function FileDownloadController::download

Handles private file transfers.

Call modules that implement hook_file_download() to find out if a file is accessible and what headers it should be transferred with. If one or more modules returned headers the download will start with the returned headers. If a module returns -1 an AccessDeniedHttpException will be thrown. If the file exists but no modules responded an AccessDeniedHttpException will be thrown. If the file does not exist a NotFoundHttpException will be thrown.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request object.

string $scheme: The file scheme, defaults to 'private'.

Return value

\Symfony\Component\HttpFoundation\BinaryFileResponse The transferred file as response.

Throws

\Symfony\Component\HttpKernel\Exception\NotFoundHttpException Thrown when the requested file does not exist.

\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException Thrown when the user does not have access to the file.

See also

hook_file_download()

1 string reference to 'FileDownloadController::download'
system.routing.yml in core/modules/system/system.routing.yml
core/modules/system/system.routing.yml

File

core/modules/system/src/FileDownloadController.php, line 60

Class

FileDownloadController
System file controller.

Namespace

Drupal\system

Code

public function download(Request $request, $scheme = 'private') {
  $target = $request->query
    ->get('file');
  // Merge remaining path arguments into relative file path.
  $uri = $this->streamWrapperManager
    ->normalizeUri($scheme . '://' . $target);
  if ($this->streamWrapperManager
    ->isValidScheme($scheme) && is_file($uri)) {
    // Let other modules provide headers and controls access to the file.
    $headers = $this->moduleHandler()
      ->invokeAll('file_download', [
      $uri,
    ]);
    foreach ($headers as $result) {
      if ($result == -1) {
        throw new AccessDeniedHttpException();
      }
    }
    if (count($headers)) {
      // \Drupal\Core\EventSubscriber\FinishResponseSubscriber::onRespond()
      // sets response as not cacheable if the Cache-Control header is not
      // already modified. Pass in FALSE for the $public parameter so that
      // existing headers from hook_file_download() are preserved. If any of
      // those headers set a Cache-Control header, return the response.
      $response = new BinaryFileResponse($uri, 200, $headers, FALSE);
      if ($response->headers
        ->has('Cache-Control')) {
        return $response;
      }
      // If there is no Cache-Control header, then respect the
      // file_additional_public_schemes setting, but never treat the core
      // 'private' or 'temporary' schemes as cacheable.
      $additional_public_schemes = array_diff(Settings::get('file_additional_public_schemes', []), [
        'private',
        'temporary',
      ]);
      return in_array($scheme, $additional_public_schemes, TRUE) ? $response->setPublic() : $response->setPrivate();
    }
    throw new AccessDeniedHttpException();
  }
  throw new NotFoundHttpException();
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.