@ -58,7 +58,9 @@ class ListUserLocationsController extends AbstractListController
$actor = RequestUtil::getActor($request);
$actor = RequestUtil::getActor($request);
$actor->assertCan('searchUsers');
// We do not limit discovery of users in this method, because we only reveal those who have accepted to appear on the global map (they have defined a location in their profile)
// Also, this method only returns attributes related to the map (like username and location)
//$actor->assertCan('searchUsers');
if (! $actor->hasPermission('user.viewLastSeenAt')) {
if (! $actor->hasPermission('user.viewLastSeenAt')) {
// If a user cannot see everyone's last online date, we prevent them from sorting by it
// If a user cannot see everyone's last online date, we prevent them from sorting by it
@ -77,11 +79,13 @@ class ListUserLocationsController extends AbstractListController
$criteria = new QueryCriteria($actor, $filters, $sort, $sortIsDefault);
$criteria = new QueryCriteria($actor, $filters, $sort, $sortIsDefault);
$criteria->mustHaveLocation = true;
$criteria->mustHaveLocation = true;
if (array_key_exists('q', $filters)) {
// As of now, search is disabled, because in current implementation it could disclose users who do not want to appear on the map (no location)