diff --git a/include/class.ticket.php b/include/class.ticket.php
index fd9da00ca1d15aa6014eac5389c274f2d35940e2..e637743a4fb3b3d91fdef1ab3ed60f04695d0072 100644
--- a/include/class.ticket.php
+++ b/include/class.ticket.php
@@ -160,7 +160,6 @@ class Ticket {
     }
 
     function checkUserAccess($user) {
-        global $cfg;
 
         if (!$user || !($user instanceof EndUser))
             return false;
@@ -169,9 +168,16 @@ class Ticket {
         if ($user->getId() == $this->getUserId())
             return true;
 
-        //Collaborator
-        if (!strcasecmp($user->getRole(), 'collaborator')
-                && $user->getTicketId() == $this->getId())
+        //Collaborator?
+        // 1) If the user was authorized via this ticket.
+        if ($user->getTicketId() == $this->getId()
+                && !strcasecmp($user->getRole(), 'collaborator'))
+            return true;
+
+        // 2) Query the database to check for expanded access...
+        if (Collaborator::lookup(array(
+                        'userId' => $user->getId(),
+                        'ticketId' => $this->getId())))
             return true;
 
         return false;