diff --git a/mealie/db/models/_model_base.py b/mealie/db/models/_model_base.py
index f43590215..f278a5147 100644
--- a/mealie/db/models/_model_base.py
+++ b/mealie/db/models/_model_base.py
@@ -1,6 +1,6 @@
 import string
 from datetime import datetime
-from typing import Annotated
+from typing import Annotated, ClassVar
 
 from sqlalchemy import Integer
 from sqlalchemy.orm import DeclarativeBase, Mapped, declared_attr, mapped_column, synonym
@@ -22,6 +22,9 @@ Signals to the query filter API not to allow using this field in query operation
 
 
 class SqlAlchemyBase(DeclarativeBase):
+    __filter_restricted__: ClassVar[bool] = False
+    """When True, the query filter API will block traversal into this model unless explicitly allowed."""
+
     id: Mapped[int] = mapped_column(Integer, primary_key=True)
     created_at: Mapped[datetime | None] = mapped_column(NaiveDateTime, default=get_utc_now, index=True)
     update_at: Mapped[datetime | None] = mapped_column(NaiveDateTime, default=get_utc_now, onupdate=get_utc_now)
diff --git a/mealie/db/models/users/users.py b/mealie/db/models/users/users.py
index 7b88a3c85..a9b1f535f 100644
--- a/mealie/db/models/users/users.py
+++ b/mealie/db/models/users/users.py
@@ -50,6 +50,8 @@ class AuthMethod(enum.Enum):
 
 class User(SqlAlchemyBase, BaseMixins):
     __tablename__ = "users"
+    __filter_restricted__ = True
+
     id: Mapped[GUID] = mapped_column(GUID, primary_key=True, default=GUID.generate)
     full_name: Mapped[str | None] = mapped_column(String, index=True)
     username: Mapped[str | None] = mapped_column(String, index=True, unique=True)