Direct access to user profile
modenaa opened this issue · comments
modenaa commented
There seems to be a bug which allows direct profile requests to be processed. domain.com/user/profile/admin should not be exposed.
Hasan Dz commented
I don't know public profiles are bug or feature. But you can disable this adding this line to the routes.php
Entrust::routeNeedsPermission( 'user/profile*', 'post_comment', Redirect::to('/') );
Andrew Elkins commented
It's not really a bug, more of a feature. If you don't want to allow profiles to be seen, just use @hasandz solution