File Column Directory Add another layer

dukael · 2005-12-20 22:36:35 UTC

Quick Question. I understand how to change the default path to
something other than public but what if I wanted to add another
directory into the equation. I want to upload an image into the
following structure:

/public/image/userid/imageid/test.gif

So basically I want to look up the userid in my users table and put
all the images for that user in the same directory. So i have a one
more level of separation. The reason being that we want to have a
bandwidth cap put on download for our app. We are doing this via
virtual’s set on the server however with all the virtuals pointing to
the same place it is possible for a malicious user to find out
another virtuals name and use that as a workaround to their bandwidth
constraint. Is it possible? has anyone else tried this?

Thanks

Andrew

dukael · 2005-12-21 03:04:58 UTC

This certainly isn’t a concise answer to your query, but I needed to do
several things with uploaded images, beyond what file_column provided.
I’m
just gonna paste stuff right out of my Registrant model rather than try
to
figure out how to make it generic for you…

def save_image(image_to_crop, crop_params)
img_base = RAILS_ROOT + “/public/images/registrants/”
img_filename = self.id.to_s + “.jpg”
y, x, w, h = crop_params.split(’,’)

logger.info("Trying to open " + image_to_crop)

img = ::Magick::ImageList.new(image_to_crop)

img.crop!(x.to_i, y.to_i, w.to_i, h.to_i)
img.resize!(120, 120)
color_thumb = img.resize(32, 32)
grey_img = img.quantize(256, ::Magick::GRAYColorspace)
img.write(img_base + img_filename)
grey_img.write(img_base + 'greyscale/' + img_filename)
color_thumb.write(img_base + 'thumbnail/' + img_filename)

end

image_to_crop comes from the view where the file_column field
originated:

save_image is called from the controller.

Hopefully you’ll see something there that will help you with your issue.

David R.

dukael · 2005-12-21 03:59:03 UTC

With the trunk version of file_column, you can:

class Model #…
file_column :field, :store_dir = > :dynamic_dir

def dynamic_dir
File.join(field_options[:root_path], “model_name”,
Digest::SHA1.hexdigest(User.current_user.hash)[0…9], “field_name”)
#…

Have you looked into lighty’s protected downloads feature? That might
be a better solution.

dukael · 2005-12-21 15:46:01 UTC

Well I have not looked into it yet. But the trunk version of
file_column will allow me to do what I want to do, while lighty does
not support the throttling that we are looking to do. We are still
trying to find a webserver that will and that also supports rails.

I’ll have to go and grab the trunk version of file column.

Andrew