diff --git a/seahub/api2/endpoints/zip_task.py b/seahub/api2/endpoints/zip_task.py
index 6b1a1a3d5b..b02fe2a22c 100644
--- a/seahub/api2/endpoints/zip_task.py
+++ b/seahub/api2/endpoints/zip_task.py
@@ -72,7 +72,13 @@ class ZipTaskView(APIView):
             return api_error(status.HTTP_404_NOT_FOUND, error_msg)
 
         # permission check
-        if not check_folder_permission(request, repo_id, parent_dir):
+        repo_folder_permission = check_folder_permission(request, repo_id, parent_dir)
+        if not repo_folder_permission:
+            error_msg = 'Permission denied.'
+            return api_error(status.HTTP_403_FORBIDDEN, error_msg)
+
+        if not json.loads(seafile_api.is_dir_downloadable(repo_id, parent_dir,
+                request.user.username, repo_folder_permission))['is_downloadable']:
             error_msg = 'Permission denied.'
             return api_error(status.HTTP_403_FORBIDDEN, error_msg)
 
@@ -192,7 +198,13 @@ class ZipTaskView(APIView):
             return api_error(status.HTTP_404_NOT_FOUND, error_msg)
 
         # permission check
-        if parse_repo_perm(check_folder_permission(request, repo_id, parent_dir)).can_download is False:
+        repo_folder_permission = check_folder_permission(request, repo_id, parent_dir)
+        if parse_repo_perm(repo_folder_permission).can_download is False:
+            error_msg = 'Permission denied.'
+            return api_error(status.HTTP_403_FORBIDDEN, error_msg)
+
+        if not json.loads(seafile_api.is_dir_downloadable(repo_id, parent_dir,
+                request.user.username, repo_folder_permission))['is_downloadable']:
             error_msg = 'Permission denied.'
             return api_error(status.HTTP_403_FORBIDDEN, error_msg)
 
diff --git a/tests/api/endpoints/test_zip_task.py b/tests/api/endpoints/test_zip_task.py
index b5c43e75f3..bdc05dc531 100644
--- a/tests/api/endpoints/test_zip_task.py
+++ b/tests/api/endpoints/test_zip_task.py
@@ -27,6 +27,10 @@ class ZipTaskViewTest(BaseTestCase):
         self.remove_repo()
 
     def test_can_get_download_dir_zip_token(self):
+
+        if not LOCAL_PRO_DEV_ENV:
+            return
+
         self.login_as(self.user)
 
         parent_dir = '/'
@@ -41,6 +45,9 @@ class ZipTaskViewTest(BaseTestCase):
 
     def test_can_get_download_multi_zip_token(self):
 
+        if not LOCAL_PRO_DEV_ENV:
+            return
+
         # create another folder for download multi
         another_folder_name = 'another_folder_name'
         seafile_api.post_dir(repo_id=self.repo.id,
@@ -61,6 +68,10 @@ class ZipTaskViewTest(BaseTestCase):
         assert len(json_resp['zip_token']) == 36
 
     def test_can_get_zip_token_with_invalid_repo_permission(self):
+
+        if not LOCAL_PRO_DEV_ENV:
+            return
+
         self.login_as(self.admin)
 
         parent_dir = '/'