3cd4f3827e
It could be argued that seeing which proposals a user follows is a good
indicator of which proposals a user has supported, since we're
automatically creating follows for supported proposals since commit
74fbde09f. So now, we're extending the `public_interests` funcionality,
so it only shows elements users are following if they've enabled it.
This is an improvement over using the `public_activity` attribute in two
ways:
* The `public_interests` attribute is disabled by default, so by default
other users won't be able to see what a user is following
* Who has created proposals/debates/investments/comments is public
information, while who is following which elements is not; so enabling
`public_activity` shouldn't imply potentially private information should
be displayed as well
We've considered removing the `public_interests` attribute completely
and just hiding the "following" page for everyone except its owner, but
keeping it provides more compatibility with existing installations.
15 lines
347 B
Ruby
15 lines
347 B
Ruby
class UsersController < ApplicationController
|
|
load_and_authorize_resource
|
|
helper_method :valid_interests_access?
|
|
|
|
def show
|
|
raise CanCan::AccessDenied if params[:filter] == "follows" && !valid_interests_access?(@user)
|
|
end
|
|
|
|
private
|
|
|
|
def valid_interests_access?(user)
|
|
user.public_interests || user == current_user
|
|
end
|
|
end
|