By default the real location of an uploaded file is hidden. The download URL will be generated with a security token to prevent guessing or enumeration attacks to discover the location of other files. The gform_require_login_pre_download filter can be used to require the user be logged in before the download URL will allow access to the file.
The following would apply to all forms.
add_filter( 'gform_require_login_pre_download', 'your_function_name', 10, 3 );
1. Require login for all forms
add_filter( 'gform_require_login_pre_download', '__return_true' );
This code should be placed in the functions.php file of your active theme.
This filter was added in Gravity Forms 22.214.171.124.
This filter is located in GF_Download::validate_download() in includes/class-gf-download.php