organization privacy
Hey, I'm new here. I notice a bunch of exposed api end points available to any user such as api/auth/organization/get-full-organization. This lists all the members of the organisation (so long as the logged-in user is also a member). For our use case, we would not want an organisations members to see each other's details (think of this as a sports club, you wouldnt want a swimmer being able to view a golfer's email address). Are there flags I can set to avoid exposing this info on the client side. I can obviously mitigate it on the server side with access control.
Solution
