Hey. In my rails application each client has a file. This file must not be accessible to public, only to the user (authenticated user). How would you implement this functionality?
You need put this file in other place than /public directory.
After you can use send_file in your controller to send file by user.
Related
I have to embed an existing HTML project (a directory that was exported from another service including HTML files, gifs, and pngs) in a Rails app. These files should only be viewable by authenticated users, so I can't put them in /public.
Do I have to write a controller and convert all the existing HTML files (of which there are many) to rails views to get all the routing and auth to work and serve the assets via the asset pipeline? Or am I missing a less time-intensive solution? I'm worried that the HTML may change not-infrequently and I don't want to get stuck replicating this process often.
If you did not need to authenticate the user, then you would be able to serve them over the /public folder. But I think you will need controllers since you want to authenticate.
You will need to create controllers and views. It should not be too hard as you won't need to do a lot of custom erb.
Then just add a authenticate user before method to all pages you wanted authentication for.
I'm making a Rails application.
When user post content, it makes a folder in public folder. Only admin can put images in it. And user can watch it in folder he made.
But if other users put direct url like this http://railsapp.com/folder/test/test.jpg/, it shows.
I want to prohibit to show when somebody access directly. How should I do?
Do I make the folder in Rails.root? But I don't know how to show it. Please give me a advise.
The solution here is pretty obvious - don't upload to /public if you don't want it to be public. And no you don't want to change the access rules for your public directory as this will mess up all your assets and the rails fallback error pages.
The common choice is to use /storage but then you need to use Rails to serve the assets.
That would involve creating a model and a controller for the uploaded files and serving them with send_file.
class AttachmentController
def show
#attachment = Attachment.find(params[:id])
# #todo authorize access.
send_file #attachment.path, type: #attachment.mime, disposition: 'inline'
end
end
A workaround for cases when you don't want to tie up rails threads just with serving images is to use a non guessable hash in the path name to your "private" assets. Note that they are not really private - just harder to find.
My problem is, I upload files to my server, and atm the uploaded files are located under an asset directory, but I don't want all users grant the access to the files, but if the file is located under an asset directory, all users can download them etc.
But if a user want to alter his file, then he should get access to them f.e. with js (think that i use js as an editor).
Can someone help me?
I hope you use Paperclip gem. Read this post about protected file download: http://thewebfellas.com/blog/2009/8/29/protecting-your-paperclip-downloads
1) I am downloading datafeeds (xml) files from a URL to unzip/import them into the database. Where should I store them in the rails file structure?
2) How does the rails file structure work, can rails access the entire hosting environment? I basically mean, if I store my XML feed in /lib/files would I use that path in my models, or the longer full linux path?
Appreciate any advice!
You should probably use the tmp/ folder to store those temporary files
Its a good practice to always use the full path. You can get the rails root dir via Rails.root
Rails can access any thing that the user account under which the rails process is running, can access. ie: if you run the rails server process under root (which is not a good idea BTW), the app could access any path that root can access. This might of course be limited by whatever access control mechanisms in place by the OS(ex: SELinux).
I am generating some large files in my Rails application. Fortunately, they only need to be generated once. I would like to save these files to disk so that I don't have to generate them again.
Which directory in my Rails application is the most appropriate place to put application generated files?
Thanks!
If security of the files is not an issue you can put them in a subdirectory of public (for example, public/assets) which in your deploy script is symlinked to a directory in shared/public so that when you redeploy the files are retained.
If security is an issue, the solution is similar, though you would not want the directory to be web accessible. Instead you would use a controller to control access and serve up the files with send_file.