file_file_download($uri)
Implements hook_file_download().
File
- core/modules/file/file.module, line 590
- Defines a "managed_file" Form API field and a "file" field for Field module.
Code
function file_file_download($uri) { // Get the file record based on the URI. If not in the database just return. /** @var \Drupal\file\FileInterface[] $files */ $files = entity_load_multiple_by_properties('file', array('uri' => $uri)); if (count($files)) { foreach ($files as $item) { // Since some database servers sometimes use a case-insensitive comparison // by default, double check that the filename is an exact match. if ($item->getFileUri() === $uri) { $file = $item; break; } } } if (!isset($file)) { return; } // Find out if a temporary file is still used in the system. if ($file->isTemporary()) { $usage = \Drupal::service('file.usage')->listUsage($file); if (empty($usage) && $file->getOwnerId() != \Drupal::currentUser()->id()) { // Deny access to temporary files without usage that are not owned by the // same user. This prevents the security issue that a private file that // was protected by field permissions becomes available after its usage // was removed and before it is actually deleted from the file system. // Modules that depend on this behavior should make the file permanent // instead. return -1; } } // Find out which (if any) fields of this type contain the file. $references = file_get_file_references($file, NULL, EntityStorageInterface::FIELD_LOAD_CURRENT, NULL); // Stop processing if there are no references in order to avoid returning // headers for files controlled by other modules. Make an exception for // temporary files where the host entity has not yet been saved (for example, // an image preview on a node/add form) in which case, allow download by the // file's owner. if (empty($references) && ($file->isPermanent() || $file->getOwnerId() != \Drupal::currentUser()->id())) { return; } if (!$file->access('download')) { return -1; } // Access is granted. $headers = file_get_content_headers($file); return $headers; }
Please login to continue.