1

I am building a site where I want to protect certain images from download. Only authorized users would be able to download them.

As I upload images with Carrierwave, they are stored inside public/uploads/image. Users can download them via link:

def transmit
    send_file(Rails.root.join('public' , 'uploads', 'image', filename.to_s)
end

How can I protect images inside image folder so unauthorized users can't access them? Let's say users table has boolean column authorized.

What would be the best way to do it?

EDIT1:

I know I can make before_action which wont allow unauthorized user to download it via download link but the image is still accessible if the user knows path to the folder where are images stored.

user3339562
  • 1,325
  • 4
  • 18
  • 34
  • 1
    Don't store them in the public folder - store them elsewhere in the filesystem. – sevenseacat Feb 25 '14 at 04:17
  • @sevenseacat, Thank you. The problem is that I need some versions of images available for public display so how can I accomplish that? Can I store different image versions to different locations? I would like to have some thumbnails store inside public folder and originals inside private folder. – user3339562 Feb 25 '14 at 18:24

1 Answers1

2

Normally carrierwave store images in public/uploader directory.

def store_dir
 'public/my/upload/directory'
end

.

If you store files outside the project root folder, you may want to define cache_dir in the same way:

class MyUploader < CarrierWave::Uploader::Base
  def cache_dir
   '/tmp/projectname-cache'
  end
 end
santosh
  • 1,611
  • 1
  • 13
  • 21
  • Thanks. But how can I now have thumbnails available to public? Is there a way to store different image versions in different locations? – user3339562 Feb 25 '14 at 17:56
  • store all thumbs in public directory as specified above and store your actual images in cache_dir and use retrieve_versions_from_store to retrieve file – santosh Feb 26 '14 at 06:05