List of entries in _principals and _contexts should require admin

Description

Getting a list of all entries in a context, especially for _principals and _contexts is not a good idea. If a list of users is leveraged it simplifies brute force attacks.
Also, since it is potentially an expensive operation it should probably not be allowed unless you are admin.

Environment

None
Fixed

Assignee

Matthias Palmér

Reporter

Matthias Palmér

Labels

None

Fix versions

Priority

Normal