Image access control

casper_the_ghost · February 17, 2008, 2:48pm

Hi all,

My app allows users to upload images, but access to the images needs
to be controlled. For this reason, I’m not storing the images in the /
public dir, I’m storing them elsewhere. What I need as an action that
will verify the logged-in user’s access to an image, then render the
image inline. I’ve been trying this but it doesn’t work:

class ImagesController < ApplicationController
before_filter :verify_user

def show
@image = CmsImage.find(params[:id])
send_data(File.read(@image.full_path), :type =>
@image.content_type, :disposition => ‘inline’)
rescue
# image not found…
end
end

It just prints the URL used to access this action to the screen (in
firefox). If I call this instead:

render :text => File.read(@image.full_path)

then I get the contents of the image fill as text, so it’s reading the
file OK. It just doesn’t display in the browser. Anyone got any idea
how to solve this?

Many thanks,
James

casper_the_ghost · February 17, 2008, 3:57pm

Quick update: I found I could use ImageMagick do deliver the data, but
it’s pretty damn slow. Any know a faster way?

---- Model cms_image.rb ----

require ‘RMagick’
class CmsImage
def image_data
Magick::Image.read(full_path).first.to_blob
end
end

---- Controller images_controller.rb ----

class ImagesController < ApplicationController
before_filter :verify_user

def show
@image = CmsImage.find(params[:id])
send_data(@image.image_data, :type =>
@image.content_type, :disposition => ‘inline’)
rescue
# image not found…
end
end

On Feb 17, 1:47 pm, “[email protected]” [email protected]