stackoom
  简体   繁体   中英

Carrierwave - “uploading” a file from a string

 原文  2012-08-01 04:10:40       ruby-on-rails/ ruby/ ruby-on-rails-3/ file-upload/ carrierwave

Question

Users in my site can upload their own photos for a model or choose from a library. When the users choose from the library I send the file name as a string to the server {file: {url: 'url.jpg'}} . I haven't find a way in which carrierwave can just update a model file without uploading it. I can write a condition in my model that checks for the existence of that parameter and then model.file = File.open('str.jpg') . Is that bad from a security view? How can I "upload" files, or just update the file attribute, to reference a file that's already available on the server?

Thanks!

2 answers

solution1
 4 ACCPTED  2012-08-07 22:42:46

Your solution of using File.open would work, but you should verify that the name is valid with File.basename so someone couldn't pass ../../secret_credentials.yml and expose info you don't want them to. Also checking it against the list of preset images would be a good idea.

However, you can do this more efficiently by skipping CarrierWave in this case.

Add a new field called library_image , when someone wants to use a preset image, then you set library_image , if they want to use their own photo, unset library_image and upload the photo as normal. Then add a helper method like: 

def avatar_url
    if self.library_image?
        "http://example.com/images/#{self.library_image}"
    else
        self.picture.url
    end
end

This assumes that you can find the preset images at http://example.com/images/[name] and you are using mount_uploader in CarrierWave named picture .

Now anytime you want to display their picture, you would call avatar_url which will check if it should return the preset URL, or the picture they uploaded.

An example of how you would update library_image or picture based on your original question: 

if params[:file].is_a?(Hash)
    model.library_image = params[:file][:url]
    model.remove_picture = true
else
    model.library_image = nil
    model.picture = params[:file]
end

solution2
 3  2012-08-01 15:21:32

I would make another resource called LibraryImages wich holds these image files.

These would be in a relation with the User class using the has_many association. the second is to seperate when a user wants to use its own image instead of a pre defined one.

therefor I would suggest adding a boolean type called 'use_library', once they choose to use their own image it will just upload to the user.image without any problems.

now in your view just ask if the use_library returns true if so use image_tag(user.library_image)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Carrierwave not uploading file (Rails 4) Uploading a file using carrierwave Uploading a file through Paperclip or Carrierwave from a Mail attachment Uploading a remote file url from Rails Console with Carrierwave Carrierwave nested model setup: Not uploading the file and not erroring Carrierwave Multiple File Uploading - Active Admin No route matches error while uploading a file with Carrierwave Carrierwave & Amazon S3 file downloading/uploading Uploading image from PhoneGap to Carrierwave / Rails 3? No implicit conversion of String into Hash when uploading an image with Carrierwave
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM