Incorrect access permissions on scheduler views

https://git.drupalcode.org/project/thunder/-/blob/cd4747b45260708f2be1ca...

I spotted, while testing one of our sites, that if I viewed a user profile as anonymous I saw two scheduler tabs (for content and media).

Looks like during a module upgrade, a permission override was added to the user/%/... views and downgraded the permission from a scheduler one (usually granted to editors and trusted users) to a simple "access content" one.

I think this view (and the media view) should simply have this override removed and use the default permission check?

This could potentially lead to information disclosure?