Opening a folder for file selection

Rails
1

Hello,
I am trying to provide a link which, when clicked, will supply a
folder which I’ve previously selected for users to click and open
various files in (some pdf, some .doc, maybe even .odt).

 In routes.rb I put:

get ‘public’ => ‘people#upload’

 In application.html.erb I put:

Read a File

 And in people_controller.rb requesting a specific file works to

open the correct download window:

def upload

send_file("C:\\ -- a specific folder and file --", :disposition =>

‘attachment’ , :type => ‘application/pdf’)

end

 But since I don't want to preselect a file for them, from this

preselected folder, how to I just show the folder and let the user
double-click which one they want to open in another window?
Thanks,
Barney

2

One way:

  1. Get the filenames: Dir.foreach or Dir.glob.
  2. Create a view that provides a list of links, one for each file.
  3. The links connect to another action, which sends the file.

Why is your action named ‘upload’? How about ‘download’?

3

Thanks, I’ll give those steps a try.
The name is leftover from earlier work and should be changed, as
you’ve pointed out.
Barney

4

Could you provide a code example of the connection between the links
and an action that sends the file? I now have a list of links on a
page but clicking them gives:
“Firefox doesn’t know how to open this address, because the protocol
© isn’t associated with any program.”
Thanks,
Barney

5

Thanks 7stud! Your code works and I integrated it with my version.
The only changes I made were to redo RAILS_ROOT to use: dir_path =
Rails.root.join(“public”,“resumes”)
and to make the send_file more “Windowsy” in this way:
send_file("#{dir_path}\#{fname}", :filename => fname)

I appreciate your taking the time!
Barney

6

Okay. But I am a beginner too, so I don’t know if this is the best way.
I’m assuming the path to your folder is:

/public/files_to_read

class PagesController < ApplicationController
def home
@title = “Home”
end

def get_files
dir_path = ‘public/files_to_read’

Dir.chdir(dir_path) do
  @fnames = Dir.glob("*")
end

end

def download
dir_path = ‘public/files_to_read’
fname = params[:fname]

Dir.chdir(dir_path) do
  allowed_fnames = Dir.glob("*")

  if allowed_fnames.include?(fname)
    send_file("#{RAILS_ROOT}/#{dir_path}/#{fname}",
              :filename => fname)
  else
    @title = 'Home'
    render 'home'
  end

end

end

end

===

Test2App::Application.routes.draw do
root :to => “pages#home”

get ‘pages/get_files’
get ‘pages/download’

===

Pages#home

Find me in app/views/pages/home.html.erb

<%= link_to “Read a file”, {:controller => ‘pages’, :action =>
‘get_files’} %>

===

Pages#get_files

Find me in app/views/pages/get_files.html.erb

Click the file you want to download:

<% @fnames.each do |fname| %>

<%= link_to fname, :controller => 'pages', :action => 'download', :fname => fname %>
<% end %>

===

<%= @title %> <%= csrf_meta_tag %>

<%= yield %>

===

http://localhost:3000 => home.html.erb
click on Read file link => get_file.html.erb
click on a filename link => computer downloads the file

The reason for the code:

if allowed_names.include?( )

is to prevent a hacker from going to the page of links, and then instead
of clicking on a link, entering:

http://localhost:3000/pages/download?fname=/path/to/secrets.txt

If you don’t check the fname that the server receives, a hacker can
download any file they want.

7

Never use backslashes in paths. ruby and other modern languages can
handle forward slashes for path separators no matter what os the program
is running on.

8

Barney wrote in post #1017759:

Thanks 7stud! Your code works and I integrated it with my version.
The only changes I made were to redo RAILS_ROOT to use: dir_path =
Rails.root.join(“public”,“resumes”)

As of Rails 3.0.7 RAILS_ROOT and RAILS_ENV are deprecated.
Rails.root and Rails.env are preferred.

Thanks!