diff --git a/app/controllers/concerns/active_storage/check_blob_permissions.rb b/app/controllers/concerns/active_storage/check_blob_permissions.rb
index 0d5f6d4c5..8c1ddd970 100644
--- a/app/controllers/concerns/active_storage/check_blob_permissions.rb
+++ b/app/controllers/concerns/active_storage/check_blob_permissions.rb
@@ -58,6 +58,8 @@ module ActiveStorage
 
       current_user.permission_team = asset.team || current_team
 
+      return true if !asset.saved && can_read_team?(asset.team)
+
       case asset.object_type
       when 'MyModule'
         render_403 unless can_read_my_module?(asset.object)