Restrict access on /users and /api/users if not logged

marcelo-lopes

Hi,

I tried to find in nodebb code and admin, but I could not see any way to avoid not logged users to access the users search page and api.

Is there a way to do it?

Thanks a lot

Marcelo

pichalite

@marcelo-lopes you can turn off search for guests in ACP -> Settings -> Guests

marcelo-lopes

@pichalite said in Restrict access on /users and /api/users if not logged:

ACP -> Settings -> Guests

Thanks @pichalite .
Actually the guests can access the /users page and /api/users.
The setting will hide the search fields, but they can see the page anyway and use the pagination to see the users.

I've finally added this on my routeSetup:

routeHelpers.setupPageRoute(
            router, '/users', middleware, [middleware.checkGlobalPrivacySettings, middleware.requireUser], usersController.index);

and now I get the "Access denied" page that I wanted.

Thanks for the help.

Community

Restrict access on /users and /api/users if not logged

Suggested Topics

How to call API from client side.

Send invite without a user

async/await migration issue: Data doesn't reach the plugin after a socket emit

Few questions about trying to use Docker-Compose + npm link + grunt + ./nodebb dev

plugin-assign-new-user-to-group not working after upgrade from v1.5.x to v1.6.x