From b7dfc86a31db1eeac419d722ee1eb0ce5d32f930 Mon Sep 17 00:00:00 2001
From: Kat <katrina@kosiak.co.uk>
Date: Tue, 26 Mar 2024 10:39:52 +0000
Subject: [PATCH] Do not show deleted users

---
 app/controllers/users_controller.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index d783ef843..6a76cb047 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -207,6 +207,7 @@ private
     if action_name == "create"
       head :unauthorized and return unless current_user.data_coordinator? || current_user.support?
     else
+      render_not_found and return if @user.status == :deleted
       render_not_found and return unless (current_user.organisation == @user.organisation) || current_user.support?
       render_not_found and return if action_name == "edit_password" && current_user != @user
       render_not_found and return unless action_name == "show" ||