[SECURITY] Do not allow to enumerate organizers

src/pretix/control/views/typeahead.py

@@ -149,10 +149,15 @@ def nav_context_list(request):
     ]
 
     if show_user and organizer:
-        organizer = serialize_orga(Organizer.objects.get(pk=organizer))
-        if organizer in results:
-            results.remove(organizer)
-        results.insert(1, organizer)
+        try:
+            organizer = serialize_orga(Organizer.objects.get(pk=organizer))
+        except Organizer.DoesNotExist:
+            pass
+        else:
+            if request.user.has_organizer_permission(organizer, request):
+                if organizer in results:
+                    results.remove(organizer)
+                results.insert(1, organizer)
 
     doc = {
         'results': results,