diff --git a/src/Caster.Api/Features/Directories/Requests/GetAll.cs b/src/Caster.Api/Features/Directories/Requests/GetAll.cs
index 06342d7..a5b2635 100644
--- a/src/Caster.Api/Features/Directories/Requests/GetAll.cs
+++ b/src/Caster.Api/Features/Directories/Requests/GetAll.cs
@@ -1,6 +1,7 @@
 // Copyright 2021 Carnegie Mellon University. All Rights Reserved.
 // Released under a MIT (SEI)-style license. See LICENSE.md in the project root for license information.
 
+using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
 using MediatR;
@@ -8,9 +9,6 @@
 using Caster.Api.Data;
 using Microsoft.EntityFrameworkCore;
 using System.Runtime.Serialization;
-using Caster.Api.Infrastructure.Exceptions;
-using System.Security.Claims;
-using Microsoft.AspNetCore.Authorization;
 using Caster.Api.Infrastructure.Authorization;
 using Caster.Api.Infrastructure.Identity;
 using Caster.Api.Features.Shared;
@@ -36,18 +34,38 @@ public class Query : IRequest<Directory[]>
             public bool IncludeFileContent { get; set; }
         }
 
-        public class Handler(ICasterAuthorizationService authorizationService, IMapper mapper, CasterContext dbContext) : BaseHandler<Query, Directory[]>
+        public class Handler(
+            ICasterAuthorizationService authorizationService,
+            IMapper mapper,
+            CasterContext dbContext,
+            IIdentityResolver identityResolver) : BaseHandler<Query, Directory[]>
         {
-            public override async Task<bool> Authorize(Query request, CancellationToken cancellationToken) =>
-                await authorizationService.Authorize([SystemPermission.ViewProjects], cancellationToken);
+            public override Task<bool> Authorize(Query request, CancellationToken cancellationToken) => Task.FromResult(true);
 
             public override async Task<Directory[]> HandleRequest(Query request, CancellationToken cancellationToken)
             {
-                return await dbContext.Directories
-                    .Expand(mapper.ConfigurationProvider, request.IncludeRelated, request.IncludeFileContent)
-                    .ToArrayAsync();
+                if (await authorizationService.Authorize([SystemPermission.ViewProjects], cancellationToken))
+                {
+                    return await dbContext.Directories
+                        .Expand(mapper.ConfigurationProvider, request.IncludeRelated, request.IncludeFileContent)
+                        .ToArrayAsync(cancellationToken);
+                }
+                else
+                {
+                    var userId = identityResolver.GetId();
+                    var myProjectIds = await dbContext.ProjectMemberships
+                        .Where(pm => pm.UserId == userId)
+                        .Select(pm => pm.ProjectId)
+                        .ToListAsync(cancellationToken);
+
+                    var myDirectories = await dbContext.Directories
+                        .Where(d => myProjectIds.Contains(d.ProjectId))
+                        .Expand(mapper.ConfigurationProvider, request.IncludeRelated, request.IncludeFileContent)
+                        .ToArrayAsync(cancellationToken);
+
+                    return myDirectories;
+                }
             }
         }
     }
 }
-