diff --git a/db/changes/10491-august/00-editTrackedACL.sql b/db/changes/10491-august/00-editTrackedACL.sql
index 37d24ac81..97394fffe 100644
--- a/db/changes/10491-august/00-editTrackedACL.sql
+++ b/db/changes/10491-august/00-editTrackedACL.sql
@@ -1,3 +1,3 @@
 INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
     VALUES
-        ('Sale', 'editTracked', 'READ', 'ALLOW', 'ROLE', 'production');
+        ('Sale', 'editTracked', 'WRITE', 'ALLOW', 'ROLE', 'production');
diff --git a/modules/ticket/back/methods/sale/canEdit.js b/modules/ticket/back/methods/sale/canEdit.js
index 4992a3499..7a8523fb7 100644
--- a/modules/ticket/back/methods/sale/canEdit.js
+++ b/modules/ticket/back/methods/sale/canEdit.js
@@ -27,25 +27,20 @@ module.exports = Self => {
         if (typeof options == 'object')
             Object.assign(myOptions, options);
 
-        const firstSale = await models.Sale.findById(sales[0], null, myOptions);
-        const isTicketEditable = await models.Ticket.isEditable(ctx, firstSale.ticketFk, myOptions);
-        if (!isTicketEditable)
-            throw new UserError(`The sales of this ticket can't be modified`);
+        console.log(ctx.req.accessToken);
+        const token = ctx.req.accessToken;
+        let canEditTracked = await models.ACL.checkAccessForToken(token, models.Sale, null, 'refund');
+        // const newCtx = ctx;
+        // newCtx.property = 'refund';
+        // newCtx.accessType = 'WRITE';
+        // newCtx.methodNames = ['refund'];
+        // newCtx.model = await models.Sale;
 
-        const saleTracking = await models.SaleTracking.find({where: {saleFk: {inq: sales}}}, myOptions);
-        const hasSaleTracking = saleTracking.length;
-
-        const saleCloned = await models.SaleCloned.find({where: {saleClonedFk: {inq: sales}}}, myOptions);
-        const hasSaleCloned = saleCloned.length;
-
-        const isTicketWeekly =
-            await models.TicketWeekly.findOne({where: {ticketFk: firstSale.ticketFk}}, myOptions);
-
-        // (principalType, principalId,model, property, accessType,callback);
-        // let canEditTracked = await models.ACL.checkPermission('ROLE', 'employee', 'Sale', 'editTracked', 'WRITE');
+        // let canEditTracked = await models.ACL.checkAccessForContext(newCtx);
+        console.log(canEditTracked);
 
         // let canEditTracked2 = await models.ACL.checkPermission('USER', 'developer', 'Sale', 'editTracked', 'READ');
-        const array = ['editTracked'];
+        /* const array = ['editTracked'];
         const AccessContext = loopBackCtx.AccessContext;
         const toFind = {
             principals: [{
@@ -90,6 +85,6 @@ module.exports = Self => {
         if (canEdit)
             return true;
 
-        return false;
+        return false;*/
     };
 };
diff --git a/package.json b/package.json
index 26c164832..abf7c9e4b 100644
--- a/package.json
+++ b/package.json
@@ -26,7 +26,7 @@
         "jsdom": "^16.7.0",
         "jszip": "^3.10.0",
         "ldapjs": "^2.2.0",
-        "loopback": "^3.26.0",
+        "loopback": "^3.28.0",
         "loopback-boot": "3.3.1",
         "loopback-component-explorer": "^6.5.0",
         "loopback-component-storage": "3.6.1",