File: README — Documentation for paperclip

+--- + +Private Attachments +------------------- +If you want to place files behind a controller in order to perform validation you can. + +In your routes.rb file mount the paperclip engine with any path you'd like. +Ex: +ruby +mount PaperclipPrivate::Engine => 'paperclip/' + + +You have to register class names and their attachments with the whitelist registry. This can happen in the controller or in config/paperclip_private.rb +The following example would whitelist the class PrivateAttachment's file: +ruby +require 'paperclip_private' +PaperclipPrivate::Whitelist.register({PrivateAttachment: :file}) + +You can also pass an array of names like {PrivateAttachment: [:file, :avatar]}. + +Then in your model add privacy: :private to the has_attached_file options. This can also accept a lambda that gets passed the attachment instance and expects back either :private or :public. +Then add the method can_download_attachment?. +The method can_download_attachment? gets passed the controller instance and the params and is expected to return true, false, or raise Paperclip::Errors::AccessDeniedError. +The controller is passed so that methods like current_user can be run on it to get the user instance for validation puprposes. Duplicated params gets passed to do things like allow anyone if the style is :thumb or to only allow :original to paid users. +Ex: +```ruby

has_attached_file :file, privacy: :private +
def can_download_attachment?(controller, params)
params[:style] == :thumb || (!controller.current_user.nil? && created_by == controller.current_user.id)
end +```