As a non-admin user using API, I want to be able to filter users by their username without getting forbidden exception
We created an Odoo -> Redmine connector for uploading time spent from Redmine to HR tools in Odoo (https://github.com/savoirfairelinux/connector-redmine/tree/ddufresne_port_to_8_0).
When we call that function from a superuser API key, all works well, but when it is normal user API key, it does return a forbidden exception :
I think that to reinforce security by not giving superuser Redmine API key to Odoo would be interesting.
That would be possible by allowing standard Redmine users to use API to filter users by their username instead of throwing an exception.