diff --git a/lib/classes/JsonApi/Routes/Files/Authority.php b/lib/classes/JsonApi/Routes/Files/Authority.php
index 7f845588195aba3ebba2486c053520a187139a40..8f25bb6cc914aede63582812e9e918b456671aad 100644
--- a/lib/classes/JsonApi/Routes/Files/Authority.php
+++ b/lib/classes/JsonApi/Routes/Files/Authority.php
@@ -38,11 +38,6 @@ class Authority
         return $folder->isReadable($user->id);
     }
 
-    public static function canShowFolderFileRefs(User $user, \FolderType $folder)
-    {
-        return self::canShowFolder($user, $folder) || $folder->download_allowed;
-    }
-
     public static function canUpdateFolder(User $user, \FolderType $folder)
     {
         return $folder->isEditable($user->id);
diff --git a/lib/classes/JsonApi/Routes/Files/SubfilerefsIndex.php b/lib/classes/JsonApi/Routes/Files/SubfilerefsIndex.php
index 994a4b4529200a3e6ed9d3e1c7879cb8e186aae8..0ff060325459a6a60b7cc94aca15c0ad1484165f 100644
--- a/lib/classes/JsonApi/Routes/Files/SubfilerefsIndex.php
+++ b/lib/classes/JsonApi/Routes/Files/SubfilerefsIndex.php
@@ -24,7 +24,7 @@ class SubfilerefsIndex extends JsonApiController
             throw new RecordNotFoundException();
         }
 
-        if (!Authority::canShowFolderFileRefs($this->getUser($request), $folder)) {
+        if (!Authority::canShowFolder($this->getUser($request), $folder)) {
             throw new AuthorizationFailedException();
         }