--- filerequest.module.original	2006-07-11 03:01:53.000000000 +0200
+++ filerequest.module	2006-07-23 13:24:34.000000000 +0200
@@ -89,46 +89,55 @@
  * associated node, otherwise return an access_denied error.
  */
 function _filerequest_download() {
-  define("__DRUPAL_BASE_DIR", dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR);
-  require_once("downloadhandler.php");
 
-  $args = func_get_args();
-  $config["filename"] = implode('/', $args);
-  $config["filereq_antileech_enabled"] = variable_get('filereq_antileech_enabled', true);
-  $config["filereq_antileech_regex"] = variable_get('filereq_antileech_regex', preg_quote($_SERVER["HTTP_HOST"]));
-  $config["filereq_antileech_image_mode"] = variable_get('filereq_antileech_image_mode', 0);
-  $config["filereq_antileech_image_file"] = variable_get('filereq_antileech_image_file', "modules/filerequest/watermark.png");
-
-  if (!__fr_can_download_file($config)) define("__FILEREQ_LEECH", $file);
-
-  if (defined("__FILEREQ_LEECH"))
-  {
-    $result = db_result(db_query("SELECT nid FROM {files} WHERE filepath = '%s'", $config["filename"]));
-    if ($result !== false)
+  if (user_access('view uploaded files')) {
+
+    define("__DRUPAL_BASE_DIR", dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR);
+    require_once("downloadhandler.php");
+
+    $args = func_get_args();
+    $config["filename"] = implode('/', $args);
+    $config["filereq_antileech_enabled"] = variable_get('filereq_antileech_enabled', true);
+    $config["filereq_antileech_regex"] = variable_get('filereq_antileech_regex', preg_quote($_SERVER["HTTP_HOST"]));
+    $config["filereq_antileech_image_mode"] = variable_get('filereq_antileech_image_mode', 0);
+    $config["filereq_antileech_image_file"] = variable_get('filereq_antileech_image_file', "modules/filerequest/watermark.png");
+
+    if (!__fr_can_download_file($config)) define("__FILEREQ_LEECH", $file);
+
+    if (defined("__FILEREQ_LEECH"))
     {
-      drupal_goto("node/".$result);
-      exit;
-    }
-    drupal_access_denied();
-    return;
-  }
-  $config["filename"] = file_create_path($config["filename"]);
-  if (file_exists($config["filename"])) {
-    $list = module_list();
-    foreach ($list as $module) {
-      $headers = module_invoke_all($module, 'file_download', $_GET['file']);
-      if (in_array(-1, $headers)) {
-        return drupal_access_denied();
+      $result = db_result(db_query("SELECT nid FROM {files} WHERE filepath = '%s'", $config["filename"]));
+      if ($result !== false)
+      {
+        drupal_goto("node/".$result);
+        exit;
       }
-      else if (count($headers)) {
-        // make sure no caching headers are set
-        header("Cache-Control:");
-        header("Pragma:");
-        header("Expires:");
-        __fr_process_download($config["filename"], preg_match("#(\?|&)download(&|$)#", $_SERVER["REQUEST_URI"]), $config["watermark"]);
-        exit();
+      drupal_access_denied();
+      return;
+    }
+    $config["filename"] = file_create_path($config["filename"]);
+    if (file_exists($config["filename"])) {
+      $list = module_list();
+     foreach ($list as $module) {
+        $headers = module_invoke_all($module, 'file_download', $_GET['file']);
+        if (in_array(-1, $headers)) {
+          return drupal_access_denied();
+        }
+        else if (count($headers)) {
+          // make sure no caching headers are set
+          header("Cache-Control:");
+          header("Pragma:");
+          header("Expires:");
+          __fr_process_download($config["filename"], preg_match("#(\?|&)download(&|$)#", $_SERVER["REQUEST_URI"]), $config["watermark"]);
+          exit();
+        }
       }
     }
+    drupal_not_found();
+
+  } else {
+    drupal_access_denied();
+    return;
   }
-  drupal_not_found();
+
 }