I specified the destination folder for file uploads as described here, using the same destination name: uploads. When I view the submissions in the control panel, simply displays the uploaded files as links to https://example.com/uploads/uploaded_file_name.jpg. These files are publicly available (and shouldn't be). When I restrict it via server config, the admin loses access to them.

How can I make the file submissions hidden from the public, but available to authenticated users with CP access?