From 7c25880806eca7366ca8936a9ea3bc7fd8125f77 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Thu, 10 Mar 2016 17:50:29 +1030
Subject: [PATCH] Fix posts being incorrectly visible on user page. closes #680

- When no discussions are visible, the query that filters posts by discussion visibility was incorrectly making all posts visible.
- Also hide user profiles altogether if discussions are not visible.
---
 framework/core/src/Core/Access/UserPolicy.php        | 12 ++++++++++++
 .../core/src/Core/Repository/PostRepository.php      |  2 ++
 2 files changed, 14 insertions(+)

diff --git a/framework/core/src/Core/Access/UserPolicy.php b/framework/core/src/Core/Access/UserPolicy.php
index 6daf97c87..1bc0be78e 100644
--- a/framework/core/src/Core/Access/UserPolicy.php
+++ b/framework/core/src/Core/Access/UserPolicy.php
@@ -11,6 +11,7 @@
 namespace Flarum\Core\Access;
 
 use Flarum\Core\User;
+use Illuminate\Database\Eloquent\Builder;
 
 class UserPolicy extends AbstractPolicy
 {
@@ -30,4 +31,15 @@ class UserPolicy extends AbstractPolicy
             return true;
         }
     }
+
+    /**
+     * @param User $actor
+     * @param Builder $query
+     */
+    public function find(User $actor, Builder $query)
+    {
+        if ($actor->cannot('viewDiscussions')) {
+            $query->whereRaw('FALSE');
+        }
+    }
 }
diff --git a/framework/core/src/Core/Repository/PostRepository.php b/framework/core/src/Core/Repository/PostRepository.php
index ea106c477..7c14c6192 100644
--- a/framework/core/src/Core/Repository/PostRepository.php
+++ b/framework/core/src/Core/Repository/PostRepository.php
@@ -96,6 +96,8 @@ class PostRepository
                         event(new ScopePostVisibility($discussion, $query, $actor));
                     });
                 }
+
+                $query->orWhereRaw('FALSE');
             })
             ->get();