$author = $file->get('author'); $group = $file->get('group'); if (!empty($author) && !empty($group)) { if ($USER->can_view_artefact($file)) { $artefactok = true; } } // The user may be trying to download a file that's not in the view, but which has // been attached to public feedback on the view if ($commentid = param_integer('comment', null)) { if (!record_exists('artefact_attachment', 'artefact', $commentid, 'attachment', $fileid)) { throw new AccessDeniedException(''); } safe_require('artefact', 'comment'); $comment = new ArtefactTypeComment($commentid); if (!$comment->viewable_in($viewid)) { throw new AccessDeniedException(''); } } else { if ($artefactok == false) { throw new AccessDeniedException(''); } } if (!can_view_view($viewid)) { throw new AccessDeniedException(''); } if (!$file instanceof ArtefactTypeFile) { throw new NotFoundException(); } } else { // We just have a file ID