Direct access to user profile

Question

modenaa opened this issue 10 years ago · comments

There seems to be a bug which allows direct profile requests to be processed. domain.com/user/profile/admin should not be exposed.

Hasan Dz · Answer 1 · Sun Aug 31 2014 14:58:20 GMT+0800 (China Standard Time)

I don't know public profiles are bug or feature. But you can disable this adding this line to the routes.php


Entrust::routeNeedsPermission( 'user/profile*', 'post_comment', Redirect::to('/') );

Andrew Elkins · Answer 2 · Tue Sep 16 2014 08:27:02 GMT+0800 (China Standard Time)

It's not really a bug, more of a feature. If you don't want to allow profiles to be seen, just use @hasandz solution