diff --git a/wp-content/mu-plugins/openlab-group-document-privacy.php b/wp-content/mu-plugins/openlab-group-document-privacy.php
index 2242695f79..91369940c7 100644
--- a/wp-content/mu-plugins/openlab-group-document-privacy.php
+++ b/wp-content/mu-plugins/openlab-group-document-privacy.php
@@ -48,17 +48,37 @@ function cac_catch_group_doc_request() {
 			'redirect' => bp_get_root_domain(),
 		);
 	} else {
-		if ( 'public' !== $group->status ) {
+		$doc_filename = $file_deets[1];
+		$document     = new BP_Group_Documents();
+		$document->populate_by_file( $doc_filename );
+
+		$document_id = ! empty( $document->id ) ? $document->id : 0;
+
+		// First, check the file-specific privacy settings.
+		$group_privacy = groups_get_groupmeta( $group->id, 'group_document_privacy_settings' );
+		$doc_privacy   = isset( $group_privacy[ $document_id ] ) ? $group_privacy[ $document_id ] : 'public';
+
+		$user_can_download = true;
+
+		if ( 'admins' === $doc_privacy ) {
+			$user_can_download = groups_is_user_admin( bp_loggedin_user_id(), $group_id );
+		} elseif ( 'members' === $doc_privacy ) {
+			$user_can_download = groups_is_user_member( bp_loggedin_user_id(), $group_id );
+		} elseif ( 'public' !== $group->status ) {
 			// If the group is not public, then the user must be logged in and
 			// a member of the group to download the document
 			if ( ! is_user_logged_in() || ! groups_is_user_member( bp_loggedin_user_id(), $group_id ) ) {
-				$error = array(
-					'message' => sprintf( 'You must be a logged-in member of the group %s to access this document. If you are a member of the group, please log into the site and try again.', $group->name ),
-					'redirect' => bp_get_group_permalink( $group ),
-				);
+				$user_can_download = false;
 			}
 		}
 
+		if ( ! $user_can_download ) {
+			$error = array(
+				'message' => sprintf( 'You must be a logged-in member of the group %s to access this document. If you are a member of the group, please log into the site and try again.', $group->name ),
+				'redirect' => bp_get_group_permalink( $group ),
+			);
+		}
+
 		// If we have gotten this far without an error, then the download can go through
 		if ( ! $error ) {
 			$doc_path = BP_GROUP_DOCUMENTS_SECURE_PATH . $doc_id;
diff --git a/wp-content/plugins/wds-citytech/wds-citytech-bp.php b/wp-content/plugins/wds-citytech/wds-citytech-bp.php
index 37e1ae813f..0a2c18149e 100644
--- a/wp-content/plugins/wds-citytech/wds-citytech-bp.php
+++ b/wp-content/plugins/wds-citytech/wds-citytech-bp.php
@@ -456,20 +456,6 @@ function openlab_remove_sitewide_notices() {
 }
 add_action( 'wp_footer', 'openlab_remove_sitewide_notices' );
 
-/**
- * Force BP Docs to have comments open
- *
- * I guess old ones get closed automatically
- */
-function openlab_force_doc_comments_open( $open, $post_id ) {
-	$_post = get_post( $post_id );
-	if ( 'bp_doc' === $_post->post_type ) {
-		$open = true;
-	}
-	return $open;
-}
-add_action( 'comments_open', 'openlab_force_doc_comments_open', 10, 2 );
-
 /**
  * Markup for the 'A member has joined a public group for which you are an admin' setting.
  */
diff --git a/wp-content/themes/openlab/docs/single/comments.php b/wp-content/themes/openlab/docs/single/comments.php
index 464a17cd3e..0160d5c0d1 100644
--- a/wp-content/themes/openlab/docs/single/comments.php
+++ b/wp-content/themes/openlab/docs/single/comments.php
@@ -6,22 +6,27 @@
     $comments_by_type = &separate_comments( $comments );
 
     if ( ! empty($comments_by_type['comment']) ) :
-?>
-<section id="comments-list" class="comments">
-    <div class="panel panel-default">
-        <div class="comments-list-header">
-            <h3 class="comments-title"><?php comments_number(); ?></h3>
-        </div>
-        <ul class="comments-list-body">
-            <?php wp_list_comments( 'type=comment&callback=openlab_doc_list_comments_render' ); ?>
-        </ul>
-    </div>
-    <?php if ( get_comment_pages_count() > 1 ) : ?>
-    <nav id="comments-nav-below" class="comments-navigation" role="navigation">
-        <div class="paginated-comments-links"><?php paginate_comments_links(); ?></div>
-    </nav>
-    <?php endif; ?>
-</section>
+		?>
+		<section id="comments-list" class="comments">
+			<div class="panel panel-default">
+				<div class="comments-list-header">
+					<h3 class="comments-title"><?php comments_number(); ?></h3>
+				</div>
+				<ul class="comments-list-body">
+					<?php wp_list_comments( 'type=comment&callback=openlab_doc_list_comments_render' ); ?>
+				</ul>
+			</div>
+
+			<?php if ( get_comment_pages_count() > 1 ) : ?>
+				<nav id="comments-nav-below" class="comments-navigation" role="navigation">
+					<div class="paginated-comments-links"><?php paginate_comments_links(); ?></div>
+				</nav>
+			<?php endif; ?>
+		</section>
+	<?php
+	endif;
+	?>
+
 <?php endif; ?>
 
 <?php
@@ -59,6 +64,4 @@
 	);
 }
 ?>
-
-<?php endif; ?>
 </section>
diff --git a/wp-content/themes/openlab/docs/single/edit.php b/wp-content/themes/openlab/docs/single/edit.php
index 2e57a30b28..b8ee4ebd34 100644
--- a/wp-content/themes/openlab/docs/single/edit.php
+++ b/wp-content/themes/openlab/docs/single/edit.php
@@ -4,6 +4,19 @@
 if ( $current_doc ) {
 	$doc_id = $current_doc->ID;
 }
+
+$group_type_label = '';
+$group            = null;
+if ( bp_is_group() ) {
+	$group = groups_get_current_group();
+
+	$group_type_label = openlab_get_group_type_label(
+		[
+			'group_id' => bp_get_current_group_id(),
+			'case'     => 'upper',
+		]
+	);
+}
 ?>
 
 <div class="<?php bp_docs_container_class(); ?>">
@@ -69,6 +82,47 @@
 						<div id="doc-meta">
 							<?php do_action( 'bp_docs_opening_meta_box', $doc_id ) ?>
 
+							<div id="doc-privacy" class="doc-meta-box">
+								<div class="toggleable <?php bp_docs_toggleable_open_or_closed_class( 'privacy-meta-box' ) ?>">
+									<p id="privacy-toggle-edit" class="toggle-switch">
+										<span class="hide-if-js toggle-link-no-js">Tags</span>
+										<a class="hide-if-no-js toggle-link" id="privacy-toggle-link" href="#">Doc and Comment Settings</a>
+									</p>
+
+									<div class="toggle-content">
+										<div class="desc-column">
+											<fieldset>
+												<legend>Allow comments on this Doc?</legend>
+												<label><input type="radio" name="doc[allow_comments]" value="1" <?php checked( openlab_comments_allowed_on_doc( $doc_id ) ) ?> /> Yes</label><br />
+												<label><input type="radio" name="doc[allow_comments]" value="0" <?php checked( ! openlab_comments_allowed_on_doc( $doc_id ) ) ?> /> No</label>
+											</fieldset>
+										</div>
+
+										<div class="desc-column">
+											<fieldset>
+												<legend>Who can view this Doc and its comments?</legend>
+												<?php if ( $group && 'public' === $group->status ) : ?>
+													<label><input type="radio" name="doc[view_setting]" value="everyone" <?php checked( openlab_get_doc_view_setting( $doc_id ), 'everyone' ) ?> /> Everyone</label><br />
+												<?php endif; ?>
+
+												<label><input type="radio" name="doc[view_setting]" value="group-members" <?php checked( openlab_get_doc_view_setting( $doc_id ), 'group-members' ) ?> /> <?php echo esc_html( $group_type_label ); ?> members only</label><br />
+												<label><input type="radio" name="doc[view_setting]" value="admins" <?php checked( openlab_get_doc_view_setting( $doc_id ), 'admins' ) ?> /> <?php echo esc_html( $group_type_label ); ?> admins and Doc creator only</label><br />
+
+											</fieldset>
+										</div>
+
+										<div class="desc-column">
+											<fieldset>
+												<legend>Who can edit this Doc?</legend>
+												<label><input type="radio" name="doc[edit_setting]" value="group-members" <?php checked( openlab_get_doc_edit_setting( $doc_id ), 'group-members' ) ?> /> <?php echo esc_html( $group_type_label ); ?> members only</label><br />
+												<label><input type="radio" name="doc[edit_setting]" value="admins" <?php checked( openlab_get_doc_edit_setting( $doc_id ), 'admins' ) ?> /> <?php echo esc_html( $group_type_label ); ?> admins and Doc creator only</label><br />
+
+											</fieldset>
+										</div>
+									</div>
+								</div>
+							</div>
+
 							<div id="doc-tax" class="doc-meta-box">
 								<div class="toggleable <?php bp_docs_toggleable_open_or_closed_class( 'tags-meta-box' ) ?>">
 									<p id="tags-toggle-edit" class="toggle-switch">
diff --git a/wp-content/themes/openlab/lib/plugin-mods/docs-funcs.php b/wp-content/themes/openlab/lib/plugin-mods/docs-funcs.php
index 0ad9d18e8a..6e8451fe6d 100644
--- a/wp-content/themes/openlab/lib/plugin-mods/docs-funcs.php
+++ b/wp-content/themes/openlab/lib/plugin-mods/docs-funcs.php
@@ -325,3 +325,175 @@ function openlab_bp_docs_map_meta_caps( $caps, $cap, $user_id, $args ) {
 	return $caps;
 }
 add_filter( 'bp_docs_map_meta_caps', 'openlab_bp_docs_map_meta_caps', 100, 4 );
+
+/**
+ * Checks whether comments are allowed on a doc.
+ *
+ * @param int $doc_id Doc ID.
+ * @return bool
+ */
+function openlab_comments_allowed_on_doc( $doc_id ) {
+	$allowed = true;
+
+	$doc = get_post( $doc_id );
+	if ( ! $doc || 'bp_doc' !== $doc->post_type ) {
+		return $allowed;
+	}
+
+	$disabled = get_post_meta( $doc_id, 'openlab_comments_disabled', true );
+	if ( 'yes' === $disabled ) {
+		$allowed = false;
+	}
+
+	return $allowed;
+}
+
+/**
+ * Gets 'View' setting for a doc.
+ *
+ * @param int $doc_id Doc ID.
+ * @return string
+ */
+function openlab_get_doc_view_setting( $doc_id ) {
+	$saved_setting = get_post_meta( $doc_id, 'openlab_view_setting', true );
+
+	if ( ! $saved_setting ) {
+		$group_id = bp_docs_get_associated_group_id( $doc_id );
+		$group    = groups_get_group( $group_id );
+
+		if ( $group && 'public' === $group->status ) {
+			$setting = 'everyone';
+		} else {
+			$setting = 'group-members';
+		}
+	} else {
+		$setting = $saved_setting;
+	}
+
+	return $setting;
+}
+
+/**
+ * Gets 'Edit' setting for a doc.
+ *
+ * @param int $doc_id Doc ID.
+ * @return string
+ */
+function openlab_get_doc_edit_setting( $doc_id ) {
+	$saved_setting = get_post_meta( $doc_id, 'openlab_edit_setting', true );
+
+	if ( ! $saved_setting ) {
+		$setting = 'group-members';
+	} else {
+		$setting = $saved_setting;
+	}
+
+	return $setting;
+}
+
+/**
+ * Saves our custom Doc-specific settings.
+ *
+ * @param int $doc_id Doc ID.
+ * @return void
+ */
+function openlab_save_custom_doc_settings( $doc_id ) {
+	if ( isset( $_POST['doc']['allow_comments'] ) ) {
+		$allow_comments = '1' === wp_unslash( $_POST['doc']['allow_comments'] );
+
+		if ( $allow_comments ) {
+			delete_post_meta( $doc_id, 'openlab_comments_disabled' );
+		} else {
+			update_post_meta( $doc_id, 'openlab_comments_disabled', 'yes' );
+		}
+	}
+
+	if ( isset( $_POST['doc']['view_setting'] ) ) {
+		$view_setting = wp_unslash( $_POST['doc']['view_setting'] );
+
+		$allowed_settings = [ 'everyone', 'group-members', 'admins' ];
+		if ( in_array( $view_setting, $allowed_settings, true ) ) {
+			update_post_meta( $doc_id, 'openlab_view_setting', $view_setting );
+		}
+	}
+
+	if ( isset( $_POST['doc']['edit_setting'] ) ) {
+		$edit_setting = wp_unslash( $_POST['doc']['edit_setting'] );
+
+		$allowed_settings = [ 'group-members', 'admins' ];
+		if ( in_array( $edit_setting, $allowed_settings, true ) ) {
+			update_post_meta( $doc_id, 'openlab_edit_setting', $edit_setting );
+		}
+	}
+}
+add_action( 'bp_docs_after_save', 'openlab_save_custom_doc_settings' );
+
+/**
+ * Custom implementation of comments_open for docs.
+ *
+ * Old Docs can have comments closed by default. We must respect
+ * openlab_comments_disabled meta and other doc-specific settings.
+ */
+function openlab_force_doc_comments_open( $open, $post_id ) {
+	return openlab_comments_allowed_on_doc( $post_id );
+}
+add_action( 'comments_open', 'openlab_force_doc_comments_open', 999, 2 );
+
+/**
+ * Meta cap mapping for our custom doc settings.
+ *
+ * @param array  $caps    Capabilities.
+ * @param string $cap     Capability.
+ * @param int    $user_id User ID.
+ * @param array  $args    Args.
+ * @return array
+ */
+function openlab_bp_docs_map_meta_caps_for_custom_settings( $caps, $cap, $user_id, $args ) {
+	switch ( $cap ) {
+		case 'bp_docs_read':
+		case 'bp_docs_view_history':
+		case 'bp_docs_read_comments':
+		case 'bp_docs_edit':
+			$doc = bp_docs_get_doc_for_caps( $args );
+
+			if ( ! $doc ) {
+				return $caps;
+			}
+
+			$group_id = bp_docs_get_associated_group_id( $doc->ID, $doc );
+			if ( ! $group_id ) {
+				return $caps;
+			}
+
+			if ( 'bp_docs_edit' === $cap ) {
+				$setting = openlab_get_doc_edit_setting( $doc->ID );
+			} else {
+				$setting = openlab_get_doc_view_setting( $doc->ID );
+			}
+
+			$caps = [ 'do_not_allow' ];
+
+			switch ( $setting ) {
+				case 'everyone':
+					$caps = [ 'read' ];
+					break;
+
+				case 'group-members':
+					if ( groups_is_user_member( $user_id, $group_id ) ) {
+						$caps = [ 'read' ];
+					}
+					break;
+
+				case 'admins':
+					if ( groups_is_user_admin( $user_id, $group_id ) ) {
+						$caps = [ 'read' ];
+					}
+					break;
+			}
+
+			break;
+	}
+
+	return $caps;
+}
+add_filter( 'bp_docs_map_meta_caps', 'openlab_bp_docs_map_meta_caps_for_custom_settings', 100, 4 );
diff --git a/wp-content/themes/openlab/lib/plugin-mods/files-funcs.php b/wp-content/themes/openlab/lib/plugin-mods/files-funcs.php
index 7261f69388..249ae5cd54 100644
--- a/wp-content/themes/openlab/lib/plugin-mods/files-funcs.php
+++ b/wp-content/themes/openlab/lib/plugin-mods/files-funcs.php
@@ -55,8 +55,51 @@ function openlab_bp_group_documents_display_content() {
 
 	global $bp;
 
-	//instanciating the template will do the heavy lifting with all the superglobal variables
+	// There are no hooks in buddypress-group-documents to filter the query.
+	$query_filter_callback = function( $query ) {
+		global $wpdb, $bp;
+
+		// We are filtering the query from get_list_by_group().
+		$matched = preg_match( '/SELECT \* FROM ' . $bp->group_documents->table_name . ' WHERE group_id = (\d+)/', $query, $matches );
+
+		if ( ! $matched ) {
+			return $query;
+		}
+
+		$group_id = (int) $matches[1];
+
+		$group_privacy = groups_get_groupmeta( $group_id, 'group_document_privacy_settings' );
+		if ( empty( $group_privacy ) ) {
+			return $query;
+		}
+
+		if ( groups_is_user_admin( bp_loggedin_user_id(), $group_id ) ) {
+			$exclude_levels = [];
+		} elseif ( groups_is_user_member( bp_loggedin_user_id(), $group_id ) ) {
+			$exclude_levels = [ 'admins' ];
+		} else {
+			$exclude_levels = [ 'admins', 'members' ];
+		}
+
+		$exclude_ids = [];
+		foreach ( $group_privacy as $doc_id => $level ) {
+			if ( in_array( $level, $exclude_levels, true ) ) {
+				$exclude_ids[] = $doc_id;
+			}
+		}
+
+		if ( empty( $exclude_ids ) ) {
+			return $query;
+		}
+
+		$query = str_replace( 'WHERE', 'WHERE id NOT IN (' . implode( ',', $exclude_ids ) . ') AND', $query );
+
+		return $query;
+	};
+
+	add_filter( 'query', $query_filter_callback );
 	$template = new BP_Group_Documents_Template();
+	remove_filter( 'query', $query_filter_callback );
 
 	$folders = $template->get_group_categories( false );
 	$folders = bp_sort_by_key( $folders, 'name' );
@@ -350,6 +393,9 @@ function( $folder ) {
 											<label for="bp-group-documents-new-category-1" class="sr-only">Add new folder</label>
 											<input type="text" name="bp_group_documents_link_new_category" class="bp-group-documents-new-folder form-control" placeholder="Add new folder" id="bp-group-documents-new-category-1" />
 										</fieldset>
+
+										<?php openlab_file_access_section_markup( $template->id ); ?>
+
 									</div>
 									<?php } ?>
 
@@ -399,6 +445,8 @@ function( $folder ) {
 												<label for="bp-group-documents-new-category-2" class="sr-only">Add new folder</label>
 												<input type="text" name="bp_group_documents_new_category" class="bp-group-documents-new-folder form-control" placeholder="Add new folder" id="bp-group-documents-new-category-2" />
 											</fieldset>
+
+											<?php openlab_file_access_section_markup( $template->id ); ?>
 										</div>
 									</div>
 									<?php } ?>
@@ -518,6 +566,33 @@ function( $document ) {
 	}
 );
 
+/**
+ * Save "File Access" settings.
+ */
+add_action(
+	'bp_group_documents_data_after_save',
+	function( $document ) {
+		if ( empty( $_POST['bp_group_documents_file_access_nonce'] ) || ! wp_verify_nonce( $_POST['bp_group_documents_file_access_nonce'], 'bp_group_documents_file_access' ) ) {
+			return;
+		}
+
+		$access = ! empty( $_POST['bp_group_documents_privacy'] ) ? sanitize_text_field( wp_unslash( $_POST['bp_group_documents_privacy'] ) ) : '';
+
+		if ( ! in_array( $access, array( 'everyone', 'members', 'admins' ), true ) ) {
+			return;
+		}
+
+		$group_document_privacy_settings = groups_get_groupmeta( $document->group_id, 'group_document_privacy_settings' );
+		if ( ! is_array( $group_document_privacy_settings ) ) {
+			$group_document_privacy_settings = [];
+		}
+
+		$group_document_privacy_settings[ $document->id ] = $access;
+
+		groups_update_groupmeta( $document->group_id, 'group_document_privacy_settings', $group_document_privacy_settings );
+	}
+);
+
 /**
  * Set categories for the external link submitted from the
  * group documents form.
@@ -703,3 +778,79 @@ function openlab_get_service_from_url( $host ) {
 			return 'external';
 	}
 }
+
+/**
+ * Outputs the markup for the 'File Access' section of the edit/create form.
+ *
+ * @param int $file_id File ID.
+ * @return void
+ */
+function openlab_file_access_section_markup( $file_id ) {
+	$file_privacy = openlab_get_file_privacy_setting( $file_id );
+
+	$group_type_label = openlab_get_group_type_label(
+		[
+			'group_id' => bp_get_current_group_id(),
+			'case'     => 'upper',
+		]
+	);
+
+	?>
+
+	<fieldset class="group-documents-privacy">
+		<legend>File Access:</legend>
+
+		<div class="radios">
+			<div class="group-documents-privacy-option">
+				<label for="bp-group-documents-privacy-everyone"><input type="radio" name="bp_group_documents_privacy" id="bp-group-documents-privacy-everyone" value="everyone" <?php checked( $file_privacy, 'everyone' ); ?> /> Everyone</label>
+
+				<p class="description">Everyone who can view this <?php echo esc_html_e( $group_type_label ); ?> can access this file</p>
+			</div>
+
+			<div class="group-documents-privacy-option">
+				<label for="bp-group-documents-privacy-members"><input type="radio" name="bp_group_documents_privacy" id="bp-group-documents-privacy-members" value="members" <?php checked( $file_privacy, 'members' ); ?> /> <?php echo esc_html_e( $group_type_label ); ?> members only</label>
+
+				<p class="description">Only logged-in members of this <?php echo esc_html_e( $group_type_label ); ?> can access this file</p>
+			</div>
+
+			<div class="group-documents-privacy-option">
+				<label for="bp-group-documents-privacy-admins"><input type="radio" name="bp_group_documents_privacy" id="bp-group-documents-privacy-admins" value="admins" <?php checked( $file_privacy, 'admins' ); ?> /> <?php echo esc_html_e( $group_type_label ); ?> admins only</label>
+
+				<p class="description">Only logged-in admins of this <?php echo esc_html_e( $group_type_label ); ?> can access this file</p>
+			</div>
+		</div>
+
+		<?php wp_nonce_field( 'bp_group_documents_file_access', 'bp_group_documents_file_access_nonce' ); ?>
+	</fieldset>
+
+	<?php
+}
+
+/**
+ * Gets privacy setting for a file.
+ *
+ * @param int $file_id File ID.
+ * @return string
+ */
+function openlab_get_file_privacy_setting( $file_id ) {
+	$document = new BP_Group_Documents( $file_id );
+
+	$group_id = isset( $document->group_id ) ? $document->group_id : bp_get_current_group_id();
+
+	// We store as an array in groupmeta.
+	$group_document_privacy_settings = groups_get_groupmeta( $document->group_id, 'group_document_privacy_settings' );
+
+	if ( isset( $group_document_privacy_settings[ $file_id ] ) ) {
+		$setting = $group_document_privacy_settings[ $file_id ];
+	} else {
+		$group = groups_get_group( $group_id );
+
+		if ( $group && 'public' === $group->status ) {
+			$setting = 'everyone';
+		} else {
+			$setting = 'members';
+		}
+	}
+
+	return $setting;
+}