问题
I have some template files I would like to use in my rails App. I was wondering where(under which directory) to put them given two scenarios:
- They are private to my application (Only webmaster can delete, change them)
- They are private to my application but also they can be managed by admins(deleted, modified)
回答1:
Update after comments
Since you want to serve the files locally, just put them outside of the /public/ folder and outside of any of the /assets/ folders and you should be good. You can read more about the public and assets folders here: Section 2 How to use the Asset Pipeline Let's say:
/private/
I believe Section 11 send_file also used in the SO question linked in my original answer below is still the way for you to provide access to files through a controller rather than statically. Adapted from the docs:
send_file("#{Rails.root}/private/#{filename}",
:filename => "#{filename}",
:type => "application/pdf", #for example if pdf
:disposition => 'inline') #send inline instead of attachment
Original answer for remote serving together with send_file below
Regarding 1) files private to the application You can lock up these private files in a system like Amazon S3 that provides authorized access as Callmeed explains in this SO question. Then only your application will be able to authorize access to a file.
Regarding 2) also accessible to admins
The problem with just using part 1) is that it unlocks the files for a limited time period during which I assume they are publicly available. So if you want to get around that, I think you need to take the solution from Pavel Shved actually in the same SO question above.
In that solution, files are provided through a route/controller that provides the binary data of the file rather than using a URL that points to the file.
Combined solution
Read the file from S3 with only your application authorized to do that access (not opening it publicly). Then provide the data directly through the controller which can authorize whomever you want.
Caveats
- Providing binary data directly from the controller seems like it would kill performance of the application if it is used often, but I've never tried it.
- If you can find a more simple way to do part 1), part 2) will still work with that solution
来源:https://stackoverflow.com/questions/9354139/where-to-put-private-documents-to-use-in-rails-applications