diff options
author | Felipe Artur <felipefac@gmail.com> | 2016-03-24 12:55:04 -0300 |
---|---|---|
committer | Felipe Artur <felipefac@gmail.com> | 2016-04-18 11:11:36 -0300 |
commit | b05f0a48584ea45cc89a8efaafd8e54642b8497c (patch) | |
tree | b332d81e44d0afb990898d88f1dae30cea42fb1a /app/controllers/users_controller.rb | |
parent | 5ae4fd2181e81f6e75a9d4021fc7d0c4749139ef (diff) | |
download | gitlab-ce-b05f0a48584ea45cc89a8efaafd8e54642b8497c.tar.gz |
Restrict user profiles based on restricted visibility levels
Diffstat (limited to 'app/controllers/users_controller.rb')
-rw-r--r-- | app/controllers/users_controller.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 8e7956da48f..49ddcfed7b1 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,6 +1,7 @@ class UsersController < ApplicationController skip_before_action :authenticate_user! before_action :set_user + before_filter :authorize_read_user, only: [:show] def show respond_to do |format| @@ -74,6 +75,9 @@ class UsersController < ApplicationController end private + def authorize_read_user + render_404 unless @user.public? + end def set_user @user = User.find_by_username!(params[:username]) |