diff --git a/app/api/auth.py b/app/api/auth.py
index 1f0dbce601..ac400d98c4 100644
--- a/app/api/auth.py
+++ b/app/api/auth.py
@@ -304,12 +304,10 @@ def ticket_attendee_authorized(order_identifier):
     if current_user:
         try:
             order = Order.query.filter_by(identifier=order_identifier).first()
-            user_id = order.user.id
-            event_id = order.event.id
         except NoResultFound:
             return NotFoundError({'source': ''}, 'This ticket is not associated with any order').respond()
-        if current_user.id == user_id or current_user.is_organizer(event_id):
-            key = UPLOAD_PATHS['pdf']['ticket_attendee'].format(identifier=order_identifier)
+        if current_user.can_download_tickets(order):
+            key = UPLOAD_PATHS['pdf']['tickets_all'].format(identifier=order_identifier)
             file_path = '../generated/tickets/{}/{}/'.format(key, generate_hash(key)) + order_identifier + '.pdf'
             try:
                 return return_tickets(file_path, order_identifier)
diff --git a/app/api/helpers/order.py b/app/api/helpers/order.py
index d3c854013c..1f73da3035 100644
--- a/app/api/helpers/order.py
+++ b/app/api/helpers/order.py
@@ -53,7 +53,7 @@ def create_pdf_tickets_for_holder(order):
     """
     if order.status == 'completed' or order.status == 'placed':
         pdf = create_save_pdf(render_template('pdf/ticket_purchaser.html', order=order),
-                              UPLOAD_PATHS['pdf']['ticket_attendee'],
+                              UPLOAD_PATHS['pdf']['tickets_all'],
                               dir_path='/static/uploads/pdf/tickets/', identifier=order.identifier, upload_dir='generated/tickets/')
 
         order.tickets_pdf_url = pdf
diff --git a/app/api/helpers/storage.py b/app/api/helpers/storage.py
index c935bd963d..efb4eb65f8 100644
--- a/app/api/helpers/storage.py
+++ b/app/api/helpers/storage.py
@@ -80,7 +80,8 @@
     },
     'pdf': {
         'ticket_attendee': 'attendees/tickets/pdf/{identifier}',
-        'order': 'orders/invoices/pdf/{identifier}'
+        'order': 'orders/invoices/pdf/{identifier}',
+        'tickets_all': 'orders/tickets/pdf/{identifier}'
     }
 }
 
diff --git a/app/models/user.py b/app/models/user.py
index 57c9701e3d..e605438c75 100644
--- a/app/models/user.py
+++ b/app/models/user.py
@@ -360,6 +360,12 @@ def first_access_panel(self):
             return False
         return perm.panel_name
 
+    def can_download_tickets(self, order):
+        permissible_users = [holder.id for holder in order.ticket_holders] + [order.user.id]
+        if self.is_staff or self.is_organizer(order.event.id) or self.id in permissible_users:
+            return True
+        return False
+
     def can_access_panel(self, panel_name):
         """
         Check if user can access an Admin Panel