diff --git a/CHANGELOG.md b/CHANGELOG.md
index dee1405..833d363 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -46,6 +46,7 @@
 - Updated all endpoints to use correct controller casing  
 - Renamed controller files to PascalCase (e.g. `adminController.php` to `AdminController.php`, `fileController.php` to `FileController.php`, `folderController.php` to `FolderController.php`)  
 - Adjusted endpoint paths to match controller filenames
+- Fix FolderController readOnly create folder permission
 
 ---
 
diff --git a/src/controllers/FolderController.php b/src/controllers/FolderController.php
index da99157..ee704f1 100644
--- a/src/controllers/FolderController.php
+++ b/src/controllers/FolderController.php
@@ -76,7 +76,11 @@ class FolderController
         $username = $_SESSION['username'] ?? '';
         $userPermissions = loadUserPermissions($username);
         if ($username && isset($userPermissions['readOnly']) && $userPermissions['readOnly'] === true) {
-            echo json_encode(["error" => "Read-only users are not allowed to create folders."]);
+            http_response_code(403);
+            echo json_encode([
+                "success" => false,
+                "error"   => "Read-only users are not allowed to create folders."
+            ]);
             exit;
         }
 
@@ -1074,7 +1078,7 @@ class FolderController
         header("Location: " . $redirectUrl);
         exit;
     }
-    
+
     /**
      * GET /api/folder/getShareFolderLinks.php
      */