I ran into a similar issue on another project, and this is what we did: 1) configure your paperclip path to a folder that is NOT in the public directory, we used a directory called /app/assets - so then these files are not downloadable via a direct link 2) we came up with a separate controller action for accessing the files, where, the controller action would read the requested file and then stream it back to the browser - then you can secure access to this controller action the way you would any controller action ( this way of doing it does reduce the performance of your download link but i has the virtue of working )
maybe its possible to do the same thing with Routes, but, i'm not sure if you can secure access to the files/folders in the Public directory of a rails app 2009/12/4 Mark Jones <[email protected]> > As part of our site we are using paperclip to upload files however at > present these files are uploaded to an area using the line below. > > has_attached_file :file, :path => ":rails_root/public/ > application/:class/:id/:basename.:extension", :url => "# > {ActionController::Base.relative_url_root}/ > application/:class/:id/:basename.:extension" > > The link to this file is shown from a view that protected using hobo > permissions > > acting_user.administrator? || owner_is?(acting_user) and by adding a > before filter to the controller as Patrcik suggested in another > thread. > > However anybody can access: > > http://127.0.0.1:3000/application/versions/1/patch1.zip > > whereas I want to limt access to this file to just the same access > list as the view. > > I think this is realted to routing but I'm sort of stuck at where to > start? Is this going to be more generic RoR stuff or paperclip > specific? If so I can ask elsewhere.. > > Thsi is one of my 2 remaining issues before I can go live... I'm going > to struggle on with the other for now but may be back with last query > next week :) > > Thanks > > Mark > > -- > > You received this message because you are subscribed to the Google Groups > "Hobo Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<hobousers%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/hobousers?hl=en. > > > -- Venka Ashtakala, B.Eng, G.C. Eng Venka Ashtakala & Associates Software Development Consultants Office: +1-703-596-0287 Fax: +1-815-550-1356 Mobile: +91 9886304317 [email protected] -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
