Restrict access on /users and /api/users if not logged

marcelo-lopes

Hi,

I tried to find in nodebb code and admin, but I could not see any way to avoid not logged users to access the users search page and api.

Is there a way to do it?

Thanks a lot

Marcelo

pichalite

@marcelo-lopes you can turn off search for guests in ACP -> Settings -> Guests

marcelo-lopes

@pichalite said in Restrict access on /users and /api/users if not logged:

ACP -> Settings -> Guests

Thanks @pichalite .
Actually the guests can access the /users page and /api/users.
The setting will hide the search fields, but they can see the page anyway and use the pagination to see the users.

I've finally added this on my routeSetup:

routeHelpers.setupPageRoute(
            router, '/users', middleware, [middleware.checkGlobalPrivacySettings, middleware.requireUser], usersController.index);

and now I get the "Access denied" page that I wanted.

Thanks for the help.