diff --git a/routes/upload-request.php b/routes/upload-request.php
index 2ee331ec..2d47a2e1 100644
--- a/routes/upload-request.php
+++ b/routes/upload-request.php
@@ -1,7 +1,7 @@
 <?php
 
-use Domain\UploadRequest\Controllers\CreateUploadRequestController;
 use Domain\UploadRequest\Controllers\GetUploadRequestController;
+use Domain\UploadRequest\Controllers\CreateUploadRequestController;
 use Domain\UploadRequest\Controllers\UploadFilesForUploadRequestController;
 
 Route::get('/{uploadRequest}', GetUploadRequestController::class);
diff --git a/src/App/Users/Models/User.php b/src/App/Users/Models/User.php
index bf762127..7003cca3 100644
--- a/src/App/Users/Models/User.php
+++ b/src/App/Users/Models/User.php
@@ -15,8 +15,8 @@ use Illuminate\Support\Facades\Storage;
 use Illuminate\Notifications\Notifiable;
 use App\Users\Notifications\ResetPassword;
 use Laravel\Fortify\TwoFactorAuthenticatable;
-use Illuminate\Contracts\Auth\MustVerifyEmail;
 use Domain\UploadRequest\Models\UploadRequest;
+use Illuminate\Contracts\Auth\MustVerifyEmail;
 use App\Users\Restrictions\RestrictionsManager;
 use Illuminate\Database\Eloquent\Relations\HasOne;
 use Illuminate\Database\Eloquent\Relations\HasMany;
diff --git a/src/Domain/Files/Controllers/FileAccess/GetThumbnailController.php b/src/Domain/Files/Controllers/FileAccess/GetThumbnailController.php
index b4127cba..abb08dcf 100644
--- a/src/Domain/Files/Controllers/FileAccess/GetThumbnailController.php
+++ b/src/Domain/Files/Controllers/FileAccess/GetThumbnailController.php
@@ -20,10 +20,8 @@ class GetThumbnailController extends Controller
         Request $request,
         string $filename,
     ): FileNotFoundException | StreamedResponse {
-        $originalFileName = substr($filename, 3);
-
         $file = File::withTrashed()
-            ->where('basename', $originalFileName)
+            ->where('basename', substr($filename, 3))
             ->firstOrFail();
 
         if (! Gate::any(['can-edit', 'can-view'], [$file, null])) {
diff --git a/src/Domain/Files/Controllers/FileAccess/VisitorGetThumbnailController.php b/src/Domain/Files/Controllers/FileAccess/VisitorGetThumbnailController.php
index 9d7a8e68..f94949fc 100644
--- a/src/Domain/Files/Controllers/FileAccess/VisitorGetThumbnailController.php
+++ b/src/Domain/Files/Controllers/FileAccess/VisitorGetThumbnailController.php
@@ -30,11 +30,9 @@ class VisitorGetThumbnailController extends Controller
         // Check ability to access protected share files
         ($this->protectShareRecord)($shared);
 
-        $originalFileName = substr($filename, 3);
-
         // Get file record
         $file = UserFile::where('user_id', $shared->user_id)
-            ->where('basename', $originalFileName)
+            ->where('basename', substr($filename, 3))
             ->firstOrFail();
 
         // Check file access
diff --git a/src/Domain/Files/Models/File.php b/src/Domain/Files/Models/File.php
index f9c5d346..17cc21f9 100644
--- a/src/Domain/Files/Models/File.php
+++ b/src/Domain/Files/Models/File.php
@@ -115,7 +115,6 @@ class File extends Model
 
         // Generate thumbnail link for local storage
         if ($this->type === 'image') {
-
             foreach ($thumbnail_sizes as $item) {
                 $route = route('thumbnail', ['name' => $item['name'] . '-' . $this->basename]);
 
diff --git a/src/Domain/UploadRequest/Controllers/CreateUploadRequestController.php b/src/Domain/UploadRequest/Controllers/CreateUploadRequestController.php
index b35d5671..853735b6 100644
--- a/src/Domain/UploadRequest/Controllers/CreateUploadRequestController.php
+++ b/src/Domain/UploadRequest/Controllers/CreateUploadRequestController.php
@@ -1,13 +1,12 @@
 <?php
-
 namespace Domain\UploadRequest\Controllers;
 
-use App\Http\Controllers\Controller;
 use Auth;
-use Domain\UploadRequest\Notifications\UploadRequestNotification;
+use Notification;
+use App\Http\Controllers\Controller;
 use Domain\UploadRequest\Requests\StoreUploadRequest;
 use Domain\UploadRequest\Resources\UploadRequestResource;
-use Notification;
+use Domain\UploadRequest\Notifications\UploadRequestNotification;
 
 class CreateUploadRequestController extends Controller
 {
@@ -27,4 +26,4 @@ class CreateUploadRequestController extends Controller
 
         return response(new UploadRequestResource($uploadRequest), 201);
     }
-}
\ No newline at end of file
+}
diff --git a/src/Domain/UploadRequest/Controllers/FileAccess/GetFileFromUploadRequestController.php b/src/Domain/UploadRequest/Controllers/FileAccess/GetFileFromUploadRequestController.php
index 727371c6..2e2b26b3 100644
--- a/src/Domain/UploadRequest/Controllers/FileAccess/GetFileFromUploadRequestController.php
+++ b/src/Domain/UploadRequest/Controllers/FileAccess/GetFileFromUploadRequestController.php
@@ -1,16 +1,13 @@
 <?php
 namespace Domain\UploadRequest\Controllers\FileAccess;
 
-use Domain\Files\Actions\DownloadFileAction;
-use Domain\Sharing\Actions\ProtectShareRecordAction;
-use Domain\Sharing\Actions\VerifyAccessToItemWithinAction;
-use Domain\Traffic\Actions\RecordDownloadAction;
-use Domain\UploadRequest\Models\UploadRequest;
-use Gate;
 use Domain\Files\Models\File;
 use Illuminate\Http\Response;
-use Domain\Sharing\Models\Share;
-use Domain\Files\Resources\FileResource;
+use Domain\Files\Actions\DownloadFileAction;
+use Domain\UploadRequest\Models\UploadRequest;
+use Domain\Traffic\Actions\RecordDownloadAction;
+use Illuminate\Contracts\Foundation\Application;
+use Illuminate\Contracts\Routing\ResponseFactory;
 use Symfony\Component\HttpFoundation\BinaryFileResponse;
 
 /**
@@ -27,10 +24,16 @@ class GetFileFromUploadRequestController
     public function __invoke(
         string $filename,
         UploadRequest $uploadRequest
-    ): BinaryFileResponse {
+    ): Application|ResponseFactory|Response|BinaryFileResponse {
+        // Check if upload request is active
+        if ($uploadRequest->status !== 'active') {
+            return response('Gone', 410);
+        }
+
         // Get file
         $file = File::where('user_id', $uploadRequest->user_id)
             ->where('basename', $filename)
+            ->where('parent_id', $uploadRequest->id)
             ->firstOrFail();
 
         // Store user download size
diff --git a/src/Domain/UploadRequest/Controllers/FileAccess/GetThumbnailFromUploadRequestController.php b/src/Domain/UploadRequest/Controllers/FileAccess/GetThumbnailFromUploadRequestController.php
index 6de38df6..889b0502 100644
--- a/src/Domain/UploadRequest/Controllers/FileAccess/GetThumbnailFromUploadRequestController.php
+++ b/src/Domain/UploadRequest/Controllers/FileAccess/GetThumbnailFromUploadRequestController.php
@@ -1,11 +1,14 @@
 <?php
 namespace Domain\UploadRequest\Controllers\FileAccess;
 
-use App\Http\Controllers\Controller;
-use Domain\Files\Actions\DownloadThumbnailAction;
-use Domain\Traffic\Actions\RecordDownloadAction;
-use Domain\UploadRequest\Models\UploadRequest;
 use Domain\Files\Models\File;
+use Illuminate\Http\Response;
+use App\Http\Controllers\Controller;
+use Domain\UploadRequest\Models\UploadRequest;
+use Domain\Traffic\Actions\RecordDownloadAction;
+use Illuminate\Contracts\Foundation\Application;
+use Domain\Files\Actions\DownloadThumbnailAction;
+use Illuminate\Contracts\Routing\ResponseFactory;
 use Symfony\Component\HttpFoundation\StreamedResponse;
 
 /**
@@ -22,12 +25,16 @@ class GetThumbnailFromUploadRequestController extends Controller
     public function __invoke(
         string $filename,
         UploadRequest $uploadRequest
-    ): StreamedResponse {
-        $originalFileName = substr($filename, 3);
+    ): Application|ResponseFactory|Response|StreamedResponse {
+        // Check if upload request is active
+        if ($uploadRequest->status !== 'active') {
+            return response('Gone', 410);
+        }
 
         // Get file
         $file = File::where('user_id', $uploadRequest->user_id)
-            ->where('basename', $originalFileName)
+            ->where('basename', substr($filename, 3))
+            ->where('parent_id', $uploadRequest->id)
             ->firstOrFail();
 
         // Store user download size
diff --git a/src/Domain/UploadRequest/Controllers/UploadFilesForUploadRequestController.php b/src/Domain/UploadRequest/Controllers/UploadFilesForUploadRequestController.php
index f2232a39..cbc92cf4 100644
--- a/src/Domain/UploadRequest/Controllers/UploadFilesForUploadRequestController.php
+++ b/src/Domain/UploadRequest/Controllers/UploadFilesForUploadRequestController.php
@@ -1,20 +1,20 @@
 <?php
-
 namespace Domain\UploadRequest\Controllers;
 
-use App\Users\Exceptions\InvalidUserActionException;
-use Domain\Files\Resources\FileResource;
-use Domain\UploadRequest\Models\UploadRequest;
-use Domain\Files\Actions\UploadFileAction;
-use Domain\Folders\Models\Folder;
-use Illuminate\Contracts\Filesystem\FileNotFoundException;
 use DB;
+use Domain\Folders\Models\Folder;
+use Domain\Files\Resources\FileResource;
+use Domain\Files\Actions\UploadFileAction;
+use Domain\UploadRequest\Models\UploadRequest;
+use App\Users\Exceptions\InvalidUserActionException;
+use Illuminate\Contracts\Filesystem\FileNotFoundException;
 
 class UploadFilesForUploadRequestController
 {
     public function __construct(
         private UploadFileAction $uploadFile,
-    ) {}
+    ) {
+    }
 
     /**
      * @throws FileNotFoundException
@@ -48,7 +48,6 @@ class UploadFilesForUploadRequestController
 
             // Return new uploaded file
             return response(new FileResource($file), 201);
-
         } catch (InvalidUserActionException $e) {
             return response([
                 'type'    => 'error',
@@ -71,4 +70,4 @@ class UploadFilesForUploadRequestController
             'name'      => "Upload Request from $timestampName",
         ]);
     }
-}
\ No newline at end of file
+}
diff --git a/src/Domain/UploadRequest/Models/UploadRequest.php b/src/Domain/UploadRequest/Models/UploadRequest.php
index 953020b1..c26a4d35 100644
--- a/src/Domain/UploadRequest/Models/UploadRequest.php
+++ b/src/Domain/UploadRequest/Models/UploadRequest.php
@@ -2,10 +2,10 @@
 namespace Domain\UploadRequest\Models;
 
 use App\Users\Models\User;
-use Database\Factories\UploadRequestFactory;
-use Domain\Folders\Models\Folder;
 use Illuminate\Support\Str;
+use Domain\Folders\Models\Folder;
 use Illuminate\Database\Eloquent\Model;
+use Database\Factories\UploadRequestFactory;
 use Illuminate\Database\Eloquent\Relations\HasOne;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 
diff --git a/src/Domain/UploadRequest/Notifications/UploadRequestNotification.php b/src/Domain/UploadRequest/Notifications/UploadRequestNotification.php
index 5bf8fe5a..eecd2a4e 100644
--- a/src/Domain/UploadRequest/Notifications/UploadRequestNotification.php
+++ b/src/Domain/UploadRequest/Notifications/UploadRequestNotification.php
@@ -1,12 +1,11 @@
 <?php
-
 namespace Domain\UploadRequest\Notifications;
 
-use Domain\UploadRequest\Models\UploadRequest;
 use Illuminate\Bus\Queueable;
-use Illuminate\Contracts\Queue\ShouldQueue;
-use Illuminate\Notifications\Messages\MailMessage;
 use Illuminate\Notifications\Notification;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Domain\UploadRequest\Models\UploadRequest;
+use Illuminate\Notifications\Messages\MailMessage;
 
 class UploadRequestNotification extends Notification implements ShouldQueue
 {
@@ -19,7 +18,8 @@ class UploadRequestNotification extends Notification implements ShouldQueue
      */
     public function __construct(
         public UploadRequest $uploadRequest
-    ) {}
+    ) {
+    }
 
     /**
      * Get the notification's delivery channels.
@@ -58,7 +58,6 @@ class UploadRequestNotification extends Notification implements ShouldQueue
     public function toArray($notifiable)
     {
         return [
-            //
         ];
     }
 }
diff --git a/src/Domain/UploadRequest/Requests/StoreUploadRequest.php b/src/Domain/UploadRequest/Requests/StoreUploadRequest.php
index 7487bcf1..8509d482 100644
--- a/src/Domain/UploadRequest/Requests/StoreUploadRequest.php
+++ b/src/Domain/UploadRequest/Requests/StoreUploadRequest.php
@@ -1,5 +1,4 @@
 <?php
-
 namespace Domain\UploadRequest\Requests;
 
 use Illuminate\Foundation\Http\FormRequest;
diff --git a/src/Domain/UploadRequest/Resources/UploadRequestResource.php b/src/Domain/UploadRequest/Resources/UploadRequestResource.php
index 14c9328c..56d97612 100644
--- a/src/Domain/UploadRequest/Resources/UploadRequestResource.php
+++ b/src/Domain/UploadRequest/Resources/UploadRequestResource.php
@@ -1,5 +1,4 @@
 <?php
-
 namespace Domain\UploadRequest\Resources;
 
 use Domain\Folders\Resources\FolderResource;
diff --git a/tests/Domain/UploadRequest/UploadRequestAccessTest.php b/tests/Domain/UploadRequest/UploadRequestAccessTest.php
new file mode 100644
index 00000000..38e6b631
--- /dev/null
+++ b/tests/Domain/UploadRequest/UploadRequestAccessTest.php
@@ -0,0 +1,112 @@
+<?php
+namespace Tests\Domain\UploadRequest;
+
+use Storage;
+use Tests\TestCase;
+use App\Users\Models\User;
+use Illuminate\Support\Str;
+use Domain\Files\Models\File;
+use Illuminate\Http\UploadedFile;
+use Domain\UploadRequest\Models\UploadRequest;
+
+class UploadRequestAccessTest extends TestCase
+{
+    /**
+     * @test
+     */
+    public function it_get_file_from_upload_request_folder()
+    {
+        $user = User::factory()
+            ->hasSettings()
+            ->create();
+
+        $uploadRequest = UploadRequest::factory()
+            ->create([
+                'status'     => 'active',
+                'user_id'    => $user->id,
+                'created_at' => now(),
+            ]);
+
+        $file = UploadedFile::fake()
+            ->create(Str::random() . '-fake-file.pdf', 1200, 'application/pdf');
+
+        Storage::putFileAs("files/$user->id", $file, $file->name);
+
+        File::factory()
+            ->create([
+                'parent_id' => $uploadRequest->id,
+                'basename'  => $file->name,
+                'user_id'   => $user->id,
+                'name'      => 'fake-file.pdf',
+            ]);
+
+        $this
+            ->get("/file/$file->name/upload-request/$uploadRequest->id")
+            ->assertOk();
+    }
+
+    /**
+     * @test
+     */
+    public function it_get_thumbnail_from_upload_request_folder()
+    {
+        $user = User::factory()
+            ->hasSettings()
+            ->create();
+
+        $uploadRequest = UploadRequest::factory()
+            ->create([
+                'status'     => 'active',
+                'user_id'    => $user->id,
+                'created_at' => now(),
+            ]);
+
+        $thumbnail = UploadedFile::fake()
+            ->image('fake-thumbnail.jpg');
+
+        Storage::putFileAs("files/$user->id", $thumbnail, $thumbnail->name);
+
+        File::factory()
+            ->create([
+                'parent_id' => $uploadRequest->id,
+                'basename'  => 'fake-thumbnail.jpg',
+                'user_id'   => $user->id,
+            ]);
+
+        $this
+            ->get("/thumbnail/xs-$thumbnail->name/upload-request/$uploadRequest->id")
+            ->assertOk();
+    }
+
+    /**
+     * @test
+     */
+    public function it_try_get_file_from_expired_upload_request_folder()
+    {
+        $uploadRequest = UploadRequest::factory()
+            ->create([
+                'status'     => 'expired',
+                'created_at' => now(),
+            ]);
+
+        $this
+            ->get("/file/fake-file.pdf/upload-request/$uploadRequest->id")
+            ->assertStatus(410);
+    }
+
+    /**
+     * @test
+     */
+    public function it_try_get_thumbnail_from_expired_upload_request_folder()
+    {
+        $uploadRequest = UploadRequest::factory()
+            ->create([
+                'status'     => 'filled',
+                'created_at' => now(),
+            ]);
+
+        $this
+            ->get("/thumbnail/xs-fake-thumbnail.jpeg/upload-request/$uploadRequest->id")
+            ->assertStatus(410);
+    }
+}
diff --git a/tests/Domain/UploadRequest/UploadRequestTest.php b/tests/Domain/UploadRequest/UploadRequestTest.php
index 3c0eb85b..06f63cba 100644
--- a/tests/Domain/UploadRequest/UploadRequestTest.php
+++ b/tests/Domain/UploadRequest/UploadRequestTest.php
@@ -1,16 +1,14 @@
 <?php
-
 namespace Tests\Domain\UploadRequest;
 
-use Domain\Files\Models\File;
-use Domain\UploadRequest\Notifications\UploadRequestNotification;
-use Domain\UploadRequest\Models\UploadRequest;
-use App\Users\Models\User;
-use Illuminate\Http\UploadedFile;
-use Illuminate\Support\Str;
 use Storage;
-use Tests\TestCase;
 use Notification;
+use Tests\TestCase;
+use App\Users\Models\User;
+use Domain\Files\Models\File;
+use Illuminate\Http\UploadedFile;
+use Domain\UploadRequest\Models\UploadRequest;
+use Domain\UploadRequest\Notifications\UploadRequestNotification;
 
 class UploadRequestTest extends TestCase
 {
@@ -36,7 +34,7 @@ class UploadRequestTest extends TestCase
 
         $this
             ->actingAs($user)
-            ->postJson("/api/upload-request", [
+            ->postJson('/api/upload-request', [
                 'folder_id' => '00cacdb9-1d09-4a32-8ad7-c0d45d66b758',
                 'email'     => 'howdy@hi5ve.digital',
                 'notes'     => 'Please send me your files...',
@@ -63,7 +61,7 @@ class UploadRequestTest extends TestCase
 
         $this
             ->actingAs($user)
-            ->postJson("/api/upload-request", [
+            ->postJson('/api/upload-request', [
                 'folder_id' => '00cacdb9-1d09-4a32-8ad7-c0d45d66b758',
                 'notes'     => 'Please send me your files...',
             ])
@@ -144,7 +142,7 @@ class UploadRequestTest extends TestCase
     /**
      * @test
      */
-    public function it_upload_file_into_non_active_upload_request()
+    public function it_try_upload_file_into_non_active_upload_request()
     {
         $user = User::factory()
             ->hasSettings()
@@ -169,71 +167,4 @@ class UploadRequestTest extends TestCase
                 'is_last'   => 'true',
             ])->assertStatus(410);
     }
-
-    /**
-     * @test
-     */
-    public function it_get_file_from_upload_request_folder()
-    {
-        $user = User::factory()
-            ->hasSettings()
-            ->create();
-
-        $uploadRequest = UploadRequest::factory()
-            ->create([
-                'status'     => 'active',
-                'user_id'    => $user->id,
-                'created_at' => now(),
-            ]);
-
-        $file = UploadedFile::fake()
-            ->create(Str::random() . '-fake-file.pdf', 1200, 'application/pdf');
-
-        Storage::putFileAs("files/$user->id", $file, $file->name);
-
-        File::factory()
-            ->create([
-                'parent_id' => $uploadRequest->id,
-                'basename'  => $file->name,
-                'user_id'   => $user->id,
-                'name'      => 'fake-file.pdf',
-            ]);
-
-        $this
-            ->get("/file/$file->name/upload-request/$uploadRequest->id")
-            ->assertOk();
-    }
-
-    /**
-     * @test
-     */
-    public function it_get_thumbnail_from_upload_request_folder()
-    {
-        $user = User::factory()
-            ->hasSettings()
-            ->create();
-
-        $uploadRequest = UploadRequest::factory()
-            ->create([
-                'status'     => 'active',
-                'user_id'    => $user->id,
-                'created_at' => now(),
-            ]);
-
-        $thumbnail = UploadedFile::fake()
-            ->image('fake-thumbnail.jpg');
-
-        Storage::putFileAs("files/$user->id", $thumbnail, $thumbnail->name);
-
-        File::factory()
-            ->create([
-                'parent_id' => $uploadRequest->id,
-                'basename'  => 'fake-thumbnail.jpg',
-                'user_id'   => $user->id,
-            ]);
-
-        $this
-            ->get("/thumbnail/xs-$thumbnail->name/upload-request/$uploadRequest->id")
-            ->assertOk();
-    }
-}
\ No newline at end of file
+}