diff --git a/frontend/composables/useAppVersion.ts b/frontend/composables/useAppVersion.ts
index 921f546..434b761 100644
--- a/frontend/composables/useAppVersion.ts
+++ b/frontend/composables/useAppVersion.ts
@@ -6,7 +6,7 @@ export function useAppVersion() {
         if (version.value) {
             return version.value
         }
-        const response = await api.get<{ version: string }>('version', {}, {
+        const response = await api.get<{ version: string }>('/version', {}, {
             toast: false
         })
         version.value = response.version
diff --git a/src/Entity/User.php b/src/Entity/User.php
index 4e1f44f..4f9728e 100644
--- a/src/Entity/User.php
+++ b/src/Entity/User.php
@@ -28,9 +28,11 @@ use Symfony\Component\Serializer\Attribute\Groups;
             normalizationContext: ['groups' => ['me:read']],
         ),
         new Get(
+            security: "is_granted('ROLE_ADMIN')",
             normalizationContext: ['groups' => ['user:list']],
         ),
         new GetCollection(
+            security: "is_granted('ROLE_ADMIN')",
             normalizationContext: ['groups' => ['user:list']],
         ),
         new Post(security: "is_granted('ROLE_ADMIN')", processor: UserPasswordHasherProcessor::class),
diff --git a/src/State/MaintenanceToggleProcessor.php b/src/State/MaintenanceToggleProcessor.php
index 13f536d..3bf4b16 100644
--- a/src/State/MaintenanceToggleProcessor.php
+++ b/src/State/MaintenanceToggleProcessor.php
@@ -44,13 +44,17 @@ final readonly class MaintenanceToggleProcessor implements ProcessorInterface
         if ($data->maintenance) {
             $directory = dirname($maintenancePath);
 
-            if (!is_dir($directory)) {
-                mkdir($directory, 0755, true);
+            if (!is_dir($directory) && !mkdir($directory, 0755, true)) {
+                throw new \RuntimeException(sprintf('Cannot create directory "%s".', $directory));
             }
 
-            touch($maintenancePath);
+            if (!touch($maintenancePath)) {
+                throw new \RuntimeException(sprintf('Cannot create maintenance file at "%s".', $maintenancePath));
+            }
         } elseif (file_exists($maintenancePath)) {
-            unlink($maintenancePath);
+            if (!unlink($maintenancePath)) {
+                throw new \RuntimeException(sprintf('Cannot remove maintenance file at "%s".', $maintenancePath));
+            }
         }
 
         $dto              = new ManagedApplication();
diff --git a/src/State/MeProvider.php b/src/State/MeProvider.php
index f2866a7..acfcc51 100644
--- a/src/State/MeProvider.php
+++ b/src/State/MeProvider.php
@@ -8,6 +8,7 @@ use ApiPlatform\Metadata\Operation;
 use ApiPlatform\State\ProviderInterface;
 use App\Entity\User;
 use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 
 /**
  * @implements ProviderInterface<User>
@@ -20,7 +21,12 @@ final readonly class MeProvider implements ProviderInterface
 
     public function provide(Operation $operation, array $uriVariables = [], array $context = []): User
     {
-        // @var User $user
-        return $this->security->getUser();
+        $user = $this->security->getUser();
+
+        if (!$user instanceof User) {
+            throw new AccessDeniedHttpException('User not authenticated.');
+        }
+
+        return $user;
     }
 }