Restrict access on /users and /api/users if not logged
I tried to find in nodebb code and admin, but I could not see any way to avoid not logged users to access the users search page and api.
Is there a way to do it?
Thanks a lot
@marcelo-lopes you can turn off search for guests in ACP -> Settings -> Guests
ACP -> Settings -> Guests
Thanks @pichalite .
Actually the guests can access the /users page and /api/users.
The setting will hide the search fields, but they can see the page anyway and use the pagination to see the users.
I've finally added this on my routeSetup:
routeHelpers.setupPageRoute( router, '/users', middleware, [middleware.checkGlobalPrivacySettings, middleware.requireUser], usersController.index);
and now I get the "Access denied" page that I wanted.
Thanks for the help.