Another probably dumb question, but if I'm returning a list of users after doing an ExpandPermissionTree for a permission on a resource, this feels like kind of a bad fit for where we also need to be displaying extra information on the frontend such as name / email / etc. Realistically I'd have to do another db call to where we store that info to grab all that and return it, but feels... bad?