Image access control

Hi all,

My app allows users to upload images, but access to the images needs
to be controlled. For this reason, I'm not storing the images in the /
public dir, I'm storing them elsewhere. What I need as an action that
will verify the logged-in user's access to an image, then render the
image inline. I've been trying this but it doesn't work:

class ImagesController < ApplicationController
  before_filter :verify_user

  def show
    @image = CmsImage.find(params[:id])
    send_data(File.read(@image.full_path), :type =>
@image.content_type, :disposition => 'inline')
  rescue
    # image not found...
  end
end

It just prints the URL used to access this action to the screen (in
firefox). If I call this instead:

render :text => File.read(@image.full_path)

then I get the contents of the image fill as text, so it's reading the
file OK. It just doesn't display in the browser. Anyone got any idea
how to solve this?

Many thanks,
James

Quick update: I found I could use ImageMagick do deliver the data, but
it's pretty damn slow. Any know a faster way?

## ---- Model cms_image.rb ----
require 'RMagick'
class CmsImage
  def image_data
    Magick::Image.read(full_path).first.to_blob
  end
end

## ---- Controller images_controller.rb ----
class ImagesController < ApplicationController
  before_filter :verify_user

  def show
    @image = CmsImage.find(params[:id])
    send_data(@image.image_data, :type =>
@image.content_type, :disposition => 'inline')
  rescue
    # image not found...
  end
end