Hi, (thanks for the spare moment) i was hoping if someone knew of a way to restrict certain files in the public folder to certain users, according to their session. the aim i''m shooting for more or less, is this: a client(who i can check via a session, password, etc) recieves one of the following links in his email, and can download the file to his computer, (( http://www.myrailsapp.com/download.zip or http://www.myrailsapp.com/afiletodownload.js or ... )) whereas a regular web-surfer, finding the link, will try to download it, but will be blocked/ be asked to authorize himself. i''m guessing there is someplace in the app i could define this (enviorment.rb?) but i am clueless of where to start from. is this possible to do via rails? is this a server issue(i''m on lighttpd)? am i shooting for something unrealistic? many thanks for a direction(/solution), or whatever you feel u can contribute... much appreciated, harp -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
I think the best way to do this is to have the files which are to be downloaded outside of the public folder and then use an action in a controller which authenticates the download and then uses send_file to send the file to the user. This way, the files are hidden from the public until the controller sends it to them. send_file documentation: http://api.rubyonrails.org/classes/ActionController/Streaming.html#M000072 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
> whereas a regular web-surfer, finding the link, will try to download> it, but will be blocked/ be asked to authorize himself. The way I''ve seen this achieved is to store the files in a directory below the web root (public/) so the they''re not directly accessible. Then have a controller that receives and authenticates the request for a file, opens the physical file and streams it to the browser sending the correct headers. There are obviously performance issues to consider with this method. The other way is to use htaccess to protect the directory, but that will depend on your set up. Hope that helps, Steve --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
thank you all for your help; i didn''t think i would get this out of my way so quickly...i''ve managed to implement the issue via send_file, and i''ll check out the htaccess method in a sec, maybe it may be a better solution (?)... either way, thank you very much for your help, harp -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---