1.20.x file.module | file_access($op, $file = NULL, $account = NULL) |
Determines if a user may perform the given operation on the specified file.
Parameters
$op: The operation to be performed on the file. Possible values are:
- "view"
- "download"
- "update"
- "delete"
- "create"
$file: The file object on which the operation is to be performed, or file type (e.g. 'image') for "create" operation.
$account: Optional, a user object representing the user for whom the operation is to be performed. Determines access for a user other than the current user.
Return value
TRUE if the operation may be performed, FALSE otherwise.:
Related topics
File
- modules/
file/ file.module, line 2794 - Defines a "managed_file" Form API field and a "file" field for Field module.
Code
function file_access($op, $file = NULL, $account = NULL) {
$rights = &backdrop_static(__FUNCTION__, array());
if (!$file && !in_array($op, array('view', 'download', 'update', 'delete', 'create'), TRUE)) {
// If there was no file to check against, and the $op was not one of the
// supported ones, we return access denied.
return FALSE;
}
// If no user object is supplied, the access check is for the current user.
if (empty($account)) {
$account = $GLOBALS['user'];
}
// $file may be either an object or a file type. Since file types cannot be
// an integer, use either fid or type as the static cache id.
$cache_id = NULL;
if (!empty($file->id)) {
$cache_id = $file->id;
}
elseif (is_string($file) && $op == 'create') {
$cache_id = $file;
}
else {
$cache_id = backdrop_hash_base64(serialize($file));
}
// If we've already checked access for this file, user and op, return from
// cache.
if (isset($rights[$account->uid][$cache_id][$op])) {
return $rights[$account->uid][$cache_id][$op];
}
if (user_access('bypass file access', $account)) {
return $rights[$account->uid][$cache_id][$op] = TRUE;
}
// We grant access to the file if both of the following conditions are met:
// - No modules say to deny access.
// - At least one module says to grant access.
$access = module_invoke_all('file_access', $op, $file, $account);
if (in_array(FILE_ACCESS_DENY, $access, TRUE)) {
return $rights[$account->uid][$cache_id][$op] = FALSE;
}
elseif (in_array(FILE_ACCESS_ALLOW, $access, TRUE)) {
return $rights[$account->uid][$cache_id][$op] = TRUE;
}
// Fall back to default behaviors on view.
if ($op == 'view' && is_object($file)) {
$scheme = file_uri_scheme($file->uri);
$wrapper = file_get_stream_wrapper($scheme);
if (!empty($wrapper['private'])) {
// For private files, users can view private files if the
// user has the 'view private files' permission.
if (user_access('view private files', $account)) {
return $rights[$account->uid][$cache_id][$op] = TRUE;
}
// For private files, users can view their own private files if the
// user is not anonymous, and has the 'view own private files' permission.
if (!empty($account->uid) && $file->uid == $account->uid && user_access('view own private files', $account)) {
return $rights[$account->uid][$cache_id][$op] = TRUE;
}
}
elseif ($file->status == FILE_STATUS_PERMANENT && $file->uid == $account->uid && user_access('view own files', $account)) {
// For non-private files, allow to see if user owns the file.
return $rights[$account->uid][$cache_id][$op] = TRUE;
}
elseif ($file->status == FILE_STATUS_PERMANENT && user_access('view files', $account)) {
// For non-private files, users can view if they have the 'view files'
// permission.
return $rights[$account->uid][$cache_id][$op] = TRUE;
}
}
return FALSE;
}