fix(export-to-csv): paginate org user fetch for organization owners

[cs-raj]

Summary

Fixes incomplete user exports in cm:export-to-csv when the logged-in user is the organization owner.

• Before: Owners called getInvitations() with no pagination params, so the API returned only the default page (~10 users).
• After: Owners and admins both use the existing getUsers() helper, which paginates getInvitations() with skip and limit until all users are fetched.

Problem

getOrgUsers() in api-client.ts had two code paths:

Role	Behavior
Owner	Single getInvitations() call — no pagination
Admin	getUsers() loop with skip / limit

Both roles hit the same Management API endpoint; only the owner branch skipped pagination. This caused CSV exports to include a partial user list for owners while admins saw the full list (e.g. 66 vs 10 users).

Solution

• Remove the owner-only getInvitations() branch.
• Reject access when the user is neither owner nor admin.
• Fetch users for owners and admins via getUsers() using config.limit (100).

Changes

• packages/contentstack-export-to-csv/src/utils/api-client.ts — unify getOrgUsers fetch logic
• packages/contentstack-export-to-csv/test/unit/utils/api-client.test.ts — add pagination and access-control tests
• packages/contentstack-export-to-csv/package.json — version bump to 2.0.0-beta.8

Test plan

• pnpm test:unit in contentstack-export-to-csv (91 tests passing)
• Manual: run csdx cm:export-to-csv --action users --org <org-uid> as owner on an org with 10+ users

[github-actions]

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type	Count (with fixes)	Without fixes	Threshold	Result
🔴 Critical Severity	0	0	10	✅ Passed
🟠 High Severity	0	0	25	✅ Passed
🟡 Medium Severity	0	0	500	✅ Passed
🔵 Low Severity	0	0	1000	✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity	Breaches (with fixes)	Breaches (no fixes)	SLA Threshold (with/no fixes)	Status
🔴 Critical	0	0	15 / 30 days	✅ Passed
🟠 High	0	0	30 / 120 days	✅ Passed
🟡 Medium	0	0	90 / 365 days	✅ Passed
🔵 Low	0	0	180 / 365 days	✅ Passed

✅ BUILD PASSED - All security checks passed

[sunil-lakshman]

LGTM

[github-actions]

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type	Count (with fixes)	Without fixes	Threshold	Result
🔴 Critical Severity	0	0	10	✅ Passed
🟠 High Severity	1	42	25	✅ Passed
🟡 Medium Severity	0	0	500	✅ Passed
🔵 Low Severity	0	0	1000	✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity	Breaches (with fixes)	Breaches (no fixes)	SLA Threshold (with/no fixes)	Status
🔴 Critical	0	0	15 / 30 days	✅ Passed
🟠 High	0	0	30 / 120 days	✅ Passed
🟡 Medium	0	0	90 / 365 days	✅ Passed
🔵 Low	0	0	180 / 365 days	✅ Passed

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

• Critical without fixes: 0
• High without fixes: 42
• Medium without fixes: 0
• Low without fixes: 0

✅ BUILD PASSED - All security checks passed