You are here

Home » API reference » Node Field 7.2 » node_field_file.module

function node_field_file_file_download in Node Field 7.2

Implements hook_file_download().

File

modules/node_field_file/node_field_file.module, line 102

Code

function node_field_file_file_download($uri, $field_type = 'file') {

  // Get the file record based on the URI. If not in the database just return.
  $files = file_load_multiple(array(), array(
    'uri' => $uri,
  ));
  if (count($files)) {
    foreach ($files as $item) {

      // Since some database servers sometimes use a case-insensitive comparison
      // by default, double check that the filename is an exact match.
      if ($item->uri === $uri) {
        $file = $item;
        break;
      }
    }
  }
  if (!isset($file)) {
    return;
  }

  // Find out which (if any) fields of this type contain the file.
  $references = file_usage_list($file);

  // Stop processing if there are no references in order to avoid returning
  // headers for files controlled by other modules.
  if (empty($references)) {
    return;
  }

  // Default to allow access.
  $denied = FALSE;

  // Loop through all references of this file. If a reference explicitly allows
  // access to the field to which this file belongs, no further checks are done
  // and download access is granted. If a reference denies access, eventually
  // existing additional references are checked. If all references were checked
  // and no reference denied access, access is granted as well. If at least one
  // reference denied access, access is denied.
  foreach ($references as $reference_name => $reference) {
    foreach ($reference as $name => $entity_reference) {
      if ($name == 'node_field' || $reference_name == 'node_field') {
        foreach ($entity_reference as $id => $item) {
          if ($name == 'node_field') {
            $node_field = node_field_load($id);
            if ($node_field) {
              $entity = node_load($node_field['nid']);
            }
          }
          else {
            $entity = node_load($id);
          }

          // Check if access to that node is not disallowed.
          // If this check fails,
          // stop checking access for this reference.
          if (!node_access('view', $entity)) {
            $denied = TRUE;
            break;
          }
        }
      }
    }
  }

  // Access specifically denied.
  if ($denied) {
    return -1;
  }

  // Access is granted.
  $headers = file_get_content_headers($file);
  return $headers;
}