diff --git a/server/ctrl/webdav.go b/server/ctrl/webdav.go
index 9856c500..0075ff22 100644
--- a/server/ctrl/webdav.go
+++ b/server/ctrl/webdav.go
@@ -19,10 +19,10 @@ func WebdavHandler(ctx *App, res http.ResponseWriter, req *http.Request) {
 
 	// https://github.com/golang/net/blob/master/webdav/webdav.go#L49-L68
 	canRead := model.CanRead(ctx)
-	canWrite := model.CanRead(ctx)
+	canWrite := model.CanEdit(ctx)
 	canUpload := model.CanUpload(ctx)
 	switch req.Method {
-	case "OPTIONS", "GET", "HEAD", "POST", "PROPFIND":
+	case "OPTIONS", "HEAD", "GET":
 		if canRead == false {
 			SendErrorResult(res, ErrPermissionDenied)
 			return
@@ -32,8 +32,18 @@ func WebdavHandler(ctx *App, res http.ResponseWriter, req *http.Request) {
 			SendErrorResult(res, ErrPermissionDenied)
 			return
 		}
-	case "PUT", "LOCK", "UNLOCK":
-		if canWrite == false && canUpload == false {
+	case "PROPFIND":
+		if canRead == false {
+			SendErrorResult(res, ErrPermissionDenied)
+			return
+		}
+	case "PUT":
+		if canWrite == false || canUpload == false {
+			SendErrorResult(res, ErrPermissionDenied)
+			return
+		}
+	case "LOCK", "UNLOCK":
+		if canWrite == false || canUpload == false {
 			SendErrorResult(res, ErrPermissionDenied)
 			return
 		}