function hook_file_download

Control access to private file downloads and specify HTTP headers.

This hook allows modules enforce permissions on file downloads when the private file download method is selected. Modules can also provide headers to specify information like the file's name or MIME type.

Parameters

$uri: The URI of the file.

Return value

If the user does not have permission to access the file, return -1. If the user has permission, return an array with the appropriate headers. If the file is not controlled by the current module, the return value should be NULL.

See also

file_download()

Related topics

5 functions implement hook_file_download()

Note: this list is generated by pattern matching, so it may include some functions that are not actually implementations of this hook.

config_file_download in drupal/core/modules/config/config.module
Implements hook_file_download().
file_file_download in drupal/core/modules/file/file.module
Implements hook_file_download().
file_test_file_download in drupal/core/modules/file/tests/file_test/file_test.module
Implements hook_file_download().
image_file_download in drupal/core/modules/image/image.module
Implements hook_file_download().
image_module_test_file_download in drupal/core/modules/image/tests/image_module_test.module
@file Provides Image module hook implementations for testing purposes.
3 invocations of hook_file_download()
file_download in drupal/core/includes/file.inc
Page callback: Handles private file transfers.
image_file_download in drupal/core/modules/image/image.module
Implements hook_file_download().
image_style_deliver in drupal/core/modules/image/image.module
Page callback: Generates a derivative, given a style and image path.

File

drupal/core/modules/system/system.api.php, line 2193
Hooks provided by Drupal core and the System module.

Code

function hook_file_download($uri) {

  // Check if the file is controlled by the current module.
  if (!file_prepare_directory($uri)) {
    $uri = FALSE;
  }
  if (strpos(file_uri_target($uri), variable_get('user_picture_path', 'pictures') . '/picture-') === 0) {
    if (!user_access('access user profiles')) {

      // Access to the file is denied.
      return -1;
    }
    else {
      $info = image_get_info($uri);
      return array(
        'Content-Type' => $info['mime_type'],
      );
    }
  }
}