From ac56d1d5e54334624cfdf584b1b854c26d2dc00e Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Thu, 29 Oct 2009 18:09:40 +0000
Subject: [PATCH] Do not show user profile if no visible project or activity
 (#4129, #3720).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2986 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/account_controller.rb      | 4 ++++
 test/functional/account_controller_test.rb | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 1b3bf63e..f2d6a8d6 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -35,6 +35,10 @@ class AccountController < ApplicationController
     events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
     @events_by_day = events.group_by(&:event_date)
     
+    if @user != User.current && !User.current.admin? && @memberships.empty? && events.empty?
+      render_404 and return
+    end
+    
   rescue ActiveRecord::RecordNotFound
     render_404
   end
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index e38ccb54..67c4d8b6 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -56,6 +56,11 @@ class AccountControllerTest < ActionController::TestCase
     assert_nil assigns(:user)
   end
   
+  def test_show_should_not_reveal_users_with_no_visible_activity_or_project
+    get :show, :id => 9
+    assert_response 404
+  end
+  
   def test_login_should_redirect_to_back_url_param
     # request.uri is "test.host" in test environment
     post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.host%2Fissues%2Fshow%2F1'
-- 
2.11.0