Add a 'hidden' field to the user entity. These users cannot be retrieved from the api by anybody without the 'canEditUser' attribute (removed from both getAll and getByID). Requesting a hidden user by his/her id thus returns a status code 404. The hidden property can only be set by users with the 'canEditUser' attribute.
Add a 'hidden' field to the user entity. These users cannot be retrieved from the api by anybody without the 'canEditUser' attribute (removed from both getAll and getByID). Requesting a hidden user by his/her id thus returns a status code 404. The hidden property can only be set by users with the 'canEditUser' attribute.