diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
index 831a943423..69ddfc54f6 100644
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -748,6 +748,8 @@ class UsersController extends Controller
      */
     public function eulas(User $user, ActionlogsTransformer $transformer)
     {
+        $this->authorize('view', Asset::class);
+
         $eulas = $user->eulas;
         return response()->json(
             $transformer->transformActionlogs($eulas, $eulas->count())
diff --git a/app/Models/User.php b/app/Models/User.php
index 6fcb8364dc..a3a66aef0e 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -562,6 +562,7 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo
     {
         return $this->hasMany(Actionlog::class, 'target_id')
             ->with('item')
+            ->select(['id', 'target_id', 'target_type', 'action_type', 'filename', 'accept_signature', 'created_at'])
             ->where('target_type', self::class)
             ->where('action_type', 'accepted')
             ->whereNotNull('filename')
diff --git a/routes/api.php b/routes/api.php
index 06317410a9..2088dbe41b 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -1094,7 +1094,7 @@ Route::group(['prefix' => 'v1', 'middleware' => ['api', 'api-throttle:api']], fu
                 ]
             )->name('api.users.me');
 
-            Route::get('/users/{user}/eulas',
+            Route::get('{user}/eulas',
                 [
                     Api\UsersController::class,
                     'eulas'