Quick Question. I understand how to change the default path to something other than public but what if I wanted to add another directory into the equation. I want to upload an image into the following structure: /public/image/userid/imageid/test.gif So basically I want to look up the userid in my users table and put all the images for that user in the same directory. So i have a one more level of separation. The reason being that we want to have a bandwidth cap put on download for our app. We are doing this via virtual''s set on the server however with all the virtuals pointing to the same place it is possible for a malicious user to find out another virtuals name and use that as a workaround to their bandwidth constraint. Is it possible? has anyone else tried this? Thanks Andrew
With the trunk version of file_column, you can:
class Model #...
file_column :field, :store_dir = > :dynamic_dir
def dynamic_dir
File.join(field_options[:root_path], "model_name",
Digest::SHA1.hexdigest(User.current_user.hash)[0..9], "field_name")
#...
Have you looked into lighty''s protected downloads feature? That might
be a better solution.
On 12/20/05, Andrew Filipowski <a.filipowski-ee4meeAH724@public.gmane.org>
wrote:> Quick Question. I understand how to change the default path to
> something other than public but what if I wanted to add another
> directory into the equation. I want to upload an image into the
> following structure:
>
> /public/image/userid/imageid/test.gif
>
> So basically I want to look up the userid in my users table and put
> all the images for that user in the same directory. So i have a one
> more level of separation. The reason being that we want to have a
> bandwidth cap put on download for our app. We are doing this via
> virtual''s set on the server however with all the virtuals pointing
to
> the same place it is possible for a malicious user to find out
> another virtuals name and use that as a workaround to their bandwidth
> constraint. Is it possible? has anyone else tried this?
>
> Thanks
>
> Andrew
>
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
This certainly isn''t a concise answer to your query, but I needed to do
several things with uploaded images, beyond what file_column provided.
I''m
just gonna paste stuff right out of my Registrant model rather than try to
figure out how to make it generic for you...
def save_image(image_to_crop, crop_params)
img_base = RAILS_ROOT + "/public/images/registrants/"
img_filename = self.id.to_s + ".jpg"
y, x, w, h = crop_params.split('','')
logger.info("Trying to open " + image_to_crop)
img = ::Magick::ImageList.new(image_to_crop)
img.crop!(x.to_i, y.to_i, w.to_i, h.to_i)
img.resize!(120, 120)
color_thumb = img.resize(32, 32)
grey_img = img.quantize(256, ::Magick::GRAYColorspace)
img.write(img_base + img_filename)
grey_img.write(img_base + ''greyscale/'' + img_filename)
color_thumb.write(img_base + ''thumbnail/'' + img_filename)
end
image_to_crop comes from the view where the file_column field originated:
<input type=''hidden'' name=''image_to_crop''
value=''<%= @registrant.image %>''
/>
save_image is called from the controller.
Hopefully you''ll see something there that will help you with your
issue.
David Rose
On 12/20/05, Andrew Filipowski <a.filipowski-ee4meeAH724@public.gmane.org>
wrote:>
> Quick Question. I understand how to change the default path to
> something other than public but what if I wanted to add another
> directory into the equation. I want to upload an image into the
> following structure:
>
> /public/image/userid/imageid/test.gif
>
> So basically I want to look up the userid in my users table and put
> all the images for that user in the same directory. So i have a one
> more level of separation. The reason being that we want to have a
> bandwidth cap put on download for our app. We are doing this via
> virtual''s set on the server however with all the virtuals pointing
to
> the same place it is possible for a malicious user to find out
> another virtuals name and use that as a workaround to their bandwidth
> constraint. Is it possible? has anyone else tried this?
>
> Thanks
>
> Andrew
>
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails
Well I have not looked into it yet. But the trunk version of file_column will allow me to do what I want to do, while lighty does not support the throttling that we are looking to do. We are still trying to find a webserver that will and that also supports rails. I''ll have to go and grab the trunk version of file column. Andrew On Dec 20, 2005, at 8:56 PM, Kyle Maxwell wrote:> With the trunk version of file_column, you can: > > class Model #... > file_column :field, :store_dir = > :dynamic_dir > > def dynamic_dir > File.join(field_options[:root_path], "model_name", > Digest::SHA1.hexdigest(User.current_user.hash)[0..9], "field_name") > #... > > Have you looked into lighty''s protected downloads feature? That might > be a better solution. > > On 12/20/05, Andrew Filipowski <a.filipowski-ee4meeAH724@public.gmane.org> wrote: >> Quick Question. I understand how to change the default path to >> something other than public but what if I wanted to add another >> directory into the equation. I want to upload an image into the >> following structure: >> >> /public/image/userid/imageid/test.gif >> >> So basically I want to look up the userid in my users table and put >> all the images for that user in the same directory. So i have a one >> more level of separation. The reason being that we want to have a >> bandwidth cap put on download for our app. We are doing this via >> virtual''s set on the server however with all the virtuals pointing to >> the same place it is possible for a malicious user to find out >> another virtuals name and use that as a workaround to their bandwidth >> constraint. Is it possible? has anyone else tried this? >> >> Thanks >> >> Andrew >> >> _______________________________________________ >> Rails mailing list >> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org >> http://lists.rubyonrails.org/mailman/listinfo/rails >> > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails