diff --git a/app/controllers/api/v1/users_controller.rb b/app/controllers/api/v1/users_controller.rb
index c44688afc..5128af96b 100644
--- a/app/controllers/api/v1/users_controller.rb
+++ b/app/controllers/api/v1/users_controller.rb
@@ -8,6 +8,11 @@ class Api::V1::UsersController < Api::V1::BaseController
 
   def show
     @user = current_user if params[:id].nil?
+    if @user
+      render :show
+    else
+      render_json_response User.new, 'User does not exist', 422
+    end
   end
 
   def update
diff --git a/spec/controllers/api/v1/users_controller_spec.rb b/spec/controllers/api/v1/users_controller_spec.rb
new file mode 100644
index 000000000..14f4f36d4
--- /dev/null
+++ b/spec/controllers/api/v1/users_controller_spec.rb
@@ -0,0 +1,94 @@
+# -*- encoding : utf-8 -*-
+require 'spec_helper'
+
+describe Api::V1::UsersController do
+  before(:all) { User.destroy_all }
+  before do
+    stub_symlink_methods
+    @user = FactoryGirl.create(:user)
+  end
+
+  context 'for guest' do
+    
+    [:show, :notifiers].each do |action|
+      it "should not be able to perform #{ action } action for a current user" do
+        get action, :format => :json
+        response.should_not be_success
+      end
+    end
+
+    it 'should be able to perform show action for a single user', :anonymous_access  => true do
+      get :show, :id => @user.id, :format => :json
+      response.should render_template(:show)
+    end
+
+    it 'should not be able to perform show action for a single user', :anonymous_access  => false do
+      get :show, :id => @user.id, :format => :json
+      response.should_not be_success
+    end
+
+    context 'should not be able to perform update action for a current user' do
+      before do
+        put :update, {:user => {:company => 'test_company'}}, :format => :json
+      end
+      it { response.should_not be_success }
+      it 'ensures that user has not been updated' do
+        @user.reload
+        @user.company.should_not == 'test_company'
+      end
+    end
+
+    context 'should not be able to perform notifiers action for a current user' do
+      before do
+        put :notifiers, {:notifiers => {:can_notify => false}}, :format => :json
+      end
+      it { response.should_not be_success }
+      it 'ensures that user notification settings have not been updated' do
+        @user.reload
+        @user.notifier.can_notify.should be_true
+      end
+    end
+
+  end
+
+  context 'for simple user' do
+    before do
+      http_login(@user)
+    end
+
+    [:show, :notifiers].each do |action|
+      it "should be able to perform #{ action } action for a current user" do
+        get action, :format => :json
+        response.should render_template(action)
+      end
+    end
+
+    it 'should be able to perform show action for a single user' do
+      get :show, :id => @user.id, :format => :json
+      response.should render_template(:show)
+    end
+
+    context 'should be able to perform update action for a current user' do
+      before do
+        put :update, {:user => {:company => 'test_company'}}, :format => :json
+      end
+      it { response.should be_success }
+      it 'ensures that user has been updated' do
+        @user.reload
+        @user.company.should == 'test_company'
+      end
+    end
+
+    context 'should be able to perform notifiers action for a current user' do
+      before do
+        put :notifiers, {:notifiers => {:can_notify => false}}, :format => :json
+      end
+      it { response.should be_success }
+      it 'ensures that user notification settings have been updated' do
+        @user.reload
+        @user.notifier.can_notify.should be_false
+      end
+    end
+
+  end
+end