diff --git a/packages/hydrooj/package.json b/packages/hydrooj/package.json
index 408f014c..4cc64ebe 100644
--- a/packages/hydrooj/package.json
+++ b/packages/hydrooj/package.json
@@ -1,6 +1,6 @@
 {
     "name": "hydrooj",
-    "version": "3.13.7",
+    "version": "3.13.8",
     "bin": "bin/hydrooj.js",
     "main": "src/loader",
     "module": "src/loader",
diff --git a/packages/hydrooj/src/handler/misc.ts b/packages/hydrooj/src/handler/misc.ts
index 7f09ad5f..f2776ca0 100644
--- a/packages/hydrooj/src/handler/misc.ts
+++ b/packages/hydrooj/src/handler/misc.ts
@@ -91,7 +91,7 @@ export class FSDownloadHandler extends Handler {
     @param('noDisposition', Types.Boolean)
     async get(domainId: string, uid: number, filename: string, noDisposition = false) {
         const targetUser = await user.getById('system', uid);
-        if (!targetUser.hasPriv(PRIV.PRIV_CREATE_FILE)) throw new ForbiddenError('Access denied');
+        if (this.user._id !== uid && !targetUser.hasPriv(PRIV.PRIV_CREATE_FILE)) throw new ForbiddenError('Access denied');
         this.response.addHeader('Cache-Control', 'public');
         const target = `user/${uid}/${filename}`;
         const file = await storage.getMeta(target);