I have a Ruby on Rails (2.2.2) application where users can upload images and mark them as 'locked'. This will put them in another folder than if you don't mark it. The normal upload folder is /uploads/Image and the locked folder is /uploads/vip/Image. I would like to lock down the VIP folder only, so that you can not send the link to someone and view it without being logged in. I guess the logic would have to be redirected to the app instead of just serving the image blindly. Question is how?
Creating a model in rails is not an option since these images are uploaded by fckeditor and will just be written and linked in without further logic.
Have a before filter, like
before_filter :authenticate_user!
if you are using devise. This will redirect to the login page if the user is not logged in. The images are served through a controller action.