Users should not be able to see each other's details, unless they are an admin

Author: darora

lib/sinatra-authentication.rb

@@ -30,6 +30,9 @@ def self.registered(app)
       app.get '/users/:id/?' do
         login_required
 
+        if params[:id].to_i != current_user.id and !current_user.admin?
+          redirect "/"
+        end
         @user = User.get(:id => params[:id])
         send options.template_engine,  get_view_as_string("show.#{options.template_engine}"), :layout => use_layout?
       end