diff --git a/crm/api/__init__.py b/crm/api/__init__.py
index 58739de0..f0dcf649 100644
--- a/crm/api/__init__.py
+++ b/crm/api/__init__.py
@@ -44,7 +44,7 @@ def get_user_signature():
 	if html_signature:
 		_signature = html_signature.renderContents()
 	content = ""
-	if (cstr(_signature) or signature):
+	if cstr(_signature) or signature:
 		content = f'<br><p class="signature">{signature}</p>'
 	return content
 
@@ -64,14 +64,16 @@ def check_app_permission():
 		return True
 
 	roles = frappe.get_roles()
-	if any(role in ["System Manager", "Sales User", "Sales Manager", "Sales Master Manager"] for role in roles):
+	if any(
+		role in ["System Manager", "Sales User", "Sales Manager", "Sales Master Manager"] for role in roles
+	):
 		return True
 
 	return False
 
 
 @frappe.whitelist(allow_guest=True)
-def accept_invitation(key: str = None):
+def accept_invitation(key: str | None = None):
 	if not key:
 		frappe.throw("Invalid or expired key")
 
@@ -91,6 +93,7 @@ def accept_invitation(key: str = None):
 
 @frappe.whitelist()
 def invite_by_email(emails: str, role: str):
+	frappe.only_for("Sales Manager")
 	if not emails:
 		return
 	email_string = validate_email_address(emails, throw=False)
@@ -120,8 +123,8 @@ def get_file_uploader_defaults(doctype: str):
 		make_attachments_public = meta.get("make_attachments_public")
 
 	return {
-		'allowed_file_types': frappe.get_system_settings("allowed_file_extensions"),
-		'max_file_size': get_max_file_size(),
-		'max_number_of_files': max_number_of_files,
-		'make_attachments_public': bool(make_attachments_public),
-	}
\ No newline at end of file
+		"allowed_file_types": frappe.get_system_settings("allowed_file_extensions"),
+		"max_file_size": get_max_file_size(),
+		"max_number_of_files": max_number_of_files,
+		"make_attachments_public": bool(make_attachments_public),
+	}