video-accessibility

History

Vadym Samoilenko b2d524e702 fix(mt-12): remove PM/CLIENT legacy bypass in _assert_client_access The unconditional `if user.role in (CLIENT, PROJECT_MANAGER): return` allowed any PM to access any client regardless of membership. Removed; kept pm_client_ids legacy fallback for pre-migration users. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-29 20:22:56 +01:00
..
v1	fix(mt-12): remove PM/CLIENT legacy bypass in _assert_client_access	2026-04-29 20:22:56 +01:00

Vadym Samoilenko b2d524e702 fix(mt-12): remove PM/CLIENT legacy bypass in _assert_client_access

The unconditional `if user.role in (CLIENT, PROJECT_MANAGER): return`
allowed any PM to access any client regardless of membership. Removed;
kept pm_client_ids legacy fallback for pre-migration users.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-29 20:22:56 +01:00

fix(mt-12): remove PM/CLIENT legacy bypass in _assert_client_access

2026-04-29 20:22:56 +01:00