I like to restrict the access in a download method in a dataset controller with authlogic and acl9. The download method at the moment is restricted to logged in users only. But now I like to have one format to be downloadable for everybody. The method looks like this:
def download
@dataset.log_download(current_user)
respond_to do |format|
format.html do
send_file @dataset.generated_spreadsheet.path, :filename => "#{@dataset.filename}"
end
format.csv do
send_data @dataset.to_csv(params[:separate_category_columns] =~ /true/i), :type => "text/csv",
:disposition => 'attachment', :filename => "#{@dataset.filename}.csv"
end
format.eml do
eml_file = render_to_string(params[:separate_category_columns], :template=>"datasets/show.eml")
send_data(eml_file, :type=>"text/xml", :disposition => 'attachment', :filename => "#{@dataset.id}.eml") end
end
end
The restriction rules with acl9 look like this
access_control do
allow all, :to => [:show, :index]
actions :download
allow logged_in
end
end
How coudl I achieve something like
access_control do
allow all, :to => [:show, :index]
actions :download
allow logged_in ... (except format eml)
end
end
How can I do this properly? Any help would be appreciated.