Reputation: 12224
How can I secure static content in Rails 3?
I have an HTML user guide for my application. But I don't want those who are not logged in to be able to access it. I am using Devise authentication and CanCan authorization.
Upvotes: 5
Views: 2043
Answers (3)
Reputation: 11278
I would store it outside the public folder and serve it through a simple controller that just performs the authentication check. Doing this with x-sendfile ( https://tn123.org/mod_xsendfile/ ) should minimize the additional server load. Here's a rough guide: http://elivz.com/blog/single/mod_xsendfile/
Upvotes: 3
Reputation: 66
Take a look at the High Voltage plugin.
This is a fairly simple controller designed to serve static content. Authenticate by extending HighVoltage::PagesController and handling authentication like you would with any other controller (minimal example available on the linked page).
Upvotes: 0
Reputation: 4142
I'm not familier with the authentication method that you are using, but once you authenticate a user you can save logged_in flag in your session
session[:user]='logged_in'
than you can create a helper
def logged_in?
session[:user] =='logged_in'
end
Now you will be abe to use this helper in you views
<% if logged_in? %>
your html
<% end %>
Now this is very basic, if you need something more specific let us know
--So I just noticed that you want to make sure that only logged in users will be able to see the whole page.
then you should use you authenticate function as a before filter in you controller
before_filter :authenticate
Upvotes: 0
Related Questions
- How can I protect the content of public/ in a Rails app
- How to use html_safe in a secure manner?
- protect urls in rails
- Safely storing html rails
- improve / better way to serve pre-compiled asset secure?
- How to secure the content inside a production DB for a RoR web application
- Exposing static files in Ruby on Rails 3.1+?
- How to implement security in Rails 3?
- How to secure images with Rails?