From ea26c566317dd21c2de95767aac042029254823b Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Thu, 20 Apr 2017 13:00:45 +0530
Subject: [PATCH] FIX: redirect to login page for anonymous user when profiles
 are hidden

---
 app/controllers/users_controller.rb       | 2 +-
 spec/controllers/users_controller_spec.rb | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index d630da7442a..401d9ed6230 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -36,7 +36,7 @@ class UsersController < ApplicationController
   end
 
   def show
-    raise Discourse::InvalidAccess if SiteSetting.hide_user_profiles_from_public && !current_user
+    return redirect_to path('/login') if SiteSetting.hide_user_profiles_from_public && !current_user
 
     @user = fetch_user_from_params(
       { include_inactive: current_user.try(:staff?) },
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 3b2f5f0d5a7..b44d22d627c 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -13,10 +13,10 @@ describe UsersController do
         expect(response).to be_success
       end
 
-      it "raises an error for anon when profiles are hidden" do
+      it "should redirect to login page for anonymous user when profiles are hidden" do
         SiteSetting.hide_user_profiles_from_public = true
         xhr :get, :show, username: user.username, format: :json
-        expect(response).not_to be_success
+        expect(response).to redirect_to '/login'
       end
 
     end