I know there was a thread about this a while back, and Al Evans posted this reply to a question about protecting images from being directly accessed by typing in the URL.
Mohit Sindhwani wrote:
I know there was a thread about this a while back, and Al Evans posted this reply to a question about protecting images from being directly accessed by typing in the URL.
--- Al Evans wrote:
Here's a method I've used for sending pictures from an arbitrary location in the file system:
def get_pic send_file(User.photo_file_name_for(@params[:id]), {:disposition => 'inline', :type => 'image/jpeg'}) end
You could modify that to return an image only if a user was logged in, for example.
Obviously, photo_file_name_for() returns a file system path to the appropriate image.
Here's an example of the <img> declaration in a view:
<img class="photo" src="/users/get_pic/<%= @user.id %>" alt="<%= @user.name %>"
But there's no way to stop a user from doing "Save as..." or dragging a copy of the image off onto their desktop or taking a screenshot or.... ---
I'm just a bit confused about where this code goes. I'm basically trying to use this with file_column and I've got it to upload the file to RAILS_ROOT/storage/upload and now need to do the needful to integrate the above get_pic function to send the image using the <img> declaration.
I'm confused - would appreciate some help.. :-S
Thanks Mohit. Exploring on, I managed to get it to work by doing this, but would like to know if it's the right way: def get_pic @fctrial = Fctrial.find(params[:id]) send_file(@fctrial.image, {:disposition => 'inline', :type => 'image/jpeg'}) end
This is instead of: def get_pic send_file(User.photo_file_name_for(@params[:id]), {:disposition => 'inline', :type => 'image/jpeg'}) end
Is it better to do another find or should I add a function to the model to get it to generate the image name?
Cheers Mohit.