diff --git a/controllers/EditController.php b/controllers/EditController.php
index 826e4158..299cc623 100644
--- a/controllers/EditController.php
+++ b/controllers/EditController.php
@@ -34,24 +34,24 @@ public function actionFolder($id = null)
     {
         $folder = FileSystemItem::getItemById($id);
 
-        if ($folder && !$folder->content->canEdit()) {
-            throw new HttpException(403);
-        }
-
-        if ($folder && $folder->content->container->id !== $this->contentContainer->id) {
-            throw new HttpException(404);
-        }
-
         $post = Yii::$app->request->post();
 
         // create new folder if no folder was found or folder is not editable.
-        if (!$folder || !($folder instanceof Folder) || !$folder->isEditableFolder()) {
+        if (!($folder instanceof Folder) || !$folder->isEditableFolder()) {
             $this->getCurrentFolder()->resolveConflictsBeforeCreate($post['Folder']['title'] ?? null);
             $folder = $this->getCurrentFolder()->newFolder();
             $folder->content->container = $this->contentContainer;
             $folder->hidden = $this->module->getContentHiddenDefault($this->contentContainer);
         }
 
+        if (!($folder instanceof Folder) || $folder->content->container->id !== $this->contentContainer->id) {
+            throw new HttpException(404);
+        }
+
+        if (!$folder->content->canEdit()) {
+            throw new HttpException(403);
+        }
+
         if ($folder->load($post) && $folder->save()) {
             $this->view->saved();
             return $this->htmlRedirect($folder->createUrl('/cfiles/browse/index'));
diff --git a/controllers/ZipController.php b/controllers/ZipController.php
index a6c811cf..4bad5989 100644
--- a/controllers/ZipController.php
+++ b/controllers/ZipController.php
@@ -11,7 +11,9 @@
 use humhub\modules\cfiles\actions\UploadZipAction;
 use humhub\modules\cfiles\libs\ZIPCreator;
 use humhub\modules\cfiles\models\FileSystemItem;
+use humhub\modules\cfiles\permissions\WriteAccess;
 use Yii;
+use yii\web\BadRequestHttpException;
 
 /**
  * ZipController
@@ -27,6 +29,7 @@ protected function getAccessRules()
     {
         return [
             ['checkZipSupport'],
+            ['permission' => [WriteAccess::class], 'actions' => ['upload']],
         ];
     }
 
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 56b0f81e..fe90f960 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -1,8 +1,9 @@
 Changelog
 =========
 
-0.16.11 - Unreleased
--------------------------
+0.16.11 - November 24, 2025
+---------------------------
+- Enh #264: Update download and upload actions
 - Fix #267: Include only accessible folders and files in a downloading zip archive
 
 0.16.10 - August 1, 2025
diff --git a/models/FileSystemItem.php b/models/FileSystemItem.php
index 828f9123..f2db4cc2 100644
--- a/models/FileSystemItem.php
+++ b/models/FileSystemItem.php
@@ -334,11 +334,11 @@ public function canEdit(): bool
             return true;
         }
 
-        if (Yii::$app->user->isGuest || $this->isNewRecord) {
+        if (Yii::$app->user->isGuest) {
             return false;
         }
 
-        return $this->content->created_by === Yii::$app->user->id &&
+        return ($this->isNewRecord || $this->content->created_by === Yii::$app->user->id) &&
             $this->content->container->permissionManager->can(WriteAccess::class);
     }