diff --git a/app/Http/Controllers/FileAccessController.php b/app/Http/Controllers/FileAccessController.php
index 0ccc0f40..df763ba4 100644
--- a/app/Http/Controllers/FileAccessController.php
+++ b/app/Http/Controllers/FileAccessController.php
@@ -88,7 +88,7 @@ class FileAccessController extends Controller
 
         // Store user download size
         $request->user()->record_download(
-            (int) $file->getRawOriginal('filesize')
+            (int)$file->getRawOriginal('filesize')
         );
 
         return $this->download_file($file, Auth::id());
@@ -186,17 +186,17 @@ class FileAccessController extends Controller
     public function get_thumbnail(Request $request, $filename)
     {
         // Get file record
-        $file = File::withTrashed()
-            ->where('user_id', $request->user()->id)
-            ->where('thumbnail', $filename)
+        $file = UserFile::withTrashed()
+            ->whereUserId(Auth::id())
+            ->whereThumbnail($filename)
             ->firstOrFail();
 
         // Check user permission
-        if (!$request->user()->tokenCan('master')) {
+        /*if (!$request->user()->tokenCan('master')) {
             $this->check_file_access($request, $file);
-        }
+        }*/
 
-        return $this->thumbnail_file($file);
+        return $this->thumbnail_file($file, Auth::id());
     }
 
     /**
@@ -267,27 +267,25 @@ class FileAccessController extends Controller
         // Get pretty name
         $pretty_name = get_pretty_name($file->basename, $file->name, $file->mimetype);
 
-        $headers = [
-            "Accept-Ranges"       => "bytes",
-            "Content-Type"        => Storage::mimeType($path),
-            "Content-Length"      => Storage::size($path),
-            "Content-Range"       => "bytes 0-600/" . Storage::size($path),
-            "Content-Disposition" => "attachment; filename=$pretty_name",
-        ];
-
         return response()
-            ->download(Storage::path($path), $pretty_name, $headers);
+            ->download(Storage::path($path), $pretty_name, [
+                "Accept-Ranges"       => "bytes",
+                "Content-Type"        => Storage::mimeType($path),
+                "Content-Length"      => Storage::size($path),
+                "Content-Range"       => "bytes 0-600/" . Storage::size($path),
+                "Content-Disposition" => "attachment; filename=$pretty_name",
+            ]);
     }
 
     /**
      * @param $file
+     * @param $user_id
      * @return mixed
-     * @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
      */
-    private function thumbnail_file($file)
+    private function thumbnail_file($file, $user_id)
     {
         // Get file path
-        $path = '/files/' . $file->getRawOriginal('thumbnail');
+        $path = "/files/$user_id/{$file->getRawOriginal('thumbnail')}";
 
         // Check if file exist
         if (!Storage::exists($path)) abort(404);
diff --git a/tests/Feature/FileAccessTest.php b/tests/Feature/FileAccessTest.php
index bb9cce2e..053fbb03 100644
--- a/tests/Feature/FileAccessTest.php
+++ b/tests/Feature/FileAccessTest.php
@@ -73,43 +73,6 @@ class FileAccessTest extends TestCase
 
         $this->setup->create_directories();
 
-        $file = UploadedFile::fake()
-            ->create(Str::random() . '-fake-file.pdf', 1200, 'application/pdf');
-
-        $user = User::factory(User::class)
-            ->create();
-
-        Sanctum::actingAs($user);
-
-        $this->postJson('/api/upload', [
-            'file'      => $file,
-            'folder_id' => null,
-            'is_last'   => true,
-        ])->assertStatus(201);
-
-        $this->get("file/$file->name")
-            ->assertOk();
-    }
-
-
-    /**
-     * @test
-     */
-    public function guest_try_to_get_private_user_file()
-    {
-        $this->get("file/fake-file.pdf")
-            ->assertRedirect();
-    }
-
-    /**
-     * @test
-     */
-    public function logged_user_try_to_get_another_private_user_file()
-    {
-        Storage::fake('local');
-
-        $this->setup->create_directories();
-
         $user = User::factory(User::class)
             ->create();
 
@@ -120,6 +83,7 @@ class FileAccessTest extends TestCase
 
         File::factory(File::class)
             ->create([
+                'user_id'  => $user->id,
                 'basename' => $file->name,
                 'name'     => 'fake-file.pdf',
             ]);
@@ -127,7 +91,37 @@ class FileAccessTest extends TestCase
         Sanctum::actingAs($user);
 
         $this->get("file/$file->name")
-            ->assertNotFound();
+            ->assertOk();
+    }
+
+    /**
+     * @test
+     */
+    public function it_get_private_user_image_thumbnail()
+    {
+        Storage::fake('local');
+
+        $this->setup->create_directories();
+
+        $user = User::factory(User::class)
+            ->create();
+
+        $thumbnail = UploadedFile::fake()
+            ->image(Str::random() . '-fake-thumbnail.jpg');
+
+        Storage::putFileAs("files/$user->id", $thumbnail, $thumbnail->name);
+
+        File::factory(File::class)
+            ->create([
+                'user_id'   => $user->id,
+                'thumbnail' => $thumbnail->name,
+                'name'      => 'fake-thumbnail.jpg',
+            ]);
+
+        Sanctum::actingAs($user);
+
+        $this->get("thumbnail/$thumbnail->name")
+            ->assertStatus(200);
     }
 
     /**
@@ -158,6 +152,68 @@ class FileAccessTest extends TestCase
             ->assertOk();
     }
 
+    /**
+     * @test
+     */
+    public function logged_user_try_to_get_another_private_user_image_thumbnail()
+    {
+        Storage::fake('local');
+
+        $this->setup->create_directories();
+
+        $users = User::factory(User::class)
+            ->count(2)
+            ->create();
+
+        $thumbnail = UploadedFile::fake()
+            ->image(Str::random() . '-fake-thumbnail.jpg');
+
+        Storage::putFileAs("files/{$users[0]->id}", $thumbnail, $thumbnail->name);
+
+        File::factory(File::class)
+            ->create([
+                'user_id'   => $users[0]->id,
+                'thumbnail' => $thumbnail->name,
+                'name'      => 'fake-thumbnail.jpg',
+            ]);
+
+        Sanctum::actingAs($users[1]);
+
+        $this->get("thumbnail/$thumbnail->name")
+            ->assertNotFound();
+    }
+
+    /**
+     * @test
+     */
+    public function logged_user_try_to_get_another_private_user_file()
+    {
+        Storage::fake('local');
+
+        $this->setup->create_directories();
+
+        $users = User::factory(User::class)
+            ->count(2)
+            ->create();
+
+        $file = UploadedFile::fake()
+            ->create(Str::random() . '-fake-file.pdf', 1200, 'application/pdf');
+
+        Storage::putFileAs("files/{$users[0]->id}", $file, $file->name);
+
+        File::factory(File::class)
+            ->create([
+                'user_id'  => $users[0]->id,
+                'basename' => $file->name,
+                'name'     => 'fake-file.pdf',
+            ]);
+
+        Sanctum::actingAs($users[1]);
+
+        $this->get("file/$file->name")
+            ->assertNotFound();
+    }
+
     /**
      * @test
      */
@@ -185,6 +241,15 @@ class FileAccessTest extends TestCase
             ->assertNotFound();
     }
 
+    /**
+     * @test
+     */
+    public function guest_try_to_get_private_user_file()
+    {
+        $this->get("file/fake-file.pdf")
+            ->assertRedirect();
+    }
+
     /**
      * @test
      */
@@ -193,4 +258,13 @@ class FileAccessTest extends TestCase
         $this->get("zip/EHWKcuvKzA4Gv29v-archive.zip")
             ->assertRedirect();
     }
+
+    /**
+     * @test
+     */
+    public function guest_try_to_get_private_user_image_thumbnail()
+    {
+        $this->get("thumbnail/fake-thumbnail.jpg")
+            ->assertRedirect();
+    }
 }