function protected_node_file_download in Protected Node 7
Same name and namespace in other branches
- 5 protected_node.module \protected_node_file_download()
- 6 protected_node.module \protected_node_file_download()
- 1.0.x protected_node.module \protected_node_file_download()
Implements hook_file_download().
File
- ./
protected_node.module, line 781 - Protected Node module.
Code
function protected_node_file_download($uri) {
global $user;
$path = file_uri_target($uri);
// Private file access for image style derivatives.
if (strpos($path, 'styles/') === 0) {
// Check that the file exists and is an image.
if (image_get_info($uri)) {
$original_uri = _protected_node_get_original_uri($path, $uri);
// Check the permissions of the original to grant access to this image.
$headers = module_invoke_all('file_download', $original_uri);
// Confirm there's at least one module granting access and none denying
// access.
if (!empty($headers) && !in_array(-1, $headers)) {
return array();
}
}
return array();
}
// Private file access for the original files.
$files = file_load_multiple(array(), array(
'uri' => $uri,
));
if (count($files)) {
$file = reset($files);
if ($file->status) {
// Is it a file submitted with a webform?
if (strpos($file->uri, '://webform/') !== FALSE) {
// Pass through Webform submissions to get the nid given the fid.
$query = db_select('file_usage', 'fu');
$query
->join('webform_submissions', 'ws', 'ws.sid = fu.id');
$query
->join('node', 'n', 'n.nid = ws.nid');
$query
->join('protected_nodes', 'pn', 'n.nid = pn.nid');
$query
->fields('n', array(
'nid',
'uid',
));
$query
->fields('pn', array(
'protected_node_passwd_changed',
));
$query
->condition('fu.module', 'webform');
$query
->condition('fu.type', 'submission');
$query
->condition('fu.fid', $file->fid);
$query
->condition('pn.protected_node_is_protected', '1');
}
else {
$query = db_select('node', 'n');
$query
->join('file_usage', 'fu', 'n.nid = fu.id');
$query
->join('protected_nodes', 'pn', 'n.nid = pn.nid');
$query
->fields('n', array(
'nid',
'uid',
));
$query
->fields('pn', array(
'protected_node_passwd_changed',
));
$query
->condition('fu.fid', $file->fid);
$query
->condition('fu.type', 'node');
$query
->condition('pn.protected_node_is_protected', '1');
}
$number_of_results = $query
->countQuery()
->execute()
->fetchField();
if (0 == $number_of_results) {
return array();
/* Row doesn't exist, it's not protected */
}
$result = $query
->execute();
foreach ($result as $file_info) {
// If the file belongs to the current user let them see it.
if ($file_info === FALSE || $user->uid && $user->uid == $file_info->uid) {
return array();
}
// The user has the bypass password for view.
if (user_access('view protected content', $user)) {
return array();
}
// Got the global password?
if (isset($_SESSION['_protected_node']['passwords']['global'])) {
$when = $_SESSION['_protected_node']['passwords']['global'];
// This page reset time && global reset time.
if ($when > $file_info->protected_node_passwd_changed && $when > variable_get('protected_node_session_timelimit', 0)) {
return array();
}
}
elseif (isset($_SESSION['_protected_node']['passwords'][$file_info->nid])) {
$when = $_SESSION['_protected_node']['passwords'][$file_info->nid];
// This page reset time && global reset time.
if ($when > $file_info->protected_node_passwd_changed && $when > variable_get('protected_node_session_timelimit', 0)) {
return array();
}
}
}
// No password, access denied.
return -1;
}
elseif (strpos($file->uri, '://webform/') !== FALSE) {
return array();
}
else {
return array();
}
}
// Not a file managed by a protected node.
return array();
}