Make Private Uploaded File

Hello all, I asked this question yesterday but seem to get no response, maybe there's a code about how much I should explain before an answer is deserved or maybe it was confusingly stated. But let me try again:

If I were to allow users to upload files, say user A uploaded A.mov, and user B uploaded B.mov. I know that I can #User model has_many :files

#File Model belongs_to :user

to ensure that A only sees A.mov in his page and B only sees B.mov in his page.

But what if user A types in the url http://dns/public/files/B.mov? How does one usually go about that?

Thank you in advance for *any* comment posted!

classical problem. to be resolved:

User.files.find(params[:id])

assuming, that params[:id] contains the file id. But however in detail, the main "trick" is to use User.files.find(...) instead of Files.find(...) since that will create an SQL query that checks not only for the file id, but for the user_id column too.

you might need to store the files outside of public and have rails serve them. i am still not very experienced with rails so i could be wrong.

You might find this old blog post of mine useful:

http://www.bencurtis.com/archives/2006/11/serving-protected-downloads-with-rails/