From f5639e1cbe0eb9de88a8f4b1c82833fdcffe62b8 Mon Sep 17 00:00:00 2001 From: Claire Date: Fri, 28 Jan 2022 14:24:37 +0100 Subject: Change public profile pages to be disabled for unconfirmed users (#17385) Fixes #17382 Note that unconfirmed and unapproved accounts can still be searched for and their (empty) account retrieved using the REST API. --- app/controllers/concerns/account_owned_concern.rb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'app/controllers/concerns') diff --git a/app/controllers/concerns/account_owned_concern.rb b/app/controllers/concerns/account_owned_concern.rb index 62e379846..25149d03f 100644 --- a/app/controllers/concerns/account_owned_concern.rb +++ b/app/controllers/concerns/account_owned_concern.rb @@ -8,6 +8,7 @@ module AccountOwnedConcern before_action :set_account, if: :account_required? before_action :check_account_approval, if: :account_required? before_action :check_account_suspension, if: :account_required? + before_action :check_account_confirmation, if: :account_required? end private @@ -28,6 +29,10 @@ module AccountOwnedConcern not_found if @account.local? && @account.user_pending? end + def check_account_confirmation + not_found if @account.local? && !@account.user_confirmed? + end + def check_account_suspension if @account.suspended_permanently? permanent_suspension_response -- cgit