task)) ?>
-<?= $this->render('tasklink/show', array('task' => $task, 'links' => $links, 'link_label_list' => $link_label_list)) ?>
-<?= $this->render('subtask/show', array('task' => $task, 'subtasks' => $subtasks, 'project' => $project, 'users_list' => isset($users_list) ? $users_list : array())) ?>
+
+<?= $this->render('tasklink/show', array(
+    'task' => $task,
+    'links' => $links,
+    'link_label_list' => $link_label_list,
+    'editable' => $this->user->hasProjectAccess('tasklink', 'edit', $project['id']),
+    'is_public' => false,
+)) ?>
+
+<?= $this->render('subtask/show', array(
+    'task' => $task,
+    'subtasks' => $subtasks,
+    'project' => $project,
+    'users_list' => isset($users_list) ? $users_list : array(),
+    'editable' => $this->user->hasProjectAccess('subtask', 'edit', $project['id']),
+)) ?>
+
 <?= $this->render('task/time_tracking_summary', array('task' => $task)) ?>
-<?= $this->render('file/show', array('task' => $task, 'files' => $files, 'images' => $images)) ?>
-<?= $this->render('task/comments', array('task' => $task, 'comments' => $comments, 'project' => $project)) ?>
+
+<?= $this->render('file/show', array(
+    'task' => $task,
+    'files' => $files,
+    'images' => $images
+)) ?>
+
+<?= $this->render('task/comments', array(
+    'task' => $task,
+    'comments' => $comments,
+    'project' => $project,
+    'editable' => $this->user->hasProjectAccess('comment', 'edit', $project['id']),
+)) ?>
diff --git a/app/Template/tasklink/show.php b/app/Template/tasklink/show.php
index b66ec0875..fbb1f825a 100644
--- a/app/Template/tasklink/show.php
+++ b/app/Template/tasklink/show.php
@@ -9,7 +9,7 @@
         <th class="column-20"><?= t('Project') ?></th>
         <th><?= t('Column') ?></th>
         <th><?= t('Assignee') ?></th>
-        <?php if (! isset($not_editable)): ?>
+        <?php if ($editable): ?>
             <th><?= t('Action') ?></th>
         <?php endif ?>
     </tr>
@@ -23,12 +23,12 @@
             <?php endif ?>
 
             <td>
-                <?php if (! isset($not_editable)): ?>
+                <?php if ($is_public): ?>
                     <?= $this->url->link(
                         $this->e('#'.$link['task_id'].' '.$link['title']),
                         'task',
-                        'show',
-                        array('task_id' => $link['task_id'], 'project_id' => $link['project_id']),
+                        'readonly',
+                        array('task_id' => $link['task_id'], 'token' => $project['token']),
                         false,
                         $link['is_active'] ? '' : 'task-link-closed'
                     ) ?>
@@ -36,8 +36,8 @@
                     <?= $this->url->link(
                         $this->e('#'.$link['task_id'].' '.$link['title']),
                         'task',
-                        'readonly',
-                        array('task_id' => $link['task_id'], 'token' => $project['token']),
+                        'show',
+                        array('task_id' => $link['task_id'], 'project_id' => $link['project_id']),
                         false,
                         $link['is_active'] ? '' : 'task-link-closed'
                     ) ?>
@@ -57,14 +57,14 @@
             <td><?= $this->e($link['column_title']) ?></td>
             <td>
                 <?php if (! empty($link['task_assignee_username'])): ?>
-                    <?php if (! isset($not_editable)): ?>
+                    <?php if ($editable): ?>
                         <?= $this->url->link($this->e($link['task_assignee_name'] ?: $link['task_assignee_username']), 'user', 'show', array('user_id' => $link['task_assignee_id'])) ?>
                     <?php else: ?>
                         <?= $this->e($link['task_assignee_name'] ?: $link['task_assignee_username']) ?>
                     <?php endif ?>
                 <?php endif ?>
             </td>
-            <?php if (! isset($not_editable)): ?>
+            <?php if ($editable): ?>
             <td>
                 <ul>
                     <li><?= $this->url->link(t('Edit'), 'tasklink', 'edit', array('link_id' => $link['id'], 'task_id' => $task['id'], 'project_id' => $task['project_id'])) ?></li>
@@ -77,7 +77,7 @@
     <?php endforeach ?>
 </table>
 
-<?php if (! isset($not_editable) && isset($link_label_list)): ?>
+<?php if ($editable && isset($link_label_list)): ?>
     <form action="<?= $this->url->href('tasklink', 'save', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" method="post" autocomplete="off">
 
         <?= $this->form->csrf() ?>