diff --git a/nomad/files.py b/nomad/files.py
index 7f1033734f0e0d7315950dc731e24c5bd0f6fc02..2f0aa4d273df7843565bae204598663452a22a33 100644
--- a/nomad/files.py
+++ b/nomad/files.py
@@ -808,7 +808,8 @@ class PublicUploadFiles(UploadFiles):
                     content_path = path[directory_len + (0 if directory_len == 0 else 1):]
                     if path.startswith(directory) and '/' not in content_path:
                         if '/' not in content_path:
-                            results.append((content_path, zf.getinfo(path).file_size))
+                            if not always_restricted(content_path) or self._is_authorized:
+                                results.append((content_path, zf.getinfo(path).file_size))
                         else:
                             # this asserts that sub directories are always behind their
                             # parents and file siblings