堆栈内存溢出
  简体   繁体   English

RAILS_ROOT/public下Rails文件授权Ruby

[英]Ruby on Rails file authorization under RAILS_ROOT/public

 原文  2021-05-11 11:14:43       ruby-on-rails/ carrierwave

问题描述

I am looking for a way of running a type of check_access to my files located under my public folder.我正在寻找一种对位于我的公用文件夹下的文件运行一种check_access的方法。 I heard about RAILS_ROOT/private.我听说过 RAILS_ROOT/private。 I believe this directory provides my demands.我相信这个目录满足了我的需求。

But I don't have deep information about it.但我没有关于它的深入信息。 The core idea of mine is serving files to only use which has the ability to view/download the files.我的核心思想是提供文件以仅使用具有查看/下载文件能力的文件。 Such as a posted pictures, I don't want them to be public.比如张贴的图片,我不希望它们公开。 Currently, all the people who have knowledge of the URL pointing to the correct directory can access all files.目前,凡是了解URL的人,只要指向正确的目录,就可以访问所有文件。

PS: The files under /public dir are uploaded via carrierwave gem. PS:/public 目录下的文件是通过carrierwave gem 上传的。

Thanks.谢谢。

2 个解决方案

解决方案1
 1  2021-05-11 12:06:02

You can define the permissions in your database and then you can add a check before displaying the url of a file to the users.您可以在数据库中定义权限,然后可以在向用户显示文件的 url 之前添加检查。 You shouldn't keep the files in public folder if you want them to be restricted.如果您希望它们受到限制,则不应将文件保留在公用文件夹中。

解决方案2
 1 已采纳  2021-05-11 12:17:13

If you need access control for your files you don't want to serve them from your public folder.如果您需要对您的文件进行访问控制,您不想从您的公用文件夹中提供这些文件。 Your public folder is server either by ActionDispatch::StaticFile or directly by your web server - neither of which provide the kind of access controll you want.您的公用文件夹是由ActionDispatch::StaticFile或直接由您的 web 服务器提供的服务器 - 它们都没有提供您想要的访问控制。

Instead you would create a controller which serves up the files:相反,您将创建一个 controller 来提供文件:

class FilesController < ActionController::Metal
  before_action :authenticate! # you need to implement this
  before_action :authorize!    # you need to implement this

  # GET /files/:filename
  def show
    path = Rails.root.join(
      'uploads', # can be any directory you want really
       # avoids a malicous user being able to use for example '../../secret/password'
       ActiveStorage::Filename.new(params[:file_name]).sanitized
    )
    if File.exist?(path)
      send_file path
    else
      head :not_found
    end
  end
end

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 RAILS_ROOT需要吗? - RAILS_ROOT require? Ruby on Rails应用程序显示RAILS_ROOT的索引 - Ruby on Rails app showing index of RAILS_ROOT 可以更改RAILS_ROOT吗? - Possible to change RAILS_ROOT? 带外壳程序脚本的RAILS_ROOT - RAILS_ROOT with shell script 用Rails.root替换RAILS_ROOT - Replacing RAILS_ROOT with Rails.root 回形针将图像保存在:rails_root之外 - Paperclip saving the image outside the :rails_root #{path}和“#{RAILS_ROOT}”之间的区别是什么? - what is the the difference between #{path} and “#{RAILS_ROOT}” NameError:未初始化的常量Person :: RAILS_ROOT - NameError: uninitialized constant Person::RAILS_ROOT RAILS_ROOT_VIEW_PATH像RAILS_ROOT一样的常量吗? - RAILS_ROOT_VIEW_PATH Constant, like RAILS_ROOT? Rails 3,显示来自RAILS_ROOT上方的本地文件系统的jpg图像 - Rails 3, displaying jpg images from the local file system above RAILS_ROOT
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM