add null check in case of the selectedStatuslist is null

src/server/routes/apiv3/users.js

@@ -89,16 +89,17 @@ module.exports = (crowi) => {
   };
 
   validator.statusList = [
-    query('selectedStatusList').customSanitizer((value, { req }) => {
+    query('selectedStatusList').if(value => value != null).custom((value, { req }) => {
+
+      const errorStr = 'the param \'selectedStatusList\' is not allowed to use by the user not logged in';
+
       const { user } = req;
-      const isAdmin = user.admin;
 
-      if (isAdmin) {
-        return value;
+      if (user == null || !user.admin) {
+        throw new Error(errorStr);
       }
+      return value;
 
-      const getActiveStatusForNotAdmin = ['active'];
-      return getActiveStatusForNotAdmin;
     }),
     // validate sortOrder : asc or desc
     query('sortOrder').isIn(['asc', 'desc']),
@@ -165,11 +166,13 @@ module.exports = (crowi) => {
    *                      $ref: '#/components/schemas/PaginateResult'
    */
 
-  router.get('/', loginRequiredStrictly, validator.statusList, apiV3FormValidator, async(req, res) => {
+  router.get('/', loginRequired, validator.statusList, apiV3FormValidator, async(req, res) => {
 
     const page = parseInt(req.query.page) || 1;
     // status
-    const { selectedStatusList, forceIncludeAttributes } = req.query;
+    const { forceIncludeAttributes } = req.query;
+    const selectedStatusList = req.query.selectedStatusList || ['active'];
+
     const statusNoList = (selectedStatusList.includes('all')) ? Object.values(statusNo) : selectedStatusList.map(element => statusNo[element]);
 
     // Search from input