I have a very simple Ruby on Rails app which uses acts_as_solr plugin to index and search PDF files.
The basic idea of the app is: all PDF files located in myRoRapp/public/PDFfiles/example.pdf
are full-text search-able. Usage of the webapp returns links to all PDFs that meet the search criteria.
The app is user authenticated using nifty_authentication generators which I assume are a simple implementation of authlogic tools (note, I also have the authlogic gem installed). The user restriction is currently only applied in a very simple manner--> on the level of /views
. To clarify, all .html.erb
files have the following code:
<% if logged_in? %>
....
<% end %>
This easy solution works great for restricting access to the viewable portions of the app. However, I am not clear on how to use the authlogic framework to also restrict access to the PDF files in public. Currently, anyone who knows the path to the PDF file can open and view it.
I know I can restrict access to directories and files using .htaccess, however, is there a seamless way to use authlogic modules to integrate with .htaccess such that only users logged in with authlogic modules have access?