diff --git a/src/Controller/AttachmentFileController.php b/src/Controller/AttachmentFileController.php
new file mode 100644
index 00000000..eb19eb2f
--- /dev/null
+++ b/src/Controller/AttachmentFileController.php
@@ -0,0 +1,101 @@
+<?php
+/**
+ *
+ * part-db version 0.1
+ * Copyright (C) 2005 Christoph Lechner
+ * http://www.cl-projects.de/
+ *
+ * part-db version 0.2+
+ * Copyright (C) 2009 K. Jacobs and others (see authors.php)
+ * http://code.google.com/p/part-db/
+ *
+ * Part-DB Version 0.4+
+ * Copyright (C) 2016 - 2019 Jan Böhmer
+ * https://github.com/jbtronics
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
+ *
+ */
+
+namespace App\Controller;
+
+
+use App\Entity\Attachment;
+use App\Services\AttachmentHelper;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\BinaryFileResponse;
+use Symfony\Component\HttpFoundation\ResponseHeaderBag;
+use Symfony\Component\Routing\Annotation\Route;
+
+class AttachmentFileController extends AbstractController
+{
+
+    /**
+     * Download the selected attachment
+     *
+     * @Route("/attachment/{id}/download", name="attachment_download")
+     * @param Attachment $attachment
+     */
+    public function download(Attachment $attachment, AttachmentHelper $helper)
+    {
+        $this->denyAccessUnlessGranted("read", $attachment);
+
+        if ($attachment->isExternal()) {
+            throw new \Exception("You can not download external attachments!");
+        }
+
+        if (!$helper->isFileExisting($attachment)) {
+            throw new \Exception("The file associated with the attachment is not existing!");
+        }
+
+
+        $file_path = $helper->toAbsoluteFilePath($attachment);
+        $response = new BinaryFileResponse($file_path);
+
+        //Set header content disposition, so that the file will be downloaded
+        $response->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT);
+
+        return $response;
+    }
+
+    /**
+     * View the attachment
+     *
+     * @Route("/attachment/{id}/view", name="attachment_view")
+     * @param Attachment $attachment
+     */
+    public function view(Attachment $attachment, AttachmentHelper $helper)
+    {
+        $this->denyAccessUnlessGranted("read", $attachment);
+
+        if ($attachment->isExternal()) {
+            throw new \Exception("You can not download external attachments!");
+        }
+
+        if (!$helper->isFileExisting($attachment)) {
+            throw new \Exception("The file associated with the attachment is not existing!");
+        }
+
+
+        $file_path = $helper->toAbsoluteFilePath($attachment);
+        $response = new BinaryFileResponse($file_path);
+
+        //Set header content disposition, so that the file will be downloaded
+        $response->setContentDisposition(ResponseHeaderBag::DISPOSITION_INLINE);
+
+        return $response;
+    }
+
+}
\ No newline at end of file
diff --git a/src/Security/Voter/AttachmentVoter.php b/src/Security/Voter/AttachmentVoter.php
new file mode 100644
index 00000000..174d19fe
--- /dev/null
+++ b/src/Security/Voter/AttachmentVoter.php
@@ -0,0 +1,74 @@
+<?php
+/**
+ *
+ * part-db version 0.1
+ * Copyright (C) 2005 Christoph Lechner
+ * http://www.cl-projects.de/
+ *
+ * part-db version 0.2+
+ * Copyright (C) 2009 K. Jacobs and others (see authors.php)
+ * http://code.google.com/p/part-db/
+ *
+ * Part-DB Version 0.4+
+ * Copyright (C) 2016 - 2019 Jan Böhmer
+ * https://github.com/jbtronics
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
+ *
+ */
+
+namespace App\Security\Voter;
+
+
+use App\Entity\Attachment;
+use App\Entity\User;
+
+class AttachmentVoter extends ExtendedVoter
+{
+
+    /**
+     * Similar to voteOnAttribute, but checking for the anonymous user is already done.
+     * The current user (or the anonymous user) is passed by $user.
+     *
+     * @param $attribute
+     * @param $subject
+     * @param User $user
+     *
+     * @return bool
+     */
+    protected function voteOnUser($attribute, $subject, User $user): bool
+    {
+        if ($subject instanceof Attachment) {
+            return $this->resolver->inherit($user, 'parts_attachments', $attribute) ?? false;
+        }
+    }
+
+    /**
+     * Determines if the attribute and subject are supported by this voter.
+     *
+     * @param string $attribute An attribute
+     * @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type
+     *
+     * @return bool True if the attribute and subject are supported, false otherwise
+     */
+    protected function supports($attribute, $subject)
+    {
+        if ($subject instanceof Attachment) {
+            return in_array($attribute, $this->resolver->listOperationsForPermission('parts_attachments'), false);
+        }
+
+        return false;
+    }
+}
\ No newline at end of file
diff --git a/src/Services/EntityURLGenerator.php b/src/Services/EntityURLGenerator.php
index 515304e4..a648dd7f 100644
--- a/src/Services/EntityURLGenerator.php
+++ b/src/Services/EntityURLGenerator.php
@@ -29,6 +29,7 @@
 
 namespace App\Services;
 
+use App\Entity\Attachment;
 use App\Entity\AttachmentType;
 use App\Entity\Category;
 use App\Entity\Device;
@@ -82,11 +83,35 @@ class EntityURLGenerator
                 return $this->listPartsURL($entity);
             case 'delete':
                 return $this->deleteURL($entity);
+            case 'file_download':
+                return $this->downloadURL($entity);
+            case 'file_view':
+                return $this->viewURL($entity);
         }
 
         throw new \InvalidArgumentException('Method is not supported!');
     }
 
+    public function viewURL($entity) : string
+    {
+        if ($entity instanceof Attachment) {
+            return $this->urlGenerator->generate('attachment_view', ['id' => $entity->getID()]);
+        }
+
+        //Otherwise throw an error
+        throw new EntityNotSupported('The given entity is not supported yet!');
+    }
+
+    public function downloadURL($entity) : string
+    {
+        if ($entity instanceof Attachment) {
+            return $this->urlGenerator->generate('attachment_download', ['id' => $entity->getID()]);
+        }
+
+        //Otherwise throw an error
+        throw new EntityNotSupported('The given entity is not supported yet!');
+    }
+
     /**
      * Generates an URL to a page, where info about this entity can be viewed.
      *
diff --git a/templates/Parts/info/_attachments_info.html.twig b/templates/Parts/info/_attachments_info.html.twig
index c6cfe535..669bb8fc 100644
--- a/templates/Parts/info/_attachments_info.html.twig
+++ b/templates/Parts/info/_attachments_info.html.twig
@@ -35,8 +35,8 @@
             </td>
 
             <td><div class="btn-group" role="group" aria-label="Button group with nested dropdown">
-                    <button type="button" class="btn btn-secondary" title="{% trans %}attachment.view{% endtrans %}"><i class="fas fa-eye fa-fw"></i></button>
-                    <button type="button" class="btn btn-secondary" title="{% trans %}attachment.download{% endtrans %}"><i class="fas fa-download fa-fw"></i></button>
+                    <a href="{{ attachment|entityURL('file_view') }}" target="_blank" class="btn btn-secondary" data-no-ajax title="{% trans %}attachment.view{% endtrans %}"><i class="fas fa-eye fa-fw"></i></a>
+                    <a href="{{ attachment|entityURL('file_download') }}" data-no-ajax class="btn btn-secondary" title="{% trans %}attachment.download{% endtrans %}"><i class="fas fa-download fa-fw"></i></a>
 
                     <div class="btn-group" role="group">
                         <button id="btnGroupDrop1" type="button" class="btn btn-secondary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" data-boundary="window">