fix: [security] auditlogs's fullChange lack of ACL controls

Added proper ACL handling
- As reported by Jeroen Pinoy

app/Controller/AuditLogsController.php

@@ -223,8 +223,14 @@ class AuditLogsController extends AppController
 
     public function fullChange($id)
     {
+        $acl = $this->__applyAuditACL($this->Auth->user());
         $log = $this->AuditLog->find('first', [
-            'conditions' => ['id' => $id],
+            'conditions' => [
+                'AND' => [
+                    $acl,
+                    'id' => $id
+                ]
+            ],
             'recursive' => -1,
             'fields' => ['change', 'action'],
         ]);