Oliver/video-accessibility
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
video-accessibility/backend/app
History
Vadym Samoilenko b2d524e702 fix(mt-12): remove PM/CLIENT legacy bypass in _assert_client_access 
The unconditional `if user.role in (CLIENT, PROJECT_MANAGER): return`
allowed any PM to access any client regardless of membership. Removed;
kept pm_client_ids legacy fallback for pre-migration users.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-29 20:22:56 +01:00
..
api/v1 fix(mt-12): remove PM/CLIENT legacy bypass in _assert_client_access 2026-04-29 20:22:56 +01:00
core feat(mt-11): cross-org assignment guard in language_qc 2026-04-29 20:22:46 +01:00
lib docs: add canonical documentation + audit cleanup 2026-04-29 14:22:51 +01:00
middleware feat(pr4+pr5): hotkeys, unified status labels, upload size constant 2026-04-29 18:42:03 +01:00
migrations feat(saas): Phase 3 — membership-based authz + Mailgun + job.organization_id 2026-04-27 16:56:42 +01:00
models fix(lint): restore baseline lint count — no new errors introduced 2026-04-29 19:16:35 +01:00
prompts feat: per-client glossary — hybrid exact/vector retrieval + AI injection 2026-04-29 13:03:38 +01:00
schemas feat(l3): optimistic locking for VTT edits (ETag / 409 Conflict) 2026-04-29 19:01:57 +01:00
services feat(mt-11): cross-org assignment guard in language_qc 2026-04-29 20:22:46 +01:00
tasks feat(pr4+pr5): hotkeys, unified status labels, upload size constant 2026-04-29 18:42:03 +01:00
telemetry docs: add canonical documentation + audit cleanup 2026-04-29 14:22:51 +01:00
main.py feat(pm15): share read-only link for client preview 2026-04-29 18:56:44 +01:00