diff --git a/modules/upload/upload.module b/modules/upload/upload.module
index 4fceaa6ab3eb688283b20c108d9b77ca04f19b4e..666aa23e9a66c5cb415185ef8364e023d3b7802f 100644
--- a/modules/upload/upload.module
+++ b/modules/upload/upload.module
@@ -154,15 +154,17 @@ function _upload_file_limits($user) {
  */
 function upload_file_download($filepath) {
   $filepath = file_create_path($filepath);
-  $result = db_query("SELECT f.* FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = '%s'", $filepath);
+  $result = db_query("SELECT f.*, u.nid FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = '%s'", $filepath);
   if ($file = db_fetch_object($result)) {
-    if (!user_access('view uploaded files')) {
+    if (user_access('view uploaded files') && ($node = node_load($file->nid)) && node_access('view', $node)) {
+      return array(
+        'Content-Type: ' . $file->filemime,
+        'Content-Length: ' . $file->filesize,
+      );
+    }
+    else {
       return -1;
     }
-    return array(
-      'Content-Type: ' . $file->filemime,
-      'Content-Length: ' . $file->filesize,
-    );
   }
 }