User with single department permission can view applicant list of all department's

An endpoint was discovered that did not properly check for user permissions which could have caused unauthorized access to view pending approval requests, email addresses, and phone numbers belonging to other departments. We thank @imran_nisar for reporting this to our team and confirming the resolution.