Pending clan member endpoint does not honour authorisation

[soren42]

The /GroupV2/{$id}/Members/Pending/ endpoint correctly requires authentication, however, once a user is authenticated, they can see any clan's pending members — regardless of whether they're authorised to do so. (I assume that since this is not the way BungieNet works, that this is not the intended behaviour.)

[justrealmilk]

Can be reproduced here http://braytech.org/clan/admin

[vthornheart-bng]

Ah, thank you for the heads up! I appreciate it!