diff --git a/README.md b/README.md
index 8ca29e2..e247414 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,27 @@
+# DanWolf.NET
+
+## Install
+
+This section needs a lot of work (and the whole readme in general) but in general, you clone, set environmental variables, and run. It will.
+
+## Licensing
+
+The license for this project is MIT but some dependencies might have Apache or similar licenses. General reuse isn't necessarily intended and APIs might break, but it is permissible.
+
 ## Roadmap
+
+### Section Priorities
+- game
+- file
+- visit
+- (then comment docs, tests, and README)
+- download
+- photo
+- blog
+- backup
+- landlord
+
+### Unsorted Thoughts 
 - Friends linked to friend role if appearing in Facebook friends
 - Movie list: people in friends role should be able to vote for movies they want to see (to plan movie parties)
 - Admins should be able to do some things on behalf of others (mark that someone wants to see a movie even if they don't have an account)
diff --git a/api/typeaheadapi/user.go b/api/typeaheadapi/user.go
index c0fd555..5579a5b 100644
--- a/api/typeaheadapi/user.go
+++ b/api/typeaheadapi/user.go
@@ -3,12 +3,17 @@ package typeaheadapi
 import (
 	"encoding/json"
 	"net/url"
+
+	"github.com/PaluMacil/dwn/dwn"
 )
 
 // api/typeahead/user?query=searchstring
 func (rt *TypeaheadRoute) handleUser() {
 	switch rt.R.Method {
 	case "GET":
+		if rt.API().ServeCannot(dwn.PermissionViewUsers) {
+			return
+		}
 		qry, err := url.QueryUnescape(rt.R.URL.Query().Get("query"))
 		if len(qry) < 2 || err != nil {
 			rt.API().ServeBadRequest()