diff --git a/app/models/abilities/anonymous_ability.rb b/app/models/abilities/anonymous_ability.rb
index 7323e4811..441507bc2 100644
--- a/app/models/abilities/anonymous_ability.rb
+++ b/app/models/abilities/anonymous_ability.rb
@@ -23,8 +23,8 @@ def register_abilities(user=nil)
         end
       end
 
-      can [:index], User # restricted through Space and/or manage
-      can [:show, :current], User, disabled: false
+      can :index, User # restricted through Space and/or manage
+      can :current, User, disabled: false
 
       can [:index, :select], Space
       can [:show, :webconference, :recordings], Space, public: true
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 241aa0daf..1fffce6fe 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -103,9 +103,15 @@
       }.to raise_error(ActiveRecord::RecordNotFound)
     end
 
-    it "should return OK status for existing user" do
-      get :show, id: FactoryGirl.create(:superuser).to_param
-      response.response_code.should == 200
+    context "for non-anonymous users" do
+      before {
+        user = FactoryGirl.create(:user)
+        sign_in(user)
+      }
+      it "should return OK status for existing user" do
+        get :show, id: FactoryGirl.create(:superuser).to_param
+        response.response_code.should == 200
+      end
     end
 
     it { should_authorize an_instance_of(User), :show, id: FactoryGirl.create(:user).to_param }
@@ -186,14 +192,22 @@
         it { assigns(:recent_activities).should include(RecentActivity.find_by(id: @activities[0])) }
       end
 
-      context 'a logged out user' do
+      context 'a logged user' do
         before {
+          user3 = FactoryGirl.create(:user)
+          sign_in(user3)
           get :show, id: user.to_param
         }
 
         it { assigns(:recent_activities).count.should be(1) }
         it { assigns(:recent_activities).should include(RecentActivity.find_by(id: @activities[0])) }
       end
+
+      context 'a not logged user' do
+        before { get :show, id: user.to_param }
+
+        it { should redirect_to(login_path) }
+      end
     end
   end
 
diff --git a/spec/features/users/not_found_errors_spec.rb b/spec/features/users/not_found_errors_spec.rb
index 19e736c44..d3e8f0b2a 100644
--- a/spec/features/users/not_found_errors_spec.rb
+++ b/spec/features/users/not_found_errors_spec.rb
@@ -11,7 +11,10 @@
 
   context 'does exist' do
     let(:user) { FactoryGirl.create(:user) }
-    before { visit user_path(user) }
+    before {
+      login_as(user)
+      visit user_path(user)
+    }
     subject { page }
 
     it { should have_title(user.name) }
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 9cf5d0d72..dc2102c29 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1714,7 +1714,7 @@ def default_enrollments
 
     context "when is an anonymous user" do
       let(:user) { User.new }
-      it { should_not be_able_to_do_anything_to(target).except([:show, :index, :current]) }
+      it { should_not be_able_to_do_anything_to(target).except([:index, :current]) }
 
       context "and the target user is disabled" do
         before { target.disable() }