diff --git a/DNN Platform/Library/Services/Social/Messaging/MessagingController.cs b/DNN Platform/Library/Services/Social/Messaging/MessagingController.cs
index 1791ec94f1d..44776a50aa8 100644
--- a/DNN Platform/Library/Services/Social/Messaging/MessagingController.cs	
+++ b/DNN Platform/Library/Services/Social/Messaging/MessagingController.cs	
@@ -32,7 +32,9 @@
 using DotNetNuke.Framework;
 using DotNetNuke.Security;
 using DotNetNuke.Entities.Users;
+using DotNetNuke.Security.Permissions;
 using DotNetNuke.Security.Roles;
+using DotNetNuke.Services.FileSystem;
 using DotNetNuke.Services.Social.Messaging.Data;
 using DotNetNuke.Services.Social.Messaging.Exceptions;
 using DotNetNuke.Services.Social.Messaging.Internal;
@@ -209,7 +211,10 @@ public virtual void SendMessage(Message message, IList<RoleInfo> roles, IList<Us
             {
                 foreach (var attachment in fileIDs.Select(fileId => new MessageAttachment { MessageAttachmentID = Null.NullInteger, FileID = fileId, MessageID = message.MessageID }))
                 {
-                    _dataService.SaveMessageAttachment(attachment, UserController.Instance.GetCurrentUserInfo().UserID);
+                    if (CanViewFile(attachment.FileID))
+                    {
+                        _dataService.SaveMessageAttachment(attachment, UserController.Instance.GetCurrentUserInfo().UserID);
+                    }
                 }
             }
 
@@ -290,5 +295,17 @@ internal virtual bool IsAdminOrHost(UserInfo userInfo)
         }
 
         #endregion
+
+        private bool CanViewFile(int fileId)
+        {
+            var file = FileManager.Instance.GetFile(fileId);
+            if (file == null)
+            {
+                return false;
+            }
+
+            var folder = FolderManager.Instance.GetFolder(file.FolderId);
+            return folder != null && FolderPermissionController.Instance.CanViewFolder(folder);
+        }
     }
 }
diff --git a/DNN Platform/Tests/DotNetNuke.Tests.Core/Controllers/Messaging/MessagingControllerTests.cs b/DNN Platform/Tests/DotNetNuke.Tests.Core/Controllers/Messaging/MessagingControllerTests.cs
index 20317550058..6e26216d866 100644
--- a/DNN Platform/Tests/DotNetNuke.Tests.Core/Controllers/Messaging/MessagingControllerTests.cs	
+++ b/DNN Platform/Tests/DotNetNuke.Tests.Core/Controllers/Messaging/MessagingControllerTests.cs	
@@ -31,8 +31,10 @@
 using DotNetNuke.Entities.Portals;
 using DotNetNuke.Entities.Portals.Internal;
 using DotNetNuke.Entities.Users;
+using DotNetNuke.Security.Permissions;
 using DotNetNuke.Security.Roles;
 using DotNetNuke.Services.Cache;
+using DotNetNuke.Services.FileSystem;
 using DotNetNuke.Services.Localization;
 using DotNetNuke.Services.Social.Messaging.Data;
 using DotNetNuke.Services.Social.Messaging;
@@ -66,6 +68,9 @@ public class MessagingControllerTests
         private Mock<RoleProvider> _mockRoleProvider;
         private Mock<CachingProvider> _mockCacheProvider;
         private Mock<ILocalizationProvider> _mockLocalizationProvider;
+        private Mock<IFolderManager> _folderManager;
+        private Mock<IFileManager> _fileManager;
+        private Mock<IFolderPermissionController> _folderPermissionController;
 
         private DataTable _dtMessages;
         private DataTable _dtMessageAttachment;
@@ -108,12 +113,21 @@ public void SetUp()
 
             DataService.RegisterInstance(_mockDataService.Object);
 
+            _folderManager = new Mock<IFolderManager>();
+            _fileManager = new Mock<IFileManager>();
+            _folderPermissionController = new Mock<IFolderPermissionController>();
+
+            FolderManager.RegisterInstance(_folderManager.Object);
+            FileManager.RegisterInstance(_fileManager.Object);
+            FolderPermissionController.SetTestableInstance(_folderPermissionController.Object);
+
             SetupDataProvider();
             SetupRoleProvider();
             SetupDataTables();
             SetupUsers();
             SetupPortalSettings();
             SetupCachingProvider();
+            SetupFileControllers();
 
             _mockInternalMessagingController.Setup(m => m.GetLastSentMessage(It.IsAny<UserInfo>())).Returns((Message)null);
         }
@@ -195,6 +209,13 @@ private void SetupRoleProvider()
             _mockRoleProvider.Setup(rp => rp.GetUserRoles(It.Is<UserInfo>(u => u.UserID == Constants.UserID_FirstSocialGroupOwner), It.IsAny<bool>())).Returns(new List<UserRoleInfo> { userFirstSocialGroupOwner });
         }
 
+        private void SetupFileControllers()
+        {
+            _folderManager.Setup(f => f.GetFolder(It.IsAny<int>())).Returns(new FolderInfo());
+            _fileManager.Setup(f => f.GetFile(It.IsAny<int>())).Returns(new FileInfo());
+            _folderPermissionController.Setup(f => f.CanViewFolder(It.IsAny<IFolderInfo>())).Returns(true);
+        }
+
         #endregion
 
         #region Constructor Tests
@@ -785,6 +806,8 @@ public void MessagingController_CreateMessage_Calls_DataService_SaveSocialMessag
         [Test]
         public void MessagingController_CreateMessage_Calls_DataService_CreateSocialMessageRecipientsForRole_On_Passing_Role_ByAdmin()
         {
+            InternalMessagingController.SetTestableInstance(_mockInternalMessagingController.Object);
+
             //Arrange
             var message = new Message { Subject = "subject", Body = "body" };
             var role = new RoleInfo { RoleName = Constants.RoleName_RegisteredUsers, RoleID = Constants.RoleID_RegisteredUsers };