diff --git a/server/src/controllers/folders.controller.ts b/server/src/controllers/folders.controller.ts
index b2ad7a0877..5b8873cb93 100644
--- a/server/src/controllers/folders.controller.ts
+++ b/server/src/controllers/folders.controller.ts
@@ -16,7 +16,13 @@ export class FoldersController {
   @UseGuards(JwtAuthGuard)
   @Get()
   async index(@Request() req, @Query() query) {
+    console.log('this is running folder');
+
     const folders = await this.foldersService.all(req.user, query.searchKey);
+    console.log('pritning folders');
+
+    console.log(folders);
+
     return decamelizeKeys({ folders });
   }
 
diff --git a/server/src/helpers/queries.ts b/server/src/helpers/queries.ts
index 8167d450c3..7e030bd8d3 100644
--- a/server/src/helpers/queries.ts
+++ b/server/src/helpers/queries.ts
@@ -7,12 +7,37 @@ import { EntityManager, SelectQueryBuilder } from 'typeorm';
 export function getFolderQuery(
   organizationId: string,
   manager: EntityManager,
+  userAppPermissions: UserAppsPermissions,
   searchKey?: string
 ): SelectQueryBuilder<Folder> {
-  const query = manager
-    .createQueryBuilder(Folder, 'folders')
-    .leftJoinAndSelect('folders.folderApps', 'folder_apps')
-    .leftJoin('folder_apps.app', 'app');
+  const { isAllEditable, isAllViewable, hideAll } = userAppPermissions;
+  const viewableApps = userAppPermissions.hideAll
+    ? [null, ...userAppPermissions.editableAppsId]
+    : [
+        null,
+        ...Array.from(
+          new Set([
+            ...userAppPermissions.editableAppsId,
+            ...userAppPermissions.viewableAppsId.filter((id) => !userAppPermissions.hiddenAppsId.includes(id)),
+          ])
+        ),
+      ];
+  const hiddenApps = userAppPermissions.hiddenAppsId.filter((id) => !userAppPermissions.editableAppsId.includes(id));
+  const query = manager.createQueryBuilder(Folder, 'folders');
+  if (!isAllEditable) {
+    if ((isAllViewable && hideAll) || (!isAllViewable && !hideAll) || (!isAllViewable && hideAll))
+      query.leftJoinAndSelect('folders.folderApps', 'folder_apps', 'folder_apps.appId IN (:...viewableApps)', {
+        viewableApps,
+      });
+    else if (!userAppPermissions.hideAll && isAllViewable && hiddenApps.length > 0)
+      query.leftJoinAndSelect('folders.folderApps', 'folder_apps', 'folder_apps.appId NOT IN (:...hiddenApps)', {
+        hiddenApps,
+      });
+  } else {
+    query.leftJoinAndSelect('folders.folderApps', 'folder_apps');
+  }
+
+  query.leftJoin('folder_apps.app', 'app');
   if (searchKey) {
     query.where('LOWER(app.name) like :searchKey', {
       searchKey: `%${searchKey && searchKey.toLowerCase()}%`,
diff --git a/server/src/services/folders.service.ts b/server/src/services/folders.service.ts
index 26852f77f5..03974d7f23 100644
--- a/server/src/services/folders.service.ts
+++ b/server/src/services/folders.service.ts
@@ -12,6 +12,7 @@ import { TOOLJET_RESOURCE } from 'src/constants/global.constant';
 import { AbilityService } from './permissions-ability.service';
 import { dbTransactionWrap } from 'src/helpers/database.helper';
 import { EntityManager, Repository, UpdateResult } from 'typeorm';
+import { UserAppsPermissions } from '@module/permissions/interface/permissions-ability.interface';
 
 @Injectable()
 export class FoldersService {
@@ -41,25 +42,40 @@ export class FoldersService {
     }, [{ dbConstraint: DataBaseConstraints.FOLDER_NAME_UNIQUE, message: 'This folder name is already taken.' }]);
   }
 
-  async allFolders(user: User, searchKey?: string): Promise<Folder[]> {
+  async allFolders(user: User, userAppPermissions: UserAppsPermissions, searchKey?: string): Promise<Folder[]> {
     return await dbTransactionWrap(async (manager: EntityManager) => {
-      return await getFolderQuery(user.organizationId, manager, searchKey).distinct().getMany();
+      console.log('running folder query');
+
+      return await getFolderQuery(user.organizationId, manager, userAppPermissions, searchKey).distinct().getMany();
     });
   }
 
   async all(user: User, searchKey: string): Promise<Folder[]> {
-    const allFolderList = await this.allFolders(user);
+    const userAppPermissions = (
+      await this.abilityService.resourceActionsPermission(user, {
+        resources: [{ resource: TOOLJET_RESOURCE.APP }],
+        organizationId: user.organizationId,
+      })
+    ).App;
+
+    const allFolderList = await this.allFolders(user, userAppPermissions);
     if (!searchKey || allFolderList.length === 0) {
       return allFolderList;
     }
-    const folders = await this.allFolders(user, searchKey);
+
+    const folders = await this.allFolders(user, userAppPermissions, searchKey);
+
     allFolderList.forEach((folder, index) => {
       const currentFolder = folders.find((f) => f.id === folder.id);
       if (currentFolder) {
         allFolderList[index] = currentFolder;
+        allFolderList[index].folderApps;
+        allFolderList[index].generateCount();
+        console.log('folder found');
       } else {
         allFolderList[index].folderApps = [];
         allFolderList[index].generateCount();
+        console.log('folder  not found');
       }
     });
     return allFolderList;