Omise: Unauthorized Access - downgraded admin roles to none can still edit projects through brupsuite

hi team, I found that your site is vulnerable to Unauthorized Access lead to privilege escalation, where when the owner invites a user with admin roles, the user can still edit anything with admin access, via brupsuite, it should get an error message because the admin role has been removed...