From b05f0a48584ea45cc89a8efaafd8e54642b8497c Mon Sep 17 00:00:00 2001
From: Felipe Artur <felipefac@gmail.com>
Date: Thu, 24 Mar 2016 12:55:04 -0300
Subject: Restrict user profiles based on restricted visibility levels

---
 app/controllers/users_controller.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'app/controllers/users_controller.rb')

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 8e7956da48f..49ddcfed7b1 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,6 +1,7 @@
 class UsersController < ApplicationController
   skip_before_action :authenticate_user!
   before_action :set_user
+  before_filter :authorize_read_user, only: [:show]
 
   def show
     respond_to do |format|
@@ -74,6 +75,9 @@ class UsersController < ApplicationController
   end
 
   private
+  def authorize_read_user
+    render_404 unless @user.public?
+  end
 
   def set_user
     @user = User.find_by_username!(params[:username])
-- 
cgit v1.2.1