grecia/app/controllers/users_controller.rb

class UsersController < ApplicationController
  load_and_authorize_resource
  before_action :check_slug
  helper_method :valid_interests_access?

  def show
    raise CanCan::AccessDenied if params[:filter] == "follows" && !valid_interests_access?(@user)
  end

  private

    def check_slug
      slug = params[:id].split("-", 2)[1]

      raise ActiveRecord::RecordNotFound unless @user.slug == slug.to_s
    end

    def valid_interests_access?(user)
      user.public_interests || user == current_user
    end
end