Topic: file_column and authentication

I'm using file column to upload images & create thumbnails for a gallery system where users can buy the images, but I need to set it so that if the user has paid for the Image, he can then view the full size version, otherwise he can just view the thumbnails.

Would it be possible to modify file_column in this way? or would it be easier to just make my own code to upload the image, save that in one place then save the thumbnail in a separate area so that you cannot guess the full-size file's location from seeing the thumbnail (because of file column saving the full file in '../id/image_name.jpg' and the thumbnail in '../id/thumb/image_name.jpg' it only takes removing '/thumb' from the url to find the full size one from the thumbnail)

Any thoughts?

Re: file_column and authentication

What you maybe able to do is generate a deliver_image controller and use a route to capture what would be a direct request to the image.

so what normally happens is
GET http;//www.fdsfdsf.fsdfs.fd/image/13/thumb -> mapped to public/image/13/file-name in rails project

but use a route so that

GET http;//www.fdsfdsf.fsdfs.fd/image/13/thumb -> mapped to app/controllers/a_controller, :action => blah, :id => 13, :size => thumb.

and from there you can check whether the person has paid for the image and pipe it as a response if successful.

Last edited by alistair (2006-07-04 20:18:55)

Re: file_column and authentication

thanks, Alistar. That does the trick. I was overcomplicating things in my thoughts. god I love rails.

Re: file_column and authentication

I spoke too soon.

I set this up:

map.connect 'image/file/:id/:name', 
        :controller => 'download',
        :action => 'authenticate',
        :requirements => { :name => /.*\.jpg/ }

but it only works if the :name which you type in doesn't exist. Otherwise it shows the image as per usual.

Re: file_column and authentication

mmm.. firstly if you do find a solution tell me as i will need this.

Anyone got any ideas as to how to block access to the public folder (or at least a subset of it)

Re: file_column and authentication

One way to do this is to place the full-size images outside the public directory so no one has access to them and use the "send_file" method to send the image once you know they have access. The send_file method isn't the most efficient way for large files, but it is the easiest way to go about doing this.

http://api.rubyonrails.org/classes/Acti … ml#M000072

Railscasts - Free Ruby on Rails Screencasts

Re: file_column and authentication

I had a good search through the file column docs and you can change the directory easily, but it seems there's no easy way to split the thumbnails and full-size images into different directories without really digging into the source. So, I made my own uploader/resizer thing instead. Not as nice as file_column, but it does the job.