diff --git a/packages/xpub-faraday/config/authsome-helpers.js b/packages/xpub-faraday/config/authsome-helpers.js
index 69f01bc6bcb311a244102ca243418242ef70fced..ff76ff3e92d1778824813fbf82da5159dc17566c 100644
--- a/packages/xpub-faraday/config/authsome-helpers.js
+++ b/packages/xpub-faraday/config/authsome-helpers.js
@@ -27,22 +27,34 @@ const filterRefusedInvitations = (coll, user) => {
   return coll
 }
 
-const filterCollectionData = (collectionsPermissions, collection, user) => {
+const filterObjectData = (collectionsPermissions, object, user) => {
+  if (object.type === 'fragment') {
+    const matchingCollPerm = collectionsPermissions.find(
+      collPerm => object.id === collPerm.fragmentId,
+    )
+    if (matchingCollPerm === undefined) return {}
+    if (['reviewer'].includes(matchingCollPerm.permission)) {
+      object.files = omit(object.files, ['coverLetter'])
+    }
+
+    return object
+  }
   const matchingCollPerm = collectionsPermissions.find(
-    collPerm => collection.id === collPerm.id,
+    collPerm => object.id === collPerm.id,
   )
-  setPublicStatuses(collection, matchingCollPerm)
-  parseAuthorsData(collection, matchingCollPerm)
+  if (matchingCollPerm === undefined) return {}
+  setPublicStatuses(object, matchingCollPerm)
+  parseAuthorsData(object, matchingCollPerm)
   if (['reviewer', 'handlingEditor'].includes(matchingCollPerm.permission)) {
-    return filterRefusedInvitations(collection, user)
+    return filterRefusedInvitations(object, user)
   }
 
-  return collection
+  return object
 }
 
 module.exports = {
   parseAuthorsData,
   setPublicStatuses,
   filterRefusedInvitations,
-  filterCollectionData,
+  filterObjectData,
 }
diff --git a/packages/xpub-faraday/config/authsome-mode.js b/packages/xpub-faraday/config/authsome-mode.js
index 878c15519c1370a1df4cc1bd3cfd458388b81f05..ce1b73c53f6254bed8ef76d1ad662ed21623936d 100644
--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
@@ -4,7 +4,7 @@ const omit = require('lodash/omit')
 const helpers = require('./authsome-helpers')
 
 async function teamPermissions(user, operation, object, context) {
-  if (object.type !== 'collection') return true
+  // if (object.type !== 'collection') return true
 
   const permissions = ['handlingEditor', 'author', 'reviewer']
   const teams = await Promise.all(
@@ -16,10 +16,17 @@ async function teamPermissions(user, operation, object, context) {
       return null
     }),
   )
-
+  const objectType = get(object, 'type')
+  let fragmentId = null
+  if (objectType !== undefined) {
+    if (objectType === 'fragment') {
+      fragmentId = object.id
+    }
+  }
   const collectionsPermissions = teams.filter(Boolean).map(team => ({
     id: team.object.id,
     permission: team.teamType.permissions,
+    fragmentId,
   }))
 
   if (collectionsPermissions.length === 0) return {}
@@ -27,7 +34,7 @@ async function teamPermissions(user, operation, object, context) {
   return {
     filter: filterParam => {
       if (!filterParam.length) {
-        return helpers.filterCollectionData(
+        return helpers.filterObjectData(
           collectionsPermissions,
           filterParam,
           user,
@@ -36,7 +43,7 @@ async function teamPermissions(user, operation, object, context) {
 
       const collections = filterParam
         .map(coll =>
-          helpers.filterCollectionData(collectionsPermissions, coll, user),
+          helpers.filterObjectData(collectionsPermissions, coll, user),
         )
         .filter(Boolean)
       return collections