Oliver/video-accessibility
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
video-accessibility/backend/app/core
History
Vadym Samoilenko 38038862c9 refactor(mt-15): consolidate authz in routes_jobs and dependencies 
list_jobs now uses MembershipContext (Redis-cached, 60s TTL) to build
org-scoped queries instead of per-request memberships.find(). Falls back
to legacy get_accessible_project_ids for users with no memberships.

get_job replaces the role-specific CLIENT/PM access check with
get_job_or_403() which uniformly checks organization_id membership for
all roles (returns 404 not 403 to avoid leaking cross-org job existence).

get_accessible_project_ids in dependencies.py now uses _cached_memberships
from authz.py, eliminating the duplicate uncached DB query.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-29 20:26:07 +01:00
..
authz.py feat(mt-11): cross-org assignment guard in language_qc 2026-04-29 20:22:46 +01:00
config.py feat(pr4+pr5): hotkeys, unified status labels, upload size constant 2026-04-29 18:42:03 +01:00
database.py feat: per-language QC workflow with linguist assignment 2026-04-29 12:09:40 +01:00
dependencies.py refactor(mt-15): consolidate authz in routes_jobs and dependencies 2026-04-29 20:26:07 +01:00
logging.py initial commit 2025-08-24 16:28:33 -05:00
redis.py initial commit 2025-08-24 16:28:33 -05:00
secrets_config.py initial commit 2025-08-24 16:28:33 -05:00
security.py initial commit 2025-08-24 16:28:33 -05:00
seed.py security: remove default admin password fallback (C-04) 2026-04-29 14:12:24 +01:00