Image access control

Hi all,

My app allows users to upload images, but access to the images needs to be controlled. For this reason, I'm not storing the images in the / public dir, I'm storing them elsewhere. What I need as an action that will verify the logged-in user's access to an image, then render the image inline. I've been trying this but it doesn't work:

class ImagesController < ApplicationController   before_filter :verify_user

  def show     @image = CmsImage.find(params[:id])     send_data(File.read(@image.full_path), :type => @image.content_type, :disposition => 'inline')   rescue     # image not found...   end end

It just prints the URL used to access this action to the screen (in firefox). If I call this instead:

render :text => File.read(@image.full_path)

then I get the contents of the image fill as text, so it's reading the file OK. It just doesn't display in the browser. Anyone got any idea how to solve this?

Many thanks, James

Quick update: I found I could use ImageMagick do deliver the data, but it's pretty damn slow. Any know a faster way?

## ---- Model cms_image.rb ---- require 'RMagick' class CmsImage   def image_data     Magick::Image.read(full_path).first.to_blob   end end

## ---- Controller images_controller.rb ---- class ImagesController < ApplicationController   before_filter :verify_user

  def show     @image = CmsImage.find(params[:id])     send_data(@image.image_data, :type => @image.content_type, :disposition => 'inline')   rescue     # image not found...   end end