Opening a folder for file selection

Hello,
I am trying to provide a link which, when clicked, will supply a
folder which I’ve previously selected for users to click and open
various files in (some pdf, some .doc, maybe even .odt).

 In routes.rb I put:

get ‘public’ => ‘people#upload’

 In application.html.erb I put:

Read a File

 And in people_controller.rb requesting a specific file works to

open the correct download window:

def upload

send_file("C:\\ -- a specific folder and file --", :disposition =>

‘attachment’ , :type => ‘application/pdf’)

end

 But since I don't want to preselect a file for them, from this

preselected folder, how to I just show the folder and let the user
double-click which one they want to open in another window?
Thanks,
Barney

One way:

  1. Get the filenames: Dir.foreach or Dir.glob.
  2. Create a view that provides a list of links, one for each file.
  3. The links connect to another action, which sends the file.

Why is your action named ‘upload’? How about ‘download’?

Thanks, I’ll give those steps a try.
The name is leftover from earlier work and should be changed, as
you’ve pointed out.
Barney

Could you provide a code example of the connection between the links
and an action that sends the file? I now have a list of links on a
page but clicking them gives:
“Firefox doesn’t know how to open this address, because the protocol
© isn’t associated with any program.”
Thanks,
Barney

Thanks 7stud! Your code works and I integrated it with my version.
The only changes I made were to redo RAILS_ROOT to use: dir_path =
Rails.root.join(“public”,“resumes”)
and to make the send_file more “Windowsy” in this way:
send_file("#{dir_path}\#{fname}", :filename => fname)

I appreciate your taking the time!
Barney

Okay. But I am a beginner too, so I don’t know if this is the best way.
I’m assuming the path to your folder is:

/public/files_to_read

class PagesController < ApplicationController
def home
@title = “Home”
end

def get_files
dir_path = ‘public/files_to_read’

Dir.chdir(dir_path) do
  @fnames = Dir.glob("*")
end

end

def download
dir_path = ‘public/files_to_read’
fname = params[:fname]

Dir.chdir(dir_path) do
  allowed_fnames = Dir.glob("*")

  if allowed_fnames.include?(fname)
    send_file("#{RAILS_ROOT}/#{dir_path}/#{fname}",
              :filename => fname)
  else
    @title = 'Home'
    render 'home'
  end

end

end

end

===

Test2App::Application.routes.draw do
root :to => “pages#home”

get ‘pages/get_files’
get ‘pages/download’

===

Pages#home

Find me in app/views/pages/home.html.erb

<%= link_to “Read a file”, {:controller => ‘pages’, :action =>
‘get_files’} %>

===

Pages#get_files

Find me in app/views/pages/get_files.html.erb

Click the file you want to download:

<% @fnames.each do |fname| %>

<%= link_to fname, :controller => 'pages', :action => 'download', :fname => fname %>
<% end %>

===

<%= @title %> <%= csrf_meta_tag %>

<%= yield %>

===

http://localhost:3000 => home.html.erb
click on Read file link => get_file.html.erb
click on a filename link => computer downloads the file

The reason for the code:

if allowed_names.include?( )

is to prevent a hacker from going to the page of links, and then instead
of clicking on a link, entering:

http://localhost:3000/pages/download?fname=/path/to/secrets.txt

If you don’t check the fname that the server receives, a hacker can
download any file they want.

Never use backslashes in paths. ruby and other modern languages can
handle forward slashes for path separators no matter what os the program
is running on.

Barney wrote in post #1017759:

Thanks 7stud! Your code works and I integrated it with my version.
The only changes I made were to redo RAILS_ROOT to use: dir_path =
Rails.root.join(“public”,“resumes”)

As of Rails 3.0.7 RAILS_ROOT and RAILS_ENV are deprecated.
Rails.root and Rails.env are preferred.

Thanks!