--- webfm.module.org	2009-08-19 17:44:13.000000000 +0200
+++ webfm.module	2009-09-30 13:19:36.000000000 +0200
@@ -544,6 +544,89 @@
   }
 }
 
+/**
+ * Implementation of hook_file_download().
+ */
+function webfm_file_download($filepath) {
+  global $user;
+
+  $filepath = file_create_path($filepath);
+  $match = FALSE;
+  $f = false;
+  // User has either admin access, webfm access or view attach access
+  if(($user->uid == 1) || user_access('administer webfm')) {
+    // Admins have total access
+    $webfm_perm = WEBFM_ADMIN;
+    $match = TRUE;
+  } else if(user_access('access webfm')) {
+    $webfm_perm = WEBFM_USER;
+  } else if(user_access('view webfm attachments')) {
+    $webfm_perm = WEBFM_ATTACH_VIEW;
+  } else {
+    $webfm_perm = 0;
+  }
+
+	if(($f = webfm_get_file_record('', $filepath)) === FALSE) {
+	  return;
+	}
+	
+	if($f->uid == $user->uid) {
+	    // Even if file has been moved to an inaccessible dir this works
+	    $match = TRUE;
+	}
+
+  // Files that have been attached are always considered public to whoever can
+  // access that node/comment (nodeaccess/commentaccess security).
+  if($match == FALSE && $webfm_perm != WEBFM_ADMIN) {
+    if($f->perm & WEBFM_FILE_ACCESS_PUBLIC_VIEW) {
+      $match = TRUE;
+    } else if($webfm_perm == WEBFM_USER || $webfm_perm == WEBFM_ATTACH_VIEW){
+      //Check if the file is attached to a node or comment.
+      $query = 'SELECT nid,cid FROM {webfm_attach} WHERE fid = %d';
+      $result = db_query($query, $f->fid);
+      if($result !== FALSE) {
+        while ($dbfid = db_fetch_array($result)) {
+          if ($dbfid['cid'] != 0 ) {
+            // For a comment, a user must be able to view the parent node and have "access_comments".
+            if (!user_access('access comments')) {
+              continue;
+            }
+            $comment = _comment_load($dbfid['cid']);
+            $dbfid['nid'] = $comment->nid;
+          }
+          $node = node_load($dbfid['nid']);
+          if (node_access('view', $node)) {
+            $match = TRUE;
+            // Modules might use their own method of node restriction, other than node_access.
+            drupal_alter('webfm_file_access', $match, $node, $f->$fid);
+            if ($match) {
+              break;
+            }
+          }
+        }
+      }
+    }
+  }
+
+  // Files that are viewable via the filebrowser UI are downloadable
+  if($match == FALSE &&
+     $webfm_perm == WEBFM_USER &&
+     (webfm_file_view_access($f) || webfm_file_mod_access($f))) {
+    $match = TRUE;
+  }
+
+  if(!$match) {
+    return -1;
+  }
+
+  //download headers:
+  $headers = array();
+  $headers[] = 'Content-Type: ' . $f->fmime;
+  $headers[] = 'Content-Length: ' . $f->fsize;
+  
+  return $headers;
+}
+
 function webfm_get_group_directory($node) {
   $group_directory = drupal_strtolower(trim($node->title));
   $group_directory = str_replace(array(' ', '-'), '_', $group_directory);