### **Environment**:

OP 11.2

### **Steps to reproduce:**

1. Create a non-admin user "Leaker" with the global permission to create and edit users
2. Make that user a normal member of a project "A", without the right to manager members of that project
3. Login as that user.
4. Go to administration > Begin of the insertionUsers,End of the insertion Begin of the deletion Users, End of the deletion
5. Chose to edit some other user. Go to projects tab.

### **Actual Behavior**

* in the projects drop down on the right you see project "A" although you should not be able to manage memberships of that project. Begin of the insertionActually the bug is here [https://community.openproject.org/projects/openproject/work\_packages/details/36524/overview](https://community.openproject.org/projects/openproject/work_packages/details/36524/overview) Listing all visible projects is not sufficiently sharp. It needs to test for manage members permission.End of the insertion
* you can now add that other user with any role to that project "A"

### **Expected Behavior**

* you should not be able to see and select project "A" in that drop down
* The backend should not accept adding the member to project "A".