diff --git a/VERSION b/VERSION
index 2a0ba77cc..37a939704 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.22.4
+1.22.4.1
diff --git a/app/controllers/result_assets_controller.rb b/app/controllers/result_assets_controller.rb
index 61c567f13..48acd1586 100644
--- a/app/controllers/result_assets_controller.rb
+++ b/app/controllers/result_assets_controller.rb
@@ -1,7 +1,7 @@
 class ResultAssetsController < ApplicationController
   include ResultsHelper
 
-  before_action :load_vars, only: [:edit, :update, :download]
+  before_action :load_vars, only: [:edit, :update]
   before_action :load_vars_nested, only: [:new, :create]
 
   before_action :check_manage_permissions, only: %i(new create edit update)
diff --git a/app/controllers/result_tables_controller.rb b/app/controllers/result_tables_controller.rb
index 2732b757f..c0606a7f5 100644
--- a/app/controllers/result_tables_controller.rb
+++ b/app/controllers/result_tables_controller.rb
@@ -7,6 +7,7 @@ class ResultTablesController < ApplicationController
 
   before_action :check_manage_permissions, only: %i(new create edit update)
   before_action :check_archive_permissions, only: [:update]
+  before_action :check_view_permissions, only: [:download]
 
   def new
     @table = Table.new
@@ -155,6 +156,10 @@ class ResultTablesController < ApplicationController
     end
   end
 
+  def check_view_permissions
+    render_403 unless can_read_result?(@result)
+  end
+
   def result_params
     params.require(:result).permit(
       :name, :archived,
diff --git a/app/controllers/result_texts_controller.rb b/app/controllers/result_texts_controller.rb
index 9bca7297f..f79bff4ed 100644
--- a/app/controllers/result_texts_controller.rb
+++ b/app/controllers/result_texts_controller.rb
@@ -10,6 +10,7 @@ class ResultTextsController < ApplicationController
 
   before_action :check_manage_permissions, only: %i(new create edit update)
   before_action :check_archive_permissions, only: [:update]
+  before_action :check_view_permissions, only: [:download]
 
   def new
     @result = Result.new(
@@ -159,6 +160,10 @@ class ResultTextsController < ApplicationController
     end
   end
 
+  def check_view_permissions
+    render_403 unless can_read_result?(@result)
+  end
+
   def result_params
     params.require(:result).permit(
       :name, :archived,