Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

resource_download_allowed()

Description

For the given resource and size, can the current user download it?
resource type and access may already be available in the case of search, so pass them along to get_resource_access to avoid extra queries
$resource can be a resource-specific search result array.

Parameters

ColumnTypeDefaultDescription
$resource int ID of resource
$size string ID of size
$resource_type int ID of resource type
$alternative int -1 Use alternative?

Return

boolean

Location

include/resource_functions.php lines 5658 to 5729

Definition

 
function resource_download_allowed($resource,$size,$resource_type,$alternative=-1)
    {
    global 
$userref$usergroup$user_dl_limit$user_dl_days$noattach$sizes_always_allowed;

    
$access=get_resource_access($resource);

    if(
resource_has_access_denied_by_RT_size($resource_type$size))
        {
        return 
false;
        }

    if (
checkperm('X' $resource_type "_" $size) && $alternative == -1) {
        
# Block access to this resource type / size? Not if an alternative file
        # Only if no specific user access override (i.e. they have successfully requested this size).
        
$usercustomaccess get_custom_access_user($resource$userref);
        
$usergroupcustomaccess get_custom_access($resource$usergroup);
        if (
            (
$usercustomaccess === false || $usercustomaccess !== 0) && 
            (
$usergroupcustomaccess === false || $usergroupcustomaccess !== 0)
        ) {
            return 
false;
        }
    }

    if((
$size == "" || $size == "hpr" || getval("noattach","") == "")  && intval($user_dl_limit) > 0)
        {
        
$download_limit_check get_user_downloads($userref,$user_dl_days);
        if(
$download_limit_check >= $user_dl_limit)
            {
            return 
false;
            }
        }

    
# Full access
    
if ($access==0)
        {
        return 
true;
        }

    
# Restricted
    
if(== $access)
        {
        
// The system should always allow these sizes to be downloaded as these are needed for search results and it makes
        // sense to allow them if a request for one of them is received. For example when $hide_real_filepath is enabled.
        // 'videojs' represents the preview loaded by videojs viewer.

        
if('' == $size)
            {
            
# Original file - access depends on the 'restricted_full_download' config setting.
            
global $restricted_full_download;
            return 
$restricted_full_download;
            }
        elseif(
'' != $size && in_array($size$sizes_always_allowed))
            {
            return 
true;
            }
        else
            {
            
# Return the restricted access setting for this resource type.
            
return ps_value("SELECT allow_restricted value FROM preview_size WHERE id = ?", array("s"$size), 0"schema") == 1;
            }
        }

    
# Confidential
    
if ($access==2)
        {
        return 
false;
        }

    
# Unable to determine access
    
return false;
    }

This article was last updated 14th December 2024 17:35 Europe/London time based on the source file dated 13th December 2024 14:45 Europe/London time.