User permissions were not being properly enforced for related views. As a result, users could access related models even if they lacked the necessary permissions.

For example, consider the following models:

• Category (has Step and Property as related views)
• Step
• Property

In this scenario, a user with full access to Category but no permissions for Step or Property was still able to view and list the related Step and Property entries. This is a security oversight — related views should respect the user's access rights for each model individually.