restrict access to files

Signed-off-by: trebor8x <trobbe@online.de>
grobie · Jul 31, 2009 · 7f9e051 · 7f9e051
1 parent 53250c0
commit 7f9e051
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 6 deletions.
diff --git a/app/models/doc.rb b/app/models/doc.rb
@@ -2,7 +2,8 @@ class Doc < StoredFile
   set_table_name "stored_files"
   has_attachment  :content_type => 'application/msword',
                   :max_size => 3.megabytes,
-                  :storage => :s3
+                  :storage => :s3,
+                  :s3_access => :private
 
   validates_as_attachment
 end
diff --git a/app/models/pdf.rb b/app/models/pdf.rb
@@ -1,7 +1,8 @@
 class Pdf < StoredFile
   has_attachment  :content_type => 'application/pdf',
                   :max_size => 3.megabytes,
-                  :storage => :s3
+                  :storage => :s3,
+                  :s3_access => :private
 
   validates_as_attachment
 end
diff --git a/app/views/invoices/_invoices.html.erb b/app/views/invoices/_invoices.html.erb
@@ -13,8 +13,8 @@
     <td class="right"><%= link_to invoice.customer.company_name, customer_url(invoice.customer) %></td>
     <td class="right"><%= number_to_currency_with_euro(invoice.sum) %></td>
     <td class="right"><%= l invoice.date, :format => :long %></td>
-    <td><% if invoice.pdf%><%= link_to image_tag("acroread.png"), invoice.pdf.public_filename %><% end %></td>
-    <td><% if invoice.doc%><%= link_to image_tag("word.png"), invoice.doc.public_filename%><% end %></td>
+    <td><% if invoice.pdf%><%= link_to image_tag("acroread.png"), invoice.pdf.authenticated_s3_url %><% end %></td>
+    <td><% if invoice.doc%><%= link_to image_tag("word.png"), invoice.doc.authenticated_s3_url %><% end %></td>
     <td><%= link_to 'Zeigen', invoice %></td>
     <td><%= link_to 'Bearbeiten', edit_invoice_path(invoice) %></td>
     <td><%= link_to 'Löschen', invoice, :confirm => 'Sind Sie sicher?', :method => :delete %></td>

diff --git a/app/views/invoices/show.html.erb b/app/views/invoices/show.html.erb
@@ -20,15 +20,15 @@
 	<p>
 	<b>Rechnung-Pdf:</b>
 	<% if @invoice.pdf %>
-		<%= link_to(@invoice.pdf.filename, @invoice.pdf.public_filename) %>
+		<%= link_to(@invoice.pdf.filename, @invoice.pdf.authenticated_s3_url) %>
 	<% else %>
 		---
 	<%end%>
 	</p>
 	<p>
 	<b>Rechnung-Doc:</b>
 	<% if @invoice.doc %>
-		<%= link_to(@invoice.doc.filename, @invoice.doc.public_filename) %>
+		<%= link_to(@invoice.doc.filename, @invoice.doc.authenticated_s3_url) %>
 	<% else %>
 		---
 	<%end%>