diff --git a/backend/internal/routes/album.go b/backend/internal/routes/album.go
index 1a7d576..6f20da5 100644
--- a/backend/internal/routes/album.go
+++ b/backend/internal/routes/album.go
@@ -9,8 +9,20 @@ import (
 
 func RegisterAlbumRoutes(rg *gin.RouterGroup) {
 	album := rg.Group("/albums")
-	album.GET("/getPublic", func(c *gin.Context) {
-		albums, err := services.GetPublicAlbums()
+	album.GET("/getAlbumsInParent", func(c *gin.Context) {
+		accessToken := c.GetHeader("Authorization")
+		if accessToken == "" {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
+			return
+		}
+		var request struct {
+			ParentID string `json:"parentId"`
+		}
+		if err := c.ShouldBindJSON(&request); err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+		albums, err := services.GetAlbumsInParent(request.ParentID, accessToken)
 		if err != nil {
 			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 			return
diff --git a/backend/internal/services/album.go b/backend/internal/services/album.go
index da20865..077a23b 100644
--- a/backend/internal/services/album.go
+++ b/backend/internal/services/album.go
@@ -9,13 +9,37 @@ import (
 	"gorm.io/gorm"
 )
 
-func GetPublicAlbums() ([]models.Album, error) {
+func GetAlbumsInParent(parentID string, authToken string) ([]models.Album, error) {
+	userID, err := ValidateAccessToken(authToken)
+	if err != nil {
+		return []models.Album{}, err
+	}
+	accessLevel, err := CheckUserAlbumAccess(userID, parentID)
+	if err != nil {
+		return []models.Album{}, err
+	}
+	if accessLevel < 1 {
+		return []models.Album{}, fmt.Errorf("user does not have permission to view albums in this parent")
+	}
 	albums := []models.Album{}
-	result := db.GetDB().Where("private = ?", false).Find(&albums)
+	result := db.GetDB().Where("private = ?", false).Where("parent_id = ?", parentID).Find(&albums)
 	if result.Error != nil {
 		return []models.Album{}, result.Error
 	}
-	return albums, nil
+	filteredAlbums := []models.Album{}
+	for _, album := range albums {
+		if album.Private {
+			accessLevel, err := CheckUserAlbumAccess(userID, album.ID)
+			if err != nil {
+				return []models.Album{}, err
+			}
+			if accessLevel < 1 {
+				continue
+			}
+		}
+		filteredAlbums = append(filteredAlbums, album)
+	}
+	return filteredAlbums, nil
 }
 
 func GetAlbum(id string, authToken string) (models.Album, error) {