GraphQL: Normal users can list users from projects they are not assigned to
martastain opened this issue · comments
Story
To reproduce
Steps to reproduce the behavior:
- Be a normal user
- Know a project name but don't have access to it
- Go to GraphQL explorer
- List users on another project
Expected behavior
User shouldn't be permitted to see users on other projects