Hi,
I have a some image files that belongs to some users. Only the owner of
an
image should be able to see it.
How can I do that?
I don’t think I can use send_data, because I want the image to be
displayed
on a “rendered” page. I don’t think I can place the images in the public
folder, because if some user can figure out the name of the image then
he’ll
be able to see it… what is the correct way to handle this?
Regards,
Nicolas
Take a look at mod_secdownload if you use lighttpd.
Nicolas B. wrote:
Hi,
I have a some image files that belongs to some users. Only the owner of
an
image should be able to see it.
How can I do that?
I don’t think I can use send_data, because I want the image to be
displayed
on a “rendered” page. I don’t think I can place the images in the public
folder, because if some user can figure out the name of the image then
he’ll
be able to see it… what is the correct way to handle this?Regards,
Nicolas
You could use file_column and store the image file information in the
database–they’d still live in your file system, but they’d be available
as an ActiveRecord model which you could filter and display however you
needed.
Jeff C.man
On 20/04/2006, at 7:15 PM, Nicolas B. wrote:
I don’t think I can use send_data, because I want the image to be
displayed on a “rendered” page.
def inline_image
image = Image.find(params[:id])
if image.nil?
redirect_to '/404.html' and return
end
if authorised_to_view?(session[:user], image)
send_data image.data, :filename => image.file_name, :type =>
image.mime_type, :disposition => ‘inline’
else
redirect_to :controller => ‘images’, :action => ‘list’ and
return
end
end
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs