Actually this user is absolutely not deleted. It's just that non-admin users are not allowed to view all users:
source:/tags/2.3.2/app/controllers/users_controller.rb#L68

Maybe a 403 would be more appropriate.
--------------------------------------------------------------------------------
Jean-Philippe Lang wrote:
> Actually this user is absolutely not deleted. It's just that non-admin users are not allowed to view all users:
> source:/tags/2.3.2/app/controllers/users_controller.rb#L68
>
> Maybe a 403 would be more appropriate.

I suggest that when the user is active, should return a 403 response instead.
If the user is not active, still return 404
--------------------------------------------------------------------------------
Jean-Philippe Lang wrote:
> Actually this user is absolutely not deleted. It's just that non-admin users are not allowed to view all users:
> source:/tags/2.3.2/app/controllers/users_controller.rb#L68

Thanks for this info! I wasn't aware of these conditions at all and I obviously failed to check the corresponding controller action before posting :-/
OT: this new (to me) info sheds a new light on #11724...

William Li wrote:
> Jean-Philippe Lang wrote:
> > [...]
> >
> > Maybe a 403 would be more appropriate.
>
> I suggest that when the user is active, should return a 403 response instead.
> If the user is not active, still return 404

I tend to agree with William on this but I am not sure whether or not a 404 is the best option when a user is locked (in contrast to a user who is registered but no activated).
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

relates,Closed,18128,Make User profile 404 rendering more consistent (and speed up Users#show API)