diff --git a/go_cloud/internal/http/routes.go b/go_cloud/internal/http/routes.go
index a398024..e963030 100644
--- a/go_cloud/internal/http/routes.go
+++ b/go_cloud/internal/http/routes.go
@@ -79,30 +79,30 @@ func NewRouter(cfg *config.Config, db *database.DB, jwtManager *jwt.Manager, aut
 			r.With(middleware.Permission(db, auditLogger, permission.FileRead)).Get("/files", func(w http.ResponseWriter, req *http.Request) {
 				listFilesHandler(w, req)
 			})
-		r.Route("/files/{fileId}", func(r chi.Router) {
-			r.With(middleware.Permission(db, auditLogger, permission.DocumentView)).Get("/view", func(w http.ResponseWriter, req *http.Request) {
-				viewerHandler(w, req, db, auditLogger)
+			r.Route("/files/{fileId}", func(r chi.Router) {
+				r.With(middleware.Permission(db, auditLogger, permission.DocumentView)).Get("/view", func(w http.ResponseWriter, req *http.Request) {
+					viewerHandler(w, req, db, auditLogger)
+				})
+				r.With(middleware.Permission(db, auditLogger, permission.DocumentEdit)).Get("/edit", func(w http.ResponseWriter, req *http.Request) {
+					editorHandler(w, req, db, auditLogger)
+				})
+				r.With(middleware.Permission(db, auditLogger, permission.DocumentEdit)).Post("/annotations", func(w http.ResponseWriter, req *http.Request) {
+					annotationsHandler(w, req, db, auditLogger)
+				})
+				r.Get("/meta", func(w http.ResponseWriter, req *http.Request) {
+					fileMetaHandler(w, req)
+				})
 			})
-			r.With(middleware.Permission(db, auditLogger, permission.DocumentEdit)).Get("/edit", func(w http.ResponseWriter, req *http.Request) {
-				editorHandler(w, req, db, auditLogger)
+			r.Get("/activity", func(w http.ResponseWriter, req *http.Request) {
+				activityHandler(w, req, db)
 			})
-			r.With(middleware.Permission(db, auditLogger, permission.DocumentEdit)).Post("/annotations", func(w http.ResponseWriter, req *http.Request) {
-				annotationsHandler(w, req, db, auditLogger)
+			r.With(middleware.Permission(db, auditLogger, permission.OrgManage)).Get("/members", func(w http.ResponseWriter, req *http.Request) {
+				listMembersHandler(w, req, db)
 			})
-			r.Get("/meta", func(w http.ResponseWriter, req *http.Request) {
-				fileMetaHandler(w, req)
+			r.With(middleware.Permission(db, auditLogger, permission.OrgManage)).Patch("/members/{userId}", func(w http.ResponseWriter, req *http.Request) {
+				updateMemberRoleHandler(w, req, db, auditLogger)
 			})
 		})
-		r.Get("/activity", func(w http.ResponseWriter, req *http.Request) {
-			activityHandler(w, req, db)
-		})
-		r.With(middleware.Permission(db, auditLogger, permission.OrgManage)).Get("/members", func(w http.ResponseWriter, req *http.Request) {
-			listMembersHandler(w, req, db)
-		})
-		r.With(middleware.Permission(db, auditLogger, permission.OrgManage)).Patch("/members/{userId}", func(w http.ResponseWriter, req *http.Request) {
-			updateMemberRoleHandler(w, req, db, auditLogger)
-		})
-	})
 	}) // Close protected routes
 
 	return r