Hi, I have a some image files that belongs to some users. Only the owner of an image should be able to see it. How can I do that? I don''t think I can use send_data, because I want the image to be displayed on a "rendered" page. I don''t think I can place the images in the public folder, because if some user can figure out the name of the image then he''ll be able to see it... what is the correct way to handle this? Regards, Nicolas -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060420/478e2d7c/attachment.html
Take a look at mod_secdownload if you use lighttpd. On 4/20/06, Nicolas Buet <nicolas.buet@gmail.com> wrote:> > Hi, > > I have a some image files that belongs to some users. Only the owner of an > image should be able to see it. > How can I do that? > I don''t think I can use send_data, because I want the image to be > displayed on a "rendered" page. I don''t think I can place the images in the > public folder, because if some user can figure out the name of the image > then he''ll be able to see it... what is the correct way to handle this? > > Regards, > > Nicolas > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails > > >-- Roberto Saccon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060420/9f1231dc/attachment.html
Nicolas Buet wrote:> Hi, > > I have a some image files that belongs to some users. Only the owner of > an > image should be able to see it. > How can I do that? > I don''t think I can use send_data, because I want the image to be > displayed > on a "rendered" page. I don''t think I can place the images in the public > folder, because if some user can figure out the name of the image then > he''ll > be able to see it... what is the correct way to handle this? > > Regards, > > NicolasYou could use file_column and store the image file information in the database--they''d still live in your file system, but they''d be available as an ActiveRecord model which you could filter and display however you needed. Jeff Coleman -- Posted via http://www.ruby-forum.com/.
On 20/04/2006, at 7:15 PM, Nicolas Buet wrote:> I don''t think I can use send_data, because I want the image to be > displayed on a "rendered" page.def inline_image image = Image.find(params[:id]) if image.nil? redirect_to ''/404.html'' and return end if authorised_to_view?(session[:user], image) send_data image.data, :filename => image.file_name, :type => image.mime_type, :disposition => ''inline'' else redirect_to :controller => ''images'', :action => ''list'' and return end end