The user profile dropdown mounts ScopeImpersonationModal even when the modal is closed. That component immediately calls useScopesQuery(), causing repeated requests to GET /api/db/scopes?select=*,created_by(id,name,avatar,email)&deleted_at=is.null. For users without permission to read scopes, this spams the API with 403s. Scope impersonation should only be available/queried for roles that can access scopes.
The user profile dropdown mounts
ScopeImpersonationModaleven when the modal is closed. That component immediately callsuseScopesQuery(), causing repeated requests toGET /api/db/scopes?select=*,created_by(id,name,avatar,email)&deleted_at=is.null. For users without permission to read scopes, this spams the API with 403s. Scope impersonation should only be available/queried for roles that can access scopes.