[FEATURE] Allow to restrict access for not logged in users

Classes/Domain/Transfer/ExtensionConfiguration.php

@@ -156,6 +156,14 @@ class ExtensionConfiguration implements SingletonInterface
      */
     private $createFileStorage = false;
 
+    /**
+     * If this option is activated, valid links are generated for users who are not logged in. If this option is deactivated
+     * unregistered users (user ID = 0) will not be able to access secured files.
+     *
+     * @var bool If true, not logged in users are able to access secured files
+     */
+    private $allowPublicAccess = true;
+
     /**
      * @throws ExtensionConfigurationExtensionNotConfiguredException
      * @throws ExtensionConfigurationPathDoesNotExistException
@@ -272,4 +280,9 @@ public function isCreateFileStorage(): bool
     {
         return (bool)$this->createFileStorage;
     }
+
+    public function isAllowPublicAccess(): bool
+    {
+        return (bool)$this->allowPublicAccess;
+    }
 }

Classes/Security/UserCheck.php

@@ -17,10 +17,16 @@ class UserCheck extends AbstractCheck
 {
     public function hasAccess(): bool
     {
-        if ($this->isFileCoveredByGroupCheck() || $this->token->getUser() === 0) {
+        $user = $this->token->getUser();
+
+        if (!$this->extensionConfiguration->isAllowPublicAccess() && $user === 0) {
+            return false;
+        }
+
+        if ($this->isFileCoveredByGroupCheck() || $user === 0) {
             return true;
         }
 
-        return $this->token->getUser() === $this->userAspect->get('id');
+        return $user === $this->userAspect->get('id');
     }
 }

Documentation/Admin/ExtensionConfiguration/Index.rst

@@ -37,6 +37,7 @@ Properties
    protectedPath_                       File Delivery                        string
    forcedownload_                       File Delivery                        boolean
    forcedownloadtype_                   File Delivery                        string
+   allowPublicAccess_                   File Delivery                        boolean
    log_                                 Module                               boolean
    ==================================== ==================================== ==================
 
@@ -45,7 +46,7 @@ Properties
 .. _admin-extensionConfiguration-createFileStorage:
 
 createFileStorage
------------
+-----------------
 .. container:: table-row
 
    Property
@@ -306,6 +307,23 @@ forcedownloadtype
          You can use :ref:`regular expressions <admin-regularExpressions>` for this option.
 
 
+.. _admin-extensionConfiguration-allowPublicAccess:
+
+allowPublicAccess
+-----------------
+.. container:: table-row
+
+   Property
+        allowPublicAccess
+   Data type
+        boolean
+   Default
+        :code:`true`
+   Description
+        If this option is activated, valid links are generated for users who are not logged in. If this option is deactivated,
+        unregistered users (user ID = 0) will not be able to access secured files.
+
+
 .. _admin-extensionConfiguration-log:
 
 log

Resources/Private/Language/de.locallang_em.xlf

@@ -52,6 +52,9 @@
             <trans-unit id="protectedPath">
                 <target>Geschützter Pfad: Pfad zum geschützten Speicher für die nginx x-accel-redirect Auslieferung. Wird nur benötigt, wenn diese Option aktiviert ist.</target>
             </trans-unit>
+            <trans-unit id="allowPublicAccess">
+                <target>Zugriff für nicht angemeldete Benutzer erlauben: Wenn diese Option aktiviert ist, werden für nicht angemeldete Benutzer gültige Links generiert. Wenn diese Option deaktiviert ist, haben nicht angemeldete Benutzer (User-ID = 0) generell keinen Zugriff auf gesicherte Dateien.</target>
+            </trans-unit>
             <trans-unit id="log">
                 <target>Log Modul: Der Zugriff auf jede geschützte Datei wird protokolliert. Wenn du diese Option aktivierst, wird ein Backend Modul freigeschaltet.</target>
             </trans-unit>

Resources/Private/Language/locallang_em.xlf

@@ -52,6 +52,9 @@
             <trans-unit id="protectedPath">
                 <source>Protected Path: Path to protected storage for nginx x-accel-redirect delivery method.</source>
             </trans-unit>
+            <trans-unit id="allowPublicAccess">
+                <source>Allow Access For Not Logged In Users: If this option is activated, valid links are generated for users who are not logged in. If this option is deactivated, unregistered users (user ID = 0) will not be able to access secured files.</source>
+            </trans-unit>
             <trans-unit id="log">
                 <source>Log Module: Log each file access. This option will enable a backend module.</source>
             </trans-unit>

ext_conf_template.txt

@@ -49,5 +49,8 @@ outputFunction = stream
 # cat=File Delivery/040; type=string; label=LLL:EXT:secure_downloads/Resources/Private/Language/locallang_em.xlf:protectedPath
 protectedPath =
 
+# cat=File Delivery/050; type=boolean; label=LLL:EXT:secure_downloads/Resources/Private/Language/locallang_em.xlf:allowPublicAccess
+allowPublicAccess = 1
+
 # cat=Logging; type=boolean; label=LLL:EXT:secure_downloads/Resources/Private/Language/locallang_em.xlf:log
 log = 0