DescriptionUsageParametersExamplesRequire the user to have administrative capabilitiesPlacementSinceSource Code
Description
By default the real location of an uploaded file is hidden. The download URL will be generated with a security token to prevent guessing or enumeration attacks to discover the location of other files. The gform_permission_granted_pre_download filter can be used to perform custom logic to determine if the download URL will allow access to the file.
Usage
The following would apply to all forms.
add_filter( 'gform_permission_granted_pre_download', 'your_function_name', 10, 3 );
Parameters
$permission_granted bool
Does the user have permission to access the file? Default is the result of the hash validation.
$form_id int
The ID of the form used to upload the requested file.
$field_id int
The ID of the field used to upload the requested file.
Examples
Require the user to have administrative capabilities
The following example shows how you can restrict access to only those users who have permission to activate plugins, but only when the hash has passed validation.
add_filter( 'gform_permission_granted_pre_download', function( $permission_granted, $form_id, $field_id ) {
return $permission_granted && current_user_can( 'activate_plugins' );
}, 10, 3 );
Placement
This code should be placed in the functions.php file of your active theme or a custom functions plugin.
Since
This filter was added in Gravity Forms 2.4.3.2.
Source Code
This filter is located in GF_Download::maybe_process() in includes/class-gf-download.php.