diff --git a/frappe/core/doctype/file/file.py b/frappe/core/doctype/file/file.py
index 8fac317100..3c3543e1dd 100755
--- a/frappe/core/doctype/file/file.py
+++ b/frappe/core/doctype/file/file.py
@@ -569,7 +569,7 @@ class File(NestedSet):
 			if has_permission(self, 'read'):
 				return True
 
-			raise frappe.PermissionError
+			return False
 
 	def get_extension(self):
 		'''returns split filename and extension'''
diff --git a/frappe/utils/response.py b/frappe/utils/response.py
index 7228e028ae..78cb3132d5 100644
--- a/frappe/utils/response.py
+++ b/frappe/utils/response.py
@@ -162,11 +162,19 @@ def download_backup(path):
 
 def download_private_file(path):
 	"""Checks permissions and sends back private file"""
-	try:
-		_file = frappe.get_doc("File", {"file_url": path})
-		_file.is_downloadable()
 
-	except frappe.PermissionError:
+	files = frappe.db.get_all('File', {'file_url': path})
+	can_access = False
+	# this file might be attached to multiple documents
+	# if the file is accessible from any one of those documents
+	# then it should be downloadable
+	for f in files:
+		_file = frappe.get_doc("File", f)
+		can_access = _file.is_downloadable()
+		if can_access:
+			break
+
+	if not can_access:
 		raise Forbidden(_("You don't have permission to access this file"))
 
 	return send_private_file(path.split("/private", 1)[1])