I use attachement_fu to store files above the public folder so that I can protect them. Only authenticated users are able to download the files. Anything works as expected.
But I still have a problem:
If the uploaded file is a image (content_type = image/jpeg) I want to display the thumbnail to the public - the big file is still only downloadable to authenticated users.
image_tag (image.public_filename) does not work because it looks for the filename under /public/.....