fix security issue

[hahn-kev]

I'm not going to explain the reproduction here since this issue is currently live.

I think merging this in will break the Project users list as it depends on this API. A new API should be created which only returns the users for a specific project.

---

This change is 

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 1 line in your changes missing coverage. Please review.

Project coverage is 73.72%. Comparing base (0947624) to head (f2b8a1e).
Report is 115 commits behind head on master.

Files with missing lines	Patch %	Lines
Backend/Controllers/UserController.cs	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3864      +/-   ##
==========================================
- Coverage   74.55%   73.72%   -0.83%     
==========================================
  Files         286      287       +1     
  Lines       11022    10773     -249     
  Branches     1344     1344              
==========================================
- Hits         8217     7942     -275     
- Misses       2418     2434      +16     
- Partials      387      397      +10     

Flag	Coverage Δ
backend	83.52% <0.00%> (-0.10%)	⬇️
frontend	66.08% <ø> (-0.43%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.