Make Private Uploaded File

Hello all, I asked this question yesterday but seem to get no
response, maybe there’s a code about how much I should explain before
an answer is deserved or maybe it was confusingly stated. But let me
try again:

If I were to allow users to upload files, say user A uploaded A.mov,
and user B uploaded B.mov. I know that I can
#User model
has_many :files

#File Model
belongs_to :user

to ensure that A only sees A.mov in his page and B only sees B.mov in
his page.

But what if user A types in the url http://dns/public/files/B.mov?
How does one usually go about that?

Thank you in advance for any comment posted!

classical problem. to be resolved:

User.files.find(params[:id])

assuming, that params[:id] contains the file id.
But however in detail, the main “trick” is to use
User.files.find(…)
instead of Files.find(…)
since that will create an SQL query that checks not
only for the file id, but for the user_id column too.

you might need to store the files outside of public and have rails
serve them.
i am still not very experienced with rails so i could be wrong.

You might find this old blog post of mine useful:

http://www.bencurtis.com/archives/2006/11/serving-protected-downloads-with-rails/

–
Benjamin C.
http://railskits.com/ - Ready-made Rails code
http://catchthebest.com/ - Team-powered recruiting
http://www.bencurtis.com/ - Personal blog