I use attachement_fu to store files above the public folder
so that I can protect them. Only authenticated users are able
to download the files. Anything works as expected.
But I still have a problem:
If the uploaded file is a image (content_type = image/jpeg) I want
to display the thumbnail to the public - the big file is still only
downloadable to authenticated users.
image_tag (image.public_filename) does not work because it looks
for the filename under /public/.....