From 51a045dae9976639f15ea86b50f5ff15864c81fc Mon Sep 17 00:00:00 2001
From: redfast00 <redfast00@gmail.com>
Date: Wed, 10 Apr 2019 11:58:48 +0200
Subject: [PATCH] Don't allow users to see each others balances

---
 app/controllers/users_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index f2376a4..11a4d14 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -4,7 +4,7 @@ class UsersController < ApplicationController
   before_action :authenticate_user!, except: :show
   before_action :authenticate_user_or_client!, only: :show
 
-  load_and_authorize_resource except: :show, find_by: :name
+  load_and_authorize_resource find_by: :name
 
   def show
     @user = User.find_by(name: params[:id]) || User.new