Thanks a lot, Peter. I got all pieces together now. On Apr 13, 9:10 pm, Peter Hickman <peterhickman...@googlemail.com> wrote: > On 13 April 2011 15:56, Ivan K. <div...@gmail.com> wrote: > > > Lets say :file_id => 1, :uid => 9 > > Link would be look like /secure_download/9 > > How user gonna get the file? Aren't user would see the original link > > to file while downloading? > > When you render the links to the files, assuming that there is a page > with a list of their files on it, you render /ordinary_download/xxx > for a file without a password and /enter_password/yyy for a file with > a password. If they successfully enter the password on the > enter_password page create the OneTimeDownload entry and give them the > link /secure_download/037GA738AE from which they can download the > file. > > You should also check that the /ordinary_download/xxx link (when > accessed by the controller) does not have a password associated so > that they can't just enter /ordinary_download/yyy in the browser.
-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
