From 7f9e05130fafb510013e32bff27191f880de4956 Mon Sep 17 00:00:00 2001
From: Tobias Schmidt <tobi@gronom.de>
Date: Sun, 12 Jul 2009 20:48:37 +0800
Subject: [PATCH] restrict access to files

Signed-off-by: trebor8x <trobbe@online.de>
---
 app/models/doc.rb                     | 3 ++-
 app/models/pdf.rb                     | 3 ++-
 app/views/invoices/_invoices.html.erb | 4 ++--
 app/views/invoices/show.html.erb      | 4 ++--
 4 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/app/models/doc.rb b/app/models/doc.rb
index d6afc37..f7423ce 100644
--- a/app/models/doc.rb
+++ b/app/models/doc.rb
@@ -2,7 +2,8 @@ class Doc < StoredFile
   set_table_name "stored_files"
   has_attachment  :content_type => 'application/msword',
                   :max_size => 3.megabytes,
-                  :storage => :s3
+                  :storage => :s3,
+                  :s3_access => :private
 
   validates_as_attachment
 end
diff --git a/app/models/pdf.rb b/app/models/pdf.rb
index b3be69a..35514b6 100644
--- a/app/models/pdf.rb
+++ b/app/models/pdf.rb
@@ -1,7 +1,8 @@
 class Pdf < StoredFile
   has_attachment  :content_type => 'application/pdf',
                   :max_size => 3.megabytes,
-                  :storage => :s3
+                  :storage => :s3,
+                  :s3_access => :private
 
   validates_as_attachment
 end
diff --git a/app/views/invoices/_invoices.html.erb b/app/views/invoices/_invoices.html.erb
index 62092e2..b438734 100644
--- a/app/views/invoices/_invoices.html.erb
+++ b/app/views/invoices/_invoices.html.erb
@@ -13,8 +13,8 @@
     <td class="right"><%= link_to invoice.customer.company_name, customer_url(invoice.customer) %></td>
     <td class="right"><%= number_to_currency_with_euro(invoice.sum) %></td>
     <td class="right"><%= l invoice.date, :format => :long %></td>
-    <td><% if invoice.pdf%><%= link_to image_tag("acroread.png"), invoice.pdf.public_filename %><% end %></td>
-    <td><% if invoice.doc%><%= link_to image_tag("word.png"), invoice.doc.public_filename%><% end %></td>
+    <td><% if invoice.pdf%><%= link_to image_tag("acroread.png"), invoice.pdf.authenticated_s3_url %><% end %></td>
+    <td><% if invoice.doc%><%= link_to image_tag("word.png"), invoice.doc.authenticated_s3_url %><% end %></td>
     <td><%= link_to 'Zeigen', invoice %></td>
     <td><%= link_to 'Bearbeiten', edit_invoice_path(invoice) %></td>
     <td><%= link_to 'Löschen', invoice, :confirm => 'Sind Sie sicher?', :method => :delete %></td>
diff --git a/app/views/invoices/show.html.erb b/app/views/invoices/show.html.erb
index 066a30f..92bccbf 100644
--- a/app/views/invoices/show.html.erb
+++ b/app/views/invoices/show.html.erb
@@ -20,7 +20,7 @@
 	<p>
 	<b>Rechnung-Pdf:</b>
 	<% if @invoice.pdf %>
-		<%= link_to(@invoice.pdf.filename, @invoice.pdf.public_filename) %>
+		<%= link_to(@invoice.pdf.filename, @invoice.pdf.authenticated_s3_url) %>
 	<% else %>
 		---
 	<%end%>
@@ -28,7 +28,7 @@
 	<p>
 	<b>Rechnung-Doc:</b>
 	<% if @invoice.doc %>
-		<%= link_to(@invoice.doc.filename, @invoice.doc.public_filename) %>
+		<%= link_to(@invoice.doc.filename, @invoice.doc.authenticated_s3_url) %>
 	<% else %>
 		---
 	<%end%>