堆栈内存溢出
  简体   繁体   English

未登录的用户可以看到由carrierwave保存的文件

[英]Files saved by carrierwave is being gotten visible to users not logged in

 原文  2018-07-30 05:26:27       mysql/ ruby-on-rails/ nginx/ file-upload/ carrierwave

问题描述

Current Detail 当前细节

[Env] [Env]

nginx puma mysql Rails == 5.1.5 Nginx的美洲狮MySQL的Rails == 5.1.5

I mounted carrierwave to upload pictures and files in a post. 我安装了carrierwave,以便在帖子中上传图片和文件。

[Case] [案件]

Users not logged in type the file URL in browser, then they can access and view the file. 未登录的用户在浏览器中键入文件URL,然后他们可以访问和查看文件。

[Ideal] [理想]

Only users logged in is accessible to the file. 该文件只能访问登录的用户。

The file path is "uploads/post/images/1234(post_id)/sample.png". 文件路径为“ uploads / post / images / 1234(post_id)/sample.png”。 So far, I locate uploads directory under public, app/assets/, and root directory in vain. 到目前为止,我在public,app / assets /和根目录下都找不到上载目录。

Any answers or suggestions are appreciated. 任何答案或建议,不胜感激。

Source 资源 

Rails.application.routes.draw do
  get 'users/index'
  get 'users/show'
  get 'posts/index'

  devise_for :users, module: :users
  resources :users, :only => [:index, :show]

  get "/" => "posts#index"
  get "posts/like_ranking" => "posts#like_rank"
  get "posts/post_count_ranking" => "posts#post_count"
  get "posts/tags_search" => "posts#tags_search"
  get "posts/new" => "posts#new"
  get "posts/:id/reply" => "posts#new"
  post "posts/create" => "posts#create"
  get "posts/:id" => "posts#show"
  get "posts/:id/edit" => "posts#edit"
  post "posts/:id/update" => "posts#update"
  post "posts/:id/destroy" => "posts#destroy"

  get 'tags/:tag', to: 'posts#index', as: :tag

  get "users/:id/likes" => "users#likes"
  get "users/:id/reply" => "users#reply"

  resources :posts, only: %w(index)

  resources :posts, shallow: true do
    resources :likes, only: [:create, :destroy]
  end
end

" 

class ImageUploader < CarrierWave::Uploader::Base
  # Choose what kind of storage to use for this uploader:
  storage :file

  # Override the directory where uploaded files will be stored.
  # This is a sensible default for uploaders that are meant to be mounted:
  def store_dir
    "uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
  end
end

1 个解决方案

解决方案1
 2 已采纳  2018-07-30 07:33:19

All assets under the public folder is served by nginx . 所有资产规模public文件夹是由服务nginx In order to make it available for logged users you can first upload files to other directory than public and create action which serve files by Rails app from that directory and check if users logged before serving. 为了使登录用户可以使用它,您可以首先将文件上传到public目录以外的其他目录,并创建由Rails应用程序从该目录提供文件的操作,并检查用户在提供服务之前是否已登录。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从Javascript运行PHP文件以检查在线用户:表示未登录的用户是 - Run PHP files from Javascript to check Online users: says users who are not logged in are 如何仅通过浏览器身份验证为有效用户创建下载目录而无需登录? - how to make a download directory for valid users without being logged in, just by browser authentication? 识别PHP中的登录用户 - Identify logged users in PHP 显示用户登录的数据 - Display users logged in data 表单不显示登录用户 - Form not displaying for logged in users 管理登录用户 - Managing Logged in users 会话未保存为ID - Session not being saved as id 在两个日期之间查询已登录用户而不是未登录用户的PHP查询 - Php query for logged in users and not logged in users between two dates 授权未注册或登录的用户 - authorizing users that have not registered or logged in 过去一天登录的用户数 - Number of users that logged in the past day
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM