@joernchen reported a bug where a page listing the members of a team could be viewed by users who were not members of the organization. We addressed this by adding the missing authorization check on this page. We also improved our testing to ensure that this issue does not regress. We also audited related parts of the application to ensure that similar issues are not present.