Hello.
Is there a way to make a folder inside "/public/users/" only visible for users that are logged in?
If they are binary files directly read by the web server, without Phalcon handling, my guess is that there isn't a way. I'm not sure about binary stream handling through the framework, if so you could pull them out /public and serve them through a controller.
Clément Hallet already provided a good answer.
Just to elaborate a bit over the idea. What files are behind that directory? Static files such as PDF? You can simply put an empty index.html file in that dir, and serve proper file(s) from your app - e.g. by reading a file from that dir and sending it as a buffered data to the authenticated client(s), from PHP side, that's Phalcon in your case.
Of course, that is slower than letting web server do the job but easier to implement from the app's perspective.
Actually, with this approach you don't even have to put your files inside of a public dir, it could be anywhere on the file system as your app will be only one accessing it as a middle layer between clients and physical files, bypassing web server completely.
But. If your files are heavy and you have a lot of traffic etc. I'd go for a better approach - with nginx: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/