stackoom
  简体   繁体   中英

Files saved by carrierwave is being gotten visible to users not logged in

 原文  2018-07-30 05:26:27       mysql/ ruby-on-rails/ nginx/ file-upload/ carrierwave

Question

Current Detail

[Env]

nginx puma mysql Rails == 5.1.5

I mounted carrierwave to upload pictures and files in a post.

[Case]

Users not logged in type the file URL in browser, then they can access and view the file.

[Ideal]

Only users logged in is accessible to the file.

The file path is "uploads/post/images/1234(post_id)/sample.png". So far, I locate uploads directory under public, app/assets/, and root directory in vain.

Any answers or suggestions are appreciated.

Source 

Rails.application.routes.draw do
  get 'users/index'
  get 'users/show'
  get 'posts/index'

  devise_for :users, module: :users
  resources :users, :only => [:index, :show]

  get "/" => "posts#index"
  get "posts/like_ranking" => "posts#like_rank"
  get "posts/post_count_ranking" => "posts#post_count"
  get "posts/tags_search" => "posts#tags_search"
  get "posts/new" => "posts#new"
  get "posts/:id/reply" => "posts#new"
  post "posts/create" => "posts#create"
  get "posts/:id" => "posts#show"
  get "posts/:id/edit" => "posts#edit"
  post "posts/:id/update" => "posts#update"
  post "posts/:id/destroy" => "posts#destroy"

  get 'tags/:tag', to: 'posts#index', as: :tag

  get "users/:id/likes" => "users#likes"
  get "users/:id/reply" => "users#reply"

  resources :posts, only: %w(index)

  resources :posts, shallow: true do
    resources :likes, only: [:create, :destroy]
  end
end

" 

class ImageUploader < CarrierWave::Uploader::Base
  # Choose what kind of storage to use for this uploader:
  storage :file

  # Override the directory where uploaded files will be stored.
  # This is a sensible default for uploaders that are meant to be mounted:
  def store_dir
    "uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
  end
end

1 answers

solution1
 2 ACCPTED  2018-07-30 07:33:19

All assets under the public folder is served by nginx . In order to make it available for logged users you can first upload files to other directory than public and create action which serve files by Rails app from that directory and check if users logged before serving.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Run PHP files from Javascript to check Online users: says users who are not logged in are how to make a download directory for valid users without being logged in, just by browser authentication? Identify logged users in PHP Display users logged in data Form not displaying for logged in users Managing Logged in users Session not being saved as id Php query for logged in users and not logged in users between two dates authorizing users that have not registered or logged in Number of users that logged in the past day
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM