You are here

function pfdp_file_download in Private files download permission 3.x

Same name and namespace in other branches
  1. 8.2 pfdp.module \pfdp_file_download()

File

./pfdp.module, line 66
Implements the main module function and generic helper functions.

Code

function pfdp_file_download($uri) {
  $settings = \Drupal::config('pfdp.settings');
  $logger = \Drupal::logger('pfdp');
  $user = \Drupal::currentUser();

  // Check if $uri is valid.
  if ('://' === mb_substr($uri, -3, 3) || is_dir($uri)) {
    $logger
      ->warning('Invalid uri: "%uri".', [
      '%uri' => $uri,
    ]);
    return -1;
  }

  // Skip public files.
  if ('public://' === mb_substr($uri, 0, 9)) {
    return NULL;
  }

  // Retrieve the download headers for $uri.
  $uri_download_headers = pfdp_get_download_headers($uri);

  // Check if the user may bypass permission restrictions.
  if ($user
    ->hasPermission('bypass pfdp')) {
    if ($settings
      ->get('debug_mode')) {
      $logger
        ->info('User %user granted permission to download uri "%uri".', [
        '%user' => pfdp_get_user_log_details($user),
        '%uri' => $uri,
      ]);
    }
    return $settings
      ->get('override_mode') ? pfdp_force_download($uri, $uri_download_headers) : $uri_download_headers;
  }
  elseif ($user
    ->hasPermission('bypass pfdp for temporary files') && 'temporary://' === mb_substr($uri, 0, 12)) {
    if ($settings
      ->get('debug_mode')) {
      $logger
        ->info('User %user granted permission to download uri "%uri".', [
        '%user' => pfdp_get_user_log_details($user),
        '%uri' => $uri,
      ]);
    }
    return $settings
      ->get('override_mode') ? pfdp_force_download($uri, $uri_download_headers) : $uri_download_headers;
  }
  else {

    // Extract the path from $uri, removing the protocol prefix and the file name.
    $uri_path = array_slice(explode('/', $uri), 2, -1);

    // Add a leading slash to $uri_path.
    $uri_path = '/' . implode('/', $uri_path);

    // Find the directory which best matches $uri_path.
    $best_matching_length = 0;
    $best_matching_directory = NULL;
    foreach (DirectoryEntity::loadMultiple() as $directory) {

      // Search for the best matching substring.
      $directory_path = $directory->path;
      if (0 === stripos($uri_path, $directory_path)) {
        if ($best_matching_length < mb_strlen($directory_path)) {
          $best_matching_length = mb_strlen($directory_path);
          $best_matching_directory = $directory;
        }
      }
    }
    if (NULL != $best_matching_directory) {

      // Check if this module should ignore the call.
      if ($best_matching_directory->bypass) {
        return NULL;
      }

      // Check if the file owner is allowed to access $uri.
      if ($best_matching_directory->grant_file_owners) {
        $files = \Drupal::entityTypeManager()
          ->getStorage('file')
          ->loadByProperties([
          'uri' => $uri,
        ]);
        if (!empty($files)) {
          $file = array_shift($files);
          if ($file
            ->getOwnerId() == $user
            ->id()) {
            if ($settings
              ->get('debug_mode')) {
              $logger
                ->info('User %user granted permission to download uri "%uri".', [
                '%user' => pfdp_get_user_log_details($user),
                '%uri' => $uri,
              ]);
            }
            return $settings
              ->get('override_mode') ? pfdp_force_download($uri, $uri_download_headers) : $uri_download_headers;
          }
        }
      }

      // Evaluate user and role permissions and optionally allow access to $uri.
      if ($settings
        ->get('by_user_checks')) {
        if (in_array($user
          ->id(), pfdp_get_proper_user_array($best_matching_directory->users))) {
          if ($settings
            ->get('debug_mode')) {
            $logger
              ->info('User %user granted permission to download uri "%uri".', [
              '%user' => pfdp_get_user_log_details($user),
              '%uri' => $uri,
            ]);
          }
          return $settings
            ->get('override_mode') ? pfdp_force_download($uri, $uri_download_headers) : $uri_download_headers;
        }
      }
      foreach ($user
        ->getRoles() as $rid) {
        if (in_array($rid, $best_matching_directory->roles)) {
          if ($settings
            ->get('debug_mode')) {
            $logger
              ->info('User %user granted permission to download uri "%uri".', [
              '%user' => pfdp_get_user_log_details($user),
              '%uri' => $uri,
            ]);
          }
          return $settings
            ->get('override_mode') ? pfdp_force_download($uri, $uri_download_headers) : $uri_download_headers;
        }
      }
    }
  }

  // By default, deny access.
  if ($settings
    ->get('debug_mode')) {
    $logger
      ->warning('User %user denied permission to download uri "%uri".', [
      '%user' => pfdp_get_user_log_details($user),
      '%uri' => $uri,
    ]);
  }
  return -1;
}