Fixes #19612 - CVE-2017-7505 don't expose admin to taxed users
(cherry picked from commit af9edf1098bf8e643e1607f9375595e375e7ade6)
Conflicts: app/models/notification.rb
Related issues
Bug #19612: CVE-2017-7505: User scoped in organization with permissions for user management can manage administrators that are not assigned to any organization
Fixes #19612 - CVE-2017-7505 don't expose admin to taxed users
(cherry picked from commit af9edf1098bf8e643e1607f9375595e375e7ade6)
Conflicts:
app/models/notification.rb