Avoid privilege escalation with group module impersonation

[takkaria]

We need to detect when the user is impersonating another user, and limit their capabilities to the original user to prevent privilege escalation.