🔒️(users) restrict listable users to same organization

This is a quick fix to a security issue. Previously, any user could list all users. Now /users/ endpoint only lists users from same organization.
2025-03-27 15:09:28 +01:00
parent a009f3ccb7
commit b4de7fda92
5 changed files with 93 additions and 30 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,7 @@ and this project adheres to
 ### Changed

 - ♻️(plugins) rewrite plugin system as django app #844
+- 🔒️(users) restrict listable users to same organization #846 

 ### Fixed