diff --git a/internal/api/room/handler.go b/internal/api/room/handler.go
index 298d8f10..ce49dcca 100644
--- a/internal/api/room/handler.go
+++ b/internal/api/room/handler.go
@@ -72,7 +72,7 @@ func (h *RoomHandler) Route(r chi.Router) {
 func (h *RoomHandler) uploadMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		session := auth.GetSession(r)
-		if !session.IsHost() && !h.sessions.ImplicitHosting() {
+		if !session.IsHost() && (!session.CanHost() || !h.sessions.ImplicitHosting()) {
 			utils.HttpForbidden(w, "Without implicit hosting, only host can upload files.")
 		} else {
 			next.ServeHTTP(w, r)