Closed
Description
Description
A user with limited visibility cannot open the profile page and gets an HTTPNotFound error (404). It works if the user sets the visibility to public.
In models\user\user.go (IsUserVisibleToViewer) no check is made if the user in question is also the viewer, which should be allowed in my opinion.
As an admin, I can see my profile and all the other users profiles.
Log (user is called foo_bar):
router: completed GET /foo_bar for 127.0.0.1:54370, 404 Not Found in 5.4ms @ user/profile.go:29(user.Profile)
Gitea Version
1.17.2
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
2.20.1
Operating System
Debian 10 Buster
How are you running Gitea?
Binary using systemd service unit.
Database
PostgreSQL