You are here

public function FileDownloadController::download in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/system/src/FileDownloadController.php \Drupal\system\FileDownloadController::download()

Handles private file transfers.

Call modules that implement hook_file_download() to find out if a file is accessible and what headers it should be transferred with. If one or more modules returned headers the download will start with the returned headers. If a module returns -1 an AccessDeniedHttpException will be thrown. If the file exists but no modules responded an AccessDeniedHttpException will be thrown. If the file does not exist a NotFoundHttpException will be thrown.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request object.

string $scheme: The file scheme, defaults to 'private'.

Return value

\Symfony\Component\HttpFoundation\BinaryFileResponse The transferred file as response.

Throws

\Symfony\Component\HttpKernel\Exception\NotFoundHttpException Thrown when the requested file does not exist.

\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException Thrown when the user does not have access to the file.

See also

hook_file_download()

1 string reference to 'FileDownloadController::download'
system.routing.yml in core/modules/system/system.routing.yml
core/modules/system/system.routing.yml

File

core/modules/system/src/FileDownloadController.php, line 69

Class

FileDownloadController
System file controller.

Namespace

Drupal\system

Code

public function download(Request $request, $scheme = 'private') {
  $target = $request->query
    ->get('file');

  // Merge remaining path arguments into relative file path.
  $uri = $scheme . '://' . $target;
  if ($this->streamWrapperManager
    ->isValidScheme($scheme) && is_file($uri)) {

    // Let other modules provide headers and controls access to the file.
    $headers = $this
      ->moduleHandler()
      ->invokeAll('file_download', [
      $uri,
    ]);
    foreach ($headers as $result) {
      if ($result == -1) {
        throw new AccessDeniedHttpException();
      }
    }
    if (count($headers)) {

      // \Drupal\Core\EventSubscriber\FinishResponseSubscriber::onRespond()
      // sets response as not cacheable if the Cache-Control header is not
      // already modified. We pass in FALSE for non-private schemes for the
      // $public parameter to make sure we don't change the headers.
      return new BinaryFileResponse($uri, 200, $headers, $scheme !== 'private');
    }
    throw new AccessDeniedHttpException();
  }
  throw new NotFoundHttpException();
}