2

I am trying to find the best way to render confidential images in a view, without storing the images within the rails application flat-filesystem, as I have no idea where to place the images. I am storing the image data binary as :text in a sqlite3 database table and successfully display the images using 

<% s = "data:image/png;base64,#{ActiveSupport::Base64.encode64(@my_image)}"%>
<img style = 'width:100%; height:600px' src = '<%= s %>'/>

This works for me in Firefox and Chrome, but my client cannot get the images to display. I'll find out in an hour or two what browser they are using. Client says they want the image src url to look like a relative path within a controller's folder, which seems to contradict the notion of not storing the image in the flat-file system.

I think I am missing something very small here, but I would like to know the proper way to store images and documents in an application that are not public to all users. If my question is not clear or you need information, please let me know and I will provide more information.

I have read of attachment_fu and paperclip, but they appear to allow attachment downloads, and I just need to display an image inline on a page. Any help is greatly appreciated. Thank you much in advance.

kikuchiyo
  • 3,391
  • 3
  • 23
  • 29
  • I think I'm going to look into ruby-ldap as well http://www.railsatwork.com/2011/08/ruby-ldap-server-with-mysql-database.html – kikuchiyo Nov 29 '11 at 14:59

3 Answers3

3

You can keep files in non-public repositories and have controllers action with send_file(path, options = {}) It allows you store files somewhere on the hard disc and keep access logic inside your controller.

Bohdan
  • 8,298
  • 6
  • 41
  • 51
  • Thank you. I have to display three such images in a particular view. Using send_file inline from my controller renders a page displaying only the image I provide to send_file. This would be perfect if I could somehow send the file to the image tag of interest. I will see if this can be done. Thanks again for your help. – kikuchiyo Nov 29 '11 at 17:26
  • 1
    You can have a single action that responds to URLs like `/secret_image` inside controller you get the file based on `params[:file]` value and when you rendering your view use ` – Bohdan Nov 29 '11 at 22:07
  • This was just what I was looking for. Thank you much Bodhan! Worked like a charm :) – kikuchiyo Nov 30 '11 at 07:36
1

Have you tried the paperclip gem? You can upload images to amazon and amazon allows you to set permissions for files...if you want to do it that way.

Artem Kalinchuk
  • 6,502
  • 7
  • 43
  • 57
1

As Artem says, Amazon is a great way to achieve this. But if I get you right, they want to see an URL to the image directly (i.e. be able to type the source into the address-field if they want to).

You need to decide wether everyone should be able to access the image (given they know the name/path), or to have authentication, in which case I don't think a relative path is worth anything.

Can't you just have an image-folder containing all images (not accessible by URL), and a table to lookup wether userX is allowed to see imageY?

Allan Nørgaard
  • 284
  • 2
  • 11
  • Thank you. I was originally using this method, placing images on the file-system, but then we had the issue of users being able to guess locations of images they are not allowed to access. I toyed with the idea of letting users log into the system with ldap, and restricting access in the usual way on the file system, but client does not want users logged into their system. I am going to try to clear things up with the client later this morning when they are available. Thank you again for your timely response. – kikuchiyo Nov 29 '11 at 14:54
  • Ah, and yes, I am using authentication, and not all users are allowed to access all images. – kikuchiyo Nov 29 '11 at 14:56