diff --git a/app/Http/Controllers/FileAccessController.php b/app/Http/Controllers/FileAccessController.php
index 11f0b7fc..61577b8f 100644
--- a/app/Http/Controllers/FileAccessController.php
+++ b/app/Http/Controllers/FileAccessController.php
@@ -33,14 +33,13 @@ class FileAccessController extends Controller
      */
     public function get_avatar($basename)
     {
-        // Get file path
-        $path = '/avatars/' . $basename;
-
         // Check if file exist
-        if (!Storage::exists($path)) abort(404);
+        if (!Storage::exists("/avatars/$basename")) {
+            abort(404);
+        }
 
         // Return avatar
-        return Storage::download($path, $basename);
+        return Storage::download("/avatars/$basename", $basename);
     }
 
     /**
@@ -52,14 +51,13 @@ class FileAccessController extends Controller
      */
     public function get_system_image($basename)
     {
-        // Get file path
-        $path = '/system/' . $basename;
-
         // Check if file exist
-        if (!Storage::exists($path)) abort(404);
+        if (!Storage::exists("/system/$basename")) {
+            abort(404);
+        }
 
         // Return avatar
-        return Storage::download($path, $basename);
+        return Storage::download("/system/$basename", $basename);
     }
 
     /**
diff --git a/routes/web.php b/routes/web.php
index c7ea1b12..d9869d23 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -22,7 +22,7 @@ Route::get('/file/{name}/public/{token}', [FileAccessController::class, 'get_fil
 Route::get('/zip/{id}/public/{token}', [FileAccessController::class, 'get_zip_public'])->name('zip_public');
 
 // User master,editor,visitor access to image thumbnails and file downloads
-Route::group(['middleware' => ['auth:api', 'auth.shared', 'auth.master', 'scope:master,editor,visitor']], function () {
+Route::group(['middleware' => ['auth:sanctum']], function () {
     Route::get('/thumbnail/{name}', [FileAccessController::class, 'get_thumbnail'])->name('thumbnail');
     Route::get('/file/{name}', [FileAccessController::class, 'get_file'])->name('file');
     Route::get('/zip/{id}', [FileAccessController::class, 'get_zip'])->name('zip');
diff --git a/tests/Feature/FileAccessTest.php b/tests/Feature/FileAccessTest.php
new file mode 100644
index 00000000..26c77db1
--- /dev/null
+++ b/tests/Feature/FileAccessTest.php
@@ -0,0 +1,62 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\User;
+use Illuminate\Foundation\Testing\DatabaseMigrations;
+use App\Services\SetupService;
+use Illuminate\Http\UploadedFile;
+use Laravel\Sanctum\Sanctum;
+use Storage;
+use Tests\TestCase;
+
+class FileAccessTest extends TestCase
+{
+    use DatabaseMigrations;
+
+    public function __construct()
+    {
+        parent::__construct();
+        $this->setup = app()->make(SetupService::class);
+    }
+
+    /**
+     * @test
+     */
+    public function it_get_public_user_avatar()
+    {
+        Storage::fake('local');
+
+        $this->setup->create_directories();
+
+        $avatar = UploadedFile::fake()
+            ->image('fake-avatar.jpg');
+
+        Storage::putFileAs('avatars', $avatar, 'fake-avatar.jpg');
+
+        $this->get('avatars/fake-avatar.jpg')
+            ->assertStatus(200);
+
+        Storage::assertExists('avatars/fake-avatar.jpg');
+    }
+
+    /**
+     * @test
+     */
+    public function it_get_public_system_image()
+    {
+        Storage::fake('local');
+
+        $this->setup->create_directories();
+
+        $system = UploadedFile::fake()
+            ->image('fake-logo.jpg');
+
+        Storage::putFileAs('system', $system, 'fake-logo.jpg');
+
+        $this->get('system/fake-logo.jpg')
+            ->assertStatus(200);
+
+        Storage::assertExists('system/fake-logo.jpg');
+    }
+}