Dry up routable lookups. Fixes #30317

Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all.

1 files changed, 4 insertions, 4 deletions

diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 5e8caa89cb7..9b6b9358a40 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -36,9 +36,9 @@ describe UsersController do
       end
 
       context 'when logged out' do
-        it 'renders 404' do
+        it 'redirects to login page' do
           get :show, username: user.username
-          expect(response).to have_http_status(404)
+          expect(response).to redirect_to new_user_session_path
         end
       end
 
@@ -88,9 +88,9 @@ describe UsersController do
 
     context 'when a user by that username does not exist' do
       context 'when logged out' do
-        it 'renders 404 (does not redirect to login)' do
+        it 'redirects to login page' do
           get :show, username: 'nonexistent'
-          expect(response).to have_http_status(404)
+          expect(response).to redirect_to new_user_session_path
         end
       end