From b0d03c5109e4d5a0d6d1300aa122eb4de3c07066 Mon Sep 17 00:00:00 2001
From: Chirag Aggarwal <chiragaggarwal5k@gmail.com>
Date: Mon, 21 Apr 2025 13:44:30 +0000
Subject: [PATCH] chore: update file security logic

---
 .../Modules/Storage/Http/Tokens/Buckets/Files/Action.php    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Appwrite/Platform/Modules/Storage/Http/Tokens/Buckets/Files/Action.php b/src/Appwrite/Platform/Modules/Storage/Http/Tokens/Buckets/Files/Action.php
index 524d25dc42..aec665f406 100644
--- a/src/Appwrite/Platform/Modules/Storage/Http/Tokens/Buckets/Files/Action.php
+++ b/src/Appwrite/Platform/Modules/Storage/Http/Tokens/Buckets/Files/Action.php
@@ -21,14 +21,14 @@ class Action extends UtopiaAction
             throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND);
         }
 
-        $fileSecurity = $bucket->getAttribute('fileSecurity', false);
         $validator = new Authorization(Database::PERMISSION_READ);
         $valid = $validator->isValid($bucket->getRead());
-        if (!$fileSecurity && !$valid) {
+        if (!$valid) {
             throw new Exception(Exception::USER_UNAUTHORIZED);
         }
 
-        if ($fileSecurity && !$valid) {
+        $fileSecurity = $bucket->getAttribute('fileSecurity', false);
+        if ($fileSecurity) {
             $file = $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId);
         } else {
             $file = Authorization::skip(fn () => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));