Problematic behavior
The nested course api endpoint to retrieve orders currently return the full order list no matter organization access of the authenticated user.
Expected behavior/code
This endpoint should return only orders linked to an organization to which the authenticated user has access.
Bug Report
Problematic behavior The nested course api endpoint to retrieve orders currently return the full order list no matter organization access of the authenticated user.
Expected behavior/code This endpoint should return only orders linked to an organization to which the authenticated user has access.