I'm currently using
send_data File.new(filename, 'rb').read, :type => content_type, :disposition => 'inline'
To serve up uploaded files, which are stored outside the public directory. Of course, I don't want files to be globally accessible, so I'm not sure I want to bypass Rails in the usual way by putting the file into public. I would still like to use Rails to decide whether the user has rights to view a file, but currently, loading the file capitalizes the Rails process and seems to prevent other attempts to access something through Rails. I don't want, say, the download of a large file, to block parallel requests. What am I looking for here?
Ideally, I'd like something that works more or less painlessly between development and production.